Merge "Neutron: MTU settings are now sane, so remove from DevStack"
diff --git a/.gitignore b/.gitignore
index c72b0c4..a470ff5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@
doc/files
doc/build
files/*.gz
+files/*.vmdk
files/*.rpm
files/*.rpm.*
files/*.qcow2
diff --git a/README.md b/README.md
index dd394c2..4ba4619 100644
--- a/README.md
+++ b/README.md
@@ -61,13 +61,6 @@
# list instances
nova list
-If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools:
-
- # source eucarc to generate EC2 credentials and set up the environment
- . eucarc
- # list instances using ec2 api
- euca-describe-instances
-
# DevStack Execution Environment
DevStack runs rampant over the system it runs on, installing things and
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index e985bdc..0493f8f 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -104,7 +104,7 @@
::
[[local|localrc]]
- ADMIN_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
deleted file mode 100644
index c2ecbc6..0000000
--- a/doc/source/eucarc.rst
+++ /dev/null
@@ -1,45 +0,0 @@
-=====================
-eucarc - EC2 Settings
-=====================
-
-``eucarc`` creates EC2 credentials for the current user as defined by
-``OS_TENANT_NAME:OS_USERNAME``. ``eucarc`` sources ``openrc`` at the
-beginning (which in turn sources ``stackrc`` and ``localrc``) in order
-to set credentials to create EC2 credentials in Keystone.
-
-EC2\_URL
- Set the EC2 url for euca2ools. The endpoint is extracted from the
- service catalog for ``OS_TENANT_NAME:OS_USERNAME``.
-
- ::
-
- EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
-
-S3\_URL
- Set the S3 endpoint for euca2ools. The endpoint is extracted from
- the service catalog for ``OS_TENANT_NAME:OS_USERNAME``.
-
- ::
-
- export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
-
-EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
- Create EC2 credentials for the current tenant:user in Keystone.
-
- ::
-
- CREDS=$(openstack ec2 credentials create)
- export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
- export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
-
-Certificates for Bundling
- Euca2ools requires certificate files to enable bundle uploading. The
- exercise script ``exercises/bundle.sh`` demonstrated retrieving
- certificates using the Nova CLI.
-
- ::
-
- EC2_PRIVATE_KEY=pk.pem
- EC2_CERT=cert.pem
- NOVA_CERT=cacert.pem
- EUCALYPTUS_CERT=${NOVA_CERT}
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index cd48915..7793d8e 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -85,7 +85,7 @@
function sourceopenrc {
pushd ~/devstack >/dev/null
- eval $(bash -c ". openrc $1 $2;env|sed -n '/OS_/ { s/^/export /;p}'")
+ eval $(bash -c ". openrc $1 $2 >/dev/null;env|sed -n '/OS_/ { s/^/export /;p}'")
popd >/dev/null
}
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 392bb1b..c996f95 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -129,8 +129,8 @@
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
DATABASE_PASSWORD=supersecret
- RABBIT_PASSWORD=supersecrete
- SERVICE_PASSWORD=supersecrete
+ RABBIT_PASSWORD=supersecret
+ SERVICE_PASSWORD=supersecret
In the multi-node configuration the first 10 or so IPs in the private
subnet are usually reserved. Add this to ``local.sh`` to have it run
@@ -169,8 +169,8 @@
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
DATABASE_PASSWORD=supersecret
- RABBIT_PASSWORD=supersecrete
- SERVICE_PASSWORD=supersecrete
+ RABBIT_PASSWORD=supersecret
+ SERVICE_PASSWORD=supersecret
DATABASE_TYPE=mysql
SERVICE_HOST=192.168.42.11
MYSQL_HOST=$SERVICE_HOST
@@ -254,7 +254,7 @@
# Add a user and project
NAME=bob
- PASSWORD=BigSecrete
+ PASSWORD=BigSecret
PROJECT=$NAME
openstack project create $PROJECT
openstack user create $NAME --password=$PASSWORD --project $PROJECT
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 1c43c11..6ac3993 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -19,6 +19,18 @@
the OpenStack API traffic, and management traffic.
+.. warning::
+
+ When using a single interface networking setup, there will be a
+ temporary network outage as your IP address is moved from the
+ physical NIC of your machine, to the OVS bridge. If you are SSH'd
+ into the machine from another computer, there is a risk of being
+ disconnected from your ssh session (due to arp cache
+ invalidation), which would stop the stack.sh or leave it in an
+ unfinished state. In these cases, start stack.sh inside its own
+ screen session so it can continue to run.
+
+
Physical Network Setup
----------------------
@@ -59,10 +71,10 @@
MYSQL_HOST=172.18.161.6
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
- ADMIN_PASSWORD=secrete
- DATABASE_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ DATABASE_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
# Do not use Nova-Network
disable_service n-net
@@ -232,10 +244,10 @@
MYSQL_HOST=172.18.161.6
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
- ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
## Neutron options
PUBLIC_INTERFACE=eth0
@@ -362,10 +374,10 @@
GLANCE_HOSTPORT=10.0.0.2:9292
PUBLIC_INTERFACE=eth1
- ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
## Neutron options
Q_USE_SECGROUP=True
@@ -409,10 +421,10 @@
MYSQL_HOST=10.0.0.2
RABBIT_HOST=10.0.0.2
GLANCE_HOSTPORT=10.0.0.2:9292
- ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
# Services that a compute node runs
ENABLED_SERVICES=n-cpu,rabbit,q-agt
@@ -514,10 +526,10 @@
MYSQL_HOST=172.18.161.6
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
- ADMIN_PASSWORD=secrete
- DATABASE_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ DATABASE_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
# Do not use Nova-Network
disable_service n-net
@@ -542,19 +554,3 @@
PUBLIC_PHYSICAL_NETWORK=default
LB_INTERFACE_MAPPINGS=default:eth0
-Creating specific OVS bridges for physical networks
----------------------------------------------------
-
-When using the Open vSwitch ML2 mechanism driver, it is possible to
-have multiple Open vSwitch bridges meant for physical networking be
-automatically created by setting the ``OVS_BRIDGE_MAPPINGS`` to a list of
-physical network to bridge name associations with the following syntax:
-
-::
-
- OVS_BRIDGE_MAPPINGS=net1name:bridge1name,net2name:bridge2name,<...>
-
-Also, ``OVS_BRIDGE_MAPPINGS`` has precedence over ``PHYSICAL_NETWORK`` and
-``OVS_PHYSICAL_BRIDGE``, meaning that if the former is set, the latter
-ones will be ignored. When ``OVS_BRIDGE_MAPPINGS`` is not set, the other
-variables will still be evaluated.
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 3e324ad..c79b2ce 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -217,7 +217,6 @@
stackrc
openrc
exerciserc
- eucarc
Tools
-----
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index 0b090c7..4e7f075 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -35,7 +35,7 @@
::
- OS_PASSWORD=secrete
+ OS_PASSWORD=secret
HOST\_IP, SERVICE\_HOST
Set API endpoint host using ``HOST_IP``. ``SERVICE_HOST`` may also
diff --git a/eucarc b/eucarc
deleted file mode 100644
index 1e672bd..0000000
--- a/eucarc
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-#
-# source eucarc [username] [tenantname]
-#
-# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
-# Optionally set the tenant/username via openrc
-
-if [[ -n "$1" ]]; then
- USERNAME=$1
-fi
-if [[ -n "$2" ]]; then
- TENANT=$2
-fi
-
-# Find the other rc files
-RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
-
-# Get user configuration
-source $RC_DIR/openrc
-
-# Set the ec2 url so euca2ools works
-export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
-
-# Create EC2 credentials for the current user
-CREDS=$(openstack ec2 credentials create)
-export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
-export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
-
-# Euca2ools Certificate stuff for uploading bundles
-# See exercises/bundle.sh to see how to get certs using nova cli
-NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
-export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
-
diff --git a/exercise.sh b/exercise.sh
index 19c9d80..9067033 100755
--- a/exercise.sh
+++ b/exercise.sh
@@ -14,11 +14,11 @@
# Run everything in the exercises/ directory that isn't explicitly disabled
# comma separated list of script basenames to skip
-# to refrain from exercising euca.sh use ``SKIP_EXERCISES=euca``
+# to refrain from exercising foo.sh use ``SKIP_EXERCISES=foo``
SKIP_EXERCISES=${SKIP_EXERCISES:-""}
# comma separated list of script basenames to run
-# to run only euca.sh use ``RUN_EXERCISES=euca``
+# to run only foo.sh use ``RUN_EXERCISES=foo``
basenames=${RUN_EXERCISES:-""}
EXERCISE_DIR=$TOP_DIR/exercises
diff --git a/exerciserc b/exerciserc
index 9105fe3..978e0b3 100644
--- a/exerciserc
+++ b/exerciserc
@@ -21,12 +21,6 @@
# Max time to wait for a vm to terminate
export TERMINATE_TIMEOUT=${TERMINATE_TIMEOUT:-30}
-# Max time to wait for a euca-volume command to propagate
-export VOLUME_TIMEOUT=${VOLUME_TIMEOUT:-30}
-
-# Max time to wait for a euca-delete command to propagate
-export VOLUME_DELETE_TIMEOUT=${SNAPSHOT_DELETE_TIMEOUT:-60}
-
# The size of the volume we want to boot from; some storage back-ends
# do not allow a disk resize, so it's important that this can be tuned
export DEFAULT_VOLUME_SIZE=${DEFAULT_VOLUME_SIZE:-1}
diff --git a/exercises/bundle.sh b/exercises/bundle.sh
deleted file mode 100755
index 5470960..0000000
--- a/exercises/bundle.sh
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-
-# **bundle.sh**
-
-# we will use the ``euca2ools`` cli tool that wraps the python boto
-# library to test ec2 bundle upload compatibility
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import EC2 configuration
-source $TOP_DIR/eucarc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-# Remove old certificates
-rm -f $TOP_DIR/cacert.pem
-rm -f $TOP_DIR/cert.pem
-rm -f $TOP_DIR/pk.pem
-
-# If nova api is not enabled we exit with exitcode 55 so that
-# the exercise is skipped
-is_service_enabled n-api || exit 55
-
-# Get Certificates
-nova x509-get-root-cert $TOP_DIR/cacert.pem
-nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem
-
-# Max time to wait for image to be registered
-REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}
-
-BUCKET=testbucket
-IMAGE=bundle.img
-truncate -s 5M /tmp/$IMAGE
-euca-bundle-image -i /tmp/$IMAGE || die $LINENO "Failure bundling image $IMAGE"
-
-euca-upload-bundle --debug -b $BUCKET -m /tmp/$IMAGE.manifest.xml || die $LINENO "Failure uploading bundle $IMAGE to $BUCKET"
-
-AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`
-die_if_not_set $LINENO AMI "Failure registering $BUCKET/$IMAGE"
-
-# Wait for the image to become available
-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then
- die $LINENO "Image $AMI not available within $REGISTER_TIMEOUT seconds"
-fi
-
-# Clean up
-euca-deregister $AMI || die $LINENO "Failure deregistering $AMI"
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
diff --git a/exercises/client-args.sh b/exercises/client-args.sh
index 07ce528..2c8fe81 100755
--- a/exercises/client-args.sh
+++ b/exercises/client-args.sh
@@ -83,7 +83,6 @@
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then
STATUS_NOVA="Skipped"
- STATUS_EC2="Skipped"
else
# Test OSAPI
echo -e "\nTest Nova"
diff --git a/exercises/client-env.sh b/exercises/client-env.sh
index 1d2f4f5..6ab4d08 100755
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@@ -78,7 +78,6 @@
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then
STATUS_NOVA="Skipped"
- STATUS_EC2="Skipped"
else
# Test OSAPI
echo -e "\nTest Nova"
@@ -89,17 +88,6 @@
RETURN=1
fi
- # Test EC2 API
- echo -e "\nTest EC2"
- # Get EC2 creds
- source $TOP_DIR/eucarc
-
- if euca-describe-images; then
- STATUS_EC2="Succeeded"
- else
- STATUS_EC2="Failed"
- RETURN=1
- fi
fi
fi
@@ -170,7 +158,6 @@
echo -e "\n"
report "Keystone" $STATUS_KEYSTONE
report "Nova" $STATUS_NOVA
-report "EC2" $STATUS_EC2
report "Cinder" $STATUS_CINDER
report "Glance" $STATUS_GLANCE
report "Swift" $STATUS_SWIFT
diff --git a/exercises/euca.sh b/exercises/euca.sh
deleted file mode 100755
index 60e7d8c..0000000
--- a/exercises/euca.sh
+++ /dev/null
@@ -1,192 +0,0 @@
-#!/usr/bin/env bash
-
-# **euca.sh**
-
-# we will use the ``euca2ools`` cli tool that wraps the python boto
-# library to test ec2 compatibility
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-VOLUME_SIZE=1
-ATTACH_DEVICE=/dev/vdc
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import EC2 configuration
-source $TOP_DIR/eucarc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-# Import project functions
-source $TOP_DIR/lib/neutron-legacy
-
-# If nova api is not enabled we exit with exitcode 55 so that
-# the exercise is skipped
-is_service_enabled n-api || exit 55
-
-# Instance type to create
-DEFAULT_INSTANCE_TYPE=${DEFAULT_INSTANCE_TYPE:-m1.tiny}
-
-# Boot this image, use first AMI image if unset
-DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ami}
-
-# Security group name
-SECGROUP=${SECGROUP:-euca_secgroup}
-
-
-# Launching a server
-# ==================
-
-# Find a machine image to boot
-IMAGE=`euca-describe-images | grep machine | grep ${DEFAULT_IMAGE_NAME} | cut -f2 | head -n1`
-die_if_not_set $LINENO IMAGE "Failure getting image $DEFAULT_IMAGE_NAME"
-
-if is_service_enabled n-cell; then
- # Cells does not support security groups, so force the use of "default"
- SECGROUP="default"
- echo "Using the default security group because of Cells."
-else
- # Add a secgroup
- if ! euca-describe-groups | grep -q $SECGROUP; then
- euca-add-group -d "$SECGROUP description" $SECGROUP
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! euca-describe-groups | grep -q $SECGROUP; do sleep 1; done"; then
- die $LINENO "Security group not created"
- fi
- fi
-fi
-
-# Launch it
-INSTANCE=`euca-run-instances -g $SECGROUP -t $DEFAULT_INSTANCE_TYPE $IMAGE | grep INSTANCE | cut -f2`
-die_if_not_set $LINENO INSTANCE "Failure launching instance"
-
-# Assure it has booted within a reasonable time
-if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-instances $INSTANCE | grep -q running; do sleep 1; done"; then
- die $LINENO "server didn't become active within $RUNNING_TIMEOUT seconds"
-fi
-
-# Volumes
-# -------
-if is_service_enabled c-vol && ! is_service_enabled n-cell && [ "$VIRT_DRIVER" != "ironic" ]; then
- VOLUME_ZONE=`euca-describe-availability-zones | head -n1 | cut -f2`
- die_if_not_set $LINENO VOLUME_ZONE "Failure to find zone for volume"
-
- VOLUME=`euca-create-volume -s 1 -z $VOLUME_ZONE` || die $LINENO "Failure to create volume"
- VOLUME=`echo "$VOLUME" | cut -f2`
- die_if_not_set $LINENO VOLUME "Failure to create volume"
-
- # Test that volume has been created
- VOLUME=`euca-describe-volumes $VOLUME | cut -f2`
- die_if_not_set $LINENO VOLUME "Failure to get volume"
-
- # Test volume has become available
- if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then
- die $LINENO "volume didn't become available within $RUNNING_TIMEOUT seconds"
- fi
-
- # Attach volume to an instance
- euca-attach-volume -i $INSTANCE -d $ATTACH_DEVICE $VOLUME || \
- die $LINENO "Failure attaching volume $VOLUME to $INSTANCE"
- if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -A 1 in-use | grep -q attach; do sleep 1; done"; then
- die $LINENO "Could not attach $VOLUME to $INSTANCE"
- fi
-
- # Detach volume from an instance
- euca-detach-volume $VOLUME || \
- die $LINENO "Failure detaching volume $VOLUME to $INSTANCE"
- if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then
- die $LINENO "Could not detach $VOLUME to $INSTANCE"
- fi
-
- # Remove volume
- euca-delete-volume $VOLUME || \
- die $LINENO "Failure to delete volume"
- if ! timeout $ACTIVE_TIMEOUT sh -c "while euca-describe-volumes | grep $VOLUME; do sleep 1; done"; then
- die $LINENO "Could not delete $VOLUME"
- fi
-else
- echo "Volume Tests Skipped"
-fi
-
-if is_service_enabled n-cell; then
- echo "Floating IP Tests Skipped because of Cells."
-else
- # Allocate floating address
- FLOATING_IP=`euca-allocate-address | cut -f2`
- die_if_not_set $LINENO FLOATING_IP "Failure allocating floating IP"
- # describe all instances at this moment
- euca-describe-instances
- # Associate floating address
- euca-associate-address -i $INSTANCE $FLOATING_IP || \
- die $LINENO "Failure associating address $FLOATING_IP to $INSTANCE"
-
- # Authorize pinging
- euca-authorize -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \
- die $LINENO "Failure authorizing rule in $SECGROUP"
-
- # Test we can ping our floating ip within ASSOCIATE_TIMEOUT seconds
- ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME"
-
- # Revoke pinging
- euca-revoke -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \
- die $LINENO "Failure revoking rule in $SECGROUP"
-
- # Release floating address
- euca-disassociate-address $FLOATING_IP || \
- die $LINENO "Failure disassociating address $FLOATING_IP"
-
- # Wait just a tick for everything above to complete so release doesn't fail
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep $INSTANCE | grep -q $FLOATING_IP; do sleep 1; done"; then
- die $LINENO "Floating ip $FLOATING_IP not disassociated within $ASSOCIATE_TIMEOUT seconds"
- fi
-
- # Release floating address
- euca-release-address $FLOATING_IP || \
- die $LINENO "Failure releasing address $FLOATING_IP"
-
- # Wait just a tick for everything above to complete so terminate doesn't fail
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep -q $FLOATING_IP; do sleep 1; done"; then
- die $LINENO "Floating ip $FLOATING_IP not released within $ASSOCIATE_TIMEOUT seconds"
- fi
-fi
-
-# Terminate instance
-euca-terminate-instances $INSTANCE || \
- die $LINENO "Failure terminating instance $INSTANCE"
-
-# Assure it has terminated within a reasonable time. The behaviour of this
-# case changed with bug/836978. Requesting the status of an invalid instance
-# will now return an error message including the instance id, so we need to
-# filter that out.
-if ! timeout $TERMINATE_TIMEOUT sh -c "while euca-describe-instances $INSTANCE | grep -ve '\(InstanceNotFound\|InvalidInstanceID\.NotFound\)' | grep -q $INSTANCE; do sleep 1; done"; then
- die $LINENO "server didn't terminate within $TERMINATE_TIMEOUT seconds"
-fi
-
-if [[ "$SECGROUP" = "default" ]] ; then
- echo "Skipping deleting default security group"
-else
- # Delete secgroup
- euca-delete-group $SECGROUP || die $LINENO "Failure deleting security group $SECGROUP"
-fi
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
diff --git a/files/debs/ceilometer-collector b/files/debs/ceilometer-collector
deleted file mode 100644
index d1e9eef..0000000
--- a/files/debs/ceilometer-collector
+++ /dev/null
@@ -1,3 +0,0 @@
-libnspr4-dev
-mongodb-server #NOPRIME
-python-pymongo #NOPRIME
diff --git a/files/debs/general b/files/debs/general
index 1215147..a1f2a4b 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -1,5 +1,6 @@
bc
bridge-utils
+bsdmainutils
curl
g++
gcc
@@ -28,6 +29,7 @@
tar
tcpdump
unzip
+uuid-runtime
wget
wget
zlib1g-dev
diff --git a/files/debs/neutron b/files/debs/neutron
index e53cc68..2307fa5 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -13,5 +13,4 @@
radvd # NOPRIME
sqlite3
sudo
-uuid-runtime
vlan
diff --git a/files/rpms-suse/ceilometer-collector b/files/rpms-suse/ceilometer-collector
deleted file mode 100644
index fc75ffa..0000000
--- a/files/rpms-suse/ceilometer-collector
+++ /dev/null
@@ -1,3 +0,0 @@
-# (devel:languages:python and server:database projects)
-mongodb
-# Not available in openSUSE main repositories, but can be fetched from OBS
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 34a2955..3b19071 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -2,7 +2,6 @@
bridge-utils
ca-certificates-mozilla
curl
-euca2ools
gcc
gcc-c++
git-core
@@ -26,5 +25,6 @@
tar
tcpdump
unzip
+util-linux
wget
zlib-devel
diff --git a/files/rpms/ceilometer-collector b/files/rpms/ceilometer-collector
deleted file mode 100644
index a8b8118..0000000
--- a/files/rpms/ceilometer-collector
+++ /dev/null
@@ -1,3 +0,0 @@
-mongodb # NOPRIME
-mongodb-server #NOPRIME
-selinux-policy-targeted
diff --git a/files/rpms/general b/files/rpms/general
index a0906e2..2d4a97a 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -2,7 +2,6 @@
bridge-utils
curl
dbus
-euca2ools # only for testing client
gcc
gcc-c++
gettext # used for compiling message catalogs
@@ -31,6 +30,7 @@
tar
tcpdump
unzip
+util-linux
wget
which
zlib-devel
diff --git a/functions b/functions
index 5730b6c..1bfb8a5 100644
--- a/functions
+++ b/functions
@@ -30,6 +30,19 @@
declare -f -F $1 > /dev/null
}
+# short_source prints out the current location of the caller in a way
+# that strips redundant directories. This is useful for PS4 usage.
+function short_source {
+ saveIFS=$IFS
+ IFS=" "
+ called=($(caller 0))
+ IFS=$saveIFS
+ file=${called[2]}
+ file=${file#$RC_DIR/}
+ printf "%-40s " "$file:${called[1]}:${called[0]}"
+}
+
+
# Retrieve an image from a URL and upload into Glance.
# Uses the following variables:
#
diff --git a/functions-common b/functions-common
index 98768cd..b0352d3 100644
--- a/functions-common
+++ b/functions-common
@@ -440,6 +440,7 @@
fi
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
+ [ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ] || \
[ "$os_VENDOR" = "Virtuozzo" ] || [ "$os_VENDOR" = "kvmibm" ]
}
@@ -1322,13 +1323,14 @@
time_start "yum_install"
- # Warning: this would not work if yum output message
- # have been translated to another language
+ # - We run with LC_ALL=C so string matching *should* be OK
+ # - Exit 1 if the failure might get better with a retry.
+ # - Exit 2 if it is fatal.
parse_yum_result=' \
BEGIN { result=0 } \
/^YUM_FAILED/ { exit $2 } \
- /^No package/ { result=1 } \
- /^Failed:/ { result=1 } \
+ /^No package/ { result=2 } \
+ /^Failed:/ { result=2 } \
//{ print } \
END { exit result }'
@@ -1336,15 +1338,21 @@
# missing or failed packages are OK.
# See https://bugzilla.redhat.com/show_bug.cgi?id=965567
(sudo_with_proxies "${YUM:-yum}" install -y "$@" 2>&1 || echo YUM_FAILED $?) \
- | awk "$parse_yum_result"
- result=$?
-
- if [ "$result" != 0 ]; then
- echo $LINENO "${YUM:-yum}" install failure: $result
- fi
+ | awk "$parse_yum_result" && result=$? || result=$?
time_stop "yum_install"
+ # if we return 1, then the wrapper functions will run an update
+ # and try installing the package again as a defense against bad
+ # mirrors. This can hide failures, especially when we have
+ # packages that are in the "Failed:" section because their rpm
+ # install scripts failed to run correctly (in this case, the
+ # package looks installed, so when the retry happens we just think
+ # the package is OK, and incorrectly continue on).
+ if [ "$result" == 2 ]; then
+ die "Detected fatal package install failure"
+ fi
+
return "$result"
}
@@ -2314,8 +2322,9 @@
# Resolution is only in whole seconds, so should be used for long
# running activities.
-declare -A TOTAL_TIME
-declare -A START_TIME
+declare -A _TIME_TOTAL
+declare -A _TIME_START
+declare -r _TIME_BEGIN=$(date +%s)
# time_start $name
#
@@ -2323,11 +2332,11 @@
# already started.
function time_start {
local name=$1
- local start_time=${START_TIME[$name]}
+ local start_time=${_TIME_START[$name]}
if [[ -n "$start_time" ]]; then
die $LINENO "Trying to start the clock on $name, but it's already been started"
fi
- START_TIME[$name]=$(date +%s)
+ _TIME_START[$name]=$(date +%s)
}
# time_stop $name
@@ -2343,32 +2352,53 @@
local start_time
name=$1
- start_time=${START_TIME[$name]}
+ start_time=${_TIME_START[$name]}
if [[ -z "$start_time" ]]; then
die $LINENO "Trying to stop the clock on $name, but it was never started"
fi
end_time=$(date +%s)
elapsed_time=$(($end_time - $start_time))
- total=${TOTAL_TIME[$name]:-0}
+ total=${_TIME_TOTAL[$name]:-0}
# reset the clock so we can start it in the future
- START_TIME[$name]=""
- TOTAL_TIME[$name]=$(($total + $elapsed_time))
+ _TIME_START[$name]=""
+ _TIME_TOTAL[$name]=$(($total + $elapsed_time))
}
# time_totals
-#
-# prints out total time
+# Print out total time summary
function time_totals {
- echo
- echo "========================"
- echo "DevStack Components Timed"
- echo "========================"
- echo
- for t in ${!TOTAL_TIME[*]}; do
- local v=${TOTAL_TIME[$t]}
- echo "$t - $v secs"
+ local elapsed_time
+ local end_time
+ local len=15
+ local xtrace
+
+ end_time=$(date +%s)
+ elapsed_time=$(($end_time - $_TIME_BEGIN))
+
+ # pad 1st column this far
+ for t in ${!_TIME_TOTAL[*]}; do
+ if [[ ${#t} -gt $len ]]; then
+ len=${#t}
+ fi
done
+
+ xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+
+ echo
+ echo "========================="
+ echo "DevStack Component Timing"
+ echo "========================="
+ printf "%-${len}s %3d\n" "Total runtime" "$elapsed_time"
+ echo
+ for t in ${!_TIME_TOTAL[*]}; do
+ local v=${_TIME_TOTAL[$t]}
+ printf "%-${len}s %3d\n" "$t" "$v"
+ done
+ echo "========================="
+
+ $xtrace
}
# Restore xtrace
diff --git a/inc/python b/inc/python
index 35bab6f..495150d 100644
--- a/inc/python
+++ b/inc/python
@@ -300,6 +300,13 @@
local flags=$2
local extras=$3
+ # Normalize the directory name to avoid
+ # "installation from path or url cannot be constrained to a version"
+ # error.
+ # REVISIT(yamamoto): Remove this when fixed in pip.
+ # https://github.com/pypa/pip/pull/3582
+ project_dir=$(cd $project_dir && pwd)
+
if [ -n "$REQUIREMENTS_DIR" ]; then
# Constrain this package to this project directory from here on out.
local name
diff --git a/lib/heat b/lib/heat
index 4131878..2cf7a19 100644
--- a/lib/heat
+++ b/lib/heat
@@ -166,9 +166,6 @@
# clients_keystone
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
- # ec2authtoken
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
-
# OpenStack API
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
iniset $HEAT_CONF heat_api workers "$API_WORKERS"
diff --git a/lib/keystone b/lib/keystone
index 9f23e73..71f20ac 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -281,9 +281,6 @@
iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
- iniset $KEYSTONE_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s"
- iniset $KEYSTONE_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s"
- iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(asctime)s.%(msecs)03d %(funcName)s %(pathname)s:%(lineno)d"
iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s"
_config_keystone_apache_wsgi
elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
@@ -343,6 +340,12 @@
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
+
+ # Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project.
+ # The users from this project are globally admin as before, but it also
+ # allows policy changes in order to clarify the adminess scope.
+ iniset $KEYSTONE_CONF resource admin_project_domain_name default
+ iniset $KEYSTONE_CONF resource admin_project_name admin
}
# create_keystone_accounts() - Sets up common required keystone accounts
@@ -483,7 +486,7 @@
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir
- iniset $conf_file $section memcache_servers $SERVICE_HOST:11211
+ iniset $conf_file $section memcached_servers $SERVICE_HOST:11211
}
# init_keystone() - Initialize databases, etc.
diff --git a/lib/lvm b/lib/lvm
index ae6023a..b9d7c39 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -124,7 +124,7 @@
if [ "$CINDER_ISCSI_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
else
- sudo tgtadm --op show --mode target | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
+ sudo tgtadm --op show --mode target | awk '/Target/ {print $3}' | sudo xargs -r -n1 tgt-admin --delete
fi
_clean_lvm_volume_group $vg
}
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e06a020..34f9840 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1453,9 +1453,13 @@
function setup_neutron_debug {
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
- neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
+ if [[ -n $public_net_id ]]; then
+ neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
+ fi
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
- neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
+ if [[ -n $private_net_id ]]; then
+ neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
+ fi
fi
}
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index e1c5a50..339d5fd 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -37,7 +37,6 @@
}
function neutron_plugin_configure_plugin_agent {
- local mappings_array mapping phys_bridge
# Setup integration bridge
_neutron_ovs_base_setup_bridge $OVS_BRIDGE
_neutron_ovs_base_configure_firewall_driver
@@ -53,15 +52,9 @@
# complex physical network configurations.
if [[ "$OVS_BRIDGE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE
- fi
- if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
- IFS=',' read -a mappings_array <<< "$OVS_BRIDGE_MAPPINGS"
- for mapping in "${mappings_array[@]}"; do
- phys_bridge=`echo $mapping | cut -f 2 -d ":"`
- # Configure bridge manually with physical interface as port for multi-node
- _neutron_ovs_base_add_bridge $phys_bridge
- done
+ # Configure bridge manually with physical interface as port for multi-node
+ _neutron_ovs_base_add_bridge $OVS_PHYSICAL_BRIDGE
fi
if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings $OVS_BRIDGE_MAPPINGS
diff --git a/lib/nova b/lib/nova
index fd458c5..602a6ef 100644
--- a/lib/nova
+++ b/lib/nova
@@ -34,6 +34,7 @@
# Set up default directories
GITDIR["python-novaclient"]=$DEST/python-novaclient
+GITDIR["os-vif"]=$DEST/os-vif
NOVA_DIR=$DEST/nova
# Nova virtual environment
@@ -74,9 +75,6 @@
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
NOVA_SERVICE_PROTOCOL="https"
- EC2_SERVICE_PROTOCOL="https"
-else
- EC2_SERVICE_PROTOCOL="http"
fi
# Public facing bits
@@ -86,8 +84,6 @@
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
-EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}
-EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}
# Option to enable/disable config drive
@@ -140,7 +136,6 @@
PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}
VLAN_INTERFACE=${VLAN_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-$FLAT_NETWORK_BRIDGE_DEFAULT}
-EC2_DMZ_HOST=${EC2_DMZ_HOST:-$SERVICE_HOST}
# If you are using the FlatDHCP network mode on multiple hosts, set the
# ``FLAT_INTERFACE`` variable but make sure that the interface doesn't already
@@ -594,7 +589,6 @@
iniset $NOVA_CONF spice enabled false
fi
- iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST"
iniset_rpc_backend nova $NOVA_CONF
iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
@@ -714,6 +708,10 @@
recreate_database $NOVA_API_DB
$NOVA_BIN_DIR/nova-manage api_db sync
+
+ # Run online migrations on the new databases
+ # Needed for flavor conversion
+ $NOVA_BIN_DIR/nova-manage db online_data_migrations
fi
create_nova_cache_dir
@@ -735,6 +733,13 @@
# install_nova() - Collect source and prepare
function install_nova {
+
+ # Install os-vif
+ if use_library_from_git "os-vif"; then
+ git_clone_by_name "os-vif"
+ setup_dev_lib "os-vif"
+ fi
+
if is_service_enabled n-cpu && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; then
install_nova_hypervisor
fi
@@ -810,7 +815,6 @@
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
- start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT &
fi
export PATH=$old_path
diff --git a/lib/tempest b/lib/tempest
index 3b8a888..ed26caf 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -176,7 +176,7 @@
sudo install -d -o $STACK_USER $TEMPEST_CONFIG_DIR
rm -f $TEMPEST_CONFIG
- local password=${ADMIN_PASSWORD:-secrete}
+ local password=${ADMIN_PASSWORD:-secret}
# See ``lib/keystone`` where these users and tenants are set up
local admin_username=${ADMIN_USERNAME:-admin}
@@ -325,6 +325,24 @@
if [[ "$OFFLINE" != "True" ]]; then
tox -revenv --notest
fi
+
+ # Auth
+ iniset $TEMPEST_CONFIG auth tempest_roles "Member"
+ if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
+ if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
+ tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_tenant_name -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
+ else
+ tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_tenant_name -r $TEMPEST_CONCURRENCY etc/accounts.yaml
+ fi
+ iniset $TEMPEST_CONFIG auth use_dynamic_credentials False
+ iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
+ elif [[ $TEMPEST_HAS_ADMIN == "False" ]]; then
+ iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-False}
+
+ else
+ iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
+ fi
+
# NOTE(mtreinish): Respect constraints on tempest verify-config venv
tox -evenv -- pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
tox -evenv -- tempest verify-config -uro $tmp_cfg_file
@@ -553,23 +571,6 @@
iniset $TEMPEST_CONFIG service_available cinder "False"
fi
- # Auth
- iniset $TEMPEST_CONFIG auth tempest_roles "Member"
- if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
- if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
- tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_tenant_name -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
- else
- tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_tenant_name -r $TEMPEST_CONCURRENCY etc/accounts.yaml
- fi
- iniset $TEMPEST_CONFIG auth use_dynamic_credentials False
- iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
- elif [[ $TEMPEST_HAS_ADMIN == "False" ]]; then
- iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-False}
-
- else
- iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
- fi
-
# Restore IFS
IFS=$ifs
}
diff --git a/lib/tls b/lib/tls
index f4740b8..ca57ed4 100644
--- a/lib/tls
+++ b/lib/tls
@@ -257,6 +257,14 @@
local common_name=$3
local alt_names=$4
+ if [ "$common_name" != "$SERVICE_HOST" ]; then
+ if [[ -z "$alt_names" ]]; then
+ alt_names="DNS:$SERVICE_HOST"
+ else
+ alt_names="$alt_names,DNS:$SERVICE_HOST"
+ fi
+ fi
+
# Only generate the certificate if it doesn't exist yet on the disk
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
# Generate a signing request
diff --git a/openrc b/openrc
index 460cf14..db2e97d 100644
--- a/openrc
+++ b/openrc
@@ -51,7 +51,7 @@
# With Keystone you pass the keystone password instead of an api key.
# Recent versions of novaclient use OS_PASSWORD instead of NOVA_API_KEYs
# or NOVA_PASSWORD.
-export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
+export OS_PASSWORD=${ADMIN_PASSWORD:-secret}
# Don't put the key into a keyring by default. Testing for development is much
# easier with this off.
diff --git a/samples/local.conf b/samples/local.conf
index ea68dc0..06ac185 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -25,7 +25,7 @@
# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter
# values for them by ``stack.sh``and they will be added to ``local.conf``.
-ADMIN_PASSWORD=nomoresecrete
+ADMIN_PASSWORD=nomoresecret
DATABASE_PASSWORD=stackdb
RABBIT_PASSWORD=stackqueue
SERVICE_PASSWORD=$ADMIN_PASSWORD
diff --git a/stack.sh b/stack.sh
index 0be3585..793b7dc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -799,7 +799,7 @@
fi
fi
-if is_service_enabled s-proxy; then
+if is_service_enabled swift; then
if is_service_enabled ceilometer; then
install_ceilometermiddleware
fi
@@ -1004,10 +1004,6 @@
bootstrap_keystone
fi
- if is_service_enabled tls-proxy; then
- export OS_CACERT=$INT_CA_DIR/ca-chain.pem
- fi
-
# Rather than just export these, we write them out to a
# intermediate userrc file that can also be used to debug if
# something goes wrong between here and running
@@ -1028,6 +1024,10 @@
EOF
+ if is_service_enabled tls-proxy; then
+ echo "export OS_CACERT=$INT_CA_DIR/ca-chain.pem" >> $TOP_DIR/userrc_early
+ fi
+
source $TOP_DIR/userrc_early
create_keystone_accounts
@@ -1118,7 +1118,7 @@
# Storage Service
# ---------------
-if is_service_enabled s-proxy; then
+if is_service_enabled swift; then
echo_summary "Configuring Swift"
init_swift
fi
@@ -1172,7 +1172,7 @@
# Only run the services specified in ``ENABLED_SERVICES``
# Launch Swift Services
-if is_service_enabled s-proxy; then
+if is_service_enabled swift; then
echo_summary "Starting Swift"
start_swift
fi
@@ -1208,14 +1208,6 @@
done
fi
-# Create an access key and secret key for Nova EC2 register image
-if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then
- eval $(openstack ec2 credentials create --user nova --project $SERVICE_PROJECT_NAME -f shell -c access -c secret)
- iniset $NOVA_CONF DEFAULT s3_access_key "$access"
- iniset $NOVA_CONF DEFAULT s3_secret_key "$secret"
- iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"
-fi
-
# Create a randomized default value for the keymgr's fixed_key
if is_service_enabled nova; then
iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32)
diff --git a/stackrc b/stackrc
index 088cfee..17d6047 100644
--- a/stackrc
+++ b/stackrc
@@ -14,9 +14,6 @@
LC_ALL=C
export LC_ALL
-# Make tracing more educational
-export PS4='+ ${BASH_SOURCE:-}:${FUNCNAME[0]:-}:L${LINENO:-}: '
-
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
@@ -67,7 +64,7 @@
# Keystone - nothing works without keystone
ENABLED_SERVICES=key
# Nova - services to support libvirt based openstack clouds
- ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt,n-cauth
+ ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-cauth
# Glance services needed for Nova
ENABLED_SERVICES+=,g-api,g-reg
# Cinder
@@ -132,6 +129,16 @@
source $RC_DIR/.localrc.auto
fi
+# Use color for logging output (only available if syslog is not used)
+LOG_COLOR=$(trueorfalse True LOG_COLOR)
+
+# Make tracing more educational
+if [[ "$LOG_COLOR" == "True" ]]; then
+ export PS4='+\[$(tput setaf 242)\]$(short_source)\[$(tput sgr0)\] '
+else
+ export PS4='+ $(short_source): '
+fi
+
# Configure Identity API version: 2.0, 3
IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
@@ -477,6 +484,10 @@
GITREPO["os-brick"]=${OS_BRICK_REPO:-${GIT_BASE}/openstack/os-brick.git}
GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master}
+# os-vif library to communicate between Neutron to Nova
+GITREPO["os-vif"]=${OS_VIF_REPO:-${GIT_BASE}/openstack/os-vif.git}
+GITBRANCH["os-vif"]=${OS_VIF_BRANCH:-master}
+
# ironic common lib
GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git}
GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master}
@@ -785,9 +796,6 @@
SYSLOG_HOST=${SYSLOG_HOST:-$HOST_IP}
SYSLOG_PORT=${SYSLOG_PORT:-516}
-# Use color for logging output (only available if syslog is not used)
-LOG_COLOR=$(trueorfalse True LOG_COLOR)
-
# Set global ``GIT_DEPTH=<number>`` to limit the history depth of the git clone
# Set to 0 to disable shallow cloning
GIT_DEPTH=${GIT_DEPTH:-0}
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index be8dc5e..8aae23d 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -9,6 +9,22 @@
source $TOP/tests/unittest.sh
+echo "Testing generate_hex_string()"
+
+VAL=$(generate_hex_string 16)
+if [[ ${#VAL} -eq 32 ]]; then
+ passed "OK"
+else
+ failed "generate_hex_string 16 failed ${#VAL}"
+fi
+
+VAL=$(generate_hex_string 32)
+if [[ ${#VAL} -eq 64 ]]; then
+ passed "OK"
+else
+ failed "generate_hex_string 32 failed ${#VAL}"
+fi
+
echo "Testing die_if_not_set()"
bash -c "source $TOP/functions; X=`echo Y && true`; die_if_not_set $LINENO X 'not OK'"
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index ee11fd2..f01db6d 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -42,7 +42,7 @@
ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
ALL_LIBS+=" oslo.cache oslo.reports osprofiler"
ALL_LIBS+=" keystoneauth ironic-lib neutron-lib oslo.privsep"
-ALL_LIBS+=" diskimage-builder"
+ALL_LIBS+=" diskimage-builder os-vif"
# Generate the above list with
# echo ${!GITREPO[@]}
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 74d5428..a7278e4 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -7,6 +7,22 @@
# Warning: This script just for development purposes
set -o errexit
+
+# short_source prints out the current location of the caller in a way
+# that strips redundant directories. This is useful for PS4
+# usage. Needed before we start tracing due to how we set
+# PS4. Normally we'd pick this up from stackrc, but that's not sourced
+# here.
+function short_source {
+ saveIFS=$IFS
+ IFS=" "
+ called=($(caller 0))
+ IFS=$saveIFS
+ file=${called[2]}
+ file=${file#$RC_DIR/}
+ printf "%-40s " "$file:${called[1]}:${called[0]}"
+}
+
set -o xtrace
ACCOUNT_DIR=./accrc
@@ -156,30 +172,6 @@
exit 3
fi
-EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true)
-if [[ -z $EC2_URL ]]; then
- EC2_URL=http://localhost:8773/
-fi
-
-S3_URL=$(openstack endpoint list --service s3 --interface public --os-identity-api-version=3 -c URL -f value || true)
-if [[ -z $S3_URL ]]; then
- S3_URL=http://localhost:3333
-fi
-
-mkdir -p "$ACCOUNT_DIR"
-ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`
-EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem
-if [ -e "$EUCALYPTUS_CERT" ]; then
- mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old"
-fi
-if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then
- echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2
- if [ -e "$EUCALYPTUS_CERT.old" ]; then
- mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT"
- fi
-fi
-
-
function add_entry {
local user_id=$1
local user_name=$2
@@ -187,54 +179,16 @@
local project_name=$4
local user_passwd=$5
- # The admin user can see all user's secret AWS keys, it does not looks good
- local line
- line=$(openstack ec2 credentials list --user $user_id | grep " $project_id " || true)
- if [ -z "$line" ]; then
- openstack ec2 credentials create --user $user_id --project $project_id 1>&2
- line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
- fi
- local ec2_access_key ec2_secret_key
- read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $2 " " $4 }'`
mkdir -p "$ACCOUNT_DIR/$project_name"
local rcfile="$ACCOUNT_DIR/$project_name/$user_name"
- # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN
- # Generally the subject DN parts should be in reverse order like the Issuer
- # The Serial does not seams correctly marked either
- local ec2_cert="$rcfile-cert.pem"
- local ec2_private_key="$rcfile-pk.pem"
- # Try to preserve the original file on fail (best effort)
- if [ -e "$ec2_private_key" ]; then
- mv -f "$ec2_private_key" "$ec2_private_key.old"
- fi
- if [ -e "$ec2_cert" ]; then
- mv -f "$ec2_cert" "$ec2_cert.old"
- fi
- # It will not create certs when the password is incorrect
- if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
- if [ -e "$ec2_private_key.old" ]; then
- mv -f "$ec2_private_key.old" "$ec2_private_key"
- fi
- if [ -e "$ec2_cert.old" ]; then
- mv -f "$ec2_cert.old" "$ec2_cert"
- fi
- fi
+
cat >"$rcfile" <<EOF
-# you can source this file
-export EC2_ACCESS_KEY="$ec2_access_key"
-export EC2_SECRET_KEY="$ec2_secret_key"
-export EC2_URL="$EC2_URL"
-export S3_URL="$S3_URL"
# OpenStack USER ID = $user_id
export OS_USERNAME="$user_name"
# OpenStack project ID = $project_id
export OS_PROJECT_NAME="$project_name"
export OS_AUTH_URL="$OS_AUTH_URL"
export OS_CACERT="$OS_CACERT"
-export EC2_CERT="$ec2_cert"
-export EC2_PRIVATE_KEY="$ec2_private_key"
-export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
-export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
export OS_AUTH_TYPE=v2password
EOF
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 2a9d813..dfa4f42 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -2,16 +2,12 @@
# **install_pip.sh**
-# install_pip.sh [--pip-version <version>] [--use-get-pip] [--force]
-#
# Update pip and friends to a known common version
# Assumptions:
-# - update pip to $INSTALL_PIP_VERSION
# - if USE_PYTHON3=True, PYTHON3_VERSION refers to a version already installed
set -o errexit
-set -o xtrace
# Keep track of the current directory
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
@@ -23,6 +19,9 @@
# Import common functions
source $TOP_DIR/stackrc
+# don't start tracing until after we've sourced the world
+set -o xtrace
+
FILES=$TOP_DIR/files
PIP_GET_PIP_URL=https://bootstrap.pypa.io/get-pip.py
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index be6c5ca..bb27454 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -32,7 +32,7 @@
XEN_INT_BRIDGE_OR_NET_NAME="OpenStack VM Integration Network"
# VM Password
-GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
+GUEST_PASSWORD=${GUEST_PASSWORD:-secret}
# Extracted variables for OpenStack VM network device numbers.
# Make sure they form a continuous sequence starting from 0