Merge "Fix FLAT_INTERFACE not working"
diff --git a/exercises/quantum-adv-test.sh b/exercises/quantum-adv-test.sh
index 5c4b16e..a1fb2ad 100755
--- a/exercises/quantum-adv-test.sh
+++ b/exercises/quantum-adv-test.sh
@@ -235,7 +235,7 @@
source $TOP_DIR/openrc $TENANT $TENANT
local NET_ID=$(quantum net-create --tenant_id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
quantum subnet-create --ip_version 4 --tenant_id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
- quantum-debug probe-create $NET_ID
+ quantum-debug probe-create --device-owner compute $NET_ID
source $TOP_DIR/openrc demo demo
}
diff --git a/lib/cinder b/lib/cinder
index b3e1904..7688ad9 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -53,6 +53,11 @@
# Support for multi lvm backend configuration (default is no support)
CINDER_MULTI_LVM_BACKEND=$(trueorfalse False $CINDER_MULTI_LVM_BACKEND)
+# Should cinder perform secure deletion of volumes?
+# Defaults to true, can be set to False to avoid this bug when testing:
+# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1023755
+CINDER_SECURE_DELETE=`trueorfalse True $CINDER_SECURE_DELETE`
+
# Name of the lvm volume groups to use/create for iscsi volumes
# VOLUME_GROUP2 is used only if CINDER_MULTI_LVM_BACKEND = True
VOLUME_GROUP=${VOLUME_GROUP:-stack-volumes}
diff --git a/lib/keystone b/lib/keystone
index 17e0866..805cb6f 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -59,6 +59,9 @@
KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+# Set the tenant for service accounts in Keystone
+SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+
# Entry Points
# ------------
diff --git a/lib/nova b/lib/nova
index 6aa98bc..9809e62 100644
--- a/lib/nova
+++ b/lib/nova
@@ -65,6 +65,9 @@
QEMU_CONF=/etc/libvirt/qemu.conf
+NOVNC_DIR=$DEST/noVNC
+SPICE_DIR=$DEST/spice-html5
+
# Nova Network Configuration
# --------------------------
diff --git a/lib/quantum b/lib/quantum
index 09cde64..efdd43d 100644
--- a/lib/quantum
+++ b/lib/quantum
@@ -181,6 +181,13 @@
# Hardcoding for 1 service plugin for now
source $TOP_DIR/lib/quantum_plugins/agent_loadbalancer
+# Use security group or not
+if has_quantum_plugin_security_group; then
+ Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
+else
+ Q_USE_SECGROUP=False
+fi
+
# Entry Points
# ------------
@@ -222,6 +229,11 @@
iniset $NOVA_CONF DEFAULT quantum_admin_tenant_name "$SERVICE_TENANT_NAME"
iniset $NOVA_CONF DEFAULT quantum_url "http://$Q_HOST:$Q_PORT"
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+ LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
+ iniset $NOVA_CONF DEFAULT security_group_api quantum
+ fi
+
# set NOVA_VIF_DRIVER and optionally set options in nova_conf
quantum_plugin_create_nova_conf
@@ -646,9 +658,9 @@
function setup_quantum_debug() {
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
- quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $public_net_id
+ quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
- quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create $private_net_id
+ quantum-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
fi
}
diff --git a/lib/quantum_plugins/README.md b/lib/quantum_plugins/README.md
index 5411de0..05bfb85 100644
--- a/lib/quantum_plugins/README.md
+++ b/lib/quantum_plugins/README.md
@@ -32,3 +32,5 @@
* ``quantum_plugin_configure_plugin_agent``
* ``quantum_plugin_configure_service``
* ``quantum_plugin_setup_interface_driver``
+* ``has_quantum_plugin_security_group``:
+ return 0 if the plugin support quantum security group otherwise return 1
diff --git a/lib/quantum_plugins/bigswitch_floodlight b/lib/quantum_plugins/bigswitch_floodlight
index 7d3fd96..4857f49 100644
--- a/lib/quantum_plugins/bigswitch_floodlight
+++ b/lib/quantum_plugins/bigswitch_floodlight
@@ -51,5 +51,10 @@
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
}
+function has_quantum_plugin_security_group() {
+ # 1 means False here
+ return 1
+}
+
# Restore xtrace
$MY_XTRACE
diff --git a/lib/quantum_plugins/brocade b/lib/quantum_plugins/brocade
index ac91143..6e26ad7 100644
--- a/lib/quantum_plugins/brocade
+++ b/lib/quantum_plugins/brocade
@@ -45,5 +45,10 @@
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver
}
+function has_quantum_plugin_security_group() {
+ # 0 means True here
+ return 0
+}
+
# Restore xtrace
$BRCD_XTRACE
diff --git a/lib/quantum_plugins/linuxbridge b/lib/quantum_plugins/linuxbridge
index 11bc585..324e255 100644
--- a/lib/quantum_plugins/linuxbridge
+++ b/lib/quantum_plugins/linuxbridge
@@ -48,6 +48,11 @@
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
fi
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.IptablesFirewallDriver
+ else
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver
+ fi
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
}
@@ -76,5 +81,10 @@
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.BridgeInterfaceDriver
}
+function has_quantum_plugin_security_group() {
+ # 0 means True here
+ return 0
+}
+
# Restore xtrace
$MY_XTRACE
diff --git a/lib/quantum_plugins/nicira b/lib/quantum_plugins/nicira
index 8c150b1..6eefb02 100644
--- a/lib/quantum_plugins/nicira
+++ b/lib/quantum_plugins/nicira
@@ -141,5 +141,10 @@
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
}
+function has_quantum_plugin_security_group() {
+ # 0 means True here
+ return 0
+}
+
# Restore xtrace
$MY_XTRACE
diff --git a/lib/quantum_plugins/openvswitch b/lib/quantum_plugins/openvswitch
index dda1239..ab16483 100644
--- a/lib/quantum_plugins/openvswitch
+++ b/lib/quantum_plugins/openvswitch
@@ -8,7 +8,7 @@
source $TOP_DIR/lib/quantum_plugins/ovs_base
function quantum_plugin_create_nova_conf() {
- NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
+ _quantum_ovs_base_configure_nova_vif_driver
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $NOVA_CONF DEFAULT xenapi_vif_driver nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
iniset $NOVA_CONF DEFAULT xenapi_ovs_integration_bridge $FLAT_NETWORK_BRIDGE
@@ -43,6 +43,7 @@
# Setup integration bridge
OVS_BRIDGE=${OVS_BRIDGE:-br-int}
_quantum_ovs_base_setup_bridge $OVS_BRIDGE
+ _quantum_ovs_base_configure_firewall_driver
# Setup agent for tunneling
if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then
@@ -139,5 +140,9 @@
iniset $conf_file DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
}
+function has_quantum_plugin_security_group() {
+ return 0
+}
+
# Restore xtrace
$MY_XTRACE
diff --git a/lib/quantum_plugins/ovs_base b/lib/quantum_plugins/ovs_base
index ab988d9..2ada0db 100644
--- a/lib/quantum_plugins/ovs_base
+++ b/lib/quantum_plugins/ovs_base
@@ -39,6 +39,14 @@
iniset $QUANTUM_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
}
+function _quantum_ovs_base_configure_firewall_driver() {
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+ else
+ iniset /$Q_PLUGIN_CONF_FILE SECURITYGROUP firewall_driver quantum.agent.firewall.NoopFirewallDriver
+ fi
+}
+
function _quantum_ovs_base_configure_l3_agent() {
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
@@ -48,5 +56,15 @@
sudo ip addr flush dev $PUBLIC_BRIDGE
}
+function _quantum_ovs_base_configure_nova_vif_driver() {
+ # The hybrid VIF driver needs to be specified when Quantum Security Group
+ # is enabled (until vif_security attributes are supported in VIF extension)
+ if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+ NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"}
+ else
+ NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
+ fi
+}
+
# Restore xtrace
$MY_XTRACE
diff --git a/lib/quantum_plugins/ryu b/lib/quantum_plugins/ryu
index d1d7382..1139232 100644
--- a/lib/quantum_plugins/ryu
+++ b/lib/quantum_plugins/ryu
@@ -9,7 +9,7 @@
source $TOP_DIR/lib/quantum_thirdparty/ryu # for configuration value
function quantum_plugin_create_nova_conf() {
- NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver"}
+ _quantum_ovs_base_configure_nova_vif_driver
iniset $NOVA_CONF DEFAULT libvirt_ovs_integration_bridge "$OVS_BRIDGE"
}
@@ -52,6 +52,8 @@
fi
iniset /$Q_PLUGIN_CONF_FILE OVS integration_bridge $OVS_BRIDGE
AGENT_BINARY="$QUANTUM_DIR/quantum/plugins/ryu/agent/ryu_quantum_agent.py"
+
+ _quantum_ovs_base_configure_firewall_driver
}
function quantum_plugin_configure_service() {
@@ -64,5 +66,10 @@
iniset $conf_file DEFAULT ovs_use_veth True
}
+function has_quantum_plugin_security_group() {
+ # 0 means True here
+ return 0
+}
+
# Restore xtrace
$MY_XTRACE
diff --git a/lib/swift b/lib/swift
index 2c87d21..d50b554 100644
--- a/lib/swift
+++ b/lib/swift
@@ -28,6 +28,7 @@
SWIFT_DIR=$DEST/swift
SWIFTCLIENT_DIR=$DEST/python-swiftclient
SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
+SWIFT3_DIR=$DEST/swift3
# TODO: add logging to different location.
@@ -40,6 +41,12 @@
# TODO(dtroyer): remove SWIFT_CONFIG_DIR after cutting stable/grizzly
SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-${SWIFT_CONFIG_DIR:-/etc/swift}}
+if is_service_enabled s-proxy && is_service_enabled swift3; then
+ # If we are using swift3, we can default the s3 port to swift instead
+ # of nova-objectstore
+ S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
+fi
+
# DevStack will create a loop-back disk formatted as XFS to store the
# swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in
# kilobytes.
diff --git a/stack.sh b/stack.sh
index 9a87a5f..cfce6be 100755
--- a/stack.sh
+++ b/stack.sh
@@ -269,14 +269,12 @@
# Set the destination directories for OpenStack projects
HORIZON_DIR=$DEST/horizon
OPENSTACKCLIENT_DIR=$DEST/python-openstackclient
-NOVNC_DIR=$DEST/noVNC
-SPICE_DIR=$DEST/spice-html5
-SWIFT3_DIR=$DEST/swift3
-# Should cinder perform secure deletion of volumes?
-# Defaults to true, can be set to False to avoid this bug when testing:
-# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1023755
-CINDER_SECURE_DELETE=`trueorfalse True $CINDER_SECURE_DELETE`
+
+# Interactive Configuration
+# -------------------------
+
+# Do all interactive config up front before the logging spew begins
# Generic helper to configure passwords
function read_password {
@@ -322,7 +320,6 @@
# Database Configuration
-# ----------------------
# To select between database backends, add the following to ``localrc``:
#
@@ -335,8 +332,7 @@
initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || echo "No database enabled"
-# RabbitMQ or Qpid
-# --------------------------
+# Queue Configuration
# Rabbit connection info
if is_service_enabled rabbit; then
@@ -344,53 +340,45 @@
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
fi
-if is_service_enabled s-proxy; then
- # If we are using swift3, we can default the s3 port to swift instead
- # of nova-objectstore
- if is_service_enabled swift3;then
- S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
+
+# Keystone
+
+if is_service_enabled key; then
+ # The ``SERVICE_TOKEN`` is used to bootstrap the Keystone database. It is
+ # just a string and is not a 'real' Keystone token.
+ read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
+ # Services authenticate to Identity with servicename/``SERVICE_PASSWORD``
+ read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION."
+ # Horizon currently truncates usernames and passwords at 20 characters
+ read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
+
+ # Keystone can now optionally install OpenLDAP by enabling the ``ldap``
+ # service in ``localrc`` (e.g. ``enable_service ldap``).
+ # To clean out the Keystone contents in OpenLDAP set ``KEYSTONE_CLEAR_LDAP``
+ # to ``yes`` (e.g. ``KEYSTONE_CLEAR_LDAP=yes``) in ``localrc``. To enable the
+ # Keystone Identity Driver (``keystone.identity.backends.ldap.Identity``)
+ # set ``KEYSTONE_IDENTITY_BACKEND`` to ``ldap`` (e.g.
+ # ``KEYSTONE_IDENTITY_BACKEND=ldap``) in ``localrc``.
+
+ # only request ldap password if the service is enabled
+ if is_service_enabled ldap; then
+ read_password LDAP_PASSWORD "ENTER A PASSWORD TO USE FOR LDAP"
fi
+fi
+
+
+# Swift
+
+if is_service_enabled s-proxy; then
# We only ask for Swift Hash if we have enabled swift service.
# ``SWIFT_HASH`` is a random unique string for a swift cluster that
# can never change.
read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
fi
-# Set default port for nova-objectstore
-S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
-
-# Keystone
-# --------
-
-# The ``SERVICE_TOKEN`` is used to bootstrap the Keystone database. It is
-# just a string and is not a 'real' Keystone token.
-read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
-# Services authenticate to Identity with servicename/``SERVICE_PASSWORD``
-read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION."
-# Horizon currently truncates usernames and passwords at 20 characters
-read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
-# Keystone can now optionally install OpenLDAP by adding ldap to the list
-# of enabled services in the localrc file (e.g. ENABLED_SERVICES=key,ldap).
-# If OpenLDAP has already been installed but you need to clear out
-# the Keystone contents of LDAP set KEYSTONE_CLEAR_LDAP to yes
-# (e.g. KEYSTONE_CLEAR_LDAP=yes ) in the localrc file. To enable the
-# Keystone Identity Driver (keystone.identity.backends.ldap.Identity)
-# set KEYSTONE_IDENTITY_BACKEND to ldap (e.g. KEYSTONE_IDENTITY_BACKEND=ldap)
-# in the localrc file.
-
-
-# only request ldap password if the service is enabled
-if is_service_enabled ldap; then
- read_password LDAP_PASSWORD "ENTER A PASSWORD TO USE FOR LDAP"
-fi
-
-# Set the tenant for service accounts in Keystone
-SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
-
-
-# Log files
-# ---------
+# Configure logging
+# -----------------
# Draw a spinner so the user knows something is happening
function spinner() {
@@ -638,14 +626,15 @@
echo_summary "Configuring OpenStack projects"
-# Set up our checkouts so they are installed into python path
-# allowing ``import nova`` or ``import glance.client``
+# Set up our checkouts so they are installed in the python path
configure_keystoneclient
configure_novaclient
setup_develop $OPENSTACKCLIENT_DIR
+
if is_service_enabled key g-api n-api s-proxy; then
configure_keystone
fi
+
if is_service_enabled s-proxy; then
configure_swift
configure_swiftclient
@@ -653,6 +642,7 @@
setup_develop $SWIFT3_DIR
fi
fi
+
if is_service_enabled g-api n-api; then
configure_glance
fi
@@ -666,17 +656,21 @@
cleanup_nova
configure_nova
fi
+
if is_service_enabled horizon; then
configure_horizon
fi
+
if is_service_enabled quantum; then
setup_quantumclient
setup_quantum
fi
+
if is_service_enabled heat; then
configure_heat
configure_heatclient
fi
+
if is_service_enabled cinder; then
configure_cinder
fi
@@ -698,6 +692,7 @@
# don't be naive and add to existing line!
fi
+
# Syslog
# ------
@@ -992,6 +987,7 @@
fi
fi
+
# Launch Services
# ===============
@@ -1081,6 +1077,7 @@
start_heat
fi
+
# Create account rc files
# =======================
@@ -1191,6 +1188,7 @@
# Check the status of running services
service_check
+
# Fin
# ===
diff --git a/stackrc b/stackrc
index 19674ed..34ccfa2 100644
--- a/stackrc
+++ b/stackrc
@@ -201,6 +201,10 @@
VOLUME_NAME_PREFIX=${VOLUME_NAME_PREFIX:-volume-}
INSTANCE_NAME_PREFIX=${INSTANCE_NAME_PREFIX:-instance-}
+# Set default port for nova-objectstore
+S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
+
+# Common network names
PRIVATE_NETWORK_NAME=${PRIVATE_NETWORK_NAME:-"private"}
PUBLIC_NETWORK_NAME=${PUBLIC_NETWORK_NAME:-"nova"}