Merge "Use the rdo havana repo with the RHEL family"
diff --git a/HACKING.rst b/HACKING.rst
index dd665a2..5f33d77 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -38,7 +38,7 @@
A number of additional scripts can be found in the ``tools`` directory that may
be useful in supporting DevStack installations. Of particular note are ``info.sh``
-to collect and report information about the installed system, and ``instal_prereqs.sh``
+to collect and report information about the installed system, and ``install_prereqs.sh``
that handles installation of the prerequisite packages for DevStack. It is
suitable, for example, to pre-load a system for making a snapshot.
diff --git a/README.md b/README.md
index 99e9838..6dc9ecd 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@
# Start A Dev Cloud
-Installing in a dedicated disposable vm is safer than installing on your dev machine! To start a dev cloud:
+Installing in a dedicated disposable vm is safer than installing on your dev machine! Plus you can pick one of the supported Linux distros for your VM. To start a dev cloud run the following NOT AS ROOT (see below for more):
./stack.sh
@@ -57,6 +57,12 @@
# list instances using ec2 api
euca-describe-instances
+# DevStack Execution Environment
+
+DevStack runs rampant over the system it runs on, installing things and uninstalling other things. Running this on a system you care about is a recipe for disappointment, or worse. Alas, we're all in the virtualization business here, so run it in a VM. And take advantage of the snapshot capabilities of your hypervisor of choice to reduce testing cycle times. You might even save enough time to write one more feature before the next feature freeze...
+
+``stack.sh`` needs to have root access for a lot of tasks, but it also needs to have not-root permissions for most of its work and for all of the OpenStack services. So ``stack.sh`` specifically does not run if you are root. This is a recent change (Oct 2013) from the previous behaviour of automatically creating a ``stack`` user. Automatically creating a user account is not always the right response to running as root, so that bit is now an explicit step using ``tools/create-stack-user.sh``. Run that (as root!) if you do not want to just use your normal login here, which works perfectly fine.
+
# Customizing
You can override environment variables used in `stack.sh` by creating file name `localrc`. It is likely that you will need to do this to tweak your networking configuration should you need to access your cloud from a different host.
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 355af88..98c2795 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -1,4 +1,5 @@
bridge-utils
+ca-certificates-mozilla
curl
euca2ools
git-core
@@ -10,7 +11,6 @@
python-cmd2 # dist:opensuse-12.3
python-pylint
python-unittest2
-python-virtualenv
screen
tar
tcpdump
diff --git a/functions b/functions
index bff2e26..01e2dfc 100644
--- a/functions
+++ b/functions
@@ -364,7 +364,7 @@
# GetOSVersion
GetOSVersion() {
# Figure out which vendor we are
- if [[ -n "`which sw_vers 2>/dev/null`" ]]; then
+ if [[ -x "`which sw_vers 2>/dev/null`" ]]; then
# OS/X
os_VENDOR=`sw_vers -productName`
os_RELEASE=`sw_vers -productVersion`
@@ -551,6 +551,7 @@
GIT_REMOTE=$1
GIT_DEST=$2
GIT_REF=$3
+ RECLONE=$(trueorfalse False $RECLONE)
if [[ "$OFFLINE" = "True" ]]; then
echo "Running in offline mode, clones already exist"
@@ -576,7 +577,7 @@
cd $GIT_DEST
# This checkout syntax works for both branches and tags
git checkout $GIT_REF
- elif [[ "$RECLONE" == "yes" ]]; then
+ elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $GIT_DEST
# set the url to pull from and fetch
@@ -925,7 +926,7 @@
elif is_fedora; then
sudo yum remove -y "$@"
elif is_suse; then
- sudo rpm -e "$@"
+ sudo zypper rm "$@"
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -1268,16 +1269,16 @@
# Normalize config values to True or False
-# Accepts as False: 0 no false False FALSE
-# Accepts as True: 1 yes true True TRUE
+# Accepts as False: 0 no No NO false False FALSE
+# Accepts as True: 1 yes Yes YES true True TRUE
# VAR=$(trueorfalse default-value test-value)
function trueorfalse() {
local default=$1
local testval=$2
[[ -z "$testval" ]] && { echo "$default"; return; }
- [[ "0 no false False FALSE" =~ "$testval" ]] && { echo "False"; return; }
- [[ "1 yes true True TRUE" =~ "$testval" ]] && { echo "True"; return; }
+ [[ "0 no No NO false False FALSE" =~ "$testval" ]] && { echo "False"; return; }
+ [[ "1 yes Yes YES true True TRUE" =~ "$testval" ]] && { echo "True"; return; }
echo "$default"
}
@@ -1334,7 +1335,7 @@
vmdk_net_adapter="${props[2]}"
fi
- glance --os-auth-token $token --os-image-url http://$GLANCE_HOSTPORT image-create --name "$IMAGE_NAME" --is-public=True --container-format bare --disk-format vmdk --property vmware-disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${IMAGE}"
+ glance --os-auth-token $token --os-image-url http://$GLANCE_HOSTPORT image-create --name "$IMAGE_NAME" --is-public=True --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${IMAGE}"
return
fi
@@ -1483,7 +1484,7 @@
function wait_for_service() {
local timeout=$1
local url=$2
- timeout $timeout sh -c "while ! http_proxy= https_proxy= curl -s $url >/dev/null; do sleep 1; done"
+ timeout $timeout sh -c "while ! curl --noproxy '*' -s $url >/dev/null; do sleep 1; done"
}
diff --git a/lib/cinder b/lib/cinder
index bec65ed..ccf38b4 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -496,6 +496,8 @@
# name, and would need to be adjusted too
exit_distro_not_supported "restarting tgt"
fi
+ # NOTE(gfidente): ensure tgtd is running in debug mode
+ sudo tgtadm --mode system --op update --name debug --value on
fi
screen_it c-api "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
diff --git a/lib/database b/lib/database
index 442ed56..3c15609 100644
--- a/lib/database
+++ b/lib/database
@@ -64,7 +64,7 @@
# For backward-compatibility, read in the MYSQL_HOST/USER variables and use
# them as the default values for the DATABASE_HOST/USER variables.
- MYSQL_HOST=${MYSQL_HOST:-localhost}
+ MYSQL_HOST=${MYSQL_HOST:-127.0.0.1}
MYSQL_USER=${MYSQL_USER:-root}
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_HOST}}
diff --git a/lib/glance b/lib/glance
index 7e69682..c6f11d0 100644
--- a/lib/glance
+++ b/lib/glance
@@ -193,7 +193,7 @@
screen_it g-reg "cd $GLANCE_DIR; $GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
screen_it g-api "cd $GLANCE_DIR; $GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf"
echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$GLANCE_HOSTPORT; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$GLANCE_HOSTPORT; do sleep 1; done"; then
die $LINENO "g-api did not start"
fi
}
diff --git a/lib/horizon b/lib/horizon
index 5973eb2..63caf3c 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -130,8 +130,10 @@
HORIZON_REQUIRE='Require all granted'
fi
sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
+ elif is_suse; then
+ : # nothing to do
else
- exit_distro_not_supported "apache configuration"
+ exit_distro_not_supported "horizon apache configuration"
fi
# Remove old log files that could mess with how devstack detects whether Horizon
diff --git a/lib/ironic b/lib/ironic
index 2ce5038..f3b4a72 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -148,9 +148,9 @@
keystone endpoint-create \
--region RegionOne \
--service_id $IRONIC_SERVICE \
- --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1/" \
- --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1/" \
- --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1/"
+ --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
+ --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
+ --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
fi
fi
}
@@ -194,7 +194,7 @@
function start_ironic_api() {
screen_it ir-api "cd $IRONIC_DIR; $IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE"
echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$IRONIC_HOSTPORT; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$IRONIC_HOSTPORT; do sleep 1; done"; then
die $LINENO "ir-api did not start"
fi
}
diff --git a/lib/keystone b/lib/keystone
index c4b2dff..c93a436 100755
--- a/lib/keystone
+++ b/lib/keystone
@@ -145,7 +145,7 @@
iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
iniset $KEYSTONE_CONF ldap use_dumb_member "True"
- iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId"
+ iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id"
iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"
@@ -372,7 +372,7 @@
fi
echo "Waiting for keystone to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy '*' -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
die $LINENO "keystone did not start"
fi
diff --git a/lib/neutron b/lib/neutron
index 4a3d1b0..778717d 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -88,7 +88,7 @@
export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
# Default Neutron Plugin
-Q_PLUGIN=${Q_PLUGIN:-openvswitch}
+Q_PLUGIN=${Q_PLUGIN:-ml2}
# Default Neutron Port
Q_PORT=${Q_PORT:-9696}
# Default Neutron Host
@@ -419,7 +419,7 @@
# Start the Neutron service
screen_it q-svc "cd $NEUTRON_DIR && python $NEUTRON_BIN_DIR/neutron-server $CFG_FILE_OPTIONS"
echo "Waiting for Neutron to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$Q_HOST:$Q_PORT; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$Q_HOST:$Q_PORT; do sleep 1; done"; then
die $LINENO "Neutron did not start"
fi
}
diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
index 0ad760b..193055f 100644
--- a/lib/neutron_plugins/midonet
+++ b/lib/neutron_plugins/midonet
@@ -12,7 +12,7 @@
}
function neutron_plugin_create_nova_conf() {
- NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"midonet.nova.virt.libvirt.vif.MidonetVifDriver"}
+ NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
}
function neutron_plugin_install_agent_packages() {
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 71a0638..8d2e303 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -30,6 +30,9 @@
# Default VLAN TypeDriver options
Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-}
+# L3 Plugin to load for ML2
+ML2_L3_PLUGIN=${ML2_L3_PLUGIN:-neutron.services.l3_router.l3_router_plugin.L3RouterPlugin}
+
function populate_ml2_config() {
OPTS=$1
CONF=$2
@@ -48,13 +51,11 @@
Q_PLUGIN_CLASS="neutron.plugins.ml2.plugin.Ml2Plugin"
# The ML2 plugin delegates L3 routing/NAT functionality to
# the L3 service plugin which must therefore be specified.
- Q_L3_PLUGIN_CLASS=${Q_L3_PLUGIN_CLASS:-"neutron.services.l3_router.l3_router_plugin.L3RouterPlugin"}
- if ini_has_option $NEUTRON_CONF DEFAULT service_plugins ; then
- srv_plugins=$(iniget $NEUTRON_CONF DEFAULT service_plugins)","$Q_L3_PLUGIN_CLASS
+ if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
+ Q_SERVICE_PLUGIN_CLASSES=$ML2_L3_PLUGIN
else
- srv_plugins=$Q_L3_PLUGIN_CLASS
+ Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$ML2_L3_PLUGIN"
fi
- iniset $NEUTRON_CONF DEFAULT service_plugins $srv_plugins
}
function neutron_plugin_configure_service() {
diff --git a/lib/neutron_plugins/nicira b/lib/neutron_plugins/nicira
index e9deb64..ca89d57 100644
--- a/lib/neutron_plugins/nicira
+++ b/lib/neutron_plugins/nicira
@@ -119,6 +119,16 @@
if [[ "$NVP_REDIRECTS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE DEFAULT redirects $NVP_REDIRECTS
fi
+ if [[ "$AGENT_MODE" != "" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE nvp agent_mode $AGENT_MODE
+ if [[ "$AGENT_MODE" == "agentless" ]]; then
+ if [[ "$DEFAULT_SERVICE_CLUSTER_UUID" != "" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_service_cluster_uuid $DEFAULT_SERVICE_CLUSTER_UUID
+ else
+ die $LINENO "Agentless mode requires a service cluster."
+ fi
+ fi
+ fi
}
function neutron_plugin_setup_interface_driver() {
diff --git a/lib/nova b/lib/nova
index e5c78d8..4c55207 100644
--- a/lib/nova
+++ b/lib/nova
@@ -76,15 +76,7 @@
# --------------------------
# Set defaults according to the virt driver
-if [ "$VIRT_DRIVER" = 'xenserver' ]; then
- PUBLIC_INTERFACE_DEFAULT=eth2
- GUEST_INTERFACE_DEFAULT=eth1
- # Allow ``build_domU.sh`` to specify the flat network bridge via kernel args
- FLAT_NETWORK_BRIDGE_DEFAULT=$(sed -e 's/.* flat_network_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
- if is_service_enabled neutron; then
- XEN_INTEGRATION_BRIDGE=$(sed -e 's/.* xen_integration_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
- fi
-elif [ "$VIRT_DRIVER" = 'baremetal' ]; then
+if [ "$VIRT_DRIVER" = 'baremetal' ]; then
NETWORK_MANAGER=${NETWORK_MANAGER:-FlatManager}
PUBLIC_INTERFACE_DEFAULT=eth0
FLAT_INTERFACE=${FLAT_INTERFACE:-eth0}
@@ -510,6 +502,7 @@
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
iniset $NOVA_CONF DEFAULT notify_on_state_change "vm_and_task_state"
+ iniset $NOVA_CONF DEFAULT notification_driver "nova.openstack.common.notifier.rpc_notifier"
fi
# Provide some transition from ``EXTRA_FLAGS`` to ``EXTRA_OPTS``
@@ -534,16 +527,12 @@
SPICEHTML5PROXY_URL=${SPICEHTML5PROXY_URL:-"http://$SERVICE_HOST:6082/spice_auto.html"}
iniset $NOVA_CONF spice html5proxy_base_url "$SPICEHTML5PROXY_URL"
fi
- if [ "$VIRT_DRIVER" = 'xenserver' ]; then
- VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=169.254.0.1}
- else
- VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=127.0.0.1}
- fi
if is_service_enabled n-novnc || is_service_enabled n-xvnc; then
# Address on which instance vncservers will listen on compute hosts.
# For multi-host, this should be the management ip of the compute host.
VNCSERVER_LISTEN=${VNCSERVER_LISTEN=127.0.0.1}
+ VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=127.0.0.1}
iniset $NOVA_CONF DEFAULT vnc_enabled true
iniset $NOVA_CONF DEFAULT vncserver_listen "$VNCSERVER_LISTEN"
iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
diff --git a/lib/nova_plugins/hypervisor-vsphere b/lib/nova_plugins/hypervisor-vsphere
new file mode 100644
index 0000000..1666246
--- /dev/null
+++ b/lib/nova_plugins/hypervisor-vsphere
@@ -0,0 +1,72 @@
+# lib/nova_plugins/hypervisor-vsphere
+# Configure the vSphere hypervisor
+
+# Enable with:
+# VIRT_DRIVER=vsphere
+
+# Dependencies:
+# ``functions`` file
+# ``nova`` configuration
+
+# install_nova_hypervisor - install any external requirements
+# configure_nova_hypervisor - make configuration changes, including those to other services
+# start_nova_hypervisor - start any external services
+# stop_nova_hypervisor - stop any external services
+# cleanup_nova_hypervisor - remove transient data and cache
+
+# Save trace setting
+MY_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+
+# Entry Points
+# ------------
+
+# clean_nova_hypervisor - Clean up an installation
+function cleanup_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# configure_nova_hypervisor - Set config files, create data dirs, etc
+function configure_nova_hypervisor() {
+ iniset $NOVA_CONF DEFAULT compute_driver "vmwareapi.VMwareVCDriver"
+ VMWAREAPI_USER=${VMWAREAPI_USER:-"root"}
+ iniset $NOVA_CONF vmware host_ip "$VMWAREAPI_IP"
+ iniset $NOVA_CONF vmware host_username "$VMWAREAPI_USER"
+ iniset $NOVA_CONF vmware host_password "$VMWAREAPI_PASSWORD"
+ iniset $NOVA_CONF vmware cluster_name "$VMWAREAPI_CLUSTER"
+ if is_service_enabled neutron; then
+ iniset $NOVA_CONF vmware integration_bridge $OVS_BRIDGE
+ fi
+}
+
+# install_nova_hypervisor() - Install external components
+function install_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# start_nova_hypervisor - Start any required external services
+function start_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# stop_nova_hypervisor - Stop any external services
+function stop_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+
+# Restore xtrace
+$MY_XTRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
new file mode 100644
index 0000000..f47994f
--- /dev/null
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -0,0 +1,85 @@
+# lib/nova_plugins/hypervisor-xenserver
+# Configure the XenServer hypervisor
+
+# Enable with:
+# VIRT_DRIVER=xenserver
+
+# Dependencies:
+# ``functions`` file
+# ``nova`` configuration
+
+# install_nova_hypervisor - install any external requirements
+# configure_nova_hypervisor - make configuration changes, including those to other services
+# start_nova_hypervisor - start any external services
+# stop_nova_hypervisor - stop any external services
+# cleanup_nova_hypervisor - remove transient data and cache
+
+# Save trace setting
+MY_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+PUBLIC_INTERFACE_DEFAULT=eth2
+GUEST_INTERFACE_DEFAULT=eth1
+# Allow ``build_domU.sh`` to specify the flat network bridge via kernel args
+FLAT_NETWORK_BRIDGE_DEFAULT=$(sed -e 's/.* flat_network_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
+if is_service_enabled neutron; then
+ XEN_INTEGRATION_BRIDGE=$(sed -e 's/.* xen_integration_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
+fi
+
+VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=169.254.0.1}
+
+
+# Entry Points
+# ------------
+
+# clean_nova_hypervisor - Clean up an installation
+function cleanup_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# configure_nova_hypervisor - Set config files, create data dirs, etc
+function configure_nova_hypervisor() {
+ if [ -z "$XENAPI_CONNECTION_URL" ]; then
+ die $LINENO "XENAPI_CONNECTION_URL is not specified"
+ fi
+ read_password XENAPI_PASSWORD "ENTER A PASSWORD TO USE FOR XEN."
+ iniset $NOVA_CONF DEFAULT compute_driver "xenapi.XenAPIDriver"
+ iniset $NOVA_CONF DEFAULT xenapi_connection_url "$XENAPI_CONNECTION_URL"
+ iniset $NOVA_CONF DEFAULT xenapi_connection_username "$XENAPI_USER"
+ iniset $NOVA_CONF DEFAULT xenapi_connection_password "$XENAPI_PASSWORD"
+ iniset $NOVA_CONF DEFAULT flat_injected "False"
+ # Need to avoid crash due to new firewall support
+ XEN_FIREWALL_DRIVER=${XEN_FIREWALL_DRIVER:-"nova.virt.firewall.IptablesFirewallDriver"}
+ iniset $NOVA_CONF DEFAULT firewall_driver "$XEN_FIREWALL_DRIVER"
+}
+
+# install_nova_hypervisor() - Install external components
+function install_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# start_nova_hypervisor - Start any required external services
+function start_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# stop_nova_hypervisor - Stop any external services
+function stop_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+
+# Restore xtrace
+$MY_XTRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/swift b/lib/swift
index 9c80802..c0dec97 100644
--- a/lib/swift
+++ b/lib/swift
@@ -67,6 +67,10 @@
# Default is ``staticweb, tempurl, formpost``
SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-tempurl formpost staticweb}
+# Set ``SWIFT_EXTRAS_MIDDLEWARE_LAST`` to extras middlewares that need to be at
+# the end of the pipeline.
+SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST}
+
# The ring uses a configurable number of bits from a path’s MD5 hash as
# a partition index that designates a device. The number of bits kept
# from the hash is known as the partition power, and 2 to the partition
@@ -255,6 +259,12 @@
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080}
+ # Configure Ceilometer
+ if is_service_enabled ceilometer; then
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer use "egg:ceilometer#swift"
+ SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
+ fi
+
# By default Swift will be installed with keystone and tempauth middleware
# and add the swift3 middleware if its configured for it. The token for
# tempauth would be prefixed with the reseller_prefix setting TEMPAUTH_ the
@@ -264,6 +274,7 @@
fi
swift_pipeline+=" authtoken keystoneauth tempauth "
sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
+ sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
diff --git a/lib/tempest b/lib/tempest
index 646d42b..bc0b18d 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -230,6 +230,11 @@
# Compute
iniset $TEMPEST_CONF compute change_password_available False
+ # Note(nati) current tempest don't create network for each tenant
+ # so reuse same tenant for now
+ if is_service_enabled neutron; then
+ TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-False}
+ fi
iniset $TEMPEST_CONF compute allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
iniset $TEMPEST_CONF compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED
iniset $TEMPEST_CONF compute network_for_ssh $PRIVATE_NETWORK_NAME
diff --git a/stack.sh b/stack.sh
index 4bd186f..7cd7e30 100755
--- a/stack.sh
+++ b/stack.sh
@@ -172,67 +172,37 @@
# -----------
# OpenStack is designed to be run as a non-root user; Horizon will fail to run
-# as **root** since Apache will not serve content from **root** user). If
-# ``stack.sh`` is run as **root**, it automatically creates a **stack** user with
-# sudo privileges and runs as that user.
+# as **root** since Apache will not serve content from **root** user).
+# ``stack.sh`` must not be run as **root**. It aborts and suggests one course of
+# action to create a suitable user account.
if [[ $EUID -eq 0 ]]; then
- ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root."
- echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
- sleep $ROOTSLEEP
-
- # Give the non-root user the ability to run as **root** via ``sudo``
- is_package_installed sudo || install_package sudo
- if ! getent group $STACK_USER >/dev/null; then
- echo "Creating a group called $STACK_USER"
- groupadd $STACK_USER
- fi
- if ! getent passwd $STACK_USER >/dev/null; then
- echo "Creating a user called $STACK_USER"
- useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
- fi
-
- echo "Giving stack user passwordless sudo privileges"
- # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
- grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
- echo "#includedir /etc/sudoers.d" >> /etc/sudoers
- ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
- > /etc/sudoers.d/50_stack_sh )
-
- echo "Copying files to $STACK_USER user"
- STACK_DIR="$DEST/${TOP_DIR##*/}"
- cp -r -f -T "$TOP_DIR" "$STACK_DIR"
- safe_chown -R $STACK_USER "$STACK_DIR"
- cd "$STACK_DIR"
- if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
- exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash"
- else
- exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
- fi
+ echo "Cut it out."
+ echo "Really."
+ echo "If you need an account to run DevStack, do this (as root, heh) to create $STACK_USER:"
+ echo "$TOP_DIR/tools/create-stack-user.sh"
exit 1
-else
- # We're not **root**, make sure ``sudo`` is available
- is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
-
- # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
- sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
- echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
-
- # Set up devstack sudoers
- TEMPFILE=`mktemp`
- echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
- # Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
- # see them by forcing PATH
- echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
- chmod 0440 $TEMPFILE
- sudo chown root:root $TEMPFILE
- sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
-
- # Remove old file
- sudo rm -f /etc/sudoers.d/stack_sh_nova
fi
+# We're not **root**, make sure ``sudo`` is available
+is_package_installed sudo || install_package sudo
+
+# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
+sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
+ echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
+
+# Set up devstack sudoers
+TEMPFILE=`mktemp`
+echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
+# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
+# see them by forcing PATH
+echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
+chmod 0440 $TEMPFILE
+sudo chown root:root $TEMPFILE
+sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
+
+
# Create the destination directory and ensure it is writable by the user
# and read/executable by everybody for daemons (e.g. apache run for horizon)
sudo mkdir -p $DEST
@@ -1011,25 +981,6 @@
configure_nova_hypervisor
- # XenServer
- # ---------
-
- elif [ "$VIRT_DRIVER" = 'xenserver' ]; then
- echo_summary "Using XenServer virtualization driver"
- if [ -z "$XENAPI_CONNECTION_URL" ]; then
- die $LINENO "XENAPI_CONNECTION_URL is not specified"
- fi
- read_password XENAPI_PASSWORD "ENTER A PASSWORD TO USE FOR XEN."
- iniset $NOVA_CONF DEFAULT compute_driver "xenapi.XenAPIDriver"
- iniset $NOVA_CONF DEFAULT xenapi_connection_url "$XENAPI_CONNECTION_URL"
- iniset $NOVA_CONF DEFAULT xenapi_connection_username "$XENAPI_USER"
- iniset $NOVA_CONF DEFAULT xenapi_connection_password "$XENAPI_PASSWORD"
- iniset $NOVA_CONF DEFAULT flat_injected "False"
- # Need to avoid crash due to new firewall support
- XEN_FIREWALL_DRIVER=${XEN_FIREWALL_DRIVER:-"nova.virt.firewall.IptablesFirewallDriver"}
- iniset $NOVA_CONF DEFAULT firewall_driver "$XEN_FIREWALL_DRIVER"
-
-
# OpenVZ
# ------
@@ -1089,22 +1040,6 @@
iniset $NOVA_CONF DEFAULT powervm_img_local_path $POWERVM_IMG_LOCAL_PATH
- # vSphere API
- # -----------
-
- elif [ "$VIRT_DRIVER" = 'vsphere' ]; then
- echo_summary "Using VMware vCenter driver"
- iniset $NOVA_CONF DEFAULT compute_driver "vmwareapi.VMwareVCDriver"
- VMWAREAPI_USER=${VMWAREAPI_USER:-"root"}
- iniset $NOVA_CONF vmware host_ip "$VMWAREAPI_IP"
- iniset $NOVA_CONF vmware host_username "$VMWAREAPI_USER"
- iniset $NOVA_CONF vmware host_password "$VMWAREAPI_PASSWORD"
- iniset $NOVA_CONF vmware cluster_name "$VMWAREAPI_CLUSTER"
- if is_service_enabled neutron; then
- iniset $NOVA_CONF vmware integration_bridge $OVS_BRIDGE
- fi
-
-
# Default libvirt
# ---------------
diff --git a/tools/create-stack-user.sh b/tools/create-stack-user.sh
new file mode 100644
index 0000000..2251d1e
--- /dev/null
+++ b/tools/create-stack-user.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# **create-stack-user.sh**
+
+# Create a user account suitable for running DevStack
+# - create a group named $STACK_USER if it does not exist
+# - create a user named $STACK_USER if it does not exist
+# - home is $DEST
+# - configure sudo for $STACK_USER
+
+# ``stack.sh`` was never intended to run as root. It had a hack to do what is
+# now in this script and re-launch itself, but that hack was less than perfect
+# and it was time for this nonsense to stop. Run this script as root to create
+# the user and configure sudo.
+
+
+# Keep track of the devstack directory
+TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP_DIR/functions
+
+# Determine what system we are running on. This provides ``os_VENDOR``,
+# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# and ``DISTRO``
+GetDistro
+
+# Needed to get ``ENABLED_SERVICES``
+source $TOP_DIR/stackrc
+
+# Give the non-root user the ability to run as **root** via ``sudo``
+is_package_installed sudo || install_package sudo
+
+if ! getent group $STACK_USER >/dev/null; then
+ echo "Creating a group called $STACK_USER"
+ groupadd $STACK_USER
+fi
+
+if ! getent passwd $STACK_USER >/dev/null; then
+ echo "Creating a user called $STACK_USER"
+ useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
+fi
+
+echo "Giving stack user passwordless sudo privileges"
+# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
+grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
+ echo "#includedir /etc/sudoers.d" >> /etc/sudoers
+( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
+ > /etc/sudoers.d/50_stack_sh )
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 619d63f..44b0f6b 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -6,6 +6,9 @@
# Warning: This script just for development purposes
+set -o errexit
+set -o xtrace
+
ACCOUNT_DIR=./accrc
display_help()
@@ -138,10 +141,14 @@
mkdir -p "$ACCOUNT_DIR"
ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`
EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem
-mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old" &>/dev/null
+if [ -e "$EUCALYPTUS_CERT" ]; then
+ mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old"
+fi
if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then
echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2
- mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT" &>/dev/null
+ if [ -e "$EUCALYPTUS_CERT.old" ]; then
+ mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT"
+ fi
fi
@@ -168,12 +175,20 @@
local ec2_cert="$rcfile-cert.pem"
local ec2_private_key="$rcfile-pk.pem"
# Try to preserve the original file on fail (best effort)
- mv -f "$ec2_private_key" "$ec2_private_key.old" &>/dev/null
- mv -f "$ec2_cert" "$ec2_cert.old" &>/dev/null
+ if [ -e "$ec2_private_key" ]; then
+ mv -f "$ec2_private_key" "$ec2_private_key.old"
+ fi
+ if [ -e "$ec2_cert" ]; then
+ mv -f "$ec2_cert" "$ec2_cert.old"
+ fi
# It will not create certs when the password is incorrect
if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-tenant-name "$tenant_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
- mv -f "$ec2_private_key.old" "$ec2_private_key" &>/dev/null
- mv -f "$ec2_cert.old" "$ec2_cert" &>/dev/null
+ if [ -e "$ec2_private_key.old" ]; then
+ mv -f "$ec2_private_key.old" "$ec2_private_key"
+ fi
+ if [ -e "$ec2_cert.old" ]; then
+ mv -f "$ec2_cert.old" "$ec2_cert"
+ fi
fi
cat >"$rcfile" <<EOF
# you can source this file
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 87922c8..f3c0f98 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -16,6 +16,8 @@
# - pre-install hgtools to work around a bug in RHEL6 distribute
# - install nose 1.1 from EPEL
+set -o errexit
+set -o xtrace
# Keep track of the current directory
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index fc1c195..940bd8c 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -9,6 +9,9 @@
# Assumptions:
# - update pip to $INSTALL_PIP_VERSION
+set -o errexit
+set -o xtrace
+
# Keep track of the current directory
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=`cd $TOOLS_DIR/..; pwd`
@@ -47,10 +50,12 @@
echo "Distro: $DISTRO"
function get_versions() {
- PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null)
+ PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null || true)
if [[ -n $PIP ]]; then
PIP_VERSION=$($PIP --version | awk '{ print $2}')
echo "pip: $PIP_VERSION"
+ else
+ echo "pip: Not Installed"
fi
}
diff --git a/tools/xen/devstackubuntupreseed.cfg b/tools/xen/devstackubuntupreseed.cfg
index c559b1e..6a1ae89 100644
--- a/tools/xen/devstackubuntupreseed.cfg
+++ b/tools/xen/devstackubuntupreseed.cfg
@@ -34,7 +34,7 @@
# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
-#d-i netcfg/dhcp_timeout string 60
+d-i netcfg/dhcp_timeout string 120
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 110bbd9..08e0f78 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -96,6 +96,10 @@
#
# Configure Networking
#
+
+MGT_NETWORK=`xe pif-list management=true params=network-uuid minimal=true`
+MGT_BRIDGE_OR_NET_NAME=`xe network-list uuid=$MGT_NETWORK params=bridge minimal=true`
+
setup_network "$VM_BRIDGE_OR_NET_NAME"
setup_network "$MGT_BRIDGE_OR_NET_NAME"
setup_network "$PUB_BRIDGE_OR_NET_NAME"
@@ -203,6 +207,7 @@
#
# Install Ubuntu over network
#
+ UBUNTU_INST_BRIDGE_OR_NET_NAME=${UBUNTU_INST_BRIDGE_OR_NET_NAME:-"$MGT_BRIDGE_OR_NET_NAME"}
# always update the preseed file, incase we have a newer one
PRESEED_URL=${PRESEED_URL:-""}
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index f698be1..bdcaf99 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -13,16 +13,14 @@
# Size of image
VDI_MB=${VDI_MB:-5000}
-OSDOMU_MEM_MB=2048
+OSDOMU_MEM_MB=3072
OSDOMU_VDI_GB=8
# Network mapping. Specify bridge names or network names. Network names may
# differ across localised versions of XenServer. If a given bridge/network
# was not found, a new network will be created with the specified name.
-# The management network is specified by the bridge name. xenbr0 is usually
-# the name of the bridge of the network associated with the hypervisor's eth0.
-MGT_BRIDGE_OR_NET_NAME="xenbr0"
+# Get the management network from the XS installation
VM_BRIDGE_OR_NET_NAME="OpenStack VM Network"
PUB_BRIDGE_OR_NET_NAME="OpenStack Public Network"
XEN_INT_BRIDGE_OR_NET_NAME="OpenStack VM Integration Network"
@@ -72,7 +70,6 @@
UBUNTU_INST_LOCALE="en_US"
UBUNTU_INST_KEYBOARD="us"
# network configuration for ubuntu netinstall
-UBUNTU_INST_BRIDGE_OR_NET_NAME=${UBUNTU_INST_BRIDGE_OR_NET_NAME:-"$MGT_BRIDGE_OR_NET_NAME"}
UBUNTU_INST_IP="dhcp"
UBUNTU_INST_NAMESERVERS=""
UBUNTU_INST_NETMASK=""
diff --git a/unstack.sh b/unstack.sh
index 05d9fb7..c944ccc 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -24,6 +24,12 @@
# Destination path for service data
DATA_DIR=${DATA_DIR:-${DEST}/data}
+if [[ $EUID -eq 0 ]]; then
+ echo "You are running this script as root."
+ echo "It might work but you will have a better day running it as $STACK_USER"
+ exit 1
+fi
+
# Import apache functions
source $TOP_DIR/lib/apache