Merge "neutron: use non-deprecated notification_driver"
diff --git a/files/apts/neutron b/files/apts/neutron
index 9df5904..381c758 100644
--- a/files/apts/neutron
+++ b/files/apts/neutron
@@ -17,7 +17,7 @@
python-mysqldb
python-mysql.connector
python-pyudev
-python-qpid # dist:precise
+python-qpid # NOPRIME
dnsmasq-base
dnsmasq-utils # for dhcp_release only available in dist:precise
rabbitmq-server # NOPRIME
diff --git a/files/apts/nova b/files/apts/nova
index 4e47d70..b1b969a 100644
--- a/files/apts/nova
+++ b/files/apts/nova
@@ -24,7 +24,7 @@
curl
genisoimage # required for config_drive
rabbitmq-server # NOPRIME
-qpidd # dist:precise NOPRIME
+qpidd # NOPRIME
socat # used by ajaxterm
python-mox
python-paste
@@ -45,4 +45,4 @@
python-kombu
python-feedparser
python-iso8601
-python-qpid # dist:precise
+python-qpid # NOPRIME
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 29d5cea..7020d33 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -15,7 +15,7 @@
#rhel6 gets via pip
python-paste # dist:f19,f20,rhel7
python-paste-deploy # dist:f19,f20,rhel7
-python-qpid
+python-qpid # NOPRIME
python-routes
python-sqlalchemy
python-suds
diff --git a/files/rpms/nova b/files/rpms/nova
index fab4504..695d814 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -34,7 +34,7 @@
# pip we need
python-paste # dist:f19,f20,rhel7
python-paste-deploy # dist:f19,f20,rhel7
-python-qpid
+python-qpid # NOPRIME
python-routes
python-sqlalchemy
python-suds
diff --git a/files/rpms/qpid b/files/rpms/qpid
new file mode 100644
index 0000000..62148ba
--- /dev/null
+++ b/files/rpms/qpid
@@ -0,0 +1,3 @@
+qpid-proton-c-devel # NOPRIME
+python-qpid-proton # NOPRIME
+
diff --git a/lib/ceph b/lib/ceph
index 8464042..30ca903 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -198,10 +198,11 @@
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
iniset $GLANCE_API_CONF DEFAULT default_store rbd
- iniset $GLANCE_API_CONF DEFAULT rbd_store_ceph_conf $CEPH_CONF_FILE
- iniset $GLANCE_API_CONF DEFAULT rbd_store_user $GLANCE_CEPH_USER
- iniset $GLANCE_API_CONF DEFAULT rbd_store_pool $GLANCE_CEPH_POOL
iniset $GLANCE_API_CONF DEFAULT show_image_direct_url True
+ iniset $GLANCE_API_CONF glance_store stores "file, http, rbd"
+ iniset $GLANCE_API_CONF glance_store rbd_store_ceph_conf $CEPH_CONF_FILE
+ iniset $GLANCE_API_CONF glance_store rbd_store_user $GLANCE_CEPH_USER
+ iniset $GLANCE_API_CONF glance_store rbd_store_pool $GLANCE_CEPH_POOL
}
# configure_ceph_nova() - Nova config needs to come after Nova is set up
diff --git a/lib/keystone b/lib/keystone
index 66ab3db..be62607 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -6,6 +6,7 @@
# - ``functions`` file
# - ``tls`` file
# - ``DEST``, ``STACK_USER``
+# - ``FILES``
# - ``IDENTITY_API_VERSION``
# - ``BASE_SQL_CONN``
# - ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
@@ -104,18 +105,13 @@
# cleanup_keystone() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_keystone {
- # kill instances (nova)
- # delete image files (glance)
- # This function intentionally left blank
- :
+ _cleanup_keystone_apache_wsgi
}
# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
function _cleanup_keystone_apache_wsgi {
sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
- disable_apache_site keystone
sudo rm -f $(apache_site_config_for keystone)
- restart_apache_server
}
# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
@@ -145,7 +141,6 @@
s|%USER%|$STACK_USER|g
s|%ERRORLOGFORMAT%|$errorlogformat|g;
" -i $keystone_apache_conf
- enable_apache_site keystone
}
# configure_keystone() - Set config files, create data dirs, etc
@@ -473,6 +468,7 @@
fi
if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ enable_apache_site keystone
restart_apache_server
tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
@@ -498,10 +494,12 @@
# stop_keystone() - Stop running processes
function stop_keystone {
+ if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ disable_apache_site keystone
+ restart_apache_server
+ fi
# Kill the Keystone screen window
stop_process key
- # Cleanup the WSGI files and VHOST
- _cleanup_keystone_apache_wsgi
}
function is_keystone_enabled {
diff --git a/lib/ldap b/lib/ldap
index efe2f09..2bb8a4c 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -79,7 +79,7 @@
function init_ldap {
local keystone_ldif
- TMP_LDAP_DIR=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
+ local tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
# Remove data but not schemas
clear_ldap_state
@@ -91,17 +91,17 @@
printf "Configuring LDAP for $LDAP_BASE_DC\n"
# If BASE_DN is changed, the user may override the default file
if [[ -r $FILES/ldap/${LDAP_BASE_DC}.ldif.in ]]; then
- keystone_ldif=${LDAP_BASE_DC}.ldif
+ local keystone_ldif=${LDAP_BASE_DC}.ldif
else
- keystone_ldif=keystone.ldif
+ local keystone_ldif=keystone.ldif
fi
- _ldap_varsubst $FILES/ldap/${keystone_ldif}.in >$TMP_LDAP_DIR/${keystone_ldif}
- if [[ -r $TMP_LDAP_DIR/${keystone_ldif} ]]; then
- ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $TMP_LDAP_DIR/${keystone_ldif}
+ _ldap_varsubst $FILES/ldap/${keystone_ldif}.in >$tmp_ldap_dir/${keystone_ldif}
+ if [[ -r $tmp_ldap_dir/${keystone_ldif} ]]; then
+ ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $tmp_ldap_dir/${keystone_ldif}
fi
fi
- rm -rf TMP_LDAP_DIR
+ rm -rf $tmp_ldap_dir
}
# install_ldap
@@ -110,7 +110,7 @@
echo "Installing LDAP inside function"
echo "os_VENDOR is $os_VENDOR"
- TMP_LDAP_DIR=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
+ local tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
printf "installing OpenLDAP"
if is_ubuntu; then
@@ -119,19 +119,19 @@
elif is_fedora; then
start_ldap
elif is_suse; then
- _ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$TMP_LDAP_DIR/suse-base-config.ldif
- sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $TMP_LDAP_DIR/suse-base-config.ldif
+ _ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$tmp_ldap_dir/suse-base-config.ldif
+ sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $tmp_ldap_dir/suse-base-config.ldif
sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
start_ldap
fi
echo "LDAP_PASSWORD is $LDAP_PASSWORD"
- SLAPPASS=$(slappasswd -s $LDAP_PASSWORD)
- printf "LDAP secret is $SLAPPASS\n"
+ local slappass=$(slappasswd -s $LDAP_PASSWORD)
+ printf "LDAP secret is $slappass\n"
# Create manager.ldif and add to olcdb
- _ldap_varsubst $FILES/ldap/manager.ldif.in >$TMP_LDAP_DIR/manager.ldif
- sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $TMP_LDAP_DIR/manager.ldif
+ _ldap_varsubst $FILES/ldap/manager.ldif.in >$tmp_ldap_dir/manager.ldif
+ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $tmp_ldap_dir/manager.ldif
# On fedora we need to manually add cosine and inetorgperson schemas
if is_fedora; then
@@ -139,7 +139,7 @@
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
fi
- rm -rf TMP_LDAP_DIR
+ rm -rf $tmp_ldap_dir
}
# start_ldap() - Start LDAP
diff --git a/lib/neutron b/lib/neutron
index 22d4f37..6985bbe 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -447,20 +447,20 @@
# Migrated from keystone_data.sh
function create_neutron_accounts {
- SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
- ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
+ local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+ local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
- NEUTRON_USER=$(get_or_create_user "neutron" \
- "$SERVICE_PASSWORD" $SERVICE_TENANT)
- get_or_add_user_role $ADMIN_ROLE $NEUTRON_USER $SERVICE_TENANT
+ local neutron_user=$(get_or_create_user "neutron" \
+ "$SERVICE_PASSWORD" $service_tenant)
+ get_or_add_user_role $admin_role $neutron_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- NEUTRON_SERVICE=$(get_or_create_service "neutron" \
+ local neutron_service=$(get_or_create_service "neutron" \
"network" "Neutron Service")
- get_or_create_endpoint $NEUTRON_SERVICE \
+ get_or_create_endpoint $neutron_service \
"$REGION_NAME" \
"http://$SERVICE_HOST:$Q_PORT/" \
"http://$SERVICE_HOST:$Q_PORT/" \
@@ -939,8 +939,12 @@
local use_auth_url=$3
local skip_auth_cache=$4
- iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
- iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
+ if [[ -n $use_auth_url ]]; then
+ iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
+ else
+ iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
+ iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
+ fi
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index b4c2ada..a5a58f4 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -34,10 +34,18 @@
iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
}
+function _neutron_ofagent_configure_firewall_driver {
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+ else
+ iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
+ fi
+}
+
function neutron_plugin_configure_plugin_agent {
# Set up integration bridge
_neutron_ovs_base_setup_bridge $OVS_BRIDGE
- _neutron_ovs_base_configure_firewall_driver
+ _neutron_ofagent_configure_firewall_driver
# Check a supported openflow version
OF_VERSION=`ovs-ofctl --version | grep "OpenFlow versions" | awk '{print $3}' | cut -d':' -f2`
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 38da50c..f2d2859 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -6,6 +6,7 @@
#
# - ``functions`` file
# - ``RABBIT_{HOST|PASSWORD}`` must be defined when RabbitMQ is used
+# - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol
# ``stack.sh`` calls the entry points in this order:
#
@@ -90,21 +91,56 @@
exit_distro_not_supported "zeromq installation"
fi
fi
+
+ # Remove the AMQP 1.0 messaging libraries
+ if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
+ if is_fedora; then
+ uninstall_package qpid-proton-c-devel
+ uninstall_package python-qpid-proton
+ fi
+ # TODO(kgiusti) ubuntu cleanup
+ fi
}
# install rpc backend
function install_rpc_backend {
+ # Regardless of the broker used, if AMQP 1.0 is configured load
+ # the necessary messaging client libraries for oslo.messaging
+ if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
+ if is_fedora; then
+ install_package qpid-proton-c-devel
+ install_package python-qpid-proton
+ elif is_ubuntu; then
+ # TODO(kgiusti) The QPID AMQP 1.0 protocol libraries
+ # are not yet in the ubuntu repos. Enable these installs
+ # once they are present:
+ #install_package libqpid-proton2-dev
+ #install_package python-qpid-proton
+ # Also add 'uninstall' directives in cleanup_rpc_backend()!
+ exit_distro_not_supported "QPID AMQP 1.0 Proton libraries"
+ else
+ exit_distro_not_supported "QPID AMQP 1.0 Proton libraries"
+ fi
+ # Install pyngus client API
+ # TODO(kgiusti) can remove once python qpid bindings are
+ # available on all supported platforms _and_ pyngus is added
+ # to the requirements.txt file in oslo.messaging
+ pip_install pyngus
+ fi
+
if is_service_enabled rabbit; then
# Install rabbitmq-server
install_package rabbitmq-server
elif is_service_enabled qpid; then
+ local qpid_conf_file=/etc/qpid/qpidd.conf
if is_fedora; then
install_package qpid-cpp-server
if [[ $DISTRO =~ (rhel6) ]]; then
+ qpid_conf_file=/etc/qpidd.conf
# RHEL6 leaves "auth=yes" in /etc/qpidd.conf, it needs to
# be no or you get GSS authentication errors as it
# attempts to default to this.
- sudo sed -i.bak 's/^auth=yes$/auth=no/' /etc/qpidd.conf
+ sudo sed -i.bak 's/^auth=yes$/auth=no/' $qpid_conf_file
fi
elif is_ubuntu; then
install_package qpidd
@@ -113,6 +149,22 @@
else
exit_distro_not_supported "qpid installation"
fi
+ # If AMQP 1.0 is specified, ensure that the version of the
+ # broker can support AMQP 1.0 and configure the queue and
+ # topic address patterns used by oslo.messaging.
+ if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
+ QPIDD=$(type -p qpidd)
+ if ! $QPIDD --help | grep -q "queue-patterns"; then
+ exit_distro_not_supported "qpidd with AMQP 1.0 support"
+ fi
+ if ! grep -q "queue-patterns=exclusive" $qpid_conf_file; then
+ cat <<EOF | sudo tee --append $qpid_conf_file
+queue-patterns=exclusive
+queue-patterns=unicast
+topic-patterns=broadcast
+EOF
+ fi
+ fi
elif is_service_enabled zeromq; then
# NOTE(ewindisch): Redis is not strictly necessary
# but there is a matchmaker driver that works
@@ -130,6 +182,11 @@
sudo mkdir -p /var/run/openstack
sudo chown $STACK_USER /var/run/openstack
fi
+
+ # If using the QPID broker, install the QPID python client API
+ if is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
+ install_package python-qpid
+ fi
}
# restart the rpc backend
@@ -176,7 +233,12 @@
MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
elif is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
- iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_qpid
+ # For Qpid use the 'amqp' oslo.messaging transport when AMQP 1.0 is used
+ if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
+ iniset $file $section rpc_backend "amqp"
+ else
+ iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_qpid
+ fi
iniset $file $section qpid_hostname ${QPID_HOST:-$SERVICE_HOST}
if is_ubuntu; then
QPID_PASSWORD=`sudo strings /etc/qpid/qpidd.sasldb | grep -B1 admin | head -1`
diff --git a/stack.sh b/stack.sh
index 68eac7c..c20e610 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1454,7 +1454,7 @@
echo_summary "WARNING: CINDER_MULTI_LVM_BACKEND is used"
echo "You are using CINDER_MULTI_LVM_BACKEND to configure Cinder's multiple LVM backends"
echo "Please convert that configuration in local.conf to use CINDER_ENABLED_BACKENDS."
- echo "CINDER_ENABLED_BACKENDS will be removed early in the 'K' development cycle"
+ echo "CINDER_MULTI_LVM_BACKEND will be removed early in the 'K' development cycle"
echo "
[[local|localrc]]
CINDER_ENABLED_BACKENDS=lvm:lvmdriver-1,lvm:lvmdriver-2