Merge "Fix installation with OVN backend and compilation"
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 3edd708..6850553 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -75,6 +75,7 @@
openstack/networking-sfc `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
openstack/neutron `https://opendev.org/openstack/neutron <https://opendev.org/openstack/neutron>`__
openstack/neutron-dynamic-routing `https://opendev.org/openstack/neutron-dynamic-routing <https://opendev.org/openstack/neutron-dynamic-routing>`__
+openstack/neutron-fwaas-dashboard `https://opendev.org/openstack/neutron-fwaas-dashboard <https://opendev.org/openstack/neutron-fwaas-dashboard>`__
openstack/neutron-tempest-plugin `https://opendev.org/openstack/neutron-tempest-plugin <https://opendev.org/openstack/neutron-tempest-plugin>`__
openstack/neutron-vpnaas `https://opendev.org/openstack/neutron-vpnaas <https://opendev.org/openstack/neutron-vpnaas>`__
openstack/neutron-vpnaas-dashboard `https://opendev.org/openstack/neutron-vpnaas-dashboard <https://opendev.org/openstack/neutron-vpnaas-dashboard>`__
@@ -92,6 +93,7 @@
openstack/sahara-dashboard `https://opendev.org/openstack/sahara-dashboard <https://opendev.org/openstack/sahara-dashboard>`__
openstack/senlin `https://opendev.org/openstack/senlin <https://opendev.org/openstack/senlin>`__
openstack/shade `https://opendev.org/openstack/shade <https://opendev.org/openstack/shade>`__
+openstack/skyline-apiserver `https://opendev.org/openstack/skyline-apiserver <https://opendev.org/openstack/skyline-apiserver>`__
openstack/solum `https://opendev.org/openstack/solum <https://opendev.org/openstack/solum>`__
openstack/storlets `https://opendev.org/openstack/storlets <https://opendev.org/openstack/storlets>`__
openstack/tacker `https://opendev.org/openstack/tacker <https://opendev.org/openstack/tacker>`__
@@ -112,7 +114,6 @@
openstack/zun `https://opendev.org/openstack/zun <https://opendev.org/openstack/zun>`__
openstack/zun-ui `https://opendev.org/openstack/zun-ui <https://opendev.org/openstack/zun-ui>`__
performa/os-faults `https://opendev.org/performa/os-faults <https://opendev.org/performa/os-faults>`__
-skyline/skyline-apiserver `https://opendev.org/skyline/skyline-apiserver <https://opendev.org/skyline/skyline-apiserver>`__
starlingx/config `https://opendev.org/starlingx/config <https://opendev.org/starlingx/config>`__
starlingx/fault `https://opendev.org/starlingx/fault <https://opendev.org/starlingx/fault>`__
starlingx/ha `https://opendev.org/starlingx/ha <https://opendev.org/starlingx/ha>`__
diff --git a/files/debs/swift b/files/debs/swift
index 4b8ac3d..67c6c8d 100644
--- a/files/debs/swift
+++ b/files/debs/swift
@@ -2,5 +2,6 @@
liberasurecode-dev
make
memcached
+rsync
sqlite3
xfsprogs
diff --git a/functions-common b/functions-common
index b407ca5..b2cf9d9 100644
--- a/functions-common
+++ b/functions-common
@@ -878,10 +878,10 @@
# Gets domain id
domain_id=$(
# Gets domain id
- openstack domain show $1 \
+ openstack --os-cloud devstack-system-admin domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
- openstack domain create $1 \
+ openstack --os-cloud devstack-system-admin domain create $1 \
--description "$2" \
-f value -c id
)
@@ -896,7 +896,7 @@
# Gets group id
group_id=$(
# Creates new group with --or-show
- openstack group create $1 \
+ openstack --os-cloud devstack-system-admin group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -915,7 +915,7 @@
# Gets user id
user_id=$(
# Creates new user with --or-show
- openstack user create \
+ openstack --os-cloud devstack-system-admin user create \
$1 \
--password "$2" \
--domain=$3 \
@@ -932,7 +932,7 @@
local project_id
project_id=$(
# Creates new project with --or-show
- openstack project create $1 \
+ openstack --os-cloud devstack-system-admin project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -945,7 +945,7 @@
local role_id
role_id=$(
# Creates role with --or-show
- openstack role create $1 \
+ openstack --os-cloud devstack-system-admin role create $1 \
--or-show -f value -c id
)
echo $role_id
@@ -975,7 +975,7 @@
domain_args=$(_get_domain_args $4 $5)
# Gets user role id
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
@@ -983,11 +983,11 @@
| grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--project $3 \
$domain_args
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
@@ -1002,17 +1002,17 @@
function get_or_add_user_domain_role {
local user_role_id
# Gets user role id
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--domain $3
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
@@ -1030,7 +1030,7 @@
domain_args=$(_get_domain_args $4)
# Gets user role id
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--system $3 \
@@ -1038,11 +1038,11 @@
-f value -c Role)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--system $3 \
$domain_args
- user_role_id=$(openstack role assignment list \
+ user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--system $3 \
@@ -1057,17 +1057,17 @@
function get_or_add_group_project_role {
local group_role_id
# Gets group role id
- group_role_id=$(openstack role assignment list \
+ group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
-f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
- openstack role add $1 \
+ openstack --os-cloud devstack-system-admin role add $1 \
--group $2 \
--project $3
- group_role_id=$(openstack role assignment list \
+ group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
@@ -1083,9 +1083,9 @@
# Gets service id
service_id=$(
# Gets service id
- openstack service show $2 -f value -c id 2>/dev/null ||
+ openstack --os-cloud devstack-system-admin service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
- openstack service create \
+ openstack --os-cloud devstack-system-admin service create \
$2 \
--name $1 \
--description="$3" \
@@ -1098,14 +1098,14 @@
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface {
local endpoint_id
- endpoint_id=$(openstack endpoint list \
+ endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 \
--interface $2 \
--region $4 \
-c ID -f value)
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
- endpoint_id=$(openstack endpoint create \
+ endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint create \
$1 $2 $3 --region $4 -f value -c id)
fi
@@ -1139,7 +1139,7 @@
# Get a URL from the identity service
# Usage: get_endpoint_url <service> <interface>
function get_endpoint_url {
- echo $(openstack endpoint list \
+ echo $(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 --interface $2 \
-c URL -f value)
}
diff --git a/lib/glance b/lib/glance
index 4c2755f..9bba938 100644
--- a/lib/glance
+++ b/lib/glance
@@ -311,11 +311,11 @@
iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_API_CONF oslo_limit system_scope "'all'"
iniset $GLANCE_API_CONF oslo_limit endpoint_id \
- $(openstack endpoint list --service glance -f value -c ID)
+ $(openstack --os-cloud devstack-system-admin endpoint list --service glance -f value -c ID)
# Allow the glance service user to read quotas
- openstack role add --user glance --user-domain Default --system all \
- reader
+ openstack --os-cloud devstack-system-admin role add --user glance --user-domain Default \
+ --system all reader
}
# configure_glance() - Set config files, create data dirs, etc
diff --git a/lib/keystone b/lib/keystone
index b953972..a4c8a52 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -124,6 +124,12 @@
# Whether to create a keystone admin endpoint for legacy applications
KEYSTONE_ADMIN_ENDPOINT=$(trueorfalse False KEYSTONE_ADMIN_ENDPOINT)
+# Flag to set the oslo_policy.enforce_scope. This is used to switch
+# the Identity API policies to start checking the scope of token. By Default,
+# this flag is False.
+# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
+KEYSTONE_ENFORCE_SCOPE=$(trueorfalse False KEYSTONE_ENFORCE_SCOPE)
+
# Functions
# ---------
@@ -259,6 +265,11 @@
iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
fi
+ if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+ iniset $KEYSTONE_CONF oslo_policy enforce_scope true
+ iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
+ iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
+ fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
diff --git a/lib/swift b/lib/swift
index 9c13701..ba92f3d 100644
--- a/lib/swift
+++ b/lib/swift
@@ -179,12 +179,9 @@
# cleanup_swift() - Remove residual data files
function cleanup_swift {
rm -f ${SWIFT_CONF_DIR}{*.builder,*.ring.gz,backups/*.builder,backups/*.ring.gz}
- if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
- sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
- fi
- if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
- rm ${SWIFT_DISK_IMAGE}
- fi
+
+ destroy_disk ${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1
+
rm -rf ${SWIFT_DATA_DIR}/run/
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
_cleanup_swift_apache_wsgi
@@ -575,28 +572,7 @@
sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
# Create a loopback disk and format it to XFS.
- if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
- if egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
- sudo umount ${SWIFT_DATA_DIR}/drives/sdb1
- sudo rm -f ${SWIFT_DISK_IMAGE}
- fi
- fi
-
- mkdir -p ${SWIFT_DATA_DIR}/drives/images
- sudo touch ${SWIFT_DISK_IMAGE}
- sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
-
- truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
-
- # Make a fresh XFS filesystem
- /sbin/mkfs.xfs -f -i size=1024 ${SWIFT_DISK_IMAGE}
-
- # Mount the disk with mount options to make it as efficient as possible
- mkdir -p ${SWIFT_DATA_DIR}/drives/sdb1
- if ! egrep -q ${SWIFT_DATA_DIR}/drives/sdb1 /proc/mounts; then
- sudo mount -t xfs -o loop,noatime,nodiratime,logbufs=8 \
- ${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1
- fi
+ create_disk ${SWIFT_DISK_IMAGE} ${SWIFT_DATA_DIR}/drives/sdb1 ${SWIFT_LOOPBACK_DISK_SIZE}
# Create a link to the above mount and
# create all of the directories needed to emulate a few different servers
diff --git a/lib/tempest b/lib/tempest
index 9ca06ac..4504663 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -603,6 +603,15 @@
fi
done
+ # ``enforce_scope``
+ # If services enable the enforce_scope for their policy
+ # we need to enable the same on Tempest side so that
+ # test can be run with scoped token.
+ if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
+ iniset $TEMPEST_CONFIG enforce_scope keystone true
+ iniset $TEMPEST_CONFIG auth admin_system 'all'
+ iniset $TEMPEST_CONFIG auth admin_project_name ''
+ fi
iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
diff --git a/stackrc b/stackrc
index 681e9de..e48fd81 100644
--- a/stackrc
+++ b/stackrc
@@ -663,7 +663,7 @@
#IMAGE_URLS="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image
CIRROS_VERSION=${CIRROS_VERSION:-"0.5.2"}
-CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"}
+CIRROS_ARCH=${CIRROS_ARCH:-$(uname -m)}
# Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
# which may be set in ``local.conf``. Also allow ``DEFAULT_IMAGE_NAME`` and