Merge "Setup the Cinder image-volume cache by default"
diff --git a/.gitignore b/.gitignore
index a470ff5..d1781bc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,8 @@
files/*.vmdk
files/*.rpm
files/*.rpm.*
+files/*.deb
+files/*.deb.*
files/*.qcow2
files/*.img
files/images
diff --git a/HACKING.rst b/HACKING.rst
index d763c75..b76cb6c 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -219,7 +219,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
- # an error. It is also useful for following allowing as the install occurs.
+ # an error. It is also useful for following as the install occurs.
set -o xtrace
* Settings and configuration are stored in ``exerciserc``, which must be
diff --git a/Makefile b/Makefile
index a94d60a..970d800 100644
--- a/Makefile
+++ b/Makefile
@@ -15,7 +15,7 @@
DEST=/opt/stack
all:
- echo "This just saved you from a terrible mistake!"
+ @echo "This just saved you from a terrible mistake!"
# Do Some Work
stack:
diff --git a/clean.sh b/clean.sh
index 1176134..bace3f5 100755
--- a/clean.sh
+++ b/clean.sh
@@ -46,9 +46,11 @@
source $TOP_DIR/lib/keystone
source $TOP_DIR/lib/glance
source $TOP_DIR/lib/nova
+source $TOP_DIR/lib/placement
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/heat
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
set -o xtrace
@@ -94,6 +96,7 @@
cleanup_nova
cleanup_neutron
cleanup_swift
+cleanup_horizon
if is_service_enabled ldap; then
cleanup_ldap
diff --git a/data/devstack-plugins-registry.header b/data/devstack-plugins-registry.header
index 6119ab5..576dbbd 100644
--- a/data/devstack-plugins-registry.header
+++ b/data/devstack-plugins-registry.header
@@ -1,18 +1,16 @@
-..
+.. Note to patch submitters:
- Note to patch submitters:
+ # ============================= #
+ # THIS FILE IS AUTOGENERATED ! #
+ # ============================= #
- # ============================= #
- # THIS FILE IS AUTOGENERATED ! #
- # ============================= #
+ ** Plugins are found automatically and added to this list **
- ** Plugins are found automatically and added to this list **
+ This file is created by a periodic proposal job. You should not
+ edit this file.
- This file is created by a periodic proposal job. You should not
- edit this file.
-
- You should edit the files data/devstack-plugins-registry.footer
- data/devstack-plugins-registry.header to modify this text.
+ You should edit the files data/devstack-plugins-registry.footer
+ data/devstack-plugins-registry.header to modify this text.
==========================
DevStack Plugin Registry
diff --git a/doc/source/assets/images/screen_session_1.png b/doc/source/assets/images/screen_session_1.png
new file mode 100644
index 0000000..6ad6752
--- /dev/null
+++ b/doc/source/assets/images/screen_session_1.png
Binary files differ
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 1f5797c..22809eb 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -36,10 +36,6 @@
- **local** - extracts ``localrc`` from ``local.conf`` before
``stackrc`` is sourced
-- **pre-install** - runs after the system packages are installed but
- before any of the source repositories are installed
-- **install** - runs immediately after the repo installations are
- complete
- **post-config** - runs after the layer 2 services are configured and
before they are started
- **extra** - runs after services are started and before any files in
@@ -427,6 +423,9 @@
LIBS_FROM_GIT=python-keystoneclient,oslo.config
+Setting the variable to ``ALL`` will activate the download for all
+libraries.
+
Virtual Environments
--------------------
@@ -522,16 +521,14 @@
IP Version
----------
-``IP_VERSION`` can be used to configure DevStack to create either an
-IPv4, IPv6, or dual-stack self service project data-network by with
+``IP_VERSION`` can be used to configure Neutron to create either an
+IPv4, IPv6, or dual-stack self-service project data-network by with
either ``IP_VERSION=4``, ``IP_VERSION=6``, or ``IP_VERSION=4+6``
-respectively. This functionality requires that the Neutron networking
-service is enabled by setting the following options:
+respectively.
::
- disable_service n-net
- enable_service q-svc q-agt q-dhcp q-l3
+ IP_VERSION=4+6
The following optional variables can be used to alter the default IPv6
behavior:
diff --git a/doc/source/development.rst b/doc/source/development.rst
new file mode 100644
index 0000000..776ac6c
--- /dev/null
+++ b/doc/source/development.rst
@@ -0,0 +1,140 @@
+==========================
+ Developing with Devstack
+==========================
+
+Now that you have your nifty DevStack up and running, what can you do
+with it?
+
+Inspecting Services
+===================
+
+By default most services in DevStack are running in a `screen
+<https://www.gnu.org/software/screen/manual/screen.html>`_
+session.
+
+.. code-block:: bash
+
+ os3:~> screen -list
+ There is a screen on:
+ 28994.stack (08/10/2016 09:01:33 PM) (Detached)
+ 1 Socket in /var/run/screen/S-sdague.
+
+You can attach to this screen session using ``screen -r`` which gives
+you a view of the services in action.
+
+.. image:: assets/images/screen_session_1.png
+ :width: 100%
+
+Basic Screen Commands
+---------------------
+
+The following minimal commands will be useful to using screen:
+
+* ``ctrl-a n`` - go to next window. Next is assumed to be right of
+ current window.
+* ``ctrl-a p`` - go to previous window. Previous is assumed to be left
+ of current window.
+* ``ctrl-a [`` - entry copy/scrollback mode. This allows you to
+ navigate back through the logs with the up arrow.
+* ``ctrl-a d`` - detach from screen. Gets you back to a normal
+ terminal, while leaving everything running.
+
+For more about using screen, see the excellent `screen manual
+<https://www.gnu.org/software/screen/manual/screen.html>`_.
+
+Patching a Service
+==================
+
+If you want to make a quick change to a running service the easiest
+way to do this is:
+
+* attach to screen
+* navigate to the window in question
+* ``ctrl-c`` to kill the service
+* make appropriate changes to the code
+* ``up arrow`` in the screen window to display the command used to run
+ that service
+* ``enter`` to restart the service
+
+This works for services, except those running under Apache (currently
+just ``keystone`` by default).
+
+.. warning::
+
+ All changes you are making are in checked out git trees that
+ DevStack thinks it has full control over. Uncommitted work, or
+ work committed to the master branch, may be overwritten during
+ subsequent DevStack runs.
+
+Testing a Patch Series
+======================
+
+When testing a larger set of patches, or patches that will impact more
+than one service within a project, it is often less confusing to use
+custom git locations, and make all your changes in a dedicated git
+tree.
+
+In your ``local.conf`` you can add ``**_REPO``, ``**_BRANCH`` for most projects
+to use a custom git tree instead of the default upstream ones.
+
+For instance:
+
+.. code-block:: bash
+
+ [[local|localrc]]
+ NOVA_REPO=/home/sdague/nova
+ NOVA_BRANCH=fold_disk_config
+
+Will use a custom git tree and branch when doing any devstack
+operations, such as ``stack.sh``.
+
+When testing complicated changes committing to these trees, then doing
+``./unstack.sh && ./stack.sh`` is often a valuable way to
+iterate. This does take longer per iteration than direct patching, as
+the whole devstack needs to rebuild.
+
+You can use this same approach to test patches that are up for review
+in gerrit by using the ref name that gerrit assigns to each change.
+
+.. code-block:: bash
+
+ [[local|localrc]]
+ NOVA_BRANCH=refs/changes/10/353710/1
+
+
+Testing Changes to Apache Based Services
+========================================
+
+When testing changes to Apache based services, such as ``keystone``,
+you can either use the Testing a Patch Series approach above, or make
+changes in the code tree and issue an apache restart.
+
+
+Testing Changes to Libraries
+============================
+
+When testing changes to libraries consumed by OpenStack services (such
+as oslo or any of the python-fooclient libraries) things are a little
+more complicated. By default we only test with released versions of
+these libraries that are on pypi.
+
+You must first override this with the setting ``LIBS_FROM_GIT``. This
+will enable your DevStack with the git version of that library instead
+of the released version.
+
+After that point you can also specify ``**_REPO``, ``**_BRANCH`` to use
+your changes instead of just upstream master.
+
+.. code-block:: bash
+
+ [[local|localrc]]
+ LIBS_FROM_GIT=oslo.policy
+ OSLOPOLICY_REPO=/home/sdague/oslo.policy
+ OSLOPOLICY_BRANCH=better_exception
+
+Because libraries are used by many services, library changes really
+need to go through a full ``./unstack.sh && ./stack.sh`` to see your
+changes in action.
+
+To figure out the repo / branch names for every library that's
+supported, you'll need to read the devstack source.
diff --git a/doc/source/guides.rst b/doc/source/guides.rst
new file mode 100644
index 0000000..c2c7b91
--- /dev/null
+++ b/doc/source/guides.rst
@@ -0,0 +1,68 @@
+Guides
+======
+
+.. warning::
+
+ The guides are point in time contributions, and may not always be
+ up to date with the latest work in devstack.
+
+Walk through various setups used by stackers
+
+.. toctree::
+ :glob:
+ :maxdepth: 1
+
+ guides/single-vm
+ guides/single-machine
+ guides/lxc
+ guides/multinode-lab
+ guides/neutron
+ guides/devstack-with-nested-kvm
+ guides/nova
+ guides/devstack-with-lbaas-v2
+
+All-In-One Single VM
+--------------------
+
+Run :doc:`OpenStack in a VM <guides/single-vm>`. The VMs launched in your cloud will be slow as
+they are running in QEMU (emulation), but it is useful if you don't have
+spare hardware laying around. :doc:`[Read] <guides/single-vm>`
+
+All-In-One Single Machine
+-------------------------
+
+Run :doc:`OpenStack on dedicated hardware <guides/single-machine>` This can include a
+server-class machine or a laptop at home.
+:doc:`[Read] <guides/single-machine>`
+
+All-In-One LXC Container
+-------------------------
+
+Run :doc:`OpenStack in a LXC container <guides/lxc>`. Beneficial for intermediate
+and advanced users. The VMs launched in this cloud will be fully accelerated but
+not all OpenStack features are supported. :doc:`[Read] <guides/lxc>`
+
+Multi-Node Lab
+--------------
+
+Setup a :doc:`multi-node cluster <guides/multinode-lab>` with dedicated VLANs for VMs & Management.
+:doc:`[Read] <guides/multinode-lab>`
+
+DevStack with Neutron Networking
+--------------------------------
+
+Building a DevStack cluster with :doc:`Neutron Networking <guides/neutron>`.
+This guide is meant for building lab environments with a dedicated
+control node and multiple compute nodes.
+
+DevStack with KVM-based Nested Virtualization
+---------------------------------------------
+
+Procedure to setup :doc:`DevStack with KVM-based Nested Virtualization
+<guides/devstack-with-nested-kvm>`. With this setup, Nova instances
+will be more performant than with plain QEMU emulation.
+
+Nova and devstack
+--------------------------------
+
+Guide to working with nova features :doc:`Nova and devstack <guides/nova>`.
diff --git a/doc/source/guides/lxc.rst b/doc/source/guides/lxc.rst
index a719d60..9549ed2 100644
--- a/doc/source/guides/lxc.rst
+++ b/doc/source/guides/lxc.rst
@@ -88,7 +88,7 @@
You can also ssh into your container. On your host, run
``sudo lxc-info -n devstack`` to get the IP address (e.g.
-``ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')``).
+``ssh ubuntu@$(sudo lxc-info -n devstack | awk '/IP/ { print $2 }')``).
Run Devstack
-------------
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index c996f95..8751eb8 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -260,7 +260,7 @@
openstack user create $NAME --password=$PASSWORD --project $PROJECT
openstack role add Member --user $NAME --project $PROJECT
# The Member role is created by stack.sh
- # openstack role list
+ # openstack role assignment list
Swift
-----
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index a834314..bc6816c 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -76,19 +76,12 @@
RABBIT_PASSWORD=secret
SERVICE_PASSWORD=secret
- # Do not use Nova-Network
- disable_service n-net
- # Enable Neutron
- ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
-
-
## Neutron options
Q_USE_SECGROUP=True
FLOATING_RANGE="172.18.161.0/24"
FIXED_RANGE="10.0.0.0/24"
Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
PUBLIC_NETWORK_GATEWAY="172.18.161.1"
- Q_L3_ENABLED=True
PUBLIC_INTERFACE=eth0
# Open vSwitch provider networking configuration
@@ -362,6 +355,8 @@
DevStack Configuration
----------------------
+.. _ovs-provider-network-controller:
+
The following is a snippet of the DevStack configuration on the
controller node.
@@ -387,13 +382,8 @@
OVS_PHYSICAL_BRIDGE=br-ex
Q_USE_PROVIDER_NETWORKING=True
- Q_L3_ENABLED=False
- # Do not use Nova-Network
- disable_service n-net
-
- # Neutron
- ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt
+ disable_service q-l3
## Neutron Networking options used to create Neutron Subnets
@@ -402,6 +392,7 @@
PROVIDER_SUBNET_NAME="provider_net"
PROVIDER_NETWORK_TYPE="vlan"
SEGMENTATION_ID=2010
+ USE_SUBNETPOOL=False
In this configuration we are defining FIXED_RANGE to be a
publicly routed IPv4 subnet. In this specific instance we are using
@@ -434,13 +425,12 @@
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_INTERFACE=eth1
Q_USE_PROVIDER_NETWORKING=True
- Q_L3_ENABLED=False
Compute node 2's configuration will be exactly the same, except
``HOST_IP`` will be ``10.0.0.4``
When DevStack is configured to use provider networking (via
-``Q_USE_PROVIDER_NETWORKING`` is True and ``Q_L3_ENABLED`` is False) -
+``Q_USE_PROVIDER_NETWORKING`` is True) -
DevStack will automatically add the network interface defined in
``PUBLIC_INTERFACE`` to the ``OVS_PHYSICAL_BRIDGE``
@@ -531,19 +521,12 @@
RABBIT_PASSWORD=secret
SERVICE_PASSWORD=secret
- # Do not use Nova-Network
- disable_service n-net
- # Enable Neutron
- ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
-
-
## Neutron options
Q_USE_SECGROUP=True
FLOATING_RANGE="172.18.161.0/24"
FIXED_RANGE="10.0.0.0/24"
Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
PUBLIC_NETWORK_GATEWAY="172.18.161.1"
- Q_L3_ENABLED=True
PUBLIC_INTERFACE=eth0
Q_USE_PROVIDERNET_FOR_PUBLIC=True
@@ -553,3 +536,99 @@
LB_PHYSICAL_INTERFACE=eth0
PUBLIC_PHYSICAL_NETWORK=default
LB_INTERFACE_MAPPINGS=default:eth0
+
+Using MacVTap instead of Open vSwitch
+------------------------------------------
+
+Security groups are not supported by the MacVTap agent. Due to that, devstack
+configures the NoopFirewall driver on the compute node.
+
+MacVTap agent does not support l3, dhcp and metadata agent. Due to that you can
+chose between the following deployment scenarios:
+
+Single node with provider networks using config drive and external l3, dhcp
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+This scenario applies, if l3 and dhcp services are provided externally, or if
+you do not require them.
+
+
+::
+
+ [[local|localrc]]
+ HOST_IP=10.0.0.2
+ SERVICE_HOST=10.0.0.2
+ MYSQL_HOST=10.0.0.2
+ RABBIT_HOST=10.0.0.2
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
+
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS=macvtap
+ Q_USE_PROVIDER_NETWORKING=True
+
+ enable_plugin neutron git://git.openstack.org/openstack/neutron
+
+ ## MacVTap agent options
+ Q_AGENT=macvtap
+ PHYSICAL_NETWORK=default
+
+ FIXED_RANGE="203.0.113.0/24"
+ NETWORK_GATEWAY=203.0.113.1
+ PROVIDER_SUBNET_NAME="provider_net"
+ PROVIDER_NETWORK_TYPE="vlan"
+ SEGMENTATION_ID=2010
+ USE_SUBNETPOOL=False
+
+ [[post-config|/$Q_PLUGIN_CONF_FILE]]
+ [macvtap]
+ physical_interface_mappings = $PHYSICAL_NETWORK:eth1
+
+ [[post-config|$NOVA_CONF]]
+ force_config_drive = True
+
+
+Multi node with MacVTap compute node
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+This scenario applies, if you require OpenStack provided l3, dhcp or metadata
+services. Those are hosted on a separate controller and network node, running
+some other l2 agent technology (in this example Open vSwitch). This node needs
+to be configured for VLAN tenant networks.
+
+For OVS, a similar configuration like described in the
+:ref:`OVS Provider Network <ovs-provider-network-controller>` section can be
+used. Just add the following line to this local.conf, which also loads
+the MacVTap mechanism driver:
+
+::
+
+ [[local|localrc]]
+ ...
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,macvtap
+ ...
+
+For the MacVTap compute node, use this local.conf:
+
+::
+
+ HOST_IP=10.0.0.3
+ SERVICE_HOST=10.0.0.2
+ MYSQL_HOST=10.0.0.2
+ RABBIT_HOST=10.0.0.2
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
+
+ # Services that a compute node runs
+ disable_all_services
+ enable_plugin neutron git://git.openstack.org/openstack/neutron
+ ENABLED_SERVICES+=n-cpu,q-agt
+
+ ## MacVTap agent options
+ Q_AGENT=macvtap
+ PHYSICAL_NETWORK=default
+
+ [[post-config|/$Q_PLUGIN_CONF_FILE]]
+ [macvtap]
+ physical_interface_mappings = $PHYSICAL_NETWORK:eth1
diff --git a/doc/source/index.rst b/doc/source/index.rst
index c4a7c59..435011b 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -1,166 +1,135 @@
-DevStack
-========
+.. Documentation Architecture for the devstack docs.
+
+ It is really easy for online docs to meander over time as people
+ attempt to add the small bit of additional information they think
+ people need, into an existing information architecture. In order to
+ prevent that we need to be a bit strict as to what's on this front
+ page.
+
+ This should *only* be the quick start narrative. Which should end
+ with 2 sections: what you can do with devstack once it's set up,
+ and how to go beyond this setup. Both should be a set of quick
+ links to other documents to let people explore from there.
+
+==========
+ DevStack
+==========
.. image:: assets/images/logo-blue.png
DevStack is a series of extensible scripts used to quickly bring up a
-complete OpenStack environment. It is used interactively as a
-development environment and as the basis for much of the OpenStack
-project's functional testing.
+complete OpenStack environment based on the latest versions of
+everything from git master. It is used interactively as a development
+environment and as the basis for much of the OpenStack project's
+functional testing.
The source is available at
`<https://git.openstack.org/cgit/openstack-dev/devstack>`__.
-.. toctree::
- :glob:
- :maxdepth: 1
+.. warning::
- overview
- configuration
- plugins
- plugin-registry
- faq
- hacking
+ DevStack will make substantial changes to your system during
+ installation. Only run DevStack on servers or virtual machines that
+ are dedicated to this purpose.
Quick Start
------------
+===========
-#. Select a Linux Distribution
-
- Only Ubuntu 14.04 (Trusty), Fedora 22 (or Fedora 23) and CentOS/RHEL
- 7 are documented here. OpenStack also runs and is packaged on other
- flavors of Linux such as OpenSUSE and Debian.
-
-#. Install Selected OS
-
- In order to correctly install all the dependencies, we assume a
- specific minimal version of the supported distributions to make it as
- easy as possible. We recommend using a minimal install of Ubuntu or
- Fedora server in a VM if this is your first time.
-
-#. Download DevStack
-
- ::
-
- git clone https://git.openstack.org/openstack-dev/devstack
-
- The ``devstack`` repo contains a script that installs OpenStack and
- templates for configuration files
-
-#. Configure
-
- We recommend at least a :ref:`minimal-configuration` be set up.
-
-#. Add Stack User
-
- Devstack should be run as a non-root user with sudo enabled
- (standard logins to cloud images such as "ubuntu" or "cloud-user"
- are usually fine).
-
- You can quickly create a separate `stack` user to run DevStack with
-
- ::
-
- devstack/tools/create-stack-user.sh; su stack
-
-#. Start the install
-
- ::
-
- cd devstack; ./stack.sh
-
- It takes a few minutes, we recommend `reading the
- script <stack.sh.html>`__ while it is building.
-
-Guides
-======
-
-Walk through various setups used by stackers
-
-.. toctree::
- :glob:
- :maxdepth: 1
-
- guides/single-vm
- guides/single-machine
- guides/lxc
- guides/multinode-lab
- guides/neutron
- guides/devstack-with-nested-kvm
- guides/nova
- guides/devstack-with-lbaas-v2
-
-All-In-One Single VM
---------------------
-
-Run :doc:`OpenStack in a VM <guides/single-vm>`. The VMs launched in your cloud will be slow as
-they are running in QEMU (emulation), but it is useful if you don't have
-spare hardware laying around. :doc:`[Read] <guides/single-vm>`
-
-All-In-One Single Machine
--------------------------
-
-Run :doc:`OpenStack on dedicated hardware <guides/single-machine>` This can include a
-server-class machine or a laptop at home.
-:doc:`[Read] <guides/single-machine>`
-
-All-In-One LXC Container
--------------------------
-
-Run :doc:`OpenStack in a LXC container <guides/lxc>`. Beneficial for intermediate
-and advanced users. The VMs launched in this cloud will be fully accelerated but
-not all OpenStack features are supported. :doc:`[Read] <guides/lxc>`
-
-Multi-Node Lab
---------------
-
-Setup a :doc:`multi-node cluster <guides/multinode-lab>` with dedicated VLANs for VMs & Management.
-:doc:`[Read] <guides/multinode-lab>`
-
-DevStack with Neutron Networking
---------------------------------
-
-Building a DevStack cluster with :doc:`Neutron Networking <guides/neutron>`.
-This guide is meant for building lab environments with a dedicated
-control node and multiple compute nodes.
-
-DevStack with KVM-based Nested Virtualization
----------------------------------------------
-
-Procedure to setup :doc:`DevStack with KVM-based Nested Virtualization
-<guides/devstack-with-nested-kvm>`. With this setup, Nova instances
-will be more performant than with plain QEMU emulation.
-
-Nova and devstack
---------------------------------
-
-Guide to working with nova features :doc:`Nova and devstack <guides/nova>`.
-
-DevStack Documentation
-======================
-
-Overview
---------
-
-:doc:`An overview of DevStack goals and priorities <overview>`
-
-Configuration
+Install Linux
-------------
-:doc:`Configuring and customizing the stack <configuration>`
+Start with a clean and minimal install of a Linux system. Devstack
+attempts to support Ubuntu 14.04/16.04, Fedora 23/24, CentOS/RHEL 7,
+as well as Debian and OpenSUSE.
-Plugins
+If you do not have a preference, Ubuntu 16.04 is the most tested, and
+will probably go the smoothest.
+
+Download DevStack
+-----------------
+
+::
+
+ git clone https://git.openstack.org/openstack-dev/devstack
+
+The ``devstack`` repo contains a script that installs OpenStack and
+templates for configuration files
+
+Create a local.conf
+-------------------
+
+Create a ``local.conf`` file with 4 passwords preset
+
+::
+
+ [[local|localrc]]
+ ADMIN_PASSWORD=secret
+ DATABASE_PASSWORD=$ADMIN_PASSWORD
+ RABBIT_PASSWORD=$ADMIN_PASSWORD
+ SERVICE_PASSWORD=$ADMIN_PASSWORD
+
+This is the minimum required config to get started with DevStack.
+
+Add Stack User
+--------------
+
+Devstack should be run as a non-root user with sudo enabled
+(standard logins to cloud images such as "ubuntu" or "cloud-user"
+are usually fine).
+
+You can quickly create a separate `stack` user to run DevStack with
+
+::
+
+ devstack/tools/create-stack-user.sh; su stack
+
+Start the install
+-----------------
+
+::
+
+ cd devstack; ./stack.sh
+
+This will take a 15 - 20 minutes, largely depending on the speed of
+your internet connection. Many git trees and packages will be
+installed during this process.
+
+Profit!
-------
-:doc:`Extending DevStack with new features <plugins>`
+You now have a working DevStack! Congrats!
-FAQ
----
+Your devstack will have installed ``keystone``, ``glance``, ``nova``,
+``cinder``, ``neutron``, and ``horizon``. Floating IPs will be
+available, guests have access to the external world.
-:doc:`The DevStack FAQ <faq>`
+You can access horizon to experience the web interface to
+OpenStack, and manage vms, networks, volumes, and images from
+there.
-Contributing
-------------
+You can ``source openrc`` in your shell, and then use the
+``openstack`` command line tool to manage your devstack.
-:doc:`Pitching in to make DevStack a better place <hacking>`
+You can ``cd /opt/stack/tempest`` and run tempest tests that have
+been configured to work with your devstack.
+You can :doc:`make code changes to OpenStack and validate them
+<development>`.
+
+Going further
+-------------
+
+Learn more about our :doc:`configuration system <configuration>` to
+customize devstack for your needs. Including making adjustments to the
+default :doc:`networking <networking>`.
+
+Read :doc:`guides <guides>` for specific setups people have (note:
+guides are point in time contributions, and may not always be kept
+up to date to the latest devstack).
+
+Enable :doc:`devstack plugins <plugins>` to support additional
+services, features, and configuration not present in base devstack.
+
+Get :doc:`the big picture <overview>` of what we are trying to do
+with devstack, and help us by :doc:`contributing to the project
+<hacking>`.
diff --git a/doc/source/networking.rst b/doc/source/networking.rst
new file mode 100644
index 0000000..1d56c33
--- /dev/null
+++ b/doc/source/networking.rst
@@ -0,0 +1,97 @@
+=====================
+ DevStack Networking
+=====================
+
+An important part of the DevStack experience is networking that works
+by default for created guests. This might not be optimal for your
+particular testing environment, so this document tries it's best to
+explain what's going on.
+
+Defaults
+========
+
+If you don't specify any configuration you will get the following:
+
+* neutron (including l3 with openvswitch)
+* private project networks for each openstack project
+* a floating ip range of 172.24.4.0/24 with the gateway of 172.24.4.1
+* the demo project configured with fixed ips on 10.0.0.0/24
+* a ``br-ex`` interface controlled by neutron for all it's networking
+ (this is not connected to any physical interfaces).
+* DNS resolution for guests based on the resolv.conf for you host
+* an ip masq rule that allows created guests to route out
+
+This creates an environment which is isolated to the single
+host. Guests can get to the external network for package
+updates. Tempest tests will work in this environment.
+
+.. note::
+
+ By default all OpenStack environments have security group rules
+ which block all inbound packets to guests. If you want to be able
+ to ssh / ping your created guests you should run the following.
+
+ .. code-block:: bash
+
+ openstack security group rule create --proto icmp --dst-port 0 default
+ openstack security group rule create --proto tcp --dst-port 22 default
+
+Locally Accessible Guests
+=========================
+
+If you want to make you guests accessible other machines on your
+network, we have to connect ``br-ex`` to a physical interface.
+
+Dedicated Guest Interface
+-------------------------
+
+If you have 2 or more interfaces on your devstack server, you can
+allocate an interface to neutron to fully manage. This **should not**
+be the same interface you use to ssh into the devstack server itself.
+
+This is done by setting with the ``PUBLIC_INTERFACE`` attribute.
+
+.. code-block:: bash
+
+ [[local|localrc]]
+ PUBLIC_INTERFACE=eth1
+
+That will put all layer 2 traffic from your guests onto the main
+network. When running in this mode the ip masq rule is **not** added
+in your devstack, you are responsible for making routing work on your
+local network.
+
+Shared Guest Interface
+----------------------
+
+.. warning::
+
+ This is not a recommended configuration. Because of interactions
+ between ovs and bridging, if you reboot your box with active
+ networking you may loose network connectivity to your system.
+
+If you need your guests accessible on the network, but only have 1
+interface (using something like a NUC), you can share your one
+network. But in order for this to work you need to manually set a lot
+of addresses, and have them all exactly correct.
+
+.. code-block:: bash
+
+ [[local|localrc]]
+ PUBLIC_INTERFACE=eth0
+ HOST_IP=10.42.0.52
+ FLOATING_RANGE=10.42.0.52/24
+ PUBLIC_NETWORK_GATEWAY=10.42.0.1
+ Q_FLOATING_ALLOCATION_POOL=start=10.42.0.250,end=10.42.0.254
+
+In order for this scenario to work the floating ip network must match
+the default networking on your server. This breaks HOST_IP detection,
+as we exclude the floating range by default, so you have to specify
+that manually.
+
+The ``PUBLIC_NETWORK_GATEWAY`` is the gateway that server would normally
+use to get off the network. ``Q_FLOATING_ALLOCATION_POOL`` controls
+the range of floating ips that will be handed out. As we are sharing
+your existing network, you'll want to give it a slice that your local
+dhcp server is not allocating. Otherwise you could easily have
+conflicting ip addresses, and cause havoc with your local network.
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index a2721b4..7c97171 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -1,18 +1,16 @@
-..
+.. Note to patch submitters:
- Note to patch submitters:
+ # ============================= #
+ # THIS FILE IS AUTOGENERATED ! #
+ # ============================= #
- # ============================= #
- # THIS FILE IS AUTOGENERATED ! #
- # ============================= #
+ ** Plugins are found automatically and added to this list **
- ** Plugins are found automatically and added to this list **
+ This file is created by a periodic proposal job. You should not
+ edit this file.
- This file is created by a periodic proposal job. You should not
- edit this file.
-
- You should edit the files data/devstack-plugins-registry.footer
- data/devstack-plugins-registry.header to modify this text.
+ You should edit the files data/devstack-plugins-registry.footer
+ data/devstack-plugins-registry.header to modify this text.
==========================
DevStack Plugin Registry
@@ -26,10 +24,12 @@
====================================== ===
Plugin Name URL
====================================== ===
+almanach `git://git.openstack.org/openstack/almanach <https://git.openstack.org/cgit/openstack/almanach>`__
aodh `git://git.openstack.org/openstack/aodh <https://git.openstack.org/cgit/openstack/aodh>`__
app-catalog-ui `git://git.openstack.org/openstack/app-catalog-ui <https://git.openstack.org/cgit/openstack/app-catalog-ui>`__
astara `git://git.openstack.org/openstack/astara <https://git.openstack.org/cgit/openstack/astara>`__
barbican `git://git.openstack.org/openstack/barbican <https://git.openstack.org/cgit/openstack/barbican>`__
+bilean `git://git.openstack.org/openstack/bilean <https://git.openstack.org/cgit/openstack/bilean>`__
blazar `git://git.openstack.org/openstack/blazar <https://git.openstack.org/cgit/openstack/blazar>`__
broadview-collector `git://git.openstack.org/openstack/broadview-collector <https://git.openstack.org/cgit/openstack/broadview-collector>`__
ceilometer `git://git.openstack.org/openstack/ceilometer <https://git.openstack.org/cgit/openstack/ceilometer>`__
@@ -47,6 +47,7 @@
devstack-plugin-glusterfs `git://git.openstack.org/openstack/devstack-plugin-glusterfs <https://git.openstack.org/cgit/openstack/devstack-plugin-glusterfs>`__
devstack-plugin-hdfs `git://git.openstack.org/openstack/devstack-plugin-hdfs <https://git.openstack.org/cgit/openstack/devstack-plugin-hdfs>`__
devstack-plugin-kafka `git://git.openstack.org/openstack/devstack-plugin-kafka <https://git.openstack.org/cgit/openstack/devstack-plugin-kafka>`__
+devstack-plugin-mariadb `git://git.openstack.org/openstack/devstack-plugin-mariadb <https://git.openstack.org/cgit/openstack/devstack-plugin-mariadb>`__
devstack-plugin-nfs `git://git.openstack.org/openstack/devstack-plugin-nfs <https://git.openstack.org/cgit/openstack/devstack-plugin-nfs>`__
devstack-plugin-pika `git://git.openstack.org/openstack/devstack-plugin-pika <https://git.openstack.org/cgit/openstack/devstack-plugin-pika>`__
devstack-plugin-sheepdog `git://git.openstack.org/openstack/devstack-plugin-sheepdog <https://git.openstack.org/cgit/openstack/devstack-plugin-sheepdog>`__
@@ -58,18 +59,30 @@
freezer-api `git://git.openstack.org/openstack/freezer-api <https://git.openstack.org/cgit/openstack/freezer-api>`__
freezer-web-ui `git://git.openstack.org/openstack/freezer-web-ui <https://git.openstack.org/cgit/openstack/freezer-web-ui>`__
gce-api `git://git.openstack.org/openstack/gce-api <https://git.openstack.org/cgit/openstack/gce-api>`__
+glare `git://git.openstack.org/openstack/glare <https://git.openstack.org/cgit/openstack/glare>`__
gnocchi `git://git.openstack.org/openstack/gnocchi <https://git.openstack.org/cgit/openstack/gnocchi>`__
group-based-policy `git://git.openstack.org/openstack/group-based-policy <https://git.openstack.org/cgit/openstack/group-based-policy>`__
+heat `git://git.openstack.org/openstack/heat <https://git.openstack.org/cgit/openstack/heat>`__
+horizon-mellanox `git://git.openstack.org/openstack/horizon-mellanox <https://git.openstack.org/cgit/openstack/horizon-mellanox>`__
ironic `git://git.openstack.org/openstack/ironic <https://git.openstack.org/cgit/openstack/ironic>`__
ironic-inspector `git://git.openstack.org/openstack/ironic-inspector <https://git.openstack.org/cgit/openstack/ironic-inspector>`__
+ironic-staging-drivers `git://git.openstack.org/openstack/ironic-staging-drivers <https://git.openstack.org/cgit/openstack/ironic-staging-drivers>`__
+karbor `git://git.openstack.org/openstack/karbor <https://git.openstack.org/cgit/openstack/karbor>`__
+karbor-dashboard `git://git.openstack.org/openstack/karbor-dashboard <https://git.openstack.org/cgit/openstack/karbor-dashboard>`__
+keystone `git://git.openstack.org/openstack/keystone <https://git.openstack.org/cgit/openstack/keystone>`__
kingbird `git://git.openstack.org/openstack/kingbird <https://git.openstack.org/cgit/openstack/kingbird>`__
-kuryr `git://git.openstack.org/openstack/kuryr <https://git.openstack.org/cgit/openstack/kuryr>`__
+kuryr-kubernetes `git://git.openstack.org/openstack/kuryr-kubernetes <https://git.openstack.org/cgit/openstack/kuryr-kubernetes>`__
+kuryr-libnetwork `git://git.openstack.org/openstack/kuryr-libnetwork <https://git.openstack.org/cgit/openstack/kuryr-libnetwork>`__
magnum `git://git.openstack.org/openstack/magnum <https://git.openstack.org/cgit/openstack/magnum>`__
magnum-ui `git://git.openstack.org/openstack/magnum-ui <https://git.openstack.org/cgit/openstack/magnum-ui>`__
manila `git://git.openstack.org/openstack/manila <https://git.openstack.org/cgit/openstack/manila>`__
+masakari `git://git.openstack.org/openstack/masakari <https://git.openstack.org/cgit/openstack/masakari>`__
mistral `git://git.openstack.org/openstack/mistral <https://git.openstack.org/cgit/openstack/mistral>`__
+monasca-analytics `git://git.openstack.org/openstack/monasca-analytics <https://git.openstack.org/cgit/openstack/monasca-analytics>`__
monasca-api `git://git.openstack.org/openstack/monasca-api <https://git.openstack.org/cgit/openstack/monasca-api>`__
+monasca-ceilometer `git://git.openstack.org/openstack/monasca-ceilometer <https://git.openstack.org/cgit/openstack/monasca-ceilometer>`__
monasca-log-api `git://git.openstack.org/openstack/monasca-log-api <https://git.openstack.org/cgit/openstack/monasca-log-api>`__
+monasca-transform `git://git.openstack.org/openstack/monasca-transform <https://git.openstack.org/cgit/openstack/monasca-transform>`__
murano `git://git.openstack.org/openstack/murano <https://git.openstack.org/cgit/openstack/murano>`__
networking-6wind `git://git.openstack.org/openstack/networking-6wind <https://git.openstack.org/cgit/openstack/networking-6wind>`__
networking-bagpipe `git://git.openstack.org/openstack/networking-bagpipe <https://git.openstack.org/cgit/openstack/networking-bagpipe>`__
@@ -79,6 +92,7 @@
networking-cisco `git://git.openstack.org/openstack/networking-cisco <https://git.openstack.org/cgit/openstack/networking-cisco>`__
networking-fortinet `git://git.openstack.org/openstack/networking-fortinet <https://git.openstack.org/cgit/openstack/networking-fortinet>`__
networking-generic-switch `git://git.openstack.org/openstack/networking-generic-switch <https://git.openstack.org/cgit/openstack/networking-generic-switch>`__
+networking-huawei `git://git.openstack.org/openstack/networking-huawei <https://git.openstack.org/cgit/openstack/networking-huawei>`__
networking-infoblox `git://git.openstack.org/openstack/networking-infoblox <https://git.openstack.org/cgit/openstack/networking-infoblox>`__
networking-l2gw `git://git.openstack.org/openstack/networking-l2gw <https://git.openstack.org/cgit/openstack/networking-l2gw>`__
networking-midonet `git://git.openstack.org/openstack/networking-midonet <https://git.openstack.org/cgit/openstack/networking-midonet>`__
@@ -92,16 +106,22 @@
networking-plumgrid `git://git.openstack.org/openstack/networking-plumgrid <https://git.openstack.org/cgit/openstack/networking-plumgrid>`__
networking-powervm `git://git.openstack.org/openstack/networking-powervm <https://git.openstack.org/cgit/openstack/networking-powervm>`__
networking-sfc `git://git.openstack.org/openstack/networking-sfc <https://git.openstack.org/cgit/openstack/networking-sfc>`__
+networking-vpp `git://git.openstack.org/openstack/networking-vpp <https://git.openstack.org/cgit/openstack/networking-vpp>`__
networking-vsphere `git://git.openstack.org/openstack/networking-vsphere <https://git.openstack.org/cgit/openstack/networking-vsphere>`__
neutron `git://git.openstack.org/openstack/neutron <https://git.openstack.org/cgit/openstack/neutron>`__
+neutron-dynamic-routing `git://git.openstack.org/openstack/neutron-dynamic-routing <https://git.openstack.org/cgit/openstack/neutron-dynamic-routing>`__
+neutron-fwaas `git://git.openstack.org/openstack/neutron-fwaas <https://git.openstack.org/cgit/openstack/neutron-fwaas>`__
neutron-lbaas `git://git.openstack.org/openstack/neutron-lbaas <https://git.openstack.org/cgit/openstack/neutron-lbaas>`__
neutron-lbaas-dashboard `git://git.openstack.org/openstack/neutron-lbaas-dashboard <https://git.openstack.org/cgit/openstack/neutron-lbaas-dashboard>`__
neutron-vpnaas `git://git.openstack.org/openstack/neutron-vpnaas <https://git.openstack.org/cgit/openstack/neutron-vpnaas>`__
+nimble `git://git.openstack.org/openstack/nimble <https://git.openstack.org/cgit/openstack/nimble>`__
nova-docker `git://git.openstack.org/openstack/nova-docker <https://git.openstack.org/cgit/openstack/nova-docker>`__
+nova-lxd `git://git.openstack.org/openstack/nova-lxd <https://git.openstack.org/cgit/openstack/nova-lxd>`__
+nova-mksproxy `git://git.openstack.org/openstack/nova-mksproxy <https://git.openstack.org/cgit/openstack/nova-mksproxy>`__
nova-powervm `git://git.openstack.org/openstack/nova-powervm <https://git.openstack.org/cgit/openstack/nova-powervm>`__
octavia `git://git.openstack.org/openstack/octavia <https://git.openstack.org/cgit/openstack/octavia>`__
osprofiler `git://git.openstack.org/openstack/osprofiler <https://git.openstack.org/cgit/openstack/osprofiler>`__
-python-freezerclient `git://git.openstack.org/openstack/python-freezerclient <https://git.openstack.org/cgit/openstack/python-freezerclient>`__
+panko `git://git.openstack.org/openstack/panko <https://git.openstack.org/cgit/openstack/panko>`__
rally `git://git.openstack.org/openstack/rally <https://git.openstack.org/cgit/openstack/rally>`__
sahara `git://git.openstack.org/openstack/sahara <https://git.openstack.org/cgit/openstack/sahara>`__
sahara-dashboard `git://git.openstack.org/openstack/sahara-dashboard <https://git.openstack.org/cgit/openstack/sahara-dashboard>`__
@@ -109,12 +129,11 @@
searchlight `git://git.openstack.org/openstack/searchlight <https://git.openstack.org/cgit/openstack/searchlight>`__
searchlight-ui `git://git.openstack.org/openstack/searchlight-ui <https://git.openstack.org/cgit/openstack/searchlight-ui>`__
senlin `git://git.openstack.org/openstack/senlin <https://git.openstack.org/cgit/openstack/senlin>`__
-smaug `git://git.openstack.org/openstack/smaug <https://git.openstack.org/cgit/openstack/smaug>`__
-smaug-dashboard `git://git.openstack.org/openstack/smaug-dashboard <https://git.openstack.org/cgit/openstack/smaug-dashboard>`__
solum `git://git.openstack.org/openstack/solum <https://git.openstack.org/cgit/openstack/solum>`__
tacker `git://git.openstack.org/openstack/tacker <https://git.openstack.org/cgit/openstack/tacker>`__
tap-as-a-service `git://git.openstack.org/openstack/tap-as-a-service <https://git.openstack.org/cgit/openstack/tap-as-a-service>`__
tricircle `git://git.openstack.org/openstack/tricircle <https://git.openstack.org/cgit/openstack/tricircle>`__
+trio2o `git://git.openstack.org/openstack/trio2o <https://git.openstack.org/cgit/openstack/trio2o>`__
trove `git://git.openstack.org/openstack/trove <https://git.openstack.org/cgit/openstack/trove>`__
trove-dashboard `git://git.openstack.org/openstack/trove-dashboard <https://git.openstack.org/cgit/openstack/trove-dashboard>`__
vitrage `git://git.openstack.org/openstack/vitrage <https://git.openstack.org/cgit/openstack/vitrage>`__
@@ -124,6 +143,8 @@
watcher-dashboard `git://git.openstack.org/openstack/watcher-dashboard <https://git.openstack.org/cgit/openstack/watcher-dashboard>`__
zaqar `git://git.openstack.org/openstack/zaqar <https://git.openstack.org/cgit/openstack/zaqar>`__
zaqar-ui `git://git.openstack.org/openstack/zaqar-ui <https://git.openstack.org/cgit/openstack/zaqar-ui>`__
+zun `git://git.openstack.org/openstack/zun <https://git.openstack.org/cgit/openstack/zun>`__
+zun-ui `git://git.openstack.org/openstack/zun-ui <https://git.openstack.org/cgit/openstack/zun-ui>`__
====================================== ===
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 83e5609..31987bc 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -99,6 +99,8 @@
should exist at this point.
- **extra** - Called near the end after layer 1 and 2 services have
been started.
+ - **test-config** - Called at the end of devstack used to configure tempest
+ or any other test environments
- **unstack** - Called by ``unstack.sh`` before other services are shut
down.
diff --git a/doc/source/site-map.rst b/doc/source/site-map.rst
new file mode 100644
index 0000000..801fc66
--- /dev/null
+++ b/doc/source/site-map.rst
@@ -0,0 +1,23 @@
+:orphan:
+
+.. the TOC on the front page actually makes the document a lot more
+ confusing. This lets us bury a toc which we can link in when
+ appropriate.
+
+==========
+ Site Map
+==========
+
+.. toctree::
+ :glob:
+ :maxdepth: 3
+
+ overview
+ configuration
+ networking
+ plugins
+ plugin-registry
+ faq
+ development
+ hacking
+ guides
diff --git a/exercises/aggregates.sh b/exercises/aggregates.sh
index 808ef76..8cbca54 100755
--- a/exercises/aggregates.sh
+++ b/exercises/aggregates.sh
@@ -20,7 +20,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
diff --git a/exercises/boot_from_volume.sh b/exercises/boot_from_volume.sh
index 5409859..7478bdf 100755
--- a/exercises/boot_from_volume.sh
+++ b/exercises/boot_from_volume.sh
@@ -16,7 +16,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
@@ -32,6 +32,7 @@
# Import project functions
source $TOP_DIR/lib/cinder
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
# Import configuration
diff --git a/exercises/client-args.sh b/exercises/client-args.sh
index 2c8fe81..b380968 100755
--- a/exercises/client-args.sh
+++ b/exercises/client-args.sh
@@ -13,7 +13,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
diff --git a/exercises/client-env.sh b/exercises/client-env.sh
index 6ab4d08..fff04df 100755
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@@ -13,7 +13,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
diff --git a/exercises/floating_ips.sh b/exercises/floating_ips.sh
index 4b72a00..5abc713 100755
--- a/exercises/floating_ips.sh
+++ b/exercises/floating_ips.sh
@@ -13,7 +13,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
@@ -31,6 +31,7 @@
source $TOP_DIR/openrc
# Import project functions
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
# Import exercise configuration
diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index a3128a8..e003c56 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -20,7 +20,7 @@
set -o errtrace
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
# Environment
@@ -37,6 +37,7 @@
source $TOP_DIR/openrc
# Import neutron functions
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
# If neutron is not enabled we exit with exitcode 55, which means exercise is skipped.
@@ -147,7 +148,7 @@
function get_role_id {
local ROLE_NAME=$1
local ROLE_ID
- ROLE_ID=`openstack role list | grep $ROLE_NAME | awk '{print $2}'`
+ ROLE_ID=`openstack role assignment list | grep $ROLE_NAME | awk '{print $2}'`
die_if_not_set $LINENO ROLE_ID "Failure retrieving ROLE_ID for $ROLE_NAME"
echo "$ROLE_ID"
}
diff --git a/exercises/sec_groups.sh b/exercises/sec_groups.sh
index 5f8b0a4..2f78e39 100755
--- a/exercises/sec_groups.sh
+++ b/exercises/sec_groups.sh
@@ -13,7 +13,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
diff --git a/exercises/swift.sh b/exercises/swift.sh
index 4a41e0f..8aa376b 100755
--- a/exercises/swift.sh
+++ b/exercises/swift.sh
@@ -13,7 +13,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
diff --git a/exercises/volumes.sh b/exercises/volumes.sh
index f95c81f..e7c3560 100755
--- a/exercises/volumes.sh
+++ b/exercises/volumes.sh
@@ -13,7 +13,7 @@
set -o errexit
# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
+# an error. It is also useful for following as the install occurs.
set -o xtrace
@@ -32,6 +32,7 @@
# Import project functions
source $TOP_DIR/lib/cinder
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
# Import exercise configuration
diff --git a/extras.d/60-ceph.sh b/extras.d/60-ceph.sh
deleted file mode 100644
index cc90128..0000000
--- a/extras.d/60-ceph.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-# ceph.sh - DevStack extras script to install Ceph
-
-if is_service_enabled ceph; then
- if [[ "$1" == "source" ]]; then
- # Initial source
- source $TOP_DIR/lib/ceph
- elif [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
- echo_summary "Installing Ceph"
- check_os_support_ceph
- if [ "$REMOTE_CEPH" = "False" ]; then
- install_ceph
- echo_summary "Configuring Ceph"
- configure_ceph
- # NOTE (leseb): Do everything here because we need to have Ceph started before the main
- # OpenStack components. Ceph OSD must start here otherwise we can't upload any images.
- echo_summary "Initializing Ceph"
- init_ceph
- start_ceph
- else
- install_ceph_remote
- fi
- elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
- if is_service_enabled glance; then
- echo_summary "Configuring Glance for Ceph"
- configure_ceph_glance
- fi
- if is_service_enabled nova; then
- echo_summary "Configuring Nova for Ceph"
- configure_ceph_nova
- fi
- if is_service_enabled cinder; then
- echo_summary "Configuring Cinder for Ceph"
- configure_ceph_cinder
- fi
- if is_service_enabled n-cpu; then
- # NOTE (leseb): the part below is a requirement to attach Ceph block devices
- echo_summary "Configuring libvirt secret"
- import_libvirt_secret_ceph
- fi
-
- if [ "$REMOTE_CEPH" = "False" ]; then
- if is_service_enabled glance; then
- echo_summary "Configuring Glance for Ceph"
- configure_ceph_embedded_glance
- fi
- if is_service_enabled nova; then
- echo_summary "Configuring Nova for Ceph"
- configure_ceph_embedded_nova
- fi
- if is_service_enabled cinder; then
- echo_summary "Configuring Cinder for Ceph"
- configure_ceph_embedded_cinder
- fi
- fi
- fi
-
- if [[ "$1" == "unstack" ]]; then
- if [ "$REMOTE_CEPH" = "True" ]; then
- cleanup_ceph_remote
- else
- cleanup_ceph_embedded
- stop_ceph
- fi
- cleanup_ceph_general
- fi
-
- if [[ "$1" == "clean" ]]; then
- if [ "$REMOTE_CEPH" = "True" ]; then
- cleanup_ceph_remote
- else
- cleanup_ceph_embedded
- fi
- cleanup_ceph_general
- fi
-fi
diff --git a/extras.d/80-tempest.sh b/extras.d/80-tempest.sh
index fcf79bd..6a3d121 100644
--- a/extras.d/80-tempest.sh
+++ b/extras.d/80-tempest.sh
@@ -13,6 +13,8 @@
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Tempest"
configure_tempest
+ echo_summary "Installing Tempest Plugins"
+ install_tempest_plugins
elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
# local.conf Tempest option overrides
:
diff --git a/files/apache-placement-api.template b/files/apache-placement-api.template
new file mode 100644
index 0000000..b89ef96
--- /dev/null
+++ b/files/apache-placement-api.template
@@ -0,0 +1,25 @@
+Listen %PUBLICPORT%
+
+<VirtualHost *:%PUBLICPORT%>
+ WSGIDaemonProcess placement-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIProcessGroup placement-api
+ WSGIScriptAlias / %PUBLICWSGI%
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%M"
+ </IfVersion>
+ ErrorLog /var/log/%APACHE_NAME%/placement-api.log
+ %SSLENGINE%
+ %SSLCERTFILE%
+ %SSLKEYFILE%
+</VirtualHost>
+
+Alias /placement %PUBLICWSGI%
+<Location /placement>
+ SetHandler wsgi-script
+ Options +ExecCGI
+ WSGIProcessGroup placement-api
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+</Location>
diff --git a/files/debs/cinder b/files/debs/cinder
index 3595e01..c1b79fd 100644
--- a/files/debs/cinder
+++ b/files/debs/cinder
@@ -3,3 +3,4 @@
open-iscsi-utils # Deprecated since quantal dist:precise
qemu-utils
tgt # NOPRIME
+thin-provisioning-tools
diff --git a/files/debs/tls-proxy b/files/debs/tls-proxy
index dce9c07..5bd8e21 100644
--- a/files/debs/tls-proxy
+++ b/files/debs/tls-proxy
@@ -1 +1 @@
-stud
+apache2
diff --git a/files/rpms/general b/files/rpms/general
index 2d4a97a..d0ceb56 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -7,9 +7,9 @@
gettext # used for compiling message catalogs
git-core
graphviz # needed only for docs
-iptables-services # NOPRIME f22,f23
+iptables-services # NOPRIME f23,f24
java-1.7.0-openjdk-headless # NOPRIME rhel7
-java-1.8.0-openjdk-headless # NOPRIME f22,f23
+java-1.8.0-openjdk-headless # NOPRIME f23,f24
libffi-devel
libjpeg-turbo-devel # Pillow 3.0.0
libxml2-devel # lxml
diff --git a/files/rpms/nova b/files/rpms/nova
index 0312e85..a883ec4 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -7,7 +7,7 @@
genisoimage # required for config_drive
iptables
iputils
-kernel-modules # dist:f22,f23
+kernel-modules # dist:f23,f24
kpartx
kvm # NOPRIME
libvirt-bin # NOPRIME
diff --git a/files/rpms/swift b/files/rpms/swift
index 46dc59d..bd249ee 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -2,7 +2,7 @@
liberasurecode-devel
memcached
pyxattr
-rsync-daemon # dist:f22,f23
+rsync-daemon # dist:f23,f24
sqlite
xfsprogs
xinetd
diff --git a/functions b/functions
index 1bfb8a5..6a0ac67 100644
--- a/functions
+++ b/functions
@@ -41,6 +41,9 @@
file=${file#$RC_DIR/}
printf "%-40s " "$file:${called[1]}:${called[0]}"
}
+# PS4 is exported to child shells and uses the 'short_source' function, so
+# export it so child shells have access to the 'short_source' function also.
+export -f short_source
# Retrieve an image from a URL and upload into Glance.
@@ -83,7 +86,7 @@
# OpenVZ-format images are provided as .tar.gz, but not decompressed prior to loading
if [[ "$image_url" =~ 'openvz' ]]; then
image_name="${image_fname%.tar.gz}"
- openstack --os-cloud=devstack-admin image create "$image_name" --public --container-format ami --disk-format ami < "${image}"
+ openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" --public --container-format ami --disk-format ami < "${image}"
return
fi
@@ -197,7 +200,7 @@
vmdk_adapter_type="${props[1]:-$vmdk_adapter_type}"
vmdk_net_adapter="${props[2]:-$vmdk_net_adapter}"
- openstack --os-cloud=devstack-admin image create "$image_name" --public --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${image}"
+ openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" --public --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${image}"
return
fi
@@ -214,7 +217,7 @@
force_vm_mode="--property vm_mode=xen"
fi
openstack \
- --os-cloud=devstack-admin \
+ --os-cloud=devstack-admin --os-region-name="$REGION_NAME" \
image create \
"$image_name" --public \
--container-format=ovf --disk-format=vhd \
@@ -228,7 +231,7 @@
if [[ "$image_url" =~ '.xen-raw.tgz' ]]; then
image_name="${image_fname%.xen-raw.tgz}"
openstack \
- --os-cloud=devstack-admin \
+ --os-cloud=devstack-admin --os-region-name="$REGION_NAME" \
image create \
"$image_name" --public \
--container-format=tgz --disk-format=raw \
@@ -244,10 +247,11 @@
fi
openstack \
- --os-cloud=devstack-admin \
+ --os-cloud=devstack-admin --os-region-name="$REGION_NAME" \
image create \
"$image_name" --public \
--container-format=bare --disk-format=ploop \
+ --property hypervisor_type=vz \
--property vm_mode=$vm_mode < "${image}"
return
fi
@@ -295,6 +299,12 @@
container_format=bare
unpack=zcat
;;
+ *.img.bz2)
+ image_name=$(basename "$image" ".img.bz2")
+ disk_format=qcow2
+ container_format=bare
+ unpack=bunzip2
+ ;;
*.qcow2)
image_name=$(basename "$image" ".qcow2")
disk_format=qcow2
@@ -322,14 +332,16 @@
fi
if is_arch "aarch64"; then
- img_property="--property hw_machine_type=virt --property hw_cdrom_bus=virtio --property os_command_line='console=ttyAMA0'"
+ img_property="--property hw_machine_type=virt --property hw_cdrom_bus=scsi --property hw_scsi_model=virtio-scsi --property os_command_line='console=ttyAMA0'"
fi
if [ "$container_format" = "bare" ]; then
if [ "$unpack" = "zcat" ]; then
- openstack --os-cloud=devstack-admin image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
+ openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
+ elif [ "$unpack" = "bunzip2" ]; then
+ openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(bunzip2 -cdk "${image}")
else
- openstack --os-cloud=devstack-admin image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < "${image}"
+ openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < "${image}"
fi
else
# Use glance client to add the kernel the root filesystem.
@@ -337,12 +349,12 @@
# kernel for use when uploading the root filesystem.
local kernel_id="" ramdisk_id="";
if [ -n "$kernel" ]; then
- kernel_id=$(openstack --os-cloud=devstack-admin image create "$image_name-kernel" $img_property --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
+ kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $img_property --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
fi
if [ -n "$ramdisk" ]; then
- ramdisk_id=$(openstack --os-cloud=devstack-admin image create "$image_name-ramdisk" $img_property --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
+ ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $img_property --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
fi
- openstack --os-cloud=devstack-admin image create "${image_name%.img}" $img_property --public --container-format ami --disk-format ami ${kernel_id:+--property kernel_id=$kernel_id} ${ramdisk_id:+--property ramdisk_id=$ramdisk_id} < "${image}"
+ openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "${image_name%.img}" $img_property --public --container-format ami --disk-format ami ${kernel_id:+--property kernel_id=$kernel_id} ${ramdisk_id:+--property ramdisk_id=$ramdisk_id} < "${image}"
fi
}
@@ -370,12 +382,24 @@
# Wait for an HTTP server to start answering requests
# wait_for_service timeout url
+#
+# If the service we want is behind a proxy, the proxy may be available
+# before the service. Compliant proxies will return a 503 in this case
+# Loop until we get something else.
+# Also check for the case where there is no proxy and the service just
+# hasn't started yet. curl returns 7 for Failed to connect to host.
function wait_for_service {
local timeout=$1
local url=$2
+ local rval=0
time_start "wait_for_service"
- timeout $timeout sh -c "while ! $CURL_GET -k --noproxy '*' -s $url >/dev/null; do sleep 1; done"
+ timeout $timeout bash -x <<EOF || rval=$?
+ while [[ \$( ${CURL_GET} -k --noproxy '*' -s -o /dev/null -w '%{http_code}' ${url} ) == 503 || \$? -eq 7 ]]; do
+ sleep 1
+ done
+EOF
time_stop "wait_for_service"
+ return $rval
}
@@ -500,61 +524,6 @@
}
-# This function recursively compares versions, and is not meant to be
-# called by anything other than vercmp_numbers below. This function does
-# not work with alphabetic versions.
-#
-# _vercmp_r sep ver1 ver2
-function _vercmp_r {
- typeset sep
- typeset -a ver1=() ver2=()
- sep=$1; shift
- ver1=("${@:1:sep}")
- ver2=("${@:sep+1}")
-
- if ((ver1 > ver2)); then
- echo 1; return 0
- elif ((ver2 > ver1)); then
- echo -1; return 0
- fi
-
- if ((sep <= 1)); then
- echo 0; return 0
- fi
-
- _vercmp_r $((sep-1)) "${ver1[@]:1}" "${ver2[@]:1}"
-}
-
-
-# This function compares two versions and is meant to be called by
-# external callers. Please note the function assumes non-alphabetic
-# versions. For example, this will work:
-#
-# vercmp_numbers 1.10 1.4
-#
-# The above will return "1", as 1.10 is greater than 1.4.
-#
-# vercmp_numbers 5.2 6.4
-#
-# The above will return "-1", as 5.2 is less than 6.4.
-#
-# vercmp_numbers 4.0 4.0
-#
-# The above will return "0", as the versions are equal.
-#
-# vercmp_numbers ver1 ver2
-function vercmp_numbers {
- typeset v1=$1 v2=$2 sep
- typeset -a ver1 ver2
-
- deprecated "vercmp_numbers is deprecated for more generic vercmp"
-
- IFS=. read -ra ver1 <<< "$v1"
- IFS=. read -ra ver2 <<< "$v2"
-
- _vercmp_r "${#ver1[@]}" "${ver1[@]}" "${ver2[@]}"
-}
-
# vercmp ver1 op ver2
# Compare VER1 to VER2
# - op is one of < <= == >= >
@@ -668,6 +637,33 @@
fi
}
+
+# set_mtu - Set MTU on a device
+function set_mtu {
+ local dev=$1
+ local mtu=$2
+ sudo ip link set mtu $mtu dev $dev
+}
+
+
+# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
+function enable_kernel_bridge_firewall {
+ # Load bridge module. This module provides access to firewall for bridged
+ # frames; and also on older kernels (pre-3.18) it provides sysctl knobs to
+ # enable/disable bridge firewalling
+ sudo modprobe bridge
+ # For newer kernels (3.18+), those sysctl settings are split into a separate
+ # kernel module (br_netfilter). Load it too, if present.
+ sudo modprobe br_netfilter 2>> /dev/null || :
+ # Enable bridge firewalling in case it's disabled in kernel (upstream
+ # default is enabled, but some distributions may decide to change it).
+ # This is at least needed for RHEL 7.2 and earlier releases.
+ for proto in arp ip ip6; do
+ sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
+ done
+}
+
+
# Restore xtrace
$_XTRACE_FUNCTIONS
diff --git a/functions-common b/functions-common
index e44fea1..87e6bb4 100644
--- a/functions-common
+++ b/functions-common
@@ -380,6 +380,7 @@
DISTRO="sle${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
+ "$os_VENDOR" =~ (Scientific) || \
"$os_VENDOR" =~ (OracleServer) || \
"$os_VENDOR" =~ (Virtuozzo) ]]; then
# Drop the . release as we assume it's compatible
@@ -864,11 +865,9 @@
domain_args=$(_get_domain_args $4 $5)
# Gets user role id
- user_role_id=$(openstack role list \
+ user_role_id=$(openstack role assignment list \
--user $2 \
- --column "ID" \
--project $3 \
- --column "Name" \
$domain_args \
| grep " $1 " | get_field 1)
if [[ -z "$user_role_id" ]]; then
@@ -877,11 +876,9 @@
--user $2 \
--project $3 \
$domain_args
- user_role_id=$(openstack role list \
+ user_role_id=$(openstack role assignment list \
--user $2 \
- --column "ID" \
--project $3 \
- --column "Name" \
$domain_args \
| grep " $1 " | get_field 1)
fi
@@ -893,22 +890,18 @@
function get_or_add_user_domain_role {
local user_role_id
# Gets user role id
- user_role_id=$(openstack role list \
+ user_role_id=$(openstack role assignment list \
--user $2 \
- --column "ID" \
--domain $3 \
- --column "Name" \
| grep " $1 " | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
openstack role add $1 \
--user $2 \
--domain $3
- user_role_id=$(openstack role list \
+ user_role_id=$(openstack role assignment list \
--user $2 \
- --column "ID" \
--domain $3 \
- --column "Name" \
| grep " $1 " | get_field 1)
fi
echo $user_role_id
@@ -919,13 +912,11 @@
function get_or_add_user_domain_role {
local user_role_id
# Gets user role id
- user_role_id=$(openstack role list \
+ user_role_id=$(openstack role assignment list \
--user $2 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
- --column "ID" \
--domain $3 \
- --column "Name" \
| grep " $1 " | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
@@ -934,13 +925,11 @@
--domain $3 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3
- user_role_id=$(openstack role list \
+ user_role_id=$(openstack role assignment list \
--user $2 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
- --column "ID" \
--domain $3 \
- --column "Name" \
| grep " $1 " | get_field 1)
fi
echo $user_role_id
@@ -951,19 +940,19 @@
function get_or_add_group_project_role {
local group_role_id
# Gets group role id
- group_role_id=$(openstack role list \
+ group_role_id=$(openstack role assignment list \
--group $2 \
--project $3 \
- -c "ID" -f value)
+ -f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
--group $2 \
--project $3
- group_role_id=$(openstack role list \
+ group_role_id=$(openstack role assignment list \
--group $2 \
--project $3 \
- -c "ID" -f value)
+ -f value)
fi
echo $group_role_id
}
@@ -1685,7 +1674,7 @@
local logfile=$2
if [[ "$USE_SCREEN" = "True" ]]; then
- screen_process "$name" "sudo tail -f $logfile"
+ screen_process "$name" "sudo tail -f $logfile | sed 's/\\\\\\\\x1b/\o033/g'"
fi
}
@@ -1879,7 +1868,7 @@
# white listed elements in tree. We want these to move out
# over time as well, but they are in tree, so we need to
# manage that.
- local exceptions="60-ceph.sh 80-tempest.sh"
+ local exceptions="80-tempest.sh"
local extra
extra=$(basename $extra_plugin_file_name)
if [[ ! ( $exceptions =~ "$extra" ) ]]; then
@@ -2063,14 +2052,14 @@
# TODO(dtroyer): Remove these legacy special-cases after the is_XXX_enabled()
# are implemented
- [[ ${service} == n-cell-* && ${ENABLED_SERVICES} =~ "n-cell" ]] && enabled=0
- [[ ${service} == n-cpu-* && ${ENABLED_SERVICES} =~ "n-cpu" ]] && enabled=0
- [[ ${service} == "nova" && ${ENABLED_SERVICES} =~ "n-" ]] && enabled=0
- [[ ${service} == "glance" && ${ENABLED_SERVICES} =~ "g-" ]] && enabled=0
- [[ ${service} == "neutron" && ${ENABLED_SERVICES} =~ "q-" ]] && enabled=0
- [[ ${service} == "trove" && ${ENABLED_SERVICES} =~ "tr-" ]] && enabled=0
- [[ ${service} == "swift" && ${ENABLED_SERVICES} =~ "s-" ]] && enabled=0
- [[ ${service} == s-* && ${ENABLED_SERVICES} =~ "swift" ]] && enabled=0
+ [[ ${service} == n-cell-* && ,${ENABLED_SERVICES} =~ ,"n-cell" ]] && enabled=0
+ [[ ${service} == n-cpu-* && ,${ENABLED_SERVICES} =~ ,"n-cpu" ]] && enabled=0
+ [[ ${service} == "nova" && ,${ENABLED_SERVICES} =~ ,"n-" ]] && enabled=0
+ [[ ${service} == "glance" && ,${ENABLED_SERVICES} =~ ,"g-" ]] && enabled=0
+ [[ ${service} == "neutron" && ,${ENABLED_SERVICES} =~ ,"q-" ]] && enabled=0
+ [[ ${service} == "trove" && ,${ENABLED_SERVICES} =~ ,"tr-" ]] && enabled=0
+ [[ ${service} == "swift" && ,${ENABLED_SERVICES} =~ ,"s-" ]] && enabled=0
+ [[ ${service} == s-* && ,${ENABLED_SERVICES} =~ ,"swift" ]] && enabled=0
done
$xtrace
@@ -2206,6 +2195,18 @@
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
+# Check if this is a valid ipv4 address string
+function is_ipv4_address {
+ local address=$1
+ local regex='([0-9]{1,3}.){3}[0-9]{1,3}'
+ # TODO(clarkb) make this more robust
+ if [[ "$address" =~ $regex ]] ; then
+ return 0
+ else
+ return 1
+ fi
+}
+
# Gracefully cp only if source file/dir exists
# cp_it source destination
function cp_it {
@@ -2263,11 +2264,12 @@
# Service wrapper to restart services
# restart_service service-name
function restart_service {
- if is_ubuntu; then
- sudo /usr/sbin/service $1 restart
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl restart $1
else
- sudo /sbin/service $1 restart
+ sudo service $1 restart
fi
+
}
# Only change permissions of a file or directory if it is not on an
@@ -2285,20 +2287,30 @@
# Service wrapper to start services
# start_service service-name
function start_service {
- if is_ubuntu; then
- sudo /usr/sbin/service $1 start
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl start $1
else
- sudo /sbin/service $1 start
+ sudo service $1 start
fi
}
# Service wrapper to stop services
# stop_service service-name
function stop_service {
- if is_ubuntu; then
- sudo /usr/sbin/service $1 stop
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl stop $1
else
- sudo /sbin/service $1 stop
+ sudo service $1 stop
+ fi
+}
+
+# Service wrapper to stop services
+# reload_service service-name
+function reload_service {
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl reload $1
+ else
+ sudo service $1 reload
fi
}
@@ -2369,7 +2381,7 @@
function time_stop {
local name
local end_time
- local elpased_time
+ local elapsed_time
local total
local start_time
diff --git a/inc/ini-config b/inc/ini-config
index 1f12343..68d48d1 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -274,6 +274,170 @@
$xtrace
}
+# Set a localrc var
+function localrc_set {
+ local file=$1
+ local group="local"
+ local conf="localrc"
+ local section=""
+ local option=$2
+ local value=$3
+ localconf_set "$file" "$group" "$conf" "$section" "$option" "$value"
+}
+
+# Check if local.conf has section.
+function localconf_has_section {
+ local file=$1
+ local group=$2
+ local conf=$3
+ local section=$4
+ local sep
+ sep=$(echo -ne "\x01")
+ local line
+ line=$(sed -ne "\\${sep}^\[\[${group}|${conf}\]\]${sep},\\${sep}\[\[.*\]\]${sep}{
+ /\[${section}\]/p
+ }" "$file")
+ [ -n "$line" ]
+}
+
+# Check if local.conf has option.
+function localconf_has_option {
+ local file=$1
+ local group=$2
+ local conf=$3
+ local section=$4
+ local option=$5
+ local sep
+ sep=$(echo -ne "\x01")
+ local line
+ if [[ -z "$section" ]]; then
+ line=$(sed -ne "\\${sep}^\[\[${group}|${conf}\]\]${sep},\\${sep}\[\[.*\]\]${sep}{
+ /${option}[ \t]*=.*$/p
+ }" "$file")
+ else
+ line=$(sed -ne "\\${sep}^\[\[${group}|${conf}\]\]${sep},\\${sep}\[\[.*\]\]${sep}{
+ /\[${section}\]/,/\[\[.*\]\]\|\[.*\]/{
+ /${option}[ \t]*=.*$/p}
+ }" "$file")
+ fi
+ [ -n "$line" ]
+}
+
+# Update option in local.conf.
+function localconf_update_option {
+ local sudo=$1
+ local file=$2
+ local group=$3
+ local conf=$4
+ local section=$5
+ local option=$6
+ local value=$7
+ local sep
+ sep=$(echo -ne "\x01")
+ if [[ -z "$section" ]]; then
+ $sudo sed -i -e "\\${sep}^\[\[${group}|${conf}\]\]${sep},\\${sep}\[\[.*\]\]${sep}{
+ s${sep}^\(${option}[ \t]*=[ \t]*\).*\$${sep}\1${value}${sep}
+ }" "$file"
+ else
+ $sudo sed -i -e "\\${sep}^\[\[${group}|${conf}\]\]${sep},\\${sep}\[\[.*\]\]${sep}{
+ /\[${section}\]/,/\[\[.*\]\]\|\[.*\]/s${sep}^\(${option}[ \t]*=[ \t]*\).*\$${sep}\1${value}${sep}
+ }" "$file"
+ fi
+}
+
+# Add option in local.conf.
+function localconf_add_option {
+ local sudo=$1
+ local file=$2
+ local group=$3
+ local conf=$4
+ local section=$5
+ local option=$6
+ local value=$7
+ local sep
+ sep=$(echo -ne "\x01")
+ if [[ -z "$section" ]]; then
+ $sudo sed -i -e "\\${sep}^\[\[${group}|${conf}\]\]${sep} a $option=$value" "$file"
+ else
+ $sudo sed -i -e "\\${sep}^\[\[${group}|${conf}\]\]${sep},\\${sep}\[\[.*\]\]${sep}{
+ /\[${section}\]/ a $option=$value
+ }" "$file"
+ fi
+}
+
+# Add section and option in local.conf.
+function localconf_add_section_and_option {
+ local sudo=$1
+ local file=$2
+ local group=$3
+ local conf=$4
+ local section=$5
+ local option=$6
+ local value=$7
+ local sep
+ sep=$(echo -ne "\x01")
+ $sudo sed -i -e "\\${sep}^\[\[${group}|${conf}\]\]${sep} {
+ a [$section]
+ a $option=$value
+ }" "$file"
+}
+
+# Set an option in a local.conf file.
+# localconf_set [-sudo] config-file group conf-name section option value
+# - if the file does not exist, it is created
+function localconf_set {
+ local xtrace
+ xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+ local sep
+ sep=$(echo -ne "\x01")
+ local sudo=""
+ if [ $1 == "-sudo" ]; then
+ sudo="sudo "
+ shift
+ fi
+ local file=$1
+ local group=$2
+ local conf=$3
+ local section=$4
+ local option=$5
+ local value=$6
+
+ if [[ -z $group || -z $conf || -z $option || -z $value ]]; then
+ $xtrace
+ return
+ fi
+
+ if ! grep -q "^\[\[${group}|${conf}\]\]" "$file" 2>/dev/null; then
+ # Add meta section at the end if it does not exist
+ echo -e "\n[[${group}|${conf}]]" | $sudo tee --append "$file" > /dev/null
+ # Add section at the end
+ if [[ -n "$section" ]]; then
+ echo -e "[$section]" | $sudo tee --append "$file" > /dev/null
+ fi
+ # Add option at the end
+ echo -e "$option=$value" | $sudo tee --append "$file" > /dev/null
+ elif [[ -z "$section" ]]; then
+ if ! localconf_has_option "$file" "$group" "$conf" "$section" "$option"; then
+ # Add option
+ localconf_add_option "$sudo" "$file" "$group" "$conf" "$section" "$option" "$value"
+ else
+ # Replace it
+ localconf_update_option "$sudo" "$file" "$group" "$conf" "$section" "$option" "$value"
+ fi
+ elif ! localconf_has_section "$file" "$group" "$conf" "$section"; then
+ # Add section and option in specified meta section
+ localconf_add_section_and_option "$sudo" "$file" "$group" "$conf" "$section" "$option" "$value"
+ elif ! localconf_has_option "$file" "$group" "$conf" "$section" "$option"; then
+ # Add option
+ localconf_add_option "$sudo" "$file" "$group" "$conf" "$section" "$option" "$value"
+ else
+ # Replace it
+ localconf_update_option "$sudo" "$file" "$group" "$conf" "$section" "$option" "$value"
+ fi
+ $xtrace
+}
+
# Restore xtrace
$INC_CONF_TRACE
diff --git a/inc/python b/inc/python
index 495150d..e4cfab8 100644
--- a/inc/python
+++ b/inc/python
@@ -148,11 +148,15 @@
fi
$xtrace
+ # adding SETUPTOOLS_SYS_PATH_TECHNIQUE is a workaround to keep
+ # the same behaviour of setuptools before version 25.0.0.
+ # related issue: https://github.com/pypa/pip/issues/3874
$sudo_pip \
http_proxy="${http_proxy:-}" \
https_proxy="${https_proxy:-}" \
no_proxy="${no_proxy:-}" \
PIP_FIND_LINKS=$PIP_FIND_LINKS \
+ SETUPTOOLS_SYS_PATH_TECHNIQUE=rewrite \
$cmd_pip $upgrade \
$@
result=$?
@@ -192,7 +196,7 @@
function use_library_from_git {
local name=$1
local enabled=1
- [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0
+ [[ ${LIBS_FROM_GIT} = 'ALL' ]] || [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0
return $enabled
}
@@ -366,7 +370,7 @@
# Install python3 packages
function install_python3 {
if is_ubuntu; then
- apt_get install python3.4 python3.4-dev
+ apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev
fi
}
diff --git a/lib/apache b/lib/apache
index 2c84c7a..8a38cc4 100644
--- a/lib/apache
+++ b/lib/apache
@@ -39,27 +39,44 @@
APACHE_NAME=apache2
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
fi
+APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
# Functions
# ---------
+
+# Enable apache mod and restart apache if it isn't already enabled.
+function enable_apache_mod {
+ local mod=$1
+ # Apache installation, because we mark it NOPRIME
+ if is_ubuntu || is_suse ; then
+ if ! a2query -m $mod ; then
+ sudo a2enmod $mod
+ restart_apache_server
+ fi
+ elif is_fedora; then
+ # pass
+ true
+ else
+ exit_distro_not_supported "apache enable mod"
+ fi
+}
+
# install_apache_wsgi() - Install Apache server and wsgi module
function install_apache_wsgi {
# Apache installation, because we mark it NOPRIME
if is_ubuntu; then
# Install apache2, which is NOPRIME'd
install_package apache2 libapache2-mod-wsgi
- # WSGI isn't enabled by default, enable it
- sudo a2enmod wsgi
elif is_fedora; then
sudo rm -f /etc/httpd/conf.d/000-*
install_package httpd mod_wsgi
elif is_suse; then
install_package apache2 apache2-mod_wsgi
- # WSGI isn't enabled by default, enable it
- sudo a2enmod wsgi
else
- exit_distro_not_supported "apache installation"
+ exit_distro_not_supported "apache wsgi installation"
fi
+ # WSGI isn't enabled by default, enable it
+ enable_apache_mod wsgi
# ensure mod_version enabled for <IfVersion ...>. This is
# built-in statically on anything recent, but precise (2.2)
@@ -192,6 +209,11 @@
time_stop "restart_apache_server"
}
+# reload_apache_server
+function reload_apache_server {
+ reload_service $APACHE_NAME
+}
+
# Restore xtrace
$_XTRACE_LIB_APACHE
diff --git a/lib/ceph b/lib/ceph
deleted file mode 100644
index 3e0839a..0000000
--- a/lib/ceph
+++ /dev/null
@@ -1,382 +0,0 @@
-#!/bin/bash
-#
-# lib/ceph
-# Functions to control the configuration and operation of the **Ceph** storage service
-
-# Dependencies:
-#
-# - ``functions`` file
-# - ``CEPH_DATA_DIR`` or ``DATA_DIR`` must be defined
-
-# ``stack.sh`` calls the entry points in this order (via ``extras.d/60-ceph.sh``):
-#
-# - install_ceph
-# - configure_ceph
-# - init_ceph
-# - start_ceph
-# - stop_ceph
-# - cleanup_ceph
-
-# Save trace setting
-_XTRACE_LIB_CEPH=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-# Set ``CEPH_DATA_DIR`` to the location of Ceph drives and objects.
-# Default is the common DevStack data directory.
-CEPH_DATA_DIR=${CEPH_DATA_DIR:-/var/lib/ceph}
-CEPH_DISK_IMAGE=${CEPH_DATA_DIR}/drives/images/ceph.img
-
-# Set ``CEPH_CONF_DIR`` to the location of the configuration files.
-# Default is ``/etc/ceph``.
-CEPH_CONF_DIR=${CEPH_CONF_DIR:-/etc/ceph}
-
-# DevStack will create a loop-back disk formatted as XFS to store the
-# Ceph data. Set ``CEPH_LOOPBACK_DISK_SIZE`` to the disk size in
-# kilobytes.
-# Default is 1 gigabyte.
-CEPH_LOOPBACK_DISK_SIZE_DEFAULT=4G
-CEPH_LOOPBACK_DISK_SIZE=${CEPH_LOOPBACK_DISK_SIZE:-$CEPH_LOOPBACK_DISK_SIZE_DEFAULT}
-
-# Common
-CEPH_FSID=$(uuidgen)
-CEPH_CONF_FILE=${CEPH_CONF_DIR}/ceph.conf
-
-# Glance
-GLANCE_CEPH_USER=${GLANCE_CEPH_USER:-glance}
-GLANCE_CEPH_POOL=${GLANCE_CEPH_POOL:-images}
-GLANCE_CEPH_POOL_PG=${GLANCE_CEPH_POOL_PG:-8}
-GLANCE_CEPH_POOL_PGP=${GLANCE_CEPH_POOL_PGP:-8}
-
-# Nova
-NOVA_CEPH_POOL=${NOVA_CEPH_POOL:-vms}
-NOVA_CEPH_POOL_PG=${NOVA_CEPH_POOL_PG:-8}
-NOVA_CEPH_POOL_PGP=${NOVA_CEPH_POOL_PGP:-8}
-
-# Cinder
-CINDER_CEPH_POOL=${CINDER_CEPH_POOL:-volumes}
-CINDER_CEPH_POOL_PG=${CINDER_CEPH_POOL_PG:-8}
-CINDER_CEPH_POOL_PGP=${CINDER_CEPH_POOL_PGP:-8}
-CINDER_CEPH_USER=${CINDER_CEPH_USER:-cinder}
-CINDER_CEPH_UUID=${CINDER_CEPH_UUID:-$(uuidgen)}
-
-# Set ``CEPH_REPLICAS`` to configure how many replicas are to be
-# configured for your Ceph cluster. By default we are configuring
-# only one replica since this is way less CPU and memory intensive. If
-# you are planning to test Ceph replication feel free to increase this value
-CEPH_REPLICAS=${CEPH_REPLICAS:-1}
-CEPH_REPLICAS_SEQ=$(seq ${CEPH_REPLICAS})
-
-# Connect to an existing Ceph cluster
-REMOTE_CEPH=$(trueorfalse False REMOTE_CEPH)
-REMOTE_CEPH_ADMIN_KEY_PATH=${REMOTE_CEPH_ADMIN_KEY_PATH:-$CEPH_CONF_DIR/ceph.client.admin.keyring}
-
-# Cinder encrypted volume tests are not supported with a Ceph backend due to
-# bug 1463525.
-ATTACH_ENCRYPTED_VOLUME_AVAILABLE=False
-
-
-# Functions
-# ------------
-
-function get_ceph_version {
- local ceph_version_str
- ceph_version_str=$(sudo ceph daemon mon.$(hostname) version | cut -d '"' -f 4 | cut -f 1,2 -d '.')
- echo $ceph_version_str
-}
-
-# import_libvirt_secret_ceph() - Imports Cinder user key into libvirt
-# so it can connect to the Ceph cluster while attaching a Cinder block device
-function import_libvirt_secret_ceph {
- cat > secret.xml <<EOF
-<secret ephemeral='no' private='no'>
- <uuid>${CINDER_CEPH_UUID}</uuid>
- <usage type='ceph'>
- <name>client.${CINDER_CEPH_USER} secret</name>
- </usage>
-</secret>
-EOF
- sudo virsh secret-define --file secret.xml
- sudo virsh secret-set-value --secret ${CINDER_CEPH_UUID} --base64 $(sudo ceph -c ${CEPH_CONF_FILE} auth get-key client.${CINDER_CEPH_USER})
- sudo rm -f secret.xml
-}
-
-# undefine_virsh_secret() - Undefine Cinder key secret from libvirt
-function undefine_virsh_secret {
- if is_service_enabled cinder || is_service_enabled nova; then
- local virsh_uuid
- virsh_uuid=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
- sudo virsh secret-undefine ${virsh_uuid} >/dev/null 2>&1
- fi
-}
-
-
-# check_os_support_ceph() - Check if the operating system provides a decent version of Ceph
-function check_os_support_ceph {
- if [[ ! ${DISTRO} =~ (trusty|f22|f23) ]]; then
- echo "WARNING: your distro $DISTRO does not provide (at least) the Firefly release. Please use Ubuntu Trusty or Fedora 20 (and higher)"
- if [[ "$FORCE_CEPH_INSTALL" != "yes" ]]; then
- die $LINENO "If you wish to install Ceph on this distribution anyway run with FORCE_CEPH_INSTALL=yes"
- fi
- NO_UPDATE_REPOS=False
- fi
-}
-
-# cleanup_ceph() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_ceph_remote {
- # do a proper cleanup from here to avoid leftover on the remote Ceph cluster
- if is_service_enabled glance; then
- sudo ceph osd pool delete $GLANCE_CEPH_POOL $GLANCE_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
- sudo ceph auth del client.$GLANCE_CEPH_USER > /dev/null 2>&1
- fi
- if is_service_enabled cinder; then
- sudo ceph osd pool delete $CINDER_CEPH_POOL $CINDER_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
- sudo ceph auth del client.$CINDER_CEPH_USER > /dev/null 2>&1
- fi
- if is_service_enabled c-bak; then
- sudo ceph osd pool delete $CINDER_BAK_CEPH_POOL $CINDER_BAK_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
- sudo ceph auth del client.$CINDER_BAK_CEPH_USER > /dev/null 2>&1
- fi
- if is_service_enabled nova; then
- iniset $NOVA_CONF libvirt rbd_secret_uuid ""
- sudo ceph osd pool delete $NOVA_CEPH_POOL $NOVA_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
- fi
-}
-
-function cleanup_ceph_embedded {
- sudo killall -w -9 ceph-mon
- sudo killall -w -9 ceph-osd
- sudo rm -rf ${CEPH_DATA_DIR}/*/*
- if egrep -q ${CEPH_DATA_DIR} /proc/mounts; then
- sudo umount ${CEPH_DATA_DIR}
- fi
- if [[ -e ${CEPH_DISK_IMAGE} ]]; then
- sudo rm -f ${CEPH_DISK_IMAGE}
- fi
-
- # purge ceph config file and keys
- sudo rm -rf ${CEPH_CONF_DIR}/*
-}
-
-function cleanup_ceph_general {
- undefine_virsh_secret
-}
-
-
-# configure_ceph() - Set config files, create data dirs, etc
-function configure_ceph {
- local count=0
-
- # create a backing file disk
- create_disk ${CEPH_DISK_IMAGE} ${CEPH_DATA_DIR} ${CEPH_LOOPBACK_DISK_SIZE}
-
- # populate ceph directory
- sudo mkdir -p ${CEPH_DATA_DIR}/{bootstrap-mds,bootstrap-osd,mds,mon,osd,tmp}
-
- # create ceph monitor initial key and directory
- sudo ceph-authtool /var/lib/ceph/tmp/keyring.mon.$(hostname) \
- --create-keyring --name=mon. --add-key=$(ceph-authtool --gen-print-key) \
- --cap mon 'allow *'
- sudo mkdir /var/lib/ceph/mon/ceph-$(hostname)
-
- # create a default ceph configuration file
- sudo tee ${CEPH_CONF_FILE} > /dev/null <<EOF
-[global]
-fsid = ${CEPH_FSID}
-mon_initial_members = $(hostname)
-mon_host = ${SERVICE_HOST}
-auth_cluster_required = cephx
-auth_service_required = cephx
-auth_client_required = cephx
-filestore_xattr_use_omap = true
-osd crush chooseleaf type = 0
-osd journal size = 100
-EOF
-
- # bootstrap the ceph monitor
- sudo ceph-mon -c ${CEPH_CONF_FILE} --mkfs -i $(hostname) \
- --keyring /var/lib/ceph/tmp/keyring.mon.$(hostname)
-
- if is_ubuntu; then
- sudo touch /var/lib/ceph/mon/ceph-$(hostname)/upstart
- sudo initctl emit ceph-mon id=$(hostname)
- else
- sudo touch /var/lib/ceph/mon/ceph-$(hostname)/sysvinit
- sudo service ceph start mon.$(hostname)
- fi
-
- # wait for the admin key to come up otherwise we will not be able to do the actions below
- until [ -f ${CEPH_CONF_DIR}/ceph.client.admin.keyring ]; do
- echo_summary "Waiting for the Ceph admin key to be ready..."
-
- count=$(($count + 1))
- if [ $count -eq 3 ]; then
- die $LINENO "Maximum of 3 retries reached"
- fi
- sleep 5
- done
-
- # pools data and metadata were removed in the Giant release so depending on the version we apply different commands
- local ceph_version
- ceph_version=$(get_ceph_version)
- # change pool replica size according to the CEPH_REPLICAS set by the user
- if [[ ${ceph_version%%.*} -eq 0 ]] && [[ ${ceph_version##*.} -lt 87 ]]; then
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set data size ${CEPH_REPLICAS}
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set metadata size ${CEPH_REPLICAS}
- else
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
- fi
-
- # create a simple rule to take OSDs instead of host with CRUSH
- # then apply this rules to the default pool
- if [[ $CEPH_REPLICAS -ne 1 ]]; then
- sudo ceph -c ${CEPH_CONF_FILE} osd crush rule create-simple devstack default osd
- RULE_ID=$(sudo ceph -c ${CEPH_CONF_FILE} osd crush rule dump devstack | awk '/rule_id/ {print $3}' | cut -d ',' -f1)
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd crush_ruleset ${RULE_ID}
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set data crush_ruleset ${RULE_ID}
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set metadata crush_ruleset ${RULE_ID}
- fi
-
- # create the OSD(s)
- for rep in ${CEPH_REPLICAS_SEQ}; do
- OSD_ID=$(sudo ceph -c ${CEPH_CONF_FILE} osd create)
- sudo mkdir -p ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}
- sudo ceph-osd -c ${CEPH_CONF_FILE} -i ${OSD_ID} --mkfs
- sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create osd.${OSD_ID} \
- mon 'allow profile osd ' osd 'allow *' | \
- sudo tee ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/keyring
-
- # ceph's init script is parsing ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/ and looking for a file
- # 'upstart' or 'sysinitv', thanks to these 'touches' we are able to control OSDs daemons
- # from the init script.
- if is_ubuntu; then
- sudo touch ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/upstart
- else
- sudo touch ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/sysvinit
- fi
- done
-}
-
-function configure_ceph_embedded_glance {
- # configure Glance service options, ceph pool, ceph user and ceph key
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${GLANCE_CEPH_POOL} size ${CEPH_REPLICAS}
- if [[ $CEPH_REPLICAS -ne 1 ]]; then
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${GLANCE_CEPH_POOL} crush_ruleset ${RULE_ID}
- fi
-}
-
-# configure_ceph_glance() - Glance config needs to come after Glance is set up
-function configure_ceph_glance {
- sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${GLANCE_CEPH_POOL} ${GLANCE_CEPH_POOL_PG} ${GLANCE_CEPH_POOL_PGP}
- sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} \
- mon "allow r" \
- osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | \
- sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
- sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
-
- iniset $GLANCE_API_CONF DEFAULT show_image_direct_url True
- iniset $GLANCE_API_CONF glance_store default_store rbd
- iniset $GLANCE_API_CONF glance_store stores "file, http, rbd"
- iniset $GLANCE_API_CONF glance_store rbd_store_ceph_conf $CEPH_CONF_FILE
- iniset $GLANCE_API_CONF glance_store rbd_store_user $GLANCE_CEPH_USER
- iniset $GLANCE_API_CONF glance_store rbd_store_pool $GLANCE_CEPH_POOL
-}
-
-function configure_ceph_embedded_nova {
- # configure Nova service options, ceph pool, ceph user and ceph key
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${NOVA_CEPH_POOL} size ${CEPH_REPLICAS}
- if [[ $CEPH_REPLICAS -ne 1 ]]; then
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${NOVA_CEPH_POOL} crush_ruleset ${RULE_ID}
- fi
-}
-
-# configure_ceph_nova() - Nova config needs to come after Nova is set up
-function configure_ceph_nova {
- sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${NOVA_CEPH_POOL} ${NOVA_CEPH_POOL_PG} ${NOVA_CEPH_POOL_PGP}
- iniset $NOVA_CONF libvirt rbd_user ${CINDER_CEPH_USER}
- iniset $NOVA_CONF libvirt rbd_secret_uuid ${CINDER_CEPH_UUID}
- iniset $NOVA_CONF libvirt inject_key false
- iniset $NOVA_CONF libvirt inject_partition -2
- iniset $NOVA_CONF libvirt disk_cachemodes "network=writeback"
- iniset $NOVA_CONF libvirt images_type rbd
- iniset $NOVA_CONF libvirt images_rbd_pool ${NOVA_CEPH_POOL}
- iniset $NOVA_CONF libvirt images_rbd_ceph_conf ${CEPH_CONF_FILE}
-
- if ! is_service_enabled cinder; then
- sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} \
- mon "allow r" \
- osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rwx pool=${GLANCE_CEPH_POOL}" | \
- sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring > /dev/null
- sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
- fi
-}
-
-function configure_ceph_embedded_cinder {
- # Configure Cinder service options, ceph pool, ceph user and ceph key
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_CEPH_POOL} size ${CEPH_REPLICAS}
- if [[ $CEPH_REPLICAS -ne 1 ]]; then
- sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_CEPH_POOL} crush_ruleset ${RULE_ID}
- fi
-}
-
-# configure_ceph_cinder() - Cinder config needs to come after Cinder is set up
-function configure_ceph_cinder {
- sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_CEPH_POOL} ${CINDER_CEPH_POOL_PG} ${CINDER_CEPH_POOL_PGP}
- sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} \
- mon "allow r" \
- osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rwx pool=${GLANCE_CEPH_POOL}" | \
- sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
- sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
-}
-
-# init_ceph() - Initialize databases, etc.
-function init_ceph {
- # clean up from previous (possibly aborted) runs
- # make sure to kill all ceph processes first
- sudo pkill -f ceph-mon || true
- sudo pkill -f ceph-osd || true
-}
-
-# install_ceph() - Collect source and prepare
-function install_ceph_remote {
- install_package ceph-common
-}
-
-function install_ceph {
- install_package ceph
-}
-
-# start_ceph() - Start running processes, including screen
-function start_ceph {
- if is_ubuntu; then
- sudo initctl emit ceph-mon id=$(hostname)
- for id in $(sudo ceph -c ${CEPH_CONF_FILE} osd ls); do
- sudo start ceph-osd id=${id}
- done
- else
- sudo service ceph start
- fi
-}
-
-# stop_ceph() - Stop running processes (non-screen)
-function stop_ceph {
- if is_ubuntu; then
- sudo service ceph-mon-all stop > /dev/null 2>&1
- sudo service ceph-osd-all stop > /dev/null 2>&1
- else
- sudo service ceph stop > /dev/null 2>&1
- fi
-}
-
-
-# Restore xtrace
-$_XTRACE_LIB_CEPH
-
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/lib/cinder b/lib/cinder
index fe49416..c4a49cd 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -39,7 +39,7 @@
# set up default directories
GITDIR["python-cinderclient"]=$DEST/python-cinderclient
-GITDIR["os-brick"]=$DEST/os-brick
+GITDIR["python-brick-cinderclient-ext"]=$DEST/python-brick-cinderclient-ext
CINDER_DIR=$DEST/cinder
# Cinder virtual environment
@@ -279,11 +279,10 @@
iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL
+ iniset $CINDER_CONF DEFAULT my_ip "$HOST_IP"
iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME"
- iniset $CINDER_CONF privsep_osbrick helper_command "sudo cinder-rootwrap \$rootwrap_config privsep-helper --config-file $CINDER_CONF"
-
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local enabled_backends=""
local default_name=""
@@ -317,8 +316,8 @@
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
-
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
+ iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
fi
if [ "$SYSLOG" != "False" ]; then
@@ -353,6 +352,10 @@
iniset $CINDER_CONF DEFAULT glance_ca_certificates_file $SSL_BUNDLE_FILE
fi
+ if [ "$GLANCE_V1_ENABLED" != "True" ]; then
+ iniset $CINDER_CONF DEFAULT glance_api_version 2
+ fi
+
# Register SSL certificates if provided
if is_ssl_enabled_service cinder; then
ensure_certificates CINDER
@@ -428,7 +431,7 @@
recreate_database cinder
# Migrate cinder database
- $CINDER_BIN_DIR/cinder-manage db sync
+ $CINDER_BIN_DIR/cinder-manage --config-file $CINDER_CONF db sync
fi
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
@@ -452,13 +455,6 @@
# install_cinder() - Collect source and prepare
function install_cinder {
- # Install os-brick from git so we make sure we're testing
- # the latest code.
- if use_library_from_git "os-brick"; then
- git_clone_by_name "os-brick"
- setup_dev_lib "os-brick"
- fi
-
git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
setup_develop $CINDER_DIR
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
@@ -479,6 +475,11 @@
# install_cinderclient() - Collect source and prepare
function install_cinderclient {
+ if use_library_from_git "python-brick-cinderclient-ext"; then
+ git_clone_by_name "python-brick-cinderclient-ext"
+ setup_dev_lib "python-brick-cinderclient-ext"
+ fi
+
if use_library_from_git "python-cinderclient"; then
git_clone_by_name "python-cinderclient"
setup_dev_lib "python-cinderclient"
@@ -546,7 +547,7 @@
# Start proxies if enabled
if is_service_enabled c-api && is_service_enabled tls-proxy; then
- start_tls_proxy '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT &
+ start_tls_proxy cinder '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT
fi
}
@@ -573,7 +574,7 @@
local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_name=${be##*:}
- openstack volume type create --property volume_backend_name="${be_name}" ${be_name}
+ openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
done
fi
}
diff --git a/lib/cinder_backends/ceph b/lib/cinder_backends/ceph
index 9bff5be..ba86ccf 100644
--- a/lib/cinder_backends/ceph
+++ b/lib/cinder_backends/ceph
@@ -45,7 +45,7 @@
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.rbd.RBDDriver"
- iniset $CINDER_CONF $be_name rbd_ceph_conf "$CEPH_CONF"
+ iniset $CINDER_CONF $be_name rbd_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF $be_name rbd_pool "$CINDER_CEPH_POOL"
iniset $CINDER_CONF $be_name rbd_user "$CINDER_CEPH_USER"
iniset $CINDER_CONF $be_name rbd_uuid "$CINDER_CEPH_UUID"
@@ -66,7 +66,7 @@
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph"
- iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF"
+ iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF DEFAULT backup_ceph_pool "$CINDER_BAK_CEPH_POOL"
iniset $CINDER_CONF DEFAULT backup_ceph_user "$CINDER_BAK_CEPH_USER"
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_unit 0
diff --git a/lib/cinder_backends/xiv b/lib/cinder_backends/xiv
deleted file mode 100644
index e8b5da0..0000000
--- a/lib/cinder_backends/xiv
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2014 IBM Corp.
-# Copyright (c) 2014 OpenStack Foundation
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Authors:
-# Alon Marx <alonma@il.ibm.com>
-#
-
-# lib/cinder_plugins/xiv
-# Configure the xiv_ds8k driver for xiv testing
-
-# Enable xiv_ds8k driver for xiv with:
-#
-# CINDER_ENABLED_BACKENDS+=,xiv:<volume-type-name>
-# XIV_DRIVER_VERSION=<version-string>
-# SAN_IP=<storage-ip-or-hostname>
-# SAN_LOGIN=<storage-admin-account>
-# SAN_PASSWORD=<storage-admin-password>
-# SAN_CLUSTERNAME=<cluster-name>
-# CONNECTION_TYPE=<connection-type> iscsi|fc
-# XIV_CHAP=<chap-type> disabled|enabled
-
-# Dependencies:
-#
-# - ``functions`` file
-# - ``cinder`` configurations
-
-# configure_cinder_backend_xiv - Configure Cinder for xiv backends
-
-# Save trace setting
-_XTRACE_CINDER_XIV=$(set +o | grep xtrace)
-set +o xtrace
-
-# Defaults
-# --------
-# Set up default directories
-
-
-# Entry Points
-# ------------
-
-# configure_cinder_backend_xiv - Set config files, create data dirs, etc
-function configure_cinder_backend_xiv {
-
- local be_name=$1
-
- python -c 'from xiv_ds8k_openstack.xiv_nova_proxy import XIVNovaProxy'
- if [ $? -ne 0 ]; then
- die $LINENO "XIV_DS8K driver is missing. Please install first"
- fi
-
- # For reference:
- # ``XIV_DS8K_BACKEND='IBM-XIV_'${SAN_IP}'_'${SAN_CLUSTERNAME}'_'${CONNECTION_TYPE}``
- iniset $CINDER_CONF DEFAULT xiv_ds8k_driver_version $XIV_DRIVER_VERSION
-
- iniset $CINDER_CONF $be_name san_ip $SAN_IP
- iniset $CINDER_CONF $be_name san_login $SAN_LOGIN
- iniset $CINDER_CONF $be_name san_password $SAN_PASSWORD
- iniset $CINDER_CONF $be_name san_clustername $SAN_CLUSTERNAME
- iniset $CINDER_CONF $be_name xiv_ds8k_connection_type $CONNECTION_TYPE
- iniset $CINDER_CONF $be_name volume_backend_name $be_name
- iniset $CINDER_CONF $be_name volume_driver 'cinder.volume.drivers.ibm.xiv_ds8k.XIVDS8KDriver'
- iniset $CINDER_CONF $be_name xiv_ds8k_proxy 'xiv_ds8k_openstack.xiv_nova_proxy.XIVNovaProxy'
- iniset $CINDER_CONF $be_name xiv_chap $XIV_CHAP
-}
-
-# Restore xtrace
-$_XTRACE_CINDER_XIV
-
-# Local variables:
-# mode: shell-script
-# End:
diff --git a/lib/dlm b/lib/dlm
index 74eb67e..e391535 100644
--- a/lib/dlm
+++ b/lib/dlm
@@ -93,6 +93,8 @@
if is_dlm_enabled; then
if is_ubuntu; then
install_package zookeeperd
+ elif is_fedora; then
+ install_package zookeeper
else
die $LINENO "Don't know how to install zookeeper on this platform"
fi
diff --git a/lib/glance b/lib/glance
index f2a6db6..5259174 100644
--- a/lib/glance
+++ b/lib/glance
@@ -57,6 +57,7 @@
GLANCE_SWIFT_STORE_CONF=$GLANCE_CONF_DIR/glance-swift-store.conf
GLANCE_GLARE_CONF=$GLANCE_CONF_DIR/glance-glare.conf
GLANCE_GLARE_PASTE_INI=$GLANCE_CONF_DIR/glance-glare-paste.ini
+GLANCE_V1_ENABLED=${GLANCE_V1_ENABLED:-True}
if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then
GLANCE_SERVICE_PROTOCOL="https"
@@ -134,6 +135,12 @@
iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,ploop"
fi
+ # NOTE(flaper87): To uncomment as soon as all services consuming Glance are
+ # able to consume V2 entirely.
+ if [ "$GLANCE_V1_ENABLED" != "True" ]; then
+ iniset $GLANCE_API_CONF DEFAULT enable_v1_api False
+ fi
+
# Store specific configs
iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
if is_service_enabled g-glare; then
@@ -143,6 +150,13 @@
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
+ # CORS feature support - to allow calls from Horizon by default
+ if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then
+ iniset $GLANCE_API_CONF cors allowed_origin "$GLANCE_CORS_ALLOWED_ORIGIN"
+ else
+ iniset $GLANCE_API_CONF cors allowed_origin "http://$SERVICE_HOST"
+ fi
+
# Store the images in swift if enabled.
if is_service_enabled s-proxy; then
iniset $GLANCE_API_CONF glance_store default_store swift
@@ -173,8 +187,6 @@
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
- iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_name $SERVICE_DOMAIN_NAME
- iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_name $SERVICE_DOMAIN_NAME
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
# commenting is not strictly necessary but it's confusing to have bad values in conf
@@ -298,6 +310,11 @@
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
+
+ # Note(frickler): Crude workaround for https://bugs.launchpad.net/glance-store/+bug/1620999
+ service_domain_id=$(get_or_create_domain $SERVICE_DOMAIN_NAME)
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_id $service_domain_id
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id $service_domain_id
fi
# Add glance-glare service and endpoints
@@ -334,10 +351,10 @@
recreate_database glance
# Migrate glance database
- $GLANCE_BIN_DIR/glance-manage db_sync
+ $GLANCE_BIN_DIR/glance-manage --config-file $GLANCE_CONF_DIR/glance-api.conf db_sync
# Load metadata definitions
- $GLANCE_BIN_DIR/glance-manage db_load_metadefs
+ $GLANCE_BIN_DIR/glance-manage --config-file $GLANCE_CONF_DIR/glance-api.conf db_load_metadefs
create_glance_cache_dir
}
@@ -362,11 +379,6 @@
git_clone $GLANCE_REPO $GLANCE_DIR $GLANCE_BRANCH
- if is_service_enabled g-search; then
- ${TOP_DIR}/pkg/elasticsearch.sh download
- ${TOP_DIR}/pkg/elasticsearch.sh install
- fi
-
setup_develop $GLANCE_DIR
}
@@ -374,8 +386,8 @@
function start_glance {
local service_protocol=$GLANCE_SERVICE_PROTOCOL
if is_service_enabled tls-proxy; then
- start_tls_proxy '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT &
- start_tls_proxy '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT &
+ start_tls_proxy glance-service '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT
+ start_tls_proxy glance-registry '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT
fi
run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
@@ -386,7 +398,7 @@
die $LINENO "g-api did not start"
fi
- #Start g-glare after g-reg/g-api/g-search
+ #Start g-glare after g-reg/g-api
if is_service_enabled g-glare; then
run_process g-glare "$GLANCE_BIN_DIR/glance-glare --config-file=$GLANCE_CONF_DIR/glance-glare.conf"
echo "Waiting for Glare [g-glare] ($GLANCE_GLARE_HOSTPORT) to start..."
diff --git a/lib/heat b/lib/heat
index 4326321..0863128 100644
--- a/lib/heat
+++ b/lib/heat
@@ -40,7 +40,6 @@
HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
OCC_DIR=$DEST/os-collect-config
-DIB_UTILS_DIR=$DEST/dib-utils
ORC_DIR=$DEST/os-refresh-config
OAC_DIR=$DEST/os-apply-config
@@ -156,7 +155,7 @@
# If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure
# the section for the client plugin associated with the trustee
if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then
- iniset $HEAT_CONF trustee auth_plugin password
+ iniset $HEAT_CONF trustee auth_type password
iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI
iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER
iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD
@@ -241,7 +240,7 @@
# (re)create heat database
recreate_database heat
- $HEAT_BIN_DIR/heat-manage db_sync
+ $HEAT_BIN_DIR/heat-manage --config-file $HEAT_CONF db_sync
create_heat_cache_dir
}
@@ -276,7 +275,6 @@
git_clone $OAC_REPO $OAC_DIR $OAC_BRANCH
git_clone $OCC_REPO $OCC_DIR $OCC_BRANCH
git_clone $ORC_REPO $ORC_DIR $ORC_BRANCH
- git_clone $DIB_UTILS_REPO $DIB_UTILS_DIR $DIB_UTILS_BRANCH
}
# start_heat() - Start running processes, including screen
@@ -420,7 +418,7 @@
# build_heat_pip_mirror() - Build a pip mirror containing heat agent projects
function build_heat_pip_mirror {
- local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR $DIB_UTILS_DIR"
+ local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
local projpath proj package
rm -rf $HEAT_PIP_REPO
diff --git a/lib/horizon b/lib/horizon
index abc1f6d..78cbe8b 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -69,9 +69,8 @@
# cleanup_horizon() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_horizon {
- local horizon_conf
- horizon_conf=$(apache_site_config_for horizon)
- sudo rm -f $horizon_conf
+ disable_apache_site horizon
+ sudo rm -f $(apache_site_config_for horizon)
}
# configure_horizon() - Set config files, create data dirs, etc
@@ -96,7 +95,7 @@
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
_horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
- _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\""
+ _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_URI}/v3\""
if [ -f $SSL_BUNDLE_FILE ]; then
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
diff --git a/lib/keystone b/lib/keystone
index bcd5fab..b2dfa83 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -25,7 +25,6 @@
# - create_keystone_accounts
# - stop_keystone
# - cleanup_keystone
-# - _cleanup_keystone_apache_wsgi
# Save trace setting
_XTRACE_KEYSTONE=$(set +o | grep xtrace)
@@ -89,7 +88,7 @@
# Select Keystone's token provider (and format)
# Choose from 'uuid', 'pki', 'pkiz', or 'fernet'
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
# Set Keystone interface configuration
@@ -122,8 +121,14 @@
fi
# complete URIs
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
-KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
+if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
+ # If running in Apache, use path access rather than port.
+ KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
+ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
+else
+ KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
+ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
+fi
# V3 URIs
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@@ -143,11 +148,7 @@
# cleanup_keystone() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_keystone {
- _cleanup_keystone_apache_wsgi
-}
-
-# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
-function _cleanup_keystone_apache_wsgi {
+ disable_apache_site keystone
sudo rm -f $(apache_site_config_for keystone)
}
@@ -220,13 +221,6 @@
iniset $KEYSTONE_CONF ldap password $LDAP_PASSWORD
iniset $KEYSTONE_CONF ldap user $LDAP_MANAGER_DN
iniset $KEYSTONE_CONF ldap suffix $LDAP_BASE_DN
- iniset $KEYSTONE_CONF ldap use_dumb_member "True"
- iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id"
- iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
- iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
- iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"
- iniset $KEYSTONE_CONF ldap tenant_tree_dn "ou=Projects,$LDAP_BASE_DN"
- iniset $KEYSTONE_CONF ldap user_domain_id_attribute "businessCategory"
iniset $KEYSTONE_CONF ldap user_tree_dn "ou=Users,$LDAP_BASE_DN"
iniset $KEYSTONE_CONF DEFAULT member_role_id "9fe2ff9ee4384b1894a90878d3e92bab"
iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
@@ -239,11 +233,8 @@
# Enable caching
iniset $KEYSTONE_CONF cache enabled "True"
- iniset $KEYSTONE_CONF cache backend "oslo_cache.memcache_pool"
- iniset $KEYSTONE_CONF cache memcache_servers $SERVICE_HOST:11211
-
- # Do not cache the catalog backend due to https://bugs.launchpad.net/keystone/+bug/1537617
- iniset $KEYSTONE_CONF catalog caching "False"
+ iniset $KEYSTONE_CONF cache backend "dogpile.cache.memcached"
+ iniset $KEYSTONE_CONF cache memcache_servers localhost:11211
iniset_rpc_backend keystone $KEYSTONE_CONF
@@ -259,7 +250,15 @@
# Set the service ports for a proxy to take the originals
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_port=$KEYSTONE_AUTH_PORT_INT
+ fi
+ # Override the endpoints advertised by keystone (the public_endpoint and
+ # admin_endpoint) so that clients use the correct endpoint. By default, the
+ # keystone server uses the public_port and admin_port which isn't going to
+ # work when you want to use a different port (in the case of proxy), or you
+ # don't want the port (in the case of putting keystone on a path in
+ # apache).
+ if is_service_enabled tls-proxy || [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
fi
@@ -304,10 +303,10 @@
fi
iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
- iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi threads $(nproc)
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi processes $(nproc)
iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
- iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi threads $API_WORKERS
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi processes $API_WORKERS
# Common settings
for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
@@ -324,6 +323,8 @@
iniset "$file" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
+ # This ensures that file descriptors aren't shared between processes.
+ iniset "$file" uwsgi lazy-apps true
done
fi
@@ -331,10 +332,12 @@
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
+ iniset $KEYSTONE_CONF credential key_repository "$KEYSTONE_CONF_DIR/credential-keys/"
+
# Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project.
# The users from this project are globally admin as before, but it also
# allows policy changes in order to clarify the adminess scope.
- iniset $KEYSTONE_CONF resource admin_project_domain_name default
+ iniset $KEYSTONE_CONF resource admin_project_domain_name Default
iniset $KEYSTONE_CONF resource admin_project_name admin
}
@@ -376,7 +379,7 @@
# Create service project/role
get_or_create_domain "$SERVICE_DOMAIN_NAME"
- get_or_create_project "$SERVICE_PROJECT_NAME" default
+ get_or_create_project "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME"
# Service role, so service users do not have to be admins
get_or_create_role service
@@ -489,17 +492,20 @@
recreate_database keystone
# Initialize keystone database
- $KEYSTONE_BIN_DIR/keystone-manage db_sync
+ $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF db_sync
if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
# Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl
- $KEYSTONE_BIN_DIR/keystone-manage pki_setup
+ $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF pki_setup
fi
if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
- $KEYSTONE_BIN_DIR/keystone-manage fernet_setup
+ $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF fernet_setup
fi
+ rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
+ $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF credential_setup
+
}
# install_keystoneauth() - Collect source and prepare
@@ -582,14 +588,21 @@
# Check that the keystone service is running. Even if the tls tunnel
# should be enabled, make sure the internal port is checked using
# unencryted traffic at this point.
- if ! wait_for_service $SERVICE_TIMEOUT $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/; then
+ # If running in Apache, use the path rather than port.
+
+ local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
+ service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
+ fi
+
+ if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
die $LINENO "keystone did not start"
fi
# Start proxies if enabled
if is_service_enabled tls-proxy; then
- start_tls_proxy '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT &
- start_tls_proxy '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT &
+ start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
+ start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
fi
# (re)start memcached to make sure we have a clean memcache.
@@ -625,8 +638,8 @@
--bootstrap-service-name keystone \
--bootstrap-region-id "$REGION_NAME" \
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
- --bootstrap-public-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT" \
- --bootstrap-internal-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT"
+ --bootstrap-public-url "$KEYSTONE_SERVICE_URI" \
+ --bootstrap-internal-url "$KEYSTONE_SERVICE_URI"
}
# Restore xtrace
diff --git a/lib/lvm b/lib/lvm
index b9d7c39..d35a76f 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -58,7 +58,9 @@
if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
local vg_dev
vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
- sudo losetup -d $vg_dev
+ if [[ -n "$vg_dev" ]]; then
+ sudo losetup -d $vg_dev
+ fi
rm -f $backing_file
fi
}
diff --git a/lib/neutron b/lib/neutron
new file mode 100644
index 0000000..415344e
--- /dev/null
+++ b/lib/neutron
@@ -0,0 +1,576 @@
+#!/bin/bash
+#
+# lib/neutron
+# Install and start **Neutron** network services
+
+# Dependencies:
+#
+# ``functions`` file
+# ``DEST`` must be defined
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - is_XXXX_enabled
+# - install_XXXX
+# - configure_XXXX
+# - init_XXXX
+# - start_XXXX
+# - stop_XXXX
+# - cleanup_XXXX
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+# Defaults
+# --------
+
+# Set up default directories
+GITDIR["python-neutronclient"]=$DEST/python-neutronclient
+
+NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch}
+NEUTRON_DIR=$DEST/neutron
+NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
+
+NEUTRON_BIN_DIR=$(get_python_exec_prefix)
+NEUTRON_DHCP_BINARY="neutron-dhcp-agent"
+
+NEUTRON_CONF_DIR=/etc/neutron
+NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
+NEUTRON_META_CONF=$NEUTRON_CONF_DIR/metadata_agent.ini
+
+NEUTRON_DHCP_CONF=$NEUTRON_CONF_DIR/dhcp_agent.ini
+NEUTRON_L3_CONF=$NEUTRON_CONF_DIR/l3_agent.ini
+NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/
+
+NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron}
+NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
+
+# By default, use the ML2 plugin
+NEUTRON_CORE_PLUGIN=${NEUTRON_CORE_PLUGIN:-ml2}
+NEUTRON_CORE_PLUGIN_CONF_FILENAME=${NEUTRON_CORE_PLUGIN_CONF_FILENAME:-ml2_conf.ini}
+NEUTRON_CORE_PLUGIN_CONF_PATH=$NEUTRON_CONF_DIR/plugins/$NEUTRON_CORE_PLUGIN
+NEUTRON_CORE_PLUGIN_CONF=$NEUTRON_CORE_PLUGIN_CONF_PATH/$NEUTRON_CORE_PLUGIN_CONF_FILENAME
+
+NEUTRON_AGENT_BINARY=${NEUTRON_AGENT_BINARY:-neutron-$NEUTRON_AGENT-agent}
+NEUTRON_L3_BINARY=${NEUTRON_L3_BINARY:-neutron-l3-agent}
+NEUTRON_META_BINARY=${NEUTRON_META_BINARY:-neutron-metadata-agent}
+
+# Public facing bits
+if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
+ NEUTRON_SERVICE_PROTOCOL="https"
+fi
+NEUTRON_SERVICE_HOST=${NEUTRON_SERVICE_HOST:-$SERVICE_HOST}
+NEUTRON_SERVICE_PORT=${NEUTRON_SERVICE_PORT:-9696}
+NEUTRON_SERVICE_PORT_INT=${NEUTRON_SERVICE_PORT_INT:-19696}
+NEUTRON_SERVICE_PROTOCOL=${NEUTRON_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+
+NEUTRON_AUTH_STRATEGY=${NEUTRON_AUTH_STRATEGY:-keystone}
+NEUTRON_ROOTWRAP=$(get_rootwrap_location neutron)
+NEUTRON_ROOTWRAP_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
+NEUTRON_ROOTWRAP_DAEMON_CMD="sudo $NEUTRON_ROOTWRAP-daemon $NEUTRON_ROOTWRAP_CONF_FILE"
+
+# Add all enabled config files to a single config arg
+NEUTRON_CONFIG_ARG=${NEUTRON_CONFIG_ARG:-""}
+
+# Functions
+# ---------
+
+# Test if any Neutron services are enabled
+# is_neutron_enabled
+function is_neutron_enabled {
+ [[ ,${ENABLED_SERVICES} =~ ,"neutron-" || ,${ENABLED_SERVICES} =~ ,"q-" ]] && return 0
+ return 1
+}
+
+# Test if any Neutron services are enabled
+# is_neutron_enabled
+function is_neutron_legacy_enabled {
+ [[ ,${ENABLED_SERVICES} =~ ,"q-" ]] && return 0
+ return 1
+}
+
+# cleanup_neutron() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_neutron_new {
+ source $TOP_DIR/lib/neutron_plugins/${NEUTRON_AGENT}_agent
+ if is_neutron_ovs_base_plugin; then
+ neutron_ovs_base_cleanup
+ fi
+
+ if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
+ neutron_lb_cleanup
+ fi
+ # delete all namespaces created by neutron
+ for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
+ sudo ip netns delete ${ns}
+ done
+}
+
+# configure_neutron() - Set config files, create data dirs, etc
+function configure_neutron_new {
+ sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
+
+ (cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh)
+
+ cp $NEUTRON_DIR/etc/neutron.conf.sample $NEUTRON_CONF
+
+ configure_neutron_rootwrap
+
+ mkdir -p $NEUTRON_CORE_PLUGIN_CONF_PATH
+
+ cp $NEUTRON_DIR/etc/neutron/plugins/$NEUTRON_CORE_PLUGIN/$NEUTRON_CORE_PLUGIN_CONF_FILENAME.sample $NEUTRON_CORE_PLUGIN_CONF
+
+ iniset $NEUTRON_CONF database connection `database_connection_url neutron`
+ iniset $NEUTRON_CONF DEFAULT state_path $NEUTRON_STATE_PATH
+ iniset $NEUTRON_CONF oslo_concurrency lock_path $NEUTRON_STATE_PATH/lock
+ iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
+
+ iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+
+ iniset_rpc_backend neutron $NEUTRON_CONF
+
+ # Neutron API server & Neutron plugin
+ if is_service_enabled neutron-api; then
+ local policy_file=$NEUTRON_CONF_DIR/policy.json
+ cp $NEUTRON_DIR/etc/policy.json $policy_file
+ # Allow neutron user to administer neutron to match neutron account
+ sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $policy_file
+
+ cp $NEUTRON_DIR/etc/api-paste.ini $NEUTRON_CONF_DIR/api-paste.ini
+
+ iniset $NEUTRON_CONF DEFAULT core_plugin $NEUTRON_CORE_PLUGIN
+
+ iniset $NEUTRON_CONF DEFAULT policy_file $policy_file
+ iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
+
+ iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
+ configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken
+
+ iniset $NEUTRON_CONF nova auth_type password
+ iniset $NEUTRON_CONF nova auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NEUTRON_CONF nova username nova
+ iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
+ iniset $NEUTRON_CONF nova user_domain_id default
+ iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
+ iniset $NEUTRON_CONF nova project_domain_id default
+ iniset $NEUTRON_CONF nova region_name $REGION_NAME
+
+ # Configure VXLAN
+ # TODO(sc68cal) not hardcode?
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 tenant_network_types vxlan
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
+ if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security
+ fi
+ fi
+
+ # Neutron OVS or LB agent
+ if is_service_enabled neutron-agent; then
+ iniset $NEUTRON_CORE_PLUGIN_CONF agent tunnel_types vxlan
+ iniset $NEUTRON_CORE_PLUGIN_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+
+ # Configure the neutron agent
+ if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables
+ iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP
+ else
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables_hybrid
+ iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
+ fi
+
+ enable_kernel_bridge_firewall
+ fi
+
+ # DHCP Agent
+ if is_service_enabled neutron-dhcp; then
+ cp $NEUTRON_DIR/etc/dhcp_agent.ini.sample $NEUTRON_DHCP_CONF
+
+ iniset $NEUTRON_DHCP_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ # make it so we have working DNS from guests
+ iniset $NEUTRON_DHCP_CONF DEFAULT dnsmasq_local_resolv True
+
+ iniset $NEUTRON_DHCP_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
+ iniset $NEUTRON_DHCP_CONF DEFAULT interface_driver $NEUTRON_AGENT
+ neutron_plugin_configure_dhcp_agent $NEUTRON_DHCP_CONF
+ fi
+
+ if is_service_enabled neutron-l3; then
+ cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_L3_CONF
+ iniset $NEUTRON_L3_CONF DEFAULT interface_driver $NEUTRON_AGENT
+ iniset $NEUTRON_CONF DEFAULT service_plugins router
+ iniset $NEUTRON_L3_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
+ iniset $NEUTRON_L3_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ neutron_plugin_configure_l3_agent $NEUTRON_L3_CONF
+ fi
+
+ # Metadata
+ if is_service_enabled neutron-metadata-agent; then
+ cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $NEUTRON_META_CONF
+
+ iniset $NEUTRON_META_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ iniset $NEUTRON_META_CONF DEFAULT nova_metadata_ip $SERVICE_HOST
+ iniset $NEUTRON_META_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
+
+ # TODO(dtroyer): remove the v2.0 hard code below
+ iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI/v2.0
+ configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT
+ fi
+
+ # Format logging
+ if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+ setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
+ else
+ # Show user_name and project_name by default
+ iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
+ fi
+
+ if is_service_enabled tls-proxy; then
+ # Set the service port for a proxy to take the original
+ iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
+ fi
+
+ if is_ssl_enabled_service "nova"; then
+ iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
+ fi
+
+ if is_ssl_enabled_service "neutron"; then
+ ensure_certificates NEUTRON
+
+ iniset $NEUTRON_CONF DEFAULT use_ssl True
+ iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT"
+ iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY"
+ fi
+
+ # Metering
+ if is_service_enabled neutron-metering; then
+ source $TOP_DIR/lib/neutron_plugins/services/metering
+ neutron_agent_metering_configure_common
+ neutron_agent_metering_configure_agent
+ # TODO(sc68cal) hack because we don't pass around
+ # $Q_SERVICE_PLUGIN_CLASSES like -legacy does
+ local plugins=""
+ plugins=$(iniget $NEUTRON_CONF DEFAULT service_plugins)
+ plugins+=",metering"
+ iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
+ fi
+
+}
+
+# configure_neutron_rootwrap() - configure Neutron's rootwrap
+function configure_neutron_rootwrap {
+ # Set the paths of certain binaries
+ neutron_rootwrap=$(get_rootwrap_location neutron)
+
+ # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
+ local rootwrap_sudoer_cmd="${neutron_rootwrap} $NEUTRON_CONF_DIR/rootwrap.conf"
+
+ # Deploy new rootwrap filters files (owned by root).
+ # Wipe any existing rootwrap.d files first
+ if [[ -d $NEUTRON_CONF_DIR/rootwrap.d ]]; then
+ sudo rm -rf $NEUTRON_CONF_DIR/rootwrap.d
+ fi
+
+ # Deploy filters to /etc/neutron/rootwrap.d
+ sudo install -d -o root -g root -m 755 $NEUTRON_CONF_DIR/rootwrap.d
+ sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.d/*.filters $NEUTRON_CONF_DIR/rootwrap.d
+
+ # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d``
+ sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $NEUTRON_CONF_DIR
+ sudo sed -e "s:^filters_path=.*$:filters_path=$NEUTRON_CONF_DIR/rootwrap.d:" -i $NEUTRON_CONF_DIR/rootwrap.conf
+
+ # Set up the rootwrap sudoers for Neutron
+ tempfile=`mktemp`
+ echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd *" >$tempfile
+ chmod 0440 $tempfile
+ sudo chown root:root $tempfile
+ sudo mv $tempfile /etc/sudoers.d/neutron-rootwrap
+}
+
+# Make Neutron-required changes to nova.conf
+function configure_neutron_nova_new {
+ iniset $NOVA_CONF DEFAULT use_neutron True
+ iniset $NOVA_CONF neutron auth_type "password"
+ iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NOVA_CONF neutron username neutron
+ iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
+ iniset $NOVA_CONF neutron user_domain_name "Default"
+ iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME"
+ iniset $NOVA_CONF neutron project_domain_name "Default"
+ iniset $NOVA_CONF neutron auth_strategy $NEUTRON_AUTH_STRATEGY
+ iniset $NOVA_CONF neutron region_name "$REGION_NAME"
+ iniset $NOVA_CONF neutron url $NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT
+
+ iniset $NOVA_CONF DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
+
+ # optionally set options in nova_conf
+ neutron_plugin_create_nova_conf
+
+ if is_service_enabled neutron-metadata-agent; then
+ iniset $NOVA_CONF neutron service_metadata_proxy "True"
+ fi
+
+}
+
+# Tenant User Roles
+# ------------------------------------------------------------------
+# service neutron admin # if enabled
+
+# create_neutron_accounts() - Create required service accounts
+function create_neutron_accounts_new {
+ if [[ "$ENABLED_SERVICES" =~ "neutron-api" ]]; then
+
+ create_service_user "neutron"
+
+ neutron_service=$(get_or_create_service "neutron" \
+ "network" "Neutron Service")
+ get_or_create_endpoint $neutron_service \
+ "$REGION_NAME" \
+ "$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT/" \
+ "$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT/" \
+ "$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT/"
+ fi
+}
+
+# create_neutron_cache_dir() - Part of the init_neutron() process
+function create_neutron_cache_dir {
+ # Create cache dir
+ sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
+ rm -f $NEUTRON_AUTH_CACHE_DIR/*
+}
+
+# init_neutron() - Initialize databases, etc.
+function init_neutron_new {
+
+ recreate_database neutron
+
+ # Run Neutron db migrations
+ $NEUTRON_BIN_DIR/neutron-db-manage $NEUTRON_CONFIG_ARG upgrade heads
+
+ create_neutron_cache_dir
+}
+
+# install_neutron() - Collect source and prepare
+function install_neutron_new {
+ git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
+ setup_develop $NEUTRON_DIR
+
+ # Install neutron-lib from git so we make sure we're testing
+ # the latest code.
+ if use_library_from_git "neutron-lib"; then
+ git_clone_by_name "neutron-lib"
+ setup_dev_lib "neutron-lib"
+ fi
+
+ # L3 service requires radvd
+ if is_service_enabled neutron-l3; then
+ install_package radvd
+ fi
+
+ if is_service_enabled neutron-agent neutron-dhcp neutron-l3; then
+ #TODO(sc68cal) - kind of ugly
+ source $TOP_DIR/lib/neutron_plugins/${NEUTRON_AGENT}_agent
+ neutron_plugin_install_agent_packages
+ fi
+
+}
+
+# install_neutronclient() - Collect source and prepare
+function install_neutronclient {
+ if use_library_from_git "python-neutronclient"; then
+ git_clone_by_name "python-neutronclient"
+ setup_dev_lib "python-neutronclient"
+ sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-neutronclient"]}/tools/,/etc/bash_completion.d/}neutron.bash_completion
+ fi
+}
+
+# start_neutron_api() - Start the API process ahead of other things
+function start_neutron_api {
+ local service_port=$NEUTRON_SERVICE_PORT
+ local service_protocol=$NEUTRON_SERVICE_PROTOCOL
+ if is_service_enabled tls-proxy; then
+ service_port=$NEUTRON_SERVICE_PORT_INT
+ service_protocol="http"
+ fi
+
+ # Start the Neutron service
+ # TODO(sc68cal) Stop hard coding this
+ run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server --config-file $NEUTRON_CONF --config-file $NEUTRON_CORE_PLUGIN_CONF"
+
+ if is_ssl_enabled_service "neutron"; then
+ ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
+ local testcmd="wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$NEUTRON_SERVICE_HOST:$service_port"
+ test_with_retry "$testcmd" "Neutron did not start" $SERVICE_TIMEOUT
+ else
+ if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$NEUTRON_SERVICE_HOST:$service_port; then
+ die $LINENO "neutron-api did not start"
+ fi
+ fi
+
+
+ # Start proxy if enabled
+ if is_service_enabled tls-proxy; then
+ start_tls_proxy neutron '*' $NEUTRON_SERVICE_PORT $NEUTRON_SERVICE_HOST $NEUTRON_SERVICE_PORT_INT
+ fi
+}
+
+# start_neutron() - Start running processes, including screen
+function start_neutron_new {
+ _set_config_files
+
+ # Start up the neutron agents if enabled
+ # TODO(sc68cal) Make this pluggable so different DevStack plugins for different Neutron plugins
+ # can resolve the $NEUTRON_AGENT_BINARY
+ if is_service_enabled neutron-agent; then
+ run_process neutron-agent "$NEUTRON_BIN_DIR/$NEUTRON_AGENT_BINARY $NEUTRON_CONFIG_ARG"
+ fi
+ if is_service_enabled neutron-dhcp; then
+ neutron_plugin_configure_dhcp_agent $NEUTRON_DHCP_CONF
+ run_process neutron-dhcp "$NEUTRON_BIN_DIR/$NEUTRON_DHCP_BINARY $NEUTRON_CONFIG_ARG"
+ fi
+ if is_service_enabled neutron-l3; then
+ run_process neutron-l3 "$NEUTRON_BIN_DIR/$NEUTRON_L3_BINARY $NEUTRON_CONFIG_ARG"
+ fi
+ # XXX(sc68cal) - Here's where plugins can wire up their own networks instead
+ # of the code in lib/neutron_plugins/services/l3
+ if type -p neutron_plugin_create_initial_networks > /dev/null; then
+ neutron_plugin_create_initial_networks
+ else
+ # XXX(sc68cal) Load up the built in Neutron networking code and build a topology
+ source $TOP_DIR/lib/neutron_plugins/services/l3
+ # Create the networks using servic
+ create_neutron_initial_network
+ fi
+ if is_service_enabled neutron-metadata-agent; then
+ run_process neutron-metadata-agent "$NEUTRON_BIN_DIR/$NEUTRON_META_BINARY $NEUTRON_CONFIG_ARG"
+ fi
+
+ if is_service_enabled neutron-metering; then
+ run_process neutron-metering "$AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
+ fi
+}
+
+# stop_neutron() - Stop running processes (non-screen)
+function stop_neutron_new {
+ for serv in neutron-api neutron-agent neutron-l3; do
+ stop_process $serv
+ done
+
+ if is_service_enabled neutron-dhcp; then
+ stop_process neutron-dhcp
+ pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
+ [ ! -z "$pid" ] && sudo kill -9 $pid
+ fi
+
+ if is_service_enabled neutron-metadata-agent; then
+ sudo pkill -9 -f neutron-ns-metadata-proxy || :
+ stop_process neutron-metadata-agent
+ fi
+}
+
+# Compile the lost of enabled config files
+function _set_config_files {
+
+ NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_CONF"
+
+ #TODO(sc68cal) OVS and LB agent uses settings in NEUTRON_CORE_PLUGIN_CONF (ml2_conf.ini) but others may not
+ if is_service_enabled neutron-agent; then
+ NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_CORE_PLUGIN_CONF"
+ fi
+
+ if is_service_enabled neutron-dhcp; then
+ NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_DHCP_CONF"
+ fi
+
+ if is_service_enabled neutron-l3; then
+ NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_L3_CONF"
+ fi
+
+ if is_service_enabled neutron-metadata-agent; then
+ NEUTRON_CONFIG_ARG+=" --config-file $NEUTRON_META_CONF"
+ fi
+
+}
+
+# Dispatch functions
+# These are needed for compatibility between the old and new implementations
+# where there are function name overlaps. These will be removed when
+# neutron-legacy is removed.
+# TODO(sc68cal) Remove when neutron-legacy is no more.
+function cleanup_neutron {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ cleanup_mutnauq "$@"
+ else
+ cleanup_neutron_new "$@"
+ fi
+}
+
+function configure_neutron {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ configure_mutnauq "$@"
+ else
+ configure_neutron_new "$@"
+ fi
+}
+
+function configure_neutron_nova {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ create_nova_conf_neutron "$@"
+ else
+ configure_neutron_nova_new "$@"
+ fi
+}
+
+function create_neutron_accounts {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ create_mutnauq_accounts "$@"
+ else
+ create_neutron_accounts_new "$@"
+ fi
+}
+
+function init_neutron {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ init_mutnauq "$@"
+ else
+ init_neutron_new "$@"
+ fi
+}
+
+function install_neutron {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ install_mutnauq "$@"
+ else
+ install_neutron_new "$@"
+ fi
+}
+
+function start_neutron {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ start_mutnauq_l2_agent "$@"
+ start_mutnauq_other_agents "$@"
+ else
+ start_neutron_new "$@"
+ fi
+}
+
+function stop_neutron {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ stop_mutnauq "$@"
+ else
+ stop_neutron_new "$@"
+ fi
+}
+
+# Restore xtrace
+$XTRACE
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 0d61416..9e926a0 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -61,45 +61,12 @@
# Neutron Network Configuration
# -----------------------------
-# Subnet IP version
-IP_VERSION=${IP_VERSION:-"4+6"}
-# Validate IP_VERSION
-if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
- die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
-fi
-# Gateway and subnet defaults, in case they are not customized in localrc
-NETWORK_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
-PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
-PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"}
-PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}
-
-# Subnetpool defaults
-SUBNETPOOL_NAME=${SUBNETPOOL_NAME:-"shared-default-subnetpool"}
-
-SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-10.0.0.0/8}
-SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-2001:db8:8000::/48}
-
-SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}
-SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
-
+deprecated "Using lib/neutron-legacy is deprecated, and it will be removed in the future"
if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
Q_PROTOCOL="https"
fi
-# Generate 40-bit IPv6 Global ID to comply with RFC 4193
-IPV6_GLOBAL_ID=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
-
-# IPv6 gateway and subnet defaults, in case they are not customized in localrc
-IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}
-IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
-IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
-IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
-FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
-IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-fd$IPV6_GLOBAL_ID::1}
-IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}
-IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}
-IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-2001:db8::1}
# Set up default directories
GITDIR["python-neutronclient"]=$DEST/python-neutronclient
@@ -107,7 +74,6 @@
NEUTRON_DIR=$DEST/neutron
NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
-NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
# Support entry points installation of console scripts
@@ -121,9 +87,6 @@
NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
-# Default provider for load balancer service
-DEFAULT_LB_PROVIDER=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-
# Agent binaries. Note, binary paths for other agents are set in per-service
# scripts in lib/neutron_plugins/services/
AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent"
@@ -134,7 +97,6 @@
# loaded from per-plugin scripts in lib/neutron_plugins/
Q_DHCP_CONF_FILE=$NEUTRON_CONF_DIR/dhcp_agent.ini
Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
-Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
Q_META_CONF_FILE=$NEUTRON_CONF_DIR/metadata_agent.ini
# Default name for Neutron database
@@ -163,64 +125,10 @@
Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
# Allow Overlapping IP among subnets
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
-# Use neutron-debug command
-Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
-# The name of the default q-l3 router
-Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
-# Specify if the initial private and external networks should be created
-NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
-
-## Provider Network Information
-PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
-IPV6_PROVIDER_SUBNET_NAME=${IPV6_PROVIDER_SUBNET_NAME:-"provider_net_v6"}
-IPV6_PROVIDER_FIXED_RANGE=${IPV6_PROVIDER_FIXED_RANGE:-}
-IPV6_PROVIDER_NETWORK_GATEWAY=${IPV6_PROVIDER_NETWORK_GATEWAY:-}
-
-# Define the public bridge that will transmit traffic from VMs to the
-# physical network - used by both the OVS and Linux Bridge drivers.
-PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
-
-# Use flat providernet for public network
-#
-# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network
-# for external interface of neutron l3-agent. In that case,
-# PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value
-# used for the network. In case of ofagent, you should add the
-# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS.
-# For openvswitch agent, you should add the corresponding entry to
-# your OVS_BRIDGE_MAPPINGS.
-#
-# eg. (ofagent)
-# Q_USE_PROVIDERNET_FOR_PUBLIC=True
-# Q_USE_PUBLIC_VETH=True
-# PUBLIC_PHYSICAL_NETWORK=public
-# OFAGENT_PHYSICAL_INTERFACE_MAPPINGS=public:veth-pub-int
-#
-# eg. (openvswitch agent)
-# Q_USE_PROVIDERNET_FOR_PUBLIC=True
-# PUBLIC_PHYSICAL_NETWORK=public
-# OVS_BRIDGE_MAPPINGS=public:br-ex
-Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-False}
-PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public}
-
-# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of
-# PUBLIC_BRIDGE. This is intended to be used with
-# Q_USE_PROVIDERNET_FOR_PUBLIC=True.
-Q_USE_PUBLIC_VETH=${Q_USE_PUBLIC_VETH:-False}
-Q_PUBLIC_VETH_EX=${Q_PUBLIC_VETH_EX:-veth-pub-ex}
-Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int}
-
-# The next two variables are configured by plugin
-# e.g. _configure_neutron_l3_agent or lib/neutron_plugins/*
-#
-# The plugin supports L3.
-Q_L3_ENABLED=${Q_L3_ENABLED:-False}
-# L3 routers exist per tenant
-Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
# List of config file names in addition to the main plugin config file
# See _configure_neutron_common() for details about setting it up
@@ -264,9 +172,9 @@
# GRE tunnels are only supported by the openvswitch.
ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True}
-# If using GRE tunnels for tenant networks, specify the range of
-# tunnel IDs from which tenant networks are allocated. Can be
-# overridden in ``localrc`` in necessary.
+# If using GRE, VXLAN or GENEVE tunnels for tenant networks,
+# specify the range of IDs from which tenant networks are
+# allocated. Can be overridden in ``localrc`` if necessary.
TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
# To use VLANs for tenant networks, set to True in localrc. VLANs
@@ -289,7 +197,7 @@
# agent, as described below.
#
# Example: ``PHYSICAL_NETWORK=default``
-PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}
+PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-public}
# With the openvswitch agent, if using VLANs for tenant networks,
# or if using flat or VLAN provider networks, set in ``localrc`` to
@@ -299,15 +207,17 @@
# port for external connectivity.
#
# Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
-OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}
+OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-br-ex}
+default_route_dev=$(ip route | grep ^default | awk '{print $5}')
+die_if_not_set $LINENO default_route_dev "Failure retrieving default route device"
# With the linuxbridge agent, if using VLANs for tenant networks,
# or if using flat or VLAN provider networks, set in ``localrc`` to
# the name of the network interface to use for the physical
# network.
#
# Example: ``LB_PHYSICAL_INTERFACE=eth1``
-LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}
+LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-$default_route_dev}
# When Neutron tunnels are enabled it is needed to specify the
# IP address of the end point in the local server. This IP is set
@@ -338,22 +248,14 @@
source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
fi
-# Agent loadbalancer service plugin functions
-# -------------------------------------------
-
-# Hardcoding for 1 service plugin for now
-source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
-
# Agent metering service plugin functions
# -------------------------------------------
# Hardcoding for 1 service plugin for now
source $TOP_DIR/lib/neutron_plugins/services/metering
-# Firewall Service Plugin functions
-# ---------------------------------
-source $TOP_DIR/lib/neutron_plugins/services/firewall
-
+# L3 Service functions
+source $TOP_DIR/lib/neutron_plugins/services/l3
# Use security group or not
if has_neutron_plugin_security_group; then
Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
@@ -379,10 +281,7 @@
}
function _determine_config_l3 {
- local opts="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
- if is_service_enabled q-fwaas; then
- opts+=" --config-file $Q_FWAAS_CONF_FILE"
- fi
+ local opts="--config-file $NEUTRON_CONF --config-file $Q_L3_CONF_FILE"
echo "$opts"
}
@@ -400,31 +299,16 @@
echo "$opts"
}
-# Test if any Neutron services are enabled
-# is_neutron_enabled
-function is_neutron_enabled {
- [[ ,${ENABLED_SERVICES} =~ ,"q-" ]] && return 0
- return 1
-}
-
-# configure_neutron()
+# configure_mutnauq()
# Set common config for all neutron server and agents.
-function configure_neutron {
+function configure_mutnauq {
_configure_neutron_common
iniset_rpc_backend neutron $NEUTRON_CONF
# goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
- if is_service_enabled q-lbaas; then
- deprecated "Configuring q-lbaas through devstack is deprecated"
- _configure_neutron_lbaas
- fi
if is_service_enabled q-metering; then
_configure_neutron_metering
fi
- if is_service_enabled q-fwaas; then
- deprecated "Configuring q-fwaas through devstack is deprecated"
- _configure_neutron_fwaas
- fi
if is_service_enabled q-agt q-svc; then
_configure_neutron_service
fi
@@ -448,15 +332,13 @@
_configure_neutron_ceilometer_notifications
fi
- _configure_neutron_debug_command
-
iniset $NEUTRON_CONF DEFAULT api_workers "$API_WORKERS"
}
function create_nova_conf_neutron {
iniset $NOVA_CONF DEFAULT use_neutron True
iniset $NOVA_CONF neutron auth_type "password"
- iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NOVA_CONF neutron auth_url "$KEYSTONE_AUTH_URI/v3"
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "$SERVICE_DOMAIN_NAME"
@@ -482,21 +364,14 @@
iniset $NOVA_CONF DEFAULT vif_plugging_timeout "$VIF_PLUGGING_TIMEOUT"
}
-# create_neutron_cache_dir() - Part of the _neutron_setup_keystone() process
-function create_neutron_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
- rm -f $NEUTRON_AUTH_CACHE_DIR/*
-}
-
-# create_neutron_accounts() - Set up common required neutron accounts
+# create_mutnauq_accounts() - Set up common required neutron accounts
# Tenant User Roles
# ------------------------------------------------------------------
# service neutron admin # if enabled
# Migrated from keystone_data.sh
-function create_neutron_accounts {
+function create_mutnauq_accounts {
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
create_service_user "neutron"
@@ -511,107 +386,15 @@
fi
}
-function create_neutron_initial_network {
- local project_id
- project_id=$(openstack project list | grep " demo " | get_field 1)
- die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
-
- # Allow drivers that need to create an initial network to do so here
- if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
- neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
- fi
-
- if is_provider_network; then
- die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
- die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
- NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $project_id --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
- die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $project_id"
-
- if [[ "$IP_VERSION" =~ 4.* ]]; then
- SUBNET_ID=$(neutron subnet-create --tenant_id $project_id --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
- die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $project_id"
- fi
-
- if [[ "$IP_VERSION" =~ .*6 ]] && [[ -n "$IPV6_PROVIDER_FIXED_RANGE" ]] && [[ -n "$IPV6_PROVIDER_NETWORK_GATEWAY" ]]; then
- SUBNET_V6_ID=$(neutron subnet-create --tenant_id $project_id --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME $NET_ID $IPV6_PROVIDER_FIXED_RANGE | grep 'id' | get_field 2)
- die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
- fi
-
- if [[ $Q_AGENT == "openvswitch" ]]; then
- sudo ip link set $OVS_PHYSICAL_BRIDGE up
- sudo ip link set br-int up
- sudo ip link set $PUBLIC_INTERFACE up
- fi
- else
- NET_ID=$(neutron net-create --tenant-id $project_id "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
- die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $project_id"
-
- if [[ "$IP_VERSION" =~ 4.* ]]; then
- # Create IPv4 private subnet
- SUBNET_ID=$(_neutron_create_private_subnet_v4 $project_id)
- fi
-
- if [[ "$IP_VERSION" =~ .*6 ]]; then
- # Create IPv6 private subnet
- IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6 $project_id)
- fi
- fi
-
- AUTO_ALLOCATE_EXT=$(neutron ext-list | grep 'auto-allocated-topology' | get_field 1)
- SUBNETPOOL_EXT=$(neutron ext-list | grep 'subnet_allocation' | get_field 1)
- if [[ "$Q_L3_ENABLED" == "True" ]]; then
- # Create a router, and add the private subnet as one of its interfaces
- if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
- # create a tenant-owned router.
- ROUTER_ID=$(neutron router-create --tenant-id $project_id $Q_ROUTER_NAME | grep ' id ' | get_field 2)
- die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $project_id $Q_ROUTER_NAME"
- else
- # Plugin only supports creating a single router, which should be admin owned.
- ROUTER_ID=$(neutron router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
- die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
- fi
-
- # if the extension is available, then mark the external
- # network as default, and provision default subnetpools
- EXTERNAL_NETWORK_FLAGS="--router:external"
- if [[ -n $AUTO_ALLOCATE_EXT && -n $SUBNETPOOL_EXT ]]; then
- EXTERNAL_NETWORK_FLAGS="$EXTERNAL_NETWORK_FLAGS --is-default"
- if [[ "$IP_VERSION" =~ 4.* ]]; then
- SUBNETPOOL_V4_ID=$(neutron subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --shared --is-default=True | grep ' id ' | get_field 2)
- fi
- if [[ "$IP_VERSION" =~ .*6 ]]; then
- SUBNETPOOL_V6_ID=$(neutron subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --shared --is-default=True | grep ' id ' | get_field 2)
- fi
- fi
- # Create an external network, and a subnet. Configure the external network as router gw
- if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
- EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
- else
- EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
- fi
- die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
-
- if [[ "$IP_VERSION" =~ 4.* ]]; then
- # Configure router for IPv4 public access
- _neutron_configure_router_v4
- fi
-
- if [[ "$IP_VERSION" =~ .*6 ]]; then
- # Configure router for IPv6 public access
- _neutron_configure_router_v6
- fi
- fi
-}
-
-# init_neutron() - Initialize databases, etc.
-function init_neutron {
+# init_mutnauq() - Initialize databases, etc.
+function init_mutnauq {
recreate_database $Q_DB_NAME
# Run Neutron db migrations
$NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
}
-# install_neutron() - Collect source and prepare
-function install_neutron {
+# install_mutnauq() - Collect source and prepare
+function install_mutnauq {
# Install neutron-lib from git so we make sure we're testing
# the latest code.
if use_library_from_git "neutron-lib"; then
@@ -621,14 +404,6 @@
git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
setup_develop $NEUTRON_DIR
- if is_service_enabled q-fwaas; then
- git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
- setup_develop $NEUTRON_FWAAS_DIR
- fi
- if is_service_enabled q-lbaas; then
- git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
- setup_develop $NEUTRON_LBAAS_DIR
- fi
if [ "$VIRT_DRIVER" == 'xenserver' ]; then
local dom0_ip
@@ -649,15 +424,6 @@
fi
}
-# install_neutronclient() - Collect source and prepare
-function install_neutronclient {
- if use_library_from_git "python-neutronclient"; then
- git_clone_by_name "python-neutronclient"
- setup_dev_lib "python-neutronclient"
- sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-neutronclient"]}/tools/,/etc/bash_completion.d/}neutron.bash_completion
- fi
-}
-
# install_neutron_agent_packages() - Collect source and prepare
function install_neutron_agent_packages {
# radvd doesn't come with the OS. Install it if the l3 service is enabled.
@@ -668,10 +434,6 @@
if is_service_enabled q-agt q-dhcp q-l3; then
neutron_plugin_install_agent_packages
fi
-
- if is_service_enabled q-lbaas; then
- neutron_agent_lbaas_install_agent_packages
- fi
}
# Start running processes, including screen
@@ -698,13 +460,13 @@
# Start proxy if enabled
if is_service_enabled tls-proxy; then
- start_tls_proxy '*' $Q_PORT $Q_HOST $Q_PORT_INT &
+ start_tls_proxy neutron '*' $Q_PORT $Q_HOST $Q_PORT_INT
fi
}
# Control of the l2 agent is separated out to make it easier to test partial
# upgrades (everything upgraded except the L2 agent)
-function start_neutron_l2_agent {
+function start_mutnauq_l2_agent {
run_process q-agt "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
if is_provider_network && [[ $Q_AGENT == "openvswitch" ]]; then
@@ -722,8 +484,8 @@
fi
}
-function start_neutron_other_agents {
- run_process q-dhcp "$AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
+function start_mutnauq_other_agents {
+ run_process q-dhcp "$AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file $Q_DHCP_CONF_FILE"
if is_service_enabled neutron-vpnaas; then
: # Started by plugin
@@ -731,8 +493,7 @@
run_process q-l3 "$AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"
fi
- run_process q-meta "$AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
- run_process q-lbaas "$AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
+ run_process q-meta "$AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file $Q_META_CONF_FILE"
run_process q-metering "$AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
@@ -744,15 +505,16 @@
# Start running processes, including screen
function start_neutron_agents {
# Start up the neutron agents if enabled
- start_neutron_l2_agent
- start_neutron_other_agents
+ start_mutnauq_l2_agent
+ start_mutnauq_other_agents
}
-function stop_neutron_l2_agent {
+function stop_mutnauq_l2_agent {
stop_process q-agt
}
-function stop_neutron_other {
+# stop_mutnauq_other() - Stop running processes (non-screen)
+function stop_mutnauq_other {
if is_service_enabled q-dhcp; then
stop_process q-dhcp
pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
@@ -771,12 +533,6 @@
stop_process q-meta
fi
- if is_service_enabled q-lbaas; then
- neutron_lbaas_stop
- fi
- if is_service_enabled q-fwaas; then
- neutron_fwaas_stop
- fi
if is_service_enabled q-metering; then
neutron_metering_stop
fi
@@ -787,9 +543,9 @@
}
# stop_neutron() - Stop running processes (non-screen)
-function stop_neutron {
- stop_neutron_other
- stop_neutron_l2_agent
+function stop_mutnauq {
+ stop_mutnauq_other
+ stop_mutnauq_l2_agent
}
# _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
@@ -808,13 +564,14 @@
# on configure we will also add $from_intf as a port on $to_intf,
# assuming it is an OVS bridge.
- local IP_ADD=""
+ local IP_REPLACE=""
local IP_DEL=""
local IP_UP=""
local DEFAULT_ROUTE_GW
DEFAULT_ROUTE_GW=$(ip -f $af r | awk "/default.+$from_intf/ { print \$3; exit }")
local ADD_OVS_PORT=""
local DEL_OVS_PORT=""
+ local ARP_CMD=""
IP_BRD=$(ip -f $af a s dev $from_intf scope global primary | grep inet | awk '{ print $2, $3, $4; exit }')
@@ -832,19 +589,23 @@
if [[ "$IP_BRD" != "" ]]; then
IP_DEL="sudo ip addr del $IP_BRD dev $from_intf"
- IP_ADD="sudo ip addr add $IP_BRD dev $to_intf"
+ IP_REPLACE="sudo ip addr replace $IP_BRD dev $to_intf"
IP_UP="sudo ip link set $to_intf up"
+ if [[ "$af" == "inet" ]]; then
+ IP=$(echo $IP_BRD | awk '{ print $1; exit }' | grep -o -E '(.*)/' | cut -d "/" -f1)
+ ARP_CMD="arping -A -c 3 -w 4.5 -I $to_intf $IP "
+ fi
fi
# The add/del OVS port calls have to happen either before or
# after the address is moved in order to not leave it orphaned.
- $DEL_OVS_PORT; $IP_DEL; $IP_ADD; $IP_UP; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
+ $DEL_OVS_PORT; $IP_DEL; $IP_REPLACE; $IP_UP; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE; $ARP_CMD
fi
}
-# cleanup_neutron() - Remove residual data files, anything left over from previous
+# cleanup_mutnauq() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
-function cleanup_neutron {
+function cleanup_mutnauq {
if [[ -n "$OVS_PHYSICAL_BRIDGE" ]]; then
_move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False True "inet"
@@ -875,7 +636,7 @@
fi
# delete all namespaces created by neutron
- for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
+ for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|fip|snat)-[0-9a-f-]*'); do
sudo ip netns delete ${ns}
done
}
@@ -933,6 +694,9 @@
iniset $NEUTRON_CONF DEFAULT bind_host $Q_LISTEN_ADDRESS
iniset $NEUTRON_CONF oslo_concurrency lock_path $DATA_DIR/neutron/lock
+ # NOTE(freerunner): Need to adjust Region Name for nova in multiregion installation
+ iniset $NEUTRON_CONF nova region_name $REGION_NAME
+
# If addition config files are set, make sure their path name is set as well
if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
die $LINENO "Neutron additional plugin config not set.. exiting"
@@ -984,29 +748,13 @@
_neutron_setup_rootwrap
}
-function _configure_neutron_debug_command {
- if [[ "$Q_USE_DEBUG_COMMAND" != "True" ]]; then
- return
- fi
-
- cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_TEST_CONFIG_FILE
-
- iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
- iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper "$Q_RR_COMMAND"
- if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
- iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
- fi
-
- _neutron_setup_interface_driver $NEUTRON_TEST_CONFIG_FILE
-
- neutron_plugin_configure_debug_command
-}
-
function _configure_neutron_dhcp_agent {
cp $NEUTRON_DIR/etc/dhcp_agent.ini.sample $Q_DHCP_CONF_FILE
iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ # make it so we have working DNS from guests
+ iniset $Q_DHCP_CONF_FILE DEFAULT dnsmasq_local_resolv True
iniset $Q_DHCP_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
iniset $Q_DHCP_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
@@ -1025,30 +773,9 @@
_neutron_setup_interface_driver $Q_DHCP_CONF_FILE
- neutron_plugin_configure_dhcp_agent
+ neutron_plugin_configure_dhcp_agent $Q_DHCP_CONF_FILE
}
-function _configure_neutron_l3_agent {
- Q_L3_ENABLED=True
-
- cp $NEUTRON_DIR/etc/l3_agent.ini.sample $Q_L3_CONF_FILE
-
- iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
- if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
- iniset $Q_L3_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
- fi
-
- _neutron_setup_interface_driver $Q_L3_CONF_FILE
-
- neutron_plugin_configure_l3_agent
-
- _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet"
-
- if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
- _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
- fi
-}
function _configure_neutron_metadata_agent {
cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $Q_META_CONF_FILE
@@ -1065,31 +792,11 @@
iniset $NEUTRON_CONF oslo_messaging_notifications driver messaging
}
-function _configure_neutron_lbaas {
- # Uses oslo config generator to generate LBaaS sample configuration files
- (cd $NEUTRON_LBAAS_DIR && exec ./tools/generate_config_file_samples.sh)
-
- if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample ]; then
- cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample $NEUTRON_CONF_DIR/neutron_lbaas.conf
- iniset $NEUTRON_CONF_DIR/neutron_lbaas.conf service_providers service_provider $DEFAULT_LB_PROVIDER
- fi
- neutron_agent_lbaas_configure_common
- neutron_agent_lbaas_configure_agent
-}
-
function _configure_neutron_metering {
neutron_agent_metering_configure_common
neutron_agent_metering_configure_agent
}
-function _configure_neutron_fwaas {
- if [ -f $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf ]; then
- cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf $NEUTRON_CONF_DIR
- fi
- neutron_fwaas_configure_common
- neutron_fwaas_configure_driver
-}
-
function _configure_dvr {
iniset $NEUTRON_CONF DEFAULT router_distributed True
iniset $Q_L3_CONF_FILE DEFAULT agent_mode $Q_DVR_MODE
@@ -1223,164 +930,6 @@
neutron_plugin_setup_interface_driver $1
}
-
-# Create private IPv4 subnet
-function _neutron_create_private_subnet_v4 {
- local project_id=$1
- local subnet_params="--tenant-id $project_id "
- subnet_params+="--ip_version 4 "
- subnet_params+="--gateway $NETWORK_GATEWAY "
- subnet_params+="--name $PRIVATE_SUBNET_NAME "
- subnet_params+="$NET_ID $FIXED_RANGE"
- local subnet_id
- subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
- die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $project_id"
- echo $subnet_id
-}
-
-# Create private IPv6 subnet
-function _neutron_create_private_subnet_v6 {
- local project_id=$1
- die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
- die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
- local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
- local subnet_params="--tenant-id $project_id "
- subnet_params+="--ip_version 6 "
- subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
- subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
- subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
- local ipv6_subnet_id
- ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
- die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $project_id"
- echo $ipv6_subnet_id
-}
-
-# Create public IPv4 subnet
-function _neutron_create_public_subnet_v4 {
- local subnet_params+="--ip_version 4 "
- subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
- subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
- subnet_params+="--name $PUBLIC_SUBNET_NAME "
- subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
- subnet_params+="-- --enable_dhcp=False"
- local id_and_ext_gw_ip
- id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
- die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
- echo $id_and_ext_gw_ip
-}
-
-# Create public IPv6 subnet
-function _neutron_create_public_subnet_v6 {
- local subnet_params="--ip_version 6 "
- subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
- subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
- subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
- subnet_params+="-- --enable_dhcp=False"
- local ipv6_id_and_ext_gw_ip
- ipv6_id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
- die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
- echo $ipv6_id_and_ext_gw_ip
-}
-
-# Configure neutron router for IPv4 public access
-function _neutron_configure_router_v4 {
- neutron router-interface-add $ROUTER_ID $SUBNET_ID
- # Create a public subnet on the external network
- local id_and_ext_gw_ip
- id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
- local ext_gw_ip
- ext_gw_ip=$(echo $id_and_ext_gw_ip | get_field 2)
- PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
- # Configure the external network as the default router gateway
- neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
-
- # This logic is specific to using the l3-agent for layer 3
- if is_service_enabled q-l3; then
- # Configure and enable public bridge
- local ext_gw_interface="none"
- if is_neutron_ovs_base_plugin; then
- ext_gw_interface=$(_neutron_get_ext_gw_interface)
- elif [[ "$Q_AGENT" = "linuxbridge" ]]; then
- # Search for the brq device the neutron router and network for $FIXED_RANGE
- # will be using.
- # e.x. brq3592e767-da for NET_ID 3592e767-da66-4bcb-9bec-cdb03cd96102
- ext_gw_interface=brq${EXT_NET_ID:0:11}
- fi
- if [[ "$ext_gw_interface" != "none" ]]; then
- local cidr_len=${FLOATING_RANGE#*/}
- local testcmd="ip -o link | grep -q $ext_gw_interface"
- test_with_retry "$testcmd" "$ext_gw_interface creation failed"
- if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && ( $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" || $Q_USE_PUBLIC_VETH == "True" ) ]]; then
- sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
- sudo ip link set $ext_gw_interface up
- fi
- ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' '`
- die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
- sudo ip route replace $FIXED_RANGE via $ROUTER_GW_IP
- fi
- _neutron_set_router_id
- fi
-}
-
-# Configure neutron router for IPv6 public access
-function _neutron_configure_router_v6 {
- neutron router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
- # Create a public subnet on the external network
- local ipv6_id_and_ext_gw_ip
- ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
- local ipv6_ext_gw_ip
- ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
- local ipv6_pub_subnet_id
- ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
-
- # If the external network has not already been set as the default router
- # gateway when configuring an IPv4 public subnet, do so now
- if [[ "$IP_VERSION" == "6" ]]; then
- neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
- fi
-
- # This logic is specific to using the l3-agent for layer 3
- if is_service_enabled q-l3; then
- # Ensure IPv6 forwarding is enabled on the host
- sudo sysctl -w net.ipv6.conf.all.forwarding=1
- # Configure and enable public bridge
- # Override global IPV6_ROUTER_GW_IP with the true value from neutron
- IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' '`
- die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
-
- if is_neutron_ovs_base_plugin; then
- local ext_gw_interface
- ext_gw_interface=$(_neutron_get_ext_gw_interface)
- local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
-
- # Configure interface for public bridge
- sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
- sudo ip -6 route replace $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
- fi
- _neutron_set_router_id
- fi
-}
-
-# Explicitly set router id in l3 agent configuration
-function _neutron_set_router_id {
- if [[ "$Q_L3_ROUTER_PER_TENANT" == "False" ]]; then
- iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
- fi
-}
-
-# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
-function _neutron_get_ext_gw_interface {
- if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
- echo $Q_PUBLIC_VETH_EX
- else
- # Disable in-band as we are going to use local port
- # to communicate with VMs
- sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
- other_config:disable-in-band=true
- echo $PUBLIC_BRIDGE
- fi
-}
-
# Functions for Neutron Exercises
#--------------------------------
@@ -1391,26 +940,8 @@
neutron-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
}
-function setup_neutron_debug {
- if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
- public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
- if [[ -n $public_net_id ]]; then
- neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
- fi
- private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
- if [[ -n $private_net_id ]]; then
- neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
- fi
- fi
-}
-
-function teardown_neutron_debug {
- delete_probe $PUBLIC_NETWORK_NAME
- delete_probe $PRIVATE_NETWORK_NAME
-}
-
function _get_net_id {
- neutron --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
+ neutron --os-cloud devstack-admin --os-region "$REGION_NAME" --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
}
function _get_probe_cmd_prefix {
@@ -1433,63 +964,6 @@
test_with_retry "$testcmd" "server $ip didn't become ssh-able" $timeout_sec
}
-# Neutron 3rd party programs
-#---------------------------
-
-# please refer to ``lib/neutron_thirdparty/README.md`` for details
-NEUTRON_THIRD_PARTIES=""
-for f in $TOP_DIR/lib/neutron_thirdparty/*; do
- third_party=$(basename $f)
- if is_service_enabled $third_party; then
- source $TOP_DIR/lib/neutron_thirdparty/$third_party
- NEUTRON_THIRD_PARTIES="$NEUTRON_THIRD_PARTIES,$third_party"
- fi
-done
-
-function _neutron_third_party_do {
- for third_party in ${NEUTRON_THIRD_PARTIES//,/ }; do
- ${1}_${third_party}
- done
-}
-
-# configure_neutron_third_party() - Set config files, create data dirs, etc
-function configure_neutron_third_party {
- _neutron_third_party_do configure
-}
-
-# init_neutron_third_party() - Initialize databases, etc.
-function init_neutron_third_party {
- _neutron_third_party_do init
-}
-
-# install_neutron_third_party() - Collect source and prepare
-function install_neutron_third_party {
- _neutron_third_party_do install
-}
-
-# start_neutron_third_party() - Start running processes, including screen
-function start_neutron_third_party {
- _neutron_third_party_do start
-}
-
-# stop_neutron_third_party - Stop running processes (non-screen)
-function stop_neutron_third_party {
- _neutron_third_party_do stop
-}
-
-# check_neutron_third_party_integration() - Check that third party integration is sane
-function check_neutron_third_party_integration {
- _neutron_third_party_do check
-}
-
-function is_provider_network {
- if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ] && [ "$Q_L3_ENABLED" == "False" ]; then
- return 0
- fi
- return 1
-}
-
-
# Restore xtrace
$_XTRACE_NEUTRON
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index 096722b..d0de2f5 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -43,13 +43,15 @@
}
function neutron_plugin_configure_dhcp_agent {
- iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
+ local conf_file=$1
+ :
}
function neutron_plugin_configure_l3_agent {
+ local conf_file=$1
sudo brctl addbr $PUBLIC_BRIDGE
- iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge
- iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
+ set_mtu $PUBLIC_BRIDGE $PUBLIC_BRIDGE_MTU
+ iniset $conf_file DEFAULT external_network_bridge
}
function neutron_plugin_configure_plugin_agent {
@@ -59,11 +61,15 @@
if [[ "$LB_INTERFACE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then
LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE
fi
+ if [[ "$PUBLIC_BRIDGE" != "" ]] && [[ "$PUBLIC_PHYSICAL_NETWORK" != "" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE linux_bridge bridge_mappings "$PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE"
+ fi
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE linux_bridge physical_interface_mappings $LB_INTERFACE_MAPPINGS
fi
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+ enable_kernel_bridge_firewall
else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
fi
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 30e1b03..e429714 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -25,20 +25,26 @@
# List of MechanismDrivers to load
Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-openvswitch,linuxbridge}
-# List of Type Drivers to load
-Q_ML2_PLUGIN_TYPE_DRIVERS=${Q_ML2_PLUGIN_TYPE_DRIVERS:-local,flat,vlan,gre,vxlan}
# Default GRE TypeDriver options
Q_ML2_PLUGIN_GRE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GRE_TYPE_OPTIONS:-tunnel_id_ranges=$TENANT_TUNNEL_RANGES}
# Default VXLAN TypeDriver options
-Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS:-vni_ranges=1001:2000}
+Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS:-vni_ranges=$TENANT_TUNNEL_RANGES}
# Default VLAN TypeDriver options
Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-}
+# Default GENEVE TypeDriver options
+Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-vni_ranges=$TENANT_TUNNEL_RANGES}
# List of extension drivers to load, use '-' instead of ':-' to allow people to
# explicitly override this to blank
-Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security}
+if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
+ Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security}
+else
+ Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-}
+fi
# L3 Plugin to load for ML2
-ML2_L3_PLUGIN=${ML2_L3_PLUGIN:-neutron.services.l3_router.l3_router_plugin.L3RouterPlugin}
+# For some flat network environment, they not want to extend L3 plugin.
+# Make sure it is able to set empty to ML2_L3_PLUGIN.
+ML2_L3_PLUGIN=${ML2_L3_PLUGIN-neutron.services.l3_router.l3_router_plugin.L3RouterPlugin}
function populate_ml2_config {
CONF=$1
@@ -93,8 +99,16 @@
# Allow for setup the flat type network
- if [[ -z "$Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS" && -n "$PHYSICAL_NETWORK" ]]; then
- Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS="flat_networks=$PHYSICAL_NETWORK"
+ if [[ -z "$Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS" ]]; then
+ if [[ -n "$PHYSICAL_NETWORK" || -n "$PUBLIC_PHYSICAL_NETWORK" ]]; then
+ Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS="flat_networks="
+ if [[ -n "$PHYSICAL_NETWORK" ]]; then
+ Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS+="${PHYSICAL_NETWORK},"
+ fi
+ if [[ -n "$PUBLIC_PHYSICAL_NETWORK" ]]; then
+ Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS+="${PUBLIC_PHYSICAL_NETWORK},"
+ fi
+ fi
fi
# REVISIT(rkukura): Setting firewall_driver here for
# neutron.agent.securitygroups_rpc.is_firewall_enabled() which is
@@ -111,7 +125,9 @@
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS
- populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 type_drivers=$Q_ML2_PLUGIN_TYPE_DRIVERS
+ if [[ -n "$Q_ML2_PLUGIN_TYPE_DRIVERS" ]]; then
+ populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 type_drivers=$Q_ML2_PLUGIN_TYPE_DRIVERS
+ fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 extension_drivers=$Q_ML2_PLUGIN_EXT_DRIVERS
@@ -125,6 +141,8 @@
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_vlan $Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS
+ populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_geneve $Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS
+
if [[ "$Q_DVR_MODE" != "legacy" ]]; then
populate_ml2_config /$Q_PLUGIN_CONF_FILE agent l2_population=True
populate_ml2_config /$Q_PLUGIN_CONF_FILE agent tunnel_types=vxlan
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index aba2587..e27b8a6 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -28,12 +28,13 @@
}
function neutron_plugin_configure_dhcp_agent {
- iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
+ local conf_file=$1
+ :
}
function neutron_plugin_configure_l3_agent {
+ local conf_file=$1
_neutron_ovs_base_configure_l3_agent
- iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
}
function neutron_plugin_configure_plugin_agent {
@@ -102,7 +103,7 @@
sudo ovs-vsctl -- --may-exist add-port "br-$VLAN_INTERFACE" $VLAN_INTERFACE
# Create external bridge and add port
- _neutron_ovs_base_add_bridge $PUBLIC_BRIDGE
+ _neutron_ovs_base_add_public_bridge
sudo ovs-vsctl -- --may-exist add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE
# Set bridge mappings to "physnet1:br-$GUEST_INTERFACE_DEFAULT"
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 59c7737..3cd6c85 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -19,7 +19,7 @@
function _neutron_ovs_base_add_bridge {
local bridge=$1
- local addbr_cmd="sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge"
+ local addbr_cmd="sudo ovs-vsctl -- --may-exist add-br $bridge"
if [ "$OVS_DATAPATH_TYPE" != "system" ] ; then
addbr_cmd="$addbr_cmd -- set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}"
@@ -54,7 +54,7 @@
local kernel_major_minor
kernel_major_minor=`echo $kernel_version | cut -d. -f1-2`
# From kernel 3.13 on, openvswitch-datapath-dkms is not needed
- if [ `vercmp_numbers "$kernel_major_minor" "3.13"` -lt "0" ]; then
+ if vercmp "$kernel_major_minor" "<" "3.13" ; then
install_package "dkms openvswitch-datapath-dkms linux-headers-$kernel_version"
fi
}
@@ -84,6 +84,7 @@
function _neutron_ovs_base_configure_firewall_driver {
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+ enable_kernel_bridge_firewall
else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
fi
@@ -105,11 +106,16 @@
sudo ip link set $Q_PUBLIC_VETH_EX up
sudo ip addr flush dev $Q_PUBLIC_VETH_EX
else
- _neutron_ovs_base_add_bridge $PUBLIC_BRIDGE
+ _neutron_ovs_base_add_public_bridge
sudo ovs-vsctl br-set-external-id $PUBLIC_BRIDGE bridge-id $PUBLIC_BRIDGE
fi
}
+function _neutron_ovs_base_add_public_bridge {
+ _neutron_ovs_base_add_bridge $PUBLIC_BRIDGE
+ set_mtu $PUBLIC_BRIDGE $PUBLIC_BRIDGE_MTU
+}
+
function _neutron_ovs_base_configure_nova_vif_driver {
:
}
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
deleted file mode 100644
index 40968fa..0000000
--- a/lib/neutron_plugins/services/firewall
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# Neutron firewall plugin
-# ---------------------------
-
-# Save trace setting
-_XTRACE_NEUTRON_FIREWALL=$(set +o | grep xtrace)
-set +o xtrace
-
-FWAAS_PLUGIN=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin}
-FWAAS_DRIVER=${FWAAS_DRIVER:-neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver}
-
-function neutron_fwaas_configure_common {
- _neutron_service_plugin_class_add $FWAAS_PLUGIN
-}
-
-function neutron_fwaas_configure_driver {
- # Uses oslo config generator to generate FWaaS sample configuration files
- (cd $NEUTRON_FWAAS_DIR && exec ./tools/generate_config_file_samples.sh)
-
- FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini
- cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini.sample $FWAAS_DRIVER_CONF_FILENAME
-
- iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
- iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "$FWAAS_DRIVER"
-}
-
-function neutron_fwaas_stop {
- :
-}
-
-# Restore xtrace
-$_XTRACE_NEUTRON_FIREWALL
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
new file mode 100644
index 0000000..aa61a10
--- /dev/null
+++ b/lib/neutron_plugins/services/l3
@@ -0,0 +1,451 @@
+#!/bin/bash
+# Subnet IP version
+IP_VERSION=${IP_VERSION:-"4+6"}
+# Validate IP_VERSION
+if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
+ die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
+fi
+# Specify if the initial private and external networks should be created
+NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
+
+## Provider Network Information
+PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
+IPV6_PROVIDER_SUBNET_NAME=${IPV6_PROVIDER_SUBNET_NAME:-"provider_net_v6"}
+IPV6_PROVIDER_FIXED_RANGE=${IPV6_PROVIDER_FIXED_RANGE:-}
+IPV6_PROVIDER_NETWORK_GATEWAY=${IPV6_PROVIDER_NETWORK_GATEWAY:-}
+
+PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
+PUBLIC_BRIDGE_MTU=${PUBLIC_BRIDGE_MTU:-1500}
+
+# If Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE=True, assign the gateway IP of the public
+# subnet to the public bridge interface even if Q_USE_PROVIDERNET_FOR_PUBLIC is
+# used.
+Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE=${Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE:-True}
+
+# The name of the default router
+Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
+
+# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of
+# PUBLIC_BRIDGE. This is intended to be used with
+# Q_USE_PROVIDERNET_FOR_PUBLIC=True.
+Q_USE_PUBLIC_VETH=${Q_USE_PUBLIC_VETH:-False}
+Q_PUBLIC_VETH_EX=${Q_PUBLIC_VETH_EX:-veth-pub-ex}
+Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int}
+
+# The next variable is configured by plugin
+# e.g. _configure_neutron_l3_agent or lib/neutron_plugins/*
+#
+# L3 routers exist per tenant
+Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
+
+
+# Use flat providernet for public network
+#
+# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network
+# for external interface of neutron l3-agent. In that case,
+# PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value
+# used for the network. In case of ofagent, you should add the
+# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS.
+# For openvswitch agent, you should add the corresponding entry to
+# your OVS_BRIDGE_MAPPINGS.
+#
+# eg. (ofagent)
+# Q_USE_PROVIDERNET_FOR_PUBLIC=True
+# Q_USE_PUBLIC_VETH=True
+# PUBLIC_PHYSICAL_NETWORK=public
+# OFAGENT_PHYSICAL_INTERFACE_MAPPINGS=public:veth-pub-int
+#
+# eg. (openvswitch agent)
+# Q_USE_PROVIDERNET_FOR_PUBLIC=True
+# PUBLIC_PHYSICAL_NETWORK=public
+# OVS_BRIDGE_MAPPINGS=public:br-ex
+Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-True}
+PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public}
+
+# Generate 40-bit IPv6 Global ID to comply with RFC 4193
+IPV6_GLOBAL_ID=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
+
+# IPv6 gateway and subnet defaults, in case they are not customized in localrc
+IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}
+IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
+IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
+IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
+FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
+IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-}
+IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}
+IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}
+IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-2001:db8::1}
+
+# Gateway and subnet defaults, in case they are not customized in localrc
+NETWORK_GATEWAY=${NETWORK_GATEWAY:-}
+PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-}
+PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"}
+PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}
+
+# Subnetpool defaults
+USE_SUBNETPOOL=${USE_SUBNETPOOL:-True}
+SUBNETPOOL_NAME=${SUBNETPOOL_NAME:-"shared-default-subnetpool"}
+
+SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-10.0.0.0/16}
+SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-2001:db8:8000::/48}
+
+SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}
+SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
+
+default_v4_route_devs=$(ip -4 route | grep ^default | awk '{print $5}')
+die_if_not_set $LINENO default_v4_route_devs "Failure retrieving default IPv4 route devices"
+
+default_v6_route_devs=$(ip -6 route | grep ^default | awk '{print $5}')
+
+function _determine_config_l3 {
+ local opts="--config-file $NEUTRON_CONF --config-file $Q_L3_CONF_FILE"
+ echo "$opts"
+}
+
+function _configure_neutron_l3_agent {
+
+ cp $NEUTRON_DIR/etc/l3_agent.ini.sample $Q_L3_CONF_FILE
+
+ iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
+ if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+ iniset $Q_L3_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+ fi
+
+ _neutron_setup_interface_driver $Q_L3_CONF_FILE
+
+ neutron_plugin_configure_l3_agent $Q_L3_CONF_FILE
+
+ # If we've given a PUBLIC_INTERFACE to take over, then we assume
+ # that we can own the whole thing, and privot it into the OVS
+ # bridge. If we are not, we're probably on a single interface
+ # machine, and we just setup NAT so that fixed guests can get out.
+ if [[ -n "$PUBLIC_INTERFACE" ]]; then
+ _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True False "inet"
+
+ if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
+ _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
+ fi
+ else
+ for d in $default_v4_route_devs; do
+ sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE
+ done
+ fi
+}
+
+# Explicitly set router id in l3 agent configuration
+function _neutron_set_router_id {
+ if [[ "$Q_L3_ROUTER_PER_TENANT" == "False" ]]; then
+ iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
+ fi
+}
+
+# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
+function _neutron_get_ext_gw_interface {
+ if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
+ echo $Q_PUBLIC_VETH_EX
+ else
+ # Disable in-band as we are going to use local port
+ # to communicate with VMs
+ sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
+ other_config:disable-in-band=true
+ echo $PUBLIC_BRIDGE
+ fi
+}
+
+function create_neutron_initial_network {
+ if ! is_service_enabled q-svc && ! is_service_enabled neutron-api; then
+ echo "Controller services not enabled. No networks configured!"
+ return
+ fi
+ if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "False" ]]; then
+ echo "Network creation disabled!"
+ return
+ fi
+ local project_id
+ project_id=$(openstack project list | grep " demo " | get_field 1)
+ die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
+
+ # Allow drivers that need to create an initial network to do so here
+ if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
+ neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
+ fi
+
+ if is_networking_extension_supported "auto-allocated-topology"; then
+ if [[ "$USE_SUBNETPOOL" == "True" ]]; then
+ if [[ "$IP_VERSION" =~ 4.* ]]; then
+ SUBNETPOOL_V4_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --shared --is-default=True | grep ' id ' | get_field 2)
+ fi
+ if [[ "$IP_VERSION" =~ .*6 ]]; then
+ SUBNETPOOL_V6_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --shared --is-default=True | grep ' id ' | get_field 2)
+ fi
+ fi
+ fi
+
+ if is_provider_network; then
+ die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
+ die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
+ NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create $PHYSICAL_NETWORK --tenant_id $project_id --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $project_id"
+
+ if [[ "$IP_VERSION" =~ 4.* ]]; then
+ if [ -z $SUBNETPOOL_V4_ID ]; then
+ fixed_range_v4=$FIXED_RANGE
+ fi
+ SUBNET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create --tenant_id $project_id --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnetpool $SUBNETPOOL_V4_ID} $NET_ID $fixed_range_v4 | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $project_id"
+ fi
+
+ if [[ "$IP_VERSION" =~ .*6 ]]; then
+ die_if_not_set $LINENO IPV6_PROVIDER_FIXED_RANGE "IPV6_PROVIDER_FIXED_RANGE has not been set, but Q_USE_PROVIDERNET_FOR_PUBLIC is true and IP_VERSION includes 6"
+ die_if_not_set $LINENO IPV6_PROVIDER_NETWORK_GATEWAY "IPV6_PROVIDER_NETWORK_GATEWAY has not been set, but Q_USE_PROVIDERNET_FOR_PUBLIC is true and IP_VERSION includes 6"
+ if [ -z $SUBNETPOOL_V6_ID ]; then
+ fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
+ fi
+ SUBNET_V6_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create --tenant_id $project_id --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnetpool $SUBNETPOOL_V6_ID} $NET_ID $fixed_range_v6 | grep 'id' | get_field 2)
+ die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
+ fi
+
+ if [[ $Q_AGENT == "openvswitch" ]]; then
+ sudo ip link set $OVS_PHYSICAL_BRIDGE up
+ sudo ip link set br-int up
+ sudo ip link set $PUBLIC_INTERFACE up
+ fi
+ else
+ NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create --tenant-id $project_id "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $project_id"
+
+ if [[ "$IP_VERSION" =~ 4.* ]]; then
+ # Create IPv4 private subnet
+ SUBNET_ID=$(_neutron_create_private_subnet_v4 $project_id)
+ fi
+
+ if [[ "$IP_VERSION" =~ .*6 ]]; then
+ # Create IPv6 private subnet
+ IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6 $project_id)
+ fi
+ fi
+
+ if is_networking_extension_supported "router" && is_networking_extension_supported "external-net"; then
+ # Create a router, and add the private subnet as one of its interfaces
+ if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
+ # create a tenant-owned router.
+ ROUTER_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-create --tenant-id $project_id $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $project_id $Q_ROUTER_NAME"
+ else
+ # Plugin only supports creating a single router, which should be admin owned.
+ ROUTER_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
+ fi
+
+ EXTERNAL_NETWORK_FLAGS="--router:external"
+ if is_networking_extension_supported "auto-allocated-topology"; then
+ EXTERNAL_NETWORK_FLAGS="$EXTERNAL_NETWORK_FLAGS --is-default"
+ fi
+ # Create an external network, and a subnet. Configure the external network as router gw
+ if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
+ EXT_NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
+ else
+ EXT_NET_ID=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
+ fi
+ die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
+
+ if [[ "$IP_VERSION" =~ 4.* ]]; then
+ # Configure router for IPv4 public access
+ _neutron_configure_router_v4
+ fi
+
+ if [[ "$IP_VERSION" =~ .*6 ]]; then
+ # Configure router for IPv6 public access
+ _neutron_configure_router_v6
+ fi
+ fi
+}
+
+# Create private IPv4 subnet
+function _neutron_create_private_subnet_v4 {
+ local project_id=$1
+ if [ -z $SUBNETPOOL_V4_ID ]; then
+ fixed_range_v4=$FIXED_RANGE
+ fi
+ local subnet_params="--tenant-id $project_id "
+ subnet_params+="--ip_version 4 "
+ if [[ -n "$NETWORK_GATEWAY" ]]; then
+ subnet_params+="--gateway $NETWORK_GATEWAY "
+ fi
+ subnet_params+="--name $PRIVATE_SUBNET_NAME "
+ subnet_params+="${SUBNETPOOL_V4_ID:+--subnetpool $SUBNETPOOL_V4_ID} "
+ subnet_params+="$NET_ID $fixed_range_v4"
+ local subnet_id
+ subnet_id=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $project_id"
+ echo $subnet_id
+}
+
+# Create private IPv6 subnet
+function _neutron_create_private_subnet_v6 {
+ local project_id=$1
+ die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
+ die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
+ local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
+ if [ -z $SUBNETPOOL_V6_ID ]; then
+ fixed_range_v6=$FIXED_RANGE_V6
+ fi
+ local subnet_params="--tenant-id $project_id "
+ subnet_params+="--ip_version 6 "
+ if [[ -n "$IPV6_PRIVATE_NETWORK_GATEWAY" ]]; then
+ subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
+ fi
+ subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
+ subnet_params+="${SUBNETPOOL_V6_ID:+--subnetpool $SUBNETPOOL_V6_ID} "
+ subnet_params+="$NET_ID $fixed_range_v6 $ipv6_modes"
+ local ipv6_subnet_id
+ ipv6_subnet_id=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $project_id"
+ echo $ipv6_subnet_id
+}
+
+# Create public IPv4 subnet
+function _neutron_create_public_subnet_v4 {
+ local subnet_params="--ip_version 4 "
+ subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
+ if [[ -n "$PUBLIC_NETWORK_GATEWAY" ]]; then
+ subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
+ fi
+ subnet_params+="--name $PUBLIC_SUBNET_NAME "
+ subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
+ subnet_params+="-- --enable_dhcp=False"
+ local id_and_ext_gw_ip
+ id_and_ext_gw_ip=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+ die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
+ echo $id_and_ext_gw_ip
+}
+
+# Create public IPv6 subnet
+function _neutron_create_public_subnet_v6 {
+ local subnet_params="--ip_version 6 "
+ subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
+ subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
+ subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
+ subnet_params+="-- --enable_dhcp=False"
+ local ipv6_id_and_ext_gw_ip
+ ipv6_id_and_ext_gw_ip=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+ die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
+ echo $ipv6_id_and_ext_gw_ip
+}
+
+# Configure neutron router for IPv4 public access
+function _neutron_configure_router_v4 {
+ neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-interface-add $ROUTER_ID $SUBNET_ID
+ # Create a public subnet on the external network
+ local id_and_ext_gw_ip
+ id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
+ local ext_gw_ip
+ ext_gw_ip=$(echo $id_and_ext_gw_ip | get_field 2)
+ PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
+ # Configure the external network as the default router gateway
+ neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-gateway-set $ROUTER_ID $EXT_NET_ID
+
+ # This logic is specific to using the l3-agent for layer 3
+ if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
+ # Configure and enable public bridge
+ local ext_gw_interface="none"
+ if is_neutron_ovs_base_plugin; then
+ ext_gw_interface=$(_neutron_get_ext_gw_interface)
+ elif [[ "$Q_AGENT" = "linuxbridge" ]]; then
+ # Get the device the neutron router and network for $FIXED_RANGE
+ # will be using.
+ if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
+ # in provider nets a bridge mapping uses the public bridge directly
+ ext_gw_interface=$PUBLIC_BRIDGE
+ else
+ # e.x. brq3592e767-da for NET_ID 3592e767-da66-4bcb-9bec-cdb03cd96102
+ ext_gw_interface=brq${EXT_NET_ID:0:11}
+ fi
+ fi
+ if [[ "$ext_gw_interface" != "none" ]]; then
+ local cidr_len=${FLOATING_RANGE#*/}
+ local testcmd="ip -o link | grep -q $ext_gw_interface"
+ test_with_retry "$testcmd" "$ext_gw_interface creation failed"
+ if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && ( $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" || $Q_USE_PUBLIC_VETH == "True" || $Q_ASSIGN_GATEWAY_TO_PUBLIC_BRIDGE == "True" ) ]]; then
+ sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
+ sudo ip link set $ext_gw_interface up
+ fi
+ ROUTER_GW_IP=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' ')
+ die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
+ local replace_range=${SUBNETPOOL_PREFIX_V4}
+ if [[ -z "${SUBNETPOOL_V4_ID}" ]]; then
+ replace_range=${FIXED_RANGE}
+ fi
+ sudo ip route replace $replace_range via $ROUTER_GW_IP
+ fi
+ _neutron_set_router_id
+ fi
+}
+
+# Configure neutron router for IPv6 public access
+function _neutron_configure_router_v6 {
+ neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
+ # Create a public subnet on the external network
+ local ipv6_id_and_ext_gw_ip
+ ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
+ local ipv6_ext_gw_ip
+ ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
+ local ipv6_pub_subnet_id
+ ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
+
+ # If the external network has not already been set as the default router
+ # gateway when configuring an IPv4 public subnet, do so now
+ if [[ "$IP_VERSION" == "6" ]]; then
+ neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-gateway-set $ROUTER_ID $EXT_NET_ID
+ fi
+
+ # This logic is specific to using the l3-agent for layer 3
+ if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
+ # Ensure IPv6 RAs are accepted on interfaces with a default route.
+ # This is needed for neutron-based devstack clouds to work in
+ # IPv6-only clouds in the gate. Please do not remove this without
+ # talking to folks in Infra.
+ for d in $default_v6_route_devs; do
+ # Slashes must be used in this sysctl command because route devices
+ # can have dots in their names. If dots were used, dots in the
+ # device name would be reinterpreted as a slash, causing an error.
+ sudo sysctl -w net/ipv6/conf/$d/accept_ra=2
+ done
+ # Ensure IPv6 forwarding is enabled on the host
+ sudo sysctl -w net.ipv6.conf.all.forwarding=1
+ # Configure and enable public bridge
+ # Override global IPV6_ROUTER_GW_IP with the true value from neutron
+ IPV6_ROUTER_GW_IP=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' ')
+ die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
+
+ if is_neutron_ovs_base_plugin; then
+ local ext_gw_interface
+ ext_gw_interface=$(_neutron_get_ext_gw_interface)
+ local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
+
+ # Configure interface for public bridge
+ sudo ip -6 addr replace $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
+ local replace_range=${SUBNETPOOL_PREFIX_V6}
+ if [[ -z "${SUBNETPOOL_V6_ID}" ]]; then
+ replace_range=${FIXED_RANGE_V6}
+ fi
+ sudo ip -6 route replace $replace_range via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
+ fi
+ _neutron_set_router_id
+ fi
+}
+
+function is_provider_network {
+ if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ]; then
+ return 0
+ fi
+ return 1
+}
+
+function is_networking_extension_supported {
+ local extension=$1
+ # TODO(sc68cal) cache this instead of calling every time
+ EXT_LIST=$(neutron --os-cloud devstack-admin --os-region "$REGION_NAME" ext-list -c alias -f value)
+ [[ $EXT_LIST =~ $extension ]] && return 0
+}
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
deleted file mode 100644
index 30e9480..0000000
--- a/lib/neutron_plugins/services/loadbalancer
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/bash
-
-# Neutron loadbalancer plugin
-# ---------------------------
-
-# Save trace setting
-_XTRACE_NEUTRON_LB=$(set +o | grep xtrace)
-set +o xtrace
-
-
-AGENT_LBAAS_BINARY="$NEUTRON_BIN_DIR/neutron-lbaas-agent"
-LBAAS_PLUGIN=neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin
-
-function neutron_agent_lbaas_install_agent_packages {
- if is_ubuntu || is_fedora || is_suse; then
- install_package haproxy
- fi
-}
-
-function neutron_agent_lbaas_configure_common {
- _neutron_service_plugin_class_add $LBAAS_PLUGIN
- _neutron_deploy_rootwrap_filters $NEUTRON_LBAAS_DIR
-}
-
-function neutron_agent_lbaas_configure_agent {
- LBAAS_AGENT_CONF_PATH=/etc/neutron/services/loadbalancer/haproxy
- mkdir -p $LBAAS_AGENT_CONF_PATH
-
- LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini"
-
- cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini.sample $LBAAS_AGENT_CONF_FILENAME
-
- # ovs_use_veth needs to be set before the plugin configuration
- # occurs to allow plugins to override the setting.
- iniset $LBAAS_AGENT_CONF_FILENAME DEFAULT ovs_use_veth $Q_OVS_USE_VETH
-
- neutron_plugin_setup_interface_driver $LBAAS_AGENT_CONF_FILENAME
-
- if is_fedora; then
- iniset $LBAAS_AGENT_CONF_FILENAME DEFAULT user_group "nobody"
- iniset $LBAAS_AGENT_CONF_FILENAME haproxy user_group "nobody"
- fi
-}
-
-function neutron_lbaas_stop {
- pids=$(ps aux | awk '/haproxy/ { print $2 }')
- [ ! -z "$pids" ] && sudo kill $pids || true
-}
-
-# Restore xtrace
-$_XTRACE_NEUTRON_LB
diff --git a/lib/neutron_thirdparty/README.md b/lib/neutron_thirdparty/README.md
deleted file mode 100644
index 905ae77..0000000
--- a/lib/neutron_thirdparty/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-Neutron third party specific files
-==================================
-Some Neutron plugins require third party programs to function.
-The files under the directory, ``lib/neutron_thirdparty/``, will be used
-when their service are enabled.
-Third party program specific configuration variables should be in this file.
-
-* filename: ``<third_party>``
- * The corresponding file name should be same to service name, ``<third_party>``.
-
-functions
----------
-``lib/neutron-legacy`` calls the following functions when the ``<third_party>`` is enabled
-
-functions to be implemented
-* ``configure_<third_party>``:
- set config files, create data dirs, etc
- e.g.
- sudo python setup.py deploy
- iniset $XXXX_CONF...
-
-* ``init_<third_party>``:
- initialize databases, etc
-
-* ``install_<third_party>``:
- collect source and prepare
- e.g.
- git clone xxx
-
-* ``start_<third_party>``:
- start running processes, including screen if USE_SCREEN=True
- e.g.
- run_process XXXX "$XXXX_DIR/bin/XXXX-bin"
-
-* ``stop_<third_party>``:
- stop running processes (non-screen)
- e.g.
- stop_process XXXX
-
-* ``check_<third_party>``:
- verify that the integration between neutron server and third-party components is sane
diff --git a/lib/neutron_thirdparty/bigswitch_floodlight b/lib/neutron_thirdparty/bigswitch_floodlight
deleted file mode 100644
index 45a4f2e..0000000
--- a/lib/neutron_thirdparty/bigswitch_floodlight
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/bash
-#
-# Big Switch/FloodLight OpenFlow Controller
-# ------------------------------------------
-
-# Save trace setting
-_XTRACE_NEUTRON_BIGSWITCH=$(set +o | grep xtrace)
-set +o xtrace
-
-BS_FL_CONTROLLERS_PORT=${BS_FL_CONTROLLERS_PORT:-localhost:80}
-BS_FL_OF_PORT=${BS_FL_OF_PORT:-6633}
-
-function configure_bigswitch_floodlight {
- :
-}
-
-function init_bigswitch_floodlight {
- install_neutron_agent_packages
-
- echo -n "Installing OVS managed by the openflow controllers:"
- echo ${BS_FL_CONTROLLERS_PORT}
-
- # Create local OVS bridge and configure it
- sudo ovs-vsctl --no-wait -- --if-exists del-br ${OVS_BRIDGE}
- sudo ovs-vsctl --no-wait add-br ${OVS_BRIDGE}
- sudo ovs-vsctl --no-wait br-set-external-id ${OVS_BRIDGE} bridge-id ${OVS_BRIDGE}
-
- ctrls=
- for ctrl in `echo ${BS_FL_CONTROLLERS_PORT} | tr ',' ' '`; do
- ctrl=${ctrl%:*}
- ctrls="${ctrls} tcp:${ctrl}:${BS_FL_OF_PORT}"
- done
- echo "Adding Network conttrollers: " ${ctrls}
- sudo ovs-vsctl --no-wait set-controller ${OVS_BRIDGE} ${ctrls}
-}
-
-function install_bigswitch_floodlight {
- :
-}
-
-function start_bigswitch_floodlight {
- :
-}
-
-function stop_bigswitch_floodlight {
- :
-}
-
-function check_bigswitch_floodlight {
- :
-}
-
-# Restore xtrace
-$_XTRACE_NEUTRON_BIGSWITCH
diff --git a/lib/neutron_thirdparty/vmware_nsx b/lib/neutron_thirdparty/vmware_nsx
deleted file mode 100644
index e182fca..0000000
--- a/lib/neutron_thirdparty/vmware_nsx
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# REVISIT(roeyc): this file left empty so that 'enable_service vmware_nsx'
-# continues to work.
diff --git a/lib/nova b/lib/nova
index 818ecc4..f38fb8b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -59,11 +59,6 @@
NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
-# NOVA_V2_LEGACY defines whether we force the Nova v2.0 enpoint onto
-# the Nova v2.0 legacy code base. Remove this option once the Nova
-# v2.0 legacy codebase is removed.
-NOVA_V2_LEGACY=$(trueorfalse False NOVA_V2_LEGACY)
-
if is_suse; then
NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/srv/www/htdocs/nova}
else
@@ -88,7 +83,10 @@
# Option to enable/disable config drive
# NOTE: Set ``FORCE_CONFIG_DRIVE="False"`` to turn OFF config drive
-FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"True"}
+FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"False"}
+
+# Option to initialize CellsV2 environment
+NOVA_CONFIGURE_CELLSV2=$(trueorfalse False NOVA_CONFIGURE_CELLSV2)
# Nova supports pluggable schedulers. The default ``FilterScheduler``
# should work in most cases.
@@ -133,7 +131,7 @@
# --------------------------
NETWORK_MANAGER=${NETWORK_MANAGER:-${NET_MAN:-FlatDHCPManager}}
-PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}
+
VLAN_INTERFACE=${VLAN_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-$FLAT_NETWORK_BRIDGE_DEFAULT}
@@ -304,20 +302,11 @@
# Put config files in ``/etc/nova`` for everyone to find
sudo install -d -o $STACK_USER $NOVA_CONF_DIR
- install_default_policy nova
-
configure_rootwrap nova
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
# Get the sample configuration file in place
cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF_DIR
-
- # For setting up an environment where v2.0 is running on the
- # v2.0 legacy code base.
- if [[ "$NOVA_V2_LEGACY" == "True" ]]; then
- sed -i s@"^/v2: openstack_compute_api_v21_legacy_v2_compatible$"@"/v2: openstack_compute_api_legacy_v2"@ \
- "$NOVA_API_PASTE_INI"
- fi
fi
if is_service_enabled n-cpu; then
@@ -470,7 +459,6 @@
iniset $NOVA_CONF DEFAULT rootwrap_config "$NOVA_CONF_DIR/rootwrap.conf"
iniset $NOVA_CONF DEFAULT scheduler_driver "$SCHEDULER"
iniset $NOVA_CONF DEFAULT scheduler_default_filters "$FILTERS"
- iniset $NOVA_CONF DEFAULT force_dhcp_release "True"
iniset $NOVA_CONF DEFAULT default_floating_pool "$PUBLIC_NETWORK_NAME"
iniset $NOVA_CONF DEFAULT s3_host "$SERVICE_HOST"
iniset $NOVA_CONF DEFAULT s3_port "$S3_SERVICE_PORT"
@@ -493,8 +481,6 @@
iniset $NOVA_CONF DEFAULT bindir "/usr/bin"
fi
- iniset $NOVA_CONF privsep_osbrick helper_command "sudo nova-rootwrap \$rootwrap_config privsep-helper --config-file $NOVA_CONF"
-
if is_service_enabled n-api; then
if is_service_enabled n-api-meta; then
# If running n-api-meta as a separate service
@@ -550,7 +536,6 @@
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
iniset $NOVA_CONF DEFAULT notify_on_state_change "vm_and_task_state"
- iniset $NOVA_CONF oslo_messaging_notifications driver "messaging"
fi
# All nova-compute workers need to know the vnc configuration options
@@ -569,7 +554,6 @@
# For multi-host, this should be the management ip of the compute host.
VNCSERVER_LISTEN=${VNCSERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST}
VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST}
- iniset $NOVA_CONF vnc enabled true
iniset $NOVA_CONF vnc vncserver_listen "$VNCSERVER_LISTEN"
iniset $NOVA_CONF vnc vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
iniset $NOVA_CONF vnc novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
@@ -587,10 +571,11 @@
iniset $NOVA_CONF spice server_listen "$SPICESERVER_LISTEN"
iniset $NOVA_CONF spice server_proxyclient_address "$SPICESERVER_PROXYCLIENT_ADDRESS"
iniset $NOVA_CONF spice html5proxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
- else
- iniset $NOVA_CONF spice enabled false
fi
+ # Set the oslo messaging driver to the typical default. This does not
+ # enable notifications, but it will allow them to function when enabled.
+ iniset $NOVA_CONF oslo_messaging_notifications driver "messaging"
iniset_rpc_backend nova $NOVA_CONF
iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
@@ -601,11 +586,6 @@
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
- if [[ "$NOVA_BACKEND" == "LVM" ]]; then
- iniset $NOVA_CONF libvirt images_type "lvm"
- iniset $NOVA_CONF libvirt images_volume_group $DEFAULT_VOLUME_GROUP_NAME
- fi
-
if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
iniset $NOVA_CONF DEFAULT glance_protocol https
fi
@@ -648,7 +628,7 @@
if is_service_enabled n-cell; then
cp $NOVA_CONF $NOVA_CELLS_CONF
iniset $NOVA_CELLS_CONF database connection `database_connection_url $NOVA_CELLS_DB`
- iniset $NOVA_CELLS_CONF oslo_messaging_rabbit rabbit_virtual_host child_cell
+ iniset_rpc_backend nova $NOVA_CELLS_CONF DEFAULT child_cell
iniset $NOVA_CELLS_CONF DEFAULT dhcpbridge_flagfile $NOVA_CELLS_CONF
iniset $NOVA_CELLS_CONF cells enable True
iniset $NOVA_CELLS_CONF cells cell_type compute
@@ -678,8 +658,9 @@
}
function create_nova_conf_nova_network {
+ local public_interface=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}
iniset $NOVA_CONF DEFAULT network_manager "nova.network.manager.$NETWORK_MANAGER"
- iniset $NOVA_CONF DEFAULT public_interface "$PUBLIC_INTERFACE"
+ iniset $NOVA_CONF DEFAULT public_interface "$public_interface"
iniset $NOVA_CONF DEFAULT vlan_interface "$VLAN_INTERFACE"
iniset $NOVA_CONF DEFAULT flat_network_bridge "$FLAT_NETWORK_BRIDGE"
if [ -n "$FLAT_INTERFACE" ]; then
@@ -698,22 +679,27 @@
# All nova components talk to a central database.
# Only do this step once on the API node for an entire cluster.
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
- # (Re)create nova database
+ # (Re)create nova databases
recreate_database nova
+ if [ "$NOVA_CONFIGURE_CELLSV2" != "False" ]; then
+ recreate_database nova_api_cell0
+ fi
- # Migrate nova database
- $NOVA_BIN_DIR/nova-manage db sync
+ # Migrate nova database. If "nova-manage cell_v2 simple_cell_setup" has
+ # been run this migrates the "nova" and "nova_api_cell0" database.
+ # Otherwise it just migrates the "nova" database.
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db sync
if is_service_enabled n-cell; then
recreate_database $NOVA_CELLS_DB
fi
recreate_database $NOVA_API_DB
- $NOVA_BIN_DIR/nova-manage api_db sync
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
# Run online migrations on the new databases
# Needed for flavor conversion
- $NOVA_BIN_DIR/nova-manage db online_data_migrations
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db online_data_migrations
fi
create_nova_cache_dir
@@ -816,7 +802,7 @@
# Start proxies if enabled
if is_service_enabled tls-proxy; then
- start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
+ start_tls_proxy nova '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT
fi
export PATH=$old_path
@@ -839,6 +825,8 @@
# ``sg`` is used in run_process to execute nova-compute as a member of the
# **$LIBVIRT_GROUP** group.
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LIBVIRT_GROUP
+ elif [[ "$VIRT_DRIVER" = 'lxd' ]]; then
+ run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LXD_GROUP
elif [[ "$VIRT_DRIVER" = 'fake' ]]; then
local i
for i in `seq 1 $NUMBER_FAKE_NOVA_COMPUTE`; do
@@ -876,9 +864,13 @@
run_process n-cond "$NOVA_BIN_DIR/nova-conductor --config-file $compute_cell_conf"
run_process n-cell-region "$NOVA_BIN_DIR/nova-cells --config-file $api_cell_conf"
run_process n-cell-child "$NOVA_BIN_DIR/nova-cells --config-file $compute_cell_conf"
-
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
+
+ if is_service_enabled n-net; then
+ enable_kernel_bridge_firewall
+ fi
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
+
run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf"
run_process n-api-meta "$NOVA_BIN_DIR/nova-api-metadata --config-file $compute_cell_conf"
@@ -935,25 +927,34 @@
# create_instance_types(): Create default flavors
function create_flavors {
if is_service_enabled n-api; then
- if ! openstack flavor list | grep -q ds512M; then
+ if ! openstack --os-region-name="$REGION_NAME" flavor list | grep -q ds512M; then
# Note that danms hates these flavors and apologizes for sdague
- openstack flavor create --id c1 --ram 256 --disk 0 --vcpus 1 cirros256
- openstack flavor create --id d1 --ram 512 --disk 5 --vcpus 1 ds512M
- openstack flavor create --id d2 --ram 1024 --disk 10 --vcpus 1 ds1G
- openstack flavor create --id d3 --ram 2048 --disk 10 --vcpus 2 ds2G
- openstack flavor create --id d4 --ram 4096 --disk 20 --vcpus 4 ds4G
+ openstack --os-region-name="$REGION_NAME" flavor create --id c1 --ram 256 --disk 0 --vcpus 1 cirros256
+ openstack --os-region-name="$REGION_NAME" flavor create --id d1 --ram 512 --disk 5 --vcpus 1 ds512M
+ openstack --os-region-name="$REGION_NAME" flavor create --id d2 --ram 1024 --disk 10 --vcpus 1 ds1G
+ openstack --os-region-name="$REGION_NAME" flavor create --id d3 --ram 2048 --disk 10 --vcpus 2 ds2G
+ openstack --os-region-name="$REGION_NAME" flavor create --id d4 --ram 4096 --disk 20 --vcpus 4 ds4G
fi
- if ! openstack flavor list | grep -q m1.tiny; then
- openstack flavor create --id 1 --ram 512 --disk 1 --vcpus 1 m1.tiny
- openstack flavor create --id 2 --ram 2048 --disk 20 --vcpus 1 m1.small
- openstack flavor create --id 3 --ram 4096 --disk 40 --vcpus 2 m1.medium
- openstack flavor create --id 4 --ram 8192 --disk 80 --vcpus 4 m1.large
- openstack flavor create --id 5 --ram 16384 --disk 160 --vcpus 8 m1.xlarge
+ if ! openstack --os-region-name="$REGION_NAME" flavor list | grep -q m1.tiny; then
+ openstack --os-region-name="$REGION_NAME" flavor create --id 1 --ram 512 --disk 1 --vcpus 1 m1.tiny
+ openstack --os-region-name="$REGION_NAME" flavor create --id 2 --ram 2048 --disk 20 --vcpus 1 m1.small
+ openstack --os-region-name="$REGION_NAME" flavor create --id 3 --ram 4096 --disk 40 --vcpus 2 m1.medium
+ openstack --os-region-name="$REGION_NAME" flavor create --id 4 --ram 8192 --disk 80 --vcpus 4 m1.large
+ openstack --os-region-name="$REGION_NAME" flavor create --id 5 --ram 16384 --disk 160 --vcpus 8 m1.xlarge
fi
fi
}
+# create_cell(): Group the available hosts into a cell
+function create_cell {
+ if ! is_service_enabled n-cell; then
+ nova-manage cell_v2 simple_cell_setup --transport-url $(get_transport_url)
+ else
+ echo 'Skipping cellsv2 setup for this cellsv1 configuration'
+ fi
+}
+
# Restore xtrace
$_XTRACE_LIB_NOVA
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index dbb4d4f..5e7695a 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -23,12 +23,7 @@
# Installs required distro-specific libvirt packages.
function install_libvirt {
if is_ubuntu; then
- if is_arch "aarch64" && [[ ${DISTRO} == "trusty" ]]; then
- install_package qemu-system
- else
- install_package qemu-kvm
- install_package libguestfs0
- fi
+ install_package qemu-system
install_package libvirt-bin libvirt-dev
pip_install_gr libvirt-python
if [[ "$EBTABLES_RACE_FIX" == "True" ]]; then
@@ -65,6 +60,7 @@
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun",
+ "/dev/vfio/vfio",
]
EOF
fi
@@ -108,9 +104,9 @@
# source file paths, not relative paths. This screws with the matching
# of '1:libvirt' making everything turn on. So use libvirt.c for now.
# This will have to be re-visited when Ubuntu ships libvirt >= 1.2.3
- local log_filters="1:libvirt.c 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor"
+ local log_filters="1:libvirt.c 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:cpu"
else
- local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor"
+ local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:cpu"
fi
local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
if ! sudo grep -q "^log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
@@ -121,18 +117,15 @@
fi
fi
- # Update the libvirt cpu map with a gate64 cpu model. This enables nova
- # live migration for 64bit guest OSes on heterogenous cloud "hardware".
- if [[ -f /usr/share/libvirt/cpu_map.xml ]] ; then
- sudo $TOP_DIR/tools/cpu_map_update.py /usr/share/libvirt/cpu_map.xml
- fi
+ # Service needs to be started on redhat/fedora -- do a restart for
+ # sanity after fiddling the config.
+ restart_service $LIBVIRT_DAEMON
- # libvirt detects various settings on startup, as we potentially changed
- # the system configuration (modules, filesystems), we need to restart
- # libvirt to detect those changes. Use a stop start as otherwise the new
- # cpu_map is not loaded properly on some systems (Ubuntu).
- stop_service $LIBVIRT_DAEMON
- start_service $LIBVIRT_DAEMON
+ # Restart virtlogd companion service to ensure it is running properly
+ # https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1577455
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1290357
+ # (not all platforms have it; libvirt 1.3+ only, thus the ignore)
+ restart_service virtlogd || true
}
diff --git a/lib/nova_plugins/hypervisor-fake b/lib/nova_plugins/hypervisor-fake
index 2434dce..f9b95c1 100644
--- a/lib/nova_plugins/hypervisor-fake
+++ b/lib/nova_plugins/hypervisor-fake
@@ -36,7 +36,7 @@
# configure_nova_hypervisor - Set config files, create data dirs, etc
function configure_nova_hypervisor {
- iniset $NOVA_CONF DEFAULT compute_driver "nova.virt.fake.FakeDriver"
+ iniset $NOVA_CONF DEFAULT compute_driver "fake.FakeDriver"
# Disable arbitrary limits
iniset $NOVA_CONF DEFAULT quota_instances -1
iniset $NOVA_CONF DEFAULT quota_cores -1
@@ -45,7 +45,7 @@
iniset $NOVA_CONF DEFAULT quota_fixed_ips -1
iniset $NOVA_CONF DEFAULT quota_metadata_items -1
iniset $NOVA_CONF DEFAULT quota_injected_files -1
- iniset $NOVA_CONF DEFAULT quota_injected_file_path_bytes -1
+ iniset $NOVA_CONF DEFAULT quota_injected_file_path_length -1
iniset $NOVA_CONF DEFAULT quota_security_groups -1
iniset $NOVA_CONF DEFAULT quota_security_group_rules -1
iniset $NOVA_CONF DEFAULT quota_key_pairs -1
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index c40427c..7ffd14d 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -45,11 +45,13 @@
iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
# ironic section
- iniset $NOVA_CONF ironic admin_username admin
- iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
- iniset $NOVA_CONF ironic admin_tenant_name demo
- iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
+ iniset $NOVA_CONF ironic auth_type password
+ iniset $NOVA_CONF ironic username admin
+ iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
+ iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI/v3
+ iniset $NOVA_CONF ironic project_domain_id default
+ iniset $NOVA_CONF ironic user_domain_id default
+ iniset $NOVA_CONF ironic project_name demo
}
# install_nova_hypervisor() - Install external components
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 1b4f7ae..167ab6f 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -40,7 +40,8 @@
configure_libvirt
iniset $NOVA_CONF libvirt virt_type "$LIBVIRT_TYPE"
iniset $NOVA_CONF libvirt cpu_mode "none"
- iniset $NOVA_CONF libvirt use_usb_tablet "False"
+ # Do not enable USB tablet input devices to avoid QEMU CPU overhead.
+ iniset $NOVA_CONF DEFAULT pointer_model "ps2mouse"
iniset $NOVA_CONF libvirt live_migration_uri "qemu+ssh://$STACK_USER@%s/system"
iniset $NOVA_CONF DEFAULT default_ephemeral_format "ext4"
iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
@@ -55,11 +56,16 @@
if is_arch "aarch64"; then
# arm64 architecture currently does not support graphical consoles.
iniset $NOVA_CONF vnc enabled "false"
+ iniset $NOVA_CONF libvirt cpu_mode "host-passthrough"
fi
- # File injection is being disabled by default in the near future -
- # disable it here for now to avoid surprises later.
- iniset $NOVA_CONF libvirt inject_partition '-2'
+ if isset ENABLE_FILE_INJECTION; then
+ if [ "$ENABLE_FILE_INJECTION" == "True" ]; then
+ # -1 means use libguestfs to inspect the guest OS image for the
+ # root partition to use for file injection.
+ iniset $NOVA_CONF libvirt inject_partition '-1'
+ fi
+ fi
if [[ "$LIBVIRT_TYPE" = "parallels" ]]; then
iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
@@ -68,6 +74,12 @@
iniset $NOVA_CONF vnc vncserver_proxyclient_address $HOST_IP
iniset $NOVA_CONF vnc vncserver_listen $HOST_IP
iniset $NOVA_CONF vnc keymap
+ elif [[ "$NOVA_BACKEND" == "LVM" ]]; then
+ iniset $NOVA_CONF libvirt images_type "lvm"
+ iniset $NOVA_CONF libvirt images_volume_group $DEFAULT_VOLUME_GROUP_NAME
+ if isset LVM_VOLUME_CLEAR; then
+ iniset $NOVA_CONF libvirt volume_clear "$LVM_VOLUME_CLEAR"
+ fi
fi
}
@@ -89,6 +101,14 @@
yum_install libcgroup-tools
fi
fi
+
+ if [[ "$ENABLE_FILE_INJECTION" == "True" ]] ; then
+ if is_ubuntu; then
+ install_package python-guestfs
+ elif is_fedora || is_suse; then
+ install_package python-libguestfs
+ fi
+ fi
}
# start_nova_hypervisor - Start any required external services
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index 3eb9149..e5d25da 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -24,12 +24,11 @@
# Defaults
# --------
-PUBLIC_INTERFACE_DEFAULT=eth2
-GUEST_INTERFACE_DEFAULT=eth1
# Allow ``build_domU.sh`` to specify the flat network bridge via kernel args
FLAT_NETWORK_BRIDGE_DEFAULT=$(sed -e 's/.* flat_network_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
if is_service_enabled neutron; then
- XEN_INTEGRATION_BRIDGE=$(sed -e 's/.* xen_integration_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
+ XEN_INTEGRATION_BRIDGE_DEFAULT=$(sed -e 's/.* xen_integration_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
+ XEN_INTEGRATION_BRIDGE=${XEN_INTEGRATION_BRIDGE:-$XEN_INTEGRATION_BRIDGE_DEFAULT}
fi
VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=169.254.0.1}
@@ -88,6 +87,7 @@
cat $TOP_DIR/tools/xen/functions
echo "create_directory_for_images"
echo "create_directory_for_kernels"
+ echo "install_conntrack_tools"
} | $ssh_dom0
}
diff --git a/lib/os_brick b/lib/os_brick
new file mode 100644
index 0000000..d1cca4a
--- /dev/null
+++ b/lib/os_brick
@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+# lib/os_brick
+# Install **os-brick** python module from source
+
+# Dependencies:
+#
+# - functions
+# - DEST, DATA_DIR must be defined
+
+# stack.sh
+# ---------
+# - install_os_brick
+
+# Save trace setting
+_XTRACE_OS_BRICK=$(set +o | grep xtrace)
+set +o xtrace
+
+
+GITDIR["os-brick"]=$DEST/os-brick
+
+# Install os_brick from git only if requested, otherwise it will be pulled from
+# pip repositories by requirements of projects that need it.
+function install_os_brick {
+ if use_library_from_git "os-brick"; then
+ git_clone_by_name "os-brick"
+ setup_dev_lib "os-brick"
+ fi
+}
+
+# Restore xtrace
+$_XTRACE_OS_BRICK
\ No newline at end of file
diff --git a/lib/oslo b/lib/oslo
index 1773da2..e34e48a 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -26,6 +26,8 @@
GITDIR["cliff"]=$DEST/cliff
GITDIR["debtcollector"]=$DEST/debtcollector
GITDIR["futurist"]=$DEST/futurist
+GITDIR["os-client-config"]=$DEST/os-client-config
+GITDIR["osc-lib"]=$DEST/osc-lib
GITDIR["oslo.cache"]=$DEST/oslo.cache
GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
GITDIR["oslo.config"]=$DEST/oslo.config
@@ -71,6 +73,8 @@
_do_install_oslo_lib "cliff"
_do_install_oslo_lib "debtcollector"
_do_install_oslo_lib "futurist"
+ _do_install_oslo_lib "osc-lib"
+ _do_install_oslo_lib "os-client-config"
_do_install_oslo_lib "oslo.cache"
_do_install_oslo_lib "oslo.concurrency"
_do_install_oslo_lib "oslo.config"
diff --git a/lib/placement b/lib/placement
new file mode 100644
index 0000000..165c670
--- /dev/null
+++ b/lib/placement
@@ -0,0 +1,193 @@
+#!/bin/bash
+#
+# lib/placement
+# Functions to control the configuration and operation of the **Placement** service
+#
+# Currently the placement service is embedded in nova. Eventually we
+# expect this to change so this file is started as a separate entity
+# despite making use of some *NOVA* variables and files.
+
+# Dependencies:
+#
+# - ``functions`` file
+# - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
+# - ``FILES``
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - install_placement
+# - cleanup_placement
+# - configure_placement
+# - init_placement
+# - start_placement
+# - stop_placement
+
+# Save trace setting
+_XTRACE_LIB_PLACEMENT=$(set +o | grep xtrace)
+set +o xtrace
+
+# Defaults
+# --------
+
+PLACEMENT_CONF_DIR=/etc/nova
+PLACEMENT_CONF=$PLACEMENT_CONF_DIR/nova.conf
+PLACEMENT_AUTH_STRATEGY=${PLACEMENT_AUTH_STRATEGY:-placement}
+
+
+# The placement service can optionally use a separate database
+# connection. Set PLACEMENT_DB_ENABLED to True to use it.
+# NOTE(cdent): This functionality depends on some code that is not
+# yet merged in nova but is coming soon.
+PLACEMENT_DB_ENABLED=$(trueorfalse False PLACEMENT_DB_ENABLED)
+
+if is_ssl_enabled_service "placement-api" || is_service_enabled tls-proxy; then
+ PLACEMENT_SERVICE_PROTOCOL="https"
+fi
+
+# Public facing bits
+PLACEMENT_SERVICE_PROTOCOL=${PLACEMENT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+PLACEMENT_SERVICE_HOST=${PLACEMENT_SERVICE_HOST:-$SERVICE_HOST}
+PLACEMENT_SERVICE_PORT=${PLACEMENT_SERVICE_PORT:-8778}
+
+# Functions
+# ---------
+
+# Test if any placement services are enabled
+# is_placement_enabled
+function is_placement_enabled {
+ [[ ,${ENABLED_SERVICES} =~ ,"placement-" ]] && return 0
+ return 1
+}
+
+# cleanup_placement() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_placement {
+ sudo rm -f $(apache_site_config_for placement-api)
+}
+
+# _config_placement_apache_wsgi() - Set WSGI config files
+function _config_placement_apache_wsgi {
+ local placement_api_apache_conf
+ local placement_api_port=$PLACEMENT_SERVICE_PORT
+ local venv_path=""
+ local nova_bin_dir=""
+ nova_bin_dir=$(get_python_exec_prefix)
+ placement_api_apache_conf=$(apache_site_config_for placement-api)
+
+ # reuse nova's cert if a cert is being used
+ if is_ssl_enabled_service "placement-api"; then
+ placement_ssl="SSLEngine On"
+ placement_certfile="SSLCertificateFile $NOVA_SSL_CERT"
+ placement_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
+ fi
+ # reuse nova's venv if there is one as placement code lives
+ # there
+ if [[ ${USE_VENV} = True ]]; then
+ venv_path="python-path=${PROJECT_VENV["nova"]}/lib/$(python_version)/site-packages"
+ nova_bin_dir=${PROJECT_VENV["nova"]}/bin
+ fi
+
+ sudo cp $FILES/apache-placement-api.template $placement_api_apache_conf
+ sudo sed -e "
+ s|%PUBLICPORT%|$placement_api_port|g;
+ s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%PUBLICWSGI%|$nova_bin_dir/nova-placement-api|g;
+ s|%SSLENGINE%|$placement_ssl|g;
+ s|%SSLCERTFILE%|$placement_certfile|g;
+ s|%SSLKEYFILE%|$placement_keyfile|g;
+ s|%USER%|$STACK_USER|g;
+ s|%VIRTUALENV%|$venv_path|g
+ s|%APIWORKERS%|$API_WORKERS|g
+ " -i $placement_api_apache_conf
+}
+
+# configure_placement() - Set config files, create data dirs, etc
+function configure_placement {
+ if [ "$PLACEMENT_DB_ENABLED" != False ]; then
+ iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement`
+ fi
+
+ iniset $NOVA_CONF placement auth_type "password"
+ iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NOVA_CONF placement username placement
+ iniset $NOVA_CONF placement password "$SERVICE_PASSWORD"
+ iniset $NOVA_CONF placement user_domain_name "Default"
+ iniset $NOVA_CONF placement project_name "$SERVICE_TENANT_NAME"
+ iniset $NOVA_CONF placement project_domain_name "Default"
+ iniset $NOVA_CONF placement os_region_name "$REGION_NAME"
+ # TODO(cdent): auth_strategy, which is common to see in these
+ # blocks is not currently used here. For the time being the
+ # placement api uses the auth_strategy configuration setting
+ # established by the nova api. This avoids, for the time, being,
+ # creating redundant configuration items that are just used for
+ # testing.
+
+ _config_placement_apache_wsgi
+}
+
+# create_placement_accounts() - Set up required placement accounts
+# and service and endpoints.
+function create_placement_accounts {
+ create_service_user "placement" "admin"
+ local placement_api_url="$PLACEMENT_SERVICE_PROTOCOL://$PLACEMENT_SERVICE_HOST/placement"
+ get_or_create_service "placement" "placement" "Placement Service"
+ get_or_create_endpoint \
+ "placement" \
+ "$REGION_NAME" \
+ "$placement_api_url" \
+ "$placement_api_url" \
+ "$placement_api_url"
+}
+
+# init_placement() - Create service user and endpoints
+# If PLACEMENT_DB_ENABLED is true, create the separate placement db
+# using, for now, the api_db migrations.
+function init_placement {
+ if [ "$PLACEMENT_DB_ENABLED" != False ]; then
+ recreate_database placement
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
+ fi
+ create_placement_accounts
+}
+
+# install_placement() - Collect source and prepare
+function install_placement {
+ install_apache_wsgi
+ if is_ssl_enabled_service "placement-api"; then
+ enable_mod_ssl
+ fi
+}
+
+# start_placement_api() - Start the API processes ahead of other things
+function start_placement_api {
+ # Get right service port for testing
+ local service_port=$PLACEMENT_SERVICE_PORT
+ local placement_api_port=$PLACEMENT_SERVICE_PORT
+
+ enable_apache_site placement-api
+ restart_apache_server
+ tail_log placement-api /var/log/$APACHE_NAME/placement-api.log
+
+ echo "Waiting for placement-api to start..."
+ if ! wait_for_service $SERVICE_TIMEOUT $PLACEMENT_SERVICE_PROTOCOL://$PLACEMENT_SERVICE_HOST/placement; then
+ die $LINENO "placement-api did not start"
+ fi
+}
+
+function start_placement {
+ start_placement_api
+}
+
+# stop_placement() - Disable the api service and stop it.
+function stop_placement {
+ disable_apache_site placement-api
+ restart_apache_server
+}
+
+# Restore xtrace
+$_XTRACE_LIB_PLACEMENT
+
+# Tell emacs to use shell-script-mode
+## Local variables:
+## mode: shell-script
+## End:
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 05e303e..97b1aa4 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -24,6 +24,8 @@
_XTRACE_RPC_BACKEND=$(set +o | grep xtrace)
set +o xtrace
+RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
+
# Functions
# ---------
@@ -104,8 +106,9 @@
# builds transport url string
function get_transport_url {
+ local virtual_host=$1
if is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
- echo "rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672/"
+ echo "rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672/$virtual_host"
fi
}
@@ -114,11 +117,9 @@
local package=$1
local file=$2
local section=${3:-DEFAULT}
+ local virtual_host=$4
if is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
- iniset $file $section rpc_backend "rabbit"
- iniset $file oslo_messaging_rabbit rabbit_hosts $RABBIT_HOST
- iniset $file oslo_messaging_rabbit rabbit_password $RABBIT_PASSWORD
- iniset $file oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
+ iniset $file $section transport_url $(get_transport_url "$virtual_host")
if [ -n "$RABBIT_HEARTBEAT_TIMEOUT_THRESHOLD" ]; then
iniset $file oslo_messaging_rabbit heartbeat_timeout_threshold $RABBIT_HEARTBEAT_TIMEOUT_THRESHOLD
fi
diff --git a/lib/swift b/lib/swift
index 8cb94ef..f9ea028 100644
--- a/lib/swift
+++ b/lib/swift
@@ -428,6 +428,7 @@
sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server allow_account_management true
# Configure Crossdomain
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
@@ -457,9 +458,7 @@
cat <<EOF >>${SWIFT_CONFIG_PROXY_SERVER}
[filter:s3token]
paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_port = ${KEYSTONE_AUTH_PORT}
-auth_host = ${KEYSTONE_AUTH_HOST}
-auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
+auth_uri = ${KEYSTONE_AUTH_URI}
cafile = ${SSL_BUNDLE_FILE}
admin_user = swift
admin_tenant_name = ${SERVICE_PROJECT_NAME}
@@ -807,7 +806,7 @@
done
if is_service_enabled tls-proxy; then
local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
- start_tls_proxy '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT &
+ start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
fi
run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
diff --git a/lib/tempest b/lib/tempest
index 46dc1f8..0d01843 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -15,8 +15,6 @@
# - ``SERVICE_HOST``
# - ``BASE_SQL_CONN`` ``lib/database`` declares
# - ``PUBLIC_NETWORK_NAME``
-# - ``Q_ROUTER_NAME``
-# - ``Q_L3_ENABLED``
# - ``VIRT_DRIVER``
# - ``LIBVIRT_TYPE``
# - ``KEYSTONE_SERVICE_PROTOCOL``, ``KEYSTONE_SERVICE_HOST`` from lib/keystone
@@ -45,8 +43,6 @@
# --------
# Set up default directories
-GITDIR["tempest-lib"]=$DEST/tempest-lib
-
TEMPEST_DIR=$DEST/tempest
TEMPEST_CONFIG_DIR=${TEMPEST_CONFIG_DIR:-$TEMPEST_DIR/etc}
TEMPEST_CONFIG=$TEMPEST_CONFIG_DIR/tempest.conf
@@ -66,6 +62,10 @@
# have tempest installed in DevStack by default.
INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"}
+# This variable is passed directly to pip install inside the common tox venv
+# that is created
+TEMPEST_PLUGINS=${TEMPEST_PLUGINS:-0}
+
# Cinder/Volume variables
TEMPEST_VOLUME_DRIVER=${TEMPEST_VOLUME_DRIVER:-default}
TEMPEST_DEFAULT_VOLUME_VENDOR="Open Source"
@@ -182,8 +182,6 @@
local admin_username=${ADMIN_USERNAME:-admin}
local admin_project_name=${ADMIN_TENANT_NAME:-admin}
local admin_domain_name=${ADMIN_DOMAIN_NAME:-Default}
- local tempest_username=${TEMPEST_USERNAME:-demo}
- local tempest_project_name=${TEMPEST_TENANT_NAME:-demo}
local alt_username=${ALT_USERNAME:-alt_demo}
local alt_project_name=${ALT_TENANT_NAME:-alt_demo}
local admin_project_id
@@ -237,9 +235,13 @@
fi
fi
+ iniset $TEMPEST_CONFIG network project_network_cidr $FIXED_RANGE
+
ssh_connect_method=${TEMPEST_SSH_CONNECT_METHOD:-$ssh_connect_method}
- if [ "$Q_L3_ENABLED" = "True" ]; then
+ # the public network (for floating ip access) is only available
+ # if the extension is enabled.
+ if is_networking_extension_supported 'external-net'; then
public_network_id=$(neutron net-list | grep $PUBLIC_NETWORK_NAME | \
awk '{print $2}')
fi
@@ -260,6 +262,8 @@
# Identity
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
+ # Use domain scoped tokens for admin v3 tests, v3 dynamic credentials of v3 account generation
+ iniset $TEMPEST_CONFIG identity admin_domain_scope True
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
iniset $TEMPEST_CONFIG auth admin_username $admin_username
iniset $TEMPEST_CONFIG auth admin_password "$password"
@@ -280,6 +284,10 @@
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
fi
+ # Identity Features
+ # TODO(rodrigods): Remove the reseller flag when Kilo and Liberty are end of life.
+ iniset $TEMPEST_CONFIG identity-feature-enabled reseller True
+
# Image
# We want to be able to override this variable in the gate to avoid
# doing an external HTTP fetch for this test.
@@ -288,10 +296,14 @@
fi
if [ "$VIRT_DRIVER" = "xenserver" ]; then
iniset $TEMPEST_CONFIG image disk_formats "ami,ari,aki,vhd,raw,iso"
+ iniset $TEMPEST_CONFIG scenario img_disk_format vhd
fi
# Image Features
iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image True
+ if [ "$GLANCE_V1_ENABLED" != "True" ]; then
+ iniset $TEMPEST_CONFIG image-feature-enabled api_v1 False
+ fi
# Compute
iniset $TEMPEST_CONFIG compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED
@@ -304,7 +316,7 @@
# set the equiv validation option here as well to ensure they are
# in sync. They shouldn't be separate options.
iniset $TEMPEST_CONFIG validation connect_method $ssh_connect_method
- if [[ ! $(is_service_enabled n-cell) && ! $(is_service_enabled neutron) ]]; then
+ if ! is_service_enabled n-cell && ! is_service_enabled neutron; then
iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
fi
@@ -331,29 +343,24 @@
tempest_compute_max_microversion=None
fi
if [ "$tempest_compute_min_microversion" == "None" ]; then
- inicomment $TEMPEST_CONFIG compute-feature-enabled min_microversion
+ inicomment $TEMPEST_CONFIG compute min_microversion
else
- iniset $TEMPEST_CONFIG compute-feature-enabled min_microversion $tempest_compute_min_microversion
+ iniset $TEMPEST_CONFIG compute min_microversion $tempest_compute_min_microversion
fi
if [ "$tempest_compute_max_microversion" == "None" ]; then
- inicomment $TEMPEST_CONFIG compute-feature-enabled max_microversion
+ inicomment $TEMPEST_CONFIG compute max_microversion
else
- iniset $TEMPEST_CONFIG compute-feature-enabled max_microversion $tempest_compute_max_microversion
+ iniset $TEMPEST_CONFIG compute max_microversion $tempest_compute_max_microversion
fi
+ # TODO(mriedem): Remove allow_port_security_disabled after liberty-eol.
+ iniset $TEMPEST_CONFIG compute-feature-enabled allow_port_security_disabled True
+ iniset $TEMPEST_CONFIG compute-feature-enabled personality ${ENABLE_FILE_INJECTION:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled resize True
iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False}
- # TODO(mriedem): Remove the preserve_ports flag when Juno is end of life.
- iniset $TEMPEST_CONFIG compute-feature-enabled preserve_ports True
- # TODO(gilliard): Remove the live_migrate_paused_instances flag when Juno is end of life.
- iniset $TEMPEST_CONFIG compute-feature-enabled live_migrate_paused_instances True
iniset $TEMPEST_CONFIG compute-feature-enabled attach_encrypted_volume ${ATTACH_ENCRYPTED_VOLUME_AVAILABLE:-True}
- # TODO(mriedem): Remove this when kilo-eol happens since the
- # neutron.allow_duplicate_networks option was removed from nova in Liberty
- # and is now the default behavior.
- iniset $TEMPEST_CONFIG compute-feature-enabled allow_duplicate_networks ${NOVA_ALLOW_DUPLICATE_NETWORKS:-True}
if is_service_enabled n-cell; then
# Cells doesn't support shelving/unshelving
iniset $TEMPEST_CONFIG compute-feature-enabled shelve False
@@ -374,12 +381,13 @@
# Network
iniset $TEMPEST_CONFIG network api_version 2.0
- iniset $TEMPEST_CONFIG network tenant_networks_reachable false
+ iniset $TEMPEST_CONFIG network project_networks_reachable false
iniset $TEMPEST_CONFIG network public_network_id "$public_network_id"
iniset $TEMPEST_CONFIG network public_router_id "$public_router_id"
iniset $TEMPEST_CONFIG network default_network "$FIXED_RANGE"
iniset $TEMPEST_CONFIG network-feature-enabled ipv6 "$IPV6_ENABLED"
iniset $TEMPEST_CONFIG network-feature-enabled ipv6_subnet_attributes "$IPV6_SUBNET_ATTRIBUTES_ENABLED"
+ iniset $TEMPEST_CONFIG network-feature-enabled port_security $NEUTRON_PORT_SECURITY
# Orchestration Tests
if is_service_enabled heat; then
@@ -412,9 +420,6 @@
iniset $TEMPEST_CONFIG scenario aki_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-vmlinuz"
iniset $TEMPEST_CONFIG scenario img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img"
- # Large Ops Number
- iniset $TEMPEST_CONFIG scenario large_ops_number ${TEMPEST_LARGE_OPS_NUMBER:-0}
-
# Telemetry
iniset $TEMPEST_CONFIG telemetry-feature-enabled events "True"
@@ -426,27 +431,51 @@
iniset $TEMPEST_CONFIG validation network_for_ssh $PRIVATE_NETWORK_NAME
# Volume
- # TODO(obutenko): Remove the incremental_backup_force flag when Kilo and Juno is end of life.
- iniset $TEMPEST_CONFIG volume-feature-enabled incremental_backup_force True
+ # TODO(obutenko): Remove snapshot_backup when liberty-eol happens.
+ iniset $TEMPEST_CONFIG volume-feature-enabled snapshot_backup True
# TODO(ynesenenko): Remove the volume_services flag when Liberty and Kilo will correct work with host info.
iniset $TEMPEST_CONFIG volume-feature-enabled volume_services True
# TODO(ameade): Remove the api_v3 flag when Mitaka and Liberty are end of life.
iniset $TEMPEST_CONFIG volume-feature-enabled api_v3 True
+ local tempest_volume_min_microversion=${TEMPEST_VOLUME_MIN_MICROVERSION:-None}
+ local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"latest"}
+ if [ "$tempest_volume_min_microversion" == "None" ]; then
+ inicomment $TEMPEST_CONFIG volume min_microversion
+ else
+ iniset $TEMPEST_CONFIG volume min_microversion $tempest_volume_min_microversion
+ fi
+
+ if [ "$tempest_volume_max_microversion" == "None" ]; then
+ inicomment $TEMPEST_CONFIG volume max_microversion
+ else
+ iniset $TEMPEST_CONFIG volume max_microversion $tempest_volume_max_microversion
+ fi
if ! is_service_enabled c-bak; then
iniset $TEMPEST_CONFIG volume-feature-enabled backup False
fi
# Using ``CINDER_ENABLED_BACKENDS``
+ # Cinder uses a comma separated list with "type:backend_name":
+ # CINDER_ENABLED_BACKENDS = ceph:cephBE1,lvm:lvmBE2,foo:my_foo
if [[ -n "$CINDER_ENABLED_BACKENDS" ]] && [[ $CINDER_ENABLED_BACKENDS =~ .*,.* ]]; then
+ # We have at least 2 backends
iniset $TEMPEST_CONFIG volume-feature-enabled multi_backend "True"
- local i=1
+ local add_comma_seperator=0
+ local backends_list=''
local be
+ # Tempest uses a comma separated list of backend_names:
+ # backend_names = BACKEND_1,BACKEND_2
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
- local be_name=${be##*:}
- iniset $TEMPEST_CONFIG volume "backend${i}_name" "$be_name"
- i=$(( i + 1 ))
+ if [ "$add_comma_seperator" -eq "1" ]; then
+ backends_list+=,${be##*:}
+ else
+ # first element in the list
+ backends_list+=${be##*:}
+ add_comma_seperator=1
+ fi
done
+ iniset $TEMPEST_CONFIG volume "backend_names" "$backends_list"
fi
if [ $TEMPEST_VOLUME_DRIVER != "default" -o \
@@ -469,6 +498,7 @@
iniset $TEMPEST_CONFIG baremetal driver_enabled True
iniset $TEMPEST_CONFIG baremetal unprovision_timeout $BUILD_TIMEOUT
iniset $TEMPEST_CONFIG baremetal active_timeout $BUILD_TIMEOUT
+ iniset $TEMPEST_CONFIG baremetal deploywait_timeout $BUILD_TIMEOUT
iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES
iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID
iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
@@ -521,17 +551,17 @@
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
if [[ "$OFFLINE" != "True" ]]; then
- tox -revenv --notest
+ tox -revenv-tempest --notest
fi
- tox -evenv -- pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
+ tox -evenv-tempest -- pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
# Auth:
iniset $TEMPEST_CONFIG auth tempest_roles "Member"
if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
- tox -evenv -- tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_project_name -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
+ tox -evenv-tempest -- tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_project_name -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
else
- tox -evenv -- tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_project_name -r $TEMPEST_CONCURRENCY etc/accounts.yaml
+ tox -evenv-tempest -- tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_project_name -r $TEMPEST_CONCURRENCY etc/accounts.yaml
fi
iniset $TEMPEST_CONFIG auth use_dynamic_credentials False
iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
@@ -546,16 +576,14 @@
# Run ``verify_tempest_config -ur`` to retrieve enabled extensions on API endpoints
# NOTE(mtreinish): This must be done after auth settings are added to the tempest config
tox -evenv -- tempest verify-config -uro $tmp_cfg_file
- # Nova API extensions
- local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
- if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then
- # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
- compute_api_extensions=${COMPUTE_API_EXTENSIONS:-$(iniget $tmp_cfg_file compute-feature-enabled api_extensions | tr -d " ")}
- # Remove disabled extensions
- compute_api_extensions=$(remove_disabled_extensions $compute_api_extensions $DISABLE_COMPUTE_API_EXTENSIONS)
- fi
- iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions $compute_api_extensions
+
# Neutron API Extensions
+
+ # disable metering if we didn't enable the service
+ if ! is_service_enabled q-metering; then
+ DISABLE_NETWORK_API_EXTENSIONS+=", metering"
+ fi
+
local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"}
if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
@@ -587,20 +615,6 @@
IFS=$ifs
}
-
-# install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
-function install_tempest_lib {
- if use_library_from_git "tempest-lib"; then
- git_clone_by_name "tempest-lib"
- setup_dev_lib "tempest-lib"
- # NOTE(mtreinish) For testing ``tempest-lib`` from git with Tempest we need to
- # put the git version of ``tempest-lib`` in the Tempest job's tox venv
- export PIP_VIRTUAL_ENV=${PROJECT_VENV["tempest"]}
- setup_dev_lib "tempest-lib"
- unset PIP_VIRTUAL_ENV
- fi
-}
-
# install_tempest() - Collect source and prepare
function install_tempest {
git_clone $TEMPEST_REPO $TEMPEST_DIR $TEMPEST_BRANCH
@@ -610,9 +624,19 @@
# NOTE(mtreinish) Respect constraints in the tempest full venv, things that
# are using a tox job other than full will not be respecting constraints but
# running pip install -U on tempest requirements
- $TEMPEST_DIR/.tox/full/bin/pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
- PROJECT_VENV["tempest"]=${TEMPEST_DIR}/.tox/full
- install_tempest_lib
+ $TEMPEST_DIR/.tox/tempest/bin/pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
+ PROJECT_VENV["tempest"]=${TEMPEST_DIR}/.tox/tempest
+ popd
+}
+
+# install_tempest_plugins() - Install any specified plugins into the tempest venv
+function install_tempest_plugins {
+ pushd $TEMPEST_DIR
+ if [[ $TEMPEST_PLUGINS != 0 ]] ; then
+ tox -evenv-tempest -- pip install $TEMPEST_PLUGINS
+ echo "Checking installed Tempest plugins:"
+ tox -evenv-tempest -- tempest list-plugins
+ fi
popd
}
diff --git a/lib/template b/lib/template
index 08d10bb..b92fb40 100644
--- a/lib/template
+++ b/lib/template
@@ -35,8 +35,8 @@
XXX_CONF_DIR=/etc/XXXX
-# Entry Points
-# ------------
+# Functions
+# ---------
# Test if any XXXX services are enabled
# is_XXXX_enabled
@@ -62,6 +62,11 @@
:
}
+# create_XXXX_accounts() - Create required service accounts
+function create_XXXX_accounts {
+ :
+}
+
# init_XXXX() - Initialize databases, etc.
function init_XXXX {
# clean up from previous (possibly aborted) runs
diff --git a/lib/tls b/lib/tls
index ca57ed4..40f3e81 100644
--- a/lib/tls
+++ b/lib/tls
@@ -16,7 +16,6 @@
#
# - configure_CA
# - init_CA
-# - cleanup_CA
# - configure_proxy
# - start_tls_proxy
@@ -221,26 +220,13 @@
fi
}
-# Clean up the CA files
-# cleanup_CA
-function cleanup_CA {
- if is_fedora; then
- sudo rm -f /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem
- sudo update-ca-trust
- elif is_ubuntu; then
- sudo rm -f /usr/local/share/ca-certificates/devstack-int.crt
- sudo rm -f /usr/local/share/ca-certificates/devstack-root.crt
- sudo update-ca-certificates
- fi
-}
-
# Create an initial server cert
# init_cert
function init_cert {
if [[ ! -r $DEVSTACK_CERT ]]; then
if [[ -n "$TLS_IP" ]]; then
# Lie to let incomplete match routines work
- TLS_IP="DNS:$TLS_IP"
+ TLS_IP="DNS:$TLS_IP,IP:$TLS_IP"
fi
make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP"
@@ -263,6 +249,9 @@
else
alt_names="$alt_names,DNS:$SERVICE_HOST"
fi
+ if is_ipv4_address "$SERVICE_HOST" ; then
+ alt_names="$alt_names,IP:$SERVICE_HOST"
+ fi
fi
# Only generate the certificate if it doesn't exist yet on the disk
@@ -336,15 +325,17 @@
create_CA_base $ca_dir
create_CA_config $ca_dir 'Root CA'
- # Create a self-signed certificate valid for 5 years
- $OPENSSL req -config $ca_dir/ca.conf \
- -x509 \
- -nodes \
- -newkey rsa \
- -days 21360 \
- -keyout $ca_dir/private/cacert.key \
- -out $ca_dir/cacert.pem \
- -outform PEM
+ if [ ! -r "$ca_dir/cacert.pem" ]; then
+ # Create a self-signed certificate valid for 5 years
+ $OPENSSL req -config $ca_dir/ca.conf \
+ -x509 \
+ -nodes \
+ -newkey rsa \
+ -days 21360 \
+ -keyout $ca_dir/private/cacert.key \
+ -out $ca_dir/cacert.pem \
+ -outform PEM
+ fi
}
# If a non-system python-requests is installed then it will use the
@@ -455,27 +446,85 @@
# Starts the TLS proxy for the given IP/ports
# start_tls_proxy front-host front-port back-host back-port
function start_tls_proxy {
- local f_host=$1
- local f_port=$2
- local b_host=$3
- local b_port=$4
+ local b_service="$1-tls-proxy"
+ local f_host=$2
+ local f_port=$3
+ local b_host=$4
+ local b_port=$5
- stud $STUD_PROTO -f $f_host,$f_port -b $b_host,$b_port $DEVSTACK_CERT 2>/dev/null
+ local config_file
+ config_file=$(apache_site_config_for $b_service)
+ local listen_string
+ # Default apache configs on ubuntu and centos listen on 80 and 443
+ # newer apache seems fine with duplicate listen directive but older
+ # apache does not so special case 80 and 443.
+ if [[ "$f_port" == "80" ]] || [[ "$f_port" == "443" ]]; then
+ listen_string=""
+ elif [[ "$f_host" == '*' ]] ; then
+ listen_string="Listen $f_port"
+ else
+ listen_string="Listen $f_host:$f_port"
+ fi
+ sudo bash -c "cat >$config_file" << EOF
+$listen_string
+
+<VirtualHost $f_host:$f_port>
+ SSLEngine On
+ SSLCertificateFile $DEVSTACK_CERT
+
+ <Location />
+ ProxyPass http://$b_host:$b_port/ retry=5 nocanon
+ ProxyPassReverse http://$b_host:$b_port/
+ </Location>
+ ErrorLog $APACHE_LOG_DIR/tls-proxy_error.log
+ ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] [frontend\ %A] %M% ,\ referer\ %{Referer}i"
+ LogLevel info
+ CustomLog $APACHE_LOG_DIR/tls-proxy_access.log common
+ LogFormat "%v %h %l %u %t \"%r\" %>s %b"
+</VirtualHost>
+EOF
+ for mod in ssl proxy proxy_http; do
+ enable_apache_mod $mod
+ done
+ enable_apache_site $b_service
+ # Only a reload is required to pull in new vhosts
+ # Note that a restart reliably fails on centos7 and trusty
+ # because apache can't open port 80 because the old apache
+ # still has it open. Using reload fixes trusty but centos7
+ # still doesn't work.
+ reload_apache_server
}
+# Follow TLS proxy
+function follow_tls_proxy {
+ sudo touch /var/log/$APACHE_NAME/tls-proxy_error.log
+ tail_log tls-error /var/log/$APACHE_NAME/tls-proxy_error.log
+ sudo touch /var/log/$APACHE_NAME/tls-proxy_access.log
+ tail_log tls-proxy /var/log/$APACHE_NAME/tls-proxy_access.log
+}
# Cleanup Functions
# =================
-# Stops all stud processes. This should be done only after all services
+# Stops the apache service. This should be done only after all services
# using tls configuration are down.
function stop_tls_proxy {
- killall stud
+ stop_apache_server
}
-# Remove CA along with configuration, as well as the local server certificate
+# Clean up the CA files
+# cleanup_CA
function cleanup_CA {
- rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
+ if is_fedora; then
+ sudo rm -f /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem
+ sudo update-ca-trust
+ elif is_ubuntu; then
+ sudo rm -f /usr/local/share/ca-certificates/devstack-int.crt
+ sudo rm -f /usr/local/share/ca-certificates/devstack-root.crt
+ sudo update-ca-certificates
+ fi
+
+ rm -rf "$INT_CA_DIR" "$ROOT_CA_DIR" "$DEVSTACK_CERT"
}
# Tell emacs to use shell-script-mode
diff --git a/openrc b/openrc
index db2e97d..8d8ae8b 100644
--- a/openrc
+++ b/openrc
@@ -90,6 +90,13 @@
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
+# Currently, in order to use openstackclient with Identity API v3,
+# we need to set the domain which the user and project belong to.
+if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
+ export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
+ export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
+fi
+
# Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 9c4f6f7..856eaff 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -10,7 +10,7 @@
# Package source and version, all pkg files are expected to have
# something like this, as well as a way to override them.
-ELASTICSEARCH_VERSION=${ELASTICSEARCH_VERSION:-1.4.2}
+ELASTICSEARCH_VERSION=${ELASTICSEARCH_VERSION:-1.7.5}
ELASTICSEARCH_BASEURL=${ELASTICSEARCH_BASEURL:-https://download.elasticsearch.org/elasticsearch/elasticsearch}
# Elastic search actual implementation
diff --git a/samples/local.conf b/samples/local.conf
index 06ac185..6d5351f 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -10,7 +10,7 @@
# This is a collection of some of the settings we have found to be useful
# in our DevStack development environments. Additional settings are described
-# in http://devstack.org/local.conf.html
+# in http://docs.openstack.org/developer/devstack/configuration.html#local-conf
# These should be considered as samples and are unsupported DevStack code.
# The ``localrc`` section replaces the old ``localrc`` configuration file.
diff --git a/stack.sh b/stack.sh
index 3de9af2..fab2edd 100755
--- a/stack.sh
+++ b/stack.sh
@@ -27,6 +27,13 @@
# Make sure custom grep options don't get in the way
unset GREP_OPTIONS
+# Sanitize language settings to avoid commands bailing out
+# with "unsupported locale setting" errors.
+unset LANG
+unset LANGUAGE
+LC_ALL=C
+export LC_ALL
+
# Make sure umask is sane
umask 022
@@ -185,7 +192,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (trusty|wily|xenial|7.0|wheezy|sid|testing|jessie|f22|f23|rhel7|kvmibm1) ]]; then
+if [[ ! ${DISTRO} =~ (trusty|xenial|yakkety|7.0|wheezy|sid|testing|jessie|f23|f24|rhel7|kvmibm1) ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
@@ -240,7 +247,6 @@
# see them by forcing ``PATH``
echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
echo "Defaults:$STACK_USER !requiretty" >> $TEMPFILE
-echo "Defaults env_keep += PS4" >> $TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@@ -336,6 +342,13 @@
# to speed things up
SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL)
+# If we have /etc/nodepool/provider assume we're on a OpenStack CI
+# node, where EPEL is already pointing at our internal mirror and RDO
+# is pre-installed.
+if [[ -f /etc/nodepool/provider ]]; then
+ SKIP_EPEL_INSTALL=True
+fi
+
if is_fedora && [[ $DISTRO == "rhel7" ]] && \
[[ ${SKIP_EPEL_INSTALL} != True ]]; then
_install_epel_and_rdo
@@ -556,13 +569,16 @@
source $TOP_DIR/lib/keystone
source $TOP_DIR/lib/glance
source $TOP_DIR/lib/nova
+source $TOP_DIR/lib/placement
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/heat
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
source $TOP_DIR/lib/ldap
source $TOP_DIR/lib/dstat
source $TOP_DIR/lib/dlm
+source $TOP_DIR/lib/os_brick
# Extras Source
# --------------
@@ -648,7 +664,6 @@
# Rabbit connection info
# In multi node DevStack, second node needs ``RABBIT_USERID``, but rabbit
# isn't enabled.
-RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
if is_service_enabled rabbit; then
RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
@@ -789,6 +804,11 @@
install_heatclient
fi
+# Install shared libraries
+if is_service_enabled cinder nova; then
+ install_os_brick
+fi
+
# Install middleware
install_keystonemiddleware
@@ -830,7 +850,6 @@
if is_service_enabled neutron; then
# Network service
stack_install_service neutron
- install_neutron_third_party
fi
if is_service_enabled nova; then
@@ -840,6 +859,13 @@
configure_nova
fi
+if is_service_enabled placement; then
+ # placement api
+ stack_install_service placement
+ cleanup_placement
+ configure_placement
+fi
+
if is_service_enabled horizon; then
# django openstack_auth
install_django_openstack_auth
@@ -967,6 +993,10 @@
fi
screen -r $SCREEN_NAME -X hardstatus alwayslastline "$SCREEN_HARDSTATUS"
screen -r $SCREEN_NAME -X setenv PROMPT_COMMAND /bin/true
+
+ if is_service_enabled tls-proxy; then
+ follow_tls_proxy
+ fi
fi
# Clear ``screenrc`` file
@@ -1026,6 +1056,7 @@
if is_service_enabled tls-proxy; then
echo "export OS_CACERT=$INT_CA_DIR/ca-chain.pem" >> $TOP_DIR/userrc_early
+ start_tls_proxy http-services '*' 443 $SERVICE_HOST 80
fi
source $TOP_DIR/userrc_early
@@ -1075,20 +1106,11 @@
configure_neutron
# Run init_neutron only on the node hosting the Neutron API server
- if is_service_enabled $DATABASE_BACKENDS && is_service_enabled q-svc; then
+ if is_service_enabled $DATABASE_BACKENDS && is_service_enabled neutron; then
init_neutron
fi
fi
-# Some Neutron plugins require network controllers which are not
-# a part of the OpenStack project. Configure and start them.
-if is_service_enabled neutron; then
- configure_neutron_third_party
- init_neutron_third_party
- start_neutron_third_party
-fi
-
-
# Nova
# ----
@@ -1142,7 +1164,7 @@
# Additional Nova configuration that is dependent on other services
if is_service_enabled neutron; then
- create_nova_conf_neutron
+ configure_neutron_nova
elif is_service_enabled n-net; then
create_nova_conf_nova_network
fi
@@ -1150,6 +1172,11 @@
init_nova_cells
fi
+if is_service_enabled placement; then
+ echo_summary "Configuring placement"
+ init_placement
+fi
+
# Extras Configuration
# ====================
@@ -1198,19 +1225,14 @@
echo_summary "Uploading images"
- # Option to upload legacy ami-tty, which works with xenserver
- if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then
- IMAGE_URLS="${IMAGE_URLS:+${IMAGE_URLS},}https://github.com/downloads/citrix-openstack/warehouse/tty.tgz"
- fi
-
for image_url in ${IMAGE_URLS//,/ }; do
upload_image $image_url
done
fi
-# Create a randomized default value for the keymgr's fixed_key
+# Create a randomized default value for the key manager's fixed_key
if is_service_enabled nova; then
- iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32)
+ iniset $NOVA_CONF key_manager fixed_key $(generate_hex_string 32)
fi
# Launch the nova-api and wait for it to answer before continuing
@@ -1219,10 +1241,12 @@
start_nova_api
fi
-if is_service_enabled q-svc; then
+if is_service_enabled neutron-api; then
+ echo_summary "Starting Neutron"
+ start_neutron_api
+elif is_service_enabled q-svc; then
echo_summary "Starting Neutron"
start_neutron_service_and_check
- check_neutron_third_party_integration
elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-net; then
NM_CONF=${NOVA_CONF}
if is_service_enabled n-cell; then
@@ -1240,19 +1264,20 @@
fi
if is_service_enabled neutron; then
- start_neutron_agents
+ start_neutron
fi
# Once neutron agents are started setup initial network elements
-if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then
- echo_summary "Creating initial neutron network elements"
- create_neutron_initial_network
- setup_neutron_debug
-fi
+create_neutron_initial_network
+
if is_service_enabled nova; then
echo_summary "Starting Nova"
start_nova
create_flavors
fi
+if is_service_enabled placement; then
+ echo_summary "Starting Placement"
+ start_placement
+fi
if is_service_enabled cinder; then
echo_summary "Starting Cinder"
start_cinder
@@ -1351,6 +1376,14 @@
check_libs_from_git
+# Configure nova cellsv2
+# ----------------------
+
+# Do this late because it requires compute hosts to have started
+if is_service_enabled n-api && [ "$NOVA_CONFIGURE_CELLSV2" == "True" ]; then
+ create_cell
+fi
+
# Bash completion
# ===============
@@ -1367,6 +1400,12 @@
fi
fi
+# Run test-config
+# ---------------
+
+# Phase: test-config
+run_phase stack test-config
+
# Fin
# ===
diff --git a/stackrc b/stackrc
index 44aa79f..ea8b044 100644
--- a/stackrc
+++ b/stackrc
@@ -7,13 +7,6 @@
[[ -z "$_DEVSTACK_STACKRC" ]] || return 0
declare -r _DEVSTACK_STACKRC=1
-# Sanitize language settings to avoid commands bailing out
-# with "unsupported locale setting" errors.
-unset LANG
-unset LANGUAGE
-LC_ALL=C
-export LC_ALL
-
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
@@ -70,11 +63,13 @@
# Keystone - nothing works without keystone
ENABLED_SERVICES=key
# Nova - services to support libvirt based openstack clouds
- ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-cauth
+ ENABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth
# Glance services needed for Nova
ENABLED_SERVICES+=,g-api,g-reg
# Cinder
ENABLED_SERVICES+=,c-sch,c-api,c-vol
+ # Neutron
+ ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
# Dashboard
ENABLED_SERVICES+=,horizon
# Additional services
@@ -135,12 +130,29 @@
source $RC_DIR/.localrc.auto
fi
+# Default for log coloring is based on interactive-or-not.
+# Baseline assumption is that non-interactive invocations are for CI,
+# where logs are to be presented as browsable text files; hence color
+# codes should be omitted.
+# Simply override LOG_COLOR if your environment is different.
+if [ -t 1 ]; then
+ _LOG_COLOR_DEFAULT=True
+else
+ _LOG_COLOR_DEFAULT=False
+fi
+
# Use color for logging output (only available if syslog is not used)
-LOG_COLOR=$(trueorfalse True LOG_COLOR)
+LOG_COLOR=$(trueorfalse $_LOG_COLOR_DEFAULT LOG_COLOR)
# Make tracing more educational
if [[ "$LOG_COLOR" == "True" ]]; then
- export PS4='+\[$(tput setaf 242)\]$(short_source)\[$(tput sgr0)\] '
+ # tput requires TERM or -T. If neither is present, use vt100, a
+ # no-frills least common denominator supported everywhere.
+ TPUT_T=
+ if ! [ $TERM ]; then
+ TPUT_T='-T vt100'
+ fi
+ export PS4='+\[$(tput '$TPUT_T' setaf 242)\]$(short_source)\[$(tput '$TPUT_T' sgr0)\] '
else
export PS4='+ $(short_source): '
fi
@@ -208,6 +220,9 @@
# ex: LIBS_FROM_GIT=python-keystoneclient,oslo.config
#
# Will install those 2 libraries from git, the rest from pypi.
+#
+# Setting the variable to 'ALL' will activate the download for all
+# libraries.
##############
@@ -244,10 +259,6 @@
NEUTRON_FWAAS_REPO=${NEUTRON_FWAAS_REPO:-${GIT_BASE}/openstack/neutron-fwaas.git}
NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-master}
-# neutron lbaas service
-NEUTRON_LBAAS_REPO=${NEUTRON_LBAAS_REPO:-${GIT_BASE}/openstack/neutron-lbaas.git}
-NEUTRON_LBAAS_BRANCH=${NEUTRON_LBAAS_BRANCH:-master}
-
# compute service
NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git}
NOVA_BRANCH=${NOVA_BRANCH:-master}
@@ -270,10 +281,6 @@
TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git}
TEMPEST_BRANCH=${TEMPEST_BRANCH:-master}
-# TODO(sdague): this should end up as a library component like below
-GITREPO["tempest-lib"]=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git}
-GITBRANCH["tempest-lib"]=${TEMPEST_LIB_BRANCH:-master}
-
##############
#
@@ -286,6 +293,10 @@
GITREPO["python-cinderclient"]=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
GITBRANCH["python-cinderclient"]=${CINDERCLIENT_BRANCH:-master}
+# os-brick client for local volume attachement
+GITREPO["python-brick-cinderclient-ext"]=${BRICK_CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-brick-cinderclient-ext.git}
+GITBRANCH["python-brick-cinderclient-ext"]=${BRICK_CINDERCLIENT_BRANCH:-master}
+
# python glance client library
GITREPO["python-glanceclient"]=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git}
GITBRANCH["python-glanceclient"]=${GLANCECLIENT_BRANCH:-master}
@@ -486,10 +497,19 @@
GITREPO["os-brick"]=${OS_BRICK_REPO:-${GIT_BASE}/openstack/os-brick.git}
GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master}
+# os-client-config to manage clouds.yaml and friends
+GITREPO["os-client-config"]=${OS_CLIENT_CONFIG_REPO:-${GIT_BASE}/openstack/os-client-config.git}
+GITBRANCH["os-client-config"]=${OS_CLIENT_CONFIG_BRANCH:-master}
+GITDIR["os-client-config"]=$DEST/os-client-config
+
# os-vif library to communicate between Neutron to Nova
GITREPO["os-vif"]=${OS_VIF_REPO:-${GIT_BASE}/openstack/os-vif.git}
GITBRANCH["os-vif"]=${OS_VIF_BRANCH:-master}
+# osc-lib OpenStackClient common lib
+GITREPO["osc-lib"]=${OSC_LIB_REPO:-${GIT_BASE}/openstack/osc-lib.git}
+GITBRANCH["osc-lib"]=${OSC_LIB_BRANCH:-master}
+
# ironic common lib
GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git}
GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master}
@@ -566,6 +586,9 @@
LIBVIRT_GROUP=libvirtd
fi
;;
+ lxd)
+ LXD_GROUP=${LXD_GROUP:-"lxd"}
+ ;;
fake)
NUMBER_FAKE_NOVA_COMPUTE=${NUMBER_FAKE_NOVA_COMPUTE:-1}
;;
@@ -690,6 +713,8 @@
PRIVATE_NETWORK_NAME=${PRIVATE_NETWORK_NAME:-"private"}
PUBLIC_NETWORK_NAME=${PUBLIC_NETWORK_NAME:-"public"}
+PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-""}
+
# Set default screen name
SCREEN_NAME=${SCREEN_NAME:-stack}
@@ -753,6 +778,9 @@
HOST_IPV6=$(get_default_host_ip "" "" "$HOST_IP_IFACE" "$HOST_IPV6" "inet6")
+# Whether or not the port_security extension should be enabled for Neutron.
+NEUTRON_PORT_SECURITY=$(trueorfalse True NEUTRON_PORT_SECURITY)
+
# SERVICE IP version
# This is the IP version that services should be listening on, as well
# as using to register their endpoints with keystone.
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index f01db6d..fb55023 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -31,18 +31,18 @@
ALL_LIBS="python-novaclient oslo.config pbr oslo.context"
ALL_LIBS+=" python-keystoneclient taskflow oslo.middleware pycadf"
-ALL_LIBS+=" python-glanceclient python-ironicclient tempest-lib"
+ALL_LIBS+=" python-glanceclient python-ironicclient"
ALL_LIBS+=" oslo.messaging oslo.log cliff python-heatclient stevedore"
ALL_LIBS+=" python-cinderclient glance_store oslo.concurrency oslo.db"
ALL_LIBS+=" oslo.versionedobjects oslo.vmware keystonemiddleware"
ALL_LIBS+=" oslo.serialization django_openstack_auth"
-ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
-ALL_LIBS+=" oslo.utils python-swiftclient"
+ALL_LIBS+=" python-openstackclient osc-lib os-client-config oslo.rootwrap"
+ALL_LIBS+=" oslo.i18n oslo.utils python-swiftclient"
ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
ALL_LIBS+=" oslo.cache oslo.reports osprofiler"
ALL_LIBS+=" keystoneauth ironic-lib neutron-lib oslo.privsep"
-ALL_LIBS+=" diskimage-builder os-vif"
+ALL_LIBS+=" diskimage-builder os-vif python-brick-cinderclient-ext"
# Generate the above list with
# echo ${!GITREPO[@]}
diff --git a/tests/test_localconf.sh b/tests/test_localconf.sh
new file mode 100755
index 0000000..d8075df
--- /dev/null
+++ b/tests/test_localconf.sh
@@ -0,0 +1,475 @@
+#!/usr/bin/env bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# Tests for DevStack INI functions
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+# Import config functions
+source $TOP/inc/ini-config
+
+source $TOP/tests/unittest.sh
+
+echo "Testing INI local.conf functions"
+
+# test that can determine if file has section in specified meta-section
+
+function test_localconf_has_section {
+ local file_localconf
+ local file_conf1
+ local file_conf2
+ file_localconf=`mktemp`
+ file_conf1=`mktemp`
+ file_conf2=`mktemp`
+
+ cat <<- EOF > $file_localconf
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+EOF
+
+ localconf_has_section $file_localconf post-config $file_conf1 conf1_t1
+ assert_equal $? 0
+ localconf_has_section $file_localconf post-config $file_conf1 conf1_t2
+ assert_equal $? 0
+ localconf_has_section $file_localconf post-config $file_conf1 conf1_t3
+ assert_equal $? 0
+ localconf_has_section $file_localconf post-extra $file_conf2 conf2_t1
+ assert_equal $? 0
+ localconf_has_section $file_localconf post-config $file_conf1 conf1_t4
+ assert_equal $? 1
+ localconf_has_section $file_localconf post-install $file_conf1 conf1_t1
+ assert_equal $? 1
+ localconf_has_section $file_localconf local localrc conf1_t2
+ assert_equal $? 1
+ rm -f $file_localconf $file_conf1 $file_conf2
+}
+
+# test that can determine if file has option in specified meta-section and section
+function test_localconf_has_option {
+ local file_localconf
+ local file_conf1
+ local file_conf2
+ file_localconf=`mktemp`
+ file_conf1=`mktemp`
+ file_conf2=`mktemp`
+ cat <<- EOF > $file_localconf
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1 = conf1_t1_val1
+conf1_t1_opt2 = conf1_t1_val2
+conf1_t1_opt3 = conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+EOF
+
+ localconf_has_option $file_localconf local localrc "" LOCALRC_VAR1
+ assert_equal $? 0
+ localconf_has_option $file_localconf local localrc "" LOCALRC_VAR2
+ assert_equal $? 0
+ localconf_has_option $file_localconf local localrc "" LOCALRC_VAR3
+ assert_equal $? 0
+ localconf_has_option $file_localconf post-config $file_conf1 conf1_t1 conf1_t1_opt1
+ assert_equal $? 0
+ localconf_has_option $file_localconf post-config $file_conf1 conf1_t2 conf1_t2_opt2
+ assert_equal $? 0
+ localconf_has_option $file_localconf post-config $file_conf1 conf1_t3 conf1_t3_opt3
+ assert_equal $? 0
+ localconf_has_option $file_localconf post-extra $file_conf2 conf2_t1 conf2_t1_opt2
+ assert_equal $? 0
+ localconf_has_option $file_localconf post-config $file_conf1 conf1_t1_opt4
+ assert_equal $? 1
+ localconf_has_option $file_localconf post-install $file_conf1 conf1_t1_opt1
+ assert_equal $? 1
+ localconf_has_option $file_localconf local localrc conf1_t2 conf1_t2_opt1
+ assert_equal $? 1
+ rm -f $file_localconf $file_conf1 $file_conf2
+}
+
+# test that update option in specified meta-section and section
+function test_localconf_update_option {
+ local file_localconf
+ local file_localconf_expected
+ local file_conf1
+ local file_conf2
+ file_localconf=`mktemp`
+ file_localconf_expected=`mktemp`
+ file_conf1=`mktemp`
+ file_conf2=`mktemp`
+ cat <<- EOF > $file_localconf
+[[local|localrc]]
+LOCALRC_VAR1 = localrc_val1
+LOCALRC_VAR2 = localrc_val2
+LOCALRC_VAR3 = localrc_val3
+
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+EOF
+ cat <<- EOF > $file_localconf_expected
+[[local|localrc]]
+LOCALRC_VAR1 = localrc_val1
+LOCALRC_VAR2 = localrc_val2_update
+LOCALRC_VAR3 = localrc_val3
+
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1_update
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2_update
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3_update
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3_update
+EOF
+
+ localconf_update_option "$SUDO" $file_localconf local localrc "" LOCALRC_VAR2 localrc_val2_update
+ localconf_update_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t1 conf1_t1_opt1 conf1_t1_val1_update
+ localconf_update_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t2 conf1_t2_opt2 conf1_t2_val2_update
+ localconf_update_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t3 conf1_t3_opt3 conf1_t3_val3_update
+ localconf_update_option "$SUDO" $file_localconf post-extra $file_conf2 conf2_t1 conf2_t1_opt3 conf2_t1_val3_update
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ localconf_update_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t2 conf1_t3_opt1 conf1_t3_val1_update
+ localconf_update_option "$SUDO" $file_localconf post-extra $file_conf2 conf2_t1 conf2_t1_opt4 conf2_t1_val4_update
+ localconf_update_option "$SUDO" $file_localconf post-install $file_conf2 conf2_t1 conf2_t1_opt1 conf2_t1_val1_update
+ localconf_update_option "$SUDO" $file_localconf local localrc "" LOCALRC_VAR4 localrc_val4_update
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ rm -f $file_localconf $file_localconf_expected $file_conf1 $file_conf2
+}
+
+# test that add option in specified meta-section and section
+function test_localconf_add_option {
+ local file_localconf
+ local file_localconf_expected
+ local file_conf1
+ local file_conf2
+ file_localconf=`mktemp`
+ file_localconf_expected=`mktemp`
+ file_conf1=`mktemp`
+ file_conf2=`mktemp`
+ cat <<- EOF > $file_localconf
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1 = conf2_t1_val1
+conf2_t1_opt2 = conf2_t1_val2
+conf2_t1_opt3 = conf2_t1_val3
+EOF
+ cat <<- EOF > $file_localconf_expected
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt4 = conf1_t1_val4
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt4 = conf1_t2_val4
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt4 = conf1_t3_val4
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[local|localrc]]
+LOCALRC_VAR4 = localrc_val4
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt4 = conf2_t1_val4
+conf2_t1_opt1 = conf2_t1_val1
+conf2_t1_opt2 = conf2_t1_val2
+conf2_t1_opt3 = conf2_t1_val3
+EOF
+
+ localconf_add_option "$SUDO" $file_localconf local localrc "" LOCALRC_VAR4 localrc_val4
+ localconf_add_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t1 conf1_t1_opt4 conf1_t1_val4
+ localconf_add_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t2 conf1_t2_opt4 conf1_t2_val4
+ localconf_add_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t3 conf1_t3_opt4 conf1_t3_val4
+ localconf_add_option "$SUDO" $file_localconf post-extra $file_conf2 conf2_t1 conf2_t1_opt4 conf2_t1_val4
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ localconf_add_option "$SUDO" $file_localconf local localrc.conf "" LOCALRC_VAR4 localrc_val4_update
+ localconf_add_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t4 conf1_t4_opt1 conf1_t4_val1
+ localconf_add_option "$SUDO" $file_localconf post-extra $file_conf2 conf2_t2 conf2_t2_opt4 conf2_t2_val4
+ localconf_add_option "$SUDO" $file_localconf post-install $file_conf2 conf2_t1 conf2_t1_opt4 conf2_t2_val4
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ rm -f $file_localconf $file_localconf_expected $file_conf1 $file_conf2
+}
+
+# test that add section and option in specified meta-section
+function test_localconf_add_section_and_option {
+ local file_localconf
+ local file_localconf_expected
+ local file_conf1
+ local file_conf2
+ file_localconf=`mktemp`
+ file_localconf_expected=`mktemp`
+ file_conf1=`mktemp`
+ file_conf2=`mktemp`
+ cat <<- EOF > $file_localconf
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+EOF
+ cat <<- EOF > $file_localconf_expected
+[[post-config|$file_conf1]]
+[conf1_t4]
+conf1_t4_opt1 = conf1_t4_val1
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t2]
+conf2_t2_opt1 = conf2_t2_val1
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+EOF
+
+ localconf_add_section_and_option "$SUDO" $file_localconf post-config $file_conf1 conf1_t4 conf1_t4_opt1 conf1_t4_val1
+ localconf_add_section_and_option "$SUDO" $file_localconf post-extra $file_conf2 conf2_t2 conf2_t2_opt1 conf2_t2_val1
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ localconf_add_section_and_option "$SUDO" $file_localconf post-install $file_conf2 conf2_t2 conf2_t2_opt1 conf2_t2_val1
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ rm -f $file_localconf $file_localconf_expected $file_conf1 $file_conf2
+}
+
+# test that add section and option in specified meta-section
+function test_localconf_set {
+ local file_localconf
+ local file_localconf_expected
+ local file_conf1
+ local file_conf2
+ file_localconf=`mktemp`
+ file_localconf_expected=`mktemp`
+ file_conf1=`mktemp`
+ file_conf2=`mktemp`
+ cat <<- EOF > $file_localconf
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2
+LOCALRC_VAR3=localrc_val3
+
+[[post-config|$file_conf1]]
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+EOF
+ cat <<- EOF > $file_localconf_expected
+[[local|localrc]]
+LOCALRC_VAR1=localrc_val1
+LOCALRC_VAR2=localrc_val2_update
+LOCALRC_VAR3=localrc_val3
+
+[[post-config|$file_conf1]]
+[conf1_t4]
+conf1_t4_opt1 = conf1_t4_val1
+[conf1_t1]
+conf1_t1_opt1=conf1_t1_val1
+conf1_t1_opt2=conf1_t1_val2
+conf1_t1_opt3=conf1_t1_val3
+[conf1_t2]
+conf1_t2_opt1=conf1_t2_val1
+conf1_t2_opt2=conf1_t2_val2
+conf1_t2_opt3=conf1_t2_val3
+[conf1_t3]
+conf1_t3_opt1=conf1_t3_val1
+conf1_t3_opt2=conf1_t3_val2
+conf1_t3_opt3=conf1_t3_val3
+
+[[post-extra|$file_conf2]]
+[conf2_t1]
+conf2_t1_opt4 = conf2_t1_val4
+conf2_t1_opt1=conf2_t1_val1
+conf2_t1_opt2=conf2_t1_val2
+conf2_t1_opt3=conf2_t1_val3
+
+[[post-install|/etc/neutron/plugin/ml2/ml2_conf.ini]]
+[ml2]
+ml2_opt1 = ml2_val1
+EOF
+
+ if [[ -n "$SUDO" ]]; then
+ SUDO_ARG="-sudo"
+ else
+ SUDO_ARG=""
+ fi
+ localconf_set $SUDO_ARG $file_localconf post-install /etc/neutron/plugin/ml2/ml2_conf.ini ml2 ml2_opt1 ml2_val1
+ localconf_set $SUDO_ARG $file_localconf local localrc "" LOCALRC_VAR2 localrc_val2_update
+ localconf_set $SUDO_ARG $file_localconf post-config $file_conf1 conf1_t4 conf1_t4_opt1 conf1_t4_val1
+ localconf_set $SUDO_ARG $file_localconf post-extra $file_conf2 conf2_t1 conf2_t1_opt4 conf2_t1_val4
+ result=`cat $file_localconf`
+ result_expected=`cat $file_localconf_expected`
+ assert_equal "$result" "$result_expected"
+ rm -f $file_localconf $file_localconf_expected $file_conf1 $file_conf2
+}
+
+
+test_localconf_has_section
+test_localconf_has_option
+test_localconf_update_option
+test_localconf_add_option
+test_localconf_add_section_and_option
+test_localconf_set
diff --git a/tools/cpu_map_update.py b/tools/cpu_map_update.py
deleted file mode 100755
index 92b7b8f..0000000
--- a/tools/cpu_map_update.py
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/usr/bin/env python
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# This small script updates the libvirt CPU map to add a gate64 cpu model
-# that can be used to enable a common 64bit capable feature set across
-# devstack nodes so that features like nova live migration work.
-
-import sys
-import xml.etree.ElementTree as ET
-from xml.dom import minidom
-
-
-def update_cpu_map(tree):
- root = tree.getroot()
- cpus = root#.find("cpus")
- x86 = None
- for arch in cpus.findall("arch"):
- if arch.get("name") == "x86":
- x86 = arch
- break
- if x86 is not None:
- # Create a gate64 cpu model that is core2duo less monitor, pse36,
- # vme, and ssse3.
- gate64 = ET.SubElement(x86, "model")
- gate64.set("name", "gate64")
- ET.SubElement(gate64, "vendor").set("name", "Intel")
- ET.SubElement(gate64, "feature").set("name", "fpu")
- ET.SubElement(gate64, "feature").set("name", "de")
- ET.SubElement(gate64, "feature").set("name", "pse")
- ET.SubElement(gate64, "feature").set("name", "tsc")
- ET.SubElement(gate64, "feature").set("name", "msr")
- ET.SubElement(gate64, "feature").set("name", "pae")
- ET.SubElement(gate64, "feature").set("name", "mce")
- ET.SubElement(gate64, "feature").set("name", "cx8")
- ET.SubElement(gate64, "feature").set("name", "apic")
- ET.SubElement(gate64, "feature").set("name", "sep")
- ET.SubElement(gate64, "feature").set("name", "pge")
- ET.SubElement(gate64, "feature").set("name", "cmov")
- ET.SubElement(gate64, "feature").set("name", "pat")
- ET.SubElement(gate64, "feature").set("name", "mmx")
- ET.SubElement(gate64, "feature").set("name", "fxsr")
- ET.SubElement(gate64, "feature").set("name", "sse")
- ET.SubElement(gate64, "feature").set("name", "sse2")
- ET.SubElement(gate64, "feature").set("name", "mtrr")
- ET.SubElement(gate64, "feature").set("name", "mca")
- ET.SubElement(gate64, "feature").set("name", "clflush")
- ET.SubElement(gate64, "feature").set("name", "pni")
- ET.SubElement(gate64, "feature").set("name", "nx")
- ET.SubElement(gate64, "feature").set("name", "syscall")
- ET.SubElement(gate64, "feature").set("name", "lm")
-
-
-def format_xml(root):
- # Adapted from http://pymotw.com/2/xml/etree/ElementTree/create.html
- # thank you dhellmann
- rough_string = ET.tostring(root, encoding="UTF-8")
- dom_parsed = minidom.parseString(rough_string)
- return dom_parsed.toprettyxml(" ", encoding="UTF-8")
-
-
-def main():
- if len(sys.argv) != 2:
- raise Exception("Must pass path to cpu_map.xml to update")
- cpu_map = sys.argv[1]
- tree = ET.parse(cpu_map)
- for model in tree.getroot().iter("model"):
- if model.get("name") == "gate64":
- # gate64 model is already present
- return
- update_cpu_map(tree)
- pretty_xml = format_xml(tree.getroot())
- with open(cpu_map, 'w') as f:
- f.write(pretty_xml)
-
-
-if __name__ == "__main__":
- main()
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index a7278e4..30d1a01 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -22,6 +22,9 @@
file=${file#$RC_DIR/}
printf "%-40s " "$file:${called[1]}:${called[0]}"
}
+# PS4 is exported to child shells and uses the 'short_source' function, so
+# export it so child shells have access to the 'short_source' function also.
+export -f short_source
set -o xtrace
@@ -190,7 +193,6 @@
export OS_AUTH_URL="$OS_AUTH_URL"
export OS_CACERT="$OS_CACERT"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
-export OS_AUTH_TYPE=v2password
EOF
if [ -n "$ADDPASS" ]; then
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 193a1f7..4dec95e 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -162,7 +162,11 @@
fi
# The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has
-# connection issues under proxy, hence uninstalling python-virtualenv package
-# and installing the latest version using pip.
-uninstall_package python-virtualenv
-pip_install -U virtualenv
+# connection issues under proxy so re-install the latest version using
+# pip. To avoid having pip's virtualenv overwritten by the distro's
+# package (e.g. due to installing a distro package with a dependency
+# on python-virtualenv), first install the distro python-virtualenv
+# to satisfy any dependencies then use pip to overwrite it.
+
+install_package python-virtualenv
+pip_install -U --force-reinstall virtualenv
diff --git a/tools/generate-devstack-plugins-list.py b/tools/generate-devstack-plugins-list.py
index 089a6ef..56f12e7 100644
--- a/tools/generate-devstack-plugins-list.py
+++ b/tools/generate-devstack-plugins-list.py
@@ -44,16 +44,13 @@
# stackforge, etc)
return proj.startswith('openstack/')
-# Rather than returning a 404 for a nonexistent file, cgit delivers a
-# 0-byte response to a GET request. It also does not provide a
-# Content-Length in a HEAD response, so the way we tell if a file exists
-# is to check the length of the entire GET response body.
+# Check if this project has a plugin file
def has_devstack_plugin(proj):
- r = requests.get("https://git.openstack.org/cgit/%s/plain/devstack/plugin.sh" % proj)
- if len(r.text) > 0:
- return True
- else:
+ # Don't link in the deb packaging repos
+ if "openstack/deb-" in proj:
return False
+ r = requests.get("https://git.openstack.org/cgit/%s/plain/devstack/plugin.sh" % proj)
+ return r.status_code == 200
logging.debug("Getting project list from %s" % url)
r = requests.get(url)
diff --git a/tools/info.sh b/tools/info.sh
index c056fa7..282667f 100755
--- a/tools/info.sh
+++ b/tools/info.sh
@@ -8,7 +8,7 @@
# Output types are git,localrc,os,pip,pkg:
#
# git|<project>|<branch>[<shaq>]
-# localtc|<var>=<value>
+# localrc|<var>=<value>
# os|<var>=<value>
# pip|<package>|<version>
# pkg|<package>|<version>
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index dfa4f42..a5ccb19 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -24,7 +24,20 @@
FILES=$TOP_DIR/files
-PIP_GET_PIP_URL=https://bootstrap.pypa.io/get-pip.py
+# The URL from where the get-pip.py file gets downloaded. If a local
+# get-pip.py mirror is available, PIP_GET_PIP_URL can be set to that
+# mirror in local.conf to avoid download timeouts.
+# Example:
+# PIP_GET_PIP_URL="http://local-server/get-pip.py"
+#
+# Note that if get-pip.py already exists in $FILES this script will
+# not re-download or check for a new version. For example, this is
+# done by openstack-infra diskimage-builder elements as part of image
+# preparation [1]. This prevents any network access, which can be
+# unreliable in CI situations.
+# [1] http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/cache-devstack/source-repository-pip
+
+PIP_GET_PIP_URL=${PIP_GET_PIP_URL:-"https://bootstrap.pypa.io/get-pip.py"}
LOCAL_PIP="$FILES/$(basename $PIP_GET_PIP_URL)"
GetDistro
@@ -116,7 +129,7 @@
# Eradicate any and all system packages
-# Python in f23 and f22 depends on the python-pip package so removing it
+# Python in fedora depends on the python-pip package so removing it
# results in a nonfunctional system. pip on fedora installs to /usr so pip
# can safely override the system pip for all versions of fedora
if ! is_fedora ; then
diff --git a/tools/worlddump.py b/tools/worlddump.py
index 238a23d..e1ef544 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -88,7 +88,8 @@
def _bridge_list():
- process = subprocess.Popen(['ovs-vsctl', 'list-br'], stdout=subprocess.PIPE)
+ process = subprocess.Popen(['sudo', 'ovs-vsctl', 'list-br'],
+ stdout=subprocess.PIPE)
stdout, _ = process.communicate()
return stdout.split()
diff --git a/tools/xen/README.md b/tools/xen/README.md
index 21090e5..7062ecb 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -170,3 +170,9 @@
xe vm-import filename="$mountdir/$TEMPLATE_FILENAME"
umount "$mountdir"
rm -rf "$mountdir"
+
+### Migrate OpenStack DomU to another host
+
+Given you need to migrate your DomU with OpenStack installed to another host,
+you need to set `XEN_INTEGRATION_BRIDGE` in localrc if neutron network is used.
+It is the bridge for `XEN_INT_BRIDGE_OR_NET_NAME` network created in Dom0
diff --git a/tools/xen/functions b/tools/xen/functions
index cf14568..e1864eb 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -305,3 +305,25 @@
xe vm-list name-label="$vm_name_label" params=dom-id minimal=true
}
+
+function install_conntrack_tools {
+ local xs_host
+ local xs_ver_major
+ local centos_ver
+ local conntrack_conf
+ xs_host=$(xe host-list --minimal)
+ xs_ver_major=$(xe host-param-get uuid=$xs_host param-name=software-version param-key=product_version_text_short | cut -d'.' -f 1)
+ if [ $xs_ver_major -gt 6 ]; then
+ # Only support conntrack-tools in Dom0 with XS7.0 and above
+ if [ ! -f /usr/sbin/conntrackd ]; then
+ sed -i s/#baseurl=/baseurl=/g /etc/yum.repos.d/CentOS-Base.repo
+ centos_ver=$(yum version nogroups |grep Installed | cut -d' ' -f 2 | cut -d'.' -f1-2 | tr '-' '.')
+ yum install -y --enablerepo=base --releasever=$centos_ver conntrack-tools
+ # Backup conntrackd.conf after install conntrack-tools, use the one with statistic mode
+ mv /etc/conntrackd/conntrackd.conf /etc/conntrackd/conntrackd.conf.back
+ conntrack_conf=$(find /usr/share/doc -name conntrackd.conf |grep stats)
+ cp $conntrack_conf /etc/conntrackd/conntrackd.conf
+ fi
+ service conntrackd restart
+ fi
+}
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 46ff0b6..66b9eda 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -183,10 +183,8 @@
# Copy the tools DEB to the XS web server
XS_TOOLS_URL="https://github.com/downloads/citrix-openstack/warehouse/xe-guest-utilities_5.6.100-651_amd64.deb"
ISO_DIR="/opt/xensource/packages/iso"
- XS_TOOLS_FILE_NAME="xs-tools.deb"
- XS_TOOLS_PATH="/root/$XS_TOOLS_FILE_NAME"
if [ -e "$ISO_DIR" ]; then
- TOOLS_ISO=$(ls -1 $ISO_DIR/xs-tools-*.iso | head -1)
+ TOOLS_ISO=$(ls -1 $ISO_DIR/*-tools-*.iso | head -1)
TMP_DIR=/tmp/temp.$RANDOM
mkdir -p $TMP_DIR
mount -o loop $TOOLS_ISO $TMP_DIR
@@ -249,7 +247,7 @@
fi
if [ -n "${EXIT_AFTER_JEOS_INSTALLATION:-}" ]; then
- echo "User requested to quit after JEOS instalation"
+ echo "User requested to quit after JEOS installation"
exit 0
fi
@@ -299,10 +297,10 @@
# kernel parameter for DomU
attach_network "$XEN_INT_BRIDGE_OR_NET_NAME"
-XEN_INTEGRATION_BRIDGE=$(bridge_for "$XEN_INT_BRIDGE_OR_NET_NAME")
+XEN_INTEGRATION_BRIDGE_DEFAULT=$(bridge_for "$XEN_INT_BRIDGE_OR_NET_NAME")
append_kernel_cmdline \
"$GUEST_NAME" \
- "xen_integration_bridge=${XEN_INTEGRATION_BRIDGE}"
+ "xen_integration_bridge=${XEN_INTEGRATION_BRIDGE_DEFAULT}"
FLAT_NETWORK_BRIDGE="${FLAT_NETWORK_BRIDGE:-$(bridge_for "$VM_BRIDGE_OR_NET_NAME")}"
append_kernel_cmdline "$GUEST_NAME" "flat_network_bridge=${FLAT_NETWORK_BRIDGE}"
diff --git a/tox.ini b/tox.ini
index dbd1652..55a06d0 100644
--- a/tox.ini
+++ b/tox.ini
@@ -12,7 +12,7 @@
# against devstack, just set BASHATE_INSTALL_PATH=/path/... to your
# modified bashate tree
deps =
- {env:BASHATE_INSTALL_PATH:bashate==0.5.0}
+ {env:BASHATE_INSTALL_PATH:bashate==0.5.1}
whitelist_externals = bash
commands = bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
diff --git a/unstack.sh b/unstack.sh
index 83703ec..f888896 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -63,9 +63,11 @@
source $TOP_DIR/lib/keystone
source $TOP_DIR/lib/glance
source $TOP_DIR/lib/nova
+source $TOP_DIR/lib/placement
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/heat
+source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
source $TOP_DIR/lib/ldap
source $TOP_DIR/lib/dstat
@@ -110,6 +112,10 @@
stop_nova
fi
+if is_service_enabled placement; then
+ stop_placement
+fi
+
if is_service_enabled glance; then
stop_glance
fi
@@ -167,7 +173,6 @@
if is_service_enabled neutron; then
stop_neutron
- stop_neutron_third_party
cleanup_neutron
fi
@@ -184,11 +189,13 @@
fi
fi
-# BUG: maybe it doesn't exist? We should isolate this further down.
# NOTE: Cinder automatically installs the lvm2 package, independently of the
-# enabled backends. So if Cinder is enabled, we are sure lvm (lvremove,
-# /etc/lvm/lvm.conf, etc.) is here.
-if is_service_enabled cinder; then
+# enabled backends. So if Cinder is enabled, and installed successfully we are
+# sure lvm2 (lvremove, /etc/lvm/lvm.conf, etc.) is here.
+if is_service_enabled cinder && is_package_installed lvm2; then
+ # Using /bin/true here indicates a BUG - maybe the
+ # DEFAULT_VOLUME_GROUP_NAME doesn't exist? We should
+ # isolate this further down in lib/cinder cleanup.
clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME || /bin/true
clean_lvm_filter
fi
