Merge "Switching Sahara to https in case of USE_SSL=True"
diff --git a/.gitignore b/.gitignore
index c6900c8..2778a65 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,9 +12,11 @@
doc/build
files/*.gz
files/*.qcow2
+files/*.img
files/images
files/pip-*
files/get-pip.py*
+files/ir-deploy*
local.conf
local.sh
localrc
diff --git a/README.md b/README.md
index 53de970..04f5fd9 100644
--- a/README.md
+++ b/README.md
@@ -264,10 +264,10 @@
# Heat
-Heat is enabled by default (see `stackrc` file). To disable it explicitly
+Heat is disabled by default (see `stackrc` file). To enable it explicitly
you'll need the following settings in your `localrc` section:
- disable_service heat h-api h-api-cfn h-api-cw h-eng
+ enable_service heat h-api h-api-cfn h-api-cw h-eng
Heat can also run in standalone mode, and be configured to orchestrate
on an external OpenStack cloud. To launch only Heat in standalone mode
@@ -333,7 +333,7 @@
You can then run many compute nodes, each of which should have a `stackrc`
which includes the following, with the IP address of the above controller node:
- ENABLED_SERVICES=n-cpu,rabbit,g-api,neutron,q-agt
+ ENABLED_SERVICES=n-cpu,rabbit,neutron,q-agt
SERVICE_HOST=[IP of controller node]
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
diff --git a/clean.sh b/clean.sh
index 035489c..7db519b 100755
--- a/clean.sh
+++ b/clean.sh
@@ -76,6 +76,7 @@
# ==========
# Phase: clean
+load_plugin_settings
run_phase clean
if [[ -d $TOP_DIR/extras.d ]]; then
@@ -114,9 +115,16 @@
cleanup_rpc_backend
cleanup_database
-# Clean out data, logs and status
-LOGDIR=$(dirname "$LOGFILE")
-sudo rm -rf $DATA_DIR $LOGDIR $DEST/status
+# Clean out data and status
+sudo rm -rf $DATA_DIR $DEST/status
+
+# Clean out the log file and log directories
+if [[ -n "$LOGFILE" ]] && [[ -f "$LOGFILE" ]]; then
+ sudo rm -f $LOGFILE
+fi
+if [[ -n "$LOGDIR" ]] && [[ -d "$LOGDIR" ]]; then
+ sudo rm -rf $LOGDIR
+fi
if [[ -n "$SCREEN_LOGDIR" ]] && [[ -d "$SCREEN_LOGDIR" ]]; then
sudo rm -rf $SCREEN_LOGDIR
fi
diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
index 1284b88..c2ecbc6 100644
--- a/doc/source/eucarc.rst
+++ b/doc/source/eucarc.rst
@@ -13,7 +13,7 @@
::
- EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+ EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
S3\_URL
Set the S3 endpoint for euca2ools. The endpoint is extracted from
@@ -21,14 +21,14 @@
::
- export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+ export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
Create EC2 credentials for the current tenant:user in Keystone.
::
- CREDS=$(keystone ec2-credentials-create)
+ CREDS=$(openstack ec2 credentials create)
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index ff81c93..d963243 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -229,10 +229,10 @@
----------------
DevStack creates two OpenStack users (``admin`` and ``demo``) and two
-tenants (also ``admin`` and ``demo``). ``admin`` is exactly what it
+projects (also ``admin`` and ``demo``). ``admin`` is exactly what it
sounds like, a privileged administrative account that is a member of
-both the ``admin`` and ``demo`` tenants. ``demo`` is a normal user
-account that is only a member of the ``demo`` tenant. Creating
+both the ``admin`` and ``demo`` projects. ``demo`` is a normal user
+account that is only a member of the ``demo`` project. Creating
additional OpenStack users can be done through the dashboard, sometimes
it is easier to do them in bulk from a script, especially since they get
blown away every time ``stack.sh`` runs. The following steps are ripe
@@ -243,21 +243,21 @@
# Get admin creds
. openrc admin admin
- # List existing tenants
- keystone tenant-list
+ # List existing projects
+ openstack project list
# List existing users
- keystone user-list
+ openstack user list
- # Add a user and tenant
+ # Add a user and project
NAME=bob
PASSWORD=BigSecrete
- TENANT=$NAME
- keystone tenant-create --name=$NAME
- keystone user-create --name=$NAME --pass=$PASSWORD
- keystone user-role-add --user-id=<bob-user-id> --tenant-id=<bob-tenant-id> --role-id=<member-role-id>
- # member-role-id comes from the existing member role created by stack.sh
- # keystone role-list
+ PROJECT=$NAME
+ openstack project create $PROJECT
+ openstack user create $NAME --password=$PASSWORD --project $PROJECT
+ openstack role add Member --user $NAME --project $PROJECT
+ # The Member role is created by stack.sh
+ # openstack role list
Swift
-----
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index 23ccf27..d245035 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -7,7 +7,7 @@
well beyond what was originally intended and the majority of
configuration combinations are rarely, if ever, tested. DevStack is not
a general OpenStack installer and was never meant to be everything to
-everyone..
+everyone.
Below is a list of what is specifically is supported (read that as
"tested") going forward.
@@ -58,7 +58,7 @@
OpenStack Network
-----------------
-*Default to Nova Network, optionally use Neutron*
+*Defaults to nova network, optionally use neutron*
- Nova Network: FlatDHCP
- Neutron: A basic configuration approximating the original FlatDHCP
@@ -67,10 +67,10 @@
Services
--------
-The default services configured by DevStack are Identity (Keystone),
-Object Storage (Swift), Image Storage (Glance), Block Storage (Cinder),
-Compute (Nova), Network (Nova), Dashboard (Horizon), Orchestration
-(Heat)
+The default services configured by DevStack are Identity (keystone),
+Object Storage (swift), Image Service (glance), Block Storage (cinder),
+Compute (nova), Networking (nova), Dashboard (horizon), Orchestration
+(heat)
Additional services not included directly in DevStack can be tied in to
``stack.sh`` using the :doc:`plugin mechanism <plugins>` to call
diff --git a/eucarc b/eucarc
index 343f4cc..1e672bd 100644
--- a/eucarc
+++ b/eucarc
@@ -19,7 +19,7 @@
source $RC_DIR/openrc
# Set the ec2 url so euca2ools works
-export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
# Create EC2 credentials for the current user
CREDS=$(openstack ec2 credentials create)
@@ -29,7 +29,7 @@
# Euca2ools Certificate stuff for uploading bundles
# See exercises/bundle.sh to see how to get certs using nova cli
NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
-export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
diff --git a/exercises/client-args.sh b/exercises/client-args.sh
index 2f85d98..c33ef44 100755
--- a/exercises/client-args.sh
+++ b/exercises/client-args.sh
@@ -69,7 +69,7 @@
STATUS_KEYSTONE="Skipped"
else
echo -e "\nTest Keystone"
- if keystone $TENANT_ARG $ARGS catalog --service identity; then
+ if openstack $TENANT_ARG $ARGS catalog show identity; then
STATUS_KEYSTONE="Succeeded"
else
STATUS_KEYSTONE="Failed"
diff --git a/files/debs/tempest b/files/debs/tempest
index f244e4e..bb09529 100644
--- a/files/debs/tempest
+++ b/files/debs/tempest
@@ -1 +1,2 @@
-libxslt1-dev
\ No newline at end of file
+libxml2-dev
+libxslt1-dev
diff --git a/functions b/functions
index 4dc20e7..2078db1 100644
--- a/functions
+++ b/functions
@@ -287,6 +287,10 @@
img_property="--property hw_cdrom_bus=scsi"
fi
+ if is_arch "aarch64"; then
+ img_property="--property hw_machine_type=virt --property hw_cdrom_bus=virtio --property os_command_line='console=ttyAMA0'"
+ fi
+
if [ "$container_format" = "bare" ]; then
if [ "$unpack" = "zcat" ]; then
openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
diff --git a/lib/ceilometer b/lib/ceilometer
index dba92ba..3a4a4fb 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -13,6 +13,26 @@
#
# enable_service ceilometer-alarm-notifier ceilometer-alarm-evaluator
#
+# To enable Ceilometer to collect the IPMI based meters, further add to the
+# localrc section of local.conf:
+#
+# enable_service ceilometer-aipmi
+#
+# NOTE: Currently, there are two ways to get the IPMI based meters in
+# OpenStack. One way is to configure Ironic conductor to report those meters
+# for the nodes managed by Ironic and to have Ceilometer notification
+# agent to collect them. Ironic by default does NOT enable that reporting
+# functionality. So in order to do so, users need to set the option of
+# conductor.send_sensor_data to true in the ironic.conf configuration file
+# for the Ironic conductor service, and also enable the
+# ceilometer-anotification service.
+#
+# The other way is to use Ceilometer ipmi agent only to get the IPMI based
+# meters. To avoid duplicated meters, users need to make sure to set the
+# option of conductor.send_sensor_data to false in the ironic.conf
+# configuration file if the node on which Ceilometer ipmi agent is running
+# is also managed by Ironic.
+#
# Several variables set in the localrc section adjust common behaviors
# of Ceilometer (see within for additional settings):
#
@@ -231,6 +251,11 @@
iniset $CEILOMETER_CONF api pecan_debug "False"
_config_ceilometer_apache_wsgi
fi
+
+ if is_service_enabled ceilometer-aipmi; then
+ # Configure rootwrap for the ipmi agent
+ configure_rootwrap ceilometer $CEILOMETER_BIN_DIR/ceilometer-rootwrap $CEILOMETER_DIR/etc/ceilometer
+ fi
}
function configure_mongodb {
@@ -327,6 +352,7 @@
run_process ceilometer-acentral "ceilometer-agent-central --config-file $CEILOMETER_CONF"
run_process ceilometer-anotification "ceilometer-agent-notification --config-file $CEILOMETER_CONF"
run_process ceilometer-collector "ceilometer-collector --config-file $CEILOMETER_CONF"
+ run_process ceilometer-aipmi "ceilometer-agent-ipmi --config-file $CEILOMETER_CONF"
if [[ "$CEILOMETER_USE_MOD_WSGI" == "False" ]]; then
run_process ceilometer-api "ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
@@ -366,7 +392,7 @@
restart_apache_server
fi
# Kill the ceilometer screen windows
- for serv in ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do
+ for serv in ceilometer-acompute ceilometer-acentral ceilometer-aipmi ceilometer-anotification ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do
stop_process $serv
done
}
diff --git a/lib/ironic b/lib/ironic
index 7afed05..4ac0100 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -765,7 +765,7 @@
fi
fi
- local token=$(keystone token-get | grep ' id ' | get_field 2)
+ local token=$(openstack token issue -c id -f value)
die_if_not_set $LINENO token "Keystone fail to get token"
# load them into glance
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c6d9296..8eb9e62 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -57,9 +57,6 @@
# Settings
# --------
-# Timeout value in seconds to wait for IPv6 gateway configuration
-GATEWAY_TIMEOUT=30
-
# Neutron Network Configuration
# -----------------------------
@@ -90,12 +87,9 @@
IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-fd$IPV6_GLOBAL_ID::1}
-IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-fe80:cafe:cafe::/64}
-IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-fe80:cafe:cafe::2}
-# IPV6_ROUTER_GW_IP must be defined when IP_VERSION=4+6 as it cannot be
-# obtained conventionally until the l3-agent has support for dual-stack
-# TODO (john-davidge) Remove once l3-agent supports dual-stack
-IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
+IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}
+IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}
+IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-2001:db8::1}
# Set up default directories
GITDIR["python-neutronclient"]=$DEST/python-neutronclient
@@ -1291,20 +1285,12 @@
# This logic is specific to using the l3-agent for layer 3
if is_service_enabled q-l3; then
- local ipv6_router_gw_port
# Ensure IPv6 forwarding is enabled on the host
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# Configure and enable public bridge
- if [[ "$IP_VERSION" = "6" ]]; then
- # Override global IPV6_ROUTER_GW_IP with the true value from neutron
- IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
- die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
- ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
- die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
- else
- ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
- die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
- fi
+ # Override global IPV6_ROUTER_GW_IP with the true value from neutron
+ IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
+ die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
# The ovs_base_configure_l3_agent function flushes the public
# bridge's ip addresses, so turn IPv6 support in the host off
@@ -1321,28 +1307,8 @@
local ext_gw_interface=$(_neutron_get_ext_gw_interface)
local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
- # Define router_ns based on whether DVR is enabled
- local router_ns=qrouter
- if [[ "$Q_DVR_MODE" == "dvr_snat" ]]; then
- router_ns=snat
- fi
-
# Configure interface for public bridge
sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
-
- # Wait until layer 3 agent has configured the gateway port on
- # the public bridge, then add gateway address to the interface
- # TODO (john-davidge) Remove once l3-agent supports dual-stack
- if [[ "$IP_VERSION" == "4+6" ]]; then
- if ! timeout $GATEWAY_TIMEOUT sh -c "until sudo ip netns exec $router_ns-$ROUTER_ID ip addr show qg-${ipv6_router_gw_port:0:11} | grep $ROUTER_GW_IP; do sleep 1; done"; then
- die $LINENO "Timeout retrieving ROUTER_GW_IP"
- fi
- # Configure the gateway port with the public IPv6 adress
- sudo ip netns exec $router_ns-$ROUTER_ID ip -6 addr add $IPV6_ROUTER_GW_IP/$ipv6_cidr_len dev qg-${ipv6_router_gw_port:0:11}
- # Add a default IPv6 route to the neutron router as the
- # l3-agent does not add one in the dual-stack case
- sudo ip netns exec $router_ns-$ROUTER_ID ip -6 route replace default via $ipv6_ext_gw_ip dev qg-${ipv6_router_gw_port:0:11}
- fi
sudo ip -6 route add $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
fi
_neutron_set_router_id
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 4d1eb6c..a6a87f9 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -54,6 +54,12 @@
iniset $NOVA_CONF DEFAULT vnc_enabled "false"
fi
+ # arm64-specific configuration
+ if is_arch "aarch64"; then
+ # arm64 architecture currently does not support graphical consoles.
+ iniset $NOVA_CONF DEFAULT vnc_enabled "false"
+ fi
+
ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
# When libguestfs is available for file injection, enable using
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 2b7c6cb..297ebac 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -200,10 +200,7 @@
[[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
- if is_fedora || is_suse; then
- # service is not started by default
- restart_service rabbitmq-server
- fi
+ restart_service rabbitmq-server
rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD" || rc=$?
if [ $rc -ne 0 ]; then
@@ -273,6 +270,12 @@
iniset $file oslo_messaging_rabbit rabbit_hosts $RABBIT_HOST
iniset $file oslo_messaging_rabbit rabbit_password $RABBIT_PASSWORD
iniset $file oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
+ if [ -n "$RABBIT_HEARTBEAT_TIMEOUT_THRESHOLD" ]; then
+ iniset $file oslo_messaging_rabbit heartbeat_timeout_threshold $RABBIT_HEARTBEAT_TIMEOUT_THRESHOLD
+ fi
+ if [ -n "$RABBIT_HEARTBEAT_RATE" ]; then
+ iniset $file oslo_messaging_rabbit heartbeat_rate $RABBIT_HEARTBEAT_RATE
+ fi
fi
}
diff --git a/stack.sh b/stack.sh
index a9d958d..48fbe8a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1173,7 +1173,7 @@
# See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
if is_service_enabled g-reg; then
- TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
+ TOKEN=$(openstack token issue -c id -f value)
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
echo_summary "Uploading images"
diff --git a/tools/image_list.sh b/tools/image_list.sh
index 2042807..a27635e 100755
--- a/tools/image_list.sh
+++ b/tools/image_list.sh
@@ -9,8 +9,6 @@
# dummy in the end position to trigger the fall through case.
DRIVERS="openvz ironic libvirt vsphere xenserver dummy"
-CIRROS_ARCHS="x86_64 i386"
-
# Extra variables to trigger getting additional images.
export ENABLED_SERVICES="h-api,tr-api"
HEAT_FETCHED_TEST_IMAGE="Fedora-i386-20-20131211.1-sda"
@@ -19,15 +17,12 @@
# Loop over all the virt drivers and collect all the possible images
ALL_IMAGES=""
for driver in $DRIVERS; do
- for arch in $CIRROS_ARCHS; do
- CIRROS_ARCH=$arch
- VIRT_DRIVER=$driver
- URLS=$(source $TOP_DIR/stackrc && echo $IMAGE_URLS)
- if [[ ! -z "$ALL_IMAGES" ]]; then
- ALL_IMAGES+=,
- fi
- ALL_IMAGES+=$URLS
- done
+ VIRT_DRIVER=$driver
+ URLS=$(source $TOP_DIR/stackrc && echo $IMAGE_URLS)
+ if [[ ! -z "$ALL_IMAGES" ]]; then
+ ALL_IMAGES+=,
+ fi
+ ALL_IMAGES+=$URLS
done
# Make a nice list
diff --git a/tools/upload_image.sh b/tools/upload_image.sh
index 5d23f31..19c6b71 100755
--- a/tools/upload_image.sh
+++ b/tools/upload_image.sh
@@ -32,7 +32,7 @@
fi
# Get a token to authenticate to glance
-TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
+TOKEN=$(openstack token issue -c id -f value)
die_if_not_set $LINENO TOKEN "Keystone fail to get token"
# Glance connection info. Note the port must be specified.