Merge "Add Support for OpenStack Networking VPNaaS (IPSec)"
diff --git a/README.md b/README.md
index 6fcd01d..5fd4291 100644
--- a/README.md
+++ b/README.md
@@ -122,13 +122,14 @@
Then run `stack.sh` as normal.
-devstack supports adding specific Neutron configuration flags to both the Open vSwitch and LinuxBridge plugin configuration files. To make use of this feature, the following variables are defined and can be configured in your `localrc` file:
+devstack supports adding specific Neutron configuration flags to the service, Open vSwitch plugin and LinuxBridge plugin configuration files. To make use of this feature, the following variables are defined and can be configured in your `localrc` file:
- Variable Name Plugin Config File Section Modified
+ Variable Name Config File Section Modified
-------------------------------------------------------------------------------------
- Q_SRV_EXTRA_OPTS `OVS` (for Open Vswitch) or `LINUX_BRIDGE` (for LinuxBridge)
- Q_AGENT_EXTRA_AGENT_OPTS AGENT
- Q_AGENT_EXTRA_SRV_OPTS `OVS` (for Open Vswitch) or `LINUX_BRIDGE` (for LinuxBridge)
+ Q_SRV_EXTRA_OPTS Plugin `OVS` (for Open Vswitch) or `LINUX_BRIDGE` (for LinuxBridge)
+ Q_AGENT_EXTRA_AGENT_OPTS Plugin AGENT
+ Q_AGENT_EXTRA_SRV_OPTS Plugin `OVS` (for Open Vswitch) or `LINUX_BRIDGE` (for LinuxBridge)
+ Q_SRV_EXTRA_DEFAULT_OPTS Service DEFAULT
An example of using the variables in your `localrc` is below:
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index ccac880..45f9c81 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -5,7 +5,6 @@
# Tenant User Roles
# ------------------------------------------------------------------
# service glance admin
-# service swift service # if enabled
# service heat service # if enabled
# service ceilometer admin # if enabled
# Tempest Only:
@@ -124,32 +123,7 @@
fi
fi
-# Swift
-
-if [[ "$ENABLED_SERVICES" =~ "swift" || "$ENABLED_SERVICES" =~ "s-proxy" ]]; then
- SWIFT_USER=$(get_id keystone user-create \
- --name=swift \
- --pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=swift@example.com)
- keystone user-role-add \
- --tenant_id $SERVICE_TENANT \
- --user_id $SWIFT_USER \
- --role_id $SERVICE_ROLE
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- SWIFT_SERVICE=$(get_id keystone service-create \
- --name=swift \
- --type="object-store" \
- --description="Swift Service")
- keystone endpoint-create \
- --region RegionOne \
- --service_id $SWIFT_SERVICE \
- --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
- --adminurl "http://$SERVICE_HOST:8080" \
- --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
- fi
-fi
-
+# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
--pass="$SERVICE_PASSWORD" \
diff --git a/lib/cinder b/lib/cinder
index 40a25ba..6e7d785 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -81,10 +81,9 @@
# Functions
# ---------
-# _cleanup_lvm removes all cinder volumes and the backing file of the
-# volume group used by cinder
-# _cleanup_lvm $VOLUME_GROUP $VOLUME_NAME_PREFIX
-function _cleanup_lvm() {
+# _clean_lvm_lv removes all cinder LVM volumes
+# _clean_lvm_lv $VOLUME_GROUP $VOLUME_NAME_PREFIX
+function _clean_lvm_lv() {
local vg=$1
local lv_prefix=$2
@@ -95,6 +94,13 @@
sudo lvremove -f $vg/$lv
fi
done
+}
+
+# _clean_lvm_backing_file() removes the backing file of the
+# volume group used by cinder
+# _clean_lvm_backing_file() $VOLUME_GROUP
+function _clean_lvm_backing_file() {
+ local vg=$1
# if there is no logical volume left, it's safe to attempt a cleanup
# of the backing file
@@ -145,10 +151,12 @@
fi
# Campsite rule: leave behind a volume group at least as clean as we found it
- _cleanup_lvm $VOLUME_GROUP $VOLUME_NAME_PREFIX
+ _clean_lvm_lv $VOLUME_GROUP $VOLUME_NAME_PREFIX
+ _clean_lvm_backing_file $VOLUME_GROUP
if [ "$CINDER_MULTI_LVM_BACKEND" = "True" ]; then
- _cleanup_lvm $VOLUME_GROUP2 $VOLUME_NAME_PREFIX
+ _clean_lvm_lv $VOLUME_GROUP2 $VOLUME_NAME_PREFIX
+ _clean_lvm_backing_file $VOLUME_GROUP2
fi
}
@@ -412,9 +420,9 @@
# Remove iscsi targets
sudo tgtadm --op show --mode target | grep $VOLUME_NAME_PREFIX | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
# Start with a clean volume group
- _clean_volume_group $VOLUME_GROUP $VOLUME_NAME_PREFIX
+ _clean_lvm_lv $VOLUME_GROUP $VOLUME_NAME_PREFIX
if [ "$CINDER_MULTI_LVM_BACKEND" = "True" ]; then
- _clean_volume_group $VOLUME_GROUP2 $VOLUME_NAME_PREFIX
+ _clean_lvm_lv $VOLUME_GROUP2 $VOLUME_NAME_PREFIX
fi
fi
fi
diff --git a/lib/horizon b/lib/horizon
index 0cc250e..b537484 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -106,7 +106,7 @@
# enable loadbalancer dashboard in case service is enabled
if is_service_enabled q-lbaas; then
- _horizon_config_set $local_settings OPENSTACK_QUANTUM_NETWORK enable_lb True
+ _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True
fi
# Initialize the horizon database (it stores sessions and notices shown to
diff --git a/lib/neutron b/lib/neutron
index 425fb3c..e6f5911 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -631,6 +631,14 @@
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
_neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
+ # Define extra "DEFAULT" configuration options when q-svc is configured by
+ # defining the array ``Q_SRV_EXTRA_DEFAULT_OPTS``.
+ # For Example: ``Q_SRV_EXTRA_DEFAULT_OPTS=(foo=true bar=2)``
+ for I in "${Q_SRV_EXTRA_DEFAULT_OPTS[@]}"; do
+ # Replace the first '=' with ' ' for iniset syntax
+ iniset $NEUTRON_CONF DEFAULT ${I/=/ }
+ done
+
# Configure plugin
neutron_plugin_configure_service
}
diff --git a/lib/neutron_plugins/linuxbridge b/lib/neutron_plugins/linuxbridge
index 9aad8f3..37bc748 100644
--- a/lib/neutron_plugins/linuxbridge
+++ b/lib/neutron_plugins/linuxbridge
@@ -5,6 +5,8 @@
MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
+source $TOP_DIR/lib/neutron_plugins/linuxbridge_agent
+
function neutron_plugin_configure_common() {
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/linuxbridge
Q_PLUGIN_CONF_FILENAME=linuxbridge_conf.ini
diff --git a/lib/neutron_plugins/nicira b/lib/neutron_plugins/nicira
index 7642be6..9b9dbdc 100644
--- a/lib/neutron_plugins/nicira
+++ b/lib/neutron_plugins/nicira
@@ -42,7 +42,7 @@
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/nicira
Q_PLUGIN_CONF_FILENAME=nvp.ini
Q_DB_NAME="neutron_nvp"
- Q_PLUGIN_CLASS="neutron.plugins.nicira.nicira_nvp_plugin.NeutronPlugin.NvpPluginV2"
+ Q_PLUGIN_CLASS="neutron.plugins.nicira.NeutronPlugin.NvpPluginV2"
}
function neutron_plugin_configure_debug_command() {
diff --git a/lib/neutron_plugins/plumgrid b/lib/neutron_plugins/plumgrid
index d4cc395..a4f0b0d 100644
--- a/lib/neutron_plugins/plumgrid
+++ b/lib/neutron_plugins/plumgrid
@@ -22,13 +22,13 @@
Q_PLUGIN_CONF_FILENAME=plumgrid.ini
Q_DB_NAME="plumgrid_neutron"
Q_PLUGIN_CLASS="neutron.plugins.plumgrid.plumgrid_nos_plugin.plumgrid_plugin.NeutronPluginPLUMgridV2"
+ PLUMGRID_DIRECTOR_IP=${PLUMGRID_DIRECTOR_IP:-localhost}
+ PLUMGRID_DIRECTOR_PORT=${PLUMGRID_DIRECTOR_PORT:-7766}
}
function neutron_plugin_configure_service() {
- PLUMGRID_NOS_IP=${PLUMGRID_NOS_IP:-localhost}
- PLUMGRID_NOS_PORT=${PLUMGRID_NOS_PORT:-7766}
- iniset /$Q_PLUGIN_CONF_FILE plumgridnos nos_server $PLUMGRID_NOS_IP
- iniset /$Q_PLUGIN_CONF_FILE plumgridnos nos_server_port $PLUMGRID_NOS_PORT
+ iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector director_server $PLUMGRID_DIRECTOR_IP
+ iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector director_server_port $PLUMGRID_DIRECTOR_PORT
}
function neutron_plugin_configure_debug_command() {
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 462e6cc..ff87aae 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -172,7 +172,7 @@
iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
elif is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_qpid
- iniset $file $section qpid_hostname $QPID_HOST
+ iniset $file $section qpid_hostname ${QPID_HOST:-$SERVICE_HOST}
if is_ubuntu; then
QPID_PASSWORD=`sudo strings /etc/qpid/qpidd.sasldb | grep -B1 admin | head -1`
iniset $file $section qpid_password $QPID_PASSWORD
diff --git a/lib/swift b/lib/swift
index 36bca4c..2feae78 100644
--- a/lib/swift
+++ b/lib/swift
@@ -271,6 +271,34 @@
sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config}
done
+ # Set new accounts in tempauth to match keystone tenant/user (to make testing easier)
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest1 "testing .admin"
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest2_swiftusertest2 "testing2 .admin"
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth user_swifttenanttest1_swiftusertest3 "testing3 .admin"
+
+ testfile=${SWIFT_CONF_DIR}/test.conf
+ cp ${SWIFT_DIR}/test/sample.conf ${testfile}
+
+ # Set accounts for functional tests
+ iniset ${testfile} func_test account swifttenanttest1
+ iniset ${testfile} func_test username swiftusertest1
+ iniset ${testfile} func_test username3 swiftusertest3
+ iniset ${testfile} func_test account2 swifttenanttest2
+ iniset ${testfile} func_test username2 swiftusertest2
+
+ # Set maximum file size to 10000 bytes or our vm will fill up quickly with
+ # the default 5gb size.
+ iniuncomment ${testfile} func_test max_file_size
+ iniset ${testfile} func_test max_file_size 10000
+
+
+ if is_service_enabled key;then
+ iniuncomment ${testfile} func_test auth_version
+ iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
+ iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
+ iniset ${testfile} func_test auth_prefix /v2.0/
+ fi
+
swift_log_dir=${SWIFT_DATA_DIR}/logs
rm -rf ${swift_log_dir}
mkdir -p ${swift_log_dir}/hourly
@@ -329,6 +357,50 @@
sudo chown -R $USER: ${node}
done
}
+# create_swift_accounts() - Set up standard swift accounts and extra
+# one for tests we do this by attaching all words in the account name
+# since we want to make it compatible with tempauth which use
+# underscores for separators.
+
+# Tenant User Roles
+# ------------------------------------------------------------------
+# service swift service
+# swifttenanttest1 swiftusertest1 admin
+# swifttenanttest1 swiftusertest3 anotherrole
+# swifttenanttest2 swiftusertest2 admin
+
+function create_swift_accounts() {
+ KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
+
+ SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+ ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
+
+ SWIFT_USER=$(keystone user-create --name=swift --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT --email=swift@example.com | grep " id " | get_field 2)
+ keystone user-role-add --tenant_id $SERVICE_TENANT --user_id $SWIFT_USER --role_id $ADMIN_ROLE
+
+ if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+ SWIFT_SERVICE=$(keystone service-create --name=swift --type="object-store" \
+ --description="Swift Service" | grep " id " | get_field 2)
+ keystone endpoint-create \
+ --region RegionOne \
+ --service_id $SWIFT_SERVICE \
+ --publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
+ --adminurl "http://$SERVICE_HOST:8080" \
+ --internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
+ fi
+
+ SWIFT_TENANT_TEST1=$(keystone tenant-create --name=swifttenanttest1 | grep " id " | get_field 2)
+ SWIFT_USER_TEST1=$(keystone user-create --name=swiftusertest1 --pass=testing --email=test@example.com | grep " id " | get_field 2)
+ keystone user-role-add --user_id $SWIFT_USER_TEST1 --role_id $ADMIN_ROLE --tenant_id $SWIFT_TENANT_TEST1
+
+ SWIFT_USER_TEST3=$(keystone user-create --name=swiftusertest3 --pass=testing3 --email=test3@example.com | grep " id " | get_field 2)
+ keystone user-role-add --user_id $SWIFT_USER_TEST3 --role_id $ANOTHER_ROLE --tenant_id $SWIFT_TENANT_TEST1
+
+ SWIFT_TENANT_TEST2=$(keystone tenant-create --name=swifttenanttest2 | grep " id " | get_field 2)
+ SWIFT_USER_TEST2=$(keystone user-create --name=swiftusertest2 --pass=testing2 --email=test2@example.com | grep " id " | get_field 2)
+ keystone user-role-add --user_id $SWIFT_USER_TEST2 --role_id $ADMIN_ROLE --tenant_id $SWIFT_TENANT_TEST2
+}
# init_swift() - Initialize rings
function init_swift() {
diff --git a/stack.sh b/stack.sh
index c4f7944..f2054d9 100755
--- a/stack.sh
+++ b/stack.sh
@@ -878,6 +878,7 @@
export OS_SERVICE_ENDPOINT=$SERVICE_ENDPOINT
create_keystone_accounts
create_nova_accounts
+ create_swift_accounts
create_cinder_accounts
create_neutron_accounts
@@ -1080,7 +1081,9 @@
iniset $NOVA_CONF DEFAULT vmwareapi_host_username "$VMWAREAPI_USER"
iniset $NOVA_CONF DEFAULT vmwareapi_host_password "$VMWAREAPI_PASSWORD"
iniset $NOVA_CONF DEFAULT vmwareapi_cluster_name "$VMWAREAPI_CLUSTER"
-
+ if is_service_enabled neutron; then
+ iniset $NOVA_CONF vmware integration_bridge $OVS_BRIDGE
+ fi
# fake
# ----
diff --git a/tools/xen/functions b/tools/xen/functions
index 4e37554..7146858 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -1,7 +1,7 @@
#!/bin/bash
function xapi_plugin_location {
- for PLUGIN_DIR in "/etc/xapi.d/plugins/" "/usr/lib/xcp/plugins/"; do
+ for PLUGIN_DIR in "/etc/xapi.d/plugins/" "/usr/lib/xcp/plugins/" "/usr/lib/xapi/plugins"; do
if [ -d $PLUGIN_DIR ]; then
echo $PLUGIN_DIR
return 0
@@ -40,11 +40,11 @@
local LOCAL_ZIPBALL=$(mktemp)
local EXTRACTED_FILES=$(mktemp -d)
- (
+ {
wget -nv $ZIPBALL_URL -O $LOCAL_ZIPBALL --no-check-certificate
unzip -q -o $LOCAL_ZIPBALL -d $EXTRACTED_FILES
rm -f $LOCAL_ZIPBALL
- ) >&2
+ } >&2
echo "$EXTRACTED_FILES"
}
@@ -250,3 +250,21 @@
done
unset IFS
}
+
+function have_multiple_hosts() {
+ xe host-list --minimal | grep -q ","
+}
+
+function attach_network() {
+ local bridge_or_net_name
+
+ bridge_or_net_name="$1"
+
+ local net
+ local host
+
+ net=$(_network_uuid "$bridge_or_net_name")
+ host=$(xe host-list --minimal)
+
+ xe network-attach uuid=$net host-uuid=$host
+}
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 21aa729..6eb3013 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -50,6 +50,15 @@
cd $THIS_DIR
+# Die if multiple hosts listed
+if have_multiple_hosts; then
+ cat >&2 << EOF
+ERROR: multiple hosts found. This might mean that the XenServer is a member
+of a pool - Exiting.
+EOF
+ exit 1
+fi
+
# Install plugins
## Nova plugins
@@ -256,7 +265,7 @@
# is created by XenServer). This is required for Neutron. Also pass that as a
# kernel parameter for DomU
if is_service_enabled neutron; then
- add_interface "$GUEST_NAME" "$XEN_INT_BRIDGE_OR_NET_NAME" $XEN_INT_DEV_NR
+ attach_network "$XEN_INT_BRIDGE_OR_NET_NAME"
XEN_INTEGRATION_BRIDGE=$(bridge_for "$XEN_INT_BRIDGE_OR_NET_NAME")
append_kernel_cmdline \
diff --git a/tools/xen/mocks b/tools/xen/mocks
index 6da6acb..94b0ca4 100644
--- a/tools/xen/mocks
+++ b/tools/xen/mocks
@@ -34,6 +34,9 @@
}
function wget {
+ if [[ $@ =~ "failurl" ]]; then
+ exit 1
+ fi
echo "wget $@" >> $LIST_OF_ACTIONS
}
diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh
index 0e11226..f109d72 100755
--- a/tools/xen/prepare_guest.sh
+++ b/tools/xen/prepare_guest.sh
@@ -22,7 +22,7 @@
# Install basics
apt-get update
apt-get install -y cracklib-runtime curl wget ssh openssh-server tcpdump ethtool
-apt-get install -y curl wget ssh openssh-server python-pip git vim-nox sudo
+apt-get install -y curl wget ssh openssh-server python-pip git vim-nox sudo python-netaddr
pip install xenapi
# Install XenServer guest utilities
diff --git a/tools/xen/scripts/manage-vdi b/tools/xen/scripts/manage-vdi
index 05c4b07..381e671 100755
--- a/tools/xen/scripts/manage-vdi
+++ b/tools/xen/scripts/manage-vdi
@@ -32,7 +32,7 @@
vbd_uuid=$1
dev=$(xe_min vbd-list params=device uuid="$vbd_uuid")
- if [[ "$dev" =~ "sm/" ]]; then
+ if [[ "$dev" =~ "sm/" || "$dev" =~ "blktap-2/" ]]; then
DEBIAN_FRONTEND=noninteractive \
apt-get --option "Dpkg::Options::=--force-confold" --assume-yes \
install kpartx &> /dev/null || true
@@ -49,7 +49,7 @@
function clean_dev_mappings() {
dev=$(xe_min vbd-list params=device uuid="$vbd_uuid")
- if [[ "$dev" =~ "sm/" ]]; then
+ if [[ "$dev" =~ "sm/" || "$dev" =~ "blktap-2/" ]]; then
kpartx -dv "/dev/$dev"
fi
}
diff --git a/tools/xen/test_functions.sh b/tools/xen/test_functions.sh
index 410df5f..5347238 100755
--- a/tools/xen/test_functions.sh
+++ b/tools/xen/test_functions.sh
@@ -173,6 +173,15 @@
[ "$RESULT" = "tempdir" ]
}
+function test_extract_remote_zipball_wget_fail {
+ set +e
+
+ local IGNORE
+ IGNORE=$(. mocks && extract_remote_zipball "failurl")
+
+ assert_previous_command_failed
+}
+
function test_find_nova_plugins {
local tmpdir=$(mktemp -d)
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index 97c0930..03b30ac 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -35,7 +35,6 @@
MGT_DEV_NR=0
VM_DEV_NR=1
PUB_DEV_NR=2
-XEN_INT_DEV_NR=3
# Host Interface, i.e. the interface on the nova vm you want to expose the
# services on. Usually the device connected to the management network or the