Merge "qpid: plain auth needs cyrus-sasl-plain package"
diff --git a/doc/source/index.rst b/doc/source/index.rst
index be77dc1..855a2d6 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -163,7 +163,6 @@
* `lib/ldap <lib/ldap.html>`__
* `lib/neutron <lib/neutron.html>`__
* `lib/nova <lib/nova.html>`__
-* `lib/opendaylight <lib/opendaylight.html>`__
* `lib/oslo <lib/oslo.html>`__
* `lib/rpc\_backend <lib/rpc_backend.html>`__
* `lib/sahara <lib/sahara.html>`__
@@ -183,7 +182,6 @@
* `extras.d/70-trove.sh <extras.d/70-trove.sh.html>`__
* `extras.d/70-tuskar.sh <extras.d/70-tuskar.sh.html>`__
* `extras.d/70-zaqar.sh <extras.d/70-zaqar.sh.html>`__
-* `extras.d/80-opendaylight.sh <extras.d/80-opendaylight.sh.html>`__
* `extras.d/80-tempest.sh <extras.d/80-tempest.sh.html>`__
Configuration
diff --git a/extras.d/80-opendaylight.sh b/extras.d/80-opendaylight.sh
deleted file mode 100644
index b673777..0000000
--- a/extras.d/80-opendaylight.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-# opendaylight.sh - DevStack extras script
-
-if is_service_enabled odl-server odl-compute; then
- # Initial source
- [[ "$1" == "source" ]] && source $TOP_DIR/lib/opendaylight
-fi
-
-if is_service_enabled odl-server; then
- if [[ "$1" == "source" ]]; then
- # no-op
- :
- elif [[ "$1" == "stack" && "$2" == "install" ]]; then
- install_opendaylight
- configure_opendaylight
- init_opendaylight
- elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
- configure_ml2_odl
- # This has to start before Neutron
- start_opendaylight
- elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
- # no-op
- :
- fi
-
- if [[ "$1" == "unstack" ]]; then
- stop_opendaylight
- cleanup_opendaylight
- fi
-
- if [[ "$1" == "clean" ]]; then
- # no-op
- :
- fi
-fi
-
-if is_service_enabled odl-compute; then
- if [[ "$1" == "source" ]]; then
- # no-op
- :
- elif [[ "$1" == "stack" && "$2" == "install" ]]; then
- install_opendaylight-compute
- elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
- if is_service_enabled nova; then
- create_nova_conf_neutron
- fi
- elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
- echo_summary "Initializing OpenDaylight"
- ODL_LOCAL_IP=${ODL_LOCAL_IP:-$HOST_IP}
- ODL_MGR_PORT=${ODL_MGR_PORT:-6640}
- read ovstbl <<< $(sudo ovs-vsctl get Open_vSwitch . _uuid)
- sudo ovs-vsctl set-manager tcp:$ODL_MGR_IP:$ODL_MGR_PORT
- if [[ -n "$ODL_PROVIDER_MAPPINGS" ]] && [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then
- sudo ovs-vsctl set Open_vSwitch $ovstbl \
- other_config:provider_mappings=$ODL_PROVIDER_MAPPINGS
- fi
- sudo ovs-vsctl set Open_vSwitch $ovstbl other_config:local_ip=$ODL_LOCAL_IP
- elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
- # no-op
- :
- fi
-
- if [[ "$1" == "unstack" ]]; then
- sudo ovs-vsctl del-manager
- BRIDGES=$(sudo ovs-vsctl list-br)
- for bridge in $BRIDGES ; do
- sudo ovs-vsctl del-controller $bridge
- done
-
- stop_opendaylight-compute
- fi
-
- if [[ "$1" == "clean" ]]; then
- # no-op
- :
- fi
-fi
diff --git a/files/debs/general b/files/debs/general
index e824d23..4050191 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -27,3 +27,4 @@
libffi-dev
libssl-dev # for pyOpenSSL
gettext # used for compiling message catalogs
+openjdk-7-jre-headless # NOPRIME
diff --git a/files/rpms/general b/files/rpms/general
index 13c8a87..6f22391 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -26,3 +26,4 @@
libyaml-devel
gettext # used for compiling message catalogs
net-tools
+java-1.7.0-openjdk-headless # NOPRIME
diff --git a/functions-common b/functions-common
index d3b3c0c..6beb670 100644
--- a/functions-common
+++ b/functions-common
@@ -913,9 +913,9 @@
echo $role_id
}
-# Gets or adds user role
-# Usage: get_or_add_user_role <role> <user> <project>
-function get_or_add_user_role {
+# Gets or adds user role to project
+# Usage: get_or_add_user_project_role <role> <user> <project>
+function get_or_add_user_project_role {
# Gets user role id
local user_role_id=$(openstack role list \
--user $2 \
diff --git a/lib/ceilometer b/lib/ceilometer
index f03bab2..698e8b0 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -108,7 +108,7 @@
# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
- create_service_user "ceilometer" "admin"
+ create_service_user "ceilometer"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
local ceilometer_service=$(get_or_create_service "ceilometer" \
@@ -121,7 +121,7 @@
fi
if is_service_enabled swift; then
# Ceilometer needs ResellerAdmin role to access swift account stats.
- get_or_add_user_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
+ get_or_add_user_project_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
fi
fi
}
diff --git a/lib/cinder b/lib/cinder
index 12ba51e..17a0cc3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -333,7 +333,7 @@
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
- create_service_user "cinder" "admin"
+ create_service_user "cinder"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/glance b/lib/glance
old mode 100644
new mode 100755
index 0340c21..5bd0b8c
--- a/lib/glance
+++ b/lib/glance
@@ -70,7 +70,6 @@
# Tell Tempest this project is present
TEMPEST_SERVICES+=,glance
-
# Functions
# ---------
@@ -239,7 +238,7 @@
local glance_swift_user=$(get_or_create_user "glance-swift" \
"$SERVICE_PASSWORD" "glance-swift@example.com")
- get_or_add_user_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
+ get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
fi
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
@@ -308,6 +307,10 @@
git_clone $GLANCE_REPO $GLANCE_DIR $GLANCE_BRANCH
setup_develop $GLANCE_DIR
+ if is_service_enabled g-graffiti; then
+ ${TOP_DIR}/pkg/elasticsearch.sh download
+ ${TOP_DIR}/pkg/elasticsearch.sh install
+ fi
}
# start_glance() - Start running processes, including screen
@@ -321,6 +324,9 @@
run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
run_process g-api "$GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf"
+ if is_service_enabled g-graffiti; then
+ ${TOP_DIR}/pkg/elasticsearch.sh start
+ fi
echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..."
if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then
die $LINENO "g-api did not start"
@@ -334,7 +340,6 @@
stop_process g-reg
}
-
# Restore xtrace
$XTRACE
diff --git a/lib/ironic b/lib/ironic
index 921bcf1..bed816e 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -362,7 +362,7 @@
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
# Get ironic user if exists
- create_service_user "ironic" "admin"
+ create_service_user "ironic"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/keystone b/lib/keystone
index 79806b8..2da2d1b 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -365,7 +365,7 @@
local admin_tenant=$(get_or_create_project "admin")
local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
local admin_role=$(get_or_create_role "admin")
- get_or_add_user_role $admin_role $admin_user $admin_tenant
+ get_or_add_user_project_role $admin_role $admin_user $admin_tenant
# Create service project/role
get_or_create_project "$SERVICE_TENANT_NAME"
@@ -394,10 +394,10 @@
local demo_user=$(get_or_create_user "demo" \
"$ADMIN_PASSWORD" "demo@example.com")
- get_or_add_user_role $member_role $demo_user $demo_tenant
- get_or_add_user_role $admin_role $admin_user $demo_tenant
- get_or_add_user_role $another_role $demo_user $demo_tenant
- get_or_add_user_role $member_role $demo_user $invis_tenant
+ get_or_add_user_project_role $member_role $demo_user $demo_tenant
+ get_or_add_user_project_role $admin_role $admin_user $demo_tenant
+ get_or_add_user_project_role $another_role $demo_user $demo_tenant
+ get_or_add_user_project_role $member_role $demo_user $invis_tenant
get_or_create_group "developers" "default" "openstack developers"
get_or_create_group "testers" "default"
@@ -426,7 +426,7 @@
local role=${2:-service}
local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")
- get_or_add_user_role "$role" "$user" "$SERVICE_TENANT_NAME"
+ get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
}
# Configure the service to use the auth token middleware.
diff --git a/lib/nova b/lib/nova
index c760066..a5033f7 100644
--- a/lib/nova
+++ b/lib/nova
@@ -356,6 +356,8 @@
# Nova
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
+ # NOTE(jamielennox): Nova doesn't need the admin role here, however neutron uses
+ # this service user when notifying nova of changes and that requires the admin role.
create_service_user "nova" "admin"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
@@ -383,7 +385,7 @@
if is_service_enabled swift; then
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
- get_or_add_user_role ResellerAdmin nova $SERVICE_TENANT_NAME
+ get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
fi
# EC2
diff --git a/lib/opendaylight b/lib/opendaylight
deleted file mode 100644
index 6518673..0000000
--- a/lib/opendaylight
+++ /dev/null
@@ -1,215 +0,0 @@
-#!/bin/bash
-#
-# lib/opendaylight
-# Functions to control the configuration and operation of the opendaylight service
-
-# Dependencies:
-#
-# ``functions`` file
-# ``DEST`` must be defined
-# ``STACK_USER`` must be defined
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# - is_opendaylight_enabled
-# - is_opendaylight-compute_enabled
-# - install_opendaylight
-# - install_opendaylight-compute
-# - configure_opendaylight
-# - init_opendaylight
-# - start_opendaylight
-# - stop_opendaylight-compute
-# - stop_opendaylight
-# - cleanup_opendaylight
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# For OVS_BRIDGE and PUBLIC_BRIDGE
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-# Defaults
-# --------
-
-# The IP address of ODL. Set this in local.conf.
-# ODL_MGR_IP=
-ODL_MGR_IP=${ODL_MGR_IP:-$SERVICE_HOST}
-
-# The ODL endpoint URL
-ODL_ENDPOINT=${ODL_ENDPOINT:-http://${ODL_MGR_IP}:8080/controller/nb/v2/neutron}
-
-# The ODL username
-ODL_USERNAME=${ODL_USERNAME:-admin}
-
-# The ODL password
-ODL_PASSWORD=${ODL_PASSWORD:-admin}
-
-# Short name of ODL package
-ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1.1}
-
-# <define global variables here that belong to this project>
-ODL_DIR=$DEST/opendaylight
-
-# The OpenDaylight Package, currently using 'Hydrogen' release
-ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.1.zip}
-
-# The OpenDaylight URL
-ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1.1/}
-
-# Default arguments for OpenDaylight. This is typically used to set
-# Java memory options.
-# ``ODL_ARGS=Xmx1024m -XX:MaxPermSize=512m``
-ODL_ARGS=${ODL_ARGS:-"-XX:MaxPermSize=384m"}
-
-# How long to pause after ODL starts to let it complete booting
-ODL_BOOT_WAIT=${ODL_BOOT_WAIT:-20}
-
-# The physical provider network to device mapping
-ODL_PROVIDER_MAPPINGS=${ODL_PROVIDER_MAPPINGS:-physnet1:eth1}
-
-# Enable OpenDaylight l3 forwarding
-ODL_L3=${ODL_L3:-False}
-
-# Enable debug logs for odl ovsdb
-ODL_NETVIRT_DEBUG_LOGS=${ODL_NETVIRT_DEBUG_LOGS:-False}
-
-# The logging config file in ODL
-ODL_LOGGING_CONFIG=${ODL_LOGGING_CONFIG:-${ODL_DIR}/${ODL_NAME}/etc/org.ops4j.pax.logging.cfg}
-
-# Entry Points
-# ------------
-
-# Test if OpenDaylight is enabled
-# is_opendaylight_enabled
-function is_opendaylight_enabled {
- [[ ,${ENABLED_SERVICES} =~ ,"odl-" ]] && return 0
- return 1
-}
-
-# cleanup_opendaylight() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_opendaylight {
- :
-}
-
-# configure_opendaylight() - Set config files, create data dirs, etc
-function configure_opendaylight {
- # Add odl-ovsdb-openstack if it's not already there
- local ODLOVSDB=$(cat $ODL_DIR/$ODL_NAME/etc/org.apache.karaf.features.cfg | grep featuresBoot= | grep odl)
- if [ "$ODLOVSDB" == "" ]; then
- sed -i '/^featuresBoot=/ s/$/,odl-ovsdb-openstack/' $ODL_DIR/$ODL_NAME/etc/org.apache.karaf.features.cfg
- fi
-
- # Configure OpenFlow 1.3 if it's not there
- local OFLOW13=$(cat $ODL_DIR/$ODL_NAME/etc/custom.properties | grep ^of.version)
- if [ "$OFLOW13" == "" ]; then
- echo "ovsdb.of.version=1.3" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
- fi
-
- # Configure L3 if the user wants it
- if [ "${ODL_L3}" == "True" ]; then
- # Configure L3 FWD if it's not there
- local L3FWD=$(cat $ODL_DIR/$ODL_NAME/etc/custom.properties | grep ^ovsdb.l3.fwd.enabled)
- if [ "$L3FWD" == "" ]; then
- echo "ovsdb.l3.fwd.enabled=yes" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
- fi
- fi
-
- # Configure DEBUG logs for network virtualization in odl, if the user wants it
- if [ "${ODL_NETVIRT_DEBUG_LOGS}" == "True" ]; then
- local OVSDB_DEBUG_LOGS=$(cat $ODL_LOGGING_CONFIG | grep ^log4j.logger.org.opendaylight.ovsdb)
- if [ "${OVSDB_DEBUG_LOGS}" == "" ]; then
- echo 'log4j.logger.org.opendaylight.ovsdb = TRACE' >> $ODL_LOGGING_CONFIG
- echo 'log4j.logger.org.opendaylight.ovsdb.lib = INFO' >> $ODL_LOGGING_CONFIG
- echo 'log4j.logger.org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter = DEBUG' >> $ODL_LOGGING_CONFIG
- echo 'log4j.logger.org.opendaylight.ovsdb.openstack.netvirt.impl.TenantNetworkManagerImpl = DEBUG' >> $ODL_LOGGING_CONFIG
- echo 'log4j.logger.org.opendaylight.ovsdb.plugin.md.OvsdbInventoryManager = INFO' >> $ODL_LOGGING_CONFIG
- fi
- local ODL_NEUTRON_DEBUG_LOGS=$(cat $ODL_LOGGING_CONFIG | grep ^log4j.logger.org.opendaylight.controller.networkconfig.neutron)
- if [ "${ODL_NEUTRON_DEBUG_LOGS}" == "" ]; then
- echo 'log4j.logger.org.opendaylight.controller.networkconfig.neutron = TRACE' >> $ODL_LOGGING_CONFIG
- fi
- fi
-}
-
-function configure_ml2_odl {
- populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_odl url=$ODL_ENDPOINT
- populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_odl username=$ODL_USERNAME
- populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_odl password=$ODL_PASSWORD
-}
-
-# init_opendaylight() - Initialize databases, etc.
-function init_opendaylight {
- # clean up from previous (possibly aborted) runs
- # create required data files
- :
-}
-
-# install_opendaylight() - Collect source and prepare
-function install_opendaylight {
- local _pwd=$(pwd)
-
- if is_ubuntu; then
- install_package maven openjdk-7-jre openjdk-7-jdk
- else
- yum_install maven java-1.7.0-openjdk
- fi
-
- # Download OpenDaylight
- mkdir -p $ODL_DIR
- cd $ODL_DIR
- wget -N $ODL_URL/$ODL_PKG
- unzip -u $ODL_PKG
-}
-
-# install_opendaylight-compute - Make sure OVS is installed
-function install_opendaylight-compute {
- # packages are the same as for Neutron OVS agent
- _neutron_ovs_base_install_agent_packages
-}
-
-# start_opendaylight() - Start running processes, including screen
-function start_opendaylight {
- if is_ubuntu; then
- JHOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
- else
- JHOME=/usr/lib/jvm/java-1.7.0-openjdk
- fi
-
- # The flags to ODL have the following meaning:
- # -of13: runs ODL using OpenFlow 1.3 protocol support.
- # -virt ovsdb: Runs ODL in "virtualization" mode with OVSDB support
-
- run_process odl-server "cd $ODL_DIR/$ODL_NAME && JAVA_HOME=$JHOME bin/karaf"
-
- # Sleep a bit to let OpenDaylight finish starting up
- sleep $ODL_BOOT_WAIT
-}
-
-# stop_opendaylight() - Stop running processes (non-screen)
-function stop_opendaylight {
- stop_process odl-server
-}
-
-# stop_opendaylight-compute() - Remove OVS bridges
-function stop_opendaylight-compute {
- # remove all OVS ports that look like Neutron created ports
- for port in $(sudo ovs-vsctl list port | grep -o -e tap[0-9a-f\-]* -e q[rg]-[0-9a-f\-]*); do
- sudo ovs-vsctl del-port ${port}
- done
-
- # remove all OVS bridges created by Neutron
- for bridge in $(sudo ovs-vsctl list-br | grep -o -e ${OVS_BRIDGE} -e ${PUBLIC_BRIDGE}); do
- sudo ovs-vsctl del-br ${bridge}
- done
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/lib/sahara b/lib/sahara
index b3ca32f..db200cc 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -61,7 +61,7 @@
# service sahara admin
function create_sahara_accounts {
- create_service_user "sahara" "admin"
+ create_service_user "sahara"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/swift b/lib/swift
index d9f750c..e4d8b5f 100644
--- a/lib/swift
+++ b/lib/swift
@@ -603,7 +603,7 @@
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
- create_service_user "swift" "admin"
+ create_service_user "swift"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
@@ -620,18 +620,18 @@
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
- get_or_add_user_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
+ get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
- get_or_add_user_role $another_role $swift_user_test3 $swift_tenant_test1
+ get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
- get_or_add_user_role admin $swift_user_test2 $swift_tenant_test2
+ get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
@@ -641,7 +641,7 @@
local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
- get_or_add_user_role admin $swift_user_test4 $swift_tenant_test4
+ get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
}
# init_swift() - Initialize rings
diff --git a/lib/tempest b/lib/tempest
index 777d03e..8ef578b 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -292,6 +292,9 @@
iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID
iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
+ if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
+ iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
+ fi
# Image
# for the gate we want to be able to override this variable so we aren't
@@ -482,7 +485,7 @@
fi
done
- if is_ssl_enabled_service "keystone" || is_service_enabled tls-proxy; then
+ if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
# Use the BOTO_CONFIG environment variable to point to this file
iniset $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE
sudo chown $STACK_USER $BOTO_CONF
@@ -505,7 +508,7 @@
# between two regular users in separate tenants
get_or_create_project alt_demo
get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
- get_or_add_user_role Member alt_demo alt_demo
+ get_or_add_user_project_role Member alt_demo alt_demo
fi
}
diff --git a/lib/trove b/lib/trove
index d32c776..e1b307a 100644
--- a/lib/trove
+++ b/lib/trove
@@ -81,7 +81,7 @@
function create_trove_accounts {
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
- create_service_user "trove" "admin"
+ create_service_user "trove"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/zaqar b/lib/zaqar
index 8b560bb..4a24415 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -215,7 +215,7 @@
}
function create_zaqar_accounts {
- create_service_user "zaqar" "admin"
+ create_service_user "zaqar"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/unstack.sh b/unstack.sh
index bc439e9..4364e58 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -132,6 +132,9 @@
stop_tls_proxy
cleanup_CA
fi
+if [ "$USE_SSL" == "True" ]; then
+ cleanup_CA
+fi
SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*