Merge "Backslash continuations (DevStack)"
diff --git a/files/000-default.template b/files/000-default.template
index d97f365..f499ea0 100644
--- a/files/000-default.template
+++ b/files/000-default.template
@@ -1,12 +1,12 @@
<VirtualHost *:80>
- WSGIScriptAlias / %HORIZON_DIR%/openstack-dashboard/dashboard/wsgi/django.wsgi
+ WSGIScriptAlias / %HORIZON_DIR%/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=%USER% group=%GROUP% processes=3 threads=10
SetEnv APACHE_RUN_USER %USER%
SetEnv APACHE_RUN_GROUP %GROUP%
WSGIProcessGroup horizon
DocumentRoot %HORIZON_DIR%/.blackhole/
- Alias /media %HORIZON_DIR%/openstack-dashboard/dashboard/static
+ Alias /media %HORIZON_DIR%/openstack_dashboard/static
Alias /vpn /opt/stack/vpn
<Directory />
diff --git a/files/glance-api-paste.ini b/files/glance-api-paste.ini
index b8832ad..583b70a 100644
--- a/files/glance-api-paste.ini
+++ b/files/glance-api-paste.ini
@@ -30,6 +30,7 @@
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
+# FIXME(dtroyer): remove these service_* entries after auth_token is updated
service_host = %KEYSTONE_SERVICE_HOST%
service_port = %KEYSTONE_SERVICE_PORT%
service_protocol = %KEYSTONE_SERVICE_PROTOCOL%
@@ -37,7 +38,11 @@
auth_port = %KEYSTONE_AUTH_PORT%
auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
auth_uri = %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/
+# FIXME(dtroyer): remove admin_token after auth_token is updated
admin_token = %SERVICE_TOKEN%
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USERNAME%
+admin_password = %SERVICE_PASSWORD%
[filter:auth-context]
paste.filter_factory = glance.common.wsgi:filter_factory
diff --git a/files/glance-registry-paste.ini b/files/glance-registry-paste.ini
index f4130ec..fe460d9 100644
--- a/files/glance-registry-paste.ini
+++ b/files/glance-registry-paste.ini
@@ -14,6 +14,7 @@
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
+# FIXME(dtroyer): remove these service_* entries after auth_token is updated
service_host = %KEYSTONE_SERVICE_HOST%
service_port = %KEYSTONE_SERVICE_PORT%
service_protocol = %KEYSTONE_SERVICE_PROTOCOL%
@@ -21,7 +22,11 @@
auth_port = %KEYSTONE_AUTH_PORT%
auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
auth_uri = %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/
+# FIXME(dtroyer): remove admin_token after auth_token is updated
admin_token = %SERVICE_TOKEN%
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USERNAME%
+admin_password = %SERVICE_PASSWORD%
[filter:auth-context]
context_class = glance.registry.context.RequestContext
diff --git a/files/horizon_settings.py b/files/horizon_settings.py
index bbff08f..2d1d1f8 100644
--- a/files/horizon_settings.py
+++ b/files/horizon_settings.py
@@ -37,7 +37,7 @@
HORIZON_CONFIG = {
'dashboards': ('nova', 'syspanel', 'settings',),
'default_dashboard': 'nova',
- 'user_home': 'dashboard.views.user_home',
+ 'user_home': 'openstack_dashboard.views.user_home',
}
OPENSTACK_HOST = "127.0.0.1"
@@ -98,6 +98,3 @@
# }
# }
#}
-
-# How much ram on each compute host?
-COMPUTE_HOST_RAM_GB = 16
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 3f4841f..e292811 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -17,6 +17,7 @@
fi
ADMIN_TENANT=`get_id keystone tenant-create --name=admin`
+SERVICE_TENANT=`get_id keystone tenant-create --name=$SERVICE_TENANT_NAME`
DEMO_TENANT=`get_id keystone tenant-create --name=demo`
INVIS_TENANT=`get_id keystone tenant-create --name=invisible_to_admin`
@@ -73,6 +74,14 @@
--name=nova \
--type=compute \
--description="Nova Compute Service"
+NOVA_USER=`get_id keystone user-create \
+ --name=nova \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=nova@example.com`
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $NOVA_USER \
+ --role $ADMIN_ROLE
keystone service-create \
--name=ec2 \
@@ -83,6 +92,14 @@
--name=glance \
--type=image \
--description="Glance Image Service"
+GLANCE_USER=`get_id keystone user-create \
+ --name=glance \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=glance@example.com`
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $GLANCE_USER \
+ --role $ADMIN_ROLE
keystone service-create \
--name=keystone \
@@ -101,12 +118,28 @@
--name=swift \
--type="object-store" \
--description="Swift Service"
+ SWIFT_USER=`get_id keystone user-create \
+ --name=swift \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=swift@example.com`
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $SWIFT_USER \
+ --role $ADMIN_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
keystone service-create \
--name=quantum \
--type=network \
--description="Quantum Service"
+ QUANTUM_USER=`get_id keystone user-create \
+ --name=quantum \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=quantum@example.com`
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $QUANTUM_USER \
+ --role $ADMIN_ROLE
fi
# create ec2 creds and parse the secret and access key returned
diff --git a/files/swift/proxy-server.conf b/files/swift/proxy-server.conf
index d6db117..e80c1d5 100644
--- a/files/swift/proxy-server.conf
+++ b/files/swift/proxy-server.conf
@@ -31,13 +31,18 @@
[filter:tokenauth]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
+# FIXME(dtroyer): remove these service_* entries after auth_token is updated
service_port = %KEYSTONE_SERVICE_PORT%
service_host = %KEYSTONE_SERVICE_HOST%
auth_port = %KEYSTONE_AUTH_PORT%
auth_host = %KEYSTONE_AUTH_HOST%
auth_protocol = %KEYSTONE_AUTH_PROTOCOL%
auth_token = %SERVICE_TOKEN%
+# FIXME(dtroyer): remove admin_token after auth_token is updated
admin_token = %SERVICE_TOKEN%
+admin_tenant_name = %SERVICE_TENANT_NAME%
+admin_user = %SERVICE_USERNAME%
+admin_password = %SERVICE_PASSWORD%
cache = swift.cache
[filter:swift3]
diff --git a/stack.sh b/stack.sh
index 8b69428..9242182 100755
--- a/stack.sh
+++ b/stack.sh
@@ -421,10 +421,16 @@
# Service Token - Openstack components need to have an admin token
# to validate user tokens.
read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
+# Services authenticate to Identity with servicename/SERVICE_PASSWORD
+read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION."
# Horizon currently truncates usernames and passwords at 20 characters
read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
+# Set the tenant for service accounts in Keystone
+SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+
# Set Keystone interface configuration
+KEYSTONE_API_PORT=${KEYSTONE_API_PORT:-5000}
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357}
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-http}
@@ -618,8 +624,7 @@
fi
cd $NOVA_DIR; sudo python setup.py develop
if is_service_enabled horizon; then
- cd $HORIZON_DIR/horizon; sudo python setup.py develop
- cd $HORIZON_DIR/openstack-dashboard; sudo python setup.py develop
+ cd $HORIZON_DIR; sudo python setup.py develop
fi
if is_service_enabled q-svc; then
cd $QUANTUM_DIR; sudo python setup.py develop
@@ -718,14 +723,14 @@
apt_get install apache2 libapache2-mod-wsgi
# Link to quantum client directory.
- rm -fr ${HORIZON_DIR}/openstack-dashboard/quantum
- ln -s ${QUANTUM_CLIENT_DIR}/quantum ${HORIZON_DIR}/openstack-dashboard/quantum
+ rm -fr ${HORIZON_DIR}/openstack_dashboard/quantum
+ ln -s ${QUANTUM_CLIENT_DIR}/quantum ${HORIZON_DIR}/openstack_dashboard/quantum
# Remove stale session database.
- rm -f $HORIZON_DIR/openstack-dashboard/local/dashboard_openstack.sqlite3
+ rm -f $HORIZON_DIR/openstack_dashboard/local/dashboard_openstack.sqlite3
# ``local_settings.py`` is used to override horizon default settings.
- local_settings=$HORIZON_DIR/openstack-dashboard/local/local_settings.py
+ local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
cp $FILES/horizon_settings.py $local_settings
# Enable quantum in dashboard, if requested
@@ -735,7 +740,7 @@
# Initialize the horizon database (it stores sessions and notices shown to
# users). The user system is external (keystone).
- cd $HORIZON_DIR/openstack-dashboard
+ cd $HORIZON_DIR
python manage.py syncdb
# create an empty directory that apache uses as docroot
@@ -769,6 +774,7 @@
function glance_config {
sudo sed -e "
+ s,%KEYSTONE_API_PORT%,$KEYSTONE_API_PORT,g;
s,%KEYSTONE_AUTH_HOST%,$KEYSTONE_AUTH_HOST,g;
s,%KEYSTONE_AUTH_PORT%,$KEYSTONE_AUTH_PORT,g;
s,%KEYSTONE_AUTH_PROTOCOL%,$KEYSTONE_AUTH_PROTOCOL,g;
@@ -776,6 +782,9 @@
s,%KEYSTONE_SERVICE_PORT%,$KEYSTONE_SERVICE_PORT,g;
s,%KEYSTONE_SERVICE_PROTOCOL%,$KEYSTONE_SERVICE_PROTOCOL,g;
s,%SQL_CONN%,$BASE_SQL_CONN/glance,g;
+ s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
+ s,%SERVICE_USERNAME%,glance,g;
+ s,%SERVICE_PASSWORD%,$SERVICE_PASSWORD,g;
s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
s,%DEST%,$DEST,g;
s,%SYSLOG%,$SYSLOG,g;
@@ -826,7 +835,14 @@
cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF
# Then we add our own service token to the configuration
- sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $NOVA_CONF/api-paste.ini
+ sed -e "
+ /^admin_token/i admin_tenant_name = $SERVICE_TENANT_NAME
+ /admin_tenant_name/s/^.*$/admin_tenant_name = $SERVICE_TENANT_NAME/;
+ /admin_user/s/^.*$/admin_user = nova/;
+ /admin_password/s/^.*$/admin_password = $SERVICE_PASSWORD/;
+ s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
+ s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
+ " -i $NOVA_CONF/api-paste.ini
# Finally, we change the pipelines in nova to use keystone
function replace_pipeline() {
@@ -1012,16 +1028,21 @@
# We do the install of the proxy-server and swift configuration
# replacing a few directives to match our configuration.
- sed -e "s,%SWIFT_CONFIG_LOCATION%,${SWIFT_CONFIG_LOCATION},g;
- s,%USER%,$USER,g;
- s,%SERVICE_TOKEN%,${SERVICE_TOKEN},g;
- s,%KEYSTONE_SERVICE_PORT%,${KEYSTONE_SERVICE_PORT},g;
- s,%KEYSTONE_SERVICE_HOST%,${KEYSTONE_SERVICE_HOST},g;
- s,%KEYSTONE_AUTH_PORT%,${KEYSTONE_AUTH_PORT},g;
- s,%KEYSTONE_AUTH_HOST%,${KEYSTONE_AUTH_HOST},g;
- s,%KEYSTONE_AUTH_PROTOCOL%,${KEYSTONE_AUTH_PROTOCOL},g;
- s/%AUTH_SERVER%/${swift_auth_server}/g;" \
- $FILES/swift/proxy-server.conf | \
+ sed -e "
+ s,%SWIFT_CONFIG_LOCATION%,${SWIFT_CONFIG_LOCATION},g;
+ s,%USER%,$USER,g;
+ s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
+ s,%SERVICE_USERNAME%,swift,g;
+ s,%SERVICE_PASSWORD%,$SERVICE_PASSWORD,g;
+ s,%SERVICE_TOKEN%,${SERVICE_TOKEN},g;
+ s,%KEYSTONE_SERVICE_PORT%,${KEYSTONE_SERVICE_PORT},g;
+ s,%KEYSTONE_SERVICE_HOST%,${KEYSTONE_SERVICE_HOST},g;
+ s,%KEYSTONE_API_PORT%,${KEYSTONE_API_PORT},g;
+ s,%KEYSTONE_AUTH_HOST%,${KEYSTONE_AUTH_HOST},g;
+ s,%KEYSTONE_AUTH_PORT%,${KEYSTONE_AUTH_PORT},g;
+ s,%KEYSTONE_AUTH_PROTOCOL%,${KEYSTONE_AUTH_PROTOCOL},g;
+ s/%AUTH_SERVER%/${swift_auth_server}/g;
+ " $FILES/swift/proxy-server.conf | \
sudo tee ${SWIFT_CONFIG_LOCATION}/proxy-server.conf
sed -e "s/%SWIFT_HASH%/$SWIFT_HASH/" $FILES/swift/swift.conf > ${SWIFT_CONFIG_LOCATION}/swift.conf
@@ -1390,7 +1411,7 @@
if is_service_enabled key; then
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
echo "Waiting for keystone to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/; do sleep 1; done"; then
echo "keystone did not start"
exit 1
fi
@@ -1402,7 +1423,8 @@
# keystone_data.sh creates services, admin and demo users, and roles.
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
- ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES bash $FILES/keystone_data.sh
+ ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
+ bash $FILES/keystone_data.sh
fi
@@ -1631,7 +1653,7 @@
# If keystone is present, you can point nova cli to this server
if is_service_enabled key; then
- echo "keystone is serving at $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/"
+ echo "keystone is serving at $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/"
echo "examples on using novaclient command line is in exercise.sh"
echo "the default users are: admin and demo"
echo "the password: $ADMIN_PASSWORD"