Merge "Allow default IPv6 route device names to have dots"
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index b26fd1e..05f60ba 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -595,7 +595,7 @@
For OVS, a similar configuration like described in the
:ref:`OVS Provider Network <ovs-provider-network-controller>` section can be
-used. Just add the the following line to this local.conf, which also loads
+used. Just add the following line to this local.conf, which also loads
the MacVTap mechanism driver:
::
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 8a4b0f0..428544f 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -44,8 +44,8 @@
WSGIPassAuthorization On
</Location>
-Alias /identity_v2_admin %KEYSTONE_BIN%/keystone-wsgi-admin
-<Location /identity_v2_admin>
+Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
+<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
diff --git a/functions-common b/functions-common
index 4716567..9544c81 100644
--- a/functions-common
+++ b/functions-common
@@ -2207,6 +2207,18 @@
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
+# Check if this is a valid ipv4 address string
+function is_ipv4_address {
+ local address=$1
+ local regex='([0-9]{1,3}.){3}[0-9]{1,3}'
+ # TODO(clarkb) make this more robust
+ if [[ "$address" =~ $regex ]] ; then
+ return 0
+ else
+ return 1
+ fi
+}
+
# Gracefully cp only if source file/dir exists
# cp_it source destination
function cp_it {
diff --git a/lib/glance b/lib/glance
index a31e564..5259174 100644
--- a/lib/glance
+++ b/lib/glance
@@ -187,8 +187,6 @@
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
- iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_name $SERVICE_DOMAIN_NAME
- iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_name $SERVICE_DOMAIN_NAME
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
# commenting is not strictly necessary but it's confusing to have bad values in conf
@@ -312,6 +310,11 @@
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
+
+ # Note(frickler): Crude workaround for https://bugs.launchpad.net/glance-store/+bug/1620999
+ service_domain_id=$(get_or_create_domain $SERVICE_DOMAIN_NAME)
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_id $service_domain_id
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id $service_domain_id
fi
# Add glance-glare service and endpoints
diff --git a/lib/keystone b/lib/keystone
index 128b6dc..13fa50b 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -124,7 +124,7 @@
# complete URIs
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
# If running in Apache, use path access rather than port.
- KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_v2_admin
+ KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
else
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
diff --git a/lib/neutron b/lib/neutron
index ab84f7e..5370392 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -47,10 +47,10 @@
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
# By default, use the ML2 plugin
-NEUTRON_PLUGIN=${NEUTRON_PLUGIN:-ml2}
-NEUTRON_PLUGIN_CONF_FILENAME=${NEUTRON_PLUGIN_CONF_FILENAME:-ml2_conf.ini}
-NEUTRON_PLUGIN_CONF_PATH=$NEUTRON_CONF_DIR/plugins/$NEUTRON_PLUGIN
-NEUTRON_PLUGIN_CONF=$NEUTRON_PLUGIN_CONF_PATH/$NEUTRON_PLUGIN_CONF_FILENAME
+NEUTRON_CORE_PLUGIN=${NEUTRON_CORE_PLUGIN:-ml2}
+NEUTRON_CORE_PLUGIN_CONF_FILENAME=${NEUTRON_CORE_PLUGIN_CONF_FILENAME:-ml2_conf.ini}
+NEUTRON_CORE_PLUGIN_CONF_PATH=$NEUTRON_CONF_DIR/plugins/$NEUTRON_CORE_PLUGIN
+NEUTRON_CORE_PLUGIN_CONF=$NEUTRON_CORE_PLUGIN_CONF_PATH/$NEUTRON_CORE_PLUGIN_CONF_FILENAME
NEUTRON_AGENT_BINARY=${NEUTRON_AGENT_BINARY:-neutron-$NEUTRON_AGENT-agent}
NEUTRON_L3_BINARY=${NEUTRON_L3_BINARY:-neutron-l3-agent}
@@ -117,9 +117,9 @@
configure_neutron_rootwrap
- mkdir -p $NEUTRON_PLUGIN_CONF_PATH
+ mkdir -p $NEUTRON_CORE_PLUGIN_CONF_PATH
- cp $NEUTRON_DIR/etc/neutron/plugins/$NEUTRON_PLUGIN/$NEUTRON_PLUGIN_CONF_FILENAME.sample $NEUTRON_PLUGIN_CONF
+ cp $NEUTRON_DIR/etc/neutron/plugins/$NEUTRON_CORE_PLUGIN/$NEUTRON_CORE_PLUGIN_CONF_FILENAME.sample $NEUTRON_CORE_PLUGIN_CONF
iniset $NEUTRON_CONF database connection `database_connection_url neutron`
iniset $NEUTRON_CONF DEFAULT state_path $NEUTRON_STATE_PATH
@@ -139,7 +139,7 @@
cp $NEUTRON_DIR/etc/api-paste.ini $NEUTRON_CONF_DIR/api-paste.ini
- iniset $NEUTRON_CONF DEFAULT core_plugin $NEUTRON_PLUGIN
+ iniset $NEUTRON_CONF DEFAULT core_plugin $NEUTRON_CORE_PLUGIN
iniset $NEUTRON_CONF DEFAULT policy_file $policy_file
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
@@ -162,25 +162,25 @@
# Configure VXLAN
# TODO(sc68cal) not hardcode?
- iniset $NEUTRON_PLUGIN_CONF ml2 tenant_network_types vxlan
- iniset $NEUTRON_PLUGIN_CONF ml2 type_drivers vxlan
- iniset $NEUTRON_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge
- iniset $NEUTRON_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
- iniset $NEUTRON_PLUGIN_CONF ml2 extension_drivers port_security
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 tenant_network_types vxlan
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security
fi
# Neutron OVS or LB agent
if is_service_enabled neutron-agent; then
- iniset $NEUTRON_PLUGIN_CONF agent tunnel_types vxlan
- iniset $NEUTRON_PLUGIN_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ iniset $NEUTRON_CORE_PLUGIN_CONF agent tunnel_types vxlan
+ iniset $NEUTRON_CORE_PLUGIN_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
# Configure the neutron agent
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
- iniset $NEUTRON_PLUGIN_CONF securitygroup iptables
- iniset $NEUTRON_PLUGIN_CONF vxlan local_ip $HOST_IP
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables
+ iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP
else
- iniset $NEUTRON_PLUGIN_CONF securitygroup iptables_hybrid
- iniset $NEUTRON_PLUGIN_CONF ovs local_ip $HOST_IP
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables_hybrid
+ iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
fi
fi
@@ -397,7 +397,7 @@
# Start the Neutron service
# TODO(sc68cal) Stop hard coding this
- run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server --config-file $NEUTRON_CONF --config-file $NEUTRON_PLUGIN_CONF"
+ run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server --config-file $NEUTRON_CONF --config-file $NEUTRON_CORE_PLUGIN_CONF"
if is_ssl_enabled_service "neutron"; then
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
@@ -475,9 +475,9 @@
NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_CONF"
- #TODO(sc68cal) OVS and LB agent uses settings in NEUTRON_PLUGIN_CONF (ml2_conf.ini) but others may not
+ #TODO(sc68cal) OVS and LB agent uses settings in NEUTRON_CORE_PLUGIN_CONF (ml2_conf.ini) but others may not
if is_service_enabled neutron-agent; then
- NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_PLUGIN_CONF"
+ NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_CORE_PLUGIN_CONF"
fi
if is_service_enabled neutron-dhcp; then
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 123ba42..9e926a0 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -125,8 +125,6 @@
Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
# Allow Overlapping IP among subnets
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
-# The name of the default q-l3 router
-Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index 8c26b2b..6de70e2 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -22,6 +22,9 @@
# used.
Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE=${Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE:-True}
+# The name of the default router
+Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
+
# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of
# PUBLIC_BRIDGE. This is intended to be used with
# Q_USE_PROVIDERNET_FOR_PUBLIC=True.
diff --git a/lib/tempest b/lib/tempest
index b491bf8..6ffc927 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -15,7 +15,6 @@
# - ``SERVICE_HOST``
# - ``BASE_SQL_CONN`` ``lib/database`` declares
# - ``PUBLIC_NETWORK_NAME``
-# - ``Q_ROUTER_NAME``
# - ``VIRT_DRIVER``
# - ``LIBVIRT_TYPE``
# - ``KEYSTONE_SERVICE_PROTOCOL``, ``KEYSTONE_SERVICE_HOST`` from lib/keystone
@@ -317,7 +316,7 @@
# set the equiv validation option here as well to ensure they are
# in sync. They shouldn't be separate options.
iniset $TEMPEST_CONFIG validation connect_method $ssh_connect_method
- if [[ ! $(is_service_enabled n-cell) && ! $(is_service_enabled neutron) ]]; then
+ if ! is_service_enabled n-cell && ! is_service_enabled neutron; then
iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
fi
diff --git a/lib/tls b/lib/tls
index 2c4e18d..c78ea5b 100644
--- a/lib/tls
+++ b/lib/tls
@@ -226,7 +226,7 @@
if [[ ! -r $DEVSTACK_CERT ]]; then
if [[ -n "$TLS_IP" ]]; then
# Lie to let incomplete match routines work
- TLS_IP="DNS:$TLS_IP"
+ TLS_IP="DNS:$TLS_IP,IP:$TLS_IP"
fi
make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP"
@@ -249,6 +249,9 @@
else
alt_names="$alt_names,DNS:$SERVICE_HOST"
fi
+ if is_ipv4_address "$SERVICE_HOST" ; then
+ alt_names="$alt_names,IP:$SERVICE_HOST"
+ fi
fi
# Only generate the certificate if it doesn't exist yet on the disk
@@ -322,15 +325,17 @@
create_CA_base $ca_dir
create_CA_config $ca_dir 'Root CA'
- # Create a self-signed certificate valid for 5 years
- $OPENSSL req -config $ca_dir/ca.conf \
- -x509 \
- -nodes \
- -newkey rsa \
- -days 21360 \
- -keyout $ca_dir/private/cacert.key \
- -out $ca_dir/cacert.pem \
- -outform PEM
+ if [ ! -r "$ca_dir/cacert.pem" ]; then
+ # Create a self-signed certificate valid for 5 years
+ $OPENSSL req -config $ca_dir/ca.conf \
+ -x509 \
+ -nodes \
+ -newkey rsa \
+ -days 21360 \
+ -keyout $ca_dir/private/cacert.key \
+ -out $ca_dir/cacert.pem \
+ -outform PEM
+ fi
}
# If a non-system python-requests is installed then it will use the
@@ -507,7 +512,7 @@
sudo update-ca-certificates
fi
- rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
+ rm -rf "$INT_CA_DIR" "$ROOT_CA_DIR" "$DEVSTACK_CERT"
}
# Tell emacs to use shell-script-mode