Merge "Add TLS support for keystone via proxy"
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index c8e68dd..17e8c59 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -5,7 +5,6 @@
# Tenant User Roles
# ------------------------------------------------------------------
# service glance admin
-# service nova admin, [ResellerAdmin (swift only)]
# service quantum admin # if enabled
# service swift admin # if enabled
# service cinder admin # if enabled
@@ -53,29 +52,8 @@
# Services
# --------
-# Nova
-if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
- NOVA_USER=$(get_id keystone user-create \
- --name=nova \
- --pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=nova@example.com)
- keystone user-role-add \
- --tenant_id $SERVICE_TENANT \
- --user_id $NOVA_USER \
- --role_id $ADMIN_ROLE
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- NOVA_SERVICE=$(get_id keystone service-create \
- --name=nova \
- --type=compute \
- --description="Nova Compute Service")
- keystone endpoint-create \
- --region RegionOne \
- --service_id $NOVA_SERVICE \
- --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
- --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
- --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s"
- fi
+if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
+ NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
keystone user-role-add \
@@ -93,6 +71,8 @@
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $HEAT_USER \
--role_id $ADMIN_ROLE
+ # heat_stack_user role is for users created by Heat
+ keystone role-create --name heat_stack_user
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
HEAT_CFN_SERVICE=$(get_id keystone service-create \
--name=heat-cfn \
diff --git a/functions b/functions
index 0911557..1b7d130 100644
--- a/functions
+++ b/functions
@@ -354,6 +354,18 @@
}
+# Determine if current distribution is a Fedora-based distribution
+# (Fedora, RHEL, CentOS).
+# is_fedora
+function is_fedora {
+ if [[ -z "$os_VENDOR" ]]; then
+ GetOSVersion
+ fi
+
+ [ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || [ "$os_VENDOR" = "CentOS" ]
+}
+
+
# Determine if current distribution is a SUSE-based distribution
# (openSUSE, SLE).
# is_suse
@@ -366,6 +378,23 @@
}
+# Exit after outputting a message about the distribution not being supported.
+# exit_distro_not_supported [optional-string-telling-what-is-missing]
+function exit_distro_not_supported {
+ if [[ -z "$DISTRO" ]]; then
+ GetDistro
+ fi
+
+ if [ $# -gt 0 ]; then
+ echo "Support for $DISTRO is incomplete: no support for $@"
+ else
+ echo "Support for $DISTRO is incomplete."
+ fi
+
+ exit 1
+}
+
+
# git clone only if directory doesn't exist already. Since ``DEST`` might not
# be owned by the installation user, we create the directory and change the
# ownership to the proper user.
@@ -598,12 +627,12 @@
NO_UPDATE_REPOS=True
apt_get install "$@"
+ elif is_fedora; then
+ yum_install "$@"
+ elif is_suse; then
+ zypper_install "$@"
else
- if is_suse; then
- zypper_install "$@"
- else
- yum_install "$@"
- fi
+ exit_distro_not_supported "installing packages"
fi
}
@@ -622,9 +651,11 @@
if [[ "$os_PACKAGE" = "deb" ]]; then
dpkg -l "$@" > /dev/null
return $?
- else
+ elif [[ "$os_PACKAGE" = "rpm" ]]; then
rpm --quiet -q "$@"
return $?
+ else
+ exit_distro_not_supported "finding if a package is installed"
fi
}
@@ -684,6 +715,8 @@
function screen_it {
NL=`echo -ne '\015'`
SCREEN_NAME=${SCREEN_NAME:-stack}
+ SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
+
if is_service_enabled $1; then
# Append the service to the screen rc file
screen_rc "$1" "$2"
@@ -699,7 +732,7 @@
screen -S $SCREEN_NAME -p $1 -X log on
ln -sf ${SCREEN_LOGDIR}/screen-${1}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${1}.log
fi
- screen -S $SCREEN_NAME -p $1 -X stuff "$2$NL"
+ screen -S $SCREEN_NAME -p $1 -X stuff "$2 || touch \"$SERVICE_DIR/$SCREEN_NAME/$1.failure\"$NL"
fi
}
@@ -724,6 +757,47 @@
fi
}
+# Helper to remove the *.failure files under $SERVICE_DIR/$SCREEN_NAME
+# This is used for service_check when all the screen_it are called finished
+# init_service_check
+function init_service_check() {
+ SCREEN_NAME=${SCREEN_NAME:-stack}
+ SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
+
+ if [[ ! -d "$SERVICE_DIR/$SCREEN_NAME" ]]; then
+ mkdir -p "$SERVICE_DIR/$SCREEN_NAME"
+ fi
+
+ rm -f "$SERVICE_DIR/$SCREEN_NAME"/*.failure
+}
+
+# Helper to get the status of each running service
+# service_check
+function service_check() {
+ local service
+ local failures
+ SCREEN_NAME=${SCREEN_NAME:-stack}
+ SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
+
+
+ if [[ ! -d "$SERVICE_DIR/$SCREEN_NAME" ]]; then
+ echo "No service status directory found"
+ return
+ fi
+
+ # Check if there is any falure flag file under $SERVICE_DIR/$SCREEN_NAME
+ failures=`ls "$SERVICE_DIR/$SCREEN_NAME"/*.failure 2>/dev/null`
+
+ for service in $failures; do
+ service=`basename $service`
+ service=${service::-8}
+ echo "Error: Service $service is not running"
+ done
+
+ if [ -n "$failures" ]; then
+ echo "More details about the above errors can be found with screen, with ./rejoin-stack.sh"
+ fi
+}
# ``pip install`` the dependencies of the package before ``setup.py develop``
# so pip and not distutils processes the dependency chain
@@ -1032,20 +1106,20 @@
function get_rootwrap_location() {
local module=$1
- if is_ubuntu || is_suse; then
- echo "/usr/local/bin/$module-rootwrap"
- else
+ if is_fedora; then
echo "/usr/bin/$module-rootwrap"
+ else
+ echo "/usr/local/bin/$module-rootwrap"
fi
}
# Get the path to the pip command.
# get_pip_command
function get_pip_command() {
- if is_ubuntu || is_suse; then
- echo "/usr/bin/pip"
- else
+ if is_fedora; then
echo "/usr/bin/pip-python"
+ else
+ echo "/usr/bin/pip"
fi
}
diff --git a/lib/cinder b/lib/cinder
index 9b9d50d..16cbaf3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -105,10 +105,7 @@
iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
-
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
- fi
+ iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
iniset $CINDER_CONF DEFAULT auth_strategy keystone
@@ -195,8 +192,8 @@
mkdir -p $CINDER_STATE_PATH/volumes
if sudo vgs $VOLUME_GROUP; then
- if [[ "$os_PACKAGE" = "rpm" ]]; then
- # RPM doesn't start the service
+ if is_fedora || is_suse; then
+ # service is not started by default
start_service tgtd
fi
@@ -212,11 +209,9 @@
fi
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- # Create cache dir
- sudo mkdir -p $CINDER_AUTH_CACHE_DIR
- sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
- fi
+ # Create cache dir
+ sudo mkdir -p $CINDER_AUTH_CACHE_DIR
+ sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
}
# install_cinder() - Collect source and prepare
@@ -245,9 +240,15 @@
# do it in two steps
sudo stop tgt || true
sudo start tgt
- else
+ elif is_fedora; then
# bypass redirection to systemctl during restart
sudo /sbin/service --skip-redirect tgtd restart
+ elif is_suse; then
+ restart_service tgtd
+ else
+ # note for other distros: unstack.sh also uses the tgt/tgtd service
+ # name, and would need to be adjusted too
+ exit_distro_not_supported "restarting tgt"
fi
fi
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 60ea143..68e9adc 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -23,22 +23,28 @@
if is_ubuntu; then
MY_CONF=/etc/mysql/my.cnf
MYSQL=mysql
- else
+ elif is_fedora; then
MY_CONF=/etc/my.cnf
- if is_suse; then
- MYSQL=mysql
- else
- MYSQL=mysqld
- fi
+ MYSQL=mysqld
+ elif is_suse; then
+ MY_CONF=/etc/my.cnf
+ MYSQL=mysql
+ else
+ exit_distro_not_supported "mysql configuration"
fi
# Start mysql-server
- if [[ "$os_PACKAGE" = "rpm" ]]; then
- # RPM doesn't start the service
+ if is_fedora || is_suse; then
+ # service is not started by default
start_service $MYSQL
- # Set the root password - only works the first time
+ fi
+
+ # Set the root password - only works the first time. For Ubuntu, we already
+ # did that with debconf before installing the package.
+ if ! is_ubuntu; then
sudo mysqladmin -u root password $DATABASE_PASSWORD || true
fi
+
# Update the DB to give user ‘$DATABASE_USER’@’%’ full control of the all databases:
sudo mysql -uroot -p$DATABASE_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
@@ -84,10 +90,12 @@
chmod 0600 $HOME/.my.cnf
fi
# Install mysql-server
- if is_suse; then
+ if is_ubuntu || is_fedora; then
+ install_package mysql-server
+ elif is_suse; then
install_package mysql-community-server
else
- install_package mysql-server
+ exit_distro_not_supported "mysql installation"
fi
}
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index d9c2f00..e1463c5 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -20,14 +20,21 @@
function configure_database_postgresql {
echo_summary "Configuring and starting PostgreSQL"
- if [[ "$os_PACKAGE" = "rpm" ]]; then
+ if is_fedora; then
PG_HBA=/var/lib/pgsql/data/pg_hba.conf
PG_CONF=/var/lib/pgsql/data/postgresql.conf
sudo [ -e $PG_HBA ] || sudo postgresql-setup initdb
- else
+ elif is_ubuntu; then
PG_DIR=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
PG_HBA=$PG_DIR/pg_hba.conf
PG_CONF=$PG_DIR/postgresql.conf
+ elif is_suse; then
+ PG_HBA=/var/lib/pgsql/data/pg_hba.conf
+ PG_CONF=/var/lib/pgsql/data/postgresql.conf
+ # initdb is called when postgresql is first started
+ sudo [ -e $PG_HBA ] || start_service postgresql
+ else
+ exit_distro_not_supported "postgresql configuration"
fi
# Listen on all addresses
sudo sed -i "/listen_addresses/s/.*/listen_addresses = '*'/" $PG_CONF
@@ -35,7 +42,7 @@
sudo sed -i "/^host/s/all\s\+127.0.0.1\/32\s\+ident/$DATABASE_USER\t0.0.0.0\/0\tpassword/" $PG_HBA
# Do password auth for all IPv6 clients
sudo sed -i "/^host/s/all\s\+::1\/128\s\+ident/$DATABASE_USER\t::0\/0\tpassword/" $PG_HBA
- start_service postgresql
+ restart_service postgresql
# If creating the role fails, chances are it already existed. Try to alter it.
sudo -u root sudo -u postgres -i psql -c "CREATE ROLE $DATABASE_USER WITH SUPERUSER LOGIN PASSWORD '$DATABASE_PASSWORD'" || \
@@ -53,10 +60,12 @@
else
sed -i "s/:root:\w\+/:root:$DATABASE_PASSWORD/" $PGPASS
fi
- if [[ "$os_PACKAGE" = "rpm" ]]; then
+ if is_ubuntu; then
+ install_package postgresql
+ elif is_fedora || is_suse; then
install_package postgresql-server
else
- install_package postgresql
+ exit_distro_not_supported "postgresql installation"
fi
}
diff --git a/lib/glance b/lib/glance
index b02a4b6..4f631b2 100644
--- a/lib/glance
+++ b/lib/glance
@@ -95,9 +95,7 @@
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
- fi
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
iniset $GLANCE_API_CONF DEFAULT debug True
@@ -121,9 +119,7 @@
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
- fi
+ iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
@@ -163,13 +159,11 @@
$GLANCE_BIN_DIR/glance-manage db_sync
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- # Create cache dir
- sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
- sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
- fi
+ # Create cache dir
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
}
# install_glanceclient() - Collect source and prepare
diff --git a/lib/horizon b/lib/horizon
index 7321cbc..5d479d5 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -79,21 +79,19 @@
# Be a good citizen and use the distro tools here
sudo touch /etc/$APACHE_NAME/$APACHE_CONF
sudo a2ensite horizon
- # WSGI doesn't enable by default, enable it
+ # WSGI isn't enabled by default, enable it
+ sudo a2enmod wsgi
+ elif is_fedora; then
+ APACHE_NAME=httpd
+ APACHE_CONF=conf.d/horizon.conf
+ sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
+ elif is_suse; then
+ APACHE_NAME=apache2
+ APACHE_CONF=vhosts.d/horizon.conf
+ # WSGI isn't enabled by default, enable it
sudo a2enmod wsgi
else
- # Install httpd, which is NOPRIME'd
- if is_suse; then
- APACHE_NAME=apache2
- APACHE_CONF=vhosts.d/horizon.conf
- # Append wsgi to the list of modules to load
- grep -q "^APACHE_MODULES=.*wsgi" /etc/sysconfig/apache2 ||
- sudo sed '/^APACHE_MODULES=/s/^\(.*\)"$/\1 wsgi"/' -i /etc/sysconfig/apache2
- else
- APACHE_NAME=httpd
- APACHE_CONF=conf.d/horizon.conf
- sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
- fi
+ exit_distro_not_supported "apache configuration"
fi
# Configure apache to run horizon
@@ -113,11 +111,13 @@
if is_ubuntu; then
# Install apache2, which is NOPRIME'd
install_package apache2 libapache2-mod-wsgi
+ elif is_fedora; then
+ sudo rm -f /etc/httpd/conf.d/000-*
+ install_package httpd mod_wsgi
elif is_suse; then
install_package apache2 apache2-mod_wsgi
else
- sudo rm -f /etc/httpd/conf.d/000-*
- install_package httpd mod_wsgi
+ exit_distro_not_supported "apache installation"
fi
# NOTE(sdague) quantal changed the name of the node binary
diff --git a/lib/nova b/lib/nova
index 3a4d34d..840965e 100644
--- a/lib/nova
+++ b/lib/nova
@@ -172,9 +172,7 @@
" -i $NOVA_API_PASTE_INI
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
- fi
+ iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
if is_service_enabled n-cpu; then
# Force IP forwarding on, just on case
@@ -231,10 +229,13 @@
if is_ubuntu; then
LIBVIRT_DAEMON=libvirt-bin
else
- # http://wiki.libvirt.org/page/SSHPolicyKitSetup
- if ! getent group libvirtd >/dev/null; then
- sudo groupadd libvirtd
- fi
+ LIBVIRT_DAEMON=libvirtd
+ fi
+
+ # For distributions using polkit to authorize access to libvirt,
+ # configure polkit accordingly.
+ # Based on http://wiki.libvirt.org/page/SSHPolicyKitSetup
+ if is_fedora; then
sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[libvirt Management Access]
Identity=unix-group:libvirtd
@@ -243,11 +244,24 @@
ResultInactive=yes
ResultActive=yes
EOF'
- LIBVIRT_DAEMON=libvirtd
+ elif is_suse; then
+ # Work around the fact that polkit-default-privs overrules pklas
+ # with 'unix-group:$group'.
+ sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
+[libvirt Management Access]
+Identity=unix-user:$USER
+Action=org.libvirt.unix.manage
+ResultAny=yes
+ResultInactive=yes
+ResultActive=yes
+EOF"
fi
# The user that nova runs as needs to be member of **libvirtd** group otherwise
# nova-compute will be unable to use libvirt.
+ if ! getent group libvirtd >/dev/null; then
+ sudo groupadd libvirtd
+ fi
add_user_to_group `whoami` libvirtd
# libvirt detects various settings on startup, as we potentially changed
@@ -277,6 +291,46 @@
fi
}
+# create_nova_accounts() - Set up common required nova accounts
+
+# Tenant User Roles
+# ------------------------------------------------------------------
+# service nova admin, [ResellerAdmin (swift only)]
+
+# Migrated from keystone_data.sh
+create_nova_accounts() {
+
+ SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+ ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
+
+ # Nova
+ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
+ NOVA_USER=$(keystone user-create \
+ --name=nova \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=nova@example.com \
+ | grep " id " | get_field 2)
+ keystone user-role-add \
+ --tenant_id $SERVICE_TENANT \
+ --user_id $NOVA_USER \
+ --role_id $ADMIN_ROLE
+ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+ NOVA_SERVICE=$(keystone service-create \
+ --name=nova \
+ --type=compute \
+ --description="Nova Compute Service" \
+ | grep " id " | get_field 2)
+ keystone endpoint-create \
+ --region RegionOne \
+ --service_id $NOVA_SERVICE \
+ --publicurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
+ --adminurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" \
+ --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s"
+ fi
+ fi
+}
+
# create_nova_conf() - Create a new nova.conf file
function create_nova_conf() {
# Remove legacy ``nova.conf``
@@ -378,11 +432,9 @@
$NOVA_BIN_DIR/nova-manage db sync
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- # Create cache dir
- sudo mkdir -p $NOVA_AUTH_CACHE_DIR
- sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
- fi
+ # Create cache dir
+ sudo mkdir -p $NOVA_AUTH_CACHE_DIR
+ sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
}
# install_novaclient() - Collect source and prepare
@@ -394,11 +446,13 @@
function install_nova() {
if is_service_enabled n-cpu; then
if is_ubuntu; then
- LIBVIRT_PKG_NAME=libvirt-bin
+ install_package libvirt-bin
+ elif is_fedora || is_suse; then
+ install_package libvirt
else
- LIBVIRT_PKG_NAME=libvirt
+ exit_distro_not_supported "libvirt installation"
fi
- install_package $LIBVIRT_PKG_NAME
+
# Install and configure **LXC** if specified. LXC is another approach to
# splitting a system into many smaller parts. LXC uses cgroups and chroot
# to simulate multiple systems.
diff --git a/lib/quantum b/lib/quantum
index 4e9f298..288a327 100644
--- a/lib/quantum
+++ b/lib/quantum
@@ -123,12 +123,10 @@
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
- # Create cache dir
- sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
- sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
- fi
+ iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
+ # Create cache dir
+ sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
+ sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
}
function quantum_setup_ovs_bridge() {
diff --git a/stack.sh b/stack.sh
index 69c983c..f2fd68c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -648,17 +648,21 @@
echo_summary "Installing package prerequisites"
if is_ubuntu; then
install_package $(get_packages $FILES/apts)
+elif is_fedora; then
+ install_package $(get_packages $FILES/rpms)
elif is_suse; then
install_package $(get_packages $FILES/rpms-suse)
else
- install_package $(get_packages $FILES/rpms)
+ exit_distro_not_supported "list of packages"
fi
if [[ $SYSLOG != "False" ]]; then
- if is_suse; then
+ if is_ubuntu || is_fedora; then
+ install_package rsyslog-relp
+ elif is_suse; then
install_package rsyslog-module-relp
else
- install_package rsyslog-relp
+ exit_distro_not_supported "rsyslog-relp installation"
fi
fi
@@ -670,20 +674,22 @@
cat "$tfile"
rm -f "$tfile"
elif is_service_enabled qpid; then
- if [[ "$os_PACKAGE" = "rpm" ]]; then
+ if is_fedora; then
install_package qpid-cpp-server-daemon
- else
+ elif is_ubuntu; then
install_package qpidd
+ else
+ exit_distro_not_supported "qpid installation"
fi
elif is_service_enabled zeromq; then
- if [[ "$os_PACKAGE" = "rpm" ]]; then
- if is_suse; then
- install_package libzmq1 python-pyzmq
- else
- install_package zeromq python-zmq
- fi
- else
+ if is_fedora; then
+ install_package zeromq python-zmq
+ elif is_ubuntu; then
install_package libzmq1 python-zmq
+ elif is_suse; then
+ install_package libzmq1 python-pyzmq
+ else
+ exit_distro_not_supported "zeromq installation"
fi
fi
@@ -885,8 +891,8 @@
if is_service_enabled rabbit; then
# Start rabbitmq-server
echo_summary "Starting RabbitMQ"
- if [[ "$os_PACKAGE" = "rpm" ]]; then
- # RPM doesn't start the service
+ if is_fedora || is_suse; then
+ # service is not started by default
restart_service rabbitmq-server
fi
# change the rabbit password since the default is "guest"
@@ -925,6 +931,8 @@
# Set a reasonable status bar
screen -r $SCREEN_NAME -X hardstatus alwayslastline "$SCREEN_HARDSTATUS"
+# Initialize the directory for service status check
+init_service_check
# Keystone
# --------
@@ -947,6 +955,7 @@
export OS_SERVICE_TOKEN=$SERVICE_TOKEN
export OS_SERVICE_ENDPOINT=$SERVICE_ENDPOINT
create_keystone_accounts
+ create_nova_accounts
# ``keystone_data.sh`` creates services, admin and demo users, and roles.
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
@@ -1706,6 +1715,8 @@
$TOP_DIR/local.sh
fi
+# Check the status of running services
+service_check
# Fin
# ===
diff --git a/stackrc b/stackrc
index 4162780..9e06028 100644
--- a/stackrc
+++ b/stackrc
@@ -17,7 +17,7 @@
# ``disable_service`` functions in ``localrc``.
# For example, to enable Swift add this to ``localrc``:
# enable_service swift
-ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,$DATABASE_TYPE
+ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
# Set the default Nova APIs to enable
NOVA_ENABLED_APIS=ec2,osapi_compute,metadata
diff --git a/tests/functions.sh b/tests/functions.sh
index d2cc5c4..be48729 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -260,9 +260,11 @@
if [[ "$os_PACKAGE" = "deb" ]]; then
is_package_installed dpkg
VAL=$?
-else
+elif [[ "$os_PACKAGE" = "rpm" ]]; then
is_package_installed rpm
VAL=$?
+else
+ VAL=1
fi
if [[ "$VAL" -eq 0 ]]; then
echo "OK"
@@ -273,9 +275,11 @@
if [[ "$os_PACKAGE" = "deb" ]]; then
is_package_installed dpkg bash
VAL=$?
-else
+elif [[ "$os_PACKAGE" = "rpm" ]]; then
is_package_installed rpm bash
VAL=$?
+else
+ VAL=1
fi
if [[ "$VAL" -eq 0 ]]; then
echo "OK"
diff --git a/tools/info.sh b/tools/info.sh
index 583a994..ef1f338 100755
--- a/tools/info.sh
+++ b/tools/info.sh
@@ -90,15 +90,21 @@
if is_ubuntu; then
PKG_DIR=$FILES/apts
-else
+elif is_fedora; then
PKG_DIR=$FILES/rpms
+elif is_suse; then
+ PKG_DIR=$FILES/rpms-suse
+else
+ exit_distro_not_supported "list of packages"
fi
for p in $(get_packages $PKG_DIR); do
if [[ "$os_PACKAGE" = "deb" ]]; then
ver=$(dpkg -s $p 2>/dev/null | grep '^Version: ' | cut -d' ' -f2)
- else
+ elif [[ "$os_PACKAGE" = "rpm" ]]; then
ver=$(rpm -q --queryformat "%{VERSION}-%{RELEASE}\n" $p)
+ else
+ exit_distro_not_supported "finding version of a package"
fi
echo "pkg|${p}|${ver}"
done