Merge "neutron: enable ml2 mtu calculation mechanism"
diff --git a/clean.sh b/clean.sh
index fc6f80d..c8b8223 100755
--- a/clean.sh
+++ b/clean.sh
@@ -104,7 +104,7 @@
fi
# Clean out /etc
-sudo rm -rf /etc/keystone /etc/glance /etc/nova /etc/cinder /etc/swift /etc/heat /etc/neutron
+sudo rm -rf /etc/keystone /etc/glance /etc/nova /etc/cinder /etc/swift /etc/heat /etc/neutron /etc/openstack/
# Clean out tgt
sudo rm -f /etc/tgt/conf.d/*
@@ -136,7 +136,8 @@
FILES_TO_CLEAN=".localrc.auto .localrc.password "
FILES_TO_CLEAN+="docs/files docs/html shocco/ "
FILES_TO_CLEAN+="stack-screenrc test*.conf* test.ini* "
-FILES_TO_CLEAN+=".stackenv .prereqs"
+FILES_TO_CLEAN+=".stackenv .prereqs "
+FILES_TO_CLEAN+="~/.config/openstack"
for file in $FILES_TO_CLEAN; do
rm -rf $TOP_DIR/$file
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 386fbbb..a7d3b7d 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -108,7 +108,6 @@
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
- SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
#FIXED_RANGE=172.31.1.0/24
#FLOATING_RANGE=192.168.20.0/25
#HOST_IP=10.3.4.5
diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
index d79e0f8..0c439ad 100644
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -34,7 +34,6 @@
DATABASE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_PASSWORD=password
- SERVICE_TOKEN=password
RABBIT_PASSWORD=password
# Enable Logging
LOGFILE=$DEST/logs/stack.sh.log
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 5660bc5..37c8515 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -131,7 +131,6 @@
DATABASE_PASSWORD=supersecret
RABBIT_PASSWORD=supersecrete
SERVICE_PASSWORD=supersecrete
- SERVICE_TOKEN=xyzpdqlazydog
In the multi-node configuration the first 10 or so IPs in the private
subnet are usually reserved. Add this to ``local.sh`` to have it run
@@ -172,7 +171,6 @@
DATABASE_PASSWORD=supersecret
RABBIT_PASSWORD=supersecrete
SERVICE_PASSWORD=supersecrete
- SERVICE_TOKEN=xyzpdqlazydog
DATABASE_TYPE=mysql
SERVICE_HOST=192.168.42.11
MYSQL_HOST=$SERVICE_HOST
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index a72b6f9..84295a5 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -59,7 +59,6 @@
DATABASE_PASSWORD=secrete
RABBIT_PASSWORD=secrete
SERVICE_PASSWORD=secrete
- SERVICE_TOKEN=secrete
# Do not use Nova-Network
disable_service n-net
@@ -231,7 +230,6 @@
MYSQL_PASSWORD=secrete
RABBIT_PASSWORD=secrete
SERVICE_PASSWORD=secrete
- SERVICE_TOKEN=secrete
## Neutron options
PUBLIC_INTERFACE=eth0
@@ -362,7 +360,6 @@
MYSQL_PASSWORD=secrete
RABBIT_PASSWORD=secrete
SERVICE_PASSWORD=secrete
- SERVICE_TOKEN=secrete
## Neutron options
Q_USE_SECGROUP=True
@@ -410,7 +407,6 @@
MYSQL_PASSWORD=secrete
RABBIT_PASSWORD=secrete
SERVICE_PASSWORD=secrete
- SERVICE_TOKEN=secrete
# Services that a compute node runs
ENABLED_SERVICES=n-cpu,rabbit,q-agt
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index a01c368..011c41f 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -108,7 +108,6 @@
DATABASE_PASSWORD=iheartdatabases
RABBIT_PASSWORD=flopsymopsy
SERVICE_PASSWORD=iheartksl
- SERVICE_TOKEN=xyzpdqlazydog
Run DevStack:
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index 53c3fa9..45b8f2d 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -67,7 +67,6 @@
echo DATABASE_PASSWORD=password >> local.conf
echo RABBIT_PASSWORD=password >> local.conf
echo SERVICE_PASSWORD=password >> local.conf
- echo SERVICE_TOKEN=tokentoken >> local.conf
./stack.sh
path: /home/stack/start.sh
permissions: 0755
diff --git a/files/debs/keystone b/files/debs/keystone
index 370e4aa..fd0317b 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -1,5 +1,6 @@
libkrb5-dev
libldap2-dev
libsasl2-dev
+memcached
python-mysqldb
sqlite3
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
index 46832c7..66cfc23 100644
--- a/files/rpms-suse/keystone
+++ b/files/rpms-suse/keystone
@@ -1,3 +1,4 @@
cyrus-sasl-devel
+memcached
openldap2-devel
sqlite3
diff --git a/files/rpms/keystone b/files/rpms/keystone
index c01c261..1703083 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,3 +1,4 @@
+memcached
mod_ssl
MySQL-python
sqlite
diff --git a/functions-common b/functions-common
index c6bf648..47276f0 100644
--- a/functions-common
+++ b/functions-common
@@ -1095,7 +1095,7 @@
$sudo DEBIAN_FRONTEND=noninteractive \
http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
no_proxy=${no_proxy:-} \
- apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@"
+ apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@" < /dev/null
result=$?
# stop the clock
diff --git a/lib/cinder b/lib/cinder
index 9ca8109..144f41b 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -299,7 +299,7 @@
fi
if is_service_enabled ceilometer; then
- iniset $CINDER_CONF DEFAULT notification_driver "messaging"
+ iniset $CINDER_CONF oslo_messaging_notifications driver "messaging"
fi
if is_service_enabled tls-proxy; then
diff --git a/lib/glance b/lib/glance
index 19e7937..0431bba 100644
--- a/lib/glance
+++ b/lib/glance
@@ -113,7 +113,7 @@
iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS"
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
- iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
+ iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messaging
iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@@ -126,7 +126,7 @@
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
- iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
+ iniset $GLANCE_API_CONF oslo_messaging_notifications driver messaging
iniset_rpc_backend glance $GLANCE_API_CONF
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
diff --git a/lib/keystone b/lib/keystone
index 057bb47..7592804 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -12,7 +12,6 @@
# - ``IDENTITY_API_VERSION``
# - ``BASE_SQL_CONN``
# - ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
-# - ``SERVICE_TOKEN``
# - ``S3_SERVICE_PORT`` (template backend only)
# ``stack.sh`` calls the entry points in this order:
@@ -22,6 +21,7 @@
# - _config_keystone_apache_wsgi
# - init_keystone
# - start_keystone
+# - bootstrap_keystone
# - create_keystone_accounts
# - stop_keystone
# - cleanup_keystone
@@ -68,6 +68,12 @@
# Select the Assignment backend driver
KEYSTONE_ASSIGNMENT_BACKEND=${KEYSTONE_ASSIGNMENT_BACKEND:-sql}
+# Select the Role backend driver
+KEYSTONE_ROLE_BACKEND=${KEYSTONE_ROLE_BACKEND:-sql}
+
+# Select the Resource backend driver
+KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
+
# Select Keystone's token provider (and format)
# Choose from 'uuid', 'pki', 'pkiz', or 'fernet'
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
@@ -209,6 +215,8 @@
iniset $KEYSTONE_CONF identity driver "$KEYSTONE_IDENTITY_BACKEND"
iniset $KEYSTONE_CONF assignment driver "$KEYSTONE_ASSIGNMENT_BACKEND"
+ iniset $KEYSTONE_CONF role driver "$KEYSTONE_ROLE_BACKEND"
+ iniset $KEYSTONE_CONF resource driver "$KEYSTONE_RESOURCE_BACKEND"
iniset_rpc_backend keystone $KEYSTONE_CONF
@@ -230,8 +238,6 @@
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
fi
- iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
-
if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
iniset $KEYSTONE_CONF token provider $KEYSTONE_TOKEN_FORMAT
fi
@@ -324,14 +330,16 @@
# Migrated from keystone_data.sh
function create_keystone_accounts {
- # admin
+ # The keystone bootstrapping process (performed via keystone-manage bootstrap)
+ # creates an admin user, admin role and admin project. As a sanity check
+ # we exercise the CLI to retrieve the IDs for these values.
local admin_tenant
- admin_tenant=$(get_or_create_project "admin" default)
+ admin_tenant=$(openstack project show "admin" -f value -c id)
local admin_user
- admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
+ admin_user=$(openstack user show "admin" -f value -c id)
local admin_role
- admin_role=$(get_or_create_role "admin")
- get_or_add_user_project_role $admin_role $admin_user $admin_tenant
+ admin_role=$(openstack role show "admin" -f value -c id)
+
get_or_add_user_domain_role $admin_role $admin_user default
# Create service project/role
@@ -381,17 +389,6 @@
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
-
- # Keystone
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "keystone" "identity" "Keystone Identity Service"
- get_or_create_endpoint "identity" \
- "$REGION_NAME" \
- "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
- "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
- "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
- fi
}
# Create a user that is capable of verifying keystone tokens for use with auth_token middleware.
@@ -433,6 +430,7 @@
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir
+ iniset $conf_file $section memcache_servers $SERVICE_HOST:11211
}
# init_keystone() - Initialize databases, etc.
@@ -486,6 +484,9 @@
# When not installing from repo, keystonemiddleware is still needed...
pip_install_gr keystonemiddleware
fi
+ # Install the memcache library so keystonemiddleware can cache tokens in a
+ # shared location.
+ pip_install_gr python-memcached
}
# install_keystone() - Collect source and prepare
@@ -494,17 +495,7 @@
if is_service_enabled ldap; then
install_ldap
fi
- if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
- # Install memcached and the memcache Python library that keystone uses.
- # Unfortunately the Python library goes by different names in the .deb
- # and .rpm circles.
- install_package memcached
- if is_ubuntu; then
- install_package python-memcache
- else
- install_package python-memcached
- fi
- fi
+
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
setup_develop $KEYSTONE_DIR
@@ -553,6 +544,9 @@
start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT &
start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT &
fi
+
+ # (re)start memcached to make sure we have a clean memcache.
+ restart_service memcached
}
# stop_keystone() - Stop running processes
@@ -565,6 +559,55 @@
stop_process key
}
+# bootstrap_keystone() - Initialize user, role and project
+# This function uses the following GLOBAL variables:
+# - ``KEYSTONE_BIN_DIR``
+# - ``ADMIN_PASSWORD``
+# - ``IDENTITY_API_VERSION``
+# - ``KEYSTONE_CATALOG_BACKEND``
+# - ``KEYSTONE_AUTH_URI``
+# - ``REGION_NAME``
+# - ``KEYSTONE_SERVICE_PROTOCOL``
+# - ``KEYSTONE_SERVICE_HOST``
+# - ``KEYSTONE_SERVICE_PORT``
+function bootstrap_keystone {
+
+ # Initialize keystone, this will create an 'admin' user, 'admin' project,
+ # 'admin' role, and assign the user the role on the project. These resources
+ # are created only if they do not already exist.
+ $KEYSTONE_BIN_DIR/keystone-manage bootstrap --bootstrap-password $ADMIN_PASSWORD
+
+ # Create the keystone service and endpoints. To do this with the new
+ # bootstrapping process, we need to get a token and use that token to
+ # interact with the new APIs. The token will only be used to create services
+ # and endpoints, thus creating a minimal service catalog.
+ # They are unset immediately after.
+ # TODO(stevemar): OpenStackClient and KeystoneClient do not have support to
+ # handle interactions that not return service catalogs. Eventually remove
+ # this section when the support is in place. Use token based auth for now.
+ local token_id
+ token_id=$(openstack token issue -c id -f value \
+ --os-username admin --os-project-name admin \
+ --os-user-domain-id default --os-project-domain-id default \
+ --os-identity-api-version 3 --os-auth-url $KEYSTONE_AUTH_URI \
+ --os-password $ADMIN_PASSWORD)
+
+ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+
+ export OS_TOKEN=$token_id
+ export OS_URL=$KEYSTONE_AUTH_URI/v3
+ export OS_IDENTITY_API_VERSION=3
+
+ get_or_create_service "keystone" "identity" "Keystone Identity Service"
+ get_or_create_endpoint "identity" \
+ "$REGION_NAME" \
+ "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
+ "$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION" \
+ "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
+ fi
+
+ unset OS_TOKEN OS_URL OS_IDENTITY_API_VERSION
+}
# Restore xtrace
$_XTRACE_KEYSTONE
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 692d5ea..9497a23 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1072,7 +1072,7 @@
}
function _configure_neutron_ceilometer_notifications {
- iniset $NEUTRON_CONF DEFAULT notification_driver messaging
+ iniset $NEUTRON_CONF oslo_messaging_notifications driver messaging
}
function _configure_neutron_lbaas {
diff --git a/lib/nova b/lib/nova
index cbf7c5f..6521cd7 100644
--- a/lib/nova
+++ b/lib/nova
@@ -478,7 +478,6 @@
iniset $NOVA_CONF DEFAULT rootwrap_config "$NOVA_CONF_DIR/rootwrap.conf"
iniset $NOVA_CONF DEFAULT scheduler_driver "$SCHEDULER"
iniset $NOVA_CONF DEFAULT scheduler_default_filters "$FILTERS"
- iniset $NOVA_CONF DEFAULT dhcpbridge_flagfile "$NOVA_CONF"
iniset $NOVA_CONF DEFAULT force_dhcp_release "True"
iniset $NOVA_CONF DEFAULT default_floating_pool "$PUBLIC_NETWORK_NAME"
iniset $NOVA_CONF DEFAULT s3_host "$SERVICE_HOST"
@@ -557,16 +556,16 @@
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
iniset $NOVA_CONF DEFAULT notify_on_state_change "vm_and_task_state"
- iniset $NOVA_CONF DEFAULT notification_driver "messaging"
+ iniset $NOVA_CONF oslo_messaging_notifications driver "messaging"
fi
# All nova-compute workers need to know the vnc configuration options
# These settings don't hurt anything if n-xvnc and n-novnc are disabled
if is_service_enabled n-cpu; then
NOVNCPROXY_URL=${NOVNCPROXY_URL:-"http://$SERVICE_HOST:6080/vnc_auto.html"}
- iniset $NOVA_CONF DEFAULT novncproxy_base_url "$NOVNCPROXY_URL"
+ iniset $NOVA_CONF vnc novncproxy_base_url "$NOVNCPROXY_URL"
XVPVNCPROXY_URL=${XVPVNCPROXY_URL:-"http://$SERVICE_HOST:6081/console"}
- iniset $NOVA_CONF DEFAULT xvpvncproxy_base_url "$XVPVNCPROXY_URL"
+ iniset $NOVA_CONF vnc xvpvncproxy_base_url "$XVPVNCPROXY_URL"
SPICEHTML5PROXY_URL=${SPICEHTML5PROXY_URL:-"http://$SERVICE_HOST:6082/spice_auto.html"}
iniset $NOVA_CONF spice html5proxy_base_url "$SPICEHTML5PROXY_URL"
fi
@@ -576,13 +575,13 @@
# For multi-host, this should be the management ip of the compute host.
VNCSERVER_LISTEN=${VNCSERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST}
VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST}
- iniset $NOVA_CONF DEFAULT vnc_enabled true
- iniset $NOVA_CONF DEFAULT vncserver_listen "$VNCSERVER_LISTEN"
- iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
+ iniset $NOVA_CONF vnc enabled true
+ iniset $NOVA_CONF vnc vncserver_listen "$VNCSERVER_LISTEN"
+ iniset $NOVA_CONF vnc vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
iniset $NOVA_CONF DEFAULT novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
iniset $NOVA_CONF DEFAULT xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
else
- iniset $NOVA_CONF DEFAULT vnc_enabled false
+ iniset $NOVA_CONF vnc enabled false
fi
if is_service_enabled n-spice; then
@@ -633,6 +632,23 @@
iniset $NOVA_CONF serial_console enabled True
fi
iniset $NOVA_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
+
+ # Setup logging for nova-dhcpbridge command line
+ sudo cp "$NOVA_CONF" "$NOVA_CONF_DIR/nova-dhcpbridge.conf"
+
+ local service="n-dhcp"
+ local logfile="${service}.log.${CURRENT_LOG_TIME}"
+ local real_logfile="${LOGDIR}/${logfile}"
+ if [[ -n ${LOGDIR} ]]; then
+ bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
+ iniset "$NOVA_CONF_DIR/nova-dhcpbridge.conf" DEFAULT log_file "$real_logfile"
+ if [[ -n ${SCREEN_LOGDIR} ]]; then
+ # Drop the backward-compat symlink
+ ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
+ fi
+ fi
+
+ iniset $NOVA_CONF DEFAULT dhcpbridge_flagfile "$NOVA_CONF_DIR/nova-dhcpbridge.conf"
}
function init_nova_cells {
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 0afdad8..dbb4d4f 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -113,10 +113,10 @@
local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor"
fi
local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
- if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
+ if ! sudo grep -q "^log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf
fi
- if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
+ if ! sudo grep -q "^log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf
fi
fi
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 8bbaa21..1b4f7ae 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -48,13 +48,13 @@
iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
# Power architecture currently does not support graphical consoles.
if is_arch "ppc64"; then
- iniset $NOVA_CONF DEFAULT vnc_enabled "false"
+ iniset $NOVA_CONF vnc enabled "false"
fi
# arm64-specific configuration
if is_arch "aarch64"; then
# arm64 architecture currently does not support graphical consoles.
- iniset $NOVA_CONF DEFAULT vnc_enabled "false"
+ iniset $NOVA_CONF vnc enabled "false"
fi
# File injection is being disabled by default in the near future -
@@ -65,9 +65,9 @@
iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
iniset $NOVA_CONF libvirt images_type "ploop"
iniset $NOVA_CONF DEFAULT force_raw_images "False"
- iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address $HOST_IP
- iniset $NOVA_CONF DEFAULT vncserver_listen $HOST_IP
- iniset $NOVA_CONF DEFAULT vnc_keymap
+ iniset $NOVA_CONF vnc vncserver_proxyclient_address $HOST_IP
+ iniset $NOVA_CONF vnc vncserver_listen $HOST_IP
+ iniset $NOVA_CONF vnc keymap
fi
}
diff --git a/lib/oslo b/lib/oslo
index 3d6fbb3..6f5c7d1 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -44,6 +44,7 @@
GITDIR["oslo.utils"]=$DEST/oslo.utils
GITDIR["oslo.versionedobjects"]=$DEST/oslo.versionedobjects
GITDIR["oslo.vmware"]=$DEST/oslo.vmware
+GITDIR["osprofiler"]=$DEST/osprofiler
GITDIR["pycadf"]=$DEST/pycadf
GITDIR["stevedore"]=$DEST/stevedore
GITDIR["taskflow"]=$DEST/taskflow
diff --git a/lib/swift b/lib/swift
index b596142..9edeb0a 100644
--- a/lib/swift
+++ b/lib/swift
@@ -817,7 +817,6 @@
OS_USERNAME=swift \
OS_PASSWORD=$SERVICE_PASSWORD \
OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
- OS_AUTH_URL=$SERVICE_ENDPOINT \
openstack object store account \
set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
}
diff --git a/lib/tempest b/lib/tempest
index 8431229..7fe63dd 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -289,6 +289,9 @@
if [[ ! -z "$TEMPEST_HTTP_IMAGE" ]]; then
iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE
fi
+ if [ "$VIRT_DRIVER" = "xenserver" ]; then
+ iniset $TEMPEST_CONFIG image disk_formats "ami,ari,aki,vhd,raw,iso"
+ fi
# Image Features
iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image True
@@ -457,6 +460,8 @@
iniset $TEMPEST_CONFIG volume-feature-enabled extend_with_snapshot True
# TODO(obutenko): Remove the incremental_backup_force flag when Kilo and Juno is end of life.
iniset $TEMPEST_CONFIG volume-feature-enabled incremental_backup_force True
+ # TODO(ynesenenko): Remove the volume_services flag when Liberty and Kilo will correct work with host info.
+ iniset $TEMPEST_CONFIG volume-feature-enabled volume_services True
local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then
@@ -501,7 +506,8 @@
# Baremetal
if [ "$VIRT_DRIVER" = "ironic" ] ; then
iniset $TEMPEST_CONFIG baremetal driver_enabled True
- iniset $TEMPEST_CONFIG baremetal deploy_timeout $BUILD_TIMEOUT
+ iniset $TEMPEST_CONFIG baremetal unprovision_timeout $BUILD_TIMEOUT
+ iniset $TEMPEST_CONFIG baremetal active_timeout $BUILD_TIMEOUT
iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES
iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID
iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
diff --git a/samples/local.conf b/samples/local.conf
index 92231bb..ea68dc0 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -23,10 +23,8 @@
# While ``stack.sh`` is happy to run without ``localrc``, devlife is better when
# there are a few minimal variables set:
-# If the ``SERVICE_TOKEN`` and ``*_PASSWORD`` variables are not set
-# here you will be prompted to enter values for them by ``stack.sh``
-# and they will be added to ``local.conf``.
-SERVICE_TOKEN=azertytoken
+# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter
+# values for them by ``stack.sh``and they will be added to ``local.conf``.
ADMIN_PASSWORD=nomoresecrete
DATABASE_PASSWORD=stackdb
RABBIT_PASSWORD=stackqueue
diff --git a/stack.sh b/stack.sh
index 5e4a4f8..e9831d5 100755
--- a/stack.sh
+++ b/stack.sh
@@ -652,9 +652,6 @@
# --------
if is_service_enabled keystone; then
- # The ``SERVICE_TOKEN`` is used to bootstrap the Keystone database. It is
- # just a string and is not a 'real' Keystone token.
- read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
# Services authenticate to Identity with servicename/``SERVICE_PASSWORD``
read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION."
# Horizon currently truncates usernames and passwords at 20 characters
@@ -994,22 +991,34 @@
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
init_keystone
start_keystone
+ bootstrap_keystone
fi
- export OS_IDENTITY_API_VERSION=3
-
- # Set up a temporary admin URI for Keystone
- SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
-
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
- # Until the client support is fixed, just use the internal endpoint
- SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
fi
- # Setup OpenStackClient token-endpoint auth
- export OS_TOKEN=$SERVICE_TOKEN
- export OS_URL=$SERVICE_ENDPOINT
+ # Rather than just export these, we write them out to a
+ # intermediate userrc file that can also be used to debug if
+ # something goes wrong between here and running
+ # tools/create_userrc.sh (this script relies on services other
+ # than keystone being available, so we can't call it right now)
+ cat > $TOP_DIR/userrc_early <<EOF
+# Use this for debugging issues before files in accrc are created
+
+# Set up password auth credentials now that Keystone is bootstrapped
+export OS_IDENTITY_API_VERSION=3
+export OS_AUTH_URL=$KEYSTONE_AUTH_URI
+export OS_USERNAME=admin
+export OS_USER_DOMAIN_ID=default
+export OS_PASSWORD=$ADMIN_PASSWORD
+export OS_PROJECT_NAME=admin
+export OS_PROJECT_DOMAIN_ID=default
+export OS_REGION_NAME=$REGION_NAME
+
+EOF
+
+ source $TOP_DIR/userrc_early
create_keystone_accounts
create_nova_accounts
@@ -1025,30 +1034,6 @@
create_heat_accounts
fi
- # Begone token auth
- unset OS_TOKEN OS_URL
-
- # Rather than just export these, we write them out to a
- # intermediate userrc file that can also be used to debug if
- # something goes wrong between here and running
- # tools/create_userrc.sh (this script relies on services other
- # than keystone being available, so we can't call it right now)
- cat > $TOP_DIR/userrc_early <<EOF
-# Use this for debugging issues before files in accrc are created
-
-# Set up password auth credentials now that Keystone is bootstrapped
-export OS_AUTH_URL=$KEYSTONE_AUTH_URI
-export OS_USERNAME=admin
-export OS_USER_DOMAIN_ID=default
-export OS_PASSWORD=$ADMIN_PASSWORD
-export OS_PROJECT_NAME=admin
-export OS_PROJECT_DOMAIN_ID=default
-export OS_REGION_NAME=$REGION_NAME
-
-EOF
-
- source $TOP_DIR/userrc_early
-
fi
# Write a clouds.yaml file
diff --git a/stackrc b/stackrc
index 16621f1..1786a44 100644
--- a/stackrc
+++ b/stackrc
@@ -407,6 +407,10 @@
GITREPO["oslo.vmware"]=${OSLOVMWARE_REPO:-${GIT_BASE}/openstack/oslo.vmware.git}
GITBRANCH["oslo.vmware"]=${OSLOVMWARE_BRANCH:-master}
+# osprofiler
+GITREPO["osprofiler"]=${OSPROFILER_REPO:-${GIT_BASE}/openstack/osprofiler.git}
+GITBRANCH["osprofiler"]=${OSPROFILER_BRANCH:-master}
+
# pycadf auditing library
GITREPO["pycadf"]=${PYCADF_REPO:-${GIT_BASE}/openstack/pycadf.git}
GITBRANCH["pycadf"]=${PYCADF_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index f31560a..326241d 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -40,7 +40,7 @@
ALL_LIBS+=" oslo.utils python-swiftclient"
ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
-ALL_LIBS+=" oslo.cache oslo.reports"
+ALL_LIBS+=" oslo.cache oslo.reports osprofiler"
ALL_LIBS+=" keystoneauth ironic-lib oslo.privsep"
# Generate the above list with
diff --git a/tools/cap-pip.txt b/tools/cap-pip.txt
new file mode 100644
index 0000000..1a6f80c
--- /dev/null
+++ b/tools/cap-pip.txt
@@ -0,0 +1 @@
+pip<8
diff --git a/tools/cpu_map_update.py b/tools/cpu_map_update.py
index 1938793..92b7b8f 100755
--- a/tools/cpu_map_update.py
+++ b/tools/cpu_map_update.py
@@ -30,7 +30,8 @@
x86 = arch
break
if x86 is not None:
- # Create a gate64 cpu model that is core2duo less monitor and pse36
+ # Create a gate64 cpu model that is core2duo less monitor, pse36,
+ # vme, and ssse3.
gate64 = ET.SubElement(x86, "model")
gate64.set("name", "gate64")
ET.SubElement(gate64, "vendor").set("name", "Intel")
@@ -51,13 +52,11 @@
ET.SubElement(gate64, "feature").set("name", "fxsr")
ET.SubElement(gate64, "feature").set("name", "sse")
ET.SubElement(gate64, "feature").set("name", "sse2")
- ET.SubElement(gate64, "feature").set("name", "vme")
ET.SubElement(gate64, "feature").set("name", "mtrr")
ET.SubElement(gate64, "feature").set("name", "mca")
ET.SubElement(gate64, "feature").set("name", "clflush")
ET.SubElement(gate64, "feature").set("name", "pni")
ET.SubElement(gate64, "feature").set("name", "nx")
- ET.SubElement(gate64, "feature").set("name", "ssse3")
ET.SubElement(gate64, "feature").set("name", "syscall")
ET.SubElement(gate64, "feature").set("name", "lm")
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 25f713c..74d5428 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -156,8 +156,6 @@
exit 3
fi
-export -n SERVICE_TOKEN SERVICE_ENDPOINT OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
-
EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true)
if [[ -z $EC2_URL ]]; then
EC2_URL=http://localhost:8773/
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index f239c7b..542a284 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -77,9 +77,9 @@
die $LINENO "Download of get-pip.py failed"
touch $LOCAL_PIP.downloaded
fi
- sudo -H -E python $LOCAL_PIP
+ sudo -H -E python $LOCAL_PIP -c $TOOLS_DIR/cap-pip.txt
if python3_enabled; then
- sudo -H -E python${PYTHON3_VERSION} $LOCAL_PIP
+ sudo -H -E python${PYTHON3_VERSION} $LOCAL_PIP -c $TOOLS_DIR/cap-pip.txt
fi
}
diff --git a/tools/xen/README.md b/tools/xen/README.md
index a1adf59..21090e5 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -78,7 +78,6 @@
# to prompt for these passwords, blocking the install process.
DATABASE_PASSWORD=my_super_secret
- SERVICE_TOKEN=my_super_secret
ADMIN_PASSWORD=my_super_secret
SERVICE_PASSWORD=my_super_secret
RABBIT_PASSWORD=my_super_secret