Merge "Fix cellsv2 cell0 database name"
diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index 85a5656..3732f06 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -73,7 +73,7 @@
::
sudo rmmod kvm-amd
- sudo sh -c "echo 'options amd nested=1' >> /etc/modprobe.d/dist.conf"
+ sudo sh -c "echo 'options kvm-amd nested=1' >> /etc/modprobe.d/dist.conf"
sudo modprobe kvm-amd
Ensure the Nested KVM Kernel module parameter for AMD is enabled on the
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index cb9c437..4cfbcb1 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -82,6 +82,7 @@
meteos `git://git.openstack.org/openstack/meteos <https://git.openstack.org/cgit/openstack/meteos>`__
mistral `git://git.openstack.org/openstack/mistral <https://git.openstack.org/cgit/openstack/mistral>`__
mixmatch `git://git.openstack.org/openstack/mixmatch <https://git.openstack.org/cgit/openstack/mixmatch>`__
+mogan `git://git.openstack.org/openstack/mogan <https://git.openstack.org/cgit/openstack/mogan>`__
monasca-analytics `git://git.openstack.org/openstack/monasca-analytics <https://git.openstack.org/cgit/openstack/monasca-analytics>`__
monasca-api `git://git.openstack.org/openstack/monasca-api <https://git.openstack.org/cgit/openstack/monasca-api>`__
monasca-ceilometer `git://git.openstack.org/openstack/monasca-ceilometer <https://git.openstack.org/cgit/openstack/monasca-ceilometer>`__
@@ -121,7 +122,6 @@
neutron-lbaas `git://git.openstack.org/openstack/neutron-lbaas <https://git.openstack.org/cgit/openstack/neutron-lbaas>`__
neutron-lbaas-dashboard `git://git.openstack.org/openstack/neutron-lbaas-dashboard <https://git.openstack.org/cgit/openstack/neutron-lbaas-dashboard>`__
neutron-vpnaas `git://git.openstack.org/openstack/neutron-vpnaas <https://git.openstack.org/cgit/openstack/neutron-vpnaas>`__
-nimble `git://git.openstack.org/openstack/nimble <https://git.openstack.org/cgit/openstack/nimble>`__
nova-docker `git://git.openstack.org/openstack/nova-docker <https://git.openstack.org/cgit/openstack/nova-docker>`__
nova-dpm `git://git.openstack.org/openstack/nova-dpm <https://git.openstack.org/cgit/openstack/nova-dpm>`__
nova-lxd `git://git.openstack.org/openstack/nova-lxd <https://git.openstack.org/cgit/openstack/nova-lxd>`__
@@ -129,6 +129,7 @@
nova-powervm `git://git.openstack.org/openstack/nova-powervm <https://git.openstack.org/cgit/openstack/nova-powervm>`__
oaktree `git://git.openstack.org/openstack/oaktree <https://git.openstack.org/cgit/openstack/oaktree>`__
octavia `git://git.openstack.org/openstack/octavia <https://git.openstack.org/cgit/openstack/octavia>`__
+os-xenapi `git://git.openstack.org/openstack/os-xenapi <https://git.openstack.org/cgit/openstack/os-xenapi>`__
osprofiler `git://git.openstack.org/openstack/osprofiler <https://git.openstack.org/cgit/openstack/osprofiler>`__
panko `git://git.openstack.org/openstack/panko <https://git.openstack.org/cgit/openstack/panko>`__
picasso `git://git.openstack.org/openstack/picasso <https://git.openstack.org/cgit/openstack/picasso>`__
diff --git a/functions b/functions
index 6a0ac67..0be9794 100644
--- a/functions
+++ b/functions
@@ -658,7 +658,7 @@
# Enable bridge firewalling in case it's disabled in kernel (upstream
# default is enabled, but some distributions may decide to change it).
# This is at least needed for RHEL 7.2 and earlier releases.
- for proto in arp ip ip6; do
+ for proto in ip ip6; do
sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
done
}
diff --git a/functions-common b/functions-common
index 8d03b88..8d32bb4 100644
--- a/functions-common
+++ b/functions-common
@@ -87,7 +87,7 @@
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
fi
# demo -> devstack
- $TOP_DIR/tools/update_clouds_yaml.py \
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack \
--os-region-name $REGION_NAME \
@@ -99,7 +99,7 @@
--os-project-name demo
# alt_demo -> devstack-alt
- $TOP_DIR/tools/update_clouds_yaml.py \
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt \
--os-region-name $REGION_NAME \
@@ -111,7 +111,7 @@
--os-project-name alt_demo
# admin -> devstack-admin
- $TOP_DIR/tools/update_clouds_yaml.py \
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin \
--os-region-name $REGION_NAME \
diff --git a/inc/python b/inc/python
index 5a9a9ed..04cde34 100644
--- a/inc/python
+++ b/inc/python
@@ -69,6 +69,20 @@
pip_install $clean_name
}
+# Wrapper for ``pip install`` that only installs versions of libraries
+# from the global-requirements specification with extras.
+#
+# Uses globals ``REQUIREMENTS_DIR``
+#
+# pip_install_gr_extras packagename extra1,extra2,...
+function pip_install_gr_extras {
+ local name=$1
+ local extras=$2
+ local clean_name
+ clean_name=$(get_from_global_requirements $name)
+ pip_install $clean_name[$extras]
+}
+
# Determine the python versions supported by a package
function get_python_versions_for_package {
local name=$1
diff --git a/lib/cinder b/lib/cinder
index f6ad780..40f0f16 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -373,6 +373,13 @@
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
+
+ # Set the backend url according to the configured dlm backend
+ if is_dlm_enabled; then
+ if [[ "$(dlm_backend)" == "zookeeper" ]]; then
+ iniset $CINDER_CONF coordination backend_url "zookeeper://${SERVICE_HOST}:2181"
+ fi
+ fi
}
# create_cinder_accounts() - Set up common required cinder accounts
diff --git a/lib/dlm b/lib/dlm
index e391535..b5ac0f5 100644
--- a/lib/dlm
+++ b/lib/dlm
@@ -91,6 +91,7 @@
# install_dlm() - Collect source and prepare
function install_dlm {
if is_dlm_enabled; then
+ pip_install_gr_extras tooz zookeeper
if is_ubuntu; then
install_package zookeeperd
elif is_fedora; then
diff --git a/lib/glance b/lib/glance
index da9cd43..4ba1d20 100644
--- a/lib/glance
+++ b/lib/glance
@@ -161,6 +161,9 @@
if is_service_enabled s-proxy; then
iniset $GLANCE_API_CONF glance_store default_store swift
iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True
+ if python3_enabled; then
+ iniset $GLANCE_API_CONF glance_store swift_store_auth_insecure True
+ fi
iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
@@ -186,7 +189,13 @@
fi
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
- iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
+ if python3_enabled; then
+ # NOTE(dims): Currently the glance_store+swift does not support either an insecure flag
+ # or ability to specify the CACERT. So fallback to http:// url
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address ${KEYSTONE_SERVICE_URI/https/http}/v3
+ else
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
+ fi
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
# commenting is not strictly necessary but it's confusing to have bad values in conf
diff --git a/lib/horizon b/lib/horizon
index 4cabbe4..9c7ec00 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -81,11 +81,7 @@
# Horizon is installed as develop mode, so we can compile here.
# Message catalog compilation is handled by Django admin script,
# so compiling them after the installation avoids Django installation twice.
- if python3_enabled; then
- (cd $HORIZON_DIR; python${PYTHON3_VERSION} manage.py compilemessages)
- else
- (cd $HORIZON_DIR; python manage.py compilemessages)
- fi
+ (cd $HORIZON_DIR; $PYTHON manage.py compilemessages)
# ``local_settings.py`` is used to override horizon default settings.
local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
@@ -166,11 +162,7 @@
git_clone_by_name "django_openstack_auth"
# Compile message catalogs before installation
_prepare_message_catalog_compilation
- if python3_enabled; then
- (cd $dir; python${PYTHON3_VERSION} setup.py compile_catalog)
- else
- (cd $dir; python setup.py compile_catalog)
- fi
+ (cd $dir; $PYTHON setup.py compile_catalog)
setup_dev_lib "django_openstack_auth"
fi
# if we aren't using this library from git, then we just let it
diff --git a/lib/keystone b/lib/keystone
index 825fe44..34730b8 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -131,6 +131,12 @@
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
+# Security compliance
+KEYSTONE_SECURITY_COMPLIANCE_ENABLED=${KEYSTONE_SECURITY_COMPLIANCE_ENABLED:-True}
+KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS=${KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS:-2}
+KEYSTONE_LOCKOUT_DURATION=${KEYSTONE_LOCKOUT_DURATION:-5}
+KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT=${KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT:-2}
+
# Functions
# ---------
@@ -339,6 +345,12 @@
# allows policy changes in order to clarify the adminess scope.
#iniset $KEYSTONE_CONF resource admin_project_domain_name Default
#iniset $KEYSTONE_CONF resource admin_project_name admin
+
+ if [[ "$KEYSTONE_SECURITY_COMPLIANCE_ENABLED" = True ]]; then
+ iniset $KEYSTONE_CONF security_compliance lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
+ iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
+ iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
+ fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
diff --git a/lib/neutron b/lib/neutron
index 852787d..f6c705c 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -73,6 +73,9 @@
# Add all enabled config files to a single config arg
NEUTRON_CONFIG_ARG=${NEUTRON_CONFIG_ARG:-""}
+# Additional neutron api config files
+declare -a _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS
+
# Functions
# ---------
@@ -163,9 +166,9 @@
# Configure VXLAN
# TODO(sc68cal) not hardcode?
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 tenant_network_types vxlan
- iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_flat flat_networks public
if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security
fi
@@ -178,10 +181,10 @@
# Configure the neutron agent
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
- iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables
iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP
else
- iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables_hybrid
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables_hybrid
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
fi
@@ -393,9 +396,17 @@
service_protocol="http"
fi
+ local opts = ""
+ opts+="--config-file $NEUTRON_CONF"
+ opts+="--config-file $NEUTRON_CORE_PLUGIN_CONF"
+ local cfg_file
+ for cfg_file in ${_NEUTRON_SERVER_EXTRA_CONF_FILES_ABS[@]}; do
+ opts+=" --config-file $cfg_file"
+ done
+
# Start the Neutron service
# TODO(sc68cal) Stop hard coding this
- run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server --config-file $NEUTRON_CONF --config-file $NEUTRON_CORE_PLUGIN_CONF"
+ run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $ops"
if is_ssl_enabled_service "neutron"; then
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
@@ -504,6 +515,10 @@
iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
}
+function neutron_server_config_add_new {
+ _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS+=($1)
+}
+
# Dispatch functions
# These are needed for compatibility between the old and new implementations
# where there are function name overlaps. These will be removed when
@@ -581,6 +596,15 @@
fi
}
+function neutron_server_config_add {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ mutnauq_server_config_add "$@"
+ else
+ neutron_server_config_add_new "$@"
+ fi
+}
+
function start_neutron {
if is_neutron_legacy_enabled; then
# Call back to old function
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 37d2783..29c187e 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -128,10 +128,24 @@
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
+# The directory which contains files for Q_PLUGIN_EXTRA_CONF_FILES.
+# /etc/neutron is assumed by many of devstack plugins. Do not change.
+_Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron
+
# List of config file names in addition to the main plugin config file
-# See _configure_neutron_common() for details about setting it up
+# To add additional plugin config files, use ``neutron_server_config_add``
+# utility function. For example:
+#
+# ``neutron_server_config_add file1``
+#
+# These config files are relative to ``/etc/neutron``. The above
+# example would specify ``--config-file /etc/neutron/file1`` for
+# neutron server.
declare -a Q_PLUGIN_EXTRA_CONF_FILES
+# same as Q_PLUGIN_EXTRA_CONF_FILES, but with absolute path.
+declare -a _Q_PLUGIN_EXTRA_CONF_FILES_ABS
+
Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
@@ -270,9 +284,23 @@
# ---------
function _determine_config_server {
+ if [[ "$Q_PLUGIN_EXTRA_CONF_PATH" != '' ]]; then
+ if [[ "$Q_PLUGIN_EXTRA_CONF_PATH" = "$_Q_PLUGIN_EXTRA_CONF_PATH" ]]; then
+ deprecated "Q_PLUGIN_EXTRA_CONF_PATH is deprecated"
+ else
+ die $LINENO "Q_PLUGIN_EXTRA_CONF_PATH is deprecated"
+ fi
+ fi
+ if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 ]]; then
+ deprecated "Q_PLUGIN_EXTRA_CONF_FILES is deprecated. Use neutron_server_config_add instead."
+ fi
+ for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
+ _Q_PLUGIN_EXTRA_CONF_FILES_ABS+=($_Q_PLUGIN_EXTRA_CONF_PATH/$cfg_file)
+ done
+
local cfg_file
local opts="--config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
- for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
+ for cfg_file in ${_Q_PLUGIN_EXTRA_CONF_FILES_ABS[@]}; do
opts+=" --config-file $cfg_file"
done
echo "$opts"
@@ -668,11 +696,6 @@
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
- # For additional plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH`` and
- # ``Q_PLUGIN_EXTRA_CONF_FILES``. For example:
- #
- # ``Q_PLUGIN_EXTRA_CONF_PATH=/path/to/plugins``
- # ``Q_PLUGIN_EXTRA_CONF_FILES=(file1 file2)``
neutron_plugin_configure_common
if [[ "$Q_PLUGIN_CONF_PATH" == '' || "$Q_PLUGIN_CONF_FILENAME" == '' || "$Q_PLUGIN_CLASS" == '' ]]; then
@@ -699,20 +722,6 @@
# NOTE(freerunner): Need to adjust Region Name for nova in multiregion installation
iniset $NEUTRON_CONF nova region_name $REGION_NAME
- # If addition config files are set, make sure their path name is set as well
- if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
- die $LINENO "Neutron additional plugin config not set.. exiting"
- fi
-
- # If additional config files exist, copy them over to neutron configuration
- # directory
- if [[ $Q_PLUGIN_EXTRA_CONF_PATH != '' ]]; then
- local f
- for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do
- Q_PLUGIN_EXTRA_CONF_FILES[$f]=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]}
- done
- fi
-
if [ "$VIRT_DRIVER" = 'fake' ]; then
# Disable arbitrary limits
iniset $NEUTRON_CONF quotas quota_network -1
@@ -863,6 +872,11 @@
fi
}
+# mutnauq_server_config_add() - add server config file
+function mutnauq_server_config_add {
+ _Q_PLUGIN_EXTRA_CONF_FILES_ABS+=($1)
+}
+
# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
function _neutron_deploy_rootwrap_filters {
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index e429714..c5a4c02 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -63,7 +63,7 @@
function neutron_plugin_configure_common {
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/ml2
Q_PLUGIN_CONF_FILENAME=ml2_conf.ini
- Q_PLUGIN_CLASS="neutron.plugins.ml2.plugin.Ml2Plugin"
+ Q_PLUGIN_CLASS="ml2"
# The ML2 plugin delegates L3 routing/NAT functionality to
# the L3 service plugin which must therefore be specified.
_neutron_service_plugin_class_add $ML2_L3_PLUGIN
@@ -105,7 +105,7 @@
if [[ -n "$PHYSICAL_NETWORK" ]]; then
Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS+="${PHYSICAL_NETWORK},"
fi
- if [[ -n "$PUBLIC_PHYSICAL_NETWORK" ]]; then
+ if [[ -n "$PUBLIC_PHYSICAL_NETWORK" ]] && [[ "${PHYSICAL_NETWORK}" != "$PUBLIC_PHYSICAL_NETWORK" ]]; then
Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS+="${PUBLIC_PHYSICAL_NETWORK},"
fi
fi
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index f009966..76a1a4f 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -97,8 +97,8 @@
# Set OVS native interface for ovs-agent in compute node
XEN_DOM0_IP=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3)
- iniset /$Q_PLUGIN_CONF_FILE ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
- iniset /$Q_PLUGIN_CONF_FILE ovs of_listen_address $HOST_IP
+ iniset /$Q_PLUGIN_CONF_FILE.domU ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
+ iniset /$Q_PLUGIN_CONF_FILE.domU ovs of_listen_address $HOST_IP
# Set up domU's L2 agent:
diff --git a/lib/nova b/lib/nova
index d8bc6c9..450242b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -663,6 +663,7 @@
if [ -n "$FLAT_INTERFACE" ]; then
iniset $NOVA_CONF DEFAULT flat_interface "$FLAT_INTERFACE"
fi
+ iniset $NOVA_CONF DEFAULT use_neutron False
}
# create_nova_keys_dir() - Part of the init_nova() process
@@ -676,6 +677,9 @@
# All nova components talk to a central database.
# Only do this step once on the API node for an entire cluster.
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
+ recreate_database $NOVA_API_DB
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
+
# (Re)create nova databases
recreate_database nova
recreate_database nova_cell0
@@ -689,9 +693,6 @@
recreate_database $NOVA_CELLS_DB
fi
- recreate_database $NOVA_API_DB
- $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
-
# Run online migrations on the new databases
# Needed for flavor conversion
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db online_data_migrations
@@ -822,7 +823,7 @@
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LIBVIRT_GROUP
elif [[ "$VIRT_DRIVER" = 'lxd' ]]; then
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LXD_GROUP
- elif [[ "$VIRT_DRIVER" = 'docker' ]]; then
+ elif [[ "$VIRT_DRIVER" = 'docker' || "$VIRT_DRIVER" = 'zun' ]]; then
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $DOCKER_GROUP
elif [[ "$VIRT_DRIVER" = 'fake' ]]; then
local i
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index b053856..0046a36 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -48,6 +48,21 @@
if [ -z "$XENAPI_CONNECTION_URL" ]; then
die $LINENO "XENAPI_CONNECTION_URL is not specified"
fi
+
+ # Check os-xenapi plugin is enabled
+ local plugins="${DEVSTACK_PLUGINS}"
+ local plugin
+ local found=0
+ for plugin in ${plugins//,/ }; do
+ if [[ "$plugin" = "os-xenapi" ]]; then
+ found=1
+ break
+ fi
+ done
+ if [[ $found -ne 1 ]]; then
+ die $LINENO "os-xenapi plugin is not specified. Please enable this plugin in local.conf"
+ fi
+
read_password XENAPI_PASSWORD "ENTER A PASSWORD TO USE FOR XEN."
iniset $NOVA_CONF DEFAULT compute_driver "xenapi.XenAPIDriver"
iniset $NOVA_CONF xenserver connection_url "$XENAPI_CONNECTION_URL"
@@ -64,14 +79,6 @@
local ssh_dom0
ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
- # Find where the plugins should go in dom0
- xen_functions=`cat $TOP_DIR/tools/xen/functions`
- PLUGIN_DIR=`$ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location"`
-
- # install nova plugins to dom0
- tar -czf - -C $NOVA_DIR/plugins/xenserver/xenapi/etc/xapi.d/plugins/ ./ |
- $ssh_dom0 "tar -xzf - -C $PLUGIN_DIR && chmod a+x $PLUGIN_DIR/*"
-
# install console logrotate script
tar -czf - -C $NOVA_DIR/tools/xenserver/ rotate_xen_guest_logs.sh |
$ssh_dom0 'tar -xzf - -C /root/ && chmod +x /root/rotate_xen_guest_logs.sh && mkdir -p /var/log/xen/guest'
@@ -107,7 +114,9 @@
# install_nova_hypervisor() - Install external components
function install_nova_hypervisor {
- pip_install_gr xenapi
+ # xenapi functionality is now included in os-xenapi library which houses the plugin
+ # so this function intentionally left blank
+ :
}
# start_nova_hypervisor - Start any required external services
diff --git a/lib/placement b/lib/placement
index 93b72eb..871e282 100644
--- a/lib/placement
+++ b/lib/placement
@@ -103,9 +103,9 @@
iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
iniset $NOVA_CONF placement username placement
iniset $NOVA_CONF placement password "$SERVICE_PASSWORD"
- iniset $NOVA_CONF placement user_domain_name "Default"
+ iniset $NOVA_CONF placement user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF placement project_name "$SERVICE_TENANT_NAME"
- iniset $NOVA_CONF placement project_domain_name "Default"
+ iniset $NOVA_CONF placement project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF placement os_region_name "$REGION_NAME"
# TODO(cdent): auth_strategy, which is common to see in these
# blocks is not currently used here. For the time being the
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 97b1aa4..a21f781 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -25,6 +25,9 @@
set +o xtrace
RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
+if is_service_enabled rabbit; then
+ RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
+fi
# Functions
# ---------
diff --git a/lib/swift b/lib/swift
index b175f2e..03fd454 100644
--- a/lib/swift
+++ b/lib/swift
@@ -454,7 +454,6 @@
# out. Make sure we uncomment Tempauth after we uncomment Keystoneauth
# otherwise, this code also sets the reseller_prefix for Keystoneauth.
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
- iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
if is_service_enabled swift3; then
@@ -809,10 +808,10 @@
local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
fi
- run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
+ run_process s-proxy "swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do
- run_process s-${type} "$SWIFT_DIR/bin/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
+ run_process s-${type} "swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
done
fi
diff --git a/lib/tempest b/lib/tempest
index 6dc83b5..5a07229 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -241,7 +241,9 @@
# the public network (for floating ip access) is only available
# if the extension is enabled.
- if is_networking_extension_supported 'external-net'; then
+ # If NEUTRON_CREATE_INITIAL_NETWORKS is not true, there is no network created
+ # and the public_network_id should not be set.
+ if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]] && is_networking_extension_supported 'external-net'; then
public_network_id=$(openstack network show -f value -c id $PUBLIC_NETWORK_NAME)
fi
@@ -261,6 +263,9 @@
# Identity
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
+ iniset $TEMPEST_CONFIG identity user_lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
+ iniset $TEMPEST_CONFIG identity user_lockout_duration $KEYSTONE_LOCKOUT_DURATION
+ iniset $TEMPEST_CONFIG identity user_unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
# Use domain scoped tokens for admin v3 tests, v3 dynamic credentials of v3 account generation
iniset $TEMPEST_CONFIG identity admin_domain_scope True
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
@@ -285,8 +290,9 @@
fi
# Identity Features
- # TODO(rodrigods): Remove the reseller flag when Kilo and Liberty are end of life.
- iniset $TEMPEST_CONFIG identity-feature-enabled reseller True
+ if [[ "$KEYSTONE_SECURITY_COMPLIANCE_ENABLED" = True ]]; then
+ iniset $TEMPEST_CONFIG identity-feature-enabled security_compliance True
+ fi
# Image
# We want to be able to override this variable in the gate to avoid
@@ -347,8 +353,6 @@
iniset $TEMPEST_CONFIG compute max_microversion $tempest_compute_max_microversion
fi
- # TODO(mriedem): Remove allow_port_security_disabled after liberty-eol.
- iniset $TEMPEST_CONFIG compute-feature-enabled allow_port_security_disabled True
iniset $TEMPEST_CONFIG compute-feature-enabled personality ${ENABLE_FILE_INJECTION:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled resize True
iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
@@ -430,8 +434,7 @@
iniset $TEMPEST_CONFIG validation network_for_ssh $TEMPEST_SSH_NETWORK_NAME
# Volume
- # TODO(obutenko): Remove snapshot_backup when liberty-eol happens.
- iniset $TEMPEST_CONFIG volume-feature-enabled snapshot_backup True
+ iniset $TEMPEST_CONFIG volume-feature-enabled manage_snapshot $(trueorfalse True TEMPEST_VOLUME_MANAGE_SNAPSHOT)
# TODO(ynesenenko): Remove the volume_services flag when Liberty and Kilo will correct work with host info.
iniset $TEMPEST_CONFIG volume-feature-enabled volume_services True
# TODO(ameade): Remove the api_v3 flag when Mitaka and Liberty are end of life.
@@ -486,12 +489,6 @@
iniset $TEMPEST_CONFIG volume storage_protocol "$TEMPEST_STORAGE_PROTOCOL"
fi
- # Dashboard
- iniset $TEMPEST_CONFIG dashboard dashboard_url "http://$SERVICE_HOST/"
-
- # CLI
- iniset $TEMPEST_CONFIG cli cli_dir $NOVA_BIN_DIR
-
# Baremetal
if [ "$VIRT_DRIVER" = "ironic" ] ; then
iniset $TEMPEST_CONFIG baremetal driver_enabled True
diff --git a/stack.sh b/stack.sh
index 0aaa604..7d440a7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -663,7 +663,6 @@
# In multi node DevStack, second node needs ``RABBIT_USERID``, but rabbit
# isn't enabled.
if is_service_enabled rabbit; then
- RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
fi
diff --git a/stackrc b/stackrc
index 7ce6c51..19f5b53 100644
--- a/stackrc
+++ b/stackrc
@@ -573,7 +573,7 @@
lxd)
LXD_GROUP=${LXD_GROUP:-"lxd"}
;;
- docker)
+ docker|zun)
DOCKER_GROUP=${DOCKER_GROUP:-"docker"}
;;
fake)
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 8895e1e..da59093 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -83,6 +83,9 @@
if python3_enabled; then
install_python3
+ export PYTHON=$(which python${PYTHON3_VERSION} 2>/dev/null || which python3 2>/dev/null)
+else
+ export PYTHON=$(which python 2>/dev/null)
fi
# Mark end of run
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index bb27454..2161247 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -101,6 +101,7 @@
## Note that the lines below are coming from stackrc to support
## new-style config files
+source $RC_DIR/functions-common
# allow local overrides of env variables, including repo config
if [[ -f $RC_DIR/localrc ]]; then