Merge "Do not use hardcoded IPv4 localhost value"
diff --git a/.zuul.yaml b/.zuul.yaml
index fc80e6c..067d3f5 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -678,7 +678,6 @@
parent: tempest-full-py3
description: CentOS 9 Stream platform test
nodeset: devstack-single-node-centos-9-stream
- voting: false
timeout: 9000
vars:
configure_swap_size: 4096
@@ -894,6 +893,7 @@
jobs:
- devstack
- devstack-ipv6
+ - devstack-platform-centos-9-stream
- devstack-enforce-scope
- devstack-multinode
- devstack-unit-tests
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 6850553..2e8e8f5 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -75,6 +75,7 @@
openstack/networking-sfc `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
openstack/neutron `https://opendev.org/openstack/neutron <https://opendev.org/openstack/neutron>`__
openstack/neutron-dynamic-routing `https://opendev.org/openstack/neutron-dynamic-routing <https://opendev.org/openstack/neutron-dynamic-routing>`__
+openstack/neutron-fwaas `https://opendev.org/openstack/neutron-fwaas <https://opendev.org/openstack/neutron-fwaas>`__
openstack/neutron-fwaas-dashboard `https://opendev.org/openstack/neutron-fwaas-dashboard <https://opendev.org/openstack/neutron-fwaas-dashboard>`__
openstack/neutron-tempest-plugin `https://opendev.org/openstack/neutron-tempest-plugin <https://opendev.org/openstack/neutron-tempest-plugin>`__
openstack/neutron-vpnaas `https://opendev.org/openstack/neutron-vpnaas <https://opendev.org/openstack/neutron-vpnaas>`__
diff --git a/files/lvm-backing-file.template b/files/lvm-backing-file.template
new file mode 100644
index 0000000..dc519d7
--- /dev/null
+++ b/files/lvm-backing-file.template
@@ -0,0 +1,16 @@
+[Unit]
+Description=Activate LVM backing file %BACKING_FILE%
+DefaultDependencies=no
+After=systemd-udev-settle.service
+Before=lvm2-activation-early.service
+Wants=systemd-udev-settle.service
+
+[Service]
+ExecStart=/sbin/losetup --find --show %DIRECTIO% %BACKING_FILE%
+ExecStop=/bin/sh -c '/sbin/losetup -d $$(/sbin/losetup --associated %BACKING_FILE% -O NAME -n)'
+RemainAfterExit=yes
+Type=oneshot
+
+[Install]
+WantedBy=local-fs.target
+Also=systemd-udev-settle.service
diff --git a/functions-common b/functions-common
index b407ca5..b2cf9d9 100644
--- a/functions-common
+++ b/functions-common
@@ -878,10 +878,10 @@
# Gets domain id
domain_id=$(
# Gets domain id
- openstack domain show $1 \
+ openstack --os-cloud devstack-system-admin domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
- openstack domain create $1 \
+ openstack --os-cloud devstack-system-admin domain create $1 \
--description "$2" \
-f value -c id
)
@@ -896,7 +896,7 @@
# Gets group id
group_id=$(
# Creates new group with --or-show
- openstack group create $1 \
+ openstack --os-cloud devstack-system-admin group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -915,7 +915,7 @@
# Gets user id
user_id=$(
# Creates new user with --or-show
- openstack user create \
+ openstack --os-cloud devstack-system-admin user create \
$1 \
--password "$2" \
--domain=$3 \
@@ -932,7 +932,7 @@
local project_id
project_id=$(
# Creates new project with --or-show
- openstack project create $1 \
+ openstack --os-cloud devstack-system-admin project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -945,7 +945,7 @@
local role_id
role_id=$(
# Creates role with --or-show
- openstack role create $1 \
+ openstack --os-cloud devstack-system-admin role create $1 \
--or-show -f value -c id
)
echo $role_id
@@ -975,7 +975,7 @@
domain_args=$(_get_domain_args $4 $5)
# Gets user role id
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
@@ -983,11 +983,11 @@
| grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--project $3 \
$domain_args
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
@@ -1002,17 +1002,17 @@
function get_or_add_user_domain_role {
local user_role_id
# Gets user role id
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--domain $3
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
@@ -1030,7 +1030,7 @@
domain_args=$(_get_domain_args $4)
# Gets user role id
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--system $3 \
@@ -1038,11 +1038,11 @@
-f value -c Role)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--system $3 \
$domain_args
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--system $3 \
@@ -1057,17 +1057,17 @@
function get_or_add_group_project_role {
local group_role_id
# Gets group role id
- group_role_id=$(openstack role assignment list \
+ group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
-f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--group $2 \
--project $3
- group_role_id=$(openstack role assignment list \
+ group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
@@ -1083,9 +1083,9 @@
# Gets service id
service_id=$(
# Gets service id
- openstack service show $2 -f value -c id 2>/dev/null ||
+ openstack --os-cloud devstack-system-admin service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
- openstack service create \
+ openstack --os-cloud devstack-system-admin service create \
$2 \
--name $1 \
--description="$3" \
@@ -1098,14 +1098,14 @@
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface {
local endpoint_id
- endpoint_id=$(openstack endpoint list \
+ endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 \
--interface $2 \
--region $4 \
-c ID -f value)
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
- endpoint_id=$(openstack endpoint create \
+ endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint create \
$1 $2 $3 --region $4 -f value -c id)
fi
@@ -1139,7 +1139,7 @@
# Get a URL from the identity service
# Usage: get_endpoint_url <service> <interface>
function get_endpoint_url {
- echo $(openstack endpoint list \
+ echo $(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 --interface $2 \
-c URL -f value)
}
diff --git a/lib/glance b/lib/glance
index 4c2755f..b94c06d 100644
--- a/lib/glance
+++ b/lib/glance
@@ -309,13 +309,13 @@
iniset $GLANCE_API_CONF oslo_limit username glance
iniset $GLANCE_API_CONF oslo_limit auth_type password
iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
- iniset $GLANCE_API_CONF oslo_limit system_scope "'all'"
+ iniset $GLANCE_API_CONF oslo_limit system_scope all
iniset $GLANCE_API_CONF oslo_limit endpoint_id \
- $(openstack endpoint list --service glance -f value -c ID)
+ $(openstack --os-cloud devstack-system-admin endpoint list --service glance -f value -c ID)
# Allow the glance service user to read quotas
- openstack role add --user glance --user-domain Default --system all \
- reader
+ openstack --os-cloud devstack-system-admin role add --user glance \
+ --user-domain $SERVICE_DOMAIN_NAME --system all reader
}
# configure_glance() - Set config files, create data dirs, etc
diff --git a/lib/keystone b/lib/keystone
index b953972..a4c8a52 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -124,6 +124,12 @@
# Whether to create a keystone admin endpoint for legacy applications
KEYSTONE_ADMIN_ENDPOINT=$(trueorfalse False KEYSTONE_ADMIN_ENDPOINT)
+# Flag to set the oslo_policy.enforce_scope. This is used to switch
+# the Identity API policies to start checking the scope of token. By Default,
+# this flag is False.
+# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
+KEYSTONE_ENFORCE_SCOPE=$(trueorfalse False KEYSTONE_ENFORCE_SCOPE)
+
# Functions
# ---------
@@ -259,6 +265,11 @@
iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
fi
+ if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+ iniset $KEYSTONE_CONF oslo_policy enforce_scope true
+ iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
+ iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
+ fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
diff --git a/lib/lvm b/lib/lvm
index b826c1b..d3f6bf1 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -53,28 +53,10 @@
sudo vgremove -f $vg
}
-# _clean_lvm_backing_file() removes the backing file of the
-# volume group
-#
-# Usage: _clean_lvm_backing_file() $backing_file
-function _clean_lvm_backing_file {
- local backing_file=$1
-
- # If the backing physical device is a loop device, it was probably setup by DevStack
- if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
- local vg_dev
- vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
- if [[ -n "$vg_dev" ]]; then
- sudo losetup -d $vg_dev
- fi
- rm -f $backing_file
- fi
-}
-
# clean_lvm_volume_group() cleans up the volume group and removes the
# backing file
#
-# Usage: clean_lvm_volume_group $vg
+# Usage: clean_lvm_volume_group() $vg
function clean_lvm_volume_group {
local vg=$1
@@ -83,11 +65,22 @@
# if there is no logical volume left, it's safe to attempt a cleanup
# of the backing file
if [[ -z "$(sudo lvs --noheadings -o lv_name $vg 2>/dev/null)" ]]; then
- _clean_lvm_backing_file $DATA_DIR/$vg$BACKING_FILE_SUFFIX
+ local backing_file=$DATA_DIR/$vg$BACKING_FILE_SUFFIX
+
+ if [[ -n "$vg$BACKING_FILE_SUFFIX" ]] && \
+ [[ -e "/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service" ]]; then
+ sudo systemctl disable --now $vg$BACKING_FILE_SUFFIX.service
+ sudo rm -f /etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service
+ sudo systemctl daemon-reload
+ fi
+
+ # If the backing physical device is a loop device, it was probably setup by DevStack
+ if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
+ rm -f $backing_file
+ fi
fi
}
-
# _create_lvm_volume_group creates default volume group
#
# Usage: _create_lvm_volume_group() $vg $size
@@ -106,8 +99,20 @@
directio="--direct-io=on"
fi
+ # Only create systemd service if it doesn't already exists
+ if [[ ! -e "/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service" ]]; then
+ sed -e "
+ s|%DIRECTIO%|${directio}|g;
+ s|%BACKING_FILE%|${backing_file}|g;
+ " $FILES/lvm-backing-file.template | sudo tee \
+ /etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service
+
+ sudo systemctl daemon-reload
+ sudo systemctl enable --now $vg$BACKING_FILE_SUFFIX.service
+ fi
+
local vg_dev
- vg_dev=$(sudo losetup -f --show $directio $backing_file)
+ vg_dev=$(sudo losetup --associated $backing_file -O NAME -n)
# Only create volume group if it doesn't already exist
if ! sudo vgs $vg; then
diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent
index 09b28b6..927896b 100644
--- a/lib/neutron_plugins/ovn_agent
+++ b/lib/neutron_plugins/ovn_agent
@@ -253,7 +253,12 @@
local testcmd="test -e $OVS_RUNDIR/$service.pid"
test_with_retry "$testcmd" "$service did not start" $SERVICE_TIMEOUT 1
- sudo ovs-appctl -t $service vlog/set console:off syslog:info file:info
+ local service_ctl_file
+ service_ctl_file=$(ls $OVS_RUNDIR | grep $service | grep ctl)
+ if [ -z "$service_ctl_file" ]; then
+ die $LINENO "ctl file for service $service is not present."
+ fi
+ sudo ovs-appctl -t $OVS_RUNDIR/$service_ctl_file vlog/set console:off syslog:info file:info
}
function clone_repository {
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 8acf586..cc41a8c 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -68,7 +68,7 @@
function _neutron_ovs_base_install_agent_packages {
if [ "$Q_BUILD_OVS_FROM_GIT" == "True" ]; then
remove_ovs_packages
- compile_ovs False /usr /var
+ compile_ovs False /usr/local /var
load_conntrack_gre_module
start_new_ovs
else
diff --git a/lib/neutron_plugins/ovs_source b/lib/neutron_plugins/ovs_source
index 9c87dce..9ae5555 100644
--- a/lib/neutron_plugins/ovs_source
+++ b/lib/neutron_plugins/ovs_source
@@ -188,12 +188,12 @@
# start_new_ovs() - removes old ovs database, creates a new one and starts ovs
function start_new_ovs {
sudo rm -f /etc/openvswitch/conf.db /etc/openvswitch/.conf.db~lock~
- sudo /usr/share/openvswitch/scripts/ovs-ctl start
+ sudo /usr/local/share/openvswitch/scripts/ovs-ctl start
}
# stop_new_ovs() - stops ovs
function stop_new_ovs {
- local ovs_ctl='/usr/share/openvswitch/scripts/ovs-ctl'
+ local ovs_ctl='/usr/local/share/openvswitch/scripts/ovs-ctl'
if [ -x $ovs_ctl ] ; then
sudo $ovs_ctl stop
diff --git a/lib/nova b/lib/nova
index 4f98d4d..509cba6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -159,6 +159,9 @@
# image in devstack is CirrOS.
NOVA_SHUTDOWN_TIMEOUT=${NOVA_SHUTDOWN_TIMEOUT:-0}
+# Whether to use Keystone unified limits instead of legacy quota limits.
+NOVA_USE_UNIFIED_LIMITS=$(trueorfalse False NOVA_USE_UNIFIED_LIMITS)
+
# Functions
# ---------
@@ -394,6 +397,13 @@
"http://$SERVICE_HOST:$S3_SERVICE_PORT" \
"http://$SERVICE_HOST:$S3_SERVICE_PORT"
fi
+
+ # Unified limits
+ if is_service_enabled n-api; then
+ if [[ "$NOVA_USE_UNIFIED_LIMITS" = True ]]; then
+ configure_nova_unified_limits
+ fi
+ fi
}
# create_nova_conf() - Create a new nova.conf file
@@ -735,6 +745,53 @@
fi
}
+function configure_nova_unified_limits {
+ # Registered limit resources in keystone are system-specific resources.
+ # Make sure we use a system-scoped token to interact with this API.
+
+ # Default limits here mirror the legacy config-based default values.
+ # Note: disk quota is new in nova as of unified limits.
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 10 --region $REGION_NAME servers
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 20 --region $REGION_NAME class:VCPU
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit $((50 * 1024)) --region $REGION_NAME class:MEMORY_MB
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 20 --region $REGION_NAME class:DISK_GB
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 128 --region $REGION_NAME server_metadata_items
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 5 --region $REGION_NAME server_injected_files
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 10240 --region $REGION_NAME server_injected_file_content_bytes
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 255 --region $REGION_NAME server_injected_file_path_bytes
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 100 --region $REGION_NAME server_key_pairs
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 10 --region $REGION_NAME server_groups
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service nova --default-limit 10 --region $REGION_NAME server_group_members
+
+ # Tell nova to use these limits
+ iniset $NOVA_CONF quota driver "nova.quota.UnifiedLimitsDriver"
+
+ # Configure oslo_limit so it can talk to keystone
+ iniset $NOVA_CONF oslo_limit user_domain_name $SERVICE_DOMAIN_NAME
+ iniset $NOVA_CONF oslo_limit password $SERVICE_PASSWORD
+ iniset $NOVA_CONF oslo_limit username nova
+ iniset $NOVA_CONF oslo_limit auth_type password
+ iniset $NOVA_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
+ iniset $NOVA_CONF oslo_limit system_scope all
+ iniset $NOVA_CONF oslo_limit endpoint_id \
+ $(openstack endpoint list --service nova -f value -c ID)
+
+ # Allow the nova service user to read quotas
+ openstack --os-cloud devstack-system-admin role add --user nova \
+ --user-domain $SERVICE_DOMAIN_NAME --system all reader
+}
+
function init_nova_service_user_conf {
iniset $NOVA_CONF service_user send_service_user_token True
iniset $NOVA_CONF service_user auth_type password
diff --git a/lib/swift b/lib/swift
index 9c13701..ba92f3d 100644
--- a/lib/swift
+++ b/lib/swift
@@ -179,12 +179,9 @@
# cleanup_swift() - Remove residual data files
function cleanup_swift {
rm -f ${SWIFT_CONF_DIR}{*.builder,*.ring.gz,backups/*.builder,backups/*.ring.gz}
- if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
- sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
- fi
- if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
- rm ${SWIFT_DISK_IMAGE}
- fi
+
+ destroy_disk ${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1
+
rm -rf ${SWIFT_DATA_DIR}/run/
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
_cleanup_swift_apache_wsgi
@@ -575,28 +572,7 @@
sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
# Create a loopback disk and format it to XFS.
- if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
- if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
- sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
- sudo rm -f ${SWIFT_DISK_IMAGE}
- fi
- fi
-
- mkdir -p ${SWIFT_DATA_DIR}/drives/images
- sudo touch ${SWIFT_DISK_IMAGE}
- sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
-
- truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
-
- # Make a fresh XFS filesystem
- /sbin/mkfs.xfs -f -i size=1024 ${SWIFT_DISK_IMAGE}
-
- # Mount the disk with mount options to make it as efficient as possible
- mkdir -p ${SWIFT_DATA_DIR}/drives/sdb1
- if ! egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
- sudo mount -t xfs -o loop,noatime,nodiratime,logbufs=8 \
- ${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1
- fi
+ create_disk ${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1 ${SWIFT_LOOPBACK_DISK_SIZE}
# Create a link to the above mount and
# create all of the directories needed to emulate a few different servers
diff --git a/lib/tempest b/lib/tempest
index 9ca06ac..4504663 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -603,6 +603,15 @@
fi
done
+ # ``enforce_scope``
+ # If services enable the enforce_scope for their policy
+ # we need to enable the same on Tempest side so that
+ # test can be run with scoped token.
+ if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+ iniset $TEMPEST_CONFIG enforce_scope keystone true
+ iniset $TEMPEST_CONFIG auth admin_system 'all'
+ iniset $TEMPEST_CONFIG auth admin_project_name ''
+ fi
iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
diff --git a/lib/tls b/lib/tls
index b3cc0b4..5a7f5ae 100644
--- a/lib/tls
+++ b/lib/tls
@@ -169,7 +169,7 @@
[ req ]
default_bits = 1024
-default_md = sha1
+default_md = sha256
prompt = no
distinguished_name = req_distinguished_name
@@ -261,7 +261,7 @@
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
# Generate a signing request
$OPENSSL req \
- -sha1 \
+ -sha256 \
-newkey rsa \
-nodes \
-keyout $ca_dir/private/$cert_name.key \
@@ -301,7 +301,7 @@
if [ ! -r "$ca_dir/cacert.pem" ]; then
# Create a signing certificate request
$OPENSSL req -config $ca_dir/ca.conf \
- -sha1 \
+ -sha256 \
-newkey rsa \
-nodes \
-keyout $ca_dir/private/cacert.key \
diff --git a/stackrc b/stackrc
index 681e9de..e48fd81 100644
--- a/stackrc
+++ b/stackrc
@@ -663,7 +663,7 @@
#IMAGE_URLS="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image
CIRROS_VERSION=${CIRROS_VERSION:-"0.5.2"}
-CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"}
+CIRROS_ARCH=${CIRROS_ARCH:-$(uname -m)}
# Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
# which may be set in ``local.conf``. Also allow ``DEFAULT_IMAGE_NAME`` and