Merge "Fix postgresql setup on openSUSE"
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 32d4e1a..17e8c59 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -71,6 +71,8 @@
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $HEAT_USER \
--role_id $ADMIN_ROLE
+ # heat_stack_user role is for users created by Heat
+ keystone role-create --name heat_stack_user
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
HEAT_CFN_SERVICE=$(get_id keystone service-create \
--name=heat-cfn \
diff --git a/functions b/functions
index 3ee43d3..1b7d130 100644
--- a/functions
+++ b/functions
@@ -715,6 +715,8 @@
function screen_it {
NL=`echo -ne '\015'`
SCREEN_NAME=${SCREEN_NAME:-stack}
+ SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
+
if is_service_enabled $1; then
# Append the service to the screen rc file
screen_rc "$1" "$2"
@@ -730,7 +732,7 @@
screen -S $SCREEN_NAME -p $1 -X log on
ln -sf ${SCREEN_LOGDIR}/screen-${1}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${1}.log
fi
- screen -S $SCREEN_NAME -p $1 -X stuff "$2$NL"
+ screen -S $SCREEN_NAME -p $1 -X stuff "$2 || touch \"$SERVICE_DIR/$SCREEN_NAME/$1.failure\"$NL"
fi
}
@@ -755,6 +757,47 @@
fi
}
+# Helper to remove the *.failure files under $SERVICE_DIR/$SCREEN_NAME
+# This is used for service_check when all the screen_it are called finished
+# init_service_check
+function init_service_check() {
+ SCREEN_NAME=${SCREEN_NAME:-stack}
+ SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
+
+ if [[ ! -d "$SERVICE_DIR/$SCREEN_NAME" ]]; then
+ mkdir -p "$SERVICE_DIR/$SCREEN_NAME"
+ fi
+
+ rm -f "$SERVICE_DIR/$SCREEN_NAME"/*.failure
+}
+
+# Helper to get the status of each running service
+# service_check
+function service_check() {
+ local service
+ local failures
+ SCREEN_NAME=${SCREEN_NAME:-stack}
+ SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
+
+
+ if [[ ! -d "$SERVICE_DIR/$SCREEN_NAME" ]]; then
+ echo "No service status directory found"
+ return
+ fi
+
+ # Check if there is any falure flag file under $SERVICE_DIR/$SCREEN_NAME
+ failures=`ls "$SERVICE_DIR/$SCREEN_NAME"/*.failure 2>/dev/null`
+
+ for service in $failures; do
+ service=`basename $service`
+ service=${service::-8}
+ echo "Error: Service $service is not running"
+ done
+
+ if [ -n "$failures" ]; then
+ echo "More details about the above errors can be found with screen, with ./rejoin-stack.sh"
+ fi
+}
# ``pip install`` the dependencies of the package before ``setup.py develop``
# so pip and not distutils processes the dependency chain
diff --git a/lib/cinder b/lib/cinder
index a43f0a1..16cbaf3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -105,10 +105,7 @@
iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
-
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
- fi
+ iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
iniset $CINDER_CONF DEFAULT auth_strategy keystone
@@ -212,11 +209,9 @@
fi
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- # Create cache dir
- sudo mkdir -p $CINDER_AUTH_CACHE_DIR
- sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
- fi
+ # Create cache dir
+ sudo mkdir -p $CINDER_AUTH_CACHE_DIR
+ sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
}
# install_cinder() - Collect source and prepare
diff --git a/lib/glance b/lib/glance
index b02a4b6..4f631b2 100644
--- a/lib/glance
+++ b/lib/glance
@@ -95,9 +95,7 @@
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
- fi
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
iniset $GLANCE_API_CONF DEFAULT debug True
@@ -121,9 +119,7 @@
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
- fi
+ iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
@@ -163,13 +159,11 @@
$GLANCE_BIN_DIR/glance-manage db_sync
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- # Create cache dir
- sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
- sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
- fi
+ # Create cache dir
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
}
# install_glanceclient() - Collect source and prepare
diff --git a/lib/horizon b/lib/horizon
index 68337ab..5d479d5 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -79,7 +79,7 @@
# Be a good citizen and use the distro tools here
sudo touch /etc/$APACHE_NAME/$APACHE_CONF
sudo a2ensite horizon
- # WSGI doesn't enable by default, enable it
+ # WSGI isn't enabled by default, enable it
sudo a2enmod wsgi
elif is_fedora; then
APACHE_NAME=httpd
@@ -88,9 +88,8 @@
elif is_suse; then
APACHE_NAME=apache2
APACHE_CONF=vhosts.d/horizon.conf
- # Append wsgi to the list of modules to load
- grep -q "^APACHE_MODULES=.*wsgi" /etc/sysconfig/apache2 ||
- sudo sed '/^APACHE_MODULES=/s/^\(.*\)"$/\1 wsgi"/' -i /etc/sysconfig/apache2
+ # WSGI isn't enabled by default, enable it
+ sudo a2enmod wsgi
else
exit_distro_not_supported "apache configuration"
fi
diff --git a/lib/nova b/lib/nova
index 86db561..840965e 100644
--- a/lib/nova
+++ b/lib/nova
@@ -172,9 +172,7 @@
" -i $NOVA_API_PASTE_INI
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
- fi
+ iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
if is_service_enabled n-cpu; then
# Force IP forwarding on, just on case
@@ -231,10 +229,13 @@
if is_ubuntu; then
LIBVIRT_DAEMON=libvirt-bin
else
- # http://wiki.libvirt.org/page/SSHPolicyKitSetup
- if ! getent group libvirtd >/dev/null; then
- sudo groupadd libvirtd
- fi
+ LIBVIRT_DAEMON=libvirtd
+ fi
+
+ # For distributions using polkit to authorize access to libvirt,
+ # configure polkit accordingly.
+ # Based on http://wiki.libvirt.org/page/SSHPolicyKitSetup
+ if is_fedora; then
sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[libvirt Management Access]
Identity=unix-group:libvirtd
@@ -243,11 +244,24 @@
ResultInactive=yes
ResultActive=yes
EOF'
- LIBVIRT_DAEMON=libvirtd
+ elif is_suse; then
+ # Work around the fact that polkit-default-privs overrules pklas
+ # with 'unix-group:$group'.
+ sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
+[libvirt Management Access]
+Identity=unix-user:$USER
+Action=org.libvirt.unix.manage
+ResultAny=yes
+ResultInactive=yes
+ResultActive=yes
+EOF"
fi
# The user that nova runs as needs to be member of **libvirtd** group otherwise
# nova-compute will be unable to use libvirt.
+ if ! getent group libvirtd >/dev/null; then
+ sudo groupadd libvirtd
+ fi
add_user_to_group `whoami` libvirtd
# libvirt detects various settings on startup, as we potentially changed
@@ -418,11 +432,9 @@
$NOVA_BIN_DIR/nova-manage db sync
fi
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- # Create cache dir
- sudo mkdir -p $NOVA_AUTH_CACHE_DIR
- sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
- fi
+ # Create cache dir
+ sudo mkdir -p $NOVA_AUTH_CACHE_DIR
+ sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
}
# install_novaclient() - Collect source and prepare
diff --git a/lib/quantum b/lib/quantum
index 4e9f298..288a327 100644
--- a/lib/quantum
+++ b/lib/quantum
@@ -123,12 +123,10 @@
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
- iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
- # Create cache dir
- sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
- sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
- fi
+ iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
+ # Create cache dir
+ sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
+ sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
}
function quantum_setup_ovs_bridge() {
diff --git a/stack.sh b/stack.sh
index da0faed..c6b92fa 100755
--- a/stack.sh
+++ b/stack.sh
@@ -923,6 +923,8 @@
# Set a reasonable status bar
screen -r $SCREEN_NAME -X hardstatus alwayslastline "$SCREEN_HARDSTATUS"
+# Initialize the directory for service status check
+init_service_check
# Keystone
# --------
@@ -1700,6 +1702,8 @@
$TOP_DIR/local.sh
fi
+# Check the status of running services
+service_check
# Fin
# ===
diff --git a/stackrc b/stackrc
index 8ac6ec5..8b42c24 100644
--- a/stackrc
+++ b/stackrc
@@ -14,7 +14,7 @@
# ``disable_service`` functions in ``localrc``.
# For example, to enable Swift add this to ``localrc``:
# enable_service swift
-ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,$DATABASE_TYPE
+ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
# Set the default Nova APIs to enable
NOVA_ENABLED_APIS=ec2,osapi_compute,metadata
diff --git a/tools/info.sh b/tools/info.sh
index f01dbea..ef1f338 100755
--- a/tools/info.sh
+++ b/tools/info.sh
@@ -92,6 +92,8 @@
PKG_DIR=$FILES/apts
elif is_fedora; then
PKG_DIR=$FILES/rpms
+elif is_suse; then
+ PKG_DIR=$FILES/rpms-suse
else
exit_distro_not_supported "list of packages"
fi