Merge "Neutron: stop creating neutron debug probes"
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 1f5797c..384ceee 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -427,6 +427,9 @@
LIBS_FROM_GIT=python-keystoneclient,oslo.config
+Setting the variable to ``ALL`` will activate the download for all
+libraries.
+
Virtual Environments
--------------------
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index cf9c873..e58643f 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -95,6 +95,7 @@
networking-sfc `git://git.openstack.org/openstack/networking-sfc <https://git.openstack.org/cgit/openstack/networking-sfc>`__
networking-vsphere `git://git.openstack.org/openstack/networking-vsphere <https://git.openstack.org/cgit/openstack/networking-vsphere>`__
neutron `git://git.openstack.org/openstack/neutron <https://git.openstack.org/cgit/openstack/neutron>`__
+neutron-dynamic-routing `git://git.openstack.org/openstack/neutron-dynamic-routing <https://git.openstack.org/cgit/openstack/neutron-dynamic-routing>`__
neutron-lbaas `git://git.openstack.org/openstack/neutron-lbaas <https://git.openstack.org/cgit/openstack/neutron-lbaas>`__
neutron-lbaas-dashboard `git://git.openstack.org/openstack/neutron-lbaas-dashboard <https://git.openstack.org/cgit/openstack/neutron-lbaas-dashboard>`__
neutron-vpnaas `git://git.openstack.org/openstack/neutron-vpnaas <https://git.openstack.org/cgit/openstack/neutron-vpnaas>`__
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 428544f..8a4b0f0 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -44,8 +44,8 @@
WSGIPassAuthorization On
</Location>
-Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
-<Location /identity_admin>
+Alias /identity_v2_admin %KEYSTONE_BIN%/keystone-wsgi-admin
+<Location /identity_v2_admin>
SetHandler wsgi-script
Options +ExecCGI
diff --git a/functions-common b/functions-common
index a56a0ab..9973d8f 100644
--- a/functions-common
+++ b/functions-common
@@ -380,6 +380,7 @@
DISTRO="sle${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
+ "$os_VENDOR" =~ (Scientific) || \
"$os_VENDOR" =~ (OracleServer) || \
"$os_VENDOR" =~ (Virtuozzo) ]]; then
# Drop the . release as we assume it's compatible
@@ -2263,11 +2264,12 @@
# Service wrapper to restart services
# restart_service service-name
function restart_service {
- if is_ubuntu; then
- sudo /usr/sbin/service $1 restart
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl restart $1
else
- sudo /sbin/service $1 restart
+ sudo service $1 restart
fi
+
}
# Only change permissions of a file or directory if it is not on an
@@ -2285,20 +2287,20 @@
# Service wrapper to start services
# start_service service-name
function start_service {
- if is_ubuntu; then
- sudo /usr/sbin/service $1 start
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl start $1
else
- sudo /sbin/service $1 start
+ sudo service $1 start
fi
}
# Service wrapper to stop services
# stop_service service-name
function stop_service {
- if is_ubuntu; then
- sudo /usr/sbin/service $1 stop
+ if [ -x /bin/systemctl ]; then
+ sudo /bin/systemctl stop $1
else
- sudo /sbin/service $1 stop
+ sudo service $1 stop
fi
}
diff --git a/inc/python b/inc/python
index 495150d..e013dfa 100644
--- a/inc/python
+++ b/inc/python
@@ -192,7 +192,7 @@
function use_library_from_git {
local name=$1
local enabled=1
- [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0
+ [[ ${LIBS_FROM_GIT} = 'ALL' ]] || [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0
return $enabled
}
diff --git a/lib/horizon b/lib/horizon
index abc1f6d..0517e32 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -96,7 +96,7 @@
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
_horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
- _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\""
+ _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_URI}/v3\""
if [ -f $SSL_BUNDLE_FILE ]; then
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
diff --git a/lib/keystone b/lib/keystone
index 3309a91..c94bcd3 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -122,8 +122,14 @@
fi
# complete URIs
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
-KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
+if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
+ # If running in Apache, use path access rather than port.
+ KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_v2_admin
+ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
+else
+ KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
+ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
+fi
# V3 URIs
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@@ -259,7 +265,15 @@
# Set the service ports for a proxy to take the originals
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_port=$KEYSTONE_AUTH_PORT_INT
+ fi
+ # Override the endpoints advertised by keystone (the public_endpoint and
+ # admin_endpoint) so that clients use the correct endpoint. By default, the
+ # keystone server uses the public_port and admin_port which isn't going to
+ # work when you want to use a different port (in the case of proxy), or you
+ # don't want the port (in the case of putting keystone on a path in
+ # apache).
+ if is_service_enabled tls-proxy || [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
fi
@@ -582,7 +596,14 @@
# Check that the keystone service is running. Even if the tls tunnel
# should be enabled, make sure the internal port is checked using
# unencryted traffic at this point.
- if ! wait_for_service $SERVICE_TIMEOUT $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/; then
+ # If running in Apache, use the path rather than port.
+
+ local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
+ service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
+ fi
+
+ if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
die $LINENO "keystone did not start"
fi
@@ -625,8 +646,8 @@
--bootstrap-service-name keystone \
--bootstrap-region-id "$REGION_NAME" \
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
- --bootstrap-public-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT" \
- --bootstrap-internal-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT"
+ --bootstrap-public-url "$KEYSTONE_SERVICE_URI" \
+ --bootstrap-internal-url "$KEYSTONE_SERVICE_URI"
}
# Restore xtrace
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 02be83a..5e5207b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -365,7 +365,7 @@
function create_nova_conf_neutron {
iniset $NOVA_CONF DEFAULT use_neutron True
iniset $NOVA_CONF neutron auth_type "password"
- iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NOVA_CONF neutron auth_url "$KEYSTONE_AUTH_URI/v3"
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "$SERVICE_DOMAIN_NAME"
@@ -621,11 +621,6 @@
IP_BRD=$(ip -f $af a s dev $from_intf scope global primary | grep inet | awk '{ print $2, $3, $4; exit }')
- if [[ "$af" == "inet" ]]; then
- IP=$(echo $IP_BRD | awk '{ print $1; exit }' | grep -o -E '(.*)/' | cut -d "/" -f1)
- ARP_CMD="arping -A -c 3 -w 4.5 -I $to_intf $IP "
- fi
-
if [ "$DEFAULT_ROUTE_GW" != "" ]; then
ADD_DEFAULT_ROUTE="sudo ip -f $af r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
fi
@@ -642,6 +637,10 @@
IP_DEL="sudo ip addr del $IP_BRD dev $from_intf"
IP_ADD="sudo ip addr add $IP_BRD dev $to_intf"
IP_UP="sudo ip link set $to_intf up"
+ if [[ "$af" == "inet" ]]; then
+ IP=$(echo $IP_BRD | awk '{ print $1; exit }' | grep -o -E '(.*)/' | cut -d "/" -f1)
+ ARP_CMD="arping -A -c 3 -w 4.5 -I $to_intf $IP "
+ fi
fi
# The add/del OVS port calls have to happen either before or
diff --git a/lib/nova b/lib/nova
index de898b2..af5d122 100644
--- a/lib/nova
+++ b/lib/nova
@@ -589,14 +589,6 @@
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
- if [[ "$NOVA_BACKEND" == "LVM" ]]; then
- iniset $NOVA_CONF libvirt images_type "lvm"
- iniset $NOVA_CONF libvirt images_volume_group $DEFAULT_VOLUME_GROUP_NAME
- if isset LVM_VOLUME_CLEAR; then
- iniset $NOVA_CONF libvirt volume_clear "$LVM_VOLUME_CLEAR"
- fi
- fi
-
if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
iniset $NOVA_CONF DEFAULT glance_protocol https
fi
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 1b4f7ae..d0e364e 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -68,6 +68,12 @@
iniset $NOVA_CONF vnc vncserver_proxyclient_address $HOST_IP
iniset $NOVA_CONF vnc vncserver_listen $HOST_IP
iniset $NOVA_CONF vnc keymap
+ elif [[ "$NOVA_BACKEND" == "LVM" ]]; then
+ iniset $NOVA_CONF libvirt images_type "lvm"
+ iniset $NOVA_CONF libvirt images_volume_group $DEFAULT_VOLUME_GROUP_NAME
+ if isset LVM_VOLUME_CLEAR; then
+ iniset $NOVA_CONF libvirt volume_clear "$LVM_VOLUME_CLEAR"
+ fi
fi
}
diff --git a/lib/swift b/lib/swift
index 8cb94ef..4330e3b 100644
--- a/lib/swift
+++ b/lib/swift
@@ -457,9 +457,7 @@
cat <<EOF >>${SWIFT_CONFIG_PROXY_SERVER}
[filter:s3token]
paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_port = ${KEYSTONE_AUTH_PORT}
-auth_host = ${KEYSTONE_AUTH_HOST}
-auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
+auth_uri = ${KEYSTONE_AUTH_URI}
cafile = ${SSL_BUNDLE_FILE}
admin_user = swift
admin_tenant_name = ${SERVICE_PROJECT_NAME}
diff --git a/lib/tempest b/lib/tempest
index d4d8cf2..6f8e293 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -602,6 +602,8 @@
PROJECT_VENV["tempest"]=${TEMPEST_DIR}/.tox/tempest
if [[ $TEMPEST_PLUGINS != 0 ]] ; then
tox -evenv-tempest -- pip install $TEMPEST_PLUGINS
+ echo "Checking installed Tempest plugins:"
+ tox -evenv-tempest -- tempest list-plugins
fi
popd
}
diff --git a/openrc b/openrc
index db2e97d..8d8ae8b 100644
--- a/openrc
+++ b/openrc
@@ -90,6 +90,13 @@
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
+# Currently, in order to use openstackclient with Identity API v3,
+# we need to set the domain which the user and project belong to.
+if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
+ export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
+ export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
+fi
+
# Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then
DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
diff --git a/stack.sh b/stack.sh
index 381e94c..68e3d93 100755
--- a/stack.sh
+++ b/stack.sh
@@ -335,6 +335,13 @@
# to speed things up
SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL)
+# If we have /etc/nodepool/provider assume we're on a OpenStack CI
+# node, where EPEL is already pointing at our internal mirror and RDO
+# is pre-installed.
+if [[ -f /etc/nodepool/provider ]]; then
+ SKIP_EPEL_INSTALL=True
+fi
+
if is_fedora && [[ $DISTRO == "rhel7" ]] && \
[[ ${SKIP_EPEL_INSTALL} != True ]]; then
_install_epel_and_rdo
diff --git a/stackrc b/stackrc
index 4ba57c9..8e1900d 100644
--- a/stackrc
+++ b/stackrc
@@ -208,6 +208,9 @@
# ex: LIBS_FROM_GIT=python-keystoneclient,oslo.config
#
# Will install those 2 libraries from git, the rest from pypi.
+#
+# Setting the variable to 'ALL' will activate the download for all
+# libraries.
##############