Merge "Fix libguestfs on Ubuntu"
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 6ece997..89f74c3 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -76,6 +76,7 @@
magnum `git://git.openstack.org/openstack/magnum <https://git.openstack.org/cgit/openstack/magnum>`__
magnum-ui `git://git.openstack.org/openstack/magnum-ui <https://git.openstack.org/cgit/openstack/magnum-ui>`__
manila `git://git.openstack.org/openstack/manila <https://git.openstack.org/cgit/openstack/manila>`__
+manila-ui `git://git.openstack.org/openstack/manila-ui <https://git.openstack.org/cgit/openstack/manila-ui>`__
masakari `git://git.openstack.org/openstack/masakari <https://git.openstack.org/cgit/openstack/masakari>`__
mistral `git://git.openstack.org/openstack/mistral <https://git.openstack.org/cgit/openstack/mistral>`__
mixmatch `git://git.openstack.org/openstack/mixmatch <https://git.openstack.org/cgit/openstack/mixmatch>`__
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 428544f..84dc273 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -34,6 +34,12 @@
%SSLKEYFILE%
</VirtualHost>
+%SSLLISTEN%<VirtualHost *:443>
+%SSLLISTEN% %SSLENGINE%
+%SSLLISTEN% %SSLCERTFILE%
+%SSLLISTEN% %SSLKEYFILE%
+%SSLLISTEN%</VirtualHost>
+
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
diff --git a/lib/cinder b/lib/cinder
index ad434d6..f6ad780 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -373,13 +373,6 @@
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
-
- # Set the backend url according to the configured dlm backend
- if is_dlm_enabled; then
- if [[ "$(dlm_backend)" == "zookeeper" ]]; then
- iniset $CINDER_CONF coordination backend_url "zake://"
- fi
- fi
}
# create_cinder_accounts() - Set up common required cinder accounts
diff --git a/lib/cinder_backends/ceph b/lib/cinder_backends/ceph
index ba86ccf..00a0bb3 100644
--- a/lib/cinder_backends/ceph
+++ b/lib/cinder_backends/ceph
@@ -48,7 +48,7 @@
iniset $CINDER_CONF $be_name rbd_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF $be_name rbd_pool "$CINDER_CEPH_POOL"
iniset $CINDER_CONF $be_name rbd_user "$CINDER_CEPH_USER"
- iniset $CINDER_CONF $be_name rbd_uuid "$CINDER_CEPH_UUID"
+ iniset $CINDER_CONF $be_name rbd_secret_uuid "$CINDER_CEPH_UUID"
iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False
iniset $CINDER_CONF $be_name rbd_max_clone_depth 5
iniset $CINDER_CONF DEFAULT glance_api_version 2
diff --git a/lib/glance b/lib/glance
index 5259174..da9cd43 100644
--- a/lib/glance
+++ b/lib/glance
@@ -235,7 +235,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/horizon b/lib/horizon
index c0faed7..830da09 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -126,9 +126,7 @@
if is_ubuntu; then
disable_apache_site 000-default
sudo touch $horizon_conf
- elif is_fedora; then
- sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
- elif is_suse; then
+ elif is_fedora || is_suse; then
: # nothing to do
else
exit_distro_not_supported "horizon apache configuration"
diff --git a/lib/keystone b/lib/keystone
index 948d5b4..fd1d1d4 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -153,6 +153,7 @@
function _config_keystone_apache_wsgi {
local keystone_apache_conf
keystone_apache_conf=$(apache_site_config_for keystone)
+ keystone_ssl_listen="#"
local keystone_ssl=""
local keystone_certfile=""
local keystone_keyfile=""
@@ -161,6 +162,7 @@
local venv_path=""
if is_ssl_enabled_service key; then
+ keystone_ssl_listen=""
keystone_ssl="SSLEngine On"
keystone_certfile="SSLCertificateFile $KEYSTONE_SSL_CERT"
keystone_keyfile="SSLCertificateKeyFile $KEYSTONE_SSL_KEY"
@@ -178,6 +180,7 @@
s|%PUBLICPORT%|$keystone_service_port|g;
s|%ADMINPORT%|$keystone_auth_port|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%SSLLISTEN%|$keystone_ssl_listen|g;
s|%SSLENGINE%|$keystone_ssl|g;
s|%SSLCERTFILE%|$keystone_certfile|g;
s|%SSLKEYFILE%|$keystone_keyfile|g;
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 613e0f1..0b0caf1 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -509,6 +509,10 @@
function stop_mutnauq_l2_agent {
stop_process q-agt
+
+ if [ "$VIRT_DRIVER" = 'xenserver' ]; then
+ stop_process q-domua
+ fi
}
# stop_mutnauq_other() - Stop running processes (non-screen)
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index e27b8a6..f009966 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -81,19 +81,24 @@
# integration bridge. This is enabled by using a root wrapper
# that executes commands on dom0 via a XenAPI plugin.
# XenAPI does not support daemon rootwrap now, so set root_helper_daemon empty
- iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_DOM0_COMMAND"
- iniset /$Q_PLUGIN_CONF_FILE agent root_helper_daemon ""
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper "$Q_RR_DOM0_COMMAND"
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper_daemon ""
# Disable minimize polling, so that it can always detect OVS and Port changes
# This is a problem of xenserver + neutron, bug has been reported
# https://bugs.launchpad.net/neutron/+bug/1495423
- iniset /$Q_PLUGIN_CONF_FILE agent minimize_polling False
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" agent minimize_polling False
# Set "physical" mapping
- iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings "physnet1:$FLAT_NETWORK_BRIDGE"
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:$FLAT_NETWORK_BRIDGE"
# XEN_INTEGRATION_BRIDGE is the integration bridge in dom0
- iniset /$Q_PLUGIN_CONF_FILE ovs integration_bridge $XEN_INTEGRATION_BRIDGE
+ iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs integration_bridge $XEN_INTEGRATION_BRIDGE
+
+ # Set OVS native interface for ovs-agent in compute node
+ XEN_DOM0_IP=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3)
+ iniset /$Q_PLUGIN_CONF_FILE ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
+ iniset /$Q_PLUGIN_CONF_FILE ovs of_listen_address $HOST_IP
# Set up domU's L2 agent:
@@ -107,11 +112,11 @@
sudo ovs-vsctl -- --may-exist add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE
# Set bridge mappings to "physnet1:br-$GUEST_INTERFACE_DEFAULT"
- iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:br-$VLAN_INTERFACE,physnet-ex:$PUBLIC_BRIDGE"
+ iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings "physnet1:br-$VLAN_INTERFACE,physnet-ex:$PUBLIC_BRIDGE"
# Set integration bridge to domU's
- iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs integration_bridge $OVS_BRIDGE
+ iniset /$Q_PLUGIN_CONF_FILE ovs integration_bridge $OVS_BRIDGE
# Set root wrap
- iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper "$Q_RR_COMMAND"
+ iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
fi
iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
iniset /$Q_PLUGIN_CONF_FILE ovs datapath_type $OVS_DATAPATH_TYPE
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index baf7d7f..1004325 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -30,7 +30,7 @@
function _neutron_ovs_base_setup_bridge {
local bridge=$1
- neutron-ovs-cleanup
+ neutron-ovs-cleanup --config-file $NEUTRON_CONF
_neutron_ovs_base_add_bridge $bridge
sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
}
@@ -97,7 +97,7 @@
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
fi
- neutron-ovs-cleanup
+ neutron-ovs-cleanup --config-file $NEUTRON_CONF
if [[ "$Q_USE_PUBLIC_VETH" = "True" ]]; then
ip link show $Q_PUBLIC_VETH_INT > /dev/null 2>&1 ||
sudo ip link add $Q_PUBLIC_VETH_INT type veth \
diff --git a/lib/nova b/lib/nova
index ca9a6c7..d5db5ea 100644
--- a/lib/nova
+++ b/lib/nova
@@ -85,9 +85,6 @@
# NOTE: Set ``FORCE_CONFIG_DRIVE="False"`` to turn OFF config drive
FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"False"}
-# Option to initialize CellsV2 environment
-NOVA_CONFIGURE_CELLSV2=$(trueorfalse False NOVA_CONFIGURE_CELLSV2)
-
# Nova supports pluggable schedulers. The default ``FilterScheduler``
# should work in most cases.
SCHEDULER=${SCHEDULER:-filter_scheduler}
@@ -681,9 +678,7 @@
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
# (Re)create nova databases
recreate_database nova
- if [ "$NOVA_CONFIGURE_CELLSV2" != "False" ]; then
- recreate_database nova_api_cell0
- fi
+ recreate_database nova_api_cell0
# Migrate nova database. If "nova-manage cell_v2 simple_cell_setup" has
# been run this migrates the "nova" and "nova_api_cell0" database.
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index a63e72e..b053856 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -93,6 +93,15 @@
if is_service_enabled neutron; then
# Remove restriction on linux bridge in Dom0 when neutron is enabled
$ssh_dom0 "rm -f /etc/modprobe.d/blacklist-bridge*"
+
+ count=`$ssh_dom0 "iptables -t filter -L XenServerDevstack |wc -l"`
+ if [ "$count" = "0" ]; then
+ {
+ echo "iptables -t filter --new XenServerDevstack"
+ echo "iptables -t filter -I INPUT -j XenServerDevstack"
+ echo "iptables -t filter -I XenServerDevstack -p tcp --dport 6640 -j ACCEPT"
+ } | $ssh_dom0
+ fi
fi
}
diff --git a/lib/tempest b/lib/tempest
index 5746ffc..6dc83b5 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -269,13 +269,15 @@
iniset $TEMPEST_CONFIG auth admin_project_name $admin_project_name
iniset $TEMPEST_CONFIG auth admin_domain_name $admin_domain_name
fi
- if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
- # Only Identity v3 is available; then skip Identity API v2 tests
- iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
- # In addition, use v3 auth tokens for running all Tempest tests
- iniset $TEMPEST_CONFIG identity auth_version v3
- else
+ if [ "$ENABLE_IDENTITY_V2" == "True" ]; then
+ # Run Identity API v2 tests ONLY if needed
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 True
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
+ else
+ # Skip Identity API v2 tests by default
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
+ # Use v3 auth tokens for running all Tempest tests
+ iniset $TEMPEST_CONFIG identity auth_version v3
fi
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
diff --git a/openrc b/openrc
index 8d8ae8b..d1c6129 100644
--- a/openrc
+++ b/openrc
@@ -81,12 +81,12 @@
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
# Identity API version
-export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/project has access to - including nova, glance, keystone, swift, ...
-# We currently recommend using the 2.0 *identity api*.
+# We currently recommend using the version 3 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
diff --git a/stack.sh b/stack.sh
index 74edb10..05a7666 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1385,8 +1385,16 @@
# ----------------------
# Do this late because it requires compute hosts to have started
-if is_service_enabled n-api && [ "$NOVA_CONFIGURE_CELLSV2" == "True" ]; then
- create_cell
+if is_service_enabled n-api; then
+ if is_service_enabled n-cpu; then
+ create_cell
+ else
+ # Some CI systems like Hyper-V build the control plane on
+ # Linux, and join in non Linux Computes after setup. This
+ # allows them to delay the processing until after their whole
+ # environment is up.
+ echo_summary "SKIPPING Cell setup because n-cpu is not enabled. You will have to do this manually before you have a working environment."
+ fi
fi
# Bash completion
@@ -1411,6 +1419,9 @@
# Phase: test-config
run_phase stack test-config
+# Apply late configuration from ``local.conf`` if it exists for layer 2 services
+# Phase: test-config
+merge_config_group $TOP_DIR/local.conf test-config
# Fin
# ===
diff --git a/stackrc b/stackrc
index b5018de..9799d1d 100644
--- a/stackrc
+++ b/stackrc
@@ -148,7 +148,7 @@
fi
# Configure Identity API version: 2.0, 3
-IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
# deployment will be deploying the Identity v2 pipelines. If this option is set
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 30d1a01..f4a4edc 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -152,7 +152,7 @@
fi
if [ -z "$OS_AUTH_URL" ]; then
- export OS_AUTH_URL=http://localhost:5000/v2.0/
+ export OS_AUTH_URL=http://localhost:5000/v3/
fi
if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then