Merge "Remove heat code from devstack tree"
diff --git a/clean.sh b/clean.sh
index b59635a..e369eda 100755
--- a/clean.sh
+++ b/clean.sh
@@ -146,3 +146,8 @@
done
rm -rf ~/.config/openstack
+
+# Clean up all *.pyc files
+if [[ -n "$DEST" ]] && [[ -d "$DEST" ]]; then
+ sudo find $DEST -name "*.pyc" -print0 | xargs -0 rm
+fi
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 22809eb..53ae82f 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -63,7 +63,7 @@
::
[[local|localrc]]
- FIXED_RANGE=10.254.1.0/24
+ IPV4_ADDRS_SAFE_TO_USE=10.254.1.0/24
ADMIN_PASSWORD=speciale
LOGFILE=$DEST/logs/stack.sh.log
@@ -161,8 +161,8 @@
- no logging
- pre-set the passwords to prevent interactive prompts
-- move network ranges away from the local network (``FIXED_RANGE`` and
- ``FLOATING_RANGE``, commented out below)
+- move network ranges away from the local network (``IPV4_ADDRS_SAFE_TO_USE``
+ and ``FLOATING_RANGE``, commented out below)
- set the host IP if detection is unreliable (``HOST_IP``, commented
out below)
@@ -173,7 +173,7 @@
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
- #FIXED_RANGE=172.31.1.0/24
+ #IPV4_ADDRS_SAFE_TO_USE=172.31.1.0/24
#FLOATING_RANGE=192.168.20.0/25
#HOST_IP=10.3.4.5
@@ -537,12 +537,12 @@
IPV6_RA_MODE=slaac
IPV6_ADDRESS_MODE=slaac
- FIXED_RANGE_V6=fd$IPV6_GLOBAL_ID::/64
+ IPV6_ADDRS_SAFE_TO_USE=fd$IPV6_GLOBAL_ID::/56
IPV6_PRIVATE_NETWORK_GATEWAY=fd$IPV6_GLOBAL_ID::1
-*Note*: ``FIXED_RANGE_V6`` and ``IPV6_PRIVATE_NETWORK_GATEWAY`` can be
-configured with any valid IPv6 prefix. The default values make use of
-an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.
+*Note*: ``IPV6_ADDRS_SAFE_TO_USE`` and ``IPV6_PRIVATE_NETWORK_GATEWAY``
+can be configured with any valid IPv6 prefix. The default values make
+use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.
Service Version
~~~~~~~~~~~~~~~
@@ -703,13 +703,13 @@
~~~~~~
The logical volume group used to hold the Cinder-managed volumes is
-set by ``VOLUME_GROUP``, the logical volume name prefix is set with
+set by ``VOLUME_GROUP_NAME``, the logical volume name prefix is set with
``VOLUME_NAME_PREFIX`` and the size of the volume backing file is set
with ``VOLUME_BACKING_FILE_SIZE``.
::
- VOLUME_GROUP="stack-volumes"
+ VOLUME_GROUP_NAME="stack-volumes"
VOLUME_NAME_PREFIX="volume-"
VOLUME_BACKING_FILE_SIZE=10250M
diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
index 0c439ad..21bea99 100644
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -66,21 +66,21 @@
./stack.sh
. ./openrc
- neutron net-list # should show public and private networks
+ openstack network list # should show public and private networks
Create two nova instances that we can use as test http servers:
::
#create nova instances on private network
- nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node1
- nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node2
+ nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
+ nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
nova list # should show the nova instances just created
#add secgroup rules to allow ssh etc..
- neutron security-group-rule-create default --protocol icmp
- neutron security-group-rule-create default --protocol tcp --port-range-min 22 --port-range-max 22
- neutron security-group-rule-create default --protocol tcp --port-range-min 80 --port-range-max 80
+ openstack security group rule create default --protocol icmp
+ openstack security group rule create default --protocol tcp --dst-port 22:22
+ openstack security group rule create default --protocol tcp --dst-port 80:80
Set up a simple web server on each of these instances. ssh into each instance (username 'cirros', password 'cubswin:)') and run
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 8751eb8..dfc9936 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -294,10 +294,10 @@
``stack-volumes`` can be pre-created on any physical volume supported by
Linux's LVM. The name of the volume group can be changed by setting
-``VOLUME_GROUP`` in ``localrc``. ``stack.sh`` deletes all logical
-volumes in ``VOLUME_GROUP`` that begin with ``VOLUME_NAME_PREFIX`` as
+``VOLUME_GROUP_NAME`` in ``localrc``. ``stack.sh`` deletes all logical
+volumes in ``VOLUME_GROUP_NAME`` that begin with ``VOLUME_NAME_PREFIX`` as
part of cleaning up from previous runs. It is recommended to not use the
-root volume group as ``VOLUME_GROUP``.
+root volume group as ``VOLUME_GROUP_NAME``.
The details of creating the volume group depends on the server hardware
involved but looks something like this:
@@ -400,6 +400,10 @@
ssh-keyscan -H DEST_HOSTNAME | sudo tee -a /root/.ssh/known_hosts
+3. Verify that login via ssh works without a password::
+
+ ssh -i /root/.ssh/id_rsa.pub stack@DESTINATION
+
In essence, this means that every compute node's root user's public RSA key
must exist in every other compute node's stack user's authorized_keys file and
every compute node's public ECDSA key needs to be in every other compute
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index bc6816c..092809a 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -79,7 +79,7 @@
## Neutron options
Q_USE_SECGROUP=True
FLOATING_RANGE="172.18.161.0/24"
- FIXED_RANGE="10.0.0.0/24"
+ IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/22"
Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
PUBLIC_NETWORK_GATEWAY="172.18.161.1"
PUBLIC_INTERFACE=eth0
@@ -387,17 +387,17 @@
## Neutron Networking options used to create Neutron Subnets
- FIXED_RANGE="203.0.113.0/24"
+ IPV4_ADDRS_SAFE_TO_USE="203.0.113.0/24"
NETWORK_GATEWAY=203.0.113.1
PROVIDER_SUBNET_NAME="provider_net"
PROVIDER_NETWORK_TYPE="vlan"
SEGMENTATION_ID=2010
USE_SUBNETPOOL=False
-In this configuration we are defining FIXED_RANGE to be a
+In this configuration we are defining IPV4_ADDRS_SAFE_TO_USE to be a
publicly routed IPv4 subnet. In this specific instance we are using
the special TEST-NET-3 subnet defined in `RFC 5737 <http://tools.ietf.org/html/rfc5737>`_,
-which is used for documentation. In your DevStack setup, FIXED_RANGE
+which is used for documentation. In your DevStack setup, IPV4_ADDRS_SAFE_TO_USE
would be a public IP address range that you or your organization has
allocated to you, so that you could access your instances from the
public internet.
@@ -524,7 +524,7 @@
## Neutron options
Q_USE_SECGROUP=True
FLOATING_RANGE="172.18.161.0/24"
- FIXED_RANGE="10.0.0.0/24"
+ IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/24"
Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
PUBLIC_NETWORK_GATEWAY="172.18.161.1"
PUBLIC_INTERFACE=eth0
@@ -573,7 +573,7 @@
Q_AGENT=macvtap
PHYSICAL_NETWORK=default
- FIXED_RANGE="203.0.113.0/24"
+ IPV4_ADDRS_SAFE_TO_USE="203.0.113.0/24"
NETWORK_GATEWAY=203.0.113.1
PROVIDER_SUBNET_NAME="provider_net"
PROVIDER_NETWORK_TYPE="vlan"
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 435011b..b8dd506 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -45,31 +45,6 @@
If you do not have a preference, Ubuntu 16.04 is the most tested, and
will probably go the smoothest.
-Download DevStack
------------------
-
-::
-
- git clone https://git.openstack.org/openstack-dev/devstack
-
-The ``devstack`` repo contains a script that installs OpenStack and
-templates for configuration files
-
-Create a local.conf
--------------------
-
-Create a ``local.conf`` file with 4 passwords preset
-
-::
-
- [[local|localrc]]
- ADMIN_PASSWORD=secret
- DATABASE_PASSWORD=$ADMIN_PASSWORD
- RABBIT_PASSWORD=$ADMIN_PASSWORD
- SERVICE_PASSWORD=$ADMIN_PASSWORD
-
-This is the minimum required config to get started with DevStack.
-
Add Stack User
--------------
@@ -81,14 +56,48 @@
::
- devstack/tools/create-stack-user.sh; su stack
+ $ adduser stack
+
+Since this user will be making many changes to your system, it should
+have sudo privileges:
+
+::
+
+ $ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+ $ su stack
+
+Download DevStack
+-----------------
+
+::
+
+ $ git clone https://git.openstack.org/openstack-dev/devstack
+ $ cd devstack
+
+The ``devstack`` repo contains a script that installs OpenStack and
+templates for configuration files
+
+Create a local.conf
+-------------------
+
+Create a ``local.conf`` file with 4 passwords preset at the root of the
+devstack git repo.
+::
+
+ [[local|localrc]]
+ ADMIN_PASSWORD=secret
+ DATABASE_PASSWORD=$ADMIN_PASSWORD
+ RABBIT_PASSWORD=$ADMIN_PASSWORD
+ SERVICE_PASSWORD=$ADMIN_PASSWORD
+
+This is the minimum required config to get started with DevStack.
Start the install
-----------------
::
- cd devstack; ./stack.sh
+ ./stack.sh
This will take a 15 - 20 minutes, largely depending on the speed of
your internet connection. Many git trees and packages will be
diff --git a/doc/source/networking.rst b/doc/source/networking.rst
index 1d56c33..bdbeaaa 100644
--- a/doc/source/networking.rst
+++ b/doc/source/networking.rst
@@ -4,7 +4,7 @@
An important part of the DevStack experience is networking that works
by default for created guests. This might not be optimal for your
-particular testing environment, so this document tries it's best to
+particular testing environment, so this document tries its best to
explain what's going on.
Defaults
@@ -15,10 +15,11 @@
* neutron (including l3 with openvswitch)
* private project networks for each openstack project
* a floating ip range of 172.24.4.0/24 with the gateway of 172.24.4.1
-* the demo project configured with fixed ips on 10.0.0.0/24
-* a ``br-ex`` interface controlled by neutron for all it's networking
+* the demo project configured with fixed ips on a subnet allocated from
+ the 10.0.0.0/22 range
+* a ``br-ex`` interface controlled by neutron for all its networking
(this is not connected to any physical interfaces).
-* DNS resolution for guests based on the resolv.conf for you host
+* DNS resolution for guests based on the resolv.conf for your host
* an ip masq rule that allows created guests to route out
This creates an environment which is isolated to the single
@@ -39,7 +40,7 @@
Locally Accessible Guests
=========================
-If you want to make you guests accessible other machines on your
+If you want to make you guests accessible from other machines on your
network, we have to connect ``br-ex`` to a physical interface.
Dedicated Guest Interface
@@ -95,3 +96,21 @@
your existing network, you'll want to give it a slice that your local
dhcp server is not allocating. Otherwise you could easily have
conflicting ip addresses, and cause havoc with your local network.
+
+
+Private Network Addressing
+==========================
+
+The private networks addresses are controlled by the ``IPV4_ADDRS_SAFE_TO_USE``
+and the ``IPV6_ADDRS_SAFE_TO_USE`` variables. This allows users to specify one
+single variable of safe internal IPs to use that will be referenced whether or
+not subnetpools are in use.
+
+For IPv4, ``FIXED_RANGE`` and ``SUBNETPOOL_PREFIX_V4`` will just default to
+the value of ``IPV4_ADDRS_SAFE_TO_USE`` directly.
+
+For IPv6, ``FIXED_RANGE_V6`` will default to the first /64 of the value of
+``IPV6_ADDRS_SAFE_TO_USE``. If ``IPV6_ADDRS_SAFE_TO_USE`` is /64 or smaller,
+``FIXED_RANGE_V6`` will just use the value of that directly.
+``SUBNETPOOL_PREFIX_V6`` will just default to the value of
+``IPV6_ADDRS_SAFE_TO_USE`` directly.
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 6ece997..89f74c3 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -76,6 +76,7 @@
magnum `git://git.openstack.org/openstack/magnum <https://git.openstack.org/cgit/openstack/magnum>`__
magnum-ui `git://git.openstack.org/openstack/magnum-ui <https://git.openstack.org/cgit/openstack/magnum-ui>`__
manila `git://git.openstack.org/openstack/manila <https://git.openstack.org/cgit/openstack/manila>`__
+manila-ui `git://git.openstack.org/openstack/manila-ui <https://git.openstack.org/cgit/openstack/manila-ui>`__
masakari `git://git.openstack.org/openstack/masakari <https://git.openstack.org/cgit/openstack/masakari>`__
mistral `git://git.openstack.org/openstack/mistral <https://git.openstack.org/cgit/openstack/mistral>`__
mixmatch `git://git.openstack.org/openstack/mixmatch <https://git.openstack.org/cgit/openstack/mixmatch>`__
diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index e003c56..e8c8f62 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -156,7 +156,7 @@
function get_network_id {
local NETWORK_NAME="$1"
local NETWORK_ID
- NETWORK_ID=`neutron net-list -F id -- --name=$NETWORK_NAME | awk "NR==4" | awk '{print $2}'`
+ NETWORK_ID=`openstack network show -f value -c id $NETWORK_NAME`
echo $NETWORK_ID
}
@@ -234,9 +234,9 @@
PROJECT_ID=$(get_project_id $PROJECT)
source $TOP_DIR/openrc $PROJECT $PROJECT
local NET_ID
- NET_ID=$(neutron net-create --project-id $PROJECT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
+ NET_ID=$(openstack network create --project $PROJECT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PROJECT_ID $NET_NAME $EXTRA"
- neutron subnet-create --ip-version 4 --project-id $PROJECT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
+ openstack subnet create --ip-version 4 --project $PROJECT_ID --gateway $GATEWAY --subnet-pool None --network $NET_ID --subnet-range $CIDR "${NET_NAME}_subnet"
neutron_debug_admin probe-create --device-owner compute $NET_ID
source $TOP_DIR/openrc demo demo
}
@@ -325,10 +325,10 @@
PROJECT_ID=$(get_project_id $PROJECT)
#TODO(nati) comment out until l3-agent merged
#for res in port subnet net router;do
- for net_id in `neutron net-list -c id -c name | grep $NET_NAME | awk '{print $2}'`;do
+ for net_id in `openstack network list -c ID -c Name | grep $NET_NAME | awk '{print $2}'`;do
delete_probe $net_id
- neutron subnet-list | grep $net_id | awk '{print $2}' | xargs -I% neutron subnet-delete %
- neutron net-delete $net_id
+ openstack subnet list | grep $net_id | awk '{print $2}' | xargs -I% openstack subnet delete %
+ openstack network delete $net_id
done
source $TOP_DIR/openrc demo demo
}
diff --git a/extras.d/80-tempest.sh b/extras.d/80-tempest.sh
index 6a3d121..15ecfe3 100644
--- a/extras.d/80-tempest.sh
+++ b/extras.d/80-tempest.sh
@@ -11,13 +11,16 @@
# Tempest config must come after layer 2 services are running
:
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+ # Tempest config must come after all other plugins are run
+ :
+ elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
+ # local.conf Tempest option overrides
+ :
+ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
echo_summary "Initializing Tempest"
configure_tempest
echo_summary "Installing Tempest Plugins"
install_tempest_plugins
- elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
- # local.conf Tempest option overrides
- :
fi
if [[ "$1" == "unstack" ]]; then
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 428544f..84dc273 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -34,6 +34,12 @@
%SSLKEYFILE%
</VirtualHost>
+%SSLLISTEN%<VirtualHost *:443>
+%SSLLISTEN% %SSLENGINE%
+%SSLLISTEN% %SSLCERTFILE%
+%SSLLISTEN% %SSLKEYFILE%
+%SSLLISTEN%</VirtualHost>
+
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
diff --git a/files/rpms/general b/files/rpms/general
index d0ceb56..77d2fa5 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -7,9 +7,9 @@
gettext # used for compiling message catalogs
git-core
graphviz # needed only for docs
-iptables-services # NOPRIME f23,f24
+iptables-services # NOPRIME f23,f24,f25
java-1.7.0-openjdk-headless # NOPRIME rhel7
-java-1.8.0-openjdk-headless # NOPRIME f23,f24
+java-1.8.0-openjdk-headless # NOPRIME f23,f24,f25
libffi-devel
libjpeg-turbo-devel # Pillow 3.0.0
libxml2-devel # lxml
diff --git a/files/rpms/nova b/files/rpms/nova
index a883ec4..45f1c94 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -7,7 +7,7 @@
genisoimage # required for config_drive
iptables
iputils
-kernel-modules # dist:f23,f24
+kernel-modules # dist:f23,f24,f25
kpartx
kvm # NOPRIME
libvirt-bin # NOPRIME
diff --git a/files/rpms/swift b/files/rpms/swift
index bd249ee..2f12df0 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -2,7 +2,7 @@
liberasurecode-devel
memcached
pyxattr
-rsync-daemon # dist:f23,f24
+rsync-daemon # dist:f23,f24,f25
sqlite
xfsprogs
xinetd
diff --git a/files/swift/rsyncd.conf b/files/swift/rsyncd.conf
index c670531..c49f716 100644
--- a/files/swift/rsyncd.conf
+++ b/files/swift/rsyncd.conf
@@ -4,76 +4,76 @@
pid file = %SWIFT_DATA_DIR%/run/rsyncd.pid
address = 127.0.0.1
-[account6012]
+[account6612]
max connections = 25
path = %SWIFT_DATA_DIR%/1/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/account6012.lock
+lock file = %SWIFT_DATA_DIR%/run/account6612.lock
-[account6022]
+[account6622]
max connections = 25
path = %SWIFT_DATA_DIR%/2/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/account6022.lock
+lock file = %SWIFT_DATA_DIR%/run/account6622.lock
-[account6032]
+[account6632]
max connections = 25
path = %SWIFT_DATA_DIR%/3/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/account6032.lock
+lock file = %SWIFT_DATA_DIR%/run/account6632.lock
-[account6042]
+[account6642]
max connections = 25
path = %SWIFT_DATA_DIR%/4/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/account6042.lock
+lock file = %SWIFT_DATA_DIR%/run/account6642.lock
-[container6011]
+[container6611]
max connections = 25
path = %SWIFT_DATA_DIR%/1/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/container6011.lock
+lock file = %SWIFT_DATA_DIR%/run/container6611.lock
-[container6021]
+[container6621]
max connections = 25
path = %SWIFT_DATA_DIR%/2/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/container6021.lock
+lock file = %SWIFT_DATA_DIR%/run/container6621.lock
-[container6031]
+[container6631]
max connections = 25
path = %SWIFT_DATA_DIR%/3/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/container6031.lock
+lock file = %SWIFT_DATA_DIR%/run/container6631.lock
-[container6041]
+[container6641]
max connections = 25
path = %SWIFT_DATA_DIR%/4/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/container6041.lock
+lock file = %SWIFT_DATA_DIR%/run/container6641.lock
-[object6010]
+[object6613]
max connections = 25
path = %SWIFT_DATA_DIR%/1/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/object6010.lock
+lock file = %SWIFT_DATA_DIR%/run/object6613.lock
-[object6020]
+[object6623]
max connections = 25
path = %SWIFT_DATA_DIR%/2/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/object6020.lock
+lock file = %SWIFT_DATA_DIR%/run/object6623.lock
-[object6030]
+[object6633]
max connections = 25
path = %SWIFT_DATA_DIR%/3/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/object6030.lock
+lock file = %SWIFT_DATA_DIR%/run/object6633.lock
-[object6040]
+[object6643]
max connections = 25
path = %SWIFT_DATA_DIR%/4/node/
read only = false
-lock file = %SWIFT_DATA_DIR%/run/object6040.lock
+lock file = %SWIFT_DATA_DIR%/run/object6643.lock
diff --git a/functions-common b/functions-common
index 8e14b5e..cc1d42b 100644
--- a/functions-common
+++ b/functions-common
@@ -534,10 +534,8 @@
echo "the project to the \$PROJECTS variable in the job definition."
die $LINENO "Cloning not allowed in this configuration"
fi
- git_timed clone $git_clone_flags $git_remote $git_dest
- cd $git_dest
- # This checkout syntax works for both branches and tags
- git checkout $git_ref
+ # '--branch' can also take tags
+ git_timed clone $git_clone_flags $git_remote $git_dest --branch $git_ref
elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $git_dest
@@ -1318,7 +1316,7 @@
elif is_fedora; then
sudo ${YUM:-yum} remove -y "$@" ||:
elif is_suse; then
- sudo zypper rm "$@" ||:
+ sudo zypper remove -y "$@" ||:
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -1773,6 +1771,9 @@
local name=$1
local url=$2
local branch=${3:-master}
+ if [[ ",${DEVSTACK_PLUGINS}," =~ ,${name}, ]]; then
+ die $LINENO "Plugin attempted to be enabled twice: ${name} ${url} ${branch}"
+ fi
DEVSTACK_PLUGINS+=",$name"
GITREPO[$name]=$url
GITDIR[$name]=$DEST/$name
@@ -2260,6 +2261,14 @@
echo $subnet
}
+function is_provider_network {
+ if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ]; then
+ return 0
+ fi
+ return 1
+}
+
+
# Return the current python as "python<major>.<minor>"
function python_version {
local python_version
@@ -2310,11 +2319,12 @@
fi
}
-# Service wrapper to stop services
+# Service wrapper to reload services
+# If the service was not in running state it will start it
# reload_service service-name
function reload_service {
if [ -x /bin/systemctl ]; then
- sudo /bin/systemctl reload $1
+ sudo /bin/systemctl reload-or-restart $1
else
sudo service $1 reload
fi
diff --git a/inc/meta-config b/inc/meta-config
index 6eb7a00..6252135 100644
--- a/inc/meta-config
+++ b/inc/meta-config
@@ -40,12 +40,10 @@
$CONFIG_AWK_CMD -v matchgroup=$matchgroup -v configfile=$configfile '
BEGIN { group = "" }
/^\[\[.+\|.*\]\]/ {
- if (group == "") {
- gsub("[][]", "", $1);
- split($1, a, "|");
- if (a[1] == matchgroup && a[2] == configfile) {
- group=a[1]
- }
+ gsub("[][]", "", $1);
+ split($1, a, "|");
+ if (a[1] == matchgroup && a[2] == configfile) {
+ group=a[1]
} else {
group=""
}
diff --git a/lib/apache b/lib/apache
index 8a38cc4..2dc626f 100644
--- a/lib/apache
+++ b/lib/apache
@@ -29,15 +29,20 @@
# Set up apache name and configuration directory
+# Note that APACHE_CONF_DIR is really more accurately apache's vhost
+# configuration dir but we can't just change this because public interfaces.
if is_ubuntu; then
APACHE_NAME=apache2
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/sites-available}
+ APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf-enabled}
elif is_fedora; then
APACHE_NAME=httpd
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
+ APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
elif is_suse; then
APACHE_NAME=apache2
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
+ APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
fi
APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
diff --git a/lib/cinder b/lib/cinder
index c4a49cd..f6ad780 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -68,8 +68,12 @@
CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
# What type of LVM device should Cinder use for LVM backend
-# Defaults to thin. For thick provisioning change to 'default'
-CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-thin}
+# Defaults to default, which is thick, the other valid choice
+# is thin, which as the name implies utilizes lvm thin provisioning.
+# Thinly provisioned LVM volumes may be more efficient when using the Cinder
+# image cache, but there are also known race failures with volume snapshots
+# and thinly provisioned LVM volumes, see bug 1642111 for details.
+CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-default}
# Default backends
# The backend format is type:name where type is one of the supported backend
@@ -421,11 +425,7 @@
}
# init_cinder() - Initialize database and volume group
-# Uses global ``NOVA_ENABLED_APIS``
function init_cinder {
- # Force nova volumes off
- NOVA_ENABLED_APIS=$(echo $NOVA_ENABLED_APIS | sed "s/osapi_volume,//")
-
if is_service_enabled $DATABASE_BACKENDS; then
# (Re)create cinder database
recreate_database cinder
diff --git a/lib/cinder_backends/ceph b/lib/cinder_backends/ceph
index ba86ccf..00a0bb3 100644
--- a/lib/cinder_backends/ceph
+++ b/lib/cinder_backends/ceph
@@ -48,7 +48,7 @@
iniset $CINDER_CONF $be_name rbd_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF $be_name rbd_pool "$CINDER_CEPH_POOL"
iniset $CINDER_CONF $be_name rbd_user "$CINDER_CEPH_USER"
- iniset $CINDER_CONF $be_name rbd_uuid "$CINDER_CEPH_UUID"
+ iniset $CINDER_CONF $be_name rbd_secret_uuid "$CINDER_CEPH_UUID"
iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False
iniset $CINDER_CONF $be_name rbd_max_clone_depth 5
iniset $CINDER_CONF DEFAULT glance_api_version 2
diff --git a/lib/glance b/lib/glance
index 5259174..da9cd43 100644
--- a/lib/glance
+++ b/lib/glance
@@ -235,7 +235,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/horizon b/lib/horizon
index 78cbe8b..830da09 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -81,7 +81,7 @@
# Horizon is installed as develop mode, so we can compile here.
# Message catalog compilation is handled by Django admin script,
# so compiling them after the installation avoids Django installation twice.
- (cd $HORIZON_DIR; ./run_tests.sh -N --compilemessages)
+ (cd $HORIZON_DIR; python manage.py compilemessages)
# ``local_settings.py`` is used to override horizon default settings.
local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
@@ -97,6 +97,11 @@
_horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_URI}/v3\""
+ # note(trebskit): if HOST_IP points at non-localhost ip address, horizon cannot be accessed
+ # from outside the virtual machine. This fixes is meant primarily for local development
+ # purpose
+ _horizon_config_set $local_settings "" ALLOWED_HOSTS [\"*\"]
+
if [ -f $SSL_BUNDLE_FILE ]; then
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
fi
@@ -121,9 +126,7 @@
if is_ubuntu; then
disable_apache_site 000-default
sudo touch $horizon_conf
- elif is_fedora; then
- sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
- elif is_suse; then
+ elif is_fedora || is_suse; then
: # nothing to do
else
exit_distro_not_supported "horizon apache configuration"
diff --git a/lib/keystone b/lib/keystone
index fd92f31..fd1d1d4 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -51,9 +51,6 @@
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
-# NOTE(sdague): remove in Newton
-KEYSTONE_CATALOG_BACKEND="sql"
-
# Toggle for deploying Keystone under HTTPD + mod_wsgi
# Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}}
@@ -156,6 +153,7 @@
function _config_keystone_apache_wsgi {
local keystone_apache_conf
keystone_apache_conf=$(apache_site_config_for keystone)
+ keystone_ssl_listen="#"
local keystone_ssl=""
local keystone_certfile=""
local keystone_keyfile=""
@@ -164,6 +162,7 @@
local venv_path=""
if is_ssl_enabled_service key; then
+ keystone_ssl_listen=""
keystone_ssl="SSLEngine On"
keystone_certfile="SSLCertificateFile $KEYSTONE_SSL_CERT"
keystone_keyfile="SSLCertificateKeyFile $KEYSTONE_SSL_KEY"
@@ -181,6 +180,7 @@
s|%PUBLICPORT%|$keystone_service_port|g;
s|%ADMINPORT%|$keystone_auth_port|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%SSLLISTEN%|$keystone_ssl_listen|g;
s|%SSLENGINE%|$keystone_ssl|g;
s|%SSLCERTFILE%|$keystone_certfile|g;
s|%SSLKEYFILE%|$keystone_keyfile|g;
@@ -337,8 +337,8 @@
# Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project.
# The users from this project are globally admin as before, but it also
# allows policy changes in order to clarify the adminess scope.
- iniset $KEYSTONE_CONF resource admin_project_domain_name Default
- iniset $KEYSTONE_CONF resource admin_project_name admin
+ #iniset $KEYSTONE_CONF resource admin_project_domain_name Default
+ #iniset $KEYSTONE_CONF resource admin_project_name admin
}
# create_keystone_accounts() - Sets up common required keystone accounts
diff --git a/lib/lvm b/lib/lvm
index d35a76f..0cebd92 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -23,11 +23,7 @@
# Defaults
# --------
# Name of the lvm volume groups to use/create for iscsi volumes
-# This monkey-motion is for compatibility with icehouse-generation Grenade
-# If ``VOLUME_GROUP`` is set, use it, otherwise we'll build a VG name based
-# on ``VOLUME_GROUP_NAME`` that includes the backend name
-# Grenade doesn't use ``VOLUME_GROUP2`` so it is left out
-VOLUME_GROUP_NAME=${VOLUME_GROUP:-${VOLUME_GROUP_NAME:-stack-volumes}}
+VOLUME_GROUP_NAME=${VOLUME_GROUP_NAME:-stack-volumes}
DEFAULT_VOLUME_GROUP_NAME=$VOLUME_GROUP_NAME-default
# Backing file name is of the form $VOLUME_GROUP$BACKING_FILE_SUFFIX
@@ -105,7 +101,7 @@
# init_lvm_volume_group() initializes the volume group creating the backing
# file if necessary
#
-# Usage: init_lvm_volume_group() $vg
+# Usage: init_lvm_volume_group() $vg $size
function init_lvm_volume_group {
local vg=$1
local size=$2
diff --git a/lib/neutron b/lib/neutron
index 415344e..d30e185 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -200,7 +200,7 @@
if is_service_enabled neutron-l3; then
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_L3_CONF
iniset $NEUTRON_L3_CONF DEFAULT interface_driver $NEUTRON_AGENT
- iniset $NEUTRON_CONF DEFAULT service_plugins router
+ neutron_service_plugin_class_add router
iniset $NEUTRON_L3_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
iniset $NEUTRON_L3_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
neutron_plugin_configure_l3_agent $NEUTRON_L3_CONF
@@ -249,14 +249,8 @@
source $TOP_DIR/lib/neutron_plugins/services/metering
neutron_agent_metering_configure_common
neutron_agent_metering_configure_agent
- # TODO(sc68cal) hack because we don't pass around
- # $Q_SERVICE_PLUGIN_CLASSES like -legacy does
- local plugins=""
- plugins=$(iniget $NEUTRON_CONF DEFAULT service_plugins)
- plugins+=",metering"
- iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
+ neutron_service_plugin_class_add metering
fi
-
}
# configure_neutron_rootwrap() - configure Neutron's rootwrap
@@ -433,15 +427,17 @@
if is_service_enabled neutron-l3; then
run_process neutron-l3 "$NEUTRON_BIN_DIR/$NEUTRON_L3_BINARY $NEUTRON_CONFIG_ARG"
fi
- # XXX(sc68cal) - Here's where plugins can wire up their own networks instead
- # of the code in lib/neutron_plugins/services/l3
- if type -p neutron_plugin_create_initial_networks > /dev/null; then
- neutron_plugin_create_initial_networks
- else
- # XXX(sc68cal) Load up the built in Neutron networking code and build a topology
- source $TOP_DIR/lib/neutron_plugins/services/l3
- # Create the networks using servic
- create_neutron_initial_network
+ if is_service_enabled neutron-api; then
+ # XXX(sc68cal) - Here's where plugins can wire up their own networks instead
+ # of the code in lib/neutron_plugins/services/l3
+ if type -p neutron_plugin_create_initial_networks > /dev/null; then
+ neutron_plugin_create_initial_networks
+ else
+ # XXX(sc68cal) Load up the built in Neutron networking code and build a topology
+ source $TOP_DIR/lib/neutron_plugins/services/l3
+ # Create the networks using servic
+ create_neutron_initial_network
+ fi
fi
if is_service_enabled neutron-metadata-agent; then
run_process neutron-metadata-agent "$NEUTRON_BIN_DIR/$NEUTRON_META_BINARY $NEUTRON_CONFIG_ARG"
@@ -494,6 +490,16 @@
}
+# neutron_service_plugin_class_add() - add service plugin class
+function neutron_service_plugin_class_add_new {
+ local service_plugin_class=$1
+ local plugins=""
+
+ plugins=$(iniget $NEUTRON_CONF DEFAULT service_plugins)
+ plugins+=",${service_plugin_class}"
+ iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
+}
+
# Dispatch functions
# These are needed for compatibility between the old and new implementations
# where there are function name overlaps. These will be removed when
@@ -553,6 +559,15 @@
fi
}
+function neutron_service_plugin_class_add {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ _neutron_service_plugin_class_add "$@"
+ else
+ neutron_service_plugin_class_add_new "$@"
+ fi
+}
+
function start_neutron {
if is_neutron_legacy_enabled; then
# Call back to old function
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 613e0f1..0b0caf1 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -509,6 +509,10 @@
function stop_mutnauq_l2_agent {
stop_process q-agt
+
+ if [ "$VIRT_DRIVER" = 'xenserver' ]; then
+ stop_process q-domua
+ fi
}
# stop_mutnauq_other() - Stop running processes (non-screen)
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index d0de2f5..0c8ccb8 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -62,7 +62,9 @@
LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE
fi
if [[ "$PUBLIC_BRIDGE" != "" ]] && [[ "$PUBLIC_PHYSICAL_NETWORK" != "" ]]; then
- iniset /$Q_PLUGIN_CONF_FILE linux_bridge bridge_mappings "$PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE"
+ if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
+ iniset /$Q_PLUGIN_CONF_FILE linux_bridge bridge_mappings "$PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE"
+ fi
fi
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE linux_bridge physical_interface_mappings $LB_INTERFACE_MAPPINGS
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index e27b8a6..f009966 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -81,19 +81,24 @@
# integration bridge. This is enabled by using a root wrapper
# that executes commands on dom0 via a XenAPI plugin.
# XenAPI does not support daemon rootwrap now, so set root_helper_daemon empty
- iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_DOM0_COMMAND"
- iniset /$Q_PLUGIN_CONF_FILE agent root_helper_daemon ""
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper "$Q_RR_DOM0_COMMAND"
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper_daemon ""
# Disable minimize polling, so that it can always detect OVS and Port changes
# This is a problem of xenserver + neutron, bug has been reported
# https://bugs.launchpad.net/neutron/+bug/1495423
- iniset /$Q_PLUGIN_CONF_FILE agent minimize_polling False
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" agent minimize_polling False
# Set "physical" mapping
- iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings "physnet1:$FLAT_NETWORK_BRIDGE"
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:$FLAT_NETWORK_BRIDGE"
# XEN_INTEGRATION_BRIDGE is the integration bridge in dom0
- iniset /$Q_PLUGIN_CONF_FILE ovs integration_bridge $XEN_INTEGRATION_BRIDGE
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs integration_bridge $XEN_INTEGRATION_BRIDGE
+
+ # Set OVS native interface for ovs-agent in compute node
+ XEN_DOM0_IP=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3)
+ iniset /$Q_PLUGIN_CONF_FILE ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
+ iniset /$Q_PLUGIN_CONF_FILE ovs of_listen_address $HOST_IP
# Set up domU's L2 agent:
@@ -107,11 +112,11 @@
sudo ovs-vsctl -- --may-exist add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE
# Set bridge mappings to "physnet1:br-$GUEST_INTERFACE_DEFAULT"
- iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:br-$VLAN_INTERFACE,physnet-ex:$PUBLIC_BRIDGE"
+ iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings "physnet1:br-$VLAN_INTERFACE,physnet-ex:$PUBLIC_BRIDGE"
# Set integration bridge to domU's
- iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs integration_bridge $OVS_BRIDGE
+ iniset /$Q_PLUGIN_CONF_FILE ovs integration_bridge $OVS_BRIDGE
# Set root wrap
- iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper "$Q_RR_COMMAND"
+ iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
fi
iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
iniset /$Q_PLUGIN_CONF_FILE ovs datapath_type $OVS_DATAPATH_TYPE
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index baf7d7f..1004325 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -30,7 +30,7 @@
function _neutron_ovs_base_setup_bridge {
local bridge=$1
- neutron-ovs-cleanup
+ neutron-ovs-cleanup --config-file $NEUTRON_CONF
_neutron_ovs_base_add_bridge $bridge
sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
}
@@ -97,7 +97,7 @@
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
fi
- neutron-ovs-cleanup
+ neutron-ovs-cleanup --config-file $NEUTRON_CONF
if [[ "$Q_USE_PUBLIC_VETH" = "True" ]]; then
ip link show $Q_PUBLIC_VETH_INT > /dev/null 2>&1 ||
sudo ip link add $Q_PUBLIC_VETH_INT type veth \
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index aa61a10..569a366 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -70,7 +70,10 @@
IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
-FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
+IPV6_ADDRS_SAFE_TO_USE=${IPV6_ADDRS_SAFE_TO_USE:-fd$IPV6_GLOBAL_ID::/56}
+# if we got larger than a /64 safe to use, we only use the first /64 to
+# avoid side effects outlined in rfc7421
+FIXED_RANGE_V6=${FIXED_RANGE_V6:-$(echo $IPV6_ADDRS_SAFE_TO_USE | awk -F '/' '{ print $1"/"($2>63 ? $2 : 64) }')}
IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-}
IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}
IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}
@@ -86,10 +89,10 @@
USE_SUBNETPOOL=${USE_SUBNETPOOL:-True}
SUBNETPOOL_NAME=${SUBNETPOOL_NAME:-"shared-default-subnetpool"}
-SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-10.0.0.0/16}
-SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-2001:db8:8000::/48}
+SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-$IPV4_ADDRS_SAFE_TO_USE}
+SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-$IPV6_ADDRS_SAFE_TO_USE}
-SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}
+SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-26}
SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
default_v4_route_devs=$(ip -4 route | grep ^default | awk '{print $5}')
@@ -154,14 +157,6 @@
}
function create_neutron_initial_network {
- if ! is_service_enabled q-svc && ! is_service_enabled neutron-api; then
- echo "Controller services not enabled. No networks configured!"
- return
- fi
- if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "False" ]]; then
- echo "Network creation disabled!"
- return
- fi
local project_id
project_id=$(openstack project list | grep " demo " | get_field 1)
die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
@@ -174,10 +169,10 @@
if is_networking_extension_supported "auto-allocated-topology"; then
if [[ "$USE_SUBNETPOOL" == "True" ]]; then
if [[ "$IP_VERSION" =~ 4.* ]]; then
- SUBNETPOOL_V4_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --shared --is-default=True | grep ' id ' | get_field 2)
+ SUBNETPOOL_V4_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet pool create $SUBNETPOOL_NAME --default-prefix-length $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --share --default | grep ' id ' | get_field 2)
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
- SUBNETPOOL_V6_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --shared --is-default=True | grep ' id ' | get_field 2)
+ SUBNETPOOL_V6_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet pool create $SUBNETPOOL_NAME --default-prefix-length $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --share --default | grep ' id ' | get_field 2)
fi
fi
fi
@@ -185,14 +180,14 @@
if is_provider_network; then
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
- NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create $PHYSICAL_NETWORK --tenant_id $project_id --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
+ NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --project $project_id --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $project_id"
if [[ "$IP_VERSION" =~ 4.* ]]; then
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
- SUBNET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create --tenant_id $project_id --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnetpool $SUBNETPOOL_V4_ID} $NET_ID $fixed_range_v4 | grep ' id ' | get_field 2)
+ SUBNET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID --subnet-range $fixed_range_v4 | grep ' id ' | get_field 2)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $project_id"
fi
@@ -202,7 +197,7 @@
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi
- SUBNET_V6_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create --tenant_id $project_id --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnetpool $SUBNETPOOL_V6_ID} $NET_ID $fixed_range_v6 | grep 'id' | get_field 2)
+ SUBNET_V6_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID $fixed_range_v6 | grep 'id' | get_field 2)
die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
fi
@@ -212,7 +207,7 @@
sudo ip link set $PUBLIC_INTERFACE up
fi
else
- NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create --tenant-id $project_id "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
+ NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create --project $project_id "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $project_id"
if [[ "$IP_VERSION" =~ 4.* ]]; then
@@ -230,23 +225,23 @@
# Create a router, and add the private subnet as one of its interfaces
if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
# create a tenant-owned router.
- ROUTER_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-create --tenant-id $project_id $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+ ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create --project $project_id $Q_ROUTER_NAME | grep ' id ' | get_field 2)
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $project_id $Q_ROUTER_NAME"
else
# Plugin only supports creating a single router, which should be admin owned.
- ROUTER_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+ ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
fi
- EXTERNAL_NETWORK_FLAGS="--router:external"
+ EXTERNAL_NETWORK_FLAGS="--external"
if is_networking_extension_supported "auto-allocated-topology"; then
- EXTERNAL_NETWORK_FLAGS="$EXTERNAL_NETWORK_FLAGS --is-default"
+ EXTERNAL_NETWORK_FLAGS="$EXTERNAL_NETWORK_FLAGS --default"
fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
- EXT_NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type flat --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
else
- EXT_NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
@@ -268,16 +263,16 @@
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
- local subnet_params="--tenant-id $project_id "
- subnet_params+="--ip_version 4 "
+ local subnet_params="--project $project_id "
+ subnet_params+="--ip-version 4 "
if [[ -n "$NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $NETWORK_GATEWAY "
fi
- subnet_params+="--name $PRIVATE_SUBNET_NAME "
- subnet_params+="${SUBNETPOOL_V4_ID:+--subnetpool $SUBNETPOOL_V4_ID} "
- subnet_params+="$NET_ID $fixed_range_v4"
+ subnet_params+="${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} "
+ subnet_params+="${fixed_range_v4:+--subnet-range $fixed_range_v4} "
+ subnet_params+="--network $NET_ID $PRIVATE_SUBNET_NAME"
local subnet_id
- subnet_id=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep ' id ' | get_field 2)
+ subnet_id=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $project_id"
echo $subnet_id
}
@@ -291,52 +286,50 @@
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$FIXED_RANGE_V6
fi
- local subnet_params="--tenant-id $project_id "
- subnet_params+="--ip_version 6 "
+ local subnet_params="--project $project_id "
+ subnet_params+="--ip-version 6 "
if [[ -n "$IPV6_PRIVATE_NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
fi
- subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
- subnet_params+="${SUBNETPOOL_V6_ID:+--subnetpool $SUBNETPOOL_V6_ID} "
- subnet_params+="$NET_ID $fixed_range_v6 $ipv6_modes"
+ subnet_params+="${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} "
+ subnet_params+="${fixed_range_v6:+--subnet-range $fixed_range_v6 $ipv6_modes} "
+ subnet_params+="--network $NET_ID $IPV6_PRIVATE_SUBNET_NAME "
local ipv6_subnet_id
- ipv6_subnet_id=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep ' id ' | get_field 2)
+ ipv6_subnet_id=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $project_id"
echo $ipv6_subnet_id
}
# Create public IPv4 subnet
function _neutron_create_public_subnet_v4 {
- local subnet_params="--ip_version 4 "
+ local subnet_params="--ip-version 4 "
subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
if [[ -n "$PUBLIC_NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
fi
- subnet_params+="--name $PUBLIC_SUBNET_NAME "
- subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
- subnet_params+="-- --enable_dhcp=False"
+ subnet_params+="--network $EXT_NET_ID --subnet-range $FLOATING_RANGE --no-dhcp "
+ subnet_params+="$PUBLIC_SUBNET_NAME"
local id_and_ext_gw_ip
- id_and_ext_gw_ip=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+ id_and_ext_gw_ip=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep -e 'gateway_ip' -e ' id ')
die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
echo $id_and_ext_gw_ip
}
# Create public IPv6 subnet
function _neutron_create_public_subnet_v6 {
- local subnet_params="--ip_version 6 "
+ local subnet_params="--ip-version 6 "
subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
- subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
- subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
- subnet_params+="-- --enable_dhcp=False"
+ subnet_params+="--network $EXT_NET_ID --subnet-range $IPV6_PUBLIC_RANGE --no-dhcp "
+ subnet_params+="$IPV6_PUBLIC_SUBNET_NAME"
local ipv6_id_and_ext_gw_ip
- ipv6_id_and_ext_gw_ip=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+ ipv6_id_and_ext_gw_ip=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep -e 'gateway_ip' -e ' id ')
die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
echo $ipv6_id_and_ext_gw_ip
}
# Configure neutron router for IPv4 public access
function _neutron_configure_router_v4 {
- neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-interface-add $ROUTER_ID $SUBNET_ID
+ openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router add subnet $ROUTER_ID $SUBNET_ID
# Create a public subnet on the external network
local id_and_ext_gw_ip
id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
@@ -371,13 +364,8 @@
sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
sudo ip link set $ext_gw_interface up
fi
- ROUTER_GW_IP=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' ')
+ ROUTER_GW_IP=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" port list -c 'Fixed IP Addresses' --device-owner network:router_gateway | awk -F'ip_address' '{ print $2 }' | cut -f2 -d\' | tr '\n' ' ')
die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
- local replace_range=${SUBNETPOOL_PREFIX_V4}
- if [[ -z "${SUBNETPOOL_V4_ID}" ]]; then
- replace_range=${FIXED_RANGE}
- fi
- sudo ip route replace $replace_range via $ROUTER_GW_IP
fi
_neutron_set_router_id
fi
@@ -385,7 +373,7 @@
# Configure neutron router for IPv6 public access
function _neutron_configure_router_v6 {
- neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
+ openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router add subnet $ROUTER_ID $IPV6_SUBNET_ID
# Create a public subnet on the external network
local ipv6_id_and_ext_gw_ip
ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
@@ -416,7 +404,7 @@
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# Configure and enable public bridge
# Override global IPV6_ROUTER_GW_IP with the true value from neutron
- IPV6_ROUTER_GW_IP=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' ')
+ IPV6_ROUTER_GW_IP=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" port list -c 'Fixed IP Addresses' | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f2 -d\' | tr '\n' ' ')
die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
if is_neutron_ovs_base_plugin; then
@@ -436,16 +424,9 @@
fi
}
-function is_provider_network {
- if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ]; then
- return 0
- fi
- return 1
-}
-
function is_networking_extension_supported {
local extension=$1
# TODO(sc68cal) cache this instead of calling every time
- EXT_LIST=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" ext-list -c alias -f value)
+ EXT_LIST=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" extension list --network -c Alias -f value)
[[ $EXT_LIST =~ $extension ]] && return 0
}
diff --git a/lib/nova b/lib/nova
index f38fb8b..d5db5ea 100644
--- a/lib/nova
+++ b/lib/nova
@@ -85,9 +85,6 @@
# NOTE: Set ``FORCE_CONFIG_DRIVE="False"`` to turn OFF config drive
FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"False"}
-# Option to initialize CellsV2 environment
-NOVA_CONFIGURE_CELLSV2=$(trueorfalse False NOVA_CONFIGURE_CELLSV2)
-
# Nova supports pluggable schedulers. The default ``FilterScheduler``
# should work in most cases.
SCHEDULER=${SCHEDULER:-filter_scheduler}
@@ -681,9 +678,7 @@
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
# (Re)create nova databases
recreate_database nova
- if [ "$NOVA_CONFIGURE_CELLSV2" != "False" ]; then
- recreate_database nova_api_cell0
- fi
+ recreate_database nova_api_cell0
# Migrate nova database. If "nova-manage cell_v2 simple_cell_setup" has
# been run this migrates the "nova" and "nova_api_cell0" database.
@@ -827,6 +822,8 @@
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LIBVIRT_GROUP
elif [[ "$VIRT_DRIVER" = 'lxd' ]]; then
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LXD_GROUP
+ elif [[ "$VIRT_DRIVER" = 'docker' ]]; then
+ run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $DOCKER_GROUP
elif [[ "$VIRT_DRIVER" = 'fake' ]]; then
local i
for i in `seq 1 $NUMBER_FAKE_NOVA_COMPUTE`; do
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 167ab6f..f3c8add 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -105,6 +105,16 @@
if [[ "$ENABLE_FILE_INJECTION" == "True" ]] ; then
if is_ubuntu; then
install_package python-guestfs
+ # NOTE(andreaf) Ubuntu kernel can only be read by root, which breaks libguestfs:
+ # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725)
+ INSTALLED_KERNELS="$(ls /boot/vmlinuz-*)"
+ for kernel in $INSTALLED_KERNELS; do
+ STAT_OVERRIDE="root root 644 ${kernel}"
+ # unstack won't remove the statoverride, so make this idempotent
+ if [[ ! $(dpkg-statoverride --list | grep "$STAT_OVERRIDE") ]]; then
+ sudo dpkg-statoverride --add --update $STAT_OVERRIDE
+ fi
+ done
elif is_fedora || is_suse; then
install_package python-libguestfs
fi
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index e5d25da..b053856 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -90,6 +90,19 @@
echo "install_conntrack_tools"
} | $ssh_dom0
+ if is_service_enabled neutron; then
+ # Remove restriction on linux bridge in Dom0 when neutron is enabled
+ $ssh_dom0 "rm -f /etc/modprobe.d/blacklist-bridge*"
+
+ count=`$ssh_dom0 "iptables -t filter -L XenServerDevstack |wc -l"`
+ if [ "$count" = "0" ]; then
+ {
+ echo "iptables -t filter --new XenServerDevstack"
+ echo "iptables -t filter -I INPUT -j XenServerDevstack"
+ echo "iptables -t filter -I XenServerDevstack -p tcp --dport 6640 -j ACCEPT"
+ } | $ssh_dom0
+ fi
+ fi
}
# install_nova_hypervisor() - Install external components
diff --git a/lib/swift b/lib/swift
index f9ea028..b175f2e 100644
--- a/lib/swift
+++ b/lib/swift
@@ -397,6 +397,9 @@
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server node_timeout 120
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server conn_timeout 20
+ # Versioned Writes
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:versioned_writes allow_versioned_writes true
+
# Configure Ceilometer
if is_service_enabled ceilometer; then
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer "set log_level" "WARN"
@@ -489,8 +492,6 @@
generate_swift_config_services ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container
iniuncomment ${swift_node_config} DEFAULT bind_ip
iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
- iniuncomment ${swift_node_config} app:container-server allow_versions
- iniset ${swift_node_config} app:container-server allow_versions "true"
swift_node_config=${SWIFT_CONF_DIR}/account-server/${node_number}.conf
cp ${SWIFT_DIR}/etc/account-server.conf-sample ${swift_node_config}
diff --git a/lib/tempest b/lib/tempest
index 657c3ad..6dc83b5 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -193,11 +193,11 @@
available_flavors=$(nova flavor-list)
if [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
- nova flavor-create m1.nano 42 64 0 1
+ openstack flavor create --id 42 --ram 64 --disk 0 --vcpus 1 m1.nano
fi
flavor_ref=42
if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
- nova flavor-create m1.micro 84 128 0 1
+ openstack flavor create --id 84 --ram 128 --disk 0 --vcpus 1 m1.micro
fi
flavor_ref_alt=84
else
@@ -242,8 +242,7 @@
# the public network (for floating ip access) is only available
# if the extension is enabled.
if is_networking_extension_supported 'external-net'; then
- public_network_id=$(neutron net-list | grep $PUBLIC_NETWORK_NAME | \
- awk '{print $2}')
+ public_network_id=$(openstack network show -f value -c id $PUBLIC_NETWORK_NAME)
fi
iniset $TEMPEST_CONFIG DEFAULT use_syslog $SYSLOG
@@ -270,13 +269,15 @@
iniset $TEMPEST_CONFIG auth admin_project_name $admin_project_name
iniset $TEMPEST_CONFIG auth admin_domain_name $admin_domain_name
fi
- if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
- # Only Identity v3 is available; then skip Identity API v2 tests
- iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
- # In addition, use v3 auth tokens for running all Tempest tests
- iniset $TEMPEST_CONFIG identity auth_version v3
- else
+ if [ "$ENABLE_IDENTITY_V2" == "True" ]; then
+ # Run Identity API v2 tests ONLY if needed
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 True
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
+ else
+ # Skip Identity API v2 tests by default
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
+ # Use v3 auth tokens for running all Tempest tests
+ iniset $TEMPEST_CONFIG identity auth_version v3
fi
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
@@ -295,7 +296,6 @@
fi
if [ "$VIRT_DRIVER" = "xenserver" ]; then
iniset $TEMPEST_CONFIG image disk_formats "ami,ari,aki,vhd,raw,iso"
- iniset $TEMPEST_CONFIG scenario img_disk_format vhd
fi
# Image Features
@@ -385,11 +385,6 @@
# Orchestration Tests
if is_service_enabled heat; then
- # Though this is not needed by heat, some tempest tests explicitly
- # try to set this role. Removing them from the tempest tests breaks
- # some non-devstack CIs.
- get_or_create_role "heat_stack_owner"
-
if [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
iniset $TEMPEST_CONFIG orchestration image_ref $(basename "${HEAT_CFN_IMAGE_URL%.*}")
fi
@@ -398,28 +393,41 @@
# build a specialized heat flavor
available_flavors=$(nova flavor-list)
if [[ ! ( $available_flavors =~ 'm1.heat' ) ]]; then
- nova flavor-create m1.heat 451 512 0 1
+ openstack flavor create --id 451 --ram 512 --disk 0 --vcpus 1 m1.heat
fi
iniset $TEMPEST_CONFIG orchestration instance_type "m1.heat"
fi
iniset $TEMPEST_CONFIG orchestration build_timeout 900
- iniset $TEMPEST_CONFIG orchestration stack_owner_role "heat_stack_owner"
+ iniset $TEMPEST_CONFIG orchestration stack_owner_role Member
fi
# Scenario
- SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
+ if [ "$VIRT_DRIVER" = "xenserver" ]; then
+ SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES}
+ SCENARIO_IMAGE_FILE="cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.vhd.tgz"
+ iniset $TEMPEST_CONFIG scenario img_disk_format vhd
+ iniset $TEMPEST_CONFIG scenario img_container_format ovf
+ else
+ SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
+ SCENARIO_IMAGE_FILE="cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img"
+ fi
iniset $TEMPEST_CONFIG scenario img_dir $SCENARIO_IMAGE_DIR
+ iniset $TEMPEST_CONFIG scenario img_file $SCENARIO_IMAGE_FILE
iniset $TEMPEST_CONFIG scenario ami_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-blank.img"
iniset $TEMPEST_CONFIG scenario ari_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd"
iniset $TEMPEST_CONFIG scenario aki_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-vmlinuz"
- iniset $TEMPEST_CONFIG scenario img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img"
+ # If using provider networking, use the physical network for validation rather than private
+ TEMPEST_SSH_NETWORK_NAME=$PRIVATE_NETWORK_NAME
+ if is_provider_network; then
+ TEMPEST_SSH_NETWORK_NAME=$PHYSICAL_NETWORK
+ fi
# Validation
iniset $TEMPEST_CONFIG validation run_validation ${TEMPEST_RUN_VALIDATION:-False}
iniset $TEMPEST_CONFIG validation ip_version_for_ssh 4
iniset $TEMPEST_CONFIG validation ssh_timeout $BUILD_TIMEOUT
iniset $TEMPEST_CONFIG validation image_ssh_user ${DEFAULT_INSTANCE_USER:-cirros}
- iniset $TEMPEST_CONFIG validation network_for_ssh $PRIVATE_NETWORK_NAME
+ iniset $TEMPEST_CONFIG validation network_for_ssh $TEMPEST_SSH_NETWORK_NAME
# Volume
# TODO(obutenko): Remove snapshot_backup when liberty-eol happens.
diff --git a/lib/tls b/lib/tls
index 40f3e81..57b5e52 100644
--- a/lib/tls
+++ b/lib/tls
@@ -201,7 +201,6 @@
# Create root and intermediate CAs
# init_CA
function init_CA {
- fix_system_ca_bundle_path
# Ensure CAs are built
make_root_CA $ROOT_CA_DIR
make_int_CA $INT_CA_DIR $ROOT_CA_DIR
@@ -443,6 +442,52 @@
# Proxy Functions
# ===============
+function tune_apache_connections {
+ local tuning_file=$APACHE_SETTINGS_DIR/connection-tuning.conf
+ if ! [ -f $tuning_file ] ; then
+ sudo bash -c "cat > $tuning_file" << EOF
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+# graceful restart. ThreadLimit can only be changed by stopping
+# and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxClients: maximum number of simultaneous client connections
+# MaxRequestsPerChild: maximum number of requests a server process serves
+#
+# The apache defaults are too conservative if we want reliable tempest
+# testing. Bump these values up from ~400 max clients to 1024 max clients.
+<IfModule mpm_worker_module>
+# Note that the next three conf values must be changed together.
+# MaxClients = ServerLimit * ThreadsPerChild
+ServerLimit 32
+ThreadsPerChild 32
+MaxClients 1024
+StartServers 3
+MinSpareThreads 96
+MaxSpareThreads 192
+ThreadLimit 64
+MaxRequestsPerChild 0
+</IfModule>
+<IfModule mpm_event_module>
+# Note that the next three conf values must be changed together.
+# MaxClients = ServerLimit * ThreadsPerChild
+ServerLimit 32
+ThreadsPerChild 32
+MaxClients 1024
+StartServers 3
+MinSpareThreads 96
+MaxSpareThreads 192
+ThreadLimit 64
+MaxRequestsPerChild 0
+</IfModule>
+EOF
+ restart_apache_server
+ fi
+}
+
# Starts the TLS proxy for the given IP/ports
# start_tls_proxy front-host front-port back-host back-port
function start_tls_proxy {
@@ -452,6 +497,8 @@
local b_host=$4
local b_port=$5
+ tune_apache_connections
+
local config_file
config_file=$(apache_site_config_for $b_service)
local listen_string
diff --git a/openrc b/openrc
index 8d8ae8b..d1c6129 100644
--- a/openrc
+++ b/openrc
@@ -81,12 +81,12 @@
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
# Identity API version
-export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/project has access to - including nova, glance, keystone, swift, ...
-# We currently recommend using the 2.0 *identity api*.
+# We currently recommend using the version 3 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
diff --git a/stack.sh b/stack.sh
index aa3b1f6..f4bac30 100755
--- a/stack.sh
+++ b/stack.sh
@@ -192,7 +192,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (trusty|xenial|yakkety|7.0|wheezy|sid|testing|jessie|f23|f24|rhel7|kvmibm1) ]]; then
+if [[ ! ${DISTRO} =~ (trusty|xenial|yakkety|7.0|wheezy|sid|testing|jessie|f23|f24|f25|rhel7|kvmibm1) ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
@@ -805,6 +805,13 @@
install_os_brick
fi
+# Setup TLS certs
+if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
+ configure_CA
+ init_CA
+ init_cert
+fi
+
# Install middleware
install_keystonemiddleware
@@ -870,14 +877,9 @@
fi
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
- configure_CA
- init_CA
- init_cert
- # Add name to ``/etc/hosts``.
- # Don't be naive and add to existing line!
+ fix_system_ca_bundle_path
fi
-
# Extras Install
# --------------
@@ -1252,7 +1254,10 @@
start_neutron
fi
# Once neutron agents are started setup initial network elements
-create_neutron_initial_network
+if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then
+ echo_summary "Creating initial neutron network elements"
+ create_neutron_initial_network
+fi
if is_service_enabled nova; then
echo_summary "Starting Nova"
@@ -1353,8 +1358,16 @@
# ----------------------
# Do this late because it requires compute hosts to have started
-if is_service_enabled n-api && [ "$NOVA_CONFIGURE_CELLSV2" == "True" ]; then
- create_cell
+if is_service_enabled n-api; then
+ if is_service_enabled n-cpu; then
+ create_cell
+ else
+ # Some CI systems like Hyper-V build the control plane on
+ # Linux, and join in non Linux Computes after setup. This
+ # allows them to delay the processing until after their whole
+ # environment is up.
+ echo_summary "SKIPPING Cell setup because n-cpu is not enabled. You will have to do this manually before you have a working environment."
+ fi
fi
# Bash completion
@@ -1379,6 +1392,9 @@
# Phase: test-config
run_phase stack test-config
+# Apply late configuration from ``local.conf`` if it exists for layer 2 services
+# Phase: test-config
+merge_config_group $TOP_DIR/local.conf test-config
# Fin
# ===
diff --git a/stackrc b/stackrc
index b47cd18..e7771cf 100644
--- a/stackrc
+++ b/stackrc
@@ -44,20 +44,10 @@
# Specify which services to launch. These generally correspond to
# screen tabs. To change the default list, use the ``enable_service`` and
# ``disable_service`` functions in ``local.conf``.
-# For example, to enable Swift add this to ``local.conf``:
-# enable_service s-proxy s-object s-container s-account
-# In order to enable Neutron (a single node setup) add the following
+# For example, to enable Swift as part of DevStack add the following
# settings in ``local.conf``:
# [[local|localrc]]
-# disable_service n-net
-# enable_service q-svc
-# enable_service q-agt
-# enable_service q-dhcp
-# enable_service q-l3
-# enable_service q-meta
-# # Optional, to enable tempest configuration as part of DevStack
-# enable_service tempest
-
+# enable_service s-proxy s-object s-container s-account
# This allows us to pass ``ENABLED_SERVICES``
if ! isset ENABLED_SERVICES ; then
# Keystone - nothing works without keystone
@@ -158,7 +148,7 @@
fi
# Configure Identity API version: 2.0, 3
-IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
# deployment will be deploying the Identity v2 pipelines. If this option is set
@@ -581,6 +571,9 @@
lxd)
LXD_GROUP=${LXD_GROUP:-"lxd"}
;;
+ docker)
+ DOCKER_GROUP=${DOCKER_GROUP:-"docker"}
+ ;;
fake)
NUMBER_FAKE_NOVA_COMPUTE=${NUMBER_FAKE_NOVA_COMPUTE:-1}
;;
@@ -757,7 +750,8 @@
# Note that setting ``FIXED_RANGE`` may be necessary when running DevStack
# in an OpenStack cloud that uses either of these address ranges internally.
FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24}
-FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}
+IPV4_ADDRS_SAFE_TO_USE=${IPV4_ADDRS_SAFE_TO_USE:-10.0.0.0/22}
+FIXED_RANGE=${FIXED_RANGE:-$IPV4_ADDRS_SAFE_TO_USE}
FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256}
HOST_IP_IFACE=${HOST_IP_IFACE:-}
HOST_IP=${HOST_IP:-}
diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh
index 327fb56..92f9c01 100755
--- a/tests/test_meta_config.sh
+++ b/tests/test_meta_config.sh
@@ -125,6 +125,14 @@
[[test10|does-not-exist-dir/test.conf]]
foo=bar
+[[test11|test-same.conf]]
+[DEFAULT]
+foo=bar
+
+[[test11|test-same.conf]]
+[some]
+random=config
+
[[test-multi-sections|test-multi-sections.conf]]
[sec-1]
cfg_item1 = abcd
@@ -147,6 +155,9 @@
cfg_item2 = efgh
cfg_item2 = \${FOO_BAR_BAZ}
+[[test11|test-same.conf]]
+[another]
+non = sense
EOF
echo -n "get_meta_section_files: test0 doesn't exist: "
@@ -385,8 +396,24 @@
check_result "$VAL" "$EXPECT_VAL"
set -e
+echo -n "merge_config_file test11 same section: "
+rm -f test-same.conf
+merge_config_group test.conf test11
+VAL=$(cat test-same.conf)
+EXPECT_VAL='
+[DEFAULT]
+foo = bar
+
+[some]
+random = config
+
+[another]
+non = sense'
+check_result "$VAL" "$EXPECT_VAL"
+
+
rm -f test.conf test1c.conf test2a.conf \
test-space.conf test-equals.conf test-strip.conf \
test-colon.conf test-env.conf test-multiline.conf \
- test-multi-sections.conf
+ test-multi-sections.conf test-same.conf
rm -rf test-etc
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 30d1a01..f4a4edc 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -152,7 +152,7 @@
fi
if [ -z "$OS_AUTH_URL" ]; then
- export OS_AUTH_URL=http://localhost:5000/v2.0/
+ export OS_AUTH_URL=http://localhost:5000/v3/
fi
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
diff --git a/tools/make_cert.sh b/tools/make_cert.sh
index 2628b40..e91464f 100755
--- a/tools/make_cert.sh
+++ b/tools/make_cert.sh
@@ -45,6 +45,7 @@
# Make sure the CA is set up
configure_CA
+fix_system_ca_bundle_path
init_CA
# Create the server cert
diff --git a/tools/ping_neutron.sh b/tools/ping_neutron.sh
index dba7502..73fe3f3 100755
--- a/tools/ping_neutron.sh
+++ b/tools/ping_neutron.sh
@@ -54,7 +54,7 @@
REMAINING_ARGS="${@:2}"
# BUG: with duplicate network names, this fails pretty hard.
-NET_ID=$(neutron net-list | grep "$NET_NAME" | awk '{print $2}')
+NET_ID=$(openstack network show -f value -c id "$NET_NAME")
PROBE_ID=$(neutron-debug probe-list -c id -c network_id | grep "$NET_ID" | awk '{print $2}' | head -n 1)
# This runs a command inside the specific netns
diff --git a/tools/worlddump.py b/tools/worlddump.py
index e1ef544..1ce931e 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -34,6 +34,7 @@
'neutron-linuxbridge-agent',
'neutron-metadata-agent',
'neutron-openvswitch-agent',
+ 'cinder-volume',
)