Merge "Install Juno RDO repos for RHEL7"
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index 8c9e658..b2a219b 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -5,7 +5,7 @@
DevStack uses the standard OpenStack contribution process as outlined in
`the OpenStack wiki 'How To
Contribute' <https://wiki.openstack.org/wiki/How_To_Contribute>`__. This
-means that you will need to meet the requirements of the Contribututors
+means that you will need to meet the requirements of the Contributors
License Agreement (CLA). If you have already done that for another
OpenStack project you are good to go.
diff --git a/doc/source/exerciserc.rst b/doc/source/exerciserc.rst
index f3780c3..dacae2e 100644
--- a/doc/source/exerciserc.rst
+++ b/doc/source/exerciserc.rst
@@ -3,7 +3,7 @@
==============================
``exerciserc`` is used to configure settings for the exercise scripts.
-The values shown below are the default values. Thse can all be
+The values shown below are the default values. These can all be
overridden by setting them in the ``localrc`` section.
ACTIVE\_TIMEOUT
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index f39471c..92d7945 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -123,7 +123,7 @@
[STRIKEOUT:The majority of deployments will use packages to install
OpenStack that will have distro-based packages as dependencies.
DevStack installs as many of these Python packages as possible to
- mimic the expected production environemnt.] Certain Linux
+ mimic the expected production environment.] Certain Linux
distributions have a 'lack of workaround' in their Python
configurations that installs vendor packaged Python modules and
pip-installed modules to the SAME DIRECTORY TREE. This is causing
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index dc2fc71..90d4ca3 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -59,6 +59,40 @@
+Disabling Next Generation Firewall Tools
+========================================
+
+Devstack does not properly operate with modern firewall tools. Specifically
+it will appear as if the guest VM can access the external network via ICMP,
+but UDP and TCP packets will not be delivered to the guest VM. The root cause
+of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
+firewall manager) apply firewall rules to all interfaces in the system, rather
+then per-device. One solution to this problem is to revert to iptables
+functionality.
+
+To get a functional firewall configuration for Fedora do the following:
+
+::
+
+ sudo service iptables save
+ sudo systemctl disable firewalld
+ sudo systemctl enable iptables
+ sudo systemctl stop firewalld
+ sudo systemctl start iptables
+
+
+To get a functional firewall configuration for distributions containing ufw,
+disable ufw. Note ufw is generally not enabled by default in Ubuntu. To
+disable ufw if it was enabled, do the following:
+
+::
+
+ sudo service iptables save
+ sudo ufw disable
+
+
+
+
Neutron Networking with Open vSwitch
====================================
diff --git a/doc/source/local.conf.rst b/doc/source/local.conf.rst
index b2f7557..a1ca60a 100644
--- a/doc/source/local.conf.rst
+++ b/doc/source/local.conf.rst
@@ -2,7 +2,7 @@
local.conf - User Settings
==========================
-``local.conf`` is a user-maintained setings file that is sourced in
+``local.conf`` is a user-maintained settings file that is sourced in
``stackrc``. It contains a section that replaces the historical
``localrc`` file. See the description of
:doc:`local.conf <configuration>` for more details about the mechanics
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index 56ff5c2..0b090c7 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -4,7 +4,7 @@
``openrc`` configures login credentials suitable for use with the
OpenStack command-line tools. ``openrc`` sources ``stackrc`` at the
-beginning (which in turn sources the ``localrc`` setion of
+beginning (which in turn sources the ``localrc`` section of
``local.conf``) in order to pick up ``HOST_IP`` and/or ``SERVICE_HOST``
to use in the endpoints. The values shown below are the default values.
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index b0cfb84..2190d83 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -22,6 +22,7 @@
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %ADMINWSGI%
WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
diff --git a/files/debs/general b/files/debs/general
index 3fe7863..e824d23 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -1,6 +1,5 @@
bridge-utils
pylint
-python-setuptools
screen
unzip
wget
diff --git a/files/debs/horizon b/files/debs/horizon
index 5d06928..f9b7d59 100644
--- a/files/debs/horizon
+++ b/files/debs/horizon
@@ -12,7 +12,6 @@
pylint
python-eventlet
python-nose
-python-sphinx
python-mox
python-coverage
python-cherrypy3 # why?
diff --git a/files/debs/ryu b/files/debs/ryu
index 9b85080..354c1b7 100644
--- a/files/debs/ryu
+++ b/files/debs/ryu
@@ -1,2 +1 @@
python-eventlet
-python-sphinx
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index f1f7e8f..63ef705 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -15,7 +15,6 @@
psmisc
python-cmd2 # dist:opensuse-12.3
python-pylint
-python-setuptools # instead of python-distribute; dist:sle11sp2
python-unittest2
screen
tar
diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
index fa7e439..d1f378a 100644
--- a/files/rpms-suse/horizon
+++ b/files/rpms-suse/horizon
@@ -4,7 +4,6 @@
python-Paste
python-PasteDeploy
python-Routes
-python-Sphinx
python-SQLAlchemy
python-WebOb
python-anyjson
diff --git a/files/rpms-suse/ryu b/files/rpms-suse/ryu
index 6b426fb..354c1b7 100644
--- a/files/rpms-suse/ryu
+++ b/files/rpms-suse/ryu
@@ -1,2 +1 @@
-python-Sphinx
python-eventlet
diff --git a/files/rpms/general b/files/rpms/general
index d7ace9b..ee7cc12 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -13,7 +13,6 @@
libxslt-devel
psmisc
pylint
-python-setuptools
python-prettytable # dist:rhel6 [1]
python-unittest2
python-virtualenv
diff --git a/files/rpms/horizon b/files/rpms/horizon
index 1d06ac2..82385ed 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -15,7 +15,6 @@
python-paste #dist:f19,f20,f21
python-paste-deploy #dist:f19,f20,f21
python-routes
-python-sphinx
python-sqlalchemy
python-webob
pyxattr
diff --git a/files/rpms/ryu b/files/rpms/ryu
index 9b85080..354c1b7 100644
--- a/files/rpms/ryu
+++ b/files/rpms/ryu
@@ -1,2 +1 @@
python-eventlet
-python-sphinx
diff --git a/functions-common b/functions-common
index 94ab347..40a0d2b 100644
--- a/functions-common
+++ b/functions-common
@@ -1578,7 +1578,7 @@
local sudo_pip="env"
else
local cmd_pip=$(get_pip_command)
- local sudo_pip="sudo"
+ local sudo_pip="sudo -H"
fi
$xtrace
diff --git a/lib/ceilometer b/lib/ceilometer
index 1f480ea..f6280d9 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -272,12 +272,12 @@
function install_redis {
if is_ubuntu; then
install_package redis-server
+ restart_service redis-server
else
# This will fail (correctly) where a redis package is unavailable
install_package redis
+ restart_service redis
fi
-
- restart_service redis
}
# install_ceilometer() - Collect source and prepare
diff --git a/lib/cinder b/lib/cinder
index 930119c..c106424 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -292,7 +292,7 @@
configure_cinder_driver
fi
- if [[ is_fedora && $DISTRO =~ (rhel6) ]]; then
+ if is_fedora && [[ $DISTRO =~ (rhel6) ]]; then
# Cinder clones are slightly larger due to some extra
# metadata. RHEL6 will not allow auto-extending of LV's
# without this, leading to clones giving hard-to-track disk
diff --git a/lib/horizon b/lib/horizon
index 3f3b1ca..fee2ef0 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -72,7 +72,7 @@
# cleanup_horizon() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_horizon {
- if [[ is_fedora && $DISTRO =~ (rhel6) ]]; then
+ if is_fedora && [[ $DISTRO =~ (rhel6) ]]; then
# If ``/usr/bin/node`` points into ``$DEST``
# we installed it via ``install_nodejs``
if [[ $(readlink -f /usr/bin/node) =~ ($DEST) ]]; then
@@ -105,9 +105,6 @@
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
- if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
- _horizon_config_set $local_settings "" OPENSTACK_TOKEN_HASH_ALGORITHM \""$KEYSTONE_TOKEN_HASH_ALGORITHM"\"
- fi
if [ -f $SSL_BUNDLE_FILE ]; then
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
diff --git a/lib/infra b/lib/infra
index 57df07d..c825b4e 100644
--- a/lib/infra
+++ b/lib/infra
@@ -37,7 +37,9 @@
git_clone_by_name "pbr"
setup_lib "pbr"
else
- pip_install "pbr"
+ # Always upgrade pbr to latest version as we may have pulled it
+ # in via system packages.
+ pip_install "-U" "pbr"
fi
}
diff --git a/lib/keystone b/lib/keystone
index 9c0b013..071dc90 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -318,10 +318,6 @@
iniset $KEYSTONE_CONF DEFAULT admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
-
- if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
- iniset $KEYSTONE_CONF token hash_algorithm "$KEYSTONE_TOKEN_HASH_ALGORITHM"
- fi
}
function configure_keystone_extensions {
@@ -443,9 +439,6 @@
iniset $conf_file $section admin_user $admin_user
iniset $conf_file $section admin_password $SERVICE_PASSWORD
iniset $conf_file $section signing_dir $signing_dir
- if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
- iniset $conf_file keystone_authtoken hash_algorithms "$KEYSTONE_TOKEN_HASH_ALGORITHM"
- fi
}
# init_keystone() - Initialize databases, etc.
diff --git a/lib/neutron b/lib/neutron
old mode 100644
new mode 100755
index 8517102..6c9d7b9
--- a/lib/neutron
+++ b/lib/neutron
@@ -751,7 +751,7 @@
# cleanup_neutron() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_neutron {
- if [[ is_provider_network && is_ironic_hardware ]]; then
+ if is_provider_network && is_ironic_hardware; then
for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
sudo ip addr add $IP dev $PUBLIC_INTERFACE
@@ -921,7 +921,9 @@
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
- _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT
+ # Configures keystone for metadata_agent
+ # The third argument "True" sets auth_url needed to communicate with keystone
+ _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True
}
@@ -1066,6 +1068,13 @@
function _neutron_setup_keystone {
local conf_file=$1
local section=$2
+ local use_auth_url=$3
+
+ # Configures keystone for metadata_agent
+ # metadata_agent needs auth_url to communicate with keystone
+ if [[ "$use_auth_url" == "True" ]]; then
+ iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
+ fi
create_neutron_cache_dir
configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
diff --git a/lib/opendaylight b/lib/opendaylight
index 936a17c..2f0f37e 100644
--- a/lib/opendaylight
+++ b/lib/opendaylight
@@ -47,16 +47,16 @@
ODL_PASSWORD=${ODL_PASSWORD:-admin}
# Short name of ODL package
-ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1}
+ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1.1}
# <define global variables here that belong to this project>
ODL_DIR=$DEST/opendaylight
# The OpenDaylight Package, currently using 'Hydrogen' release
-ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.zip}
+ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.1.zip}
# The OpenDaylight URL
-ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1/}
+ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1.1/}
# Default arguments for OpenDaylight. This is typically used to set
# Java memory options.
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 6afec37..400204a 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -176,17 +176,31 @@
echo_summary "Starting RabbitMQ"
# NOTE(bnemec): Retry initial rabbitmq configuration to deal with
# the fact that sometimes it fails to start properly.
- # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1059028
+ # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144100
local i
for i in `seq 10`; do
+ local rc=0
+
+ [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
+
if is_fedora || is_suse; then
# service is not started by default
restart_service rabbitmq-server
fi
- rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD"
+
+ rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD" || rc=$?
+ if [ $rc -ne 0 ]; then
+ continue
+ fi
+
# change the rabbit password since the default is "guest"
- sudo rabbitmqctl change_password $RABBIT_USERID $RABBIT_PASSWORD && break
- [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
+ sudo rabbitmqctl change_password \
+ $RABBIT_USERID $RABBIT_PASSWORD || rc=$?
+ if [ $rc -ne 0 ]; then
+ continue;
+ fi
+
+ break
done
if is_service_enabled n-cell; then
# Add partitioned access for the child cell
diff --git a/lib/swift b/lib/swift
index 41f9e84..e9043b3 100644
--- a/lib/swift
+++ b/lib/swift
@@ -132,7 +132,7 @@
# Tell Tempest this project is present
TEMPEST_SERVICES+=,swift
-# Toggle for deploying Keystone under HTTPD + mod_wsgi
+# Toggle for deploying Swift under HTTPD + mod_wsgi
SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
# Functions
diff --git a/lib/tempest b/lib/tempest
index 6fc157f..7cac6dd 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -372,7 +372,7 @@
# Orchestration Tests
if is_service_enabled heat; then
if [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
- iniset $TEMPEST_CONFIG orchestration image_ref $(basename "$HEAT_CFN_IMAGE_URL" ".qcow2")
+ iniset $TEMPEST_CONFIG orchestration image_ref $(basename "${HEAT_CFN_IMAGE_URL%.*}")
fi
# build a specialized heat flavor
available_flavors=$(nova flavor-list)
diff --git a/lib/trove b/lib/trove
index 4149b0d..d889b05 100644
--- a/lib/trove
+++ b/lib/trove
@@ -146,7 +146,7 @@
if is_service_enabled tr-tmgr; then
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
- iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
+ iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
@@ -159,7 +159,7 @@
# (Re)create trove conductor conf file if needed
if is_service_enabled tr-cond; then
- iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
+ iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
@@ -171,7 +171,7 @@
fi
# Set up Guest Agent conf
- iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
+ iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin
@@ -207,7 +207,7 @@
$TROVE_BIN_DIR/trove-manage db_sync
# If no guest image is specified, skip remaining setup
- [ -z "$TROVE_GUEST_IMAGE_URL"] && return 0
+ [ -z "$TROVE_GUEST_IMAGE_URL" ] && return 0
# Find the glance id for the trove guest image
# The image is uploaded by stack.sh -- see $IMAGE_URLS handling
diff --git a/stack.sh b/stack.sh
index bbb7d75..d6699f5 100755
--- a/stack.sh
+++ b/stack.sh
@@ -648,8 +648,10 @@
# Queue Configuration
# Rabbit connection info
+# In multi node devstack, second node needs RABBIT_USERID, but rabbit
+# isn't enabled.
+RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
if is_service_enabled rabbit; then
- RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
fi
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index ca46533..26aae82 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -85,7 +85,7 @@
# Fix prettytable 0.7.2 permissions
# Don't specify --upgrade so we use the existing package if present
-pip_install 'prettytable>0.7'
+pip_install 'prettytable>=0.7'
PACKAGE_DIR=$(get_package_path prettytable)
# Only fix version 0.7.2
dir=$(echo $PACKAGE_DIR/prettytable-0.7.2*)
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index c9119ae..d57a687 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -46,7 +46,7 @@
curl -o $LOCAL_PIP $PIP_GET_PIP_URL || \
die $LINENO "Download of get-pip.py failed"
fi
- sudo -E python $LOCAL_PIP
+ sudo -H -E python $LOCAL_PIP
}
@@ -68,6 +68,13 @@
}
+# Setuptools 8 implements PEP 440, and 8.0.4 adds a warning triggered any time
+# pkg_resources inspects the list of installed Python packages if there are
+# non-compliant version numbers in the egg-info (for example, from distro
+# system packaged Python libraries). This is off by default after 8.2 but can
+# be enabled by uncommenting the lines below.
+#PYTHONWARNINGS=$PYTHONWARNINGS,always::RuntimeWarning:pkg_resources
+#export PYTHONWARNINGS
# Show starting versions
get_versions
@@ -83,6 +90,6 @@
configure_pypi_alternative_url
fi
-pip_install -U "setuptools<8.0"
+pip_install -U setuptools
get_versions