Merge "Kill radvd when stopping neutron-l3 service"
diff --git a/clean.sh b/clean.sh
index c8b8223..b18f28e 100755
--- a/clean.sh
+++ b/clean.sh
@@ -26,7 +26,7 @@
fi
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
@@ -51,6 +51,7 @@
source $TOP_DIR/lib/heat
source $TOP_DIR/lib/neutron-legacy
+set -o xtrace
# Extras Source
# --------------
diff --git a/data/devstack-plugins-registry.footer b/data/devstack-plugins-registry.footer
new file mode 100644
index 0000000..669cb8d
--- /dev/null
+++ b/data/devstack-plugins-registry.footer
@@ -0,0 +1,28 @@
+
+Drivers
+=======
+
++--------------------+-------------------------------------------------+------------------+
+|Plugin Name |URL |Comments |
++--------------------+-------------------------------------------------+------------------+
+|dragonflow |git://git.openstack.org/openstack/dragonflow |[d1]_ |
++--------------------+-------------------------------------------------+------------------+
+|odl |git://git.openstack.org/openstack/networking-odl |[d2]_ |
++--------------------+-------------------------------------------------+------------------+
+
+.. [d1] demonstrates example of installing 3rd party SDN controller
+.. [d2] demonstrates a pretty advanced set of modes that that allow
+ one to run OpenDayLight either from a pre-existing install, or
+ also from source
+
+Alternate Configs
+=================
+
++-------------+------------------------------------------------------------+------------+
+| Plugin Name | URL | Comments |
+| | | |
++-------------+------------------------------------------------------------+------------+
+|glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs | |
++-------------+------------------------------------------------------------+------------+
+| | | |
++-------------+------------------------------------------------------------+------------+
diff --git a/data/devstack-plugins-registry.header b/data/devstack-plugins-registry.header
new file mode 100644
index 0000000..9f8a994
--- /dev/null
+++ b/data/devstack-plugins-registry.header
@@ -0,0 +1,19 @@
+==========================
+ DevStack Plugin Registry
+==========================
+
+Since we've created the external plugin mechanism, it's gotten used by
+a lot of projects. The following is a list of plugins that currently
+exist. Any project that wishes to list their plugin here is welcomed
+to.
+
+Detected Plugins
+================
+
+The following are plugins that a script has found in the openstack/
+namespace, which includes but is not limited to official OpenStack
+projects.
+
++------------------+------------------------------------------------------------+------------+
+|Plugin Name |URL |Date |
++------------------+------------------------------------------------------------+------------+
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index a7d3b7d..e985bdc 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -379,24 +379,6 @@
PIP_UPGRADE=True
-
-Service Catalog Backend
------------------------
-
-By default DevStack uses Keystone's ``sql`` service catalog backend.
-An alternate ``template`` backend is also available, however, it does
-not support the ``service-*`` and ``endpoint-*`` commands of the
-``keystone`` CLI. To do so requires the ``sql`` backend be enabled
-with ``KEYSTONE_CATALOG_BACKEND``:
-
- ::
-
- KEYSTONE_CATALOG_BACKEND=template
-
-DevStack's default configuration in ``sql`` mode is set in
-``lib/keystone``
-
-
Guest Images
------------
@@ -643,8 +625,18 @@
In RegionTwo:
::
-
+
disable_service horizon
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
REGION_NAME=RegionTwo
+
+Disabling Identity API v2
++++++++++++++++++++++++++
+
+The Identity API v2 is deprecated as of Mitaka and it is recommended to only
+use the v3 API. It is possible to setup keystone without v2 API, by doing:
+
+::
+
+ ENABLE_IDENTITY_V2=False
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 7aca8d0..cd48915 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -110,11 +110,11 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Services can be turned off by adding ``disable_service xxx`` to
-``local.conf`` (using ``n-vol`` in this example):
+``local.conf`` (using ``c-vol`` in this example):
::
- disable_service n-vol
+ disable_service c-vol
Is enabling a service that defaults to off done with the reverse of the above?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/source/guides/lxc.rst b/doc/source/guides/lxc.rst
new file mode 100644
index 0000000..a719d60
--- /dev/null
+++ b/doc/source/guides/lxc.rst
@@ -0,0 +1,164 @@
+================================
+All-In-One Single LXC Container
+================================
+
+This guide walks you through the process of deploying OpenStack using devstack
+in an LXC container instead of a VM.
+
+The primary benefits to running devstack inside a container instead of a VM is
+faster performance and lower memory overhead while still providing a suitable
+level of isolation. This can be particularly useful when you want to simulate
+running OpenStack on multiple nodes.
+
+.. Warning:: Containers do not provide the same level of isolation as a virtual
+ machine.
+
+.. Note:: Not all OpenStack features support running inside of a container. See
+ `Limitations`_ section below for details. :doc:`OpenStack in a VM <single-vm>`
+ is recommended for beginners.
+
+Prerequisites
+==============
+
+This guide is written for Ubuntu 14.04 but should be adaptable for any modern
+Linux distribution.
+
+Install the LXC package::
+
+ sudo apt-get install lxc
+
+You can verify support for containerization features in your currently running
+kernel using the ``lxc-checkconfig`` command.
+
+Container Setup
+===============
+
+Configuration
+---------------
+
+For a successful run of ``stack.sh`` and to permit use of KVM to run the VMs you
+launch inside your container, we need to use the following additional
+configuration options. Place the following in a file called
+``devstack-lxc.conf``::
+
+ # Permit access to /dev/loop*
+ lxc.cgroup.devices.allow = b 7:* rwm
+
+ # Setup access to /dev/net/tun and /dev/kvm
+ lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
+ lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
+
+ # Networking
+ lxc.network.type = veth
+ lxc.network.flags = up
+ lxc.network.link = lxcbr0
+
+
+Create Container
+-------------------
+
+The configuration and rootfs for LXC containers are created using the
+``lxc-create`` command.
+
+We will name our container ``devstack`` and use the ``ubuntu`` template which
+will use ``debootstrap`` to build a Ubuntu rootfs. It will default to the same
+release and architecture as the host system. We also install the additional
+packages ``bsdmainutils`` and ``git`` as we'll need them to run devstack::
+
+ sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
+
+The first time it builds the rootfs will take a few minutes to download, unpack,
+and configure all the necessary packages for a minimal installation of Ubuntu.
+LXC will cache this and subsequent containers will only take seconds to create.
+
+.. Note:: To speed up the initial rootfs creation, you can specify a mirror to
+ download the Ubuntu packages from by appending ``--mirror=`` and then the URL
+ of a Ubuntu mirror. To see other other template options, you can run
+ ``lxc-create -t ubuntu -h``.
+
+Start Container
+----------------
+
+To start the container, run::
+
+ sudo lxc-start -n devstack
+
+A moment later you should be presented with the login prompt for your container.
+You can login using the username ``ubuntu`` and password ``ubuntu``.
+
+You can also ssh into your container. On your host, run
+``sudo lxc-info -n devstack`` to get the IP address (e.g.
+``ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')``).
+
+Run Devstack
+-------------
+
+You should now be logged into your container and almost ready to run devstack.
+The commands in this section should all be run inside your container.
+
+.. Tip:: You can greatly reduce the runtime of your initial devstack setup by
+ ensuring you have your apt sources.list configured to use a fast mirror.
+ Check and update ``/etc/apt/sources.list`` if necessary and then run
+ ``apt-get update``.
+
+#. Download DevStack
+
+ ::
+
+ git clone https://git.openstack.org/openstack-dev/devstack
+
+#. Configure
+
+ Refer to :ref:`minimal-configuration` if you wish to configure the behaviour
+ of devstack.
+
+#. Start the install
+
+ ::
+
+ cd devstack
+ ./stack.sh
+
+Cleanup
+-------
+
+To stop the container::
+
+ lxc-stop -n devstack
+
+To delete the container::
+
+ lxc-destroy -n devstack
+
+Limitations
+============
+
+Not all OpenStack features may function correctly or at all when ran from within
+a container.
+
+Cinder
+-------
+
+Unable to create LVM backed volume
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+ In our configuration, we have not whitelisted access to device-mapper or LVM
+ devices. Doing so will permit your container to have access and control of LVM
+ on the host system. To enable, add the following to your
+ ``devstack-lxc.conf`` before running ``lxc-create``::
+
+ lxc.cgroup.devices.allow = c 10:236 rwm
+ lxc.cgroup.devices.allow = b 252:* rwm
+
+ Additionally you'll need to set ``udev_rules = 0`` in the ``activation``
+ section of ``/etc/lvm/lvm.conf`` unless you mount devtmpfs in your container.
+
+Unable to attach volume to instance
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+ It is not possible to attach cinder volumes to nova instances due to parts of
+ the Linux iSCSI implementation not being network namespace aware. This can be
+ worked around by using network pass-through instead of a separate network
+ namespace but such a setup significantly reduces the isolation of the
+ container (e.g. a ``halt`` command issued in the container will cause the host
+ system to shutdown).
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 37c8515..392bb1b 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -373,3 +373,43 @@
::
mysqladmin -u root -pnova password 'supersecret'
+
+Live Migration
+--------------
+
+In order for live migration to work with the default live migration URI::
+
+ [libvirt]
+ live_migration_uri = qemu+ssh://stack@%s/system
+
+SSH keys need to be exchanged between each compute node:
+
+1. The SOURCE root user's public RSA key (likely in /root/.ssh/id_rsa.pub)
+ needs to be in the DESTINATION stack user's authorized_keys file
+ (~stack/.ssh/authorized_keys). This can be accomplished by manually
+ copying the contents from the file on the SOURCE to the DESTINATION. If
+ you have a password configured for the stack user, then you can use the
+ following command to accomplish the same thing::
+
+ ssh-copy-id -i /root/.ssh/id_rsa.pub stack@DESTINATION
+
+2. The DESTINATION host's public ECDSA key (/etc/ssh/ssh_host_ecdsa_key.pub)
+ needs to be in the SOURCE root user's known_hosts file
+ (/root/.ssh/known_hosts). This can be accomplished by running the
+ following on the SOURCE machine (hostname must be used)::
+
+ ssh-keyscan -H DEST_HOSTNAME | sudo tee -a /root/.ssh/known_hosts
+
+In essence, this means that every compute node's root user's public RSA key
+must exist in every other compute node's stack user's authorized_keys file and
+every compute node's public ECDSA key needs to be in every other compute
+node's root user's known_hosts file. Please note that if the root or stack
+user does not have a SSH key, one can be generated using::
+
+ ssh-keygen -t rsa
+
+The above steps are necessary because libvirtd runs as root when the
+live_migration_uri uses the "qemu:///system" family of URIs. For more
+information, see the `libvirt documentation`_.
+
+.. _libvirt documentation: https://libvirt.org/drvqemu.html#securitydriver
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 84295a5..c8b5c44 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -6,6 +6,8 @@
plugin and the Open vSwitch mechanism driver.
+.. _single-interface-ovs:
+
Using Neutron with a Single Interface
=====================================
@@ -23,7 +25,9 @@
In most cases where DevStack is being deployed with a single
interface, there is a hardware router that is being used for external
connectivity and DHCP. The developer machine is connected to this
-network and is on a shared subnet with other machines.
+network and is on a shared subnet with other machines. The
+`local.conf` exhibited here assumes that 1500 is a reasonable MTU to
+use on that network.
.. nwdiag::
@@ -74,6 +78,8 @@
PUBLIC_NETWORK_GATEWAY="172.18.161.1"
Q_L3_ENABLED=True
PUBLIC_INTERFACE=eth0
+
+ # Open vSwitch provider networking configuration
Q_USE_PROVIDERNET_FOR_PUBLIC=True
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_BRIDGE=br-ex
@@ -411,7 +417,7 @@
# Services that a compute node runs
ENABLED_SERVICES=n-cpu,rabbit,q-agt
- ## Neutron options
+ ## Open vSwitch provider networking options
PHYSICAL_NETWORK=default
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_INTERFACE=eth1
@@ -434,6 +440,17 @@
Miscellaneous Tips
==================
+Non-Standard MTU on the Physical Network
+----------------------------------------
+
+DevStack defaults to assume that the MTU on the physical network
+is 1500. A different MTU can be specified by adding the following to
+the `localrc` part of `local.conf` on each machine.
+
+::
+
+ Q_ML2_PLUGIN_PATH_MTU=1500
+
Disabling Next Generation Firewall Tools
----------------------------------------
@@ -474,3 +491,64 @@
by default. If you want to remove all the extension drivers (even
'port_security'), set ``Q_ML2_PLUGIN_EXT_DRIVERS`` to blank.
+
+Using Linux Bridge instead of Open vSwitch
+------------------------------------------
+
+The configuration for using the Linux Bridge ML2 driver is fairly
+straight forward. The Linux Bridge configuration for DevStack is similar
+to the :ref:`Open vSwitch based single interface <single-interface-ovs>`
+setup, with small modifications for the interface mappings.
+
+
+::
+
+ [[local|localrc]]
+ HOST_IP=172.18.161.6
+ SERVICE_HOST=172.18.161.6
+ MYSQL_HOST=172.18.161.6
+ RABBIT_HOST=172.18.161.6
+ GLANCE_HOSTPORT=172.18.161.6:9292
+ ADMIN_PASSWORD=secrete
+ DATABASE_PASSWORD=secrete
+ RABBIT_PASSWORD=secrete
+ SERVICE_PASSWORD=secrete
+
+ # Do not use Nova-Network
+ disable_service n-net
+ # Enable Neutron
+ ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
+
+
+ ## Neutron options
+ Q_USE_SECGROUP=True
+ FLOATING_RANGE="172.18.161.0/24"
+ FIXED_RANGE="10.0.0.0/24"
+ Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
+ PUBLIC_NETWORK_GATEWAY="172.18.161.1"
+ Q_L3_ENABLED=True
+ PUBLIC_INTERFACE=eth0
+
+ Q_USE_PROVIDERNET_FOR_PUBLIC=True
+
+ # Linuxbridge Settings
+ Q_AGENT=linuxbridge
+ LB_PHYSICAL_INTERFACE=eth0
+ PUBLIC_PHYSICAL_NETWORK=default
+ LB_INTERFACE_MAPPINGS=default:eth0
+
+Creating specific OVS bridges for physical networks
+---------------------------------------------------
+
+When using the Open vSwitch ML2 mechanism driver, it is possible to
+have multiple Open vSwitch bridges meant for physical networking be
+automatically created by setting the ``OVS_BRIDGE_MAPPINGS`` to a list of
+physical network to bridge name associations with the following syntax:
+
+::
+ OVS_BRIDGE_MAPPINGS=net1name:bridge1name,net2name:bridge2name,<...>
+
+Also, ``OVS_BRIDGE_MAPPINGS`` has precedence over ``PHYSICAL_NETWORK`` and
+``OVS_PHYSICAL_BRIDGE``, meaning that if the former is set, the latter
+ones will be ignored. When ``OVS_BRIDGE_MAPPINGS`` is not set, the other
+variables will still be evaluated.
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 4a1d93d..3e324ad 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -76,6 +76,7 @@
guides/single-vm
guides/single-machine
+ guides/lxc
guides/multinode-lab
guides/neutron
guides/devstack-with-nested-kvm
@@ -96,6 +97,13 @@
server-class machine or a laptop at home.
:doc:`[Read] <guides/single-machine>`
+All-In-One LXC Container
+-------------------------
+
+Run :doc:`OpenStack in a LXC container <guides/lxc>`. Beneficial for intermediate
+and advanced users. The VMs launched in this cloud will be fully accelerated but
+not all OpenStack features are supported. :doc:`[Read] <guides/lxc>`
+
Multi-Node Lab
--------------
diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index 9bcb766..a8fbd86 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -235,7 +235,7 @@
local NET_ID
NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA"
- neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
+ neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
neutron_debug_admin probe-create --device-owner compute $NET_ID
source $TOP_DIR/openrc demo demo
}
diff --git a/extras.d/80-tempest.sh b/extras.d/80-tempest.sh
index 5e8da99..fcf79bd 100644
--- a/extras.d/80-tempest.sh
+++ b/extras.d/80-tempest.sh
@@ -9,7 +9,7 @@
install_tempest
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
# Tempest config must come after layer 2 services are running
- create_tempest_accounts
+ :
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Tempest"
configure_tempest
@@ -28,4 +28,3 @@
:
fi
fi
-
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index f9fa265..428544f 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -3,13 +3,7 @@
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
<Directory %KEYSTONE_BIN%>
- <IfVersion >= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion < 2.4>
- Order allow,deny
- Allow from all
- </IfVersion>
+ Require all granted
</Directory>
<VirtualHost *:%PUBLICPORT%>
@@ -18,9 +12,7 @@
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
- <IfVersion >= 2.4>
- ErrorLogFormat "%{cu}t %M"
- </IfVersion>
+ ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
%SSLENGINE%
@@ -34,9 +26,7 @@
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
- <IfVersion >= 2.4>
- ErrorLogFormat "%{cu}t %M"
- </IfVersion>
+ ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
%SSLENGINE%
diff --git a/files/debs/n-cpu b/files/debs/n-cpu
index 0da57ee..69ac430 100644
--- a/files/debs/n-cpu
+++ b/files/debs/n-cpu
@@ -1,5 +1,6 @@
cryptsetup
genisoimage
+gir1.2-libosinfo-1.0
lvm2 # NOPRIME
open-iscsi
python-guestfs # NOPRIME
diff --git a/files/default_catalog.templates b/files/default_catalog.templates
deleted file mode 100644
index 4aab416..0000000
--- a/files/default_catalog.templates
+++ /dev/null
@@ -1,63 +0,0 @@
-# config for TemplatedCatalog, using camelCase because I don't want to do
-# translations for legacy compat
-catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
-catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0
-catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
-catalog.RegionOne.identity.name = Identity Service
-
-
-catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.name = Compute Service
-
-
-catalog.RegionOne.computev21.publicURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s
-catalog.RegionOne.computev21.adminURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s
-catalog.RegionOne.computev21.internalURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s
-catalog.RegionOne.computev21.name = Compute Service V2.1
-
-
-catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.name = Volume Service
-
-
-catalog.RegionOne.volumev2.publicURL = http://%SERVICE_HOST%:8776/v2/$(tenant_id)s
-catalog.RegionOne.volumev2.adminURL = http://%SERVICE_HOST%:8776/v2/$(tenant_id)s
-catalog.RegionOne.volumev2.internalURL = http://%SERVICE_HOST%:8776/v2/$(tenant_id)s
-catalog.RegionOne.volumev2.name = Volume Service V2
-
-
-catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/
-catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/
-catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/
-catalog.RegionOne.ec2.name = EC2 Service
-
-
-catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
-catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
-catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
-catalog.RegionOne.s3.name = S3 Service
-
-
-catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292
-catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292
-catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292
-catalog.RegionOne.image.name = Image Service
-
-catalog.RegionOne.cloudformation.publicURL = http://%SERVICE_HOST%:8000/v1
-catalog.RegionOne.cloudformation.adminURL = http://%SERVICE_HOST%:8000/v1
-catalog.RegionOne.cloudformation.internalURL = http://%SERVICE_HOST%:8000/v1
-catalog.RegionOne.cloudformation.name = CloudFormation service
-
-catalog.RegionOne.orchestration.publicURL = http://%SERVICE_HOST%:8004/v1/$(tenant_id)s
-catalog.RegionOne.orchestration.adminURL = http://%SERVICE_HOST%:8004/v1/$(tenant_id)s
-catalog.RegionOne.orchestration.internalURL = http://%SERVICE_HOST%:8004/v1/$(tenant_id)s
-catalog.RegionOne.orchestration.name = Orchestration Service
-
-catalog.RegionOne.metering.publicURL = http://%SERVICE_HOST%:8777/v1
-catalog.RegionOne.metering.adminURL = http://%SERVICE_HOST%:8777/v1
-catalog.RegionOne.metering.internalURL = http://%SERVICE_HOST%:8777/v1
-catalog.RegionOne.metering.name = Telemetry Service
diff --git a/files/rpms-suse/n-cpu b/files/rpms-suse/n-cpu
index 29bd31b..9ece115 100644
--- a/files/rpms-suse/n-cpu
+++ b/files/rpms-suse/n-cpu
@@ -1,5 +1,6 @@
cryptsetup
genisoimage
+libosinfo
lvm2
open-iscsi
sg3_utils
diff --git a/files/rpms/general b/files/rpms/general
index 5bc87b6..a0906e2 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -26,7 +26,7 @@
psmisc
pyOpenSSL # version in pip uses too much memory
python-devel
-redhat-rpm-config # MySQL-python rhbz-1195207
+redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
screen
tar
tcpdump
diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu
index 7773b04..26c5ced 100644
--- a/files/rpms/n-cpu
+++ b/files/rpms/n-cpu
@@ -1,6 +1,7 @@
cryptsetup
genisoimage
iscsi-initiator-utils
+libosinfo
lvm2
sg3_utils
# Stuff for diablo volumes
diff --git a/functions b/functions
index 9495710..8e9820c 100644
--- a/functions
+++ b/functions
@@ -301,8 +301,8 @@
*) echo "Do not know what to do with $image_fname"; false;;
esac
- if is_arch "ppc64"; then
- img_property="--property hw_cdrom_bus=scsi"
+ if is_arch "ppc64le" || is_arch "ppc64" || is_arch "ppc"; then
+ img_property="--property hw_disk_bus=scsi --property hw_scsi_model=virtio-scsi --property hw_cdrom_bus=scsi --property os_command_line=console=hvc0"
fi
if is_arch "aarch64"; then
@@ -529,12 +529,58 @@
typeset v1=$1 v2=$2 sep
typeset -a ver1 ver2
+ deprecated "vercmp_numbers is deprecated for more generic vercmp"
+
IFS=. read -ra ver1 <<< "$v1"
IFS=. read -ra ver2 <<< "$v2"
_vercmp_r "${#ver1[@]}" "${ver1[@]}" "${ver2[@]}"
}
+# vercmp ver1 op ver2
+# Compare VER1 to VER2
+# - op is one of < <= == >= >
+# - returns true if satisified
+# e.g.
+# if vercmp 1.0 "<" 2.0; then
+# ...
+# fi
+function vercmp {
+ local v1=$1
+ local op=$2
+ local v2=$3
+ local result
+
+ # sort the two numbers with sort's "-V" argument. Based on if v2
+ # swapped places with v1, we can determine ordering.
+ result=$(echo -e "$v1\n$v2" | sort -V | head -1)
+
+ case $op in
+ "==")
+ [ "$v1" = "$v2" ]
+ return
+ ;;
+ ">")
+ [ "$v1" != "$v2" ] && [ "$result" = "$v2" ]
+ return
+ ;;
+ "<")
+ [ "$v1" != "$v2" ] && [ "$result" = "$v1" ]
+ return
+ ;;
+ ">=")
+ [ "$result" = "$v2" ]
+ return
+ ;;
+ "<=")
+ [ "$result" = "$v1" ]
+ return
+ ;;
+ *)
+ die $LINENO "unrecognised op: $op"
+ ;;
+ esac
+}
# This function sets log formatting options for colorizing log
# output to stdout. It is meant to be called by lib modules.
diff --git a/functions-common b/functions-common
index 12c925b..8e52853 100644
--- a/functions-common
+++ b/functions-common
@@ -86,6 +86,7 @@
if [ -f "$SSL_BUNDLE_FILE" ]; then
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
fi
+ # demo -> devstack
$TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack \
@@ -96,6 +97,20 @@
--os-username demo \
--os-password $ADMIN_PASSWORD \
--os-project-name demo
+
+ # alt_demo -> devstack-alt
+ $TOP_DIR/tools/update_clouds_yaml.py \
+ --file $CLOUDS_YAML \
+ --os-cloud devstack-alt \
+ --os-region-name $REGION_NAME \
+ --os-identity-api-version 3 \
+ $CA_CERT_ARG \
+ --os-auth-url $KEYSTONE_AUTH_URI \
+ --os-username alt_demo \
+ --os-password $ADMIN_PASSWORD \
+ --os-project-name alt_demo
+
+ # admin -> devstack-admin
$TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin \
@@ -277,112 +292,71 @@
# ================
# Determine OS Vendor, Release and Update
-# Tested with OS/X, Ubuntu, RedHat, CentOS, Fedora
-# Returns results in global variables:
+
+#
+# NOTE : For portability, you almost certainly do not want to use
+# these variables directly! The "is_*" functions defined below this
+# bundle up compatible platforms under larger umbrellas that we have
+# determinted are compatible enough (e.g. is_ubuntu covers Ubuntu &
+# Debian, is_fedora covers RPM-based distros). Higher-level functions
+# such as "install_package" further abstract things in better ways.
+#
# ``os_VENDOR`` - vendor name: ``Ubuntu``, ``Fedora``, etc
# ``os_RELEASE`` - major release: ``14.04`` (Ubuntu), ``20`` (Fedora)
-# ``os_UPDATE`` - update: ex. the ``5`` in ``RHEL6.5``
# ``os_PACKAGE`` - package type: ``deb`` or ``rpm``
-# ``os_CODENAME`` - vendor's codename for release: ``snow leopard``, ``trusty``
-os_VENDOR=""
-os_RELEASE=""
-os_UPDATE=""
-os_PACKAGE=""
-os_CODENAME=""
+# ``os_CODENAME`` - vendor's codename for release: ``trusty``
+
+declare os_VENDOR os_RELEASE os_PACKAGE os_CODENAME
+
+# Make a *best effort* attempt to install lsb_release packages for the
+# user if not available. Note can't use generic install_package*
+# because they depend on this!
+function _ensure_lsb_release {
+ if [[ -x $(which lsb_release 2>/dev/null) ]]; then
+ return
+ fi
+
+ if [[ -x $(which apt-get 2>/dev/null) ]]; then
+ sudo apt-get install -y lsb-release
+ elif [[ -x $(which zypper 2>/dev/null) ]]; then
+ # XXX: old code paths seem to have assumed SUSE platforms also
+ # had "yum". Keep this ordered above yum so we don't try to
+ # install the rh package. suse calls it just "lsb"
+ sudo zypper -y install lsb
+ elif [[ -x $(which dnf 2>/dev/null) ]]; then
+ sudo dnf install -y redhat-lsb-core
+ elif [[ -x $(which yum 2>/dev/null) ]]; then
+ # all rh patforms (fedora, centos, rhel) have this pkg
+ sudo yum install -y redhat-lsb-core
+ else
+ die $LINENO "Unable to find or auto-install lsb_release"
+ fi
+}
# GetOSVersion
+# Set the following variables:
+# - os_RELEASE
+# - os_CODENAME
+# - os_VENDOR
+# - os_PACKAGE
function GetOSVersion {
+ # We only support distros that provide a sane lsb_release
+ _ensure_lsb_release
- # Figure out which vendor we are
- if [[ -x "`which sw_vers 2>/dev/null`" ]]; then
- # OS/X
- os_VENDOR=`sw_vers -productName`
- os_RELEASE=`sw_vers -productVersion`
- os_UPDATE=${os_RELEASE##*.}
- os_RELEASE=${os_RELEASE%.*}
- os_PACKAGE=""
- if [[ "$os_RELEASE" =~ "10.7" ]]; then
- os_CODENAME="lion"
- elif [[ "$os_RELEASE" =~ "10.6" ]]; then
- os_CODENAME="snow leopard"
- elif [[ "$os_RELEASE" =~ "10.5" ]]; then
- os_CODENAME="leopard"
- elif [[ "$os_RELEASE" =~ "10.4" ]]; then
- os_CODENAME="tiger"
- elif [[ "$os_RELEASE" =~ "10.3" ]]; then
- os_CODENAME="panther"
- else
- os_CODENAME=""
- fi
- elif [[ -x $(which lsb_release 2>/dev/null) ]]; then
- os_VENDOR=$(lsb_release -i -s)
- os_RELEASE=$(lsb_release -r -s)
- os_UPDATE=""
- os_PACKAGE="rpm"
- if [[ "Debian,Ubuntu,LinuxMint" =~ $os_VENDOR ]]; then
- os_PACKAGE="deb"
- elif [[ "SUSE LINUX" =~ $os_VENDOR ]]; then
- lsb_release -d -s | grep -q openSUSE
- if [[ $? -eq 0 ]]; then
- os_VENDOR="openSUSE"
- fi
- elif [[ $os_VENDOR == "openSUSE project" ]]; then
- os_VENDOR="openSUSE"
- elif [[ $os_VENDOR =~ Red.*Hat ]]; then
- os_VENDOR="Red Hat"
- fi
- os_CODENAME=$(lsb_release -c -s)
- elif [[ -r /etc/redhat-release ]]; then
- # Red Hat Enterprise Linux Server release 5.5 (Tikanga)
- # Red Hat Enterprise Linux Server release 7.0 Beta (Maipo)
- # CentOS release 5.5 (Final)
- # CentOS Linux release 6.0 (Final)
- # Fedora release 16 (Verne)
- # XenServer release 6.2.0-70446c (xenenterprise)
- # Oracle Linux release 7
- # CloudLinux release 7.1
- os_CODENAME=""
- for r in "Red Hat" CentOS Fedora XenServer CloudLinux; do
- os_VENDOR=$r
- if [[ -n "`grep \"$r\" /etc/redhat-release`" ]]; then
- ver=`sed -e 's/^.* \([0-9].*\) (\(.*\)).*$/\1\|\2/' /etc/redhat-release`
- os_CODENAME=${ver#*|}
- os_RELEASE=${ver%|*}
- os_UPDATE=${os_RELEASE##*.}
- os_RELEASE=${os_RELEASE%.*}
- break
- fi
- os_VENDOR=""
- done
- if [ "$os_VENDOR" = "Red Hat" ] && [[ -r /etc/oracle-release ]]; then
- os_VENDOR=OracleLinux
- fi
- os_PACKAGE="rpm"
- elif [[ -r /etc/SuSE-release ]]; then
- for r in openSUSE "SUSE Linux"; do
- if [[ "$r" = "SUSE Linux" ]]; then
- os_VENDOR="SUSE LINUX"
- else
- os_VENDOR=$r
- fi
+ os_RELEASE=$(lsb_release -r -s)
+ os_CODENAME=$(lsb_release -c -s)
+ os_VENDOR=$(lsb_release -i -s)
- if [[ -n "`grep \"$r\" /etc/SuSE-release`" ]]; then
- os_CODENAME=`grep "CODENAME = " /etc/SuSE-release | sed 's:.* = ::g'`
- os_RELEASE=`grep "VERSION = " /etc/SuSE-release | sed 's:.* = ::g'`
- os_UPDATE=`grep "PATCHLEVEL = " /etc/SuSE-release | sed 's:.* = ::g'`
- break
- fi
- os_VENDOR=""
- done
- os_PACKAGE="rpm"
- # If lsb_release is not installed, we should be able to detect Debian OS
- elif [[ -f /etc/debian_version ]] && [[ $(cat /proc/version) =~ "Debian" ]]; then
- os_VENDOR="Debian"
+ if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
os_PACKAGE="deb"
- os_CODENAME=$(awk '/VERSION=/' /etc/os-release | sed 's/VERSION=//' | sed -r 's/\"|\(|\)//g' | awk '{print $2}')
- os_RELEASE=$(awk '/VERSION_ID=/' /etc/os-release | sed 's/VERSION_ID=//' | sed 's/\"//g')
+ else
+ os_PACKAGE="rpm"
fi
- export os_VENDOR os_RELEASE os_UPDATE os_PACKAGE os_CODENAME
+
+ typeset -xr os_VENDOR
+ typeset -xr os_RELEASE
+ typeset -xr os_PACKAGE
+ typeset -xr os_CODENAME
}
# Translate the OS version values into common nomenclature
@@ -391,8 +365,10 @@
function GetDistro {
GetOSVersion
- if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) ]]; then
- # 'Everyone' refers to Ubuntu / Debian releases by the code name adjective
+ if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) || \
+ "$os_VENDOR" =~ (LinuxMint) ]]; then
+ # 'Everyone' refers to Ubuntu / Debian / Mint releases by
+ # the code name adjective
DISTRO=$os_CODENAME
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
# For Fedora, just use 'f' and the release
@@ -400,26 +376,22 @@
elif [[ "$os_VENDOR" =~ (openSUSE) ]]; then
DISTRO="opensuse-$os_RELEASE"
elif [[ "$os_VENDOR" =~ (SUSE LINUX) ]]; then
- # For SLE, also use the service pack
- if [[ -z "$os_UPDATE" ]]; then
- DISTRO="sle${os_RELEASE}"
- else
- DISTRO="sle${os_RELEASE}sp${os_UPDATE}"
- fi
- elif [[ "$os_VENDOR" =~ (Red Hat) || \
+ # just use major release
+ DISTRO="sle${os_RELEASE%.*}"
+ elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
"$os_VENDOR" =~ (OracleLinux) ]]; then
# Drop the . release as we assume it's compatible
+ # XXX re-evaluate when we get RHEL10
DISTRO="rhel${os_RELEASE::1}"
elif [[ "$os_VENDOR" =~ (XenServer) ]]; then
- DISTRO="xs$os_RELEASE"
+ DISTRO="xs${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (kvmibm) ]]; then
DISTRO="${os_VENDOR}${os_RELEASE::1}"
else
- # Catch-all for now is Vendor + Release + Update
- DISTRO="$os_VENDOR-$os_RELEASE.$os_UPDATE"
+ die $LINENO "Unable to determine DISTRO"
fi
- export DISTRO
+ typeset -xr DISTRO
}
# Utility function for checking machine architecture
@@ -1323,27 +1295,35 @@
# Uses globals ``OFFLINE``, ``*_proxy``, ``YUM``
# yum_install package [package ...]
function yum_install {
+ local result parse_yum_result
+
[[ "$OFFLINE" = "True" ]] && return
- local sudo="sudo"
- [[ "$(id -u)" = "0" ]] && sudo="env"
+
+ time_start "yum_install"
+
+ # Warning: this would not work if yum output message
+ # have been translated to another language
+ parse_yum_result='\
+ BEGIN { result=0 }\
+ /^YUM_FAILED/ { exit $2 }\
+ /^No package/ { result=1 }\
+ //{ print }\
+ END { exit result }'
# The manual check for missing packages is because yum -y assumes
- # missing packages are OK. See
- # https://bugzilla.redhat.com/show_bug.cgi?id=965567
- $sudo http_proxy="${http_proxy:-}" https_proxy="${https_proxy:-}" \
- no_proxy="${no_proxy:-}" \
- ${YUM:-yum} install -y "$@" 2>&1 | \
- awk '
- BEGIN { fail=0 }
- /No package/ { fail=1 }
- { print }
- END { exit fail }' || \
- die $LINENO "Missing packages detected"
+ # missing packages are OK.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=965567
+ (sudo_with_proxies "${YUM:-yum}" install -y "$@" 2>&1 || echo YUM_FAILED $?) \
+ | awk "$parse_yum_result"
+ result=$?
- # also ensure we catch a yum failure
- if [[ ${PIPESTATUS[0]} != 0 ]]; then
- die $LINENO "${YUM:-yum} install failure"
+ if [ "$result" != 0 ]; then
+ echo $LINENO "${YUM:-yum}" install failure: $result
fi
+
+ time_stop "yum_install"
+
+ return "$result"
}
# zypper wrapper to set arguments correctly
@@ -1449,14 +1429,17 @@
local service=$1
local command="$2"
local group=$3
+ local subservice=$4
+
+ local name=${subservice:-$service}
time_start "run_process"
if is_service_enabled $service; then
if [[ "$USE_SCREEN" = "True" ]]; then
- screen_process "$service" "$command" "$group"
+ screen_process "$name" "$command" "$group"
else
# Spawn directly without screen
- _run_process "$service" "$command" "$group" &
+ _run_process "$name" "$command" "$group" &
fi
fi
time_stop "run_process"
@@ -2282,6 +2265,18 @@
time_stop "test_with_retry"
}
+# Like sudo but forwarding http_proxy https_proxy no_proxy environment vars.
+# If it is run as superuser then sudo is replaced by env.
+#
+function sudo_with_proxies {
+ local sudo
+
+ [[ "$(id -u)" = "0" ]] && sudo="env" || sudo="sudo"
+
+ $sudo http_proxy="${http_proxy:-}" https_proxy="${https_proxy:-}"\
+ no_proxy="${no_proxy:-}" "$@"
+}
+
# Timing infrastructure - figure out where large blocks of time are
# used in DevStack
#
diff --git a/lib/cinder b/lib/cinder
index 144f41b..e1e1f2a 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -259,7 +259,6 @@
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- iniset $CINDER_CONF DEFAULT verbose True
iniset $CINDER_CONF DEFAULT iscsi_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF database connection `database_connection_url cinder`
@@ -370,20 +369,21 @@
create_service_user "cinder"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+ get_or_create_service "cinder" "volume" "Cinder Volume Service"
+ get_or_create_endpoint \
+ "volume" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
- get_or_create_service "cinder" "volume" "Cinder Volume Service"
- get_or_create_endpoint "volume" "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
-
- get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
- get_or_create_endpoint "volumev2" "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
- fi
+ get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
+ get_or_create_endpoint \
+ "volumev2" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
fi
}
diff --git a/lib/glance b/lib/glance
index 0431bba..c248611 100644
--- a/lib/glance
+++ b/lib/glance
@@ -49,10 +49,8 @@
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
GLANCE_REGISTRY_CONF=$GLANCE_CONF_DIR/glance-registry.conf
GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf
-GLANCE_SEARCH_CONF=$GLANCE_CONF_DIR/glance-search.conf
GLANCE_REGISTRY_PASTE_INI=$GLANCE_CONF_DIR/glance-registry-paste.ini
GLANCE_API_PASTE_INI=$GLANCE_CONF_DIR/glance-api-paste.ini
-GLANCE_SEARCH_PASTE_INI=$GLANCE_CONF_DIR/glance-search-paste.ini
GLANCE_CACHE_CONF=$GLANCE_CONF_DIR/glance-cache.conf
GLANCE_POLICY_JSON=$GLANCE_CONF_DIR/policy.json
GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
@@ -71,9 +69,6 @@
GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191}
GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191}
-GLANCE_SEARCH_PORT=${GLANCE_SEARCH_PORT:-9393}
-GLANCE_SEARCH_PORT_INT=${GLANCE_SEARCH_PORT_INT:-19393}
-GLANCE_SEARCH_HOSTPORT=${GLANCE_SEARCH_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SEARCH_PORT}
# Functions
# ---------
@@ -91,10 +86,6 @@
# kill instances (nova)
# delete image files (glance)
sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR
-
- if is_service_enabled g-search; then
- ${TOP_DIR}/pkg/elasticsearch.sh stop
- fi
}
# configure_glance() - Set config files, create data dirs, etc
@@ -229,30 +220,6 @@
iniset $GLANCE_API_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
fi
-
- # Configure search
- if is_service_enabled g-search; then
- cp $GLANCE_DIR/etc/glance-search.conf $GLANCE_SEARCH_CONF
- iniset $GLANCE_SEARCH_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- iniset $GLANCE_SEARCH_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
- inicomment $GLANCE_SEARCH_CONF DEFAULT log_file
- iniset $GLANCE_SEARCH_CONF DEFAULT use_syslog $SYSLOG
- iniset $GLANCE_SEARCH_CONF database connection $dburl
- iniset $GLANCE_SEARCH_CONF paste_deploy flavor keystone
- configure_auth_token_middleware $GLANCE_SEARCH_CONF glance $GLANCE_AUTH_CACHE_DIR/search
-
- if is_service_enabled tls-proxy; then
- iniset $GLANCE_SEARCH_CONF DEFAULT bind_port $GLANCE_SEARCH_PORT_INT
- fi
- # Register SSL certificates if provided
- if is_ssl_enabled_service glance; then
- ensure_certificates GLANCE
- iniset $GLANCE_SEARCH_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
- iniset $GLANCE_SEARCH_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
- fi
-
- cp $GLANCE_DIR/etc/glance-search-paste.ini $GLANCE_SEARCH_PASTE_INI
- fi
}
# create_glance_accounts() - Set up common required glance accounts
@@ -277,28 +244,13 @@
get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
fi
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "glance" "image" "Glance Image Service"
- get_or_create_endpoint "image" \
- "$REGION_NAME" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
- fi
- fi
-
- # Add glance-search service and endpoints
- if is_service_enabled g-search; then
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- get_or_create_service "glance-search" "search" "EXPERIMENTAL - Glance Graffiti Search Service"
-
- get_or_create_endpoint "search" \
- "$REGION_NAME" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT"
- fi
+ get_or_create_service "glance" "image" "Glance Image Service"
+ get_or_create_endpoint \
+ "image" \
+ "$REGION_NAME" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
fi
}
@@ -329,12 +281,6 @@
$GLANCE_BIN_DIR/glance-manage db_load_metadefs
create_glance_cache_dir
-
- # Init glance search by exporting found metadefs/images to elasticsearch
- if is_service_enabled g-search; then
- ${TOP_DIR}/pkg/elasticsearch.sh start
- $GLANCE_BIN_DIR/glance-index
- fi
}
# install_glanceclient() - Collect source and prepare
@@ -371,11 +317,6 @@
if is_service_enabled tls-proxy; then
start_tls_proxy '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT &
start_tls_proxy '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT &
-
- # Handle g-search
- if is_service_enabled g-search; then
- start_tls_proxy '*' $GLANCE_SEARCH_PORT $GLANCE_SERVICE_HOST $GLANCE_SEARCH_PORT_INT &
- fi
fi
run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
@@ -385,15 +326,6 @@
if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then
die $LINENO "g-api did not start"
fi
-
- # Start g-search after g-reg/g-api
- if is_service_enabled g-search; then
- run_process g-search "$GLANCE_BIN_DIR/glance-search --config-file=$GLANCE_CONF_DIR/glance-search.conf"
- echo "Waiting for g-search ($GLANCE_SEARCH_HOSTPORT) to start..."
- if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT; then
- die $LINENO "g-search did not start"
- fi
- fi
}
# stop_glance() - Stop running processes
@@ -401,10 +333,6 @@
# Kill the Glance screen windows
stop_process g-api
stop_process g-reg
-
- if is_service_enabled g-search; then
- stop_process g-search
- fi
}
# Restore xtrace
diff --git a/lib/heat b/lib/heat
index df44b76..4131878 100644
--- a/lib/heat
+++ b/lib/heat
@@ -196,6 +196,9 @@
iniset $HEAT_CONF DEFAULT enable_stack_abandon true
fi
+ iniset $HEAT_CONF cache enabled "True"
+ iniset $HEAT_CONF cache backend "dogpile.cache.memory"
+
sudo install -d -o $STACK_USER $HEAT_ENV_DIR $HEAT_TEMPLATES_DIR
# copy the default environment
@@ -387,23 +390,21 @@
if [[ "$HEAT_STANDALONE" != "True" ]]; then
create_service_user "heat" "admin"
+ get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
+ get_or_create_endpoint \
+ "orchestration" \
+ "$REGION_NAME" \
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
- get_or_create_endpoint "orchestration" \
- "$REGION_NAME" \
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
-
- get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
- get_or_create_endpoint "cloudformation" \
- "$REGION_NAME" \
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
- fi
+ get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
+ get_or_create_endpoint \
+ "cloudformation" \
+ "$REGION_NAME" \
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
# heat_stack_user role is for users created by Heat
get_or_create_role "heat_stack_user"
diff --git a/lib/horizon b/lib/horizon
index dca3111..abc1f6d 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -89,7 +89,6 @@
cp $HORIZON_SETTINGS $local_settings
_horizon_config_set $local_settings "" WEBROOT \"$HORIZON_APACHE_ROOT/\"
- _horizon_config_set $local_settings "" CUSTOM_THEME_PATH \"themes/webroot\"
_horizon_config_set $local_settings "" COMPRESS_OFFLINE True
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\"
diff --git a/lib/keystone b/lib/keystone
index 7592804..7d5fd41 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -52,12 +52,26 @@
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
+# NOTE(sdague): remove in Newton
+KEYSTONE_CATALOG_BACKEND="sql"
+
# Toggle for deploying Keystone under HTTPD + mod_wsgi
+# Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}}
-# Select the Catalog backend driver
-KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
-KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
+# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
+# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
+# - eventlet : Run keystone-all
+# - uwsgi : Run keystone under uwsgi
+if [ -z "$KEYSTONE_DEPLOY" ]; then
+ if [ -z "$KEYSTONE_USE_MOD_WSGI" ]; then
+ KEYSTONE_DEPLOY=mod_wsgi
+ elif [ "$KEYSTONE_USE_MOD_WSGI" == True ]; then
+ KEYSTONE_DEPLOY=mod_wsgi
+ else
+ KEYSTONE_DEPLOY=eventlet
+ fi
+fi
# Select the token persistence backend driver
KEYSTONE_TOKEN_BACKEND=${KEYSTONE_TOKEN_BACKEND:-sql}
@@ -218,21 +232,28 @@
iniset $KEYSTONE_CONF role driver "$KEYSTONE_ROLE_BACKEND"
iniset $KEYSTONE_CONF resource driver "$KEYSTONE_RESOURCE_BACKEND"
+ # Enable caching
+ iniset $KEYSTONE_CONF cache enabled "True"
+ iniset $KEYSTONE_CONF cache backend "oslo_cache.memcache_pool"
+ iniset $KEYSTONE_CONF cache memcache_servers $SERVICE_HOST:11211
+
+ # Do not cache the catalog backend due to https://bugs.launchpad.net/keystone/+bug/1537617
+ iniset $KEYSTONE_CONF catalog caching "False"
+
iniset_rpc_backend keystone $KEYSTONE_CONF
# Register SSL certificates if provided
if is_ssl_enabled_service key; then
ensure_certificates KEYSTONE
-
- iniset $KEYSTONE_CONF eventlet_server_ssl enable True
- iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
- iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
fi
+ local service_port=$KEYSTONE_SERVICE_PORT
+ local auth_port=$KEYSTONE_AUTH_PORT
+
if is_service_enabled tls-proxy; then
# Set the service ports for a proxy to take the originals
- iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
- iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
+ service_port=$KEYSTONE_SERVICE_PORT_INT
+ auth_port=$KEYSTONE_AUTH_PORT_INT
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
@@ -246,58 +267,76 @@
iniset $KEYSTONE_CONF token driver "$KEYSTONE_TOKEN_BACKEND"
- iniset $KEYSTONE_CONF catalog driver "$KEYSTONE_CATALOG_BACKEND"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
- # Configure ``keystone.conf`` to use sql
- inicomment $KEYSTONE_CONF catalog template_file
- else
- cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
-
- # Add swift endpoints to service catalog if swift is enabled
- if is_service_enabled s-proxy; then
- echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
- fi
-
- # Add neutron endpoints to service catalog if neutron is enabled
- if is_service_enabled neutron; then
- echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.network.name = Neutron Service" >> $KEYSTONE_CATALOG
- fi
-
- sed -e "
- s,%SERVICE_HOST%,$SERVICE_HOST,g;
- s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
- " -i $KEYSTONE_CATALOG
-
- # Configure ``keystone.conf`` to use templates
- iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
- fi
-
# Set up logging
if [ "$SYSLOG" != "False" ]; then
iniset $KEYSTONE_CONF DEFAULT use_syslog "True"
fi
# Format logging
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_USE_MOD_WSGI" == "False" ] ; then
+ if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_DEPLOY" != "mod_wsgi" ] ; then
setup_colorized_logging $KEYSTONE_CONF DEFAULT
fi
iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
- # Eliminate the %(asctime)s.%(msecs)03d from the log format strings
- iniset $KEYSTONE_CONF DEFAULT logging_context_format_string "%(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s"
- iniset $KEYSTONE_CONF DEFAULT logging_default_format_string "%(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s"
- iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(funcName)s %(pathname)s:%(lineno)d"
- iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
+ iniset $KEYSTONE_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s"
+ iniset $KEYSTONE_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s"
+ iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(asctime)s.%(msecs)03d %(funcName)s %(pathname)s:%(lineno)d"
+ iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s"
_config_keystone_apache_wsgi
- else
+ elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
+ # iniset creates these files when it's called if they don't exist.
+ KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
+ KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
+
+ rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
+ rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
+
+ if is_ssl_enabled_service key; then
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
+ else
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
+ fi
+
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
+ # This is running standalone
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi master true
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi threads $(nproc)
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi enable-threads true
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi plugins python
+ # uwsgi recommends this to prevent thundering herd on accept.
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi thunder-lock true
+ # Override the default size for headers from the 4k default.
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi buffer-size 65535
+ # Make sure the client doesn't try to re-use the connection.
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi add-header "Connection: close"
+
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
+ # This is running standalone
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi master true
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi threads $API_WORKERS
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi enable-threads true
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi plugins python
+ # uwsgi recommends this to prevent thundering herd on accept.
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi thunder-lock true
+ # Override the default size for headers from the 4k default.
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi buffer-size 65535
+ # Make sure the client doesn't try to re-use the connection.
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi add-header "Connection: close"
+
+ else # eventlet
+ if is_ssl_enabled_service key; then
+ iniset $KEYSTONE_CONF eventlet_server_ssl enable True
+ iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
+ iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
+ fi
+
+ iniset $KEYSTONE_CONF eventlet_server public_port $service_port
+ iniset $KEYSTONE_CONF eventlet_server admin_port $auth_port
+
iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
@@ -319,6 +358,8 @@
# -- -- Member
# demo admin admin
# demo demo Member, anotherrole
+# alt_demo admin admin
+# alt_demo alt_demo Member, anotherrole
# invisible_to_admin demo Member
# Group Users Roles Tenant
@@ -379,6 +420,18 @@
get_or_add_user_project_role $another_role $demo_user $demo_tenant
get_or_add_user_project_role $member_role $demo_user $invis_tenant
+ # alt_demo
+ local alt_demo_tenant
+ alt_demo_tenant=$(get_or_create_project "alt_demo" default)
+ local alt_demo_user
+ alt_demo_user=$(get_or_create_user "alt_demo" \
+ "$ADMIN_PASSWORD" "default" "alt_demo@example.com")
+
+ get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
+ get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
+ get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
+
+ # groups
local admin_group
admin_group=$(get_or_create_group "admins" \
"default" "openstack admin group")
@@ -388,6 +441,8 @@
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+ get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
+ get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
}
@@ -503,7 +558,7 @@
setup_develop $KEYSTONE_DIR ldap
fi
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
install_apache_wsgi
if is_ssl_enabled_service "key"; then
enable_mod_ssl
@@ -521,12 +576,15 @@
auth_protocol="http"
fi
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
enable_apache_site keystone
restart_apache_server
tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
- else
+ elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
+ run_process key "uwsgi $KEYSTONE_PUBLIC_UWSGI_FILE" "" "key-p"
+ run_process key "uwsgi $KEYSTONE_ADMIN_UWSGI_FILE" "" "key-a"
+ else # eventlet
# Start Keystone in a screen window
run_process key "$KEYSTONE_BIN_DIR/keystone-all --config-file $KEYSTONE_CONF"
fi
@@ -551,7 +609,7 @@
# stop_keystone() - Stop running processes
function stop_keystone {
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
disable_apache_site keystone
restart_apache_server
fi
@@ -564,7 +622,6 @@
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
-# - ``KEYSTONE_CATALOG_BACKEND``
# - ``KEYSTONE_AUTH_URI``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
@@ -592,19 +649,17 @@
--os-identity-api-version 3 --os-auth-url $KEYSTONE_AUTH_URI \
--os-password $ADMIN_PASSWORD)
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+ export OS_TOKEN=$token_id
+ export OS_URL=$KEYSTONE_AUTH_URI/v3
+ export OS_IDENTITY_API_VERSION=3
- export OS_TOKEN=$token_id
- export OS_URL=$KEYSTONE_AUTH_URI/v3
- export OS_IDENTITY_API_VERSION=3
-
- get_or_create_service "keystone" "identity" "Keystone Identity Service"
- get_or_create_endpoint "identity" \
- "$REGION_NAME" \
- "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
- "$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION" \
- "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
- fi
+ get_or_create_service "keystone" "identity" "Keystone Identity Service"
+ get_or_create_endpoint \
+ "identity" \
+ "$REGION_NAME" \
+ "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
+ "$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION" \
+ "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
unset OS_TOKEN OS_URL OS_IDENTITY_API_VERSION
}
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index a148971..539b9ff 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -433,15 +433,18 @@
# goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
if is_service_enabled q-lbaas; then
+ deprecated "Configuring q-lbaas through devstack is deprecated"
_configure_neutron_lbaas
fi
if is_service_enabled q-metering; then
_configure_neutron_metering
fi
if is_service_enabled q-vpn; then
+ deprecated "Configuring q-vpn through devstack is deprecated"
_configure_neutron_vpn
fi
if is_service_enabled q-fwaas; then
+ deprecated "Configuring q-fwaas through devstack is deprecated"
_configure_neutron_fwaas
fi
if is_service_enabled q-agt q-svc; then
@@ -475,7 +478,7 @@
function create_nova_conf_neutron {
iniset $NOVA_CONF DEFAULT network_api_class "nova.network.neutronv2.api.API"
- iniset $NOVA_CONF neutron auth_plugin "v3password"
+ iniset $NOVA_CONF neutron auth_type "password"
iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
@@ -522,15 +525,13 @@
create_service_user "neutron"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "neutron" "network" "Neutron Service"
- get_or_create_endpoint "network" \
- "$REGION_NAME" \
- "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
- "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
- "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
- fi
+ get_or_create_service "neutron" "network" "Neutron Service"
+ get_or_create_endpoint \
+ "network" \
+ "$REGION_NAME" \
+ "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
+ "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
+ "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
fi
}
@@ -550,12 +551,12 @@
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
if [[ "$IP_VERSION" =~ 4.* ]]; then
- SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY --subnetpool None $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+ SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $TENANT_ID"
fi
if [[ "$IP_VERSION" =~ .*6 ]] && [[ -n "$IPV6_PROVIDER_FIXED_RANGE" ]] && [[ -n "$IPV6_PROVIDER_NETWORK_GATEWAY" ]]; then
- SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME --subnetpool None $NET_ID $IPV6_PROVIDER_FIXED_RANGE | grep 'id' | get_field 2)
+ SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME $NET_ID $IPV6_PROVIDER_FIXED_RANGE | grep 'id' | get_field 2)
die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $IPV6_PROVIDER_SUBNET_NAME $TENANT_ID"
fi
@@ -620,6 +621,13 @@
# install_neutron() - Collect source and prepare
function install_neutron {
+ # Install neutron-lib from git so we make sure we're testing
+ # the latest code.
+ if use_library_from_git "neutron-lib"; then
+ git_clone_by_name "neutron-lib"
+ setup_dev_lib "neutron-lib"
+ fi
+
git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
setup_develop $NEUTRON_DIR
if is_service_enabled q-fwaas; then
@@ -967,7 +975,7 @@
setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
else
# Show user_name and project_name by default like in nova
- iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
+ iniset $NEUTRON_CONF DEFAULT logging_user_identity_format "%(user_name)s %(project_name)s"
fi
if is_service_enabled tls-proxy; then
@@ -997,7 +1005,6 @@
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_TEST_CONFIG_FILE
- iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
@@ -1013,7 +1020,6 @@
cp $NEUTRON_DIR/etc/dhcp_agent.ini.sample $Q_DHCP_CONF_FILE
- iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_DHCP_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
@@ -1045,7 +1051,6 @@
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $Q_L3_CONF_FILE
- iniset $Q_L3_CONF_FILE DEFAULT verbose True
iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
@@ -1066,7 +1071,6 @@
function _configure_neutron_metadata_agent {
cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $Q_META_CONF_FILE
- iniset $Q_META_CONF_FILE DEFAULT verbose True
iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
@@ -1130,7 +1134,6 @@
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
fi
- iniset $NEUTRON_CONF DEFAULT verbose True
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
# Configure agent for plugin
@@ -1150,7 +1153,6 @@
iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
fi
- iniset $NEUTRON_CONF DEFAULT verbose True
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
@@ -1162,7 +1164,7 @@
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
- iniset $NEUTRON_CONF nova auth_plugin password
+ iniset $NEUTRON_CONF nova auth_type password
iniset $NEUTRON_CONF nova auth_url $KEYSTONE_AUTH_URI
iniset $NEUTRON_CONF nova username nova
iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
@@ -1264,7 +1266,6 @@
subnet_params+="--ip_version 4 "
subnet_params+="--gateway $NETWORK_GATEWAY "
subnet_params+="--name $PRIVATE_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$NET_ID $FIXED_RANGE"
local subnet_id
subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
@@ -1281,7 +1282,6 @@
subnet_params+="--ip_version 6 "
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
local ipv6_subnet_id
ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
@@ -1295,7 +1295,6 @@
subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
subnet_params+="--name $PUBLIC_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
subnet_params+="-- --enable_dhcp=False"
local id_and_ext_gw_ip
@@ -1309,7 +1308,6 @@
local subnet_params="--ip_version 6 "
subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
subnet_params+="-- --enable_dhcp=False"
local ipv6_id_and_ext_gw_ip
diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
deleted file mode 100644
index ca0b70c..0000000
--- a/lib/neutron_plugins/midonet
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# REVISIT(devvesa): This file is needed so Q_PLUGIN=midonet will work.
-
-# FIXME(yamamoto): This function should not be here, but unfortunately
-# devstack calls it before the external plugins are fetched
-function has_neutron_plugin_security_group {
- # 0 means True here
- return 0
-}
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index b1acacd..94a2689 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -37,6 +37,7 @@
}
function neutron_plugin_configure_plugin_agent {
+ local mappings_array mapping phys_bridge
# Setup integration bridge
_neutron_ovs_base_setup_bridge $OVS_BRIDGE
_neutron_ovs_base_configure_firewall_driver
@@ -58,9 +59,15 @@
# complex physical network configurations.
if [[ "$OVS_BRIDGE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE
+ fi
- # Configure bridge manually with physical interface as port for multi-node
- _neutron_ovs_base_add_bridge $OVS_PHYSICAL_BRIDGE
+ if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
+ IFS=',' read -a mappings_array <<< "$OVS_BRIDGE_MAPPINGS"
+ for mapping in "${mappings_array[@]}"; do
+ phys_bridge=`echo $mapping | cut -f 2 -d ":"`
+ # Configure bridge manually with physical interface as port for multi-node
+ _neutron_ovs_base_add_bridge $phys_bridge
+ done
fi
if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings $OVS_BRIDGE_MAPPINGS
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index 2b7f32d..40968fa 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -7,7 +7,8 @@
_XTRACE_NEUTRON_FIREWALL=$(set +o | grep xtrace)
set +o xtrace
-FWAAS_PLUGIN=neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin
+FWAAS_PLUGIN=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin}
+FWAAS_DRIVER=${FWAAS_DRIVER:-neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver}
function neutron_fwaas_configure_common {
_neutron_service_plugin_class_add $FWAAS_PLUGIN
@@ -21,7 +22,7 @@
cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini.sample $FWAAS_DRIVER_CONF_FILENAME
iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
- iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
+ iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "$FWAAS_DRIVER"
}
function neutron_fwaas_stop {
diff --git a/lib/nova b/lib/nova
index df2b977..cce538d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -96,7 +96,7 @@
# Nova supports pluggable schedulers. The default ``FilterScheduler``
# should work in most cases.
-SCHEDULER=${SCHEDULER:-nova.scheduler.filter_scheduler.FilterScheduler}
+SCHEDULER=${SCHEDULER:-filter_scheduler}
# The following FILTERS contains SameHostFilter and DifferentHostFilter with
# the default filters.
@@ -415,29 +415,28 @@
# this service user when notifying nova of changes and that requires the admin role.
create_service_user "nova" "admin"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local nova_api_url
- if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
- nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
- else
- nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
- fi
-
- get_or_create_service "nova_legacy" "compute_legacy" \
- "Nova Compute Service (Legacy 2.0)"
- get_or_create_endpoint "compute_legacy" \
- "$REGION_NAME" \
- "$nova_api_url/v2/\$(tenant_id)s" \
- "$nova_api_url/v2/\$(tenant_id)s" \
- "$nova_api_url/v2/\$(tenant_id)s"
-
- get_or_create_service "nova" "compute" "Nova Compute Service"
- get_or_create_endpoint "compute" \
- "$REGION_NAME" \
- "$nova_api_url/v2.1/\$(tenant_id)s" \
- "$nova_api_url/v2.1/\$(tenant_id)s" \
- "$nova_api_url/v2.1/\$(tenant_id)s"
+ local nova_api_url
+ if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
+ nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
+ else
+ nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
fi
+
+ get_or_create_service "nova_legacy" "compute_legacy" "Nova Compute Service (Legacy 2.0)"
+ get_or_create_endpoint \
+ "compute_legacy" \
+ "$REGION_NAME" \
+ "$nova_api_url/v2/\$(tenant_id)s" \
+ "$nova_api_url/v2/\$(tenant_id)s" \
+ "$nova_api_url/v2/\$(tenant_id)s"
+
+ get_or_create_service "nova" "compute" "Nova Compute Service"
+ get_or_create_endpoint \
+ "compute" \
+ "$REGION_NAME" \
+ "$nova_api_url/v2.1/\$(tenant_id)s" \
+ "$nova_api_url/v2.1/\$(tenant_id)s" \
+ "$nova_api_url/v2.1/\$(tenant_id)s"
fi
if is_service_enabled n-api; then
@@ -451,15 +450,13 @@
# S3
if is_service_enabled swift3; then
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "s3" "s3" "S3"
- get_or_create_endpoint "s3" \
- "$REGION_NAME" \
- "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
- "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
- "http://$SERVICE_HOST:$S3_SERVICE_PORT"
- fi
+ get_or_create_service "s3" "s3" "S3"
+ get_or_create_endpoint \
+ "s3" \
+ "$REGION_NAME" \
+ "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
+ "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
+ "http://$SERVICE_HOST:$S3_SERVICE_PORT"
fi
}
@@ -546,7 +543,7 @@
setup_colorized_logging $NOVA_CONF DEFAULT
else
# Show user_name and project_name instead of user_id and project_id
- iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
+ iniset $NOVA_CONF DEFAULT logging_user_identity_format "%(user_name)s %(project_name)s"
fi
if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
_config_nova_apache_wsgi
@@ -579,7 +576,7 @@
iniset $NOVA_CONF vnc vncserver_listen "$VNCSERVER_LISTEN"
iniset $NOVA_CONF vnc vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
iniset $NOVA_CONF DEFAULT novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
- iniset $NOVA_CONF DEFAULT xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
+ iniset $NOVA_CONF vnc xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
else
iniset $NOVA_CONF vnc enabled false
fi
@@ -689,8 +686,6 @@
iniset $NOVA_CONF DEFAULT public_interface "$PUBLIC_INTERFACE"
iniset $NOVA_CONF DEFAULT vlan_interface "$VLAN_INTERFACE"
iniset $NOVA_CONF DEFAULT flat_network_bridge "$FLAT_NETWORK_BRIDGE"
- # force down dhcp leases to 5 minutes, which lets us expire faster
- iniset $NOVA_CONF DEFAULT dhcp_lease_time 300
if [ -n "$FLAT_INTERFACE" ]; then
iniset $NOVA_CONF DEFAULT flat_interface "$FLAT_INTERFACE"
fi
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index c6ed85d..43e7797 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -41,7 +41,7 @@
iniset $NOVA_CONF DEFAULT compute_driver nova.virt.ironic.IronicDriver
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
- iniset $NOVA_CONF DEFAULT scheduler_host_manager nova.scheduler.ironic_host_manager.IronicHostManager
+ iniset $NOVA_CONF DEFAULT scheduler_host_manager ironic_host_manager
iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
# ironic section
diff --git a/lib/oslo b/lib/oslo
index 6f5c7d1..1773da2 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -89,6 +89,7 @@
_do_install_oslo_lib "oslo.utils"
_do_install_oslo_lib "oslo.versionedobjects"
_do_install_oslo_lib "oslo.vmware"
+ _do_install_oslo_lib "osprofiler"
_do_install_oslo_lib "pycadf"
_do_install_oslo_lib "stevedore"
_do_install_oslo_lib "taskflow"
diff --git a/lib/swift b/lib/swift
index 9edeb0a..947d2ab 100644
--- a/lib/swift
+++ b/lib/swift
@@ -612,8 +612,6 @@
export swiftusertest3_password=testing3
export swiftusertest4_password=testing4
- KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
-
local another_role
another_role=$(get_or_create_role "anotherrole")
@@ -621,15 +619,13 @@
# temp urls, which break when uploaded by a non-admin role
create_service_user "swift" "admin"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "swift" "object-store" "Swift Service"
- get_or_create_endpoint "object-store" \
- "$REGION_NAME" \
- "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" \
- "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT" \
- "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s"
- fi
+ get_or_create_service "swift" "object-store" "Swift Service"
+ get_or_create_endpoint \
+ "object-store" \
+ "$REGION_NAME" \
+ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" \
+ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT" \
+ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s"
local swift_tenant_test1
swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
diff --git a/lib/tempest b/lib/tempest
index 3c34aad..f75d755 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -321,7 +321,10 @@
local tmp_cfg_file
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
- tox -revenv -- verify-tempest-config -uro $tmp_cfg_file
+ tox -revenv --notest
+ # NOTE(mtreinish): Respect constraints on tempest verify-config venv
+ tox -evenv -- pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
+ tox -evenv -- tempest verify-config -uro $tmp_cfg_file
local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then
@@ -450,10 +453,6 @@
iniset $TEMPEST_CONFIG validation network_for_ssh $PRIVATE_NETWORK_NAME
# Volume
- # TODO(dkranz): Remove the bootable flag when Juno is end of life.
- iniset $TEMPEST_CONFIG volume-feature-enabled bootable True
- # TODO(jordanP): Remove the extend_with_snapshot flag when Juno is end of life.
- iniset $TEMPEST_CONFIG volume-feature-enabled extend_with_snapshot True
# TODO(obutenko): Remove the incremental_backup_force flag when Kilo and Juno is end of life.
iniset $TEMPEST_CONFIG volume-feature-enabled incremental_backup_force True
# TODO(ynesenenko): Remove the volume_services flag when Liberty and Kilo will correct work with host info.
@@ -568,21 +567,6 @@
IFS=$ifs
}
-# create_tempest_accounts() - Set up common required tempest accounts
-
-# Project User Roles
-# ------------------------------------------------------------------
-# alt_demo alt_demo Member
-
-function create_tempest_accounts {
- if is_service_enabled tempest; then
- # Tempest has some tests that validate various authorization checks
- # between two regular users in separate tenants
- get_or_create_project alt_demo default
- get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
- get_or_add_user_project_role Member alt_demo alt_demo
- fi
-}
# install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
function install_tempest_lib {
@@ -603,6 +587,10 @@
pip_install tox
pushd $TEMPEST_DIR
tox --notest -efull
+ # NOTE(mtreinish) Respect constraints in the tempest full venv, things that
+ # are using a tox job other than full will not be respecting constraints but
+ # running pip install -U on tempest requirements
+ $TEMPEST_DIR/.tox/full/bin/pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
PROJECT_VENV["tempest"]=${TEMPEST_DIR}/.tox/full
install_tempest_lib
popd
diff --git a/stack.sh b/stack.sh
index 991ac7b..6dddea4 100755
--- a/stack.sh
+++ b/stack.sh
@@ -138,7 +138,7 @@
source $TOP_DIR/lib/stack
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
@@ -240,6 +240,7 @@
# see them by forcing ``PATH``
echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
echo "Defaults:$STACK_USER !requiretty" >> $TEMPFILE
+echo "Defaults env_keep += PS4" >> $TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@@ -292,7 +293,7 @@
sudo yum-config-manager --enable rhel-7-server-optional-rpms
# install the lastest RDO
- sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm
+ is_package_installed rdo-release || yum_install https://rdoproject.org/repos/rdo-release.rpm
if is_oraclelinux; then
sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56
diff --git a/stackrc b/stackrc
index 58146a4..7294f7b 100644
--- a/stackrc
+++ b/stackrc
@@ -14,6 +14,9 @@
LC_ALL=C
export LC_ALL
+# Make tracing more educational
+export PS4='+ ${BASH_SOURCE:-}:${FUNCNAME[0]:-}:L${LINENO:-}: '
+
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
@@ -480,6 +483,15 @@
# this doesn't exist in a lib file, so set it here
GITDIR["ironic-lib"]=$DEST/ironic-lib
+# diskimage-builder tool
+GITREPO["diskimage-builder"]=${DIB_REPO:-${GIT_BASE}/openstack/diskimage-builder.git}
+GITBRANCH["diskimage-builder"]=${DIB_BRANCH:-master}
+GITDIR["diskimage-builder"]=$DEST/diskimage-builder
+
+# neutron-lib library containing neutron stable non-REST interfaces
+GITREPO["neutron-lib"]=${NEUTRON_LIB_REPO:-${GIT_BASE}/openstack/neutron-lib.git}
+GITBRANCH["neutron-lib"]=${NEUTRON_LIB_BRANCH:-master}
+GITDIR["neutron-lib"]=$DEST/neutron-lib
##################
#
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 326241d..ee11fd2 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -41,7 +41,8 @@
ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
ALL_LIBS+=" oslo.cache oslo.reports osprofiler"
-ALL_LIBS+=" keystoneauth ironic-lib oslo.privsep"
+ALL_LIBS+=" keystoneauth ironic-lib neutron-lib oslo.privsep"
+ALL_LIBS+=" diskimage-builder"
# Generate the above list with
# echo ${!GITREPO[@]}
diff --git a/tests/test_vercmp.sh b/tests/test_vercmp.sh
new file mode 100755
index 0000000..c88bf86
--- /dev/null
+++ b/tests/test_vercmp.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# Tests for DevStack vercmp functionality
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP/functions
+source $TOP/tests/unittest.sh
+
+assert_true "numeric gt" vercmp 2.0 ">" 1.0
+assert_true "numeric gte" vercmp 2.0 ">=" 1.0
+assert_true "numeric gt" vercmp 1.0.1 ">" 1.0
+assert_true "numeric gte" vercmp 1.0.1 ">=" 1.0
+assert_true "alpha gt" vercmp 1.0.1b ">" 1.0.1a
+assert_true "alpha gte" vercmp 1.0.1b ">=" 1.0.1a
+assert_true "alpha gt" vercmp b ">" a
+assert_true "alpha gte" vercmp b ">=" a
+assert_true "alpha gt" vercmp 2.0-rc3 ">" 2.0-rc1
+assert_true "alpha gte" vercmp 2.0-rc3 ">=" 2.0-rc1
+
+assert_false "numeric gt fail" vercmp 1.0 ">" 1.0
+assert_true "numeric gte" vercmp 1.0 ">=" 1.0
+assert_false "numeric gt fail" vercmp 0.9 ">" 1.0
+assert_false "numeric gte fail" vercmp 0.9 ">=" 1.0
+assert_false "numeric gt fail" vercmp 0.9.9 ">" 1.0
+assert_false "numeric gte fail" vercmp 0.9.9 ">=" 1.0
+assert_false "numeric gt fail" vercmp 0.9a.9 ">" 1.0.1
+assert_false "numeric gte fail" vercmp 0.9a.9 ">=" 1.0.1
+
+assert_false "numeric lt" vercmp 1.0 "<" 1.0
+assert_true "numeric lte" vercmp 1.0 "<=" 1.0
+assert_true "numeric lt" vercmp 1.0 "<" 1.0.1
+assert_true "numeric lte" vercmp 1.0 "<=" 1.0.1
+assert_true "alpha lt" vercmp 1.0.1a "<" 1.0.1b
+assert_true "alpha lte" vercmp 1.0.1a "<=" 1.0.1b
+assert_true "alpha lt" vercmp a "<" b
+assert_true "alpha lte" vercmp a "<=" b
+assert_true "alpha lt" vercmp 2.0-rc1 "<" 2.0-rc3
+assert_true "alpha lte" vercmp 2.0-rc1 "<=" 2.0-rc3
+
+assert_true "eq" vercmp 1.0 "==" 1.0
+assert_true "eq" vercmp 1.0.1 "==" 1.0.1
+assert_false "eq fail" vercmp 1.0.1 "==" 1.0.2
+assert_false "eq fail" vercmp 2.0-rc1 "==" 2.0-rc2
+
+report_results
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 26b5b8e..3703ece 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -92,6 +92,51 @@
fi
}
+# assert the arguments evaluate to true
+# assert_true "message" arg1 arg2
+function assert_true {
+ local lineno
+ lineno=`caller 0 | awk '{print $1}'`
+ local function
+ function=`caller 0 | awk '{print $2}'`
+ local msg=$1
+ shift
+
+ $@
+ if [ $? -eq 0 ]; then
+ PASS=$((PASS+1))
+ echo "PASS: $function:L$lineno - $msg"
+ else
+ FAILED_FUNCS+="$function:L$lineno\n"
+ echo "ERROR: test failed in $function:L$lineno!"
+ echo " $msg"
+ ERROR=$((ERROR+1))
+ fi
+}
+
+# assert the arguments evaluate to false
+# assert_false "message" arg1 arg2
+function assert_false {
+ local lineno
+ lineno=`caller 0 | awk '{print $1}'`
+ local function
+ function=`caller 0 | awk '{print $2}'`
+ local msg=$1
+ shift
+
+ $@
+ if [ $? -eq 0 ]; then
+ FAILED_FUNCS+="$function:L$lineno\n"
+ echo "ERROR: test failed in $function:L$lineno!"
+ echo " $msg"
+ ERROR=$((ERROR+1))
+ else
+ PASS=$((PASS+1))
+ echo "PASS: $function:L$lineno - $msg"
+ fi
+}
+
+
# Print a summary of passing and failing tests and exit
# (with an error if we have failed tests)
# usage: report_results
diff --git a/tools/cap-pip.txt b/tools/cap-pip.txt
index 1a6f80c..c280267 100644
--- a/tools/cap-pip.txt
+++ b/tools/cap-pip.txt
@@ -1 +1 @@
-pip<8
+pip!=8
diff --git a/tools/create-stack-user.sh b/tools/create-stack-user.sh
index b49164b..c0b7ac7 100755
--- a/tools/create-stack-user.sh
+++ b/tools/create-stack-user.sh
@@ -24,7 +24,7 @@
source $TOP_DIR/functions
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
diff --git a/tools/generate-devstack-plugins-list.sh b/tools/generate-devstack-plugins-list.sh
new file mode 100644
index 0000000..6e9e828
--- /dev/null
+++ b/tools/generate-devstack-plugins-list.sh
@@ -0,0 +1,59 @@
+#!/bin/bash -ex
+
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This script is intended to be run as a periodic proposal bot job
+# in OpenStack infrastructure, though you can run it as a one-off.
+#
+# In order to function correctly, the environment in which the
+# script runs must have
+# * git
+# * all git repos meant to be searched for plugins cloned and
+# at the desired level of up-to-datedness
+# * a writable doc/source directory relative to the current
+# working directory
+#
+# If a file named data/devstack-plugins-registry.header or
+# data/devstack-plugins-registry.footer is found relative to the
+# current working directory, it will be prepended or appended to
+# the generated reStructuredText plugins table respectively.
+
+(
+declare -A plugins
+
+test -r data/devstack-plugins-registry.header && cat data/devstack-plugins-registry.header
+
+pushd ${git_dir:-/opt/openstack} >/dev/null
+for i in *; do
+ pushd ${i} >/dev/null
+ if output="$(git log --diff-filter=A --format='%cd' --date=short -1 -- devstack/plugin.sh)"; then
+ test -n "$output" && plugins[$i]=${output}
+ fi
+ popd >/dev/null
+done
+popd >/dev/null
+
+sorted_plugins=( $(for k in "${!plugins[@]}"; do echo "$k"; done | sort))
+
+for k in "${sorted_plugins[@]}"; do
+ project=${k:0:18}
+ giturl="git://git.openstack.org/openstack/${k:0:26}"
+ pdate="${plugins[$k]}"
+ printf "|%-18s|%-60s|%-12s|\n" "${project}" "${giturl}" "${pdate}"
+ printf "+------------------+------------------------------------------------------------+------------+\n"
+done
+
+test -r data/devstack-plugins-registry.footer && cat data/devstack-plugins-registry.footer
+) > doc/source/plugin-registry.rst
diff --git a/tools/info.sh b/tools/info.sh
index 433206e..c056fa7 100755
--- a/tools/info.sh
+++ b/tools/info.sh
@@ -52,10 +52,6 @@
echo "os|distro=$DISTRO"
echo "os|vendor=$os_VENDOR"
echo "os|release=$os_RELEASE"
-if [ -n "$os_UPDATE" ]; then
- echo "os|version=$os_UPDATE"
-fi
-
# Repos
# -----
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 542a284..2a9d813 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -117,8 +117,10 @@
# Eradicate any and all system packages
-# python in f23 depends on the python-pip package
-if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then
+# Python in f23 and f22 depends on the python-pip package so removing it
+# results in a nonfunctional system. pip on fedora installs to /usr so pip
+# can safely override the system pip for all versions of fedora
+if ! is_fedora ; then
uninstall_package python-pip
uninstall_package python3-pip
fi
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 031f8a8..8895e1e 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -28,7 +28,7 @@
source $TOP_DIR/functions
# Determine what system we are running on. This provides ``os_VENDOR``,
- # ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+ # ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
diff --git a/tools/worlddump.py b/tools/worlddump.py
index 9d2b082..d129374 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -56,6 +56,7 @@
print
try:
subprocess.check_call(cmd, shell=True)
+ print
except subprocess.CalledProcessError:
print "*** Failed to run: %s" % cmd
@@ -100,14 +101,38 @@
_dump_cmd("sudo iptables --line-numbers -L -nv -t %s" % table)
+def _netns_list():
+ process = subprocess.Popen(['ip', 'netns'], stdout=subprocess.PIPE)
+ stdout, _ = process.communicate()
+ return stdout.split()
+
+
def network_dump():
_header("Network Dump")
_dump_cmd("brctl show")
_dump_cmd("arp -n")
- _dump_cmd("ip addr")
- _dump_cmd("ip link")
- _dump_cmd("ip route")
+ ip_cmds = ["addr", "link", "route"]
+ for cmd in ip_cmds + ['netns']:
+ _dump_cmd("ip %s" % cmd)
+ for netns_ in _netns_list():
+ for cmd in ip_cmds:
+ args = {'netns': netns_, 'cmd': cmd}
+ _dump_cmd('sudo ip netns exec %(netns)s ip %(cmd)s' % args)
+
+
+def ovs_dump():
+ _header("Open vSwitch Dump")
+
+ # NOTE(ihrachys): worlddump is used outside of devstack context (f.e. in
+ # grenade), so there is no single place to determine the bridge names from.
+ # Hardcode for now.
+ bridges = ('br-int', 'br-tun', 'br-ex')
+ _dump_cmd("sudo ovs-vsctl show")
+ for bridge in bridges:
+ _dump_cmd("sudo ovs-ofctl show %s" % bridge)
+ for bridge in bridges:
+ _dump_cmd("sudo ovs-ofctl dump-flows %s" % bridge)
def process_list():
@@ -147,6 +172,7 @@
disk_space()
process_list()
network_dump()
+ ovs_dump()
iptables_dump()
ebtables_dump()
compute_consoles()
diff --git a/tox.ini b/tox.ini
index f9d04f2..aaae08c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,7 +9,7 @@
[testenv:bashate]
deps =
- {env:BASHATE_INSTALL_PATH:bashate==0.3.2}
+ {env:BASHATE_INSTALL_PATH:bashate==0.4.0}
whitelist_externals = bash
commands = bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
@@ -18,6 +18,7 @@
-type f \
-not -name \*~ \
-not -name \*.md \
+ -not -name stack-screenrc \
\( \
-name \*.sh -or \
-name \*.orig -or \
diff --git a/unstack.sh b/unstack.sh
index 8eded83..d7670e3 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -9,12 +9,12 @@
# Stop all processes by setting ``UNSTACK_ALL`` or specifying ``-a``
# on the command line
-UNSTACK_ALL=""
+UNSTACK_ALL=${UNSTACK_ALL:-""}
while getopts ":a" opt; do
case $opt in
a)
- UNSTACK_ALL=""
+ UNSTACK_ALL="-1"
;;
esac
done
@@ -84,9 +84,11 @@
load_plugin_settings
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
GetOSVersion
+set -o xtrace
+
# Run extras
# ==========