Merge "neutron: add NOVA_ALLOW_DUPLICATE_NETWORKS config option"
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index f61002b..0db8932 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -16,7 +16,7 @@
production systems.
Your best choice is probably to choose a `distribution of OpenStack
-<https://www.openstack.org/marketplace/distros/distribution>`__.
+<https://www.openstack.org/marketplace/distros/>`__.
Why a shell script, why not chef/puppet/...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index b35492e..c652bac 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -88,7 +88,7 @@
parm: nested:int
To make the above value persistent across reboots, add an entry in
-/etc/modprobe.ddist.conf so it looks as below::
+/etc/modprobe.d/dist.conf so it looks as below::
cat /etc/modprobe.d/dist.conf
options kvm-amd nested=y
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index c5c4e1e..99bfb85 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -26,7 +26,7 @@
+--------------------+-------------------------------------------+--------------------+
|trove |git://git.openstack.org/openstack/trove | |
+--------------------+-------------------------------------------+--------------------+
-|zaqar |git://git.openstack.org/openstack/zarar | |
+|zaqar |git://git.openstack.org/openstack/zaqar | |
+--------------------+-------------------------------------------+--------------------+
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index b166936..1b6f5e3 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -221,7 +221,9 @@
``stackforge/devstack-plugin-FOO`` project.
To enable a plugin to be used in a gate job, the following lines will
-be needed in your project.yaml definition::
+be needed in your ``jenkins/jobs/<project>.yaml`` definition in
+`project-config
+<http://git.openstack.org/cgit/openstack-infra/project-config/>`_::
# Because we are testing a non standard project, add the
# our project repository. This makes zuul do the right
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 0b914e2..6dd1ad9 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -33,3 +33,23 @@
%SSLCERTFILE%
%SSLKEYFILE%
</VirtualHost>
+
+Alias /identity %PUBLICWSGI%
+<Location /identity>
+ SetHandler wsgi-script
+ Options +ExecCGI
+
+ WSGIProcessGroup keystone-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+</Location>
+
+Alias /identity_admin %ADMINWSGI%
+<Location /identity_admin>
+ SetHandler wsgi-script
+ Options +ExecCGI
+
+ WSGIProcessGroup keystone-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+</Location>
diff --git a/functions-common b/functions-common
index c80d3b2..60cf04c 100644
--- a/functions-common
+++ b/functions-common
@@ -270,8 +270,9 @@
# Fedora release 16 (Verne)
# XenServer release 6.2.0-70446c (xenenterprise)
# Oracle Linux release 7
+ # CloudLinux release 7.1
os_CODENAME=""
- for r in "Red Hat" CentOS Fedora XenServer; do
+ for r in "Red Hat" CentOS Fedora XenServer CloudLinux; do
os_VENDOR=$r
if [[ -n "`grep \"$r\" /etc/redhat-release`" ]]; then
ver=`sed -e 's/^.* \([0-9].*\) (\(.*\)).*$/\1\|\2/' /etc/redhat-release`
@@ -375,7 +376,8 @@
fi
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
- [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ]
+ [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ] || \
+ [ "$os_VENDOR" = "CloudLinux" ]
}
@@ -684,9 +686,10 @@
# Gets or creates a domain
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
+ local domain_id
local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id
- local domain_id=$(
+ domain_id=$(
# Gets domain id
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 domain show $1 \
@@ -705,8 +708,9 @@
function get_or_create_group {
local desc="${3:-}"
local os_url="$KEYSTONE_SERVICE_URI_V3"
+ local group_id
# Gets group id
- local group_id=$(
+ group_id=$(
# Creates new group with --or-show
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 group create $1 \
@@ -719,13 +723,14 @@
# Gets or creates user
# Usage: get_or_create_user <username> <password> <domain> [<email>]
function get_or_create_user {
+ local user_id
if [[ ! -z "$4" ]]; then
local email="--email=$4"
else
local email=""
fi
# Gets user id
- local user_id=$(
+ user_id=$(
# Creates new user with --or-show
openstack user create \
$1 \
@@ -743,7 +748,8 @@
# Gets or creates project
# Usage: get_or_create_project <name> <domain>
function get_or_create_project {
- local project_id=$(
+ local project_id
+ project_id=$(
# Creates new project with --or-show
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
@@ -757,9 +763,13 @@
# Gets or creates role
# Usage: get_or_create_role <name>
function get_or_create_role {
- local role_id=$(
+ local role_id
+ role_id=$(
# Creates role with --or-show
- openstack role create $1 --or-show -f value -c id
+ openstack role create $1 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --or-show -f value -c id
)
echo $role_id
}
@@ -767,11 +777,14 @@
# Gets or adds user role to project
# Usage: get_or_add_user_project_role <role> <user> <project>
function get_or_add_user_project_role {
+ local user_role_id
# Gets user role id
- local user_role_id=$(openstack role list \
+ user_role_id=$(openstack role list \
--user $2 \
- --project $3 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--column "ID" \
+ --project $3 \
--column "Name" \
| grep " $1 " | get_field 1)
if [[ -z "$user_role_id" ]]; then
@@ -780,6 +793,8 @@
$1 \
--user $2 \
--project $3 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
| grep " id " | get_field 2)
fi
echo $user_role_id
@@ -788,20 +803,27 @@
# Gets or adds group role to project
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
+ local group_role_id
# Gets group role id
- local group_role_id=$(openstack role list \
+ group_role_id=$(openstack role list \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--group $2 \
--project $3 \
- --column "ID" \
- --column "Name" \
- | grep " $1 " | get_field 1)
+ -c "ID" -f value)
if [[ -z "$group_role_id" ]]; then
- # Adds role to group
- group_role_id=$(openstack role add \
- $1 \
+ # Adds role to group and get it
+ openstack role add $1 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --group $2 \
+ --project $3
+ group_role_id=$(openstack role list \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
--group $2 \
--project $3 \
- | grep " id " | get_field 2)
+ -c "ID" -f value)
fi
echo $group_role_id
}
@@ -809,12 +831,15 @@
# Gets or creates service
# Usage: get_or_create_service <name> <type> <description>
function get_or_create_service {
+ local service_id
# Gets service id
- local service_id=$(
+ service_id=$(
# Gets service id
openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
$2 \
--name $1 \
--description="$3" \
@@ -823,29 +848,57 @@
echo $service_id
}
-# Gets or creates endpoint
-# Usage: get_or_create_endpoint <service> <region> <publicurl> <adminurl> <internalurl>
-function get_or_create_endpoint {
- # Gets endpoint id
- local endpoint_id=$(openstack endpoint list \
- --column "ID" \
- --column "Region" \
- --column "Service Name" \
- | grep " $2 " \
- | grep " $1 " | get_field 1)
+# Create an endpoint with a specific interface
+# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
+function _get_or_create_endpoint_with_interface {
+ local endpoint_id
+ endpoint_id=$(openstack endpoint list \
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --service $1 \
+ --interface $2 \
+ --region $4 \
+ -c ID -f value)
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
- $1 \
- --region $2 \
- --publicurl $3 \
- --adminurl $4 \
- --internalurl $5 \
- | grep " id " | get_field 2)
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ $1 $2 $3 --region $4 -f value -c id)
fi
+
echo $endpoint_id
}
+# Gets or creates endpoint
+# Usage: get_or_create_endpoint <service> <region> <publicurl> <adminurl> <internalurl>
+function get_or_create_endpoint {
+ # NOTE(jamielennnox): when converting to v3 endpoint creation we go from
+ # creating one endpoint with multiple urls to multiple endpoints each with
+ # a different interface. To maintain the existing function interface we
+ # create 3 endpoints and return the id of the public one. In reality
+ # returning the public id will not make a lot of difference as there are no
+ # scenarios currently that use the returned id. Ideally this behaviour
+ # should be pushed out to the service setups and let them create the
+ # endpoints they need.
+ local public_id=$(_get_or_create_endpoint_with_interface $1 public $3 $2)
+ _get_or_create_endpoint_with_interface $1 admin $4 $2
+ _get_or_create_endpoint_with_interface $1 internal $5 $2
+
+ # return the public id to indicate success, and this is the endpoint most likely wanted
+ echo $public_id
+}
+
+# Get a URL from the identity service
+# Usage: get_endpoint_url <service> <interface>
+function get_endpoint_url {
+ echo $(openstack endpoint list \
+ --service $1 --interface $2 \
+ --os-url $KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ -c URL -f value)
+}
+
# Package Functions
# =================
diff --git a/lib/ceilometer b/lib/ceilometer
index 163ed0b..9226d85 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -130,9 +130,8 @@
create_service_user "ceilometer" "admin"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local ceilometer_service=$(get_or_create_service "ceilometer" \
- "metering" "OpenStack Telemetry Service")
- get_or_create_endpoint $ceilometer_service \
+ get_or_create_service "ceilometer" "metering" "OpenStack Telemetry Service"
+ get_or_create_endpoint "metering" \
"$REGION_NAME" \
"$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
"$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
@@ -212,6 +211,7 @@
cp $CEILOMETER_DIR/etc/ceilometer/event_pipeline.yaml $CEILOMETER_CONF_DIR
cp $CEILOMETER_DIR/etc/ceilometer/api_paste.ini $CEILOMETER_CONF_DIR
cp $CEILOMETER_DIR/etc/ceilometer/event_definitions.yaml $CEILOMETER_CONF_DIR
+ cp $CEILOMETER_DIR/etc/ceilometer/meters.yaml $CEILOMETER_CONF_DIR
if [ "$CEILOMETER_PIPELINE_INTERVAL" ]; then
sed -i "s/interval:.*/interval: ${CEILOMETER_PIPELINE_INTERVAL}/" $CEILOMETER_CONF_DIR/pipeline.yaml
diff --git a/lib/cinder b/lib/cinder
index ab315ac..e5ed2db 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -329,16 +329,14 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local cinder_service=$(get_or_create_service "cinder" \
- "volume" "Cinder Volume Service")
- get_or_create_endpoint $cinder_service "$REGION_NAME" \
+ get_or_create_service "cinder" "volume" "Cinder Volume Service"
+ get_or_create_endpoint "volume" "$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
- local cinder_v2_service=$(get_or_create_service "cinderv2" \
- "volumev2" "Cinder Volume Service V2")
- get_or_create_endpoint $cinder_v2_service "$REGION_NAME" \
+ get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
+ get_or_create_endpoint "volumev2" "$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
@@ -484,13 +482,12 @@
function create_volume_types {
# Create volume types
if is_service_enabled c-api && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
- local be be_name be_type
+ local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
- be_type=${be%%:*}
be_name=${be##*:}
- # openstack volume type create --property volume_backend_name="${be_type}" ${be_name}
- cinder type-create ${be_name} && \
- cinder type-key ${be_name} set volume_backend_name="${be_name}"
+ # FIXME(jamielennox): Remove --os-volume-api-version pinning when
+ # osc supports volume type create on v2 api. bug #1475060
+ openstack volume type create --os-volume-api-version 1 --property volume_backend_name="${be_name}" ${be_name}
done
fi
}
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 9c9401e..fb55b60 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -95,9 +95,9 @@
sudo bash -c "source $TOP_DIR/functions && \
iniset $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" && \
iniset $my_conf mysqld sql_mode STRICT_ALL_TABLES && \
- iniset $my_conf mysqld default-storage-engine InnoDB \
- iniset $my_conf mysqld max_connections 1024 \
- iniset $my_conf mysqld query_cache_type OFF \
+ iniset $my_conf mysqld default-storage-engine InnoDB && \
+ iniset $my_conf mysqld max_connections 1024 && \
+ iniset $my_conf mysqld query_cache_type OFF && \
iniset $my_conf mysqld query_cache_size 0"
diff --git a/lib/glance b/lib/glance
index df7adfc..f200dca 100644
--- a/lib/glance
+++ b/lib/glance
@@ -272,9 +272,8 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local glance_service=$(get_or_create_service "glance" \
- "image" "Glance Image Service")
- get_or_create_endpoint $glance_service \
+ get_or_create_service "glance" "image" "Glance Image Service"
+ get_or_create_endpoint "image" \
"$REGION_NAME" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
@@ -285,10 +284,9 @@
# Add glance-search service and endpoints
if is_service_enabled g-search; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local glance_search_service=$(get_or_create_service "glance-search" \
- "search" "EXPERIMENTAL - Glance Graffiti Search Service")
+ get_or_create_service "glance-search" "search" "EXPERIMENTAL - Glance Graffiti Search Service"
- get_or_create_endpoint $glance_search_service \
+ get_or_create_endpoint "search" \
"$REGION_NAME" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
"$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
diff --git a/lib/heat b/lib/heat
index 5cb0dbf..cedddd2 100644
--- a/lib/heat
+++ b/lib/heat
@@ -250,17 +250,15 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local heat_service=$(get_or_create_service "heat" \
- "orchestration" "Heat Orchestration Service")
- get_or_create_endpoint $heat_service \
+ get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
+ get_or_create_endpoint "orchestration" \
"$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
- local heat_cfn_service=$(get_or_create_service "heat-cfn" \
- "cloudformation" "Heat CloudFormation Service")
- get_or_create_endpoint $heat_cfn_service \
+ get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
+ get_or_create_endpoint "cloudformation" \
"$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
diff --git a/lib/ironic b/lib/ironic
index cff20c9..1323446 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -285,7 +285,7 @@
# Format logging
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
- setup_colorized_logging $IRONIC_CONF_FILE DEFAULT
+ setup_colorized_logging $IRONIC_CONF_FILE DEFAULT tenant user
fi
if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then
@@ -411,9 +411,8 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local ironic_service=$(get_or_create_service "ironic" \
- "baremetal" "Ironic baremetal provisioning service")
- get_or_create_endpoint $ironic_service \
+ get_or_create_service "ironic" "baremetal" "Ironic baremetal provisioning service"
+ get_or_create_endpoint "baremetal" \
"$REGION_NAME" \
"$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
"$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
diff --git a/lib/keystone b/lib/keystone
index c33d466..59584b2 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -313,6 +313,8 @@
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
+
+ iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
}
function configure_keystone_extensions {
@@ -406,9 +408,8 @@
# Keystone
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
- "identity" "Keystone Identity Service")
- get_or_create_endpoint $KEYSTONE_SERVICE \
+ get_or_create_service "keystone" "identity" "Keystone Identity Service"
+ get_or_create_endpoint "identity" \
"$REGION_NAME" \
"$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
"$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
@@ -476,11 +477,15 @@
$KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
done
- if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
# Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl
$KEYSTONE_BIN_DIR/keystone-manage pki_setup
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
+ rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
+ $KEYSTONE_BIN_DIR/keystone-manage fernet_setup
+ fi
}
# install_keystoneclient() - Collect source and prepare
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index ee98015..5abe55c 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -519,9 +519,8 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local neutron_service=$(get_or_create_service "neutron" \
- "network" "Neutron Service")
- get_or_create_endpoint $neutron_service \
+ get_or_create_service "neutron" "network" "Neutron Service"
+ get_or_create_endpoint "network" \
"$REGION_NAME" \
"$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
"$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
diff --git a/lib/nova b/lib/nova
index 5fbce5d..a6cd651 100644
--- a/lib/nova
+++ b/lib/nova
@@ -404,24 +404,22 @@
create_service_user "nova" "admin"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- local nova_service=$(get_or_create_service "nova" \
- "compute" "Nova Compute Service")
local nova_api_url
if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
else
nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
fi
- get_or_create_endpoint $nova_service \
+
+ get_or_create_service "nova" "compute" "Nova Compute Service"
+ get_or_create_endpoint "compute" \
"$REGION_NAME" \
"$nova_api_url/v2/\$(tenant_id)s" \
"$nova_api_url/v2/\$(tenant_id)s" \
"$nova_api_url/v2/\$(tenant_id)s"
- local nova_v21_service=$(get_or_create_service "novav21" \
- "computev21" "Nova Compute Service V2.1")
- get_or_create_endpoint $nova_v21_service \
+ get_or_create_service "novav21" "computev21" "Nova Compute Service V2.1"
+ get_or_create_endpoint "computev21" \
"$REGION_NAME" \
"$nova_api_url/v2.1/\$(tenant_id)s" \
"$nova_api_url/v2.1/\$(tenant_id)s" \
@@ -440,9 +438,8 @@
# EC2
if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
- local ec2_service=$(get_or_create_service "ec2" \
- "ec2" "EC2 Compatibility Layer")
- get_or_create_endpoint $ec2_service \
+ get_or_create_service "ec2" "ec2" "EC2 Compatibility Layer"
+ get_or_create_endpoint "ec2" \
"$REGION_NAME" \
"$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
"$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
@@ -454,8 +451,8 @@
if is_service_enabled n-obj swift3; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local s3_service=$(get_or_create_service "s3" "s3" "S3")
- get_or_create_endpoint $s3_service \
+ get_or_create_service "s3" "s3" "S3"
+ get_or_create_endpoint "s3" \
"$REGION_NAME" \
"http://$SERVICE_HOST:$S3_SERVICE_PORT" \
"http://$SERVICE_HOST:$S3_SERVICE_PORT" \
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index f70b21a..c54a716 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -25,9 +25,6 @@
# Defaults
# --------
-# File injection is disabled by default in Nova. This will turn it back on.
-ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
-
# Entry Points
# ------------
@@ -60,21 +57,17 @@
iniset $NOVA_CONF DEFAULT vnc_enabled "false"
fi
- if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
- # When libguestfs is available for file injection, enable using
- # libguestfs to inspect the image and figure out the proper
- # partition to inject into.
- iniset $NOVA_CONF libvirt inject_partition '-1'
- iniset $NOVA_CONF libvirt inject_key 'true'
- else
- # File injection is being disabled by default in the near future -
- # disable it here for now to avoid surprises later.
- iniset $NOVA_CONF libvirt inject_partition '-2'
- fi
+ # File injection is being disabled by default in the near future -
+ # disable it here for now to avoid surprises later.
+ iniset $NOVA_CONF libvirt inject_partition '-2'
if [[ "$LIBVIRT_TYPE" = "parallels" ]]; then
iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
iniset $NOVA_CONF libvirt images_type "ploop"
+ iniset $NOVA_CONF DEFAULT force_raw_images "False"
+ iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address $HOST_IP
+ iniset $NOVA_CONF DEFAULT vncserver_listen $HOST_IP
+ iniset $NOVA_CONF DEFAULT vnc_keymap
fi
}
@@ -96,14 +89,6 @@
yum_install libcgroup-tools
fi
fi
-
- if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
- if is_ubuntu; then
- install_package python-guestfs
- elif is_fedora || is_suse; then
- install_package python-libguestfs
- fi
- fi
}
# start_nova_hypervisor - Start any required external services
diff --git a/lib/swift b/lib/swift
index 8147b7a..826f233 100644
--- a/lib/swift
+++ b/lib/swift
@@ -608,9 +608,8 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local swift_service=$(get_or_create_service "swift" \
- "object-store" "Swift Service")
- get_or_create_endpoint $swift_service \
+ get_or_create_service "swift" "object-store" "Swift Service"
+ get_or_create_endpoint "object-store" \
"$REGION_NAME" \
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080" \
diff --git a/lib/tempest b/lib/tempest
index cb5711f..68ddd44 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -271,11 +271,11 @@
fi
fi
- EC2_URL=$(openstack endpoint show -f value -c publicurl ec2 || true)
+ EC2_URL=$(get_endpoint_url ec2 public || true)
if [[ -z $EC2_URL ]]; then
EC2_URL="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
fi
- S3_URL=$(openstack endpoint show -f value -c publicurl s3 || true)
+ S3_URL=$(get_endpoint_url s3 public || true)
if [[ -z $S3_URL ]]; then
S3_URL="http://$SERVICE_HOST:${S3_SERVICE_PORT:-3333}"
fi
diff --git a/lib/zaqar b/lib/zaqar
index 891b0ea..fdab3a2 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -210,9 +210,8 @@
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local zaqar_service=$(get_or_create_service "zaqar" \
- "messaging" "Zaqar Service")
- get_or_create_endpoint $zaqar_service \
+ get_or_create_service "zaqar" "messaging" "Zaqar Service"
+ get_or_create_endpoint "messaging" \
"$REGION_NAME" \
"$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT" \
"$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT" \
diff --git a/stackrc b/stackrc
index 3728813..d16fcf6 100644
--- a/stackrc
+++ b/stackrc
@@ -575,8 +575,8 @@
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.2-i386-disk.vmdk}
IMAGE_URLS=${IMAGE_URLS:-"http://partnerweb.vmware.com/programs/vmdkimage/cirros-0.3.2-i386-disk.vmdk"};;
xenserver)
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.0-x86_64-disk}
- IMAGE_URLS=${IMAGE_URLS:-"https://github.com/downloads/citrix-openstack/warehouse/cirros-0.3.0-x86_64-disk.vhd.tgz"}
+ DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
+ IMAGE_URLS=${IMAGE_URLS:-"http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"}
IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
ironic)
# Ironic can do both partition and full disk images, depending on the driver
diff --git a/tests/test_worlddump.sh b/tests/test_worlddump.sh
new file mode 100755
index 0000000..f407d40
--- /dev/null
+++ b/tests/test_worlddump.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Simple test of worlddump.py
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+source $TOP/tests/unittest.sh
+
+OUT_DIR=$(mktemp -d)
+
+$TOP/tools/worlddump.py -d $OUT_DIR
+
+if [[ $? -ne 0 ]]; then
+ fail "worlddump failed"
+else
+
+ # worlddump creates just one output file
+ OUT_FILE=($OUT_DIR/*.txt)
+
+ if [ ! -r $OUT_FILE ]; then
+ failed "worlddump output not seen"
+ else
+ passed "worlddump output $OUT_FILE"
+
+ if [[ $(stat -c %s $OUT_DIR/*.txt) -gt 0 ]]; then
+ passed "worlddump output is not zero sized"
+ fi
+
+ # put more extensive examination here, if required.
+ fi
+fi
+
+rm -rf $OUT_DIR
+
+report_results
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index f067ed1..c2dbe1a 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -16,45 +16,49 @@
usage: $0 <options..>
-This script creates certificates and sourcable rc files per tenant/user.
+This script creates certificates and sourcable rc files per project/user.
Target account directory hierarchy:
target_dir-|
|-cacert.pem
- |-tenant1-name|
- | |- user1
- | |- user1-cert.pem
- | |- user1-pk.pem
- | |- user2
- | ..
- |-tenant2-name..
+ |-project1-name|
+ | |- user1
+ | |- user1-cert.pem
+ | |- user1-pk.pem
+ | |- user2
+ | ..
+ |-project2-name..
..
Optional Arguments
-P include password to the rc files; with -A it assume all users password is the same
-A try with all user
-u <username> create files just for the specified user
--C <tenant_name> create user and tenant, the specifid tenant will be the user's tenant
--r <name> when combined with -C and the (-u) user exists it will be the user's tenant role in the (-C)tenant (default: Member)
+-C <project_name> create user and project, the specifid project will be the user's project
+-r <name> when combined with -C and the (-u) user exists it will be the user's project role in the (-C)project (default: Member)
-p <userpass> password for the user
--heat-url <heat_url>
--os-username <username>
--os-password <admin password>
---os-tenant-name <tenant_name>
---os-tenant-id <tenant_id>
+--os-project-name <project_name>
+--os-project-id <project_id>
+--os-user-domain-id <user_domain_id>
+--os-user-domain-name <user_domain_name>
+--os-project-domain-id <project_domain_id>
+--os-project-domain-name <project_domain_name>
--os-auth-url <auth_url>
--os-cacert <cert file>
--target-dir <target_directory>
---skip-tenant <tenant-name>
+--skip-project <project-name>
--debug
Example:
$0 -AP
-$0 -P -C mytenant -u myuser -p mypass
+$0 -P -C myproject -u myuser -p mypass
EOF
}
-if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-name:,os-tenant-id:,os-auth-url:,target-dir:,heat-url:,skip-tenant:,os-cacert:,help,debug -- "$@"); then
+if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-id:,os-tenant-name:,os-project-name:,os-project-id:,os-project-domain-id:,os-project-domain-name:,os-user-domain-id:,os-user-domain-name:,os-auth-url:,target-dir:,heat-url:,skip-project:,os-cacert:,help,debug -- "$@"); then
display_help
exit 1
fi
@@ -62,10 +66,10 @@
ADDPASS=""
HEAT_URL=""
-# The services users usually in the service tenant.
+# The services users usually in the service project.
# rc files for service users, is out of scope.
-# Supporting different tenant for services is out of scope.
-SKIP_TENANT="service"
+# Supporting different project for services is out of scope.
+SKIP_PROJECT="service"
MODE=""
ROLE=Member
USER_NAME=""
@@ -75,9 +79,16 @@
-h|--help) display_help; exit 0 ;;
--os-username) export OS_USERNAME=$2; shift ;;
--os-password) export OS_PASSWORD=$2; shift ;;
- --os-tenant-name) export OS_TENANT_NAME=$2; shift ;;
- --os-tenant-id) export OS_TENANT_ID=$2; shift ;;
- --skip-tenant) SKIP_TENANT="$SKIP_TENANT$2,"; shift ;;
+ --os-tenant-name) export OS_PROJECT_NAME=$2; shift ;;
+ --os-tenant-id) export OS_PROJECT_ID=$2; shift ;;
+ --os-project-name) export OS_PROJECT_NAME=$2; shift ;;
+ --os-project-id) export OS_PROJECT_ID=$2; shift ;;
+ --os-user-domain-id) export OS_USER_DOMAIN_ID=$2; shift ;;
+ --os-user-domain-name) export OS_USER_DOMAIN_NAME=$2; shift ;;
+ --os-project-domain-id) export OS_PROJECT_DOMAIN_ID=$2; shift ;;
+ --os-project-domain-name) export OS_PROJECT_DOMAIN_NAME=$2; shift ;;
+ --skip-tenant) SKIP_PROJECT="$SKIP_PROJECT$2,"; shift ;;
+ --skip-project) SKIP_PROJECT="$SKIP_PROJECT$2,"; shift ;;
--os-auth-url) export OS_AUTH_URL=$2; shift ;;
--os-cacert) export OS_CACERT=$2; shift ;;
--target-dir) ACCOUNT_DIR=$2; shift ;;
@@ -87,7 +98,7 @@
-p) USER_PASS=$2; shift ;;
-A) MODE=all; ;;
-P) ADDPASS="yes" ;;
- -C) MODE=create; TENANT=$2; shift ;;
+ -C) MODE=create; PROJECT=$2; shift ;;
-r) ROLE=$2; shift ;;
(--) shift; break ;;
(-*) echo "$0: error - unrecognized option $1" >&2; display_help; exit 1 ;;
@@ -105,8 +116,16 @@
fi
fi
-if [ -z "$OS_TENANT_NAME" -a -z "$OS_TENANT_ID" ]; then
- export OS_TENANT_NAME=admin
+if [ -z "$OS_PROJECT_ID" -a "$OS_TENANT_ID" ]; then
+ export OS_PROJECT_ID=$OS_TENANT_ID
+fi
+
+if [ -z "$OS_PROJECT_NAME" -a "$OS_TENANT_NAME" ]; then
+ export OS_PROJECT_NAME=$OS_TENANT_NAME
+fi
+
+if [ -z "$OS_PROJECT_NAME" -a -z "$OS_PROJECT_ID" ]; then
+ export OS_PROJECT_NAME=admin
fi
if [ -z "$OS_USERNAME" ]; then
@@ -117,6 +136,16 @@
export OS_AUTH_URL=http://localhost:5000/v2.0/
fi
+if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
+ # purposefully not exported as it would force v3 auth within this file.
+ OS_USER_DOMAIN_ID=default
+fi
+
+if [ -z "$OS_PROJECT_DOMAIN_ID" -a -z "$OS_PROJECT_DOMAIN_NAME" ]; then
+ # purposefully not exported as it would force v3 auth within this file.
+ OS_PROJECT_DOMAIN_ID=default
+fi
+
USER_PASS=${USER_PASS:-$OS_PASSWORD}
USER_NAME=${USER_NAME:-$OS_USERNAME}
@@ -156,21 +185,21 @@
function add_entry {
local user_id=$1
local user_name=$2
- local tenant_id=$3
- local tenant_name=$4
+ local project_id=$3
+ local project_name=$4
local user_passwd=$5
# The admin user can see all user's secret AWS keys, it does not looks good
- local line=`openstack ec2 credentials list --user $user_id | grep " $tenant_id "`
+ local line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
if [ -z "$line" ]; then
- openstack ec2 credentials create --user $user_id --project $tenant_id 1>&2
- line=`openstack ec2 credentials list --user $user_id | grep " $tenant_id "`
+ openstack ec2 credentials create --user $user_id --project $project_id 1>&2
+ line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
fi
local ec2_access_key ec2_secret_key
read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $2 " " $4 }'`
- mkdir -p "$ACCOUNT_DIR/$tenant_name"
- local rcfile="$ACCOUNT_DIR/$tenant_name/$user_name"
- # The certs subject part are the tenant ID "dash" user ID, but the CN should be the first part of the DN
+ mkdir -p "$ACCOUNT_DIR/$project_name"
+ local rcfile="$ACCOUNT_DIR/$project_name/$user_name"
+ # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN
# Generally the subject DN parts should be in reverse order like the Issuer
# The Serial does not seams correctly marked either
local ec2_cert="$rcfile-cert.pem"
@@ -183,7 +212,7 @@
mv -f "$ec2_cert" "$ec2_cert.old"
fi
# It will not create certs when the password is incorrect
- if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-tenant-name "$tenant_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
+ if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
if [ -e "$ec2_private_key.old" ]; then
mv -f "$ec2_private_key.old" "$ec2_private_key"
fi
@@ -199,8 +228,8 @@
export S3_URL="$S3_URL"
# OpenStack USER ID = $user_id
export OS_USERNAME="$user_name"
-# OpenStack Tenant ID = $tenant_id
-export OS_TENANT_NAME="$tenant_name"
+# OpenStack project ID = $project_id
+export OS_PROJECT_NAME="$project_name"
export OS_AUTH_URL="$OS_AUTH_URL"
export OS_CACERT="$OS_CACERT"
export EC2_CERT="$ec2_cert"
@@ -208,14 +237,22 @@
export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
+export OS_AUTH_TYPE=v2password
EOF
if [ -n "$ADDPASS" ]; then
echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
fi
if [ -n "$HEAT_URL" ]; then
- echo "export HEAT_URL=\"$HEAT_URL/$tenant_id\"" >>"$rcfile"
+ echo "export HEAT_URL=\"$HEAT_URL/$project_id\"" >>"$rcfile"
echo "export OS_NO_CLIENT_AUTH=True" >>"$rcfile"
fi
+ for v in OS_USER_DOMAIN_ID OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_ID OS_PROJECT_DOMAIN_NAME; do
+ if [ ${!v} ]; then
+ echo "export $v=${!v}" >>"$rcfile"
+ else
+ echo "unset $v" >>"$rcfile"
+ fi
+ done
}
#admin users expected
@@ -245,9 +282,9 @@
}
if [ $MODE != "create" ]; then
- # looks like I can't ask for all tenant related to a specified user
- openstack project list --long --quote none -f csv | grep ',True' | grep -v "${SKIP_TENANT}" | while IFS=, read tenant_id tenant_name desc enabled; do
- openstack user list --project $tenant_id --long --quote none -f csv | grep ',True' | while IFS=, read user_id user_name project email enabled; do
+ # looks like I can't ask for all project related to a specified user
+ openstack project list --long --quote none -f csv | grep ',True' | grep -v "${SKIP_PROJECT}" | while IFS=, read project_id project_name desc enabled; do
+ openstack user list --project $project_id --long --quote none -f csv | grep ',True' | while IFS=, read user_id user_name project email enabled; do
if [ $MODE = one -a "$user_name" != "$USER_NAME" ]; then
continue;
fi
@@ -259,21 +296,21 @@
if [ -n "$SPECIFIC_UPASSWORD" ]; then
USER_PASS=$SPECIFIC_UPASSWORD
fi
- add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
+ add_entry "$user_id" "$user_name" "$project_id" "$project_name" "$USER_PASS"
done
done
else
- tenant_name=$TENANT
- tenant_id=$(create_or_get_project "$TENANT")
+ project_name=$PROJECT
+ project_id=$(create_or_get_project "$PROJECT")
user_name=$USER_NAME
user_id=`get_user_id $user_name`
if [ -z "$user_id" ]; then
- eval $(openstack user create "$user_name" --project "$tenant_id" --password "$USER_PASS" --email "$user_name@example.com" -f shell -c id)
+ eval $(openstack user create "$user_name" --project "$project_id" --password "$USER_PASS" --email "$user_name@example.com" -f shell -c id)
user_id=$id
- add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
+ add_entry "$user_id" "$user_name" "$project_id" "$project_name" "$USER_PASS"
else
role_id=$(create_or_get_role "$ROLE")
- openstack role add "$role_id" --user "$user_id" --project "$tenant_id"
- add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
+ openstack role add "$role_id" --user "$user_id" --project "$project_id"
+ add_entry "$user_id" "$user_name" "$project_id" "$project_name" "$USER_PASS"
fi
fi
diff --git a/tools/worlddump.py b/tools/worlddump.py
index 628a69f..e4ba02b 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -21,9 +21,9 @@
import fnmatch
import os
import os.path
+import subprocess
import sys
-from subprocess import Popen
def get_options():
parser = argparse.ArgumentParser(
@@ -47,7 +47,10 @@
print cmd
print "-" * len(cmd)
print
- Popen(cmd, shell=True)
+ try:
+ subprocess.check_call(cmd, shell=True)
+ except subprocess.CalledProcessError:
+ print "*** Failed to run: %s" % cmd
def _header(name):
@@ -109,6 +112,13 @@
def guru_meditation_report():
_header("nova-compute Guru Meditation Report")
+
+ try:
+ subprocess.check_call(["pgrep","nova-compute"])
+ except subprocess.CalledProcessError:
+ print "Skipping as nova-compute does not appear to be running"
+ return
+
_dump_cmd("kill -s USR1 `pgrep nova-compute`")
print "guru meditation report in nova-compute log"