Merge "Allow deploying keystone with SSL certificates"
diff --git a/README.md b/README.md
index cb7752d..91d7efb 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@
`stackrc` for the default set). Usually just before a release there will be
milestone-proposed branches that need to be tested::
- GLANCE_REPO=https://github.com/openstack/glance.git
+ GLANCE_REPO=git://git.openstack.org/openstack/glance.git
GLANCE_BRANCH=milestone-proposed
# Start A Dev Cloud
diff --git a/lib/glance b/lib/glance
index c88f2dc..2e29a8f 100644
--- a/lib/glance
+++ b/lib/glance
@@ -174,7 +174,7 @@
recreate_database glance utf8
# Migrate glance database
- $GLANCE_BIN_DIR/glance-manage db_sync
+ $GLANCE_BIN_DIR/glance-manage db sync
create_glance_cache_dir
}
diff --git a/lib/keystone b/lib/keystone
index 4a7d7bb..6d0c1cd 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -206,6 +206,8 @@
if [[ "$KEYSTONE_TOKEN_BACKEND" = "sql" ]]; then
iniset $KEYSTONE_CONF token driver keystone.token.backends.sql.Token
+ elif [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
+ iniset $KEYSTONE_CONF token driver keystone.token.backends.memcache.Token
else
iniset $KEYSTONE_CONF token driver keystone.token.backends.kvs.Token
fi
@@ -366,6 +368,17 @@
if is_service_enabled ldap; then
install_ldap
fi
+ if [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
+ # Install memcached and the memcache Python library that keystone uses.
+ # Unfortunately the Python library goes by different names in the .deb
+ # and .rpm circles.
+ install_package memcached
+ if is_ubuntu; then
+ install_package python-memcache
+ else
+ install_package python-memcached
+ fi
+ fi
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
setup_develop $KEYSTONE_DIR
if is_apache_enabled_service key; then
diff --git a/lib/neutron b/lib/neutron
index 70417be..7f1a9d8 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -17,6 +17,7 @@
# - configure_neutron_third_party
# - init_neutron_third_party
# - start_neutron_third_party
+# - create_neutron_cache_dir
# - create_nova_conf_neutron
# - start_neutron_service_and_check
# - create_neutron_initial_network
@@ -296,6 +297,14 @@
fi
}
+# create_neutron_cache_dir() - Part of the _neutron_setup_keystone() process
+function create_neutron_cache_dir() {
+ # Create cache dir
+ sudo mkdir -p $NEUTRON_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $NEUTRON_AUTH_CACHE_DIR
+ rm -f $NEUTRON_AUTH_CACHE_DIR/*
+}
+
# create_neutron_accounts() - Set up common required neutron accounts
# Tenant User Roles
@@ -556,7 +565,7 @@
# Format logging
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
- setup_colorized_logging $NEUTRON_CONF DEFAULT
+ setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
fi
_neutron_setup_rootwrap
@@ -782,9 +791,7 @@
if [[ -z $skip_auth_cache ]]; then
iniset $conf_file $section signing_dir $NEUTRON_AUTH_CACHE_DIR
# Create cache dir
- sudo mkdir -p $NEUTRON_AUTH_CACHE_DIR
- sudo chown $STACK_USER $NEUTRON_AUTH_CACHE_DIR
- rm -f $NEUTRON_AUTH_CACHE_DIR/*
+ create_neutron_cache_dir
fi
}
diff --git a/lib/swift b/lib/swift
index c049311..8a1489b 100644
--- a/lib/swift
+++ b/lib/swift
@@ -96,6 +96,13 @@
SWIFT_REPLICAS=${SWIFT_REPLICAS:-1}
SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
+# Set ``SWIFT_LOG_TOKEN_LENGTH`` to configure how many characters of an auth
+# token should be placed in the logs. When keystone is used with PKI tokens,
+# the token values can be huge, seemingly larger the 2K, at the least. We
+# restrict it here to a default of 12 characters, which should be enough to
+# trace through the logs when looking for its use.
+SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
+
# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
# Port bases used in port number calclution for the service "nodes"
# The specified port number will be used, the additinal ports calculated by
@@ -281,6 +288,9 @@
SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
fi
+ # Restrict the length of auth tokens in the swift proxy-server logs.
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:proxy-logging reveal_sensitive_prefix ${SWIFT_LOG_TOKEN_LENGTH}
+
# By default Swift will be installed with keystone and tempauth middleware
# and add the swift3 middleware if its configured for it. The token for
# tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the
@@ -312,6 +322,10 @@
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
+ # This causes the authtoken middleware to use the same python logging
+ # adapter provided by the swift proxy-server, so that request transaction
+ # IDs will included in all of its log messages.
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
@@ -338,7 +352,7 @@
cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf
iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH}
- # This function generates an object/account/proxy configuration
+ # This function generates an object/container/account configuration
# emulating 4 nodes on different ports
function generate_swift_config() {
local swift_node_config=$1
diff --git a/stack.sh b/stack.sh
index 28032de..a2ef679 100755
--- a/stack.sh
+++ b/stack.sh
@@ -751,6 +751,7 @@
if [[ $TRACK_DEPENDS = True ]]; then
$DEST/.venv/bin/pip freeze > $DEST/requires-post-pip
if ! diff -Nru $DEST/requires-pre-pip $DEST/requires-post-pip > $DEST/requires.diff; then
+ echo "Detect some changes for installed packages of pip, in depend tracking mode"
cat $DEST/requires.diff
fi
echo "Ran stack.sh in depend tracking mode, bailing out now"
diff --git a/stackrc b/stackrc
index 6adb676..7eda5a5 100644
--- a/stackrc
+++ b/stackrc
@@ -62,7 +62,7 @@
# Base GIT Repo URL
# Another option is http://review.openstack.org/p
-GIT_BASE=${GIT_BASE:-https://github.com}
+GIT_BASE=${GIT_BASE:-git://git.openstack.org}
# metering service
CEILOMETER_REPO=${CEILOMETER_REPO:-${GIT_BASE}/openstack/ceilometer.git}
@@ -182,7 +182,7 @@
NOVNC_BRANCH=${NOVNC_BRANCH:-master}
# ryu service
-RYU_REPO=${RYU_REPO:-${GIT_BASE}/osrg/ryu.git}
+RYU_REPO=${RYU_REPO:-https://github.com/osrg/ryu.git}
RYU_BRANCH=${RYU_BRANCH:-master}
# a websockets/html5 or flash powered SPICE console for vm instances
diff --git a/tools/build_tempest.sh b/tools/build_tempest.sh
index 1758e7d..6c527f5 100755
--- a/tools/build_tempest.sh
+++ b/tools/build_tempest.sh
@@ -2,7 +2,7 @@
#
# **build_tempest.sh**
-# Checkout and prepare a Tempest repo: https://github.com/openstack/tempest.git
+# Checkout and prepare a Tempest repo: git://git.openstack.org/openstack/tempest.git
function usage {
echo "$0 - Check out and prepare a Tempest repo"
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 455323e..6b9b25e 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -26,6 +26,7 @@
# Handle arguments
+USE_GET_PIP=${USE_GET_PIP:-0}
INSTALL_PIP_VERSION=${INSTALL_PIP_VERSION:-"1.4.1"}
while [[ -n "$1" ]]; do
case $1 in
@@ -63,7 +64,7 @@
function install_get_pip() {
if [[ ! -r $FILES/get-pip.py ]]; then
(cd $FILES; \
- curl $PIP_GET_PIP_URL; \
+ curl -O $PIP_GET_PIP_URL; \
)
fi
sudo python $FILES/get-pip.py
diff --git a/tools/xen/test_functions.sh b/tools/xen/test_functions.sh
index 5347238..0ae2cb7 100755
--- a/tools/xen/test_functions.sh
+++ b/tools/xen/test_functions.sh
@@ -111,8 +111,8 @@
function test_zip_snapshot_location {
diff \
- <(zip_snapshot_location "https://github.com/openstack/nova.git" "master") \
- <(echo "https://github.com/openstack/nova/zipball/master")
+ <(zip_snapshot_location "git://git.openstack.org/openstack/nova.git" "master") \
+ <(echo "git://git.openstack.org/openstack/nova/zipball/master")
}
function test_create_directory_for_kernels {