Merge "XenAPI: Simplify installed packages"
diff --git a/lib/ironic b/lib/ironic
index fe7b1df..571202d 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -444,13 +444,6 @@
fi
}
-function is_ironic {
- if ( is_service_enabled ir-cond && is_service_enabled ir-api ); then
- return 0
- fi
- return 1
-}
-
function create_ovs_taps {
local ironic_net_id=$(neutron net-list | grep private | get_field 1)
diff --git a/lib/keystone b/lib/keystone
index a218732..9c0b013 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -214,6 +214,7 @@
# Configure rabbitmq credentials
if is_service_enabled rabbit; then
+ iniset $KEYSTONE_CONF DEFAULT rabbit_userid $RABBIT_USERID
iniset $KEYSTONE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $KEYSTONE_CONF DEFAULT rabbit_host $RABBIT_HOST
fi
diff --git a/lib/neutron b/lib/neutron
index 8a63359..8517102 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -1194,6 +1194,12 @@
# and then on to recover the public bridge's link local address
sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=0
+ if ! ip -6 addr show dev $PUBLIC_BRIDGE | grep 'scope global'; then
+ # Create an IPv6 ULA address for PUBLIC_BRIDGE if one is not present
+ IPV6_BRIDGE_ULA=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
+ sudo ip -6 addr add fd$IPV6_BRIDGE_ULA::1 dev $PUBLIC_BRIDGE
+ fi
+
if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
local ext_gw_interface=$(_neutron_get_ext_gw_interface)
local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
diff --git a/lib/nova b/lib/nova
index 4c86d79..cbfbdfa 100644
--- a/lib/nova
+++ b/lib/nova
@@ -587,8 +587,8 @@
fi
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF db sync
- $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=guest --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1
- $NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=guest --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1
+ $NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1
fi
}
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 4c1efa6..6afec37 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -7,7 +7,7 @@
# Dependencies:
#
# - ``functions`` file
-# - ``RABBIT_{HOST|PASSWORD}`` must be defined when RabbitMQ is used
+# - ``RABBIT_{HOST|PASSWORD|USERID}`` must be defined when RabbitMQ is used
# - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol
# ``stack.sh`` calls the entry points in this order:
@@ -68,6 +68,9 @@
function cleanup_rpc_backend {
if is_service_enabled rabbit; then
# Obliterate rabbitmq-server
+ if [ -n "$RABBIT_USERID" ]; then
+ sudo rabbitmqctl delete_user "$RABBIT_USERID"
+ fi
uninstall_package rabbitmq-server
sudo killall epmd || sudo killall -9 epmd
if is_ubuntu; then
@@ -180,15 +183,16 @@
# service is not started by default
restart_service rabbitmq-server
fi
+ rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD"
# change the rabbit password since the default is "guest"
- sudo rabbitmqctl change_password guest $RABBIT_PASSWORD && break
+ sudo rabbitmqctl change_password $RABBIT_USERID $RABBIT_PASSWORD && break
[[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
done
if is_service_enabled n-cell; then
# Add partitioned access for the child cell
if [ -z `sudo rabbitmqctl list_vhosts | grep child_cell` ]; then
sudo rabbitmqctl add_vhost child_cell
- sudo rabbitmqctl set_permissions -p child_cell guest ".*" ".*" ".*"
+ sudo rabbitmqctl set_permissions -p child_cell $RABBIT_USERID ".*" ".*" ".*"
fi
fi
elif is_service_enabled qpid; then
@@ -225,6 +229,7 @@
iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu
iniset $file $section rabbit_hosts $RABBIT_HOST
iniset $file $section rabbit_password $RABBIT_PASSWORD
+ iniset $file $section rabbit_userid $RABBIT_USERID
fi
}
@@ -239,6 +244,21 @@
( ! is_suse )
}
+function rabbit_setuser {
+ local user="$1" pass="$2" found="" out=""
+ out=$(sudo rabbitmqctl list_users) ||
+ { echo "failed to list users" 1>&2; return 1; }
+ found=$(echo "$out" | awk '$1 == user { print $1 }' "user=$user")
+ if [ "$found" = "$user" ]; then
+ sudo rabbitmqctl change_password "$user" "$pass" ||
+ { echo "failed changing pass for '$user'" 1>&2; return 1; }
+ else
+ sudo rabbitmqctl add_user "$user" "$pass" ||
+ { echo "failed changing pass for $user"; return 1; }
+ fi
+ sudo rabbitmqctl set_permissions "$user" ".*" ".*" ".*"
+}
+
# Set up the various configuration files used by the qpidd broker
function _configure_qpid {
diff --git a/lib/tempest b/lib/tempest
index 12e5213..6fc157f 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -299,8 +299,10 @@
iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE
fi
+ # Auth
+ iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
+
# Compute
- iniset $TEMPEST_CONFIG compute allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
iniset $TEMPEST_CONFIG compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED
iniset $TEMPEST_CONFIG compute network_for_ssh $PRIVATE_NETWORK_NAME
iniset $TEMPEST_CONFIG compute ip_version_for_ssh 4
diff --git a/lib/trove b/lib/trove
index 6cc5fa8..4149b0d 100644
--- a/lib/trove
+++ b/lib/trove
@@ -134,6 +134,7 @@
rm -f $TROVE_CONF_DIR/trove-taskmanager.conf
rm -f $TROVE_CONF_DIR/trove-conductor.conf
+ iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove.conf DEFAULT default_datastore $TROVE_DATASTORE_TYPE
@@ -145,6 +146,7 @@
if is_service_enabled tr-tmgr; then
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
+ iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
@@ -157,6 +159,7 @@
# (Re)create trove conductor conf file if needed
if is_service_enabled tr-cond; then
+ iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
@@ -168,6 +171,7 @@
fi
# Set up Guest Agent conf
+ iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin
diff --git a/stack.sh b/stack.sh
index 375be28..d97139a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -643,6 +643,7 @@
# Rabbit connection info
if is_service_enabled rabbit; then
+ RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
fi