Merge "Add PostgreSQL support to devstack"
diff --git a/functions b/functions
index 917727d..0da8299 100644
--- a/functions
+++ b/functions
@@ -570,7 +570,7 @@
# is_set env-var
function is_set() {
local var=\$"$1"
- if eval "[ -z $var ]"; then
+ if eval "[ -z \"$var\" ]"; then
return 1
fi
return 0
diff --git a/lib/cinder b/lib/cinder
index 51acfa5..81bfbfe 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -4,8 +4,8 @@
# Dependencies:
# - functions
# - DEST, DATA_DIR must be defined
-# - KEYSTONE_AUTH_* must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# stack.sh
# ---------
@@ -30,6 +30,7 @@
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
+CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
# Support entry points installation of console scripts
if [[ -d $CINDER_DIR/bin ]]; then
@@ -106,6 +107,10 @@
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
+ fi
+
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT verbose True
@@ -187,6 +192,12 @@
done
fi
fi
+
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $CINDER_AUTH_CACHE_DIR
+ sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
+ fi
}
# install_cinder() - Collect source and prepare
diff --git a/lib/glance b/lib/glance
index afddcd2..b02a4b6 100644
--- a/lib/glance
+++ b/lib/glance
@@ -6,6 +6,7 @@
# ``DEST``, ``DATA_DIR`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``SERVICE_HOST``
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
@@ -31,6 +32,7 @@
GLANCECLIENT_DIR=$DEST/python-glanceclient
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
+GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_REGISTRY_CONF=$GLANCE_CONF_DIR/glance-registry.conf
@@ -93,6 +95,9 @@
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
+ fi
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
iniset $GLANCE_API_CONF DEFAULT debug True
@@ -116,6 +121,9 @@
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
+ fi
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
@@ -154,6 +162,14 @@
recreate_database glance utf8
$GLANCE_BIN_DIR/glance-manage db_sync
+
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
+ fi
}
# install_glanceclient() - Collect source and prepare
diff --git a/lib/keystone b/lib/keystone
index ac15cbd..ae89056 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -32,13 +32,18 @@
KEYSTONE_DIR=$DEST/keystone
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
+KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
-# Select the backend for Keystopne's service catalog
+# Select the backend for Keystone's service catalog
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
+# Select Keystone's token format
+# Choose from 'UUID' and 'PKI'
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
+
# Set Keystone interface configuration
KEYSTONE_API_PORT=${KEYSTONE_API_PORT:-5000}
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
@@ -47,7 +52,6 @@
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-http}
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
# Entry Points
@@ -148,8 +152,14 @@
# Initialize keystone database
$KEYSTONE_DIR/bin/keystone-manage db_sync
- # Set up certificates
- $KEYSTONE_DIR/bin/keystone-manage pki_setup
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Set up certificates
+ $KEYSTONE_DIR/bin/keystone-manage pki_setup
+
+ # Create cache dir
+ sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
+ sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
+ fi
}
# install_keystoneclient() - Collect source and prepare
diff --git a/lib/nova b/lib/nova
index 4997175..2c1413d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -7,6 +7,7 @@
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``LIBVIRT_TYPE`` must be defined
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
@@ -32,6 +33,7 @@
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
# INSTANCES_PATH is the previous name for this
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
+NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf
@@ -174,6 +176,10 @@
" -i $NOVA_API_PASTE_INI
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
+ fi
+
if is_service_enabled n-cpu; then
# Force IP forwarding on, just on case
sudo sysctl -w net.ipv4.ip_forward=1
@@ -385,6 +391,11 @@
$NOVA_BIN_DIR/nova-manage db sync
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $NOVA_AUTH_CACHE_DIR
+ sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
+ fi
}
# install_novaclient() - Collect source and prepare
diff --git a/stack.sh b/stack.sh
index b140385..1cd1e1a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -910,9 +910,6 @@
if is_service_enabled cinder; then
configure_cinder
fi
-if is_service_enabled tempest; then
- configure_tempest
-fi
if is_service_enabled ryu || (is_service_enabled quantum && [[ "$Q_PLUGIN" = "ryu" ]]); then
setup_develop $RYU_DIR
fi
@@ -1982,7 +1979,7 @@
if is_service_enabled g-reg; then
echo_summary "Uploading images"
- TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
+ TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
# Option to upload legacy ami-tty, which works with xenserver
if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then
@@ -1995,6 +1992,13 @@
fi
+# Configure Tempest last to ensure that the runtime configuration of
+# the various OpenStack services can be queried.
+if is_service_enabled tempest; then
+ configure_tempest
+fi
+
+
# Run local script
# ================