Merge "cinder.conf: Set privsep_osbrick.helper_command"
diff --git a/.gitignore b/.gitignore
index 8870bb3..a470ff5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@
*.log.[1-9]
*.pem
.localrc.auto
+.localrc.password
.prereqs
.tox
.stackenv
@@ -11,6 +12,9 @@
doc/files
doc/build
files/*.gz
+files/*.vmdk
+files/*.rpm
+files/*.rpm.*
files/*.qcow2
files/*.img
files/images
@@ -25,3 +29,5 @@
src
stack-screenrc
userrc_early
+AUTHORS
+ChangeLog
diff --git a/README.md b/README.md
index dd394c2..4ba4619 100644
--- a/README.md
+++ b/README.md
@@ -61,13 +61,6 @@
# list instances
nova list
-If the EC2 API is your cup-o-tea, you can create credentials and use euca2ools:
-
- # source eucarc to generate EC2 credentials and set up the environment
- . eucarc
- # list instances using ec2 api
- euca-describe-instances
-
# DevStack Execution Environment
DevStack runs rampant over the system it runs on, installing things and
diff --git a/clean.sh b/clean.sh
index 3db4858..b18f28e 100755
--- a/clean.sh
+++ b/clean.sh
@@ -26,7 +26,7 @@
fi
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
diff --git a/data/devstack-plugins-registry.footer b/data/devstack-plugins-registry.footer
deleted file mode 100644
index 669cb8d..0000000
--- a/data/devstack-plugins-registry.footer
+++ /dev/null
@@ -1,28 +0,0 @@
-
-Drivers
-=======
-
-+--------------------+-------------------------------------------------+------------------+
-|Plugin Name |URL |Comments |
-+--------------------+-------------------------------------------------+------------------+
-|dragonflow |git://git.openstack.org/openstack/dragonflow |[d1]_ |
-+--------------------+-------------------------------------------------+------------------+
-|odl |git://git.openstack.org/openstack/networking-odl |[d2]_ |
-+--------------------+-------------------------------------------------+------------------+
-
-.. [d1] demonstrates example of installing 3rd party SDN controller
-.. [d2] demonstrates a pretty advanced set of modes that that allow
- one to run OpenDayLight either from a pre-existing install, or
- also from source
-
-Alternate Configs
-=================
-
-+-------------+------------------------------------------------------------+------------+
-| Plugin Name | URL | Comments |
-| | | |
-+-------------+------------------------------------------------------------+------------+
-|glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs | |
-+-------------+------------------------------------------------------------+------------+
-| | | |
-+-------------+------------------------------------------------------------+------------+
diff --git a/data/devstack-plugins-registry.header b/data/devstack-plugins-registry.header
index 9f8a994..46d5e60 100644
--- a/data/devstack-plugins-registry.header
+++ b/data/devstack-plugins-registry.header
@@ -1,3 +1,8 @@
+..
+ Note to patch submitters: this file is covered by a periodic proposal
+ job. You should edit the files data/devstack-plugins-registry.footer
+ data/devstack-plugins-registry.header instead of this one.
+
==========================
DevStack Plugin Registry
==========================
@@ -14,6 +19,6 @@
namespace, which includes but is not limited to official OpenStack
projects.
-+------------------+------------------------------------------------------------+------------+
-|Plugin Name |URL |Date |
-+------------------+------------------------------------------------------------+------------+
++----------------------------+-------------------------------------------------------------------------+
+|Plugin Name |URL |
++----------------------------+-------------------------------------------------------------------------+
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 6f45c1c..0493f8f 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -104,7 +104,7 @@
::
[[local|localrc]]
- ADMIN_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
@@ -379,24 +379,6 @@
PIP_UPGRADE=True
-
-Service Catalog Backend
------------------------
-
-By default DevStack uses Keystone's ``sql`` service catalog backend.
-An alternate ``template`` backend is also available, however, it does
-not support the ``service-*`` and ``endpoint-*`` commands of the
-``keystone`` CLI. To do so requires the ``sql`` backend be enabled
-with ``KEYSTONE_CATALOG_BACKEND``:
-
- ::
-
- KEYSTONE_CATALOG_BACKEND=template
-
-DevStack's default configuration in ``sql`` mode is set in
-``lib/keystone``
-
-
Guest Images
------------
diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
deleted file mode 100644
index c2ecbc6..0000000
--- a/doc/source/eucarc.rst
+++ /dev/null
@@ -1,45 +0,0 @@
-=====================
-eucarc - EC2 Settings
-=====================
-
-``eucarc`` creates EC2 credentials for the current user as defined by
-``OS_TENANT_NAME:OS_USERNAME``. ``eucarc`` sources ``openrc`` at the
-beginning (which in turn sources ``stackrc`` and ``localrc``) in order
-to set credentials to create EC2 credentials in Keystone.
-
-EC2\_URL
- Set the EC2 url for euca2ools. The endpoint is extracted from the
- service catalog for ``OS_TENANT_NAME:OS_USERNAME``.
-
- ::
-
- EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
-
-S3\_URL
- Set the S3 endpoint for euca2ools. The endpoint is extracted from
- the service catalog for ``OS_TENANT_NAME:OS_USERNAME``.
-
- ::
-
- export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
-
-EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
- Create EC2 credentials for the current tenant:user in Keystone.
-
- ::
-
- CREDS=$(openstack ec2 credentials create)
- export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
- export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
-
-Certificates for Bundling
- Euca2ools requires certificate files to enable bundle uploading. The
- exercise script ``exercises/bundle.sh`` demonstrated retrieving
- certificates using the Nova CLI.
-
- ::
-
- EC2_PRIVATE_KEY=pk.pem
- EC2_CERT=cert.pem
- NOVA_CERT=cacert.pem
- EUCALYPTUS_CERT=${NOVA_CERT}
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 7aca8d0..7793d8e 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -85,7 +85,7 @@
function sourceopenrc {
pushd ~/devstack >/dev/null
- eval $(bash -c ". openrc $1 $2;env|sed -n '/OS_/ { s/^/export /;p}'")
+ eval $(bash -c ". openrc $1 $2 >/dev/null;env|sed -n '/OS_/ { s/^/export /;p}'")
popd >/dev/null
}
@@ -110,11 +110,11 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Services can be turned off by adding ``disable_service xxx`` to
-``local.conf`` (using ``n-vol`` in this example):
+``local.conf`` (using ``c-vol`` in this example):
::
- disable_service n-vol
+ disable_service c-vol
Is enabling a service that defaults to off done with the reverse of the above?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/source/guides/lxc.rst b/doc/source/guides/lxc.rst
new file mode 100644
index 0000000..a719d60
--- /dev/null
+++ b/doc/source/guides/lxc.rst
@@ -0,0 +1,164 @@
+================================
+All-In-One Single LXC Container
+================================
+
+This guide walks you through the process of deploying OpenStack using devstack
+in an LXC container instead of a VM.
+
+The primary benefits to running devstack inside a container instead of a VM is
+faster performance and lower memory overhead while still providing a suitable
+level of isolation. This can be particularly useful when you want to simulate
+running OpenStack on multiple nodes.
+
+.. Warning:: Containers do not provide the same level of isolation as a virtual
+ machine.
+
+.. Note:: Not all OpenStack features support running inside of a container. See
+ `Limitations`_ section below for details. :doc:`OpenStack in a VM <single-vm>`
+ is recommended for beginners.
+
+Prerequisites
+==============
+
+This guide is written for Ubuntu 14.04 but should be adaptable for any modern
+Linux distribution.
+
+Install the LXC package::
+
+ sudo apt-get install lxc
+
+You can verify support for containerization features in your currently running
+kernel using the ``lxc-checkconfig`` command.
+
+Container Setup
+===============
+
+Configuration
+---------------
+
+For a successful run of ``stack.sh`` and to permit use of KVM to run the VMs you
+launch inside your container, we need to use the following additional
+configuration options. Place the following in a file called
+``devstack-lxc.conf``::
+
+ # Permit access to /dev/loop*
+ lxc.cgroup.devices.allow = b 7:* rwm
+
+ # Setup access to /dev/net/tun and /dev/kvm
+ lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
+ lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
+
+ # Networking
+ lxc.network.type = veth
+ lxc.network.flags = up
+ lxc.network.link = lxcbr0
+
+
+Create Container
+-------------------
+
+The configuration and rootfs for LXC containers are created using the
+``lxc-create`` command.
+
+We will name our container ``devstack`` and use the ``ubuntu`` template which
+will use ``debootstrap`` to build a Ubuntu rootfs. It will default to the same
+release and architecture as the host system. We also install the additional
+packages ``bsdmainutils`` and ``git`` as we'll need them to run devstack::
+
+ sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
+
+The first time it builds the rootfs will take a few minutes to download, unpack,
+and configure all the necessary packages for a minimal installation of Ubuntu.
+LXC will cache this and subsequent containers will only take seconds to create.
+
+.. Note:: To speed up the initial rootfs creation, you can specify a mirror to
+ download the Ubuntu packages from by appending ``--mirror=`` and then the URL
+ of a Ubuntu mirror. To see other other template options, you can run
+ ``lxc-create -t ubuntu -h``.
+
+Start Container
+----------------
+
+To start the container, run::
+
+ sudo lxc-start -n devstack
+
+A moment later you should be presented with the login prompt for your container.
+You can login using the username ``ubuntu`` and password ``ubuntu``.
+
+You can also ssh into your container. On your host, run
+``sudo lxc-info -n devstack`` to get the IP address (e.g.
+``ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')``).
+
+Run Devstack
+-------------
+
+You should now be logged into your container and almost ready to run devstack.
+The commands in this section should all be run inside your container.
+
+.. Tip:: You can greatly reduce the runtime of your initial devstack setup by
+ ensuring you have your apt sources.list configured to use a fast mirror.
+ Check and update ``/etc/apt/sources.list`` if necessary and then run
+ ``apt-get update``.
+
+#. Download DevStack
+
+ ::
+
+ git clone https://git.openstack.org/openstack-dev/devstack
+
+#. Configure
+
+ Refer to :ref:`minimal-configuration` if you wish to configure the behaviour
+ of devstack.
+
+#. Start the install
+
+ ::
+
+ cd devstack
+ ./stack.sh
+
+Cleanup
+-------
+
+To stop the container::
+
+ lxc-stop -n devstack
+
+To delete the container::
+
+ lxc-destroy -n devstack
+
+Limitations
+============
+
+Not all OpenStack features may function correctly or at all when ran from within
+a container.
+
+Cinder
+-------
+
+Unable to create LVM backed volume
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+ In our configuration, we have not whitelisted access to device-mapper or LVM
+ devices. Doing so will permit your container to have access and control of LVM
+ on the host system. To enable, add the following to your
+ ``devstack-lxc.conf`` before running ``lxc-create``::
+
+ lxc.cgroup.devices.allow = c 10:236 rwm
+ lxc.cgroup.devices.allow = b 252:* rwm
+
+ Additionally you'll need to set ``udev_rules = 0`` in the ``activation``
+ section of ``/etc/lvm/lvm.conf`` unless you mount devtmpfs in your container.
+
+Unable to attach volume to instance
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+ It is not possible to attach cinder volumes to nova instances due to parts of
+ the Linux iSCSI implementation not being network namespace aware. This can be
+ worked around by using network pass-through instead of a separate network
+ namespace but such a setup significantly reduces the isolation of the
+ container (e.g. a ``halt`` command issued in the container will cause the host
+ system to shutdown).
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 392bb1b..c996f95 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -129,8 +129,8 @@
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
DATABASE_PASSWORD=supersecret
- RABBIT_PASSWORD=supersecrete
- SERVICE_PASSWORD=supersecrete
+ RABBIT_PASSWORD=supersecret
+ SERVICE_PASSWORD=supersecret
In the multi-node configuration the first 10 or so IPs in the private
subnet are usually reserved. Add this to ``local.sh`` to have it run
@@ -169,8 +169,8 @@
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
DATABASE_PASSWORD=supersecret
- RABBIT_PASSWORD=supersecrete
- SERVICE_PASSWORD=supersecrete
+ RABBIT_PASSWORD=supersecret
+ SERVICE_PASSWORD=supersecret
DATABASE_TYPE=mysql
SERVICE_HOST=192.168.42.11
MYSQL_HOST=$SERVICE_HOST
@@ -254,7 +254,7 @@
# Add a user and project
NAME=bob
- PASSWORD=BigSecrete
+ PASSWORD=BigSecret
PROJECT=$NAME
openstack project create $PROJECT
openstack user create $NAME --password=$PASSWORD --project $PROJECT
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index c6af953..6ac3993 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -19,6 +19,18 @@
the OpenStack API traffic, and management traffic.
+.. warning::
+
+ When using a single interface networking setup, there will be a
+ temporary network outage as your IP address is moved from the
+ physical NIC of your machine, to the OVS bridge. If you are SSH'd
+ into the machine from another computer, there is a risk of being
+ disconnected from your ssh session (due to arp cache
+ invalidation), which would stop the stack.sh or leave it in an
+ unfinished state. In these cases, start stack.sh inside its own
+ screen session so it can continue to run.
+
+
Physical Network Setup
----------------------
@@ -59,10 +71,10 @@
MYSQL_HOST=172.18.161.6
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
- ADMIN_PASSWORD=secrete
- DATABASE_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ DATABASE_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
# Do not use Nova-Network
disable_service n-net
@@ -232,10 +244,10 @@
MYSQL_HOST=172.18.161.6
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
- ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
## Neutron options
PUBLIC_INTERFACE=eth0
@@ -362,10 +374,10 @@
GLANCE_HOSTPORT=10.0.0.2:9292
PUBLIC_INTERFACE=eth1
- ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
## Neutron options
Q_USE_SECGROUP=True
@@ -409,10 +421,10 @@
MYSQL_HOST=10.0.0.2
RABBIT_HOST=10.0.0.2
GLANCE_HOSTPORT=10.0.0.2:9292
- ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ MYSQL_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
# Services that a compute node runs
ENABLED_SERVICES=n-cpu,rabbit,q-agt
@@ -443,13 +455,18 @@
Non-Standard MTU on the Physical Network
----------------------------------------
-DevStack defaults to assume that the MTU on the physical network
-is 1500. A different MTU can be specified by adding the following to
-the `localrc` part of `local.conf` on each machine.
+Neutron by default uses a MTU of 1500 bytes, which is
+the standard MTU for Ethernet.
+
+A different MTU can be specified by adding the following to
+the Neutron section of `local.conf`. For example,
+if you have network equipment that supports jumbo frames, you could
+set the MTU to 9000 bytes by adding the following
::
- Q_ML2_PLUGIN_PATH_MTU=1500
+ [[post-config|/$Q_PLUGIN_CONF_FILE]]
+ global_physnet_mtu = 9000
Disabling Next Generation Firewall Tools
@@ -509,10 +526,10 @@
MYSQL_HOST=172.18.161.6
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
- ADMIN_PASSWORD=secrete
- DATABASE_PASSWORD=secrete
- RABBIT_PASSWORD=secrete
- SERVICE_PASSWORD=secrete
+ ADMIN_PASSWORD=secret
+ DATABASE_PASSWORD=secret
+ RABBIT_PASSWORD=secret
+ SERVICE_PASSWORD=secret
# Do not use Nova-Network
disable_service n-net
@@ -536,3 +553,4 @@
LB_PHYSICAL_INTERFACE=eth0
PUBLIC_PHYSICAL_NETWORK=default
LB_INTERFACE_MAPPINGS=default:eth0
+
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 4a1d93d..c79b2ce 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -76,6 +76,7 @@
guides/single-vm
guides/single-machine
+ guides/lxc
guides/multinode-lab
guides/neutron
guides/devstack-with-nested-kvm
@@ -96,6 +97,13 @@
server-class machine or a laptop at home.
:doc:`[Read] <guides/single-machine>`
+All-In-One LXC Container
+-------------------------
+
+Run :doc:`OpenStack in a LXC container <guides/lxc>`. Beneficial for intermediate
+and advanced users. The VMs launched in this cloud will be fully accelerated but
+not all OpenStack features are supported. :doc:`[Read] <guides/lxc>`
+
Multi-Node Lab
--------------
@@ -209,7 +217,6 @@
stackrc
openrc
exerciserc
- eucarc
Tools
-----
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index 0b090c7..4e7f075 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -35,7 +35,7 @@
::
- OS_PASSWORD=secrete
+ OS_PASSWORD=secret
HOST\_IP, SERVICE\_HOST
Set API endpoint host using ``HOST_IP``. ``SERVICE_HOST`` may also
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index b96883a..136a9e4 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -1,7 +1,7 @@
..
- Note to reviewers: the intent of this file is to be easy for
- community members to update. As such fast approving (single core +2)
- is fine as long as you've identified that the plugin listed actually exists.
+ Note to patch submitters: this file is covered by a periodic proposal
+ job. You should edit the files data/devstack-plugins-registry.footer
+ data/devstack-plugins-registry.header instead of this one.
==========================
DevStack Plugin Registry
@@ -12,100 +12,187 @@
exist. Any project that wishes to list their plugin here is welcomed
to.
-Official OpenStack Projects
-===========================
+Detected Plugins
+================
-The following are plugins that exist for official OpenStack projects.
+The following are plugins that a script has found in the openstack/
+namespace, which includes but is not limited to official OpenStack
+projects.
-+------------------+---------------------------------------------+--------------------+
-|Plugin Name |URL |Comments |
-+------------------+---------------------------------------------+--------------------+
-|aodh |git://git.openstack.org/openstack/aodh | alarming |
-+------------------+---------------------------------------------+--------------------+
-|barbican |git://git.openstack.org/openstack/barbican | key management |
-+------------------+---------------------------------------------+--------------------+
-|ceilometer |git://git.openstack.org/openstack/ceilometer | metering |
-+------------------+---------------------------------------------+--------------------+
-|congress |git://git.openstack.org/openstack/congress | governance |
-+------------------+---------------------------------------------+--------------------+
-|cue |git://git.openstack.org/openstack/cue | message-broker |
-+------------------+---------------------------------------------+--------------------+
-|gnocchi |git://git.openstack.org/openstack/gnocchi | metric |
-+------------------+---------------------------------------------+--------------------+
-|ironic |git://git.openstack.org/openstack/ironic | baremetal |
-+------------------+---------------------------------------------+--------------------+
-|magnum |git://git.openstack.org/openstack/magnum | |
-+------------------+---------------------------------------------+--------------------+
-|manila |git://git.openstack.org/openstack/manila | file shares |
-+------------------+---------------------------------------------+--------------------+
-|mistral |git://git.openstack.org/openstack/mistral | |
-+------------------+---------------------------------------------+--------------------+
-|rally |git://git.openstack.org/openstack/rally | |
-+------------------+---------------------------------------------+--------------------+
-|sahara |git://git.openstack.org/openstack/sahara | |
-+------------------+---------------------------------------------+--------------------+
-|trove |git://git.openstack.org/openstack/trove | |
-+------------------+---------------------------------------------+--------------------+
-|zaqar |git://git.openstack.org/openstack/zaqar | |
-+------------------+---------------------------------------------+--------------------+
-
-
-
-Drivers
-=======
-
-+--------------------+-------------------------------------------------+------------------+
-|Plugin Name |URL |Comments |
-+--------------------+-------------------------------------------------+------------------+
-|dragonflow |git://git.openstack.org/openstack/dragonflow |[d1]_ |
-+--------------------+-------------------------------------------------+------------------+
-|odl |git://git.openstack.org/openstack/networking-odl |[d2]_ |
-+--------------------+-------------------------------------------------+------------------+
-
-.. [d1] demonstrates example of installing 3rd party SDN controller
-.. [d2] demonstrates a pretty advanced set of modes that that allow
- one to run OpenDayLight either from a pre-existing install, or
- also from source
-
-Alternate Configs
-=================
-
-+-------------+------------------------------------------------------------+------------+
-| Plugin Name | URL | Comments |
-| | | |
-+-------------+------------------------------------------------------------+------------+
-|glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs | |
-+-------------+------------------------------------------------------------+------------+
-| | | |
-+-------------+------------------------------------------------------------+------------+
-
-Additional Services
-===================
-
-+-----------------+------------------------------------------------------------+------------+
-| Plugin Name | URL | Comments |
-| | | |
-+-----------------+------------------------------------------------------------+------------+
-|amqp1 |git://git.openstack.org/openstack/devstack-plugin-amqp1 | |
-+-----------------+------------------------------------------------------------+------------+
-|bdd |git://git.openstack.org/openstack/devstack-plugin-bdd | |
-+-----------------+------------------------------------------------------------+------------+
-|ec2-api |git://git.openstack.org/openstack/ec2-api |[as1]_ |
-+-----------------+------------------------------------------------------------+------------+
-|glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs | |
-+-----------------+------------------------------------------------------------+------------+
-|hdfs |git://git.openstack.org/openstack/devstack-plugin-hdfs | |
-+-----------------+------------------------------------------------------------+------------+
-|ironic-inspector |git://git.openstack.org/openstack/ironic-inspector | |
-+-----------------+------------------------------------------------------------+------------+
-|pika |git://git.openstack.org/openstack/devstack-plugin-pika | |
-+-----------------+------------------------------------------------------------+------------+
-|sheepdog |git://git.openstack.org/openstack/devstack-plugin-sheepdog | |
-+-----------------+------------------------------------------------------------+------------+
-|zmq |git://git.openstack.org/openstack/devstack-plugin-zmq | |
-+-----------------+------------------------------------------------------------+------------+
-| | | |
-+-----------------+------------------------------------------------------------+------------+
-
-.. [as1] first functional devstack plugin, hence why used in most of
- the examples.
++----------------------------+-------------------------------------------------------------------------+
+|Plugin Name |URL |
++----------------------------+-------------------------------------------------------------------------+
+|aodh |git://git.openstack.org/openstack/aodh |
++----------------------------+-------------------------------------------------------------------------+
+|app-catalog-ui |git://git.openstack.org/openstack/app-catalog-ui |
++----------------------------+-------------------------------------------------------------------------+
+|astara |git://git.openstack.org/openstack/astara |
++----------------------------+-------------------------------------------------------------------------+
+|barbican |git://git.openstack.org/openstack/barbican |
++----------------------------+-------------------------------------------------------------------------+
+|blazar |git://git.openstack.org/openstack/blazar |
++----------------------------+-------------------------------------------------------------------------+
+|broadview-collector |git://git.openstack.org/openstack/broadview-collector |
++----------------------------+-------------------------------------------------------------------------+
+|ceilometer |git://git.openstack.org/openstack/ceilometer |
++----------------------------+-------------------------------------------------------------------------+
+|ceilometer-powervm |git://git.openstack.org/openstack/ceilometer-powervm |
++----------------------------+-------------------------------------------------------------------------+
+|cerberus |git://git.openstack.org/openstack/cerberus |
++----------------------------+-------------------------------------------------------------------------+
+|cloudkitty |git://git.openstack.org/openstack/cloudkitty |
++----------------------------+-------------------------------------------------------------------------+
+|collectd-ceilometer-plugin |git://git.openstack.org/openstack/collectd-ceilometer-plugin |
++----------------------------+-------------------------------------------------------------------------+
+|congress |git://git.openstack.org/openstack/congress |
++----------------------------+-------------------------------------------------------------------------+
+|cue |git://git.openstack.org/openstack/cue |
++----------------------------+-------------------------------------------------------------------------+
+|designate |git://git.openstack.org/openstack/designate |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-amqp1 |git://git.openstack.org/openstack/devstack-plugin-amqp1 |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-bdd |git://git.openstack.org/openstack/devstack-plugin-bdd |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-ceph |git://git.openstack.org/openstack/devstack-plugin-ceph |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-hdfs |git://git.openstack.org/openstack/devstack-plugin-hdfs |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-pika |git://git.openstack.org/openstack/devstack-plugin-pika |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-sheepdog |git://git.openstack.org/openstack/devstack-plugin-sheepdog |
++----------------------------+-------------------------------------------------------------------------+
+|devstack-plugin-zmq |git://git.openstack.org/openstack/devstack-plugin-zmq |
++----------------------------+-------------------------------------------------------------------------+
+|dragonflow |git://git.openstack.org/openstack/dragonflow |
++----------------------------+-------------------------------------------------------------------------+
+|drbd-devstack |git://git.openstack.org/openstack/drbd-devstack |
++----------------------------+-------------------------------------------------------------------------+
+|ec2-api |git://git.openstack.org/openstack/ec2-api |
++----------------------------+-------------------------------------------------------------------------+
+|freezer |git://git.openstack.org/openstack/freezer |
++----------------------------+-------------------------------------------------------------------------+
+|freezer-api |git://git.openstack.org/openstack/freezer-api |
++----------------------------+-------------------------------------------------------------------------+
+|freezer-web-ui |git://git.openstack.org/openstack/freezer-web-ui |
++----------------------------+-------------------------------------------------------------------------+
+|gce-api |git://git.openstack.org/openstack/gce-api |
++----------------------------+-------------------------------------------------------------------------+
+|gnocchi |git://git.openstack.org/openstack/gnocchi |
++----------------------------+-------------------------------------------------------------------------+
+|ironic |git://git.openstack.org/openstack/ironic |
++----------------------------+-------------------------------------------------------------------------+
+|ironic-inspector |git://git.openstack.org/openstack/ironic-inspector |
++----------------------------+-------------------------------------------------------------------------+
+|kingbird |git://git.openstack.org/openstack/kingbird |
++----------------------------+-------------------------------------------------------------------------+
+|kuryr |git://git.openstack.org/openstack/kuryr |
++----------------------------+-------------------------------------------------------------------------+
+|magnum |git://git.openstack.org/openstack/magnum |
++----------------------------+-------------------------------------------------------------------------+
+|manila |git://git.openstack.org/openstack/manila |
++----------------------------+-------------------------------------------------------------------------+
+|mistral |git://git.openstack.org/openstack/mistral |
++----------------------------+-------------------------------------------------------------------------+
+|monasca-api |git://git.openstack.org/openstack/monasca-api |
++----------------------------+-------------------------------------------------------------------------+
+|murano |git://git.openstack.org/openstack/murano |
++----------------------------+-------------------------------------------------------------------------+
+|networking-6wind |git://git.openstack.org/openstack/networking-6wind |
++----------------------------+-------------------------------------------------------------------------+
+|networking-bagpipe |git://git.openstack.org/openstack/networking-bagpipe |
++----------------------------+-------------------------------------------------------------------------+
+|networking-bgpvpn |git://git.openstack.org/openstack/networking-bgpvpn |
++----------------------------+-------------------------------------------------------------------------+
+|networking-brocade |git://git.openstack.org/openstack/networking-brocade |
++----------------------------+-------------------------------------------------------------------------+
+|networking-calico |git://git.openstack.org/openstack/networking-calico |
++----------------------------+-------------------------------------------------------------------------+
+|networking-cisco |git://git.openstack.org/openstack/networking-cisco |
++----------------------------+-------------------------------------------------------------------------+
+|networking-fortinet |git://git.openstack.org/openstack/networking-fortinet |
++----------------------------+-------------------------------------------------------------------------+
+|networking-generic-switch |git://git.openstack.org/openstack/networking-generic-switch |
++----------------------------+-------------------------------------------------------------------------+
+|networking-infoblox |git://git.openstack.org/openstack/networking-infoblox |
++----------------------------+-------------------------------------------------------------------------+
+|networking-l2gw |git://git.openstack.org/openstack/networking-l2gw |
++----------------------------+-------------------------------------------------------------------------+
+|networking-midonet |git://git.openstack.org/openstack/networking-midonet |
++----------------------------+-------------------------------------------------------------------------+
+|networking-mlnx |git://git.openstack.org/openstack/networking-mlnx |
++----------------------------+-------------------------------------------------------------------------+
+|networking-nec |git://git.openstack.org/openstack/networking-nec |
++----------------------------+-------------------------------------------------------------------------+
+|networking-odl |git://git.openstack.org/openstack/networking-odl |
++----------------------------+-------------------------------------------------------------------------+
+|networking-ofagent |git://git.openstack.org/openstack/networking-ofagent |
++----------------------------+-------------------------------------------------------------------------+
+|networking-ovn |git://git.openstack.org/openstack/networking-ovn |
++----------------------------+-------------------------------------------------------------------------+
+|networking-ovs-dpdk |git://git.openstack.org/openstack/networking-ovs-dpdk |
++----------------------------+-------------------------------------------------------------------------+
+|networking-plumgrid |git://git.openstack.org/openstack/networking-plumgrid |
++----------------------------+-------------------------------------------------------------------------+
+|networking-powervm |git://git.openstack.org/openstack/networking-powervm |
++----------------------------+-------------------------------------------------------------------------+
+|networking-sfc |git://git.openstack.org/openstack/networking-sfc |
++----------------------------+-------------------------------------------------------------------------+
+|networking-vsphere |git://git.openstack.org/openstack/networking-vsphere |
++----------------------------+-------------------------------------------------------------------------+
+|neutron |git://git.openstack.org/openstack/neutron |
++----------------------------+-------------------------------------------------------------------------+
+|neutron-lbaas |git://git.openstack.org/openstack/neutron-lbaas |
++----------------------------+-------------------------------------------------------------------------+
+|neutron-lbaas-dashboard |git://git.openstack.org/openstack/neutron-lbaas-dashboard |
++----------------------------+-------------------------------------------------------------------------+
+|neutron-vpnaas |git://git.openstack.org/openstack/neutron-vpnaas |
++----------------------------+-------------------------------------------------------------------------+
+|nova-docker |git://git.openstack.org/openstack/nova-docker |
++----------------------------+-------------------------------------------------------------------------+
+|nova-powervm |git://git.openstack.org/openstack/nova-powervm |
++----------------------------+-------------------------------------------------------------------------+
+|octavia |git://git.openstack.org/openstack/octavia |
++----------------------------+-------------------------------------------------------------------------+
+|osprofiler |git://git.openstack.org/openstack/osprofiler |
++----------------------------+-------------------------------------------------------------------------+
+|rally |git://git.openstack.org/openstack/rally |
++----------------------------+-------------------------------------------------------------------------+
+|sahara |git://git.openstack.org/openstack/sahara |
++----------------------------+-------------------------------------------------------------------------+
+|sahara-dashboard |git://git.openstack.org/openstack/sahara-dashboard |
++----------------------------+-------------------------------------------------------------------------+
+|scalpels |git://git.openstack.org/openstack/scalpels |
++----------------------------+-------------------------------------------------------------------------+
+|searchlight |git://git.openstack.org/openstack/searchlight |
++----------------------------+-------------------------------------------------------------------------+
+|senlin |git://git.openstack.org/openstack/senlin |
++----------------------------+-------------------------------------------------------------------------+
+|smaug |git://git.openstack.org/openstack/smaug |
++----------------------------+-------------------------------------------------------------------------+
+|solum |git://git.openstack.org/openstack/solum |
++----------------------------+-------------------------------------------------------------------------+
+|tacker |git://git.openstack.org/openstack/tacker |
++----------------------------+-------------------------------------------------------------------------+
+|tap-as-a-service |git://git.openstack.org/openstack/tap-as-a-service |
++----------------------------+-------------------------------------------------------------------------+
+|tricircle |git://git.openstack.org/openstack/tricircle |
++----------------------------+-------------------------------------------------------------------------+
+|trove |git://git.openstack.org/openstack/trove |
++----------------------------+-------------------------------------------------------------------------+
+|trove-dashboard |git://git.openstack.org/openstack/trove-dashboard |
++----------------------------+-------------------------------------------------------------------------+
+|vitrage |git://git.openstack.org/openstack/vitrage |
++----------------------------+-------------------------------------------------------------------------+
+|vitrage-dashboard |git://git.openstack.org/openstack/vitrage-dashboard |
++----------------------------+-------------------------------------------------------------------------+
+|vmware-nsx |git://git.openstack.org/openstack/vmware-nsx |
++----------------------------+-------------------------------------------------------------------------+
+|watcher |git://git.openstack.org/openstack/watcher |
++----------------------------+-------------------------------------------------------------------------+
+|watcher-dashboard |git://git.openstack.org/openstack/watcher-dashboard |
++----------------------------+-------------------------------------------------------------------------+
+|zaqar |git://git.openstack.org/openstack/zaqar |
++----------------------------+-------------------------------------------------------------------------+
diff --git a/eucarc b/eucarc
deleted file mode 100644
index 1e672bd..0000000
--- a/eucarc
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-#
-# source eucarc [username] [tenantname]
-#
-# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
-# Optionally set the tenant/username via openrc
-
-if [[ -n "$1" ]]; then
- USERNAME=$1
-fi
-if [[ -n "$2" ]]; then
- TENANT=$2
-fi
-
-# Find the other rc files
-RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
-
-# Get user configuration
-source $RC_DIR/openrc
-
-# Set the ec2 url so euca2ools works
-export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
-
-# Create EC2 credentials for the current user
-CREDS=$(openstack ec2 credentials create)
-export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
-export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
-
-# Euca2ools Certificate stuff for uploading bundles
-# See exercises/bundle.sh to see how to get certs using nova cli
-NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
-export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
-export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
-export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
-export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
-export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
-export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
-alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
-alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
-
diff --git a/exercise.sh b/exercise.sh
index 19c9d80..9067033 100755
--- a/exercise.sh
+++ b/exercise.sh
@@ -14,11 +14,11 @@
# Run everything in the exercises/ directory that isn't explicitly disabled
# comma separated list of script basenames to skip
-# to refrain from exercising euca.sh use ``SKIP_EXERCISES=euca``
+# to refrain from exercising foo.sh use ``SKIP_EXERCISES=foo``
SKIP_EXERCISES=${SKIP_EXERCISES:-""}
# comma separated list of script basenames to run
-# to run only euca.sh use ``RUN_EXERCISES=euca``
+# to run only foo.sh use ``RUN_EXERCISES=foo``
basenames=${RUN_EXERCISES:-""}
EXERCISE_DIR=$TOP_DIR/exercises
diff --git a/exerciserc b/exerciserc
index 9105fe3..978e0b3 100644
--- a/exerciserc
+++ b/exerciserc
@@ -21,12 +21,6 @@
# Max time to wait for a vm to terminate
export TERMINATE_TIMEOUT=${TERMINATE_TIMEOUT:-30}
-# Max time to wait for a euca-volume command to propagate
-export VOLUME_TIMEOUT=${VOLUME_TIMEOUT:-30}
-
-# Max time to wait for a euca-delete command to propagate
-export VOLUME_DELETE_TIMEOUT=${SNAPSHOT_DELETE_TIMEOUT:-60}
-
# The size of the volume we want to boot from; some storage back-ends
# do not allow a disk resize, so it's important that this can be tuned
export DEFAULT_VOLUME_SIZE=${DEFAULT_VOLUME_SIZE:-1}
diff --git a/exercises/boot_from_volume.sh b/exercises/boot_from_volume.sh
index d520b9b..5409859 100755
--- a/exercises/boot_from_volume.sh
+++ b/exercises/boot_from_volume.sh
@@ -64,7 +64,7 @@
# Launching a server
# ==================
-# List servers for tenant:
+# List servers for project:
nova list
# Images
diff --git a/exercises/bundle.sh b/exercises/bundle.sh
deleted file mode 100755
index 5470960..0000000
--- a/exercises/bundle.sh
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-
-# **bundle.sh**
-
-# we will use the ``euca2ools`` cli tool that wraps the python boto
-# library to test ec2 bundle upload compatibility
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import EC2 configuration
-source $TOP_DIR/eucarc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-# Remove old certificates
-rm -f $TOP_DIR/cacert.pem
-rm -f $TOP_DIR/cert.pem
-rm -f $TOP_DIR/pk.pem
-
-# If nova api is not enabled we exit with exitcode 55 so that
-# the exercise is skipped
-is_service_enabled n-api || exit 55
-
-# Get Certificates
-nova x509-get-root-cert $TOP_DIR/cacert.pem
-nova x509-create-cert $TOP_DIR/pk.pem $TOP_DIR/cert.pem
-
-# Max time to wait for image to be registered
-REGISTER_TIMEOUT=${REGISTER_TIMEOUT:-15}
-
-BUCKET=testbucket
-IMAGE=bundle.img
-truncate -s 5M /tmp/$IMAGE
-euca-bundle-image -i /tmp/$IMAGE || die $LINENO "Failure bundling image $IMAGE"
-
-euca-upload-bundle --debug -b $BUCKET -m /tmp/$IMAGE.manifest.xml || die $LINENO "Failure uploading bundle $IMAGE to $BUCKET"
-
-AMI=`euca-register $BUCKET/$IMAGE.manifest.xml | cut -f2`
-die_if_not_set $LINENO AMI "Failure registering $BUCKET/$IMAGE"
-
-# Wait for the image to become available
-if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep $AMI | grep -q available; do sleep 1; done"; then
- die $LINENO "Image $AMI not available within $REGISTER_TIMEOUT seconds"
-fi
-
-# Clean up
-euca-deregister $AMI || die $LINENO "Failure deregistering $AMI"
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
diff --git a/exercises/client-args.sh b/exercises/client-args.sh
index 7cfef1c..2c8fe81 100755
--- a/exercises/client-args.sh
+++ b/exercises/client-args.sh
@@ -43,19 +43,19 @@
unset NOVA_USERNAME
# Save the known variables for later
-export x_TENANT_NAME=$OS_TENANT_NAME
+export x_PROJECT_NAME=$OS_PROJECT_NAME
export x_USERNAME=$OS_USERNAME
export x_PASSWORD=$OS_PASSWORD
export x_AUTH_URL=$OS_AUTH_URL
# Unset the usual variables to force argument processing
-unset OS_TENANT_NAME
+unset OS_PROJECT_NAME
unset OS_USERNAME
unset OS_PASSWORD
unset OS_AUTH_URL
# Common authentication args
-TENANT_ARG="--os-tenant-name=$x_TENANT_NAME"
+PROJECT_ARG="--os-project-name=$x_PROJECT_NAME"
ARGS="--os-username=$x_USERNAME --os-password=$x_PASSWORD --os-auth-url=$x_AUTH_URL"
# Set global return
@@ -68,7 +68,7 @@
STATUS_KEYSTONE="Skipped"
else
echo -e "\nTest Keystone"
- if openstack $TENANT_ARG $ARGS catalog show identity; then
+ if openstack $PROJECT_ARG $ARGS catalog show identity; then
STATUS_KEYSTONE="Succeeded"
else
STATUS_KEYSTONE="Failed"
@@ -83,11 +83,10 @@
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then
STATUS_NOVA="Skipped"
- STATUS_EC2="Skipped"
else
# Test OSAPI
echo -e "\nTest Nova"
- if nova $TENANT_ARG $ARGS flavor-list; then
+ if nova $PROJECT_ARG $ARGS flavor-list; then
STATUS_NOVA="Succeeded"
else
STATUS_NOVA="Failed"
@@ -104,7 +103,7 @@
STATUS_CINDER="Skipped"
else
echo -e "\nTest Cinder"
- if cinder $TENANT_ARG $ARGS list; then
+ if cinder $PROJECT_ARG $ARGS list; then
STATUS_CINDER="Succeeded"
else
STATUS_CINDER="Failed"
@@ -121,7 +120,7 @@
STATUS_GLANCE="Skipped"
else
echo -e "\nTest Glance"
- if openstack $TENANT_ARG $ARGS image list; then
+ if openstack $PROJECT_ARG $ARGS image list; then
STATUS_GLANCE="Succeeded"
else
STATUS_GLANCE="Failed"
@@ -138,7 +137,7 @@
STATUS_SWIFT="Skipped"
else
echo -e "\nTest Swift"
- if swift $TENANT_ARG $ARGS stat; then
+ if swift $PROJECT_ARG $ARGS stat; then
STATUS_SWIFT="Succeeded"
else
STATUS_SWIFT="Failed"
diff --git a/exercises/client-env.sh b/exercises/client-env.sh
index 1d2f4f5..6ab4d08 100755
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@@ -78,7 +78,6 @@
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$SKIP_EXERCISES" =~ "n-api" ]]; then
STATUS_NOVA="Skipped"
- STATUS_EC2="Skipped"
else
# Test OSAPI
echo -e "\nTest Nova"
@@ -89,17 +88,6 @@
RETURN=1
fi
- # Test EC2 API
- echo -e "\nTest EC2"
- # Get EC2 creds
- source $TOP_DIR/eucarc
-
- if euca-describe-images; then
- STATUS_EC2="Succeeded"
- else
- STATUS_EC2="Failed"
- RETURN=1
- fi
fi
fi
@@ -170,7 +158,6 @@
echo -e "\n"
report "Keystone" $STATUS_KEYSTONE
report "Nova" $STATUS_NOVA
-report "EC2" $STATUS_EC2
report "Cinder" $STATUS_CINDER
report "Glance" $STATUS_GLANCE
report "Swift" $STATUS_SWIFT
diff --git a/exercises/euca.sh b/exercises/euca.sh
deleted file mode 100755
index c2957e2..0000000
--- a/exercises/euca.sh
+++ /dev/null
@@ -1,192 +0,0 @@
-#!/usr/bin/env bash
-
-# **euca.sh**
-
-# we will use the ``euca2ools`` cli tool that wraps the python boto
-# library to test ec2 compatibility
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error. It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-VOLUME_SIZE=1
-ATTACH_DEVICE=/dev/vdc
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import EC2 configuration
-source $TOP_DIR/eucarc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-# Import project functions
-source $TOP_DIR/lib/neutron-legacy
-
-# If nova api is not enabled we exit with exitcode 55 so that
-# the exercise is skipped
-is_service_enabled n-api || exit 55
-
-# Instance type to create
-DEFAULT_INSTANCE_TYPE=${DEFAULT_INSTANCE_TYPE:-m1.tiny}
-
-# Boot this image, use first AMI image if unset
-DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ami}
-
-# Security group name
-SECGROUP=${SECGROUP:-euca_secgroup}
-
-
-# Launching a server
-# ==================
-
-# Find a machine image to boot
-IMAGE=`euca-describe-images | grep machine | grep ${DEFAULT_IMAGE_NAME} | cut -f2 | head -n1`
-die_if_not_set $LINENO IMAGE "Failure getting image $DEFAULT_IMAGE_NAME"
-
-if is_service_enabled n-cell; then
- # Cells does not support security groups, so force the use of "default"
- SECGROUP="default"
- echo "Using the default security group because of Cells."
-else
- # Add a secgroup
- if ! euca-describe-groups | grep -q $SECGROUP; then
- euca-add-group -d "$SECGROUP description" $SECGROUP
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! euca-describe-groups | grep -q $SECGROUP; do sleep 1; done"; then
- die $LINENO "Security group not created"
- fi
- fi
-fi
-
-# Launch it
-INSTANCE=`euca-run-instances -g $SECGROUP -t $DEFAULT_INSTANCE_TYPE $IMAGE | grep INSTANCE | cut -f2`
-die_if_not_set $LINENO INSTANCE "Failure launching instance"
-
-# Assure it has booted within a reasonable time
-if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-instances $INSTANCE | grep -q running; do sleep 1; done"; then
- die $LINENO "server didn't become active within $RUNNING_TIMEOUT seconds"
-fi
-
-# Volumes
-# -------
-if is_service_enabled c-vol && ! is_service_enabled n-cell && [ "$VIRT_DRIVER" != "ironic" ]; then
- VOLUME_ZONE=`euca-describe-availability-zones | head -n1 | cut -f2`
- die_if_not_set $LINENO VOLUME_ZONE "Failure to find zone for volume"
-
- VOLUME=`euca-create-volume -s 1 -z $VOLUME_ZONE | cut -f2`
- die_if_not_set $LINENO VOLUME "Failure to create volume"
-
- # Test that volume has been created
- VOLUME=`euca-describe-volumes $VOLUME | cut -f2`
- die_if_not_set $LINENO VOLUME "Failure to get volume"
-
- # Test volume has become available
- if ! timeout $RUNNING_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then
- die $LINENO "volume didn't become available within $RUNNING_TIMEOUT seconds"
- fi
-
- # Attach volume to an instance
- euca-attach-volume -i $INSTANCE -d $ATTACH_DEVICE $VOLUME || \
- die $LINENO "Failure attaching volume $VOLUME to $INSTANCE"
- if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -A 1 in-use | grep -q attach; do sleep 1; done"; then
- die $LINENO "Could not attach $VOLUME to $INSTANCE"
- fi
-
- # Detach volume from an instance
- euca-detach-volume $VOLUME || \
- die $LINENO "Failure detaching volume $VOLUME to $INSTANCE"
- if ! timeout $ACTIVE_TIMEOUT sh -c "while ! euca-describe-volumes $VOLUME | grep -q available; do sleep 1; done"; then
- die $LINENO "Could not detach $VOLUME to $INSTANCE"
- fi
-
- # Remove volume
- euca-delete-volume $VOLUME || \
- die $LINENO "Failure to delete volume"
- if ! timeout $ACTIVE_TIMEOUT sh -c "while euca-describe-volumes | grep $VOLUME; do sleep 1; done"; then
- die $LINENO "Could not delete $VOLUME"
- fi
-else
- echo "Volume Tests Skipped"
-fi
-
-if is_service_enabled n-cell; then
- echo "Floating IP Tests Skipped because of Cells."
-else
- # Allocate floating address
- FLOATING_IP=`euca-allocate-address | cut -f2`
- die_if_not_set $LINENO FLOATING_IP "Failure allocating floating IP"
- # describe all instances at this moment
- euca-describe-instances
- # Associate floating address
- euca-associate-address -i $INSTANCE $FLOATING_IP || \
- die $LINENO "Failure associating address $FLOATING_IP to $INSTANCE"
-
- # Authorize pinging
- euca-authorize -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \
- die $LINENO "Failure authorizing rule in $SECGROUP"
-
- # Test we can ping our floating ip within ASSOCIATE_TIMEOUT seconds
- ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME"
-
- # Revoke pinging
- euca-revoke -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \
- die $LINENO "Failure revoking rule in $SECGROUP"
-
- # Release floating address
- euca-disassociate-address $FLOATING_IP || \
- die $LINENO "Failure disassociating address $FLOATING_IP"
-
- # Wait just a tick for everything above to complete so release doesn't fail
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep $INSTANCE | grep -q $FLOATING_IP; do sleep 1; done"; then
- die $LINENO "Floating ip $FLOATING_IP not disassociated within $ASSOCIATE_TIMEOUT seconds"
- fi
-
- # Release floating address
- euca-release-address $FLOATING_IP || \
- die $LINENO "Failure releasing address $FLOATING_IP"
-
- # Wait just a tick for everything above to complete so terminate doesn't fail
- if ! timeout $ASSOCIATE_TIMEOUT sh -c "while euca-describe-addresses | grep -q $FLOATING_IP; do sleep 1; done"; then
- die $LINENO "Floating ip $FLOATING_IP not released within $ASSOCIATE_TIMEOUT seconds"
- fi
-fi
-
-# Terminate instance
-euca-terminate-instances $INSTANCE || \
- die $LINENO "Failure terminating instance $INSTANCE"
-
-# Assure it has terminated within a reasonable time. The behaviour of this
-# case changed with bug/836978. Requesting the status of an invalid instance
-# will now return an error message including the instance id, so we need to
-# filter that out.
-if ! timeout $TERMINATE_TIMEOUT sh -c "while euca-describe-instances $INSTANCE | grep -ve '\(InstanceNotFound\|InvalidInstanceID\.NotFound\)' | grep -q $INSTANCE; do sleep 1; done"; then
- die $LINENO "server didn't terminate within $TERMINATE_TIMEOUT seconds"
-fi
-
-if [[ "$SECGROUP" = "default" ]] ; then
- echo "Skipping deleting default security group"
-else
- # Delete secgroup
- euca-delete-group $SECGROUP || die $LINENO "Failure deleting security group $SECGROUP"
-fi
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index 9bcb766..a3128a8 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -48,9 +48,9 @@
# Neutron Settings
# ----------------
-TENANTS="DEMO1"
+PROJECTS="DEMO1"
# TODO (nati)_Test public network
-#TENANTS="DEMO1,DEMO2"
+#PROJECTS="DEMO1,DEMO2"
PUBLIC_NAME="admin"
DEMO1_NAME="demo1"
@@ -91,34 +91,34 @@
# Various functions
# -----------------
-function foreach_tenant {
+function foreach_project {
COMMAND=$1
- for TENANT in ${TENANTS//,/ };do
- eval ${COMMAND//%TENANT%/$TENANT}
+ for PROJECT in ${PROJECTS//,/ };do
+ eval ${COMMAND//%PROJECT%/$PROJECT}
done
}
-function foreach_tenant_resource {
+function foreach_project_resource {
COMMAND=$1
RESOURCE=$2
- for TENANT in ${TENANTS//,/ };do
- eval 'NUM=$'"${TENANT}_NUM_$RESOURCE"
+ for PROJECT in ${PROJECTS//,/ };do
+ eval 'NUM=$'"${PROJECT}_NUM_$RESOURCE"
for i in `seq $NUM`;do
- local COMMAND_LOCAL=${COMMAND//%TENANT%/$TENANT}
+ local COMMAND_LOCAL=${COMMAND//%PROJECT%/$PROJECT}
COMMAND_LOCAL=${COMMAND_LOCAL//%NUM%/$i}
eval $COMMAND_LOCAL
done
done
}
-function foreach_tenant_vm {
+function foreach_project_vm {
COMMAND=$1
- foreach_tenant_resource "$COMMAND" 'VM'
+ foreach_project_resource "$COMMAND" 'VM'
}
-function foreach_tenant_net {
+function foreach_project_net {
COMMAND=$1
- foreach_tenant_resource "$COMMAND" 'NET'
+ foreach_project_resource "$COMMAND" 'NET'
}
function get_image_id {
@@ -128,12 +128,12 @@
echo "$IMAGE_ID"
}
-function get_tenant_id {
- local TENANT_NAME=$1
- local TENANT_ID
- TENANT_ID=`openstack project list | grep " $TENANT_NAME " | head -n 1 | get_field 1`
- die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for $TENANT_NAME"
- echo "$TENANT_ID"
+function get_project_id {
+ local PROJECT_NAME=$1
+ local PROJECT_ID
+ PROJECT_ID=`openstack project list | grep " $PROJECT_NAME " | head -n 1 | get_field 1`
+ die_if_not_set $LINENO PROJECT_ID "Failure retrieving PROJECT_ID for $PROJECT_NAME"
+ echo "$PROJECT_ID"
}
function get_user_id {
@@ -177,23 +177,23 @@
function neutron_debug_admin {
local os_username=$OS_USERNAME
- local os_tenant_id=$OS_TENANT_ID
+ local os_project_id=$OS_PROJECT_ID
source $TOP_DIR/openrc admin admin
neutron-debug $@
- source $TOP_DIR/openrc $os_username $os_tenant_id
+ source $TOP_DIR/openrc $os_username $os_project_id
}
-function add_tenant {
+function add_project {
openstack project create $1
openstack user create $2 --password ${ADMIN_PASSWORD} --project $1
openstack role add Member --project $1 --user $2
}
-function remove_tenant {
- local TENANT=$1
- local TENANT_ID
- TENANT_ID=$(get_tenant_id $TENANT)
- openstack project delete $TENANT_ID
+function remove_project {
+ local PROJECT=$1
+ local PROJECT_ID
+ PROJECT_ID=$(get_project_id $PROJECT)
+ openstack project delete $PROJECT_ID
}
function remove_user {
@@ -203,47 +203,47 @@
openstack user delete $USER_ID
}
-function create_tenants {
+function create_projects {
source $TOP_DIR/openrc admin admin
- add_tenant demo1 demo1 demo1
- add_tenant demo2 demo2 demo2
+ add_project demo1 demo1 demo1
+ add_project demo2 demo2 demo2
source $TOP_DIR/openrc demo demo
}
-function delete_tenants_and_users {
+function delete_projects_and_users {
source $TOP_DIR/openrc admin admin
remove_user demo1
- remove_tenant demo1
+ remove_project demo1
remove_user demo2
- remove_tenant demo2
- echo "removed all tenants"
+ remove_project demo2
+ echo "removed all projects"
source $TOP_DIR/openrc demo demo
}
function create_network {
- local TENANT=$1
+ local PROJECT=$1
local GATEWAY=$2
local CIDR=$3
local NUM=$4
local EXTRA=$5
- local NET_NAME="${TENANT}-net$NUM"
- local ROUTER_NAME="${TENANT}-router${NUM}"
+ local NET_NAME="${PROJECT}-net$NUM"
+ local ROUTER_NAME="${PROJECT}-router${NUM}"
source $TOP_DIR/openrc admin admin
- local TENANT_ID
- TENANT_ID=$(get_tenant_id $TENANT)
- source $TOP_DIR/openrc $TENANT $TENANT
+ local PROJECT_ID
+ PROJECT_ID=$(get_project_id $PROJECT)
+ source $TOP_DIR/openrc $PROJECT $PROJECT
local NET_ID
- NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
- die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA"
- neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
+ NET_ID=$(neutron net-create --project-id $PROJECT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
+ die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PROJECT_ID $NET_NAME $EXTRA"
+ neutron subnet-create --ip-version 4 --project-id $PROJECT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
neutron_debug_admin probe-create --device-owner compute $NET_ID
source $TOP_DIR/openrc demo demo
}
function create_networks {
- foreach_tenant_net 'create_network ${%TENANT%_NAME} ${%TENANT%_NET%NUM%_GATEWAY} ${%TENANT%_NET%NUM%_CIDR} %NUM% ${%TENANT%_NET%NUM%_EXTRA}'
+ foreach_project_net 'create_network ${%PROJECT%_NAME} ${%PROJECT%_NET%NUM%_GATEWAY} ${%PROJECT%_NET%NUM%_CIDR} %NUM% ${%PROJECT%_NET%NUM%_EXTRA}'
#TODO(nati) test security group function
- # allow ICMP for both tenant's security groups
+ # allow ICMP for both project's security groups
#source $TOP_DIR/openrc demo1 demo1
#$NOVA secgroup-add-rule default icmp -1 -1 0.0.0.0/0
#source $TOP_DIR/openrc demo2 demo2
@@ -251,10 +251,10 @@
}
function create_vm {
- local TENANT=$1
+ local PROJECT=$1
local NUM=$2
local NET_NAMES=$3
- source $TOP_DIR/openrc $TENANT $TENANT
+ source $TOP_DIR/openrc $PROJECT $PROJECT
local NIC=""
for NET_NAME in ${NET_NAMES//,/ };do
NIC="$NIC --nic net-id="`get_network_id $NET_NAME`
@@ -265,13 +265,13 @@
VM_UUID=`nova boot --flavor $(get_flavor_id m1.tiny) \
--image $(get_image_id) \
$NIC \
- $TENANT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
- die_if_not_set $LINENO VM_UUID "Failure launching $TENANT-server$NUM"
+ $PROJECT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
+ die_if_not_set $LINENO VM_UUID "Failure launching $PROJECT-server$NUM"
confirm_server_active $VM_UUID
}
function create_vms {
- foreach_tenant_vm 'create_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}'
+ foreach_project_vm 'create_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}'
}
function ping_ip {
@@ -284,11 +284,11 @@
}
function check_vm {
- local TENANT=$1
+ local PROJECT=$1
local NUM=$2
- local VM_NAME="$TENANT-server$NUM"
+ local VM_NAME="$PROJECT-server$NUM"
local NET_NAME=$3
- source $TOP_DIR/openrc $TENANT $TENANT
+ source $TOP_DIR/openrc $PROJECT $PROJECT
ping_ip $VM_NAME $NET_NAME
# TODO (nati) test ssh connection
# TODO (nati) test inter connection between vm
@@ -297,31 +297,31 @@
}
function check_vms {
- foreach_tenant_vm 'check_vm ${%TENANT%_NAME} %NUM% ${%TENANT%_VM%NUM%_NET}'
+ foreach_project_vm 'check_vm ${%PROJECT%_NAME} %NUM% ${%PROJECT%_VM%NUM%_NET}'
}
function shutdown_vm {
- local TENANT=$1
+ local PROJECT=$1
local NUM=$2
- source $TOP_DIR/openrc $TENANT $TENANT
- VM_NAME=${TENANT}-server$NUM
+ source $TOP_DIR/openrc $PROJECT $PROJECT
+ VM_NAME=${PROJECT}-server$NUM
nova delete $VM_NAME
}
function shutdown_vms {
- foreach_tenant_vm 'shutdown_vm ${%TENANT%_NAME} %NUM%'
+ foreach_project_vm 'shutdown_vm ${%PROJECT%_NAME} %NUM%'
if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then
die $LINENO "Some VMs failed to shutdown"
fi
}
function delete_network {
- local TENANT=$1
+ local PROJECT=$1
local NUM=$2
- local NET_NAME="${TENANT}-net$NUM"
+ local NET_NAME="${PROJECT}-net$NUM"
source $TOP_DIR/openrc admin admin
- local TENANT_ID
- TENANT_ID=$(get_tenant_id $TENANT)
+ local PROJECT_ID
+ PROJECT_ID=$(get_project_id $PROJECT)
#TODO(nati) comment out until l3-agent merged
#for res in port subnet net router;do
for net_id in `neutron net-list -c id -c name | grep $NET_NAME | awk '{print $2}'`;do
@@ -333,7 +333,7 @@
}
function delete_networks {
- foreach_tenant_net 'delete_network ${%TENANT%_NAME} %NUM%'
+ foreach_project_net 'delete_network ${%PROJECT%_NAME} %NUM%'
# TODO(nati) add secuirty group check after it is implemented
# source $TOP_DIR/openrc demo1 demo1
# nova secgroup-delete-rule default icmp -1 -1 0.0.0.0/0
@@ -342,7 +342,7 @@
}
function create_all {
- create_tenants
+ create_projects
create_networks
create_vms
}
@@ -350,7 +350,7 @@
function delete_all {
shutdown_vms
delete_networks
- delete_tenants_and_users
+ delete_projects_and_users
}
function all {
@@ -366,8 +366,8 @@
IMAGE=$(get_image_id)
echo $IMAGE
- TENANT_ID=$(get_tenant_id demo)
- echo $TENANT_ID
+ PROJECT_ID=$(get_project_id demo)
+ echo $PROJECT_ID
FLAVOR_ID=$(get_flavor_id m1.tiny)
echo $FLAVOR_ID
@@ -382,11 +382,11 @@
function usage {
echo "$0: [-h]"
echo " -h, --help Display help message"
- echo " -t, --tenant Create tenants"
+ echo " -t, --project Create projects"
echo " -n, --net Create networks"
echo " -v, --vm Create vms"
echo " -c, --check Check connection"
- echo " -x, --delete-tenants Delete tenants"
+ echo " -x, --delete-projects Delete projects"
echo " -y, --delete-nets Delete networks"
echo " -z, --delete-vms Delete vms"
echo " -T, --test Test functions"
@@ -412,7 +412,7 @@
-v | --vm ) create_vms
exit
;;
- -t | --tenant ) create_tenants
+ -t | --project ) create_projects
exit
;;
-c | --check ) check_vms
@@ -421,7 +421,7 @@
-T | --test ) test_functions
exit
;;
- -x | --delete-tenants ) delete_tenants_and_users
+ -x | --delete-projects ) delete_projects_and_users
exit
;;
-y | --delete-nets ) delete_networks
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index f9fa265..428544f 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -3,13 +3,7 @@
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
<Directory %KEYSTONE_BIN%>
- <IfVersion >= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion < 2.4>
- Order allow,deny
- Allow from all
- </IfVersion>
+ Require all granted
</Directory>
<VirtualHost *:%PUBLICPORT%>
@@ -18,9 +12,7 @@
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
- <IfVersion >= 2.4>
- ErrorLogFormat "%{cu}t %M"
- </IfVersion>
+ ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
%SSLENGINE%
@@ -34,9 +26,7 @@
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
- <IfVersion >= 2.4>
- ErrorLogFormat "%{cu}t %M"
- </IfVersion>
+ ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
%SSLENGINE%
diff --git a/files/debs/ceilometer-collector b/files/debs/ceilometer-collector
deleted file mode 100644
index d1e9eef..0000000
--- a/files/debs/ceilometer-collector
+++ /dev/null
@@ -1,3 +0,0 @@
-libnspr4-dev
-mongodb-server #NOPRIME
-python-pymongo #NOPRIME
diff --git a/files/debs/general b/files/debs/general
index 1215147..a1f2a4b 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -1,5 +1,6 @@
bc
bridge-utils
+bsdmainutils
curl
g++
gcc
@@ -28,6 +29,7 @@
tar
tcpdump
unzip
+uuid-runtime
wget
wget
zlib1g-dev
diff --git a/files/debs/n-cpu b/files/debs/n-cpu
index 0da57ee..69ac430 100644
--- a/files/debs/n-cpu
+++ b/files/debs/n-cpu
@@ -1,5 +1,6 @@
cryptsetup
genisoimage
+gir1.2-libosinfo-1.0
lvm2 # NOPRIME
open-iscsi
python-guestfs # NOPRIME
diff --git a/files/debs/neutron b/files/debs/neutron
index e53cc68..2307fa5 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -13,5 +13,4 @@
radvd # NOPRIME
sqlite3
sudo
-uuid-runtime
vlan
diff --git a/files/default_catalog.templates b/files/default_catalog.templates
deleted file mode 100644
index 4aab416..0000000
--- a/files/default_catalog.templates
+++ /dev/null
@@ -1,63 +0,0 @@
-# config for TemplatedCatalog, using camelCase because I don't want to do
-# translations for legacy compat
-catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
-catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0
-catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
-catalog.RegionOne.identity.name = Identity Service
-
-
-catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.name = Compute Service
-
-
-catalog.RegionOne.computev21.publicURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s
-catalog.RegionOne.computev21.adminURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s
-catalog.RegionOne.computev21.internalURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s
-catalog.RegionOne.computev21.name = Compute Service V2.1
-
-
-catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.name = Volume Service
-
-
-catalog.RegionOne.volumev2.publicURL = http://%SERVICE_HOST%:8776/v2/$(tenant_id)s
-catalog.RegionOne.volumev2.adminURL = http://%SERVICE_HOST%:8776/v2/$(tenant_id)s
-catalog.RegionOne.volumev2.internalURL = http://%SERVICE_HOST%:8776/v2/$(tenant_id)s
-catalog.RegionOne.volumev2.name = Volume Service V2
-
-
-catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/
-catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/
-catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/
-catalog.RegionOne.ec2.name = EC2 Service
-
-
-catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
-catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
-catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
-catalog.RegionOne.s3.name = S3 Service
-
-
-catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292
-catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292
-catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292
-catalog.RegionOne.image.name = Image Service
-
-catalog.RegionOne.cloudformation.publicURL = http://%SERVICE_HOST%:8000/v1
-catalog.RegionOne.cloudformation.adminURL = http://%SERVICE_HOST%:8000/v1
-catalog.RegionOne.cloudformation.internalURL = http://%SERVICE_HOST%:8000/v1
-catalog.RegionOne.cloudformation.name = CloudFormation service
-
-catalog.RegionOne.orchestration.publicURL = http://%SERVICE_HOST%:8004/v1/$(tenant_id)s
-catalog.RegionOne.orchestration.adminURL = http://%SERVICE_HOST%:8004/v1/$(tenant_id)s
-catalog.RegionOne.orchestration.internalURL = http://%SERVICE_HOST%:8004/v1/$(tenant_id)s
-catalog.RegionOne.orchestration.name = Orchestration Service
-
-catalog.RegionOne.metering.publicURL = http://%SERVICE_HOST%:8777/v1
-catalog.RegionOne.metering.adminURL = http://%SERVICE_HOST%:8777/v1
-catalog.RegionOne.metering.internalURL = http://%SERVICE_HOST%:8777/v1
-catalog.RegionOne.metering.name = Telemetry Service
diff --git a/files/rpms-suse/ceilometer-collector b/files/rpms-suse/ceilometer-collector
deleted file mode 100644
index fc75ffa..0000000
--- a/files/rpms-suse/ceilometer-collector
+++ /dev/null
@@ -1,3 +0,0 @@
-# (devel:languages:python and server:database projects)
-mongodb
-# Not available in openSUSE main repositories, but can be fetched from OBS
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 34a2955..3b19071 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -2,7 +2,6 @@
bridge-utils
ca-certificates-mozilla
curl
-euca2ools
gcc
gcc-c++
git-core
@@ -26,5 +25,6 @@
tar
tcpdump
unzip
+util-linux
wget
zlib-devel
diff --git a/files/rpms-suse/n-cpu b/files/rpms-suse/n-cpu
index 29bd31b..9ece115 100644
--- a/files/rpms-suse/n-cpu
+++ b/files/rpms-suse/n-cpu
@@ -1,5 +1,6 @@
cryptsetup
genisoimage
+libosinfo
lvm2
open-iscsi
sg3_utils
diff --git a/files/rpms/ceilometer-collector b/files/rpms/ceilometer-collector
deleted file mode 100644
index a8b8118..0000000
--- a/files/rpms/ceilometer-collector
+++ /dev/null
@@ -1,3 +0,0 @@
-mongodb # NOPRIME
-mongodb-server #NOPRIME
-selinux-policy-targeted
diff --git a/files/rpms/general b/files/rpms/general
index e0ef54c..2d4a97a 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -2,7 +2,6 @@
bridge-utils
curl
dbus
-euca2ools # only for testing client
gcc
gcc-c++
gettext # used for compiling message catalogs
@@ -26,10 +25,12 @@
psmisc
pyOpenSSL # version in pip uses too much memory
python-devel
+redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
screen
tar
tcpdump
unzip
+util-linux
wget
which
zlib-devel
diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu
index 7773b04..26c5ced 100644
--- a/files/rpms/n-cpu
+++ b/files/rpms/n-cpu
@@ -1,6 +1,7 @@
cryptsetup
genisoimage
iscsi-initiator-utils
+libosinfo
lvm2
sg3_utils
# Stuff for diablo volumes
diff --git a/functions b/functions
index 29d0518..1bfb8a5 100644
--- a/functions
+++ b/functions
@@ -30,6 +30,19 @@
declare -f -F $1 > /dev/null
}
+# short_source prints out the current location of the caller in a way
+# that strips redundant directories. This is useful for PS4 usage.
+function short_source {
+ saveIFS=$IFS
+ IFS=" "
+ called=($(caller 0))
+ IFS=$saveIFS
+ file=${called[2]}
+ file=${file#$RC_DIR/}
+ printf "%-40s " "$file:${called[1]}:${called[0]}"
+}
+
+
# Retrieve an image from a URL and upload into Glance.
# Uses the following variables:
#
@@ -94,12 +107,14 @@
local path_len
# vmdk adapter type
- local vmdk_adapter_type="$(head -25 $image | { grep -a -F -m 1 'ddb.adapterType =' $image || true; })"
+ local vmdk_adapter_type
+ vmdk_adapter_type="$(head -25 $image | { grep -a -F -m 1 'ddb.adapterType =' $image || true; })"
vmdk_adapter_type="${vmdk_adapter_type#*\"}"
vmdk_adapter_type="${vmdk_adapter_type%?}"
# vmdk disk type
- local vmdk_create_type="$(head -25 $image | { grep -a -F -m 1 'createType=' $image || true; })"
+ local vmdk_create_type
+ vmdk_create_type="$(head -25 $image | { grep -a -F -m 1 'createType=' $image || true; })"
vmdk_create_type="${vmdk_create_type#*\"}"
vmdk_create_type="${vmdk_create_type%\"*}"
@@ -109,7 +124,8 @@
vmdk_disktype="sparse"
elif [[ "$vmdk_create_type" = "monolithicFlat" || "$vmdk_create_type" = "vmfs" ]]; then
# Attempt to retrieve the ``*-flat.vmdk``
- local flat_fname="$(head -25 $image | { grep -G 'RW\|RDONLY [0-9]+ FLAT\|VMFS' $image || true; })"
+ local flat_fname
+ flat_fname="$(head -25 $image | { grep -G 'RW\|RDONLY [0-9]+ FLAT\|VMFS' $image || true; })"
flat_fname="${flat_fname#*\"}"
flat_fname="${flat_fname%?}"
if [[ -z "$flat_fname" ]]; then
@@ -301,8 +317,8 @@
*) echo "Do not know what to do with $image_fname"; false;;
esac
- if is_arch "ppc64"; then
- img_property="--property hw_cdrom_bus=scsi"
+ if is_arch "ppc64le" || is_arch "ppc64" || is_arch "ppc"; then
+ img_property="--property hw_disk_bus=scsi --property hw_scsi_model=virtio-scsi --property hw_cdrom_bus=scsi --property os_command_line=console=hvc0"
fi
if is_arch "aarch64"; then
@@ -407,8 +423,10 @@
function get_instance_ip {
local vm_id=$1
local network_name=$2
- local nova_result="$(nova show $vm_id)"
+ local nova_result
local ip
+
+ nova_result="$(nova show $vm_id)"
ip=$(echo "$nova_result" | grep "$network_name" | get_field 2)
if [[ $ip = "" ]];then
echo "$nova_result"
diff --git a/functions-common b/functions-common
index 6019a9c..b0352d3 100644
--- a/functions-common
+++ b/functions-common
@@ -292,112 +292,71 @@
# ================
# Determine OS Vendor, Release and Update
-# Tested with OS/X, Ubuntu, RedHat, CentOS, Fedora
-# Returns results in global variables:
+
+#
+# NOTE : For portability, you almost certainly do not want to use
+# these variables directly! The "is_*" functions defined below this
+# bundle up compatible platforms under larger umbrellas that we have
+# determinted are compatible enough (e.g. is_ubuntu covers Ubuntu &
+# Debian, is_fedora covers RPM-based distros). Higher-level functions
+# such as "install_package" further abstract things in better ways.
+#
# ``os_VENDOR`` - vendor name: ``Ubuntu``, ``Fedora``, etc
# ``os_RELEASE`` - major release: ``14.04`` (Ubuntu), ``20`` (Fedora)
-# ``os_UPDATE`` - update: ex. the ``5`` in ``RHEL6.5``
# ``os_PACKAGE`` - package type: ``deb`` or ``rpm``
-# ``os_CODENAME`` - vendor's codename for release: ``snow leopard``, ``trusty``
-os_VENDOR=""
-os_RELEASE=""
-os_UPDATE=""
-os_PACKAGE=""
-os_CODENAME=""
+# ``os_CODENAME`` - vendor's codename for release: ``trusty``
+
+declare os_VENDOR os_RELEASE os_PACKAGE os_CODENAME
+
+# Make a *best effort* attempt to install lsb_release packages for the
+# user if not available. Note can't use generic install_package*
+# because they depend on this!
+function _ensure_lsb_release {
+ if [[ -x $(command -v lsb_release 2>/dev/null) ]]; then
+ return
+ fi
+
+ if [[ -x $(command -v apt-get 2>/dev/null) ]]; then
+ sudo apt-get install -y lsb-release
+ elif [[ -x $(command -v zypper 2>/dev/null) ]]; then
+ # XXX: old code paths seem to have assumed SUSE platforms also
+ # had "yum". Keep this ordered above yum so we don't try to
+ # install the rh package. suse calls it just "lsb"
+ sudo zypper -n install lsb
+ elif [[ -x $(command -v dnf 2>/dev/null) ]]; then
+ sudo dnf install -y redhat-lsb-core
+ elif [[ -x $(command -v yum 2>/dev/null) ]]; then
+ # all rh patforms (fedora, centos, rhel) have this pkg
+ sudo yum install -y redhat-lsb-core
+ else
+ die $LINENO "Unable to find or auto-install lsb_release"
+ fi
+}
# GetOSVersion
+# Set the following variables:
+# - os_RELEASE
+# - os_CODENAME
+# - os_VENDOR
+# - os_PACKAGE
function GetOSVersion {
+ # We only support distros that provide a sane lsb_release
+ _ensure_lsb_release
- # Figure out which vendor we are
- if [[ -x "`which sw_vers 2>/dev/null`" ]]; then
- # OS/X
- os_VENDOR=`sw_vers -productName`
- os_RELEASE=`sw_vers -productVersion`
- os_UPDATE=${os_RELEASE##*.}
- os_RELEASE=${os_RELEASE%.*}
- os_PACKAGE=""
- if [[ "$os_RELEASE" =~ "10.7" ]]; then
- os_CODENAME="lion"
- elif [[ "$os_RELEASE" =~ "10.6" ]]; then
- os_CODENAME="snow leopard"
- elif [[ "$os_RELEASE" =~ "10.5" ]]; then
- os_CODENAME="leopard"
- elif [[ "$os_RELEASE" =~ "10.4" ]]; then
- os_CODENAME="tiger"
- elif [[ "$os_RELEASE" =~ "10.3" ]]; then
- os_CODENAME="panther"
- else
- os_CODENAME=""
- fi
- elif [[ -x $(which lsb_release 2>/dev/null) ]]; then
- os_VENDOR=$(lsb_release -i -s)
- os_RELEASE=$(lsb_release -r -s)
- os_UPDATE=""
- os_PACKAGE="rpm"
- if [[ "Debian,Ubuntu,LinuxMint" =~ $os_VENDOR ]]; then
- os_PACKAGE="deb"
- elif [[ "SUSE LINUX" =~ $os_VENDOR ]]; then
- lsb_release -d -s | grep -q openSUSE
- if [[ $? -eq 0 ]]; then
- os_VENDOR="openSUSE"
- fi
- elif [[ $os_VENDOR == "openSUSE project" ]]; then
- os_VENDOR="openSUSE"
- elif [[ $os_VENDOR =~ Red.*Hat ]]; then
- os_VENDOR="Red Hat"
- fi
- os_CODENAME=$(lsb_release -c -s)
- elif [[ -r /etc/redhat-release ]]; then
- # Red Hat Enterprise Linux Server release 5.5 (Tikanga)
- # Red Hat Enterprise Linux Server release 7.0 Beta (Maipo)
- # CentOS release 5.5 (Final)
- # CentOS Linux release 6.0 (Final)
- # Fedora release 16 (Verne)
- # XenServer release 6.2.0-70446c (xenenterprise)
- # Oracle Linux release 7
- # CloudLinux release 7.1
- os_CODENAME=""
- for r in "Red Hat" CentOS Fedora XenServer CloudLinux; do
- os_VENDOR=$r
- if [[ -n "`grep \"$r\" /etc/redhat-release`" ]]; then
- ver=`sed -e 's/^.* \([0-9].*\) (\(.*\)).*$/\1\|\2/' /etc/redhat-release`
- os_CODENAME=${ver#*|}
- os_RELEASE=${ver%|*}
- os_UPDATE=${os_RELEASE##*.}
- os_RELEASE=${os_RELEASE%.*}
- break
- fi
- os_VENDOR=""
- done
- if [ "$os_VENDOR" = "Red Hat" ] && [[ -r /etc/oracle-release ]]; then
- os_VENDOR=OracleLinux
- fi
- os_PACKAGE="rpm"
- elif [[ -r /etc/SuSE-release ]]; then
- for r in openSUSE "SUSE Linux"; do
- if [[ "$r" = "SUSE Linux" ]]; then
- os_VENDOR="SUSE LINUX"
- else
- os_VENDOR=$r
- fi
+ os_RELEASE=$(lsb_release -r -s)
+ os_CODENAME=$(lsb_release -c -s)
+ os_VENDOR=$(lsb_release -i -s)
- if [[ -n "`grep \"$r\" /etc/SuSE-release`" ]]; then
- os_CODENAME=`grep "CODENAME = " /etc/SuSE-release | sed 's:.* = ::g'`
- os_RELEASE=`grep "VERSION = " /etc/SuSE-release | sed 's:.* = ::g'`
- os_UPDATE=`grep "PATCHLEVEL = " /etc/SuSE-release | sed 's:.* = ::g'`
- break
- fi
- os_VENDOR=""
- done
- os_PACKAGE="rpm"
- # If lsb_release is not installed, we should be able to detect Debian OS
- elif [[ -f /etc/debian_version ]] && [[ $(cat /proc/version) =~ "Debian" ]]; then
- os_VENDOR="Debian"
+ if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
os_PACKAGE="deb"
- os_CODENAME=$(awk '/VERSION=/' /etc/os-release | sed 's/VERSION=//' | sed -r 's/\"|\(|\)//g' | awk '{print $2}')
- os_RELEASE=$(awk '/VERSION_ID=/' /etc/os-release | sed 's/VERSION_ID=//' | sed 's/\"//g')
+ else
+ os_PACKAGE="rpm"
fi
- export os_VENDOR os_RELEASE os_UPDATE os_PACKAGE os_CODENAME
+
+ typeset -xr os_VENDOR
+ typeset -xr os_RELEASE
+ typeset -xr os_PACKAGE
+ typeset -xr os_CODENAME
}
# Translate the OS version values into common nomenclature
@@ -406,8 +365,10 @@
function GetDistro {
GetOSVersion
- if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) ]]; then
- # 'Everyone' refers to Ubuntu / Debian releases by the code name adjective
+ if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) || \
+ "$os_VENDOR" =~ (LinuxMint) ]]; then
+ # 'Everyone' refers to Ubuntu / Debian / Mint releases by
+ # the code name adjective
DISTRO=$os_CODENAME
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
# For Fedora, just use 'f' and the release
@@ -415,26 +376,42 @@
elif [[ "$os_VENDOR" =~ (openSUSE) ]]; then
DISTRO="opensuse-$os_RELEASE"
elif [[ "$os_VENDOR" =~ (SUSE LINUX) ]]; then
- # For SLE, also use the service pack
- if [[ -z "$os_UPDATE" ]]; then
- DISTRO="sle${os_RELEASE}"
- else
- DISTRO="sle${os_RELEASE}sp${os_UPDATE}"
- fi
- elif [[ "$os_VENDOR" =~ (Red Hat) || \
+ # just use major release
+ DISTRO="sle${os_RELEASE%.*}"
+ elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
- "$os_VENDOR" =~ (OracleLinux) ]]; then
+ "$os_VENDOR" =~ (OracleLinux) || \
+ "$os_VENDOR" =~ (Virtuozzo) ]]; then
# Drop the . release as we assume it's compatible
+ # XXX re-evaluate when we get RHEL10
DISTRO="rhel${os_RELEASE::1}"
elif [[ "$os_VENDOR" =~ (XenServer) ]]; then
- DISTRO="xs$os_RELEASE"
+ DISTRO="xs${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (kvmibm) ]]; then
DISTRO="${os_VENDOR}${os_RELEASE::1}"
else
- # Catch-all for now is Vendor + Release + Update
- DISTRO="$os_VENDOR-$os_RELEASE.$os_UPDATE"
+ # We can't make a good choice here. Setting a sensible DISTRO
+ # is part of the problem, but not the major issue -- we really
+ # only use DISTRO in the code as a fine-filter.
+ #
+ # The bigger problem is categorising the system into one of
+ # our two big categories as Ubuntu/Debian-ish or
+ # Fedora/CentOS-ish.
+ #
+ # The setting of os_PACKAGE above is only set to "deb" based
+ # on a hard-coded list of vendor names ... thus we will
+ # default to thinking unknown distros are RPM based
+ # (ie. is_ubuntu does not match). But the platform will then
+ # also not match in is_fedora, because that also has a list of
+ # names.
+ #
+ # So, if you are reading this, getting your distro supported
+ # is really about making sure it matches correctly in these
+ # functions. Then you can choose a sensible way to construct
+ # DISTRO based on your distros release approach.
+ die $LINENO "Unable to determine DISTRO, can not continue."
fi
- export DISTRO
+ typeset -xr DISTRO
}
# Utility function for checking machine architecture
@@ -463,8 +440,9 @@
fi
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
+ [ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ] || \
- [ "$os_VENDOR" = "CloudLinux" ] || [ "$os_VENDOR" = "kvmibm" ]
+ [ "$os_VENDOR" = "Virtuozzo" ] || [ "$os_VENDOR" = "kvmibm" ]
}
@@ -476,7 +454,7 @@
GetOSVersion
fi
- [ "$os_VENDOR" = "openSUSE" ] || [ "$os_VENDOR" = "SUSE LINUX" ]
+ [[ "$os_VENDOR" =~ (openSUSE) || "$os_VENDOR" == "SUSE LINUX" ]]
}
@@ -1037,7 +1015,7 @@
# out of tree, as it is used by nova and neutron.
# figure out a way to refactor nova/neutron code to eliminate this
function is_ironic_hardware {
- is_service_enabled ironic && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0
+ is_service_enabled ironic && [[ "$IRONIC_IS_HARDWARE" == "True" ]] && return 0
return 1
}
@@ -1139,8 +1117,9 @@
continue
fi
- # Assume we want this package
- package=${line%#*}
+ # Assume we want this package; free-form
+ # comments allowed after a #
+ package=${line%%#*}
inst_pkg=1
# Look for # dist:xxx in comment
@@ -1255,7 +1234,7 @@
local files_to_parse=""
local package_dir=""
for plugin in ${DEVSTACK_PLUGINS//,/ }; do
- local package_dir="$(_get_package_dir ${GITDIR[$plugin]}/devstack/files)"
+ package_dir="$(_get_package_dir ${GITDIR[$plugin]}/devstack/files)"
files_to_parse+=" $package_dir/$plugin"
done
echo "$(_parse_package_files $files_to_parse)"
@@ -1328,7 +1307,7 @@
elif is_fedora; then
sudo ${YUM:-yum} remove -y "$@" ||:
elif is_suse; then
- sudo zypper rm "$@"
+ sudo zypper rm "$@" ||:
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -1344,28 +1323,36 @@
time_start "yum_install"
- # Warning: this would not work if yum output message
- # have been translated to another language
- parse_yum_result='\
- BEGIN { result=0 }\
- /^YUM_FAILED/ { exit $2 }\
- /^No package/ { result=1 }\
- //{ print }\
+ # - We run with LC_ALL=C so string matching *should* be OK
+ # - Exit 1 if the failure might get better with a retry.
+ # - Exit 2 if it is fatal.
+ parse_yum_result=' \
+ BEGIN { result=0 } \
+ /^YUM_FAILED/ { exit $2 } \
+ /^No package/ { result=2 } \
+ /^Failed:/ { result=2 } \
+ //{ print } \
END { exit result }'
# The manual check for missing packages is because yum -y assumes
- # missing packages are OK.
+ # missing or failed packages are OK.
# See https://bugzilla.redhat.com/show_bug.cgi?id=965567
(sudo_with_proxies "${YUM:-yum}" install -y "$@" 2>&1 || echo YUM_FAILED $?) \
- | awk "$parse_yum_result"
- result=$?
-
- if [ "$result" != 0 ]; then
- echo $LINENO "${YUM:-yum}" install failure: $result
- fi
+ | awk "$parse_yum_result" && result=$? || result=$?
time_stop "yum_install"
+ # if we return 1, then the wrapper functions will run an update
+ # and try installing the package again as a defense against bad
+ # mirrors. This can hide failures, especially when we have
+ # packages that are in the "Failed:" section because their rpm
+ # install scripts failed to run correctly (in this case, the
+ # package looks installed, so when the retry happens we just think
+ # the package is OK, and incorrectly continue on).
+ if [ "$result" == 2 ]; then
+ die "Detected fatal package install failure"
+ fi
+
return "$result"
}
@@ -1472,14 +1459,17 @@
local service=$1
local command="$2"
local group=$3
+ local subservice=$4
+
+ local name=${subservice:-$service}
time_start "run_process"
if is_service_enabled $service; then
if [[ "$USE_SCREEN" = "True" ]]; then
- screen_process "$service" "$command" "$group"
+ screen_process "$name" "$command" "$group"
else
# Spawn directly without screen
- _run_process "$service" "$command" "$group" &
+ _run_process "$name" "$command" "$group" &
fi
fi
time_stop "run_process"
@@ -1662,7 +1652,7 @@
done
if [ -n "$failures" ]; then
- die $LINENO "More details about the above errors can be found with screen, with ./rejoin-stack.sh"
+ die $LINENO "More details about the above errors can be found with screen"
fi
}
@@ -2332,8 +2322,9 @@
# Resolution is only in whole seconds, so should be used for long
# running activities.
-declare -A TOTAL_TIME
-declare -A START_TIME
+declare -A _TIME_TOTAL
+declare -A _TIME_START
+declare -r _TIME_BEGIN=$(date +%s)
# time_start $name
#
@@ -2341,11 +2332,11 @@
# already started.
function time_start {
local name=$1
- local start_time=${START_TIME[$name]}
+ local start_time=${_TIME_START[$name]}
if [[ -n "$start_time" ]]; then
die $LINENO "Trying to start the clock on $name, but it's already been started"
fi
- START_TIME[$name]=$(date +%s)
+ _TIME_START[$name]=$(date +%s)
}
# time_stop $name
@@ -2361,32 +2352,53 @@
local start_time
name=$1
- start_time=${START_TIME[$name]}
+ start_time=${_TIME_START[$name]}
if [[ -z "$start_time" ]]; then
die $LINENO "Trying to stop the clock on $name, but it was never started"
fi
end_time=$(date +%s)
elapsed_time=$(($end_time - $start_time))
- total=${TOTAL_TIME[$name]:-0}
+ total=${_TIME_TOTAL[$name]:-0}
# reset the clock so we can start it in the future
- START_TIME[$name]=""
- TOTAL_TIME[$name]=$(($total + $elapsed_time))
+ _TIME_START[$name]=""
+ _TIME_TOTAL[$name]=$(($total + $elapsed_time))
}
# time_totals
-#
-# prints out total time
+# Print out total time summary
function time_totals {
- echo
- echo "========================"
- echo "DevStack Components Timed"
- echo "========================"
- echo
- for t in ${!TOTAL_TIME[*]}; do
- local v=${TOTAL_TIME[$t]}
- echo "$t - $v secs"
+ local elapsed_time
+ local end_time
+ local len=15
+ local xtrace
+
+ end_time=$(date +%s)
+ elapsed_time=$(($end_time - $_TIME_BEGIN))
+
+ # pad 1st column this far
+ for t in ${!_TIME_TOTAL[*]}; do
+ if [[ ${#t} -gt $len ]]; then
+ len=${#t}
+ fi
done
+
+ xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+
+ echo
+ echo "========================="
+ echo "DevStack Component Timing"
+ echo "========================="
+ printf "%-${len}s %3d\n" "Total runtime" "$elapsed_time"
+ echo
+ for t in ${!_TIME_TOTAL[*]}; do
+ local v=${_TIME_TOTAL[$t]}
+ printf "%-${len}s %3d\n" "$t" "$v"
+ done
+ echo "========================="
+
+ $xtrace
}
# Restore xtrace
diff --git a/inc/ini-config b/inc/ini-config
index e99b088..1f12343 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -30,7 +30,8 @@
local option=$3
shift 3
- local values="$(iniget_multiline $file $section $option) $@"
+ local values
+ values="$(iniget_multiline $file $section $option) $@"
iniset_multiline $sudo $file $section $option $values
$xtrace
}
diff --git a/inc/python b/inc/python
index 35bab6f..495150d 100644
--- a/inc/python
+++ b/inc/python
@@ -300,6 +300,13 @@
local flags=$2
local extras=$3
+ # Normalize the directory name to avoid
+ # "installation from path or url cannot be constrained to a version"
+ # error.
+ # REVISIT(yamamoto): Remove this when fixed in pip.
+ # https://github.com/pypa/pip/pull/3582
+ project_dir=$(cd $project_dir && pwd)
+
if [ -n "$REQUIREMENTS_DIR" ]; then
# Constrain this package to this project directory from here on out.
local name
diff --git a/lib/cinder b/lib/cinder
index 081e2f7..1b6a956 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -353,7 +353,7 @@
# Set os_privileged_user credentials (used for os-assisted-snapshots)
iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
- iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME"
+ iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
}
@@ -371,20 +371,21 @@
create_service_user "cinder"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+ get_or_create_service "cinder" "volume" "Cinder Volume Service"
+ get_or_create_endpoint \
+ "volume" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
- get_or_create_service "cinder" "volume" "Cinder Volume Service"
- get_or_create_endpoint "volume" "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
-
- get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
- get_or_create_endpoint "volumev2" "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
- fi
+ get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
+ get_or_create_endpoint \
+ "volumev2" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
fi
}
diff --git a/lib/cinder_backends/solidfire b/lib/cinder_backends/solidfire
deleted file mode 100644
index 16bc527..0000000
--- a/lib/cinder_backends/solidfire
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-#
-# lib/cinder_backends/solidfire
-# Configure the solidfire driver
-
-# Enable with:
-#
-# CINDER_ENABLED_BACKENDS+=,solidfire:<volume-type-name>
-
-# Dependencies:
-#
-# - ``functions`` file
-# - ``cinder`` configurations
-
-# CINDER_CONF
-
-# configure_cinder_driver - make configuration changes, including those to other services
-
-# Save trace setting
-_XTRACE_CINDER_SOLIDFIRE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Entry Points
-# ------------
-
-# configure_cinder_backend_solidfire - Set config files, create data dirs, etc
-function configure_cinder_backend_solidfire {
- # To use SolidFire, set the following in local.conf:
- # CINDER_ENABLED_BACKENDS+=,solidfire:<volume-type-name>
- # SAN_IP=<mvip>
- # SAN_LOGIN=<cluster-admin-account>
- # SAN_PASSWORD=<cluster-admin-password>
-
- local be_name=$1
- iniset $CINDER_CONF $be_name volume_backend_name $be_name
- iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.solidfire.SolidFireDriver"
- iniset $CINDER_CONF $be_name san_ip $SAN_IP
- iniset $CINDER_CONF $be_name san_login $SAN_LOGIN
- iniset $CINDER_CONF $be_name san_password $SAN_PASSWORD
-}
-
-
-# Restore xtrace
-$_XTRACE_CINDER_SOLIDFIRE
-
-# Local variables:
-# mode: shell-script
-# End:
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index 204c257..14425a5 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -47,7 +47,7 @@
}
function configure_database_postgresql {
- local pg_conf pg_dir pg_hba root_roles
+ local pg_conf pg_dir pg_hba root_roles version
echo_summary "Configuring and starting PostgreSQL"
if is_fedora; then
pg_hba=/var/lib/pgsql/data/pg_hba.conf
@@ -56,6 +56,13 @@
sudo postgresql-setup initdb
fi
elif is_ubuntu; then
+ version=`psql --version | cut -d ' ' -f3 | cut -d. -f1-2`
+ if vercmp $version '>=' 9.3; then
+ if [ -z "`pg_lsclusters -h`" ]; then
+ echo 'No PostgreSQL clusters exist; will create one'
+ sudo pg_createcluster $version main --start
+ fi
+ fi
pg_dir=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
pg_hba=$pg_dir/pg_hba.conf
pg_conf=$pg_dir/postgresql.conf
@@ -102,7 +109,7 @@
elif is_fedora || is_suse; then
install_package postgresql-server
if is_fedora; then
- sudo systemctl enable postgresql-server
+ sudo systemctl enable postgresql
fi
else
exit_distro_not_supported "postgresql installation"
diff --git a/lib/glance b/lib/glance
index 0431bba..3743e16 100644
--- a/lib/glance
+++ b/lib/glance
@@ -49,14 +49,14 @@
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
GLANCE_REGISTRY_CONF=$GLANCE_CONF_DIR/glance-registry.conf
GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf
-GLANCE_SEARCH_CONF=$GLANCE_CONF_DIR/glance-search.conf
GLANCE_REGISTRY_PASTE_INI=$GLANCE_CONF_DIR/glance-registry-paste.ini
GLANCE_API_PASTE_INI=$GLANCE_CONF_DIR/glance-api-paste.ini
-GLANCE_SEARCH_PASTE_INI=$GLANCE_CONF_DIR/glance-search-paste.ini
GLANCE_CACHE_CONF=$GLANCE_CONF_DIR/glance-cache.conf
GLANCE_POLICY_JSON=$GLANCE_CONF_DIR/policy.json
GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
GLANCE_SWIFT_STORE_CONF=$GLANCE_CONF_DIR/glance-swift-store.conf
+GLANCE_GLARE_CONF=$GLANCE_CONF_DIR/glance-glare.conf
+GLANCE_GLARE_PASTE_INI=$GLANCE_CONF_DIR/glance-glare-paste.ini
if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then
GLANCE_SERVICE_PROTOCOL="https"
@@ -71,9 +71,8 @@
GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191}
GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191}
-GLANCE_SEARCH_PORT=${GLANCE_SEARCH_PORT:-9393}
-GLANCE_SEARCH_PORT_INT=${GLANCE_SEARCH_PORT_INT:-19393}
-GLANCE_SEARCH_HOSTPORT=${GLANCE_SEARCH_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SEARCH_PORT}
+GLANCE_GLARE_PORT=${GLANCE_GLARE_PORT:-9494}
+GLANCE_GLARE_HOSTPORT=${GLANCE_GLARE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_GLARE_PORT}
# Functions
# ---------
@@ -91,10 +90,6 @@
# kill instances (nova)
# delete image files (glance)
sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR
-
- if is_service_enabled g-search; then
- ${TOP_DIR}/pkg/elasticsearch.sh stop
- fi
}
# configure_glance() - Set config files, create data dirs, etc
@@ -102,6 +97,9 @@
sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
# Copy over our glance configurations and update them
+ if is_service_enabled g-glare; then
+ cp $GLANCE_DIR/etc/glance-glare.conf $GLANCE_GLARE_CONF
+ fi
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
@@ -138,6 +136,9 @@
# Store specific configs
iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
+ if is_service_enabled g-glare; then
+ iniset $GLANCE_GLARE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
+ fi
iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
@@ -152,7 +153,24 @@
iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
- iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
+
+ # Store the glare in swift if enabled.
+ if is_service_enabled g-glare; then
+ iniset $GLANCE_GLARE_CONF glance_store default_store swift
+ iniset $GLANCE_GLARE_CONF glance_store swift_store_create_container_on_put True
+
+ iniset $GLANCE_GLARE_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
+ iniset $GLANCE_GLARE_CONF glance_store default_swift_reference ref1
+ iniset $GLANCE_GLARE_CONF glance_store stores "file, http, swift"
+ iniset $GLANCE_GLARE_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
+
+ # commenting is not strictly necessary but it's confusing to have bad values in conf
+ inicomment $GLANCE_GLARE_CONF glance_store swift_store_user
+ inicomment $GLANCE_GLARE_CONF glance_store swift_store_key
+ inicomment $GLANCE_GLARE_CONF glance_store swift_store_auth_address
+ fi
+
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id default
@@ -207,7 +225,7 @@
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
- iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password
@@ -230,28 +248,27 @@
iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
fi
- # Configure search
- if is_service_enabled g-search; then
- cp $GLANCE_DIR/etc/glance-search.conf $GLANCE_SEARCH_CONF
- iniset $GLANCE_SEARCH_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- iniset $GLANCE_SEARCH_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
- inicomment $GLANCE_SEARCH_CONF DEFAULT log_file
- iniset $GLANCE_SEARCH_CONF DEFAULT use_syslog $SYSLOG
- iniset $GLANCE_SEARCH_CONF database connection $dburl
- iniset $GLANCE_SEARCH_CONF paste_deploy flavor keystone
- configure_auth_token_middleware $GLANCE_SEARCH_CONF glance $GLANCE_AUTH_CACHE_DIR/search
+ # Configure GLANCE_GLARE (Glance Glare)
+ if is_service_enabled g-glare; then
+ local dburl
+ dburl=`database_connection_url glance`
+ setup_colorized_logging $GLANCE_GLARE_CONF DEFAULT tenant user
+ iniset $GLANCE_GLARE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+ iniset $GLANCE_GLARE_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
+ iniset $GLANCE_GLARE_CONF DEFAULT bind_port $GLANCE_GLARE_PORT
+ inicomment $GLANCE_GLARE_CONF DEFAULT log_file
+ iniset $GLANCE_GLARE_CONF DEFAULT workers "$API_WORKERS"
- if is_service_enabled tls-proxy; then
- iniset $GLANCE_SEARCH_CONF DEFAULT bind_port $GLANCE_SEARCH_PORT_INT
- fi
+ iniset $GLANCE_GLARE_CONF database connection $dburl
+ iniset $GLANCE_GLARE_CONF paste_deploy flavor keystone
+ configure_auth_token_middleware $GLANCE_GLARE_CONF glare $GLANCE_AUTH_CACHE_DIR/artifact
# Register SSL certificates if provided
if is_ssl_enabled_service glance; then
ensure_certificates GLANCE
- iniset $GLANCE_SEARCH_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
- iniset $GLANCE_SEARCH_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
+ iniset $GLANCE_GLARE_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
+ iniset $GLANCE_GLARE_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
fi
-
- cp $GLANCE_DIR/etc/glance-search-paste.ini $GLANCE_SEARCH_PASTE_INI
+ cp $GLANCE_DIR/etc/glance-glare-paste.ini $GLANCE_GLARE_PASTE_INI
fi
}
@@ -259,9 +276,10 @@
# Project User Roles
# ---------------------------------------------------------------------
-# SERVICE_TENANT_NAME glance service
-# SERVICE_TENANT_NAME glance-swift ResellerAdmin (if Swift is enabled)
-# SERVICE_TENANT_NAME glance-search search (if Search is enabled)
+# SERVICE_PROJECT_NAME glance service
+# SERVICE_PROJECT_NAME glance-swift ResellerAdmin (if Swift is enabled)
+# SERVICE_PROJECT_NAME glance-search search (if Search is enabled)
+# SERVICE_PROJECT_NAME glare service (if enabled)
function create_glance_accounts {
if is_service_enabled g-api; then
@@ -274,39 +292,36 @@
local glance_swift_user
glance_swift_user=$(get_or_create_user "glance-swift" \
"$SERVICE_PASSWORD" "default" "glance-swift@example.com")
- get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
+ get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_PROJECT_NAME
fi
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "glance" "image" "Glance Image Service"
- get_or_create_endpoint "image" \
- "$REGION_NAME" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
- fi
+ get_or_create_service "glance" "image" "Glance Image Service"
+ get_or_create_endpoint \
+ "image" \
+ "$REGION_NAME" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
fi
- # Add glance-search service and endpoints
- if is_service_enabled g-search; then
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- get_or_create_service "glance-search" "search" "EXPERIMENTAL - Glance Graffiti Search Service"
+ # Add glance-glare service and endpoints
+ if is_service_enabled g-glare; then
+ create_service_user "glare"
+ get_or_create_service "glare" "artifact" "Glance Artifact Service"
- get_or_create_endpoint "search" \
- "$REGION_NAME" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT"
- fi
+ get_or_create_endpoint "artifact" \
+ "$REGION_NAME" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_GLARE_HOSTPORT" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_GLARE_HOSTPORT" \
+ "$GLANCE_SERVICE_PROTOCOL://$GLANCE_GLARE_HOSTPORT"
fi
}
# create_glance_cache_dir() - Part of the init_glance() process
function create_glance_cache_dir {
# Create cache dir
- sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search
- rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/*
+ sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact
+ rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/*
}
# init_glance() - Initialize databases, etc.
@@ -329,12 +344,6 @@
$GLANCE_BIN_DIR/glance-manage db_load_metadefs
create_glance_cache_dir
-
- # Init glance search by exporting found metadefs/images to elasticsearch
- if is_service_enabled g-search; then
- ${TOP_DIR}/pkg/elasticsearch.sh start
- $GLANCE_BIN_DIR/glance-index
- fi
}
# install_glanceclient() - Collect source and prepare
@@ -371,11 +380,6 @@
if is_service_enabled tls-proxy; then
start_tls_proxy '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT &
start_tls_proxy '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT &
-
- # Handle g-search
- if is_service_enabled g-search; then
- start_tls_proxy '*' $GLANCE_SEARCH_PORT $GLANCE_SERVICE_HOST $GLANCE_SEARCH_PORT_INT &
- fi
fi
run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
@@ -386,12 +390,12 @@
die $LINENO "g-api did not start"
fi
- # Start g-search after g-reg/g-api
- if is_service_enabled g-search; then
- run_process g-search "$GLANCE_BIN_DIR/glance-search --config-file=$GLANCE_CONF_DIR/glance-search.conf"
- echo "Waiting for g-search ($GLANCE_SEARCH_HOSTPORT) to start..."
- if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT; then
- die $LINENO "g-search did not start"
+ #Start g-glare after g-reg/g-api/g-search
+ if is_service_enabled g-glare; then
+ run_process g-glare "$GLANCE_BIN_DIR/glance-glare --config-file=$GLANCE_CONF_DIR/glance-glare.conf"
+ echo "Waiting for Glare [g-glare] ($GLANCE_GLARE_HOSTPORT) to start..."
+ if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_GLARE_HOSTPORT; then
+ die $LINENO " Glare [g-glare] did not start"
fi
fi
}
@@ -402,8 +406,8 @@
stop_process g-api
stop_process g-reg
- if is_service_enabled g-search; then
- stop_process g-search
+ if is_service_enabled g-glare; then
+ stop_process g-glare
fi
}
diff --git a/lib/heat b/lib/heat
index df44b76..2cf7a19 100644
--- a/lib/heat
+++ b/lib/heat
@@ -166,9 +166,6 @@
# clients_keystone
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
- # ec2authtoken
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
-
# OpenStack API
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
iniset $HEAT_CONF heat_api workers "$API_WORKERS"
@@ -196,6 +193,9 @@
iniset $HEAT_CONF DEFAULT enable_stack_abandon true
fi
+ iniset $HEAT_CONF cache enabled "True"
+ iniset $HEAT_CONF cache backend "dogpile.cache.memory"
+
sudo install -d -o $STACK_USER $HEAT_ENV_DIR $HEAT_TEMPLATES_DIR
# copy the default environment
@@ -387,23 +387,21 @@
if [[ "$HEAT_STANDALONE" != "True" ]]; then
create_service_user "heat" "admin"
+ get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
+ get_or_create_endpoint \
+ "orchestration" \
+ "$REGION_NAME" \
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
- get_or_create_endpoint "orchestration" \
- "$REGION_NAME" \
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
- "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
-
- get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
- get_or_create_endpoint "cloudformation" \
- "$REGION_NAME" \
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
- "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
- fi
+ get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
+ get_or_create_endpoint \
+ "cloudformation" \
+ "$REGION_NAME" \
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
# heat_stack_user role is for users created by Heat
get_or_create_role "heat_stack_user"
diff --git a/lib/horizon b/lib/horizon
index dca3111..abc1f6d 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -89,7 +89,6 @@
cp $HORIZON_SETTINGS $local_settings
_horizon_config_set $local_settings "" WEBROOT \"$HORIZON_APACHE_ROOT/\"
- _horizon_config_set $local_settings "" CUSTOM_THEME_PATH \"themes/webroot\"
_horizon_config_set $local_settings "" COMPRESS_OFFLINE True
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\"
diff --git a/lib/keystone b/lib/keystone
index 507ee55..71f20ac 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -52,12 +52,26 @@
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
+# NOTE(sdague): remove in Newton
+KEYSTONE_CATALOG_BACKEND="sql"
+
# Toggle for deploying Keystone under HTTPD + mod_wsgi
+# Deprecated in Mitaka, use KEYSTONE_DEPLOY instead.
KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}}
-# Select the Catalog backend driver
-KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
-KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
+# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
+# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
+# - eventlet : Run keystone-all
+# - uwsgi : Run keystone under uwsgi
+if [ -z "$KEYSTONE_DEPLOY" ]; then
+ if [ -z "$KEYSTONE_USE_MOD_WSGI" ]; then
+ KEYSTONE_DEPLOY=mod_wsgi
+ elif [ "$KEYSTONE_USE_MOD_WSGI" == True ]; then
+ KEYSTONE_DEPLOY=mod_wsgi
+ else
+ KEYSTONE_DEPLOY=eventlet
+ fi
+fi
# Select the token persistence backend driver
KEYSTONE_TOKEN_BACKEND=${KEYSTONE_TOKEN_BACKEND:-sql}
@@ -95,6 +109,7 @@
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
# Set the tenant for service accounts in Keystone
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+SERVICE_PROJECT_NAME=${SERVICE_TENANT_NAME:-service}
# if we are running with SSL use https protocols
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
@@ -231,16 +246,15 @@
# Register SSL certificates if provided
if is_ssl_enabled_service key; then
ensure_certificates KEYSTONE
-
- iniset $KEYSTONE_CONF eventlet_server_ssl enable True
- iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
- iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
fi
+ local service_port=$KEYSTONE_SERVICE_PORT
+ local auth_port=$KEYSTONE_AUTH_PORT
+
if is_service_enabled tls-proxy; then
# Set the service ports for a proxy to take the originals
- iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
- iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
+ service_port=$KEYSTONE_SERVICE_PORT_INT
+ auth_port=$KEYSTONE_AUTH_PORT_INT
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
@@ -254,58 +268,70 @@
iniset $KEYSTONE_CONF token driver "$KEYSTONE_TOKEN_BACKEND"
- iniset $KEYSTONE_CONF catalog driver "$KEYSTONE_CATALOG_BACKEND"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
- # Configure ``keystone.conf`` to use sql
- inicomment $KEYSTONE_CONF catalog template_file
- else
- cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
-
- # Add swift endpoints to service catalog if swift is enabled
- if is_service_enabled s-proxy; then
- echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
- fi
-
- # Add neutron endpoints to service catalog if neutron is enabled
- if is_service_enabled neutron; then
- echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG
- echo "catalog.RegionOne.network.name = Neutron Service" >> $KEYSTONE_CATALOG
- fi
-
- sed -e "
- s,%SERVICE_HOST%,$SERVICE_HOST,g;
- s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
- " -i $KEYSTONE_CATALOG
-
- # Configure ``keystone.conf`` to use templates
- iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
- fi
-
# Set up logging
if [ "$SYSLOG" != "False" ]; then
iniset $KEYSTONE_CONF DEFAULT use_syslog "True"
fi
# Format logging
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_USE_MOD_WSGI" == "False" ] ; then
+ if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_DEPLOY" != "mod_wsgi" ] ; then
setup_colorized_logging $KEYSTONE_CONF DEFAULT
fi
iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
- # Eliminate the %(asctime)s.%(msecs)03d from the log format strings
- iniset $KEYSTONE_CONF DEFAULT logging_context_format_string "%(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s"
- iniset $KEYSTONE_CONF DEFAULT logging_default_format_string "%(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s"
- iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(funcName)s %(pathname)s:%(lineno)d"
- iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
+ iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s"
_config_keystone_apache_wsgi
- else
+ elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
+ # iniset creates these files when it's called if they don't exist.
+ KEYSTONE_PUBLIC_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
+ KEYSTONE_ADMIN_UWSGI_FILE=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
+
+ rm -f "$KEYSTONE_PUBLIC_UWSGI_FILE"
+ rm -f "$KEYSTONE_ADMIN_UWSGI_FILE"
+
+ if is_ssl_enabled_service key; then
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi https $KEYSTONE_SERVICE_HOST:$service_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi https $KEYSTONE_ADMIN_BIND_HOST:$auth_port,$KEYSTONE_SSL_CERT,$KEYSTONE_SSL_KEY
+ else
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi http $KEYSTONE_SERVICE_HOST:$service_port
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi http $KEYSTONE_ADMIN_BIND_HOST:$auth_port
+ fi
+
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-public"
+ iniset "$KEYSTONE_PUBLIC_UWSGI_FILE" uwsgi threads $(nproc)
+
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi wsgi-file "$KEYSTONE_BIN_DIR/keystone-wsgi-admin"
+ iniset "$KEYSTONE_ADMIN_UWSGI_FILE" uwsgi threads $API_WORKERS
+
+ # Common settings
+ for file in "$KEYSTONE_PUBLIC_UWSGI_FILE" "$KEYSTONE_ADMIN_UWSGI_FILE"; do
+ # This is running standalone
+ iniset "$file" uwsgi master true
+ # Set die-on-term & exit-on-reload so that uwsgi shuts down
+ iniset "$file" uwsgi die-on-term true
+ iniset "$file" uwsgi exit-on-reload true
+ iniset "$file" uwsgi enable-threads true
+ iniset "$file" uwsgi plugins python
+ # uwsgi recommends this to prevent thundering herd on accept.
+ iniset "$file" uwsgi thunder-lock true
+ # Override the default size for headers from the 4k default.
+ iniset "$file" uwsgi buffer-size 65535
+ # Make sure the client doesn't try to re-use the connection.
+ iniset "$file" uwsgi add-header "Connection: close"
+ done
+
+ else # eventlet
+ if is_ssl_enabled_service key; then
+ iniset $KEYSTONE_CONF eventlet_server_ssl enable True
+ iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
+ iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
+ fi
+
+ iniset $KEYSTONE_CONF eventlet_server public_port $service_port
+ iniset $KEYSTONE_CONF eventlet_server admin_port $auth_port
+
iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
@@ -314,6 +340,12 @@
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
+
+ # Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project.
+ # The users from this project are globally admin as before, but it also
+ # allows policy changes in order to clarify the adminess scope.
+ iniset $KEYSTONE_CONF resource admin_project_domain_name default
+ iniset $KEYSTONE_CONF resource admin_project_name admin
}
# create_keystone_accounts() - Sets up common required keystone accounts
@@ -331,10 +363,10 @@
# alt_demo alt_demo Member, anotherrole
# invisible_to_admin demo Member
-# Group Users Roles Tenant
+# Group Users Roles Tenant
# ------------------------------------------------------------------
-# admins admin admin admin
-# nonadmins demo Member, anotherrole demo
+# admins admin admin admin
+# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo
# Migrated from keystone_data.sh
@@ -353,7 +385,7 @@
get_or_add_user_domain_role $admin_role $admin_user default
# Create service project/role
- get_or_create_project "$SERVICE_TENANT_NAME" default
+ get_or_create_project "$SERVICE_PROJECT_NAME" default
# Service role, so service users do not have to be admins
get_or_create_role service
@@ -427,7 +459,7 @@
local user
user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
- get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
+ get_or_add_user_project_role "$role" "$user" "$SERVICE_PROJECT_NAME"
}
# Configure the service to use the auth token middleware.
@@ -448,13 +480,13 @@
iniset $conf_file $section username $admin_user
iniset $conf_file $section password $SERVICE_PASSWORD
iniset $conf_file $section user_domain_id default
- iniset $conf_file $section project_name $SERVICE_TENANT_NAME
+ iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
iniset $conf_file $section project_domain_id default
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir
- iniset $conf_file $section memcache_servers $SERVICE_HOST:11211
+ iniset $conf_file $section memcached_servers $SERVICE_HOST:11211
}
# init_keystone() - Initialize databases, etc.
@@ -493,7 +525,6 @@
if use_library_from_git "python-keystoneclient"; then
git_clone_by_name "python-keystoneclient"
setup_dev_lib "python-keystoneclient"
- sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-keystoneclient"]}/tools/,/etc/bash_completion.d/}keystone.bash_completion
fi
}
@@ -527,11 +558,13 @@
setup_develop $KEYSTONE_DIR ldap
fi
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
install_apache_wsgi
if is_ssl_enabled_service "key"; then
enable_mod_ssl
fi
+ elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
+ pip_install uwsgi
fi
}
@@ -545,12 +578,15 @@
auth_protocol="http"
fi
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
enable_apache_site keystone
restart_apache_server
tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
- else
+ elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
+ run_process key "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_PUBLIC_UWSGI_FILE" "" "key-p"
+ run_process key "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_ADMIN_UWSGI_FILE" "" "key-a"
+ else # eventlet
# Start Keystone in a screen window
run_process key "$KEYSTONE_BIN_DIR/keystone-all --config-file $KEYSTONE_CONF"
fi
@@ -575,7 +611,7 @@
# stop_keystone() - Stop running processes
function stop_keystone {
- if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
+ if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
disable_apache_site keystone
restart_apache_server
fi
@@ -588,49 +624,22 @@
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
-# - ``KEYSTONE_CATALOG_BACKEND``
# - ``KEYSTONE_AUTH_URI``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
# - ``KEYSTONE_SERVICE_HOST``
# - ``KEYSTONE_SERVICE_PORT``
function bootstrap_keystone {
-
- # Initialize keystone, this will create an 'admin' user, 'admin' project,
- # 'admin' role, and assign the user the role on the project. These resources
- # are created only if they do not already exist.
- $KEYSTONE_BIN_DIR/keystone-manage bootstrap --bootstrap-password $ADMIN_PASSWORD
-
- # Create the keystone service and endpoints. To do this with the new
- # bootstrapping process, we need to get a token and use that token to
- # interact with the new APIs. The token will only be used to create services
- # and endpoints, thus creating a minimal service catalog.
- # They are unset immediately after.
- # TODO(stevemar): OpenStackClient and KeystoneClient do not have support to
- # handle interactions that not return service catalogs. Eventually remove
- # this section when the support is in place. Use token based auth for now.
- local token_id
- token_id=$(openstack token issue -c id -f value \
- --os-username admin --os-project-name admin \
- --os-user-domain-id default --os-project-domain-id default \
- --os-identity-api-version 3 --os-auth-url $KEYSTONE_AUTH_URI \
- --os-password $ADMIN_PASSWORD)
-
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- export OS_TOKEN=$token_id
- export OS_URL=$KEYSTONE_AUTH_URI/v3
- export OS_IDENTITY_API_VERSION=3
-
- get_or_create_service "keystone" "identity" "Keystone Identity Service"
- get_or_create_endpoint "identity" \
- "$REGION_NAME" \
- "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
- "$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION" \
- "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
- fi
-
- unset OS_TOKEN OS_URL OS_IDENTITY_API_VERSION
+ $KEYSTONE_BIN_DIR/keystone-manage bootstrap \
+ --bootstrap-username admin \
+ --bootstrap-password "$ADMIN_PASSWORD" \
+ --bootstrap-project-name admin \
+ --bootstrap-role-name admin \
+ --bootstrap-service-name keystone \
+ --bootstrap-region-id "$REGION_NAME" \
+ --bootstrap-admin-url "$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION" \
+ --bootstrap-public-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
+ --bootstrap-internal-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
}
# Restore xtrace
diff --git a/lib/lvm b/lib/lvm
index ae6023a..b9d7c39 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -124,7 +124,7 @@
if [ "$CINDER_ISCSI_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
else
- sudo tgtadm --op show --mode target | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
+ sudo tgtadm --op show --mode target | awk '/Target/ {print $3}' | sudo xargs -r -n1 tgt-admin --delete
fi
_clean_lvm_volume_group $vg
}
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 78eb55d..34f9840 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -73,6 +73,16 @@
PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"}
PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}
+# Subnetpool defaults
+SUBNETPOOL_NAME=${SUBNETPOOL_NAME:-"shared-default-subnetpool"}
+
+SUBNETPOOL_PREFIX_V4=${SUBNETPOOL_PREFIX_V4:-10.0.0.0/8}
+SUBNETPOOL_PREFIX_V6=${SUBNETPOOL_PREFIX_V6:-2001:db8:8000::/48}
+
+SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}
+SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
+
+
if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
Q_PROTOCOL="https"
fi
@@ -433,15 +443,18 @@
# goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
if is_service_enabled q-lbaas; then
+ deprecated "Configuring q-lbaas through devstack is deprecated"
_configure_neutron_lbaas
fi
if is_service_enabled q-metering; then
_configure_neutron_metering
fi
if is_service_enabled q-vpn; then
+ deprecated "Configuring q-vpn through devstack is deprecated"
_configure_neutron_vpn
fi
if is_service_enabled q-fwaas; then
+ deprecated "Configuring q-fwaas through devstack is deprecated"
_configure_neutron_fwaas
fi
if is_service_enabled q-agt q-svc; then
@@ -473,14 +486,13 @@
}
function create_nova_conf_neutron {
- iniset $NOVA_CONF DEFAULT network_api_class "nova.network.neutronv2.api.API"
-
- iniset $NOVA_CONF neutron auth_plugin "v3password"
+ iniset $NOVA_CONF DEFAULT use_neutron True
+ iniset $NOVA_CONF neutron auth_type "password"
iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "Default"
- iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME"
+ iniset $NOVA_CONF neutron project_name "$SERVICE_PROJECT_NAME"
iniset $NOVA_CONF neutron project_domain_name "Default"
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
@@ -489,7 +501,6 @@
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
- iniset $NOVA_CONF DEFAULT security_group_api neutron
fi
# optionally set options in nova_conf
@@ -522,15 +533,13 @@
create_service_user "neutron"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "neutron" "network" "Neutron Service"
- get_or_create_endpoint "network" \
- "$REGION_NAME" \
- "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
- "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
- "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
- fi
+ get_or_create_service "neutron" "network" "Neutron Service"
+ get_or_create_endpoint \
+ "network" \
+ "$REGION_NAME" \
+ "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
+ "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
+ "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
fi
}
@@ -550,12 +559,12 @@
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
if [[ "$IP_VERSION" =~ 4.* ]]; then
- SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY --subnetpool None $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+ SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $TENANT_ID"
fi
if [[ "$IP_VERSION" =~ .*6 ]] && [[ -n "$IPV6_PROVIDER_FIXED_RANGE" ]] && [[ -n "$IPV6_PROVIDER_NETWORK_GATEWAY" ]]; then
- SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME --subnetpool None $NET_ID $IPV6_PROVIDER_FIXED_RANGE | grep 'id' | get_field 2)
+ SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY --name $IPV6_PROVIDER_SUBNET_NAME $NET_ID $IPV6_PROVIDER_FIXED_RANGE | grep 'id' | get_field 2)
die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $IPV6_PROVIDER_SUBNET_NAME $TENANT_ID"
fi
@@ -579,6 +588,8 @@
fi
fi
+ AUTO_ALLOCATE_EXT=$(neutron ext-list | grep 'auto-allocated-topology' | get_field 1)
+ SUBNETPOOL_EXT=$(neutron ext-list | grep 'subnet_allocation' | get_field 1)
if [[ "$Q_L3_ENABLED" == "True" ]]; then
# Create a router, and add the private subnet as one of its interfaces
if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
@@ -591,11 +602,23 @@
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
fi
+ # if the extension is available, then mark the external
+ # network as default, and provision default subnetpools
+ EXTERNAL_NETWORK_FLAGS="--router:external"
+ if [[ -n $AUTO_ALLOCATE_EXT && -n $SUBNETPOOL_EXT ]]; then
+ EXTERNAL_NETWORK_FLAGS="$EXTERNAL_NETWORK_FLAGS --is-default"
+ if [[ "$IP_VERSION" =~ 4.* ]]; then
+ SUBNETPOOL_V4_ID=$(neutron subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --shared --is-default=True | grep ' id ' | get_field 2)
+ fi
+ if [[ "$IP_VERSION" =~ .*6 ]]; then
+ SUBNETPOOL_V6_ID=$(neutron subnetpool-create $SUBNETPOOL_NAME --default-prefixlen $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --shared --is-default=True | grep ' id ' | get_field 2)
+ fi
+ fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
- EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
else
- EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
@@ -620,6 +643,13 @@
# install_neutron() - Collect source and prepare
function install_neutron {
+ # Install neutron-lib from git so we make sure we're testing
+ # the latest code.
+ if use_library_from_git "neutron-lib"; then
+ git_clone_by_name "neutron-lib"
+ setup_dev_lib "neutron-lib"
+ fi
+
git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
setup_develop $NEUTRON_DIR
if is_service_enabled q-fwaas; then
@@ -681,9 +711,12 @@
# Start running processes, including screen
function start_neutron_service_and_check {
- local cfg_file_options="$(determine_config_files neutron-server)"
local service_port=$Q_PORT
local service_protocol=$Q_PROTOCOL
+ local cfg_file_options
+
+ cfg_file_options="$(determine_config_files neutron-server)"
+
if is_service_enabled tls-proxy; then
service_port=$Q_PORT_INT
service_protocol="http"
@@ -764,7 +797,11 @@
fi
stop_process q-svc
- stop_process q-l3
+
+ if is_service_enabled q-l3; then
+ sudo pkill -f "radvd -C $DATA_DIR/neutron/ra"
+ stop_process q-l3
+ fi
if is_service_enabled q-meta; then
sudo pkill -9 -f neutron-ns-metadata-proxy || :
@@ -1152,12 +1189,12 @@
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
- iniset $NEUTRON_CONF nova auth_plugin password
+ iniset $NEUTRON_CONF nova auth_type password
iniset $NEUTRON_CONF nova auth_url $KEYSTONE_AUTH_URI
iniset $NEUTRON_CONF nova username nova
iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
iniset $NEUTRON_CONF nova user_domain_id default
- iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
+ iniset $NEUTRON_CONF nova project_name $SERVICE_PROJECT_NAME
iniset $NEUTRON_CONF nova project_domain_id default
iniset $NEUTRON_CONF nova region_name $REGION_NAME
@@ -1254,7 +1291,6 @@
subnet_params+="--ip_version 4 "
subnet_params+="--gateway $NETWORK_GATEWAY "
subnet_params+="--name $PRIVATE_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$NET_ID $FIXED_RANGE"
local subnet_id
subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
@@ -1271,7 +1307,6 @@
subnet_params+="--ip_version 6 "
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
local ipv6_subnet_id
ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
@@ -1285,7 +1320,6 @@
subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
subnet_params+="--name $PUBLIC_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
subnet_params+="-- --enable_dhcp=False"
local id_and_ext_gw_ip
@@ -1299,7 +1333,6 @@
local subnet_params="--ip_version 6 "
subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
- subnet_params+="--subnetpool None "
subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
subnet_params+="-- --enable_dhcp=False"
local ipv6_id_and_ext_gw_ip
@@ -1420,9 +1453,13 @@
function setup_neutron_debug {
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
- neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
+ if [[ -n $public_net_id ]]; then
+ neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
+ fi
private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
- neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
+ if [[ -n $private_net_id ]]; then
+ neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
+ fi
fi
}
diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
deleted file mode 100644
index ca0b70c..0000000
--- a/lib/neutron_plugins/midonet
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# REVISIT(devvesa): This file is needed so Q_PLUGIN=midonet will work.
-
-# FIXME(yamamoto): This function should not be here, but unfortunately
-# devstack calls it before the external plugins are fetched
-function has_neutron_plugin_security_group {
- # 0 means True here
- return 0
-}
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 0483ef1..30e1b03 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -40,12 +40,6 @@
# L3 Plugin to load for ML2
ML2_L3_PLUGIN=${ML2_L3_PLUGIN:-neutron.services.l3_router.l3_router_plugin.L3RouterPlugin}
-# Underlying path MTU for physical network managing br-tun; use '-' instead of
-# ':-' to allow people to explicitly override this to blank, to disable
-# automatic MTU calculation for tunnelled tenant networks
-Q_ML2_PLUGIN_PATH_MTU=${Q_ML2_PLUGIN_PATH_MTU-1500}
-
-
function populate_ml2_config {
CONF=$1
SECTION=$2
@@ -83,12 +77,6 @@
echo "WARNING - The ml2 plugin is using local tenant networks, with no connectivity between hosts."
fi
- # Enable ml2 mtu calculation mechanism for networks by providing path mtu
- # value for physical devices that are used for br-tun traffic
- if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]] && [[ "$Q_ML2_PLUGIN_PATH_MTU" != "" ]]; then
- iniset /$Q_PLUGIN_CONF_FILE ml2 path_mtu "$Q_ML2_PLUGIN_PATH_MTU"
- fi
-
# Allow for overrding VLAN configuration (for example, to configure provider
# VLANs) by first checking if Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS is set.
if [ "$Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS" == "" ]; then
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index b1acacd..339d5fd 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -43,12 +43,6 @@
# Setup agent for tunneling
if [[ "$OVS_ENABLE_TUNNELING" == "True" ]]; then
- # Verify tunnels are supported
- # REVISIT - also check kernel module support for GRE and patch ports
- OVS_VERSION=`ovs-vsctl --version | head -n 1 | grep -E -o "[0-9]+\.[0-9]+"`
- if [ `vercmp_numbers "$OVS_VERSION" "1.4"` -lt "0" ] && ! is_service_enabled q-svc ; then
- die $LINENO "You are running OVS version $OVS_VERSION. OVS 1.4+ is required for tunneling between multiple hosts."
- fi
iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
iniset /$Q_PLUGIN_CONF_FILE ovs tunnel_bridge $OVS_TUNNEL_BRIDGE
fi
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index 2b7f32d..40968fa 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -7,7 +7,8 @@
_XTRACE_NEUTRON_FIREWALL=$(set +o | grep xtrace)
set +o xtrace
-FWAAS_PLUGIN=neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin
+FWAAS_PLUGIN=${FWAAS_PLUGIN:-neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin}
+FWAAS_DRIVER=${FWAAS_DRIVER:-neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver}
function neutron_fwaas_configure_common {
_neutron_service_plugin_class_add $FWAAS_PLUGIN
@@ -21,7 +22,7 @@
cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini.sample $FWAAS_DRIVER_CONF_FILENAME
iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
- iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
+ iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "$FWAAS_DRIVER"
}
function neutron_fwaas_stop {
diff --git a/lib/neutron_plugins/vmware_dvs b/lib/neutron_plugins/vmware_dvs
deleted file mode 100644
index 587d5a6..0000000
--- a/lib/neutron_plugins/vmware_dvs
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# This file is needed so Q_PLUGIN=vmware_dvs will work.
-
-# FIXME(salv-orlando): This function should not be here, but unfortunately
-# devstack calls it before the external plugins are fetched
-function has_neutron_plugin_security_group {
- # 0 means True here
- return 0
-}
diff --git a/lib/neutron_plugins/vmware_nsx b/lib/neutron_plugins/vmware_nsx
deleted file mode 100644
index b6c1c9c..0000000
--- a/lib/neutron_plugins/vmware_nsx
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# This file is needed so Q_PLUGIN=vmware_nsx will work.
-
-# FIXME(salv-orlando): This function should not be here, but unfortunately
-# devstack calls it before the external plugins are fetched
-function has_neutron_plugin_security_group {
- # 0 means True here
- return 0
-}
diff --git a/lib/neutron_plugins/vmware_nsx_v b/lib/neutron_plugins/vmware_nsx_v
deleted file mode 100644
index 3d33c65..0000000
--- a/lib/neutron_plugins/vmware_nsx_v
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-#
-# This file is needed so Q_PLUGIN=vmware_nsx_v will work.
-
-# FIXME(salv-orlando): This function should not be here, but unfortunately
-# devstack calls it before the external plugins are fetched
-function has_neutron_plugin_security_group {
- # 0 means True here
- return 0
-}
diff --git a/lib/neutron_plugins/vmware_nsx_v3 b/lib/neutron_plugins/vmware_nsx_v3
deleted file mode 100644
index 6d8a6e6..0000000
--- a/lib/neutron_plugins/vmware_nsx_v3
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# This file is needed so Q_PLUGIN=vmware_nsx_v3 will work.
-
-# FIXME(salv-orlando): This function should not be here, but unfortunately
-# devstack calls it before the external plugins are fetched
-function has_neutron_plugin_security_group {
- # 0 means True here
- return 0
-}
diff --git a/lib/nova b/lib/nova
index dc425a1..c7d7a2c 100644
--- a/lib/nova
+++ b/lib/nova
@@ -34,6 +34,7 @@
# Set up default directories
GITDIR["python-novaclient"]=$DEST/python-novaclient
+GITDIR["os-vif"]=$DEST/os-vif
NOVA_DIR=$DEST/nova
# Nova virtual environment
@@ -74,9 +75,6 @@
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
NOVA_SERVICE_PROTOCOL="https"
- EC2_SERVICE_PROTOCOL="https"
-else
- EC2_SERVICE_PROTOCOL="http"
fi
# Public facing bits
@@ -86,8 +84,6 @@
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
-EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}
-EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}
# Option to enable/disable config drive
@@ -96,7 +92,7 @@
# Nova supports pluggable schedulers. The default ``FilterScheduler``
# should work in most cases.
-SCHEDULER=${SCHEDULER:-nova.scheduler.filter_scheduler.FilterScheduler}
+SCHEDULER=${SCHEDULER:-filter_scheduler}
# The following FILTERS contains SameHostFilter and DifferentHostFilter with
# the default filters.
@@ -140,7 +136,6 @@
PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}
VLAN_INTERFACE=${VLAN_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-$FLAT_NETWORK_BRIDGE_DEFAULT}
-EC2_DMZ_HOST=${EC2_DMZ_HOST:-$SERVICE_HOST}
# If you are using the FlatDHCP network mode on multiple hosts, set the
# ``FLAT_INTERFACE`` variable but make sure that the interface doesn't already
@@ -404,8 +399,8 @@
#
# Project User Roles
# ------------------------------------------------------------------
-# SERVICE_TENANT_NAME nova admin
-# SERVICE_TENANT_NAME nova ResellerAdmin (if Swift is enabled)
+# SERVICE_PROJECT_NAME nova admin
+# SERVICE_PROJECT_NAME nova ResellerAdmin (if Swift is enabled)
function create_nova_accounts {
# Nova
@@ -415,29 +410,28 @@
# this service user when notifying nova of changes and that requires the admin role.
create_service_user "nova" "admin"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- local nova_api_url
- if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
- nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
- else
- nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
- fi
-
- get_or_create_service "nova_legacy" "compute_legacy" \
- "Nova Compute Service (Legacy 2.0)"
- get_or_create_endpoint "compute_legacy" \
- "$REGION_NAME" \
- "$nova_api_url/v2/\$(tenant_id)s" \
- "$nova_api_url/v2/\$(tenant_id)s" \
- "$nova_api_url/v2/\$(tenant_id)s"
-
- get_or_create_service "nova" "compute" "Nova Compute Service"
- get_or_create_endpoint "compute" \
- "$REGION_NAME" \
- "$nova_api_url/v2.1/\$(tenant_id)s" \
- "$nova_api_url/v2.1/\$(tenant_id)s" \
- "$nova_api_url/v2.1/\$(tenant_id)s"
+ local nova_api_url
+ if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
+ nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
+ else
+ nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
fi
+
+ get_or_create_service "nova_legacy" "compute_legacy" "Nova Compute Service (Legacy 2.0)"
+ get_or_create_endpoint \
+ "compute_legacy" \
+ "$REGION_NAME" \
+ "$nova_api_url/v2/\$(tenant_id)s" \
+ "$nova_api_url/v2/\$(tenant_id)s" \
+ "$nova_api_url/v2/\$(tenant_id)s"
+
+ get_or_create_service "nova" "compute" "Nova Compute Service"
+ get_or_create_endpoint \
+ "compute" \
+ "$REGION_NAME" \
+ "$nova_api_url/v2.1/\$(tenant_id)s" \
+ "$nova_api_url/v2.1/\$(tenant_id)s" \
+ "$nova_api_url/v2.1/\$(tenant_id)s"
fi
if is_service_enabled n-api; then
@@ -445,21 +439,19 @@
if is_service_enabled swift; then
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
- get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
+ get_or_add_user_project_role ResellerAdmin nova $SERVICE_PROJECT_NAME
fi
fi
# S3
if is_service_enabled swift3; then
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "s3" "s3" "S3"
- get_or_create_endpoint "s3" \
- "$REGION_NAME" \
- "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
- "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
- "http://$SERVICE_HOST:$S3_SERVICE_PORT"
- fi
+ get_or_create_service "s3" "s3" "S3"
+ get_or_create_endpoint \
+ "s3" \
+ "$REGION_NAME" \
+ "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
+ "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
+ "http://$SERVICE_HOST:$S3_SERVICE_PORT"
fi
}
@@ -501,6 +493,8 @@
iniset $NOVA_CONF DEFAULT bindir "/usr/bin"
fi
+ iniset $NOVA_CONF privsep_osbrick helper_command "sudo nova-rootwrap \$rootwrap_config privsep-helper --config-file $NOVA_CONF"
+
if is_service_enabled n-api; then
if is_service_enabled n-api-meta; then
# If running n-api-meta as a separate service
@@ -597,7 +591,6 @@
iniset $NOVA_CONF spice enabled false
fi
- iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST"
iniset_rpc_backend nova $NOVA_CONF
iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
@@ -689,8 +682,6 @@
iniset $NOVA_CONF DEFAULT public_interface "$PUBLIC_INTERFACE"
iniset $NOVA_CONF DEFAULT vlan_interface "$VLAN_INTERFACE"
iniset $NOVA_CONF DEFAULT flat_network_bridge "$FLAT_NETWORK_BRIDGE"
- # force down dhcp leases to 5 minutes, which lets us expire faster
- iniset $NOVA_CONF DEFAULT dhcp_lease_time 300
if [ -n "$FLAT_INTERFACE" ]; then
iniset $NOVA_CONF DEFAULT flat_interface "$FLAT_INTERFACE"
fi
@@ -719,6 +710,10 @@
recreate_database $NOVA_API_DB
$NOVA_BIN_DIR/nova-manage api_db sync
+
+ # Run online migrations on the new databases
+ # Needed for flavor conversion
+ $NOVA_BIN_DIR/nova-manage db online_data_migrations
fi
create_nova_cache_dir
@@ -740,6 +735,13 @@
# install_nova() - Collect source and prepare
function install_nova {
+
+ # Install os-vif
+ if use_library_from_git "os-vif"; then
+ git_clone_by_name "os-vif"
+ setup_dev_lib "os-vif"
+ fi
+
if is_service_enabled n-cpu && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; then
install_nova_hypervisor
fi
@@ -815,7 +817,6 @@
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
- start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT &
fi
export PATH=$old_path
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index c6ed85d..43e7797 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -41,7 +41,7 @@
iniset $NOVA_CONF DEFAULT compute_driver nova.virt.ironic.IronicDriver
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
- iniset $NOVA_CONF DEFAULT scheduler_host_manager nova.scheduler.ironic_host_manager.IronicHostManager
+ iniset $NOVA_CONF DEFAULT scheduler_host_manager ironic_host_manager
iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
# ironic section
diff --git a/lib/swift b/lib/swift
index 9edeb0a..8c5aa5e 100644
--- a/lib/swift
+++ b/lib/swift
@@ -71,17 +71,20 @@
# only 1G we can not upload volume to image.
# Increase Swift disk size up to 2G
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=2G
+ SWIFT_MAX_FILE_SIZE_DEFAULT=1073741824 # 1G
else
# DevStack will create a loop-back disk formatted as XFS to store the
# swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in
# kilobytes.
# Default is 1 gigabyte.
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=1G
+ SWIFT_MAX_FILE_SIZE_DEFAULT=536870912 # 512M
fi
# if tempest enabled the default size is 6 Gigabyte.
if is_service_enabled tempest; then
SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=${SWIFT_LOOPBACK_DISK_SIZE:-6G}
+ SWIFT_MAX_FILE_SIZE_DEFAULT=5368709122 # Swift default 5G
fi
SWIFT_LOOPBACK_DISK_SIZE=${SWIFT_LOOPBACK_DISK_SIZE:-$SWIFT_LOOPBACK_DISK_SIZE_DEFAULT}
@@ -127,6 +130,10 @@
# Swift API
SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
+# Set ``SWIFT_MAX_FILE_SIZE`` to configure the maximum file size in Swift API
+# Default 500MB because the loopback file used for swift could be 1 or 2 GB
+SWIFT_MAX_FILE_SIZE=${SWIFT_MAX_FILE_SIZE:-$SWIFT_MAX_FILE_SIZE_DEFAULT}
+
# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
# Port bases used in port number calculation for the service "nodes"
# The specified port number will be used, the additional ports calculated by
@@ -450,7 +457,7 @@
auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
cafile = ${SSL_BUNDLE_FILE}
admin_user = swift
-admin_tenant_name = ${SERVICE_TENANT_NAME}
+admin_tenant_name = ${SERVICE_PROJECT_NAME}
admin_password = ${SERVICE_PASSWORD}
[filter:swift3]
@@ -462,6 +469,7 @@
cp ${SWIFT_DIR}/etc/swift.conf-sample ${SWIFT_CONF_DIR}/swift.conf
iniset ${SWIFT_CONF_DIR}/swift.conf swift-hash swift_hash_path_suffix ${SWIFT_HASH}
iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_header_size ${SWIFT_MAX_HEADER_SIZE}
+ iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_file_size ${SWIFT_MAX_FILE_SIZE}
local node_number
for node_number in ${SWIFT_REPLICAS_SEQ}; do
@@ -612,8 +620,6 @@
export swiftusertest3_password=testing3
export swiftusertest4_password=testing4
- KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
-
local another_role
another_role=$(get_or_create_role "anotherrole")
@@ -621,15 +627,13 @@
# temp urls, which break when uploaded by a non-admin role
create_service_user "swift" "admin"
- if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
- get_or_create_service "swift" "object-store" "Swift Service"
- get_or_create_endpoint "object-store" \
- "$REGION_NAME" \
- "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" \
- "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT" \
- "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s"
- fi
+ get_or_create_service "swift" "object-store" "Swift Service"
+ get_or_create_endpoint \
+ "object-store" \
+ "$REGION_NAME" \
+ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" \
+ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT" \
+ "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s"
local swift_tenant_test1
swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
@@ -816,7 +820,7 @@
# note we are using swift credentials!
OS_USERNAME=swift \
OS_PASSWORD=$SERVICE_PASSWORD \
- OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
+ OS_PROJECT_NAME=$SERVICE_PROJECT_NAME \
openstack object store account \
set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
}
diff --git a/lib/tempest b/lib/tempest
index add1b0e..ed26caf 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -176,17 +176,18 @@
sudo install -d -o $STACK_USER $TEMPEST_CONFIG_DIR
rm -f $TEMPEST_CONFIG
- password=${ADMIN_PASSWORD:-secrete}
+ local password=${ADMIN_PASSWORD:-secret}
# See ``lib/keystone`` where these users and tenants are set up
- ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
- ADMIN_TENANT_NAME=${ADMIN_TENANT_NAME:-admin}
- ADMIN_DOMAIN_NAME=${ADMIN_DOMAIN_NAME:-Default}
- TEMPEST_USERNAME=${TEMPEST_USERNAME:-demo}
- TEMPEST_TENANT_NAME=${TEMPEST_TENANT_NAME:-demo}
- ALT_USERNAME=${ALT_USERNAME:-alt_demo}
- ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
- ADMIN_TENANT_ID=$(openstack project list | awk "/ admin / { print \$2 }")
+ local admin_username=${ADMIN_USERNAME:-admin}
+ local admin_tenant_name=${ADMIN_TENANT_NAME:-admin}
+ local admin_domain_name=${ADMIN_DOMAIN_NAME:-Default}
+ local tempest_username=${TEMPEST_USERNAME:-demo}
+ local tempest_tenant_name=${TEMPEST_TENANT_NAME:-demo}
+ local alt_username=${ALT_USERNAME:-alt_demo}
+ local alt_tenant_name=${ALT_TENANT_NAME:-alt_demo}
+ local admin_tenant_id
+ admin_tenant_id=$(openstack project list | awk "/ admin / { print \$2 }")
if is_service_enabled nova; then
# If ``DEFAULT_INSTANCE_TYPE`` is not declared, use the new behavior
@@ -260,11 +261,11 @@
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
- iniset $TEMPEST_CONFIG auth admin_username $ADMIN_USERNAME
+ iniset $TEMPEST_CONFIG auth admin_username $admin_username
iniset $TEMPEST_CONFIG auth admin_password "$password"
- iniset $TEMPEST_CONFIG auth admin_tenant_name $ADMIN_TENANT_NAME
- iniset $TEMPEST_CONFIG auth admin_tenant_id $ADMIN_TENANT_ID
- iniset $TEMPEST_CONFIG auth admin_domain_name $ADMIN_DOMAIN_NAME
+ iniset $TEMPEST_CONFIG auth admin_tenant_name $admin_tenant_name
+ iniset $TEMPEST_CONFIG auth admin_tenant_id $admin_tenant_id
+ iniset $TEMPEST_CONFIG auth admin_domain_name $admin_domain_name
fi
if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
# Only Identity v3 is available; then skip Identity API v2 tests
@@ -321,7 +322,30 @@
local tmp_cfg_file
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
- tox -revenv -- tempest verify-config -uro $tmp_cfg_file
+ if [[ "$OFFLINE" != "True" ]]; then
+ tox -revenv --notest
+ fi
+
+ # Auth
+ iniset $TEMPEST_CONFIG auth tempest_roles "Member"
+ if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
+ if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
+ tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_tenant_name -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
+ else
+ tempest-account-generator -c $TEMPEST_CONFIG --os-username $admin_username --os-password "$password" --os-tenant-name $admin_tenant_name -r $TEMPEST_CONCURRENCY etc/accounts.yaml
+ fi
+ iniset $TEMPEST_CONFIG auth use_dynamic_credentials False
+ iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
+ elif [[ $TEMPEST_HAS_ADMIN == "False" ]]; then
+ iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-False}
+
+ else
+ iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
+ fi
+
+ # NOTE(mtreinish): Respect constraints on tempest verify-config venv
+ tox -evenv -- pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
+ tox -evenv -- tempest verify-config -uro $tmp_cfg_file
local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then
@@ -408,12 +432,15 @@
if [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
iniset $TEMPEST_CONFIG orchestration image_ref $(basename "${HEAT_CFN_IMAGE_URL%.*}")
fi
- # build a specialized heat flavor
- available_flavors=$(nova flavor-list)
- if [[ ! ( $available_flavors =~ 'm1.heat' ) ]]; then
- nova flavor-create m1.heat 451 512 0 1
+ # Nova might not be enabled, especially when we want to test tempest scenario/API that only create Neutron resources
+ if is_service_enabled nova; then
+ # build a specialized heat flavor
+ available_flavors=$(nova flavor-list)
+ if [[ ! ( $available_flavors =~ 'm1.heat' ) ]]; then
+ nova flavor-create m1.heat 451 512 0 1
+ fi
+ iniset $TEMPEST_CONFIG orchestration instance_type "m1.heat"
fi
- iniset $TEMPEST_CONFIG orchestration instance_type "m1.heat"
iniset $TEMPEST_CONFIG orchestration build_timeout 900
iniset $TEMPEST_CONFIG orchestration stack_owner_role "_member_"
fi
@@ -450,10 +477,6 @@
iniset $TEMPEST_CONFIG validation network_for_ssh $PRIVATE_NETWORK_NAME
# Volume
- # TODO(dkranz): Remove the bootable flag when Juno is end of life.
- iniset $TEMPEST_CONFIG volume-feature-enabled bootable True
- # TODO(jordanP): Remove the extend_with_snapshot flag when Juno is end of life.
- iniset $TEMPEST_CONFIG volume-feature-enabled extend_with_snapshot True
# TODO(obutenko): Remove the incremental_backup_force flag when Kilo and Juno is end of life.
iniset $TEMPEST_CONFIG volume-feature-enabled incremental_backup_force True
# TODO(ynesenenko): Remove the volume_services flag when Liberty and Kilo will correct work with host info.
@@ -532,8 +555,9 @@
# this tempest service list needs to be all the services that
# tempest supports, otherwise we can have an erroneous set of
# defaults (something defaulting true in Tempest, but not listed here).
- TEMPEST_SERVICES="key,glance,nova,neutron,cinder,swift,heat,ceilometer,horizon,sahara,ironic,trove"
- for service in ${TEMPEST_SERVICES//,/ }; do
+ local service
+ local tempest_services="key,glance,nova,neutron,cinder,swift,heat,ceilometer,horizon,sahara,ironic,trove"
+ for service in ${tempest_services//,/ }; do
if is_service_enabled $service ; then
iniset $TEMPEST_CONFIG service_available $service "True"
else
@@ -547,23 +571,6 @@
iniset $TEMPEST_CONFIG service_available cinder "False"
fi
- # Auth
- iniset $TEMPEST_CONFIG auth tempest_roles "Member"
- if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
- if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
- tempest-account-generator -c $TEMPEST_CONFIG --os-username $ADMIN_USERNAME --os-password $ADMIN_PASSWORD --os-tenant-name $ADMIN_TENANT_NAME -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
- else
- tempest-account-generator -c $TEMPEST_CONFIG --os-username $ADMIN_USERNAME --os-password $ADMIN_PASSWORD --os-tenant-name $ADMIN_TENANT_NAME -r $TEMPEST_CONCURRENCY etc/accounts.yaml
- fi
- iniset $TEMPEST_CONFIG auth use_dynamic_credentials False
- iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
- elif [[ $TEMPEST_HAS_ADMIN == "False" ]]; then
- iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-False}
-
- else
- iniset $TEMPEST_CONFIG auth use_dynamic_credentials ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
- fi
-
# Restore IFS
IFS=$ifs
}
@@ -588,6 +595,10 @@
pip_install tox
pushd $TEMPEST_DIR
tox --notest -efull
+ # NOTE(mtreinish) Respect constraints in the tempest full venv, things that
+ # are using a tox job other than full will not be respecting constraints but
+ # running pip install -U on tempest requirements
+ $TEMPEST_DIR/.tox/full/bin/pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
PROJECT_VENV["tempest"]=${TEMPEST_DIR}/.tox/full
install_tempest_lib
popd
diff --git a/lib/tls b/lib/tls
index f4740b8..ca57ed4 100644
--- a/lib/tls
+++ b/lib/tls
@@ -257,6 +257,14 @@
local common_name=$3
local alt_names=$4
+ if [ "$common_name" != "$SERVICE_HOST" ]; then
+ if [[ -z "$alt_names" ]]; then
+ alt_names="DNS:$SERVICE_HOST"
+ else
+ alt_names="$alt_names,DNS:$SERVICE_HOST"
+ fi
+ fi
+
# Only generate the certificate if it doesn't exist yet on the disk
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
# Generate a signing request
diff --git a/openrc b/openrc
index 9bc0fd7..db2e97d 100644
--- a/openrc
+++ b/openrc
@@ -1,9 +1,9 @@
#!/usr/bin/env bash
#
-# source openrc [username] [tenantname]
+# source openrc [username] [projectname]
#
-# Configure a set of credentials for $TENANT/$USERNAME:
-# Set OS_TENANT_NAME to override the default tenant 'demo'
+# Configure a set of credentials for $PROJECT/$USERNAME:
+# Set OS_PROJECT_NAME to override the default project 'demo'
# Set OS_USERNAME to override the default user name 'demo'
# Set ADMIN_PASSWORD to set the password for 'admin' and 'demo'
@@ -14,7 +14,7 @@
OS_USERNAME=$1
fi
if [[ -n "$2" ]]; then
- OS_TENANT_NAME=$2
+ OS_PROJECT_NAME=$2
fi
# Find the other rc files
@@ -34,20 +34,24 @@
# Get some necessary configuration
source $RC_DIR/lib/tls
-# The introduction of Keystone to the OpenStack ecosystem has standardized the
-# term **tenant** as the entity that owns resources. In some places references
-# still exist to the original Nova term **project** for this use. Also,
-# **tenant_name** is preferred to **tenant_id**.
-export OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
+# The OpenStack ecosystem has standardized the term **project** as the
+# entity that owns resources. In some places **tenant** remains
+# referenced, but in all cases this just means **project**. We will
+# warn if we need to turn on legacy **tenant** support to have a
+# working environment.
+export OS_PROJECT_NAME=${OS_PROJECT_NAME:-demo}
-# In addition to the owning entity (tenant), nova stores the entity performing
+echo "WARNING: setting legacy OS_TENANT_NAME to support cli tools."
+export OS_TENANT_NAME=$OS_PROJECT_NAME
+
+# In addition to the owning entity (project), nova stores the entity performing
# the action as the **user**.
export OS_USERNAME=${OS_USERNAME:-demo}
# With Keystone you pass the keystone password instead of an api key.
# Recent versions of novaclient use OS_PASSWORD instead of NOVA_API_KEYs
# or NOVA_PASSWORD.
-export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
+export OS_PASSWORD=${ADMIN_PASSWORD:-secret}
# Don't put the key into a keyring by default. Testing for development is much
# easier with this off.
@@ -81,7 +85,7 @@
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
-# the user/tenant has access to - including nova, glance, keystone, swift, ...
+# the user/project has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the 2.0 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
diff --git a/rejoin-stack.sh b/rejoin-stack.sh
deleted file mode 100755
index 30b7bab..0000000
--- a/rejoin-stack.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#! /usr/bin/env bash
-
-# This script rejoins an existing screen, or re-creates a
-# screen session from a previous run of stack.sh.
-
-TOP_DIR=`dirname $0`
-
-# Import common functions in case the localrc (loaded via stackrc)
-# uses them.
-source $TOP_DIR/functions
-
-source $TOP_DIR/stackrc
-
-# if screenrc exists, run screen
-if [[ -e $TOP_DIR/stack-screenrc ]]; then
- if screen -ls | egrep -q "[0-9].stack"; then
- echo "Attaching to already started screen session.."
- exec screen -r stack
- fi
- exec screen -c $TOP_DIR/stack-screenrc
-fi
-
-echo "Couldn't find $TOP_DIR/stack-screenrc file; have you run stack.sh yet?"
-exit 1
diff --git a/samples/local.conf b/samples/local.conf
index ea68dc0..06ac185 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -25,7 +25,7 @@
# If the ``*_PASSWORD`` variables are not set here you will be prompted to enter
# values for them by ``stack.sh``and they will be added to ``local.conf``.
-ADMIN_PASSWORD=nomoresecrete
+ADMIN_PASSWORD=nomoresecret
DATABASE_PASSWORD=stackdb
RABBIT_PASSWORD=stackqueue
SERVICE_PASSWORD=$ADMIN_PASSWORD
diff --git a/stack.sh b/stack.sh
index c21ff77..793b7dc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -138,7 +138,7 @@
source $TOP_DIR/lib/stack
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
@@ -799,7 +799,7 @@
fi
fi
-if is_service_enabled s-proxy; then
+if is_service_enabled swift; then
if is_service_enabled ceilometer; then
install_ceilometermiddleware
fi
@@ -1004,10 +1004,6 @@
bootstrap_keystone
fi
- if is_service_enabled tls-proxy; then
- export OS_CACERT=$INT_CA_DIR/ca-chain.pem
- fi
-
# Rather than just export these, we write them out to a
# intermediate userrc file that can also be used to debug if
# something goes wrong between here and running
@@ -1028,6 +1024,10 @@
EOF
+ if is_service_enabled tls-proxy; then
+ echo "export OS_CACERT=$INT_CA_DIR/ca-chain.pem" >> $TOP_DIR/userrc_early
+ fi
+
source $TOP_DIR/userrc_early
create_keystone_accounts
@@ -1118,7 +1118,7 @@
# Storage Service
# ---------------
-if is_service_enabled s-proxy; then
+if is_service_enabled swift; then
echo_summary "Configuring Swift"
init_swift
fi
@@ -1172,7 +1172,7 @@
# Only run the services specified in ``ENABLED_SERVICES``
# Launch Swift Services
-if is_service_enabled s-proxy; then
+if is_service_enabled swift; then
echo_summary "Starting Swift"
start_swift
fi
@@ -1208,14 +1208,6 @@
done
fi
-# Create an access key and secret key for Nova EC2 register image
-if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then
- eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret)
- iniset $NOVA_CONF DEFAULT s3_access_key "$access"
- iniset $NOVA_CONF DEFAULT s3_secret_key "$secret"
- iniset $NOVA_CONF DEFAULT s3_affix_tenant "True"
-fi
-
# Create a randomized default value for the keymgr's fixed_key
if is_service_enabled nova; then
iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32)
diff --git a/stackrc b/stackrc
index 887d4b3..17d6047 100644
--- a/stackrc
+++ b/stackrc
@@ -14,9 +14,6 @@
LC_ALL=C
export LC_ALL
-# Make tracing more educational
-export PS4='+ ${BASH_SOURCE}:${FUNCNAME[0]}:L${LINENO}: '
-
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
@@ -67,7 +64,7 @@
# Keystone - nothing works without keystone
ENABLED_SERVICES=key
# Nova - services to support libvirt based openstack clouds
- ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt,n-cauth
+ ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-cauth
# Glance services needed for Nova
ENABLED_SERVICES+=,g-api,g-reg
# Cinder
@@ -132,6 +129,16 @@
source $RC_DIR/.localrc.auto
fi
+# Use color for logging output (only available if syslog is not used)
+LOG_COLOR=$(trueorfalse True LOG_COLOR)
+
+# Make tracing more educational
+if [[ "$LOG_COLOR" == "True" ]]; then
+ export PS4='+\[$(tput setaf 242)\]$(short_source)\[$(tput sgr0)\] '
+else
+ export PS4='+ $(short_source): '
+fi
+
# Configure Identity API version: 2.0, 3
IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
@@ -477,12 +484,25 @@
GITREPO["os-brick"]=${OS_BRICK_REPO:-${GIT_BASE}/openstack/os-brick.git}
GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master}
+# os-vif library to communicate between Neutron to Nova
+GITREPO["os-vif"]=${OS_VIF_REPO:-${GIT_BASE}/openstack/os-vif.git}
+GITBRANCH["os-vif"]=${OS_VIF_BRANCH:-master}
+
# ironic common lib
GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git}
GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master}
# this doesn't exist in a lib file, so set it here
GITDIR["ironic-lib"]=$DEST/ironic-lib
+# diskimage-builder tool
+GITREPO["diskimage-builder"]=${DIB_REPO:-${GIT_BASE}/openstack/diskimage-builder.git}
+GITBRANCH["diskimage-builder"]=${DIB_BRANCH:-master}
+GITDIR["diskimage-builder"]=$DEST/diskimage-builder
+
+# neutron-lib library containing neutron stable non-REST interfaces
+GITREPO["neutron-lib"]=${NEUTRON_LIB_REPO:-${GIT_BASE}/openstack/neutron-lib.git}
+GITBRANCH["neutron-lib"]=${NEUTRON_LIB_BRANCH:-master}
+GITDIR["neutron-lib"]=$DEST/neutron-lib
##################
#
@@ -616,7 +636,7 @@
IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
ironic)
# Ironic can do both partition and full disk images, depending on the driver
- if [[ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]]; then
+ if [[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]]; then
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-disk}
else
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-uec}
@@ -630,11 +650,17 @@
DOWNLOAD_DEFAULT_IMAGES=False
fi
-# Staging Area for New Images, have them here for at least 24hrs for nodepool
-# to cache them otherwise the failure rates in the gate are too high
+# Staging area for new images. These images are cached by a run of
+# ./tools/image_list.sh during CI image build (see
+# project-config:nodepool/elements/cache-devstack/extra-data.d/55-cache-devstack-repos).
+#
+# To avoid CI failures grabbing the images, new images should be here
+# for at least 24hrs (nodepool builds images at 14:00UTC) so the they
+# are in the cache.
PRECACHE_IMAGES=$(trueorfalse False PRECACHE_IMAGES)
if [[ "$PRECACHE_IMAGES" == "True" ]]; then
-
+ # required for trove devstack tests; see
+ # git.openstack.org/cgit/openstack/trove/tree/devstack/plugin.sh
IMAGE_URL="http://tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2"
if ! [[ "$IMAGE_URLS" =~ "$IMAGE_URL" ]]; then
IMAGE_URLS+=",$IMAGE_URL"
@@ -770,9 +796,6 @@
SYSLOG_HOST=${SYSLOG_HOST:-$HOST_IP}
SYSLOG_PORT=${SYSLOG_PORT:-516}
-# Use color for logging output (only available if syslog is not used)
-LOG_COLOR=$(trueorfalse True LOG_COLOR)
-
# Set global ``GIT_DEPTH=<number>`` to limit the history depth of the git clone
# Set to 0 to disable shallow cloning
GIT_DEPTH=${GIT_DEPTH:-0}
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index be8dc5e..8aae23d 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -9,6 +9,22 @@
source $TOP/tests/unittest.sh
+echo "Testing generate_hex_string()"
+
+VAL=$(generate_hex_string 16)
+if [[ ${#VAL} -eq 32 ]]; then
+ passed "OK"
+else
+ failed "generate_hex_string 16 failed ${#VAL}"
+fi
+
+VAL=$(generate_hex_string 32)
+if [[ ${#VAL} -eq 64 ]]; then
+ passed "OK"
+else
+ failed "generate_hex_string 32 failed ${#VAL}"
+fi
+
echo "Testing die_if_not_set()"
bash -c "source $TOP/functions; X=`echo Y && true`; die_if_not_set $LINENO X 'not OK'"
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 326241d..f01db6d 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -41,7 +41,8 @@
ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
ALL_LIBS+=" oslo.cache oslo.reports osprofiler"
-ALL_LIBS+=" keystoneauth ironic-lib oslo.privsep"
+ALL_LIBS+=" keystoneauth ironic-lib neutron-lib oslo.privsep"
+ALL_LIBS+=" diskimage-builder os-vif"
# Generate the above list with
# echo ${!GITREPO[@]}
diff --git a/tests/test_package_ordering.sh b/tests/test_package_ordering.sh
index a568abf..bfc2a19 100755
--- a/tests/test_package_ordering.sh
+++ b/tests/test_package_ordering.sh
@@ -7,6 +7,7 @@
source $TOP/tests/unittest.sh
+export LC_ALL=en_US.UTF-8
PKG_FILES=$(find $TOP/files/debs $TOP/files/rpms $TOP/files/rpms-suse -type f)
TMPDIR=$(mktemp -d)
diff --git a/tools/create-stack-user.sh b/tools/create-stack-user.sh
index b49164b..c0b7ac7 100755
--- a/tools/create-stack-user.sh
+++ b/tools/create-stack-user.sh
@@ -24,7 +24,7 @@
source $TOP_DIR/functions
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 74d5428..a7278e4 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -7,6 +7,22 @@
# Warning: This script just for development purposes
set -o errexit
+
+# short_source prints out the current location of the caller in a way
+# that strips redundant directories. This is useful for PS4
+# usage. Needed before we start tracing due to how we set
+# PS4. Normally we'd pick this up from stackrc, but that's not sourced
+# here.
+function short_source {
+ saveIFS=$IFS
+ IFS=" "
+ called=($(caller 0))
+ IFS=$saveIFS
+ file=${called[2]}
+ file=${file#$RC_DIR/}
+ printf "%-40s " "$file:${called[1]}:${called[0]}"
+}
+
set -o xtrace
ACCOUNT_DIR=./accrc
@@ -156,30 +172,6 @@
exit 3
fi
-EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true)
-if [[ -z $EC2_URL ]]; then
- EC2_URL=http://localhost:8773/
-fi
-
-S3_URL=$(openstack endpoint list --service s3 --interface public --os-identity-api-version=3 -c URL -f value || true)
-if [[ -z $S3_URL ]]; then
- S3_URL=http://localhost:3333
-fi
-
-mkdir -p "$ACCOUNT_DIR"
-ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`
-EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem
-if [ -e "$EUCALYPTUS_CERT" ]; then
- mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old"
-fi
-if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then
- echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2
- if [ -e "$EUCALYPTUS_CERT.old" ]; then
- mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT"
- fi
-fi
-
-
function add_entry {
local user_id=$1
local user_name=$2
@@ -187,54 +179,16 @@
local project_name=$4
local user_passwd=$5
- # The admin user can see all user's secret AWS keys, it does not looks good
- local line
- line=$(openstack ec2 credentials list --user $user_id | grep " $project_id " || true)
- if [ -z "$line" ]; then
- openstack ec2 credentials create --user $user_id --project $project_id 1>&2
- line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
- fi
- local ec2_access_key ec2_secret_key
- read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $2 " " $4 }'`
mkdir -p "$ACCOUNT_DIR/$project_name"
local rcfile="$ACCOUNT_DIR/$project_name/$user_name"
- # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN
- # Generally the subject DN parts should be in reverse order like the Issuer
- # The Serial does not seams correctly marked either
- local ec2_cert="$rcfile-cert.pem"
- local ec2_private_key="$rcfile-pk.pem"
- # Try to preserve the original file on fail (best effort)
- if [ -e "$ec2_private_key" ]; then
- mv -f "$ec2_private_key" "$ec2_private_key.old"
- fi
- if [ -e "$ec2_cert" ]; then
- mv -f "$ec2_cert" "$ec2_cert.old"
- fi
- # It will not create certs when the password is incorrect
- if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
- if [ -e "$ec2_private_key.old" ]; then
- mv -f "$ec2_private_key.old" "$ec2_private_key"
- fi
- if [ -e "$ec2_cert.old" ]; then
- mv -f "$ec2_cert.old" "$ec2_cert"
- fi
- fi
+
cat >"$rcfile" <<EOF
-# you can source this file
-export EC2_ACCESS_KEY="$ec2_access_key"
-export EC2_SECRET_KEY="$ec2_secret_key"
-export EC2_URL="$EC2_URL"
-export S3_URL="$S3_URL"
# OpenStack USER ID = $user_id
export OS_USERNAME="$user_name"
# OpenStack project ID = $project_id
export OS_PROJECT_NAME="$project_name"
export OS_AUTH_URL="$OS_AUTH_URL"
export OS_CACERT="$OS_CACERT"
-export EC2_CERT="$ec2_cert"
-export EC2_PRIVATE_KEY="$ec2_private_key"
-export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
-export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
export OS_AUTH_TYPE=v2password
EOF
diff --git a/tools/generate-devstack-plugins-list.py b/tools/generate-devstack-plugins-list.py
new file mode 100644
index 0000000..1fa5501
--- /dev/null
+++ b/tools/generate-devstack-plugins-list.py
@@ -0,0 +1,59 @@
+#! /usr/bin/env python
+
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This script is intended to be run as part of a periodic proposal bot
+# job in OpenStack infrastructure.
+#
+# In order to function correctly, the environment in which the
+# script runs must have
+# * network access to the review.openstack.org Gerrit API
+# working directory
+# * network access to https://git.openstack.org/cgit
+
+import json
+import requests
+
+url = 'https://review.openstack.org/projects/'
+
+# This is what a project looks like
+'''
+ "openstack-attic/akanda": {
+ "id": "openstack-attic%2Fakanda",
+ "state": "READ_ONLY"
+ },
+'''
+
+def is_in_openstack_namespace(proj):
+ return proj.startswith('openstack/')
+
+# Rather than returning a 404 for a nonexistent file, cgit delivers a
+# 0-byte response to a GET request. It also does not provide a
+# Content-Length in a HEAD response, so the way we tell if a file exists
+# is to check the length of the entire GET response body.
+def has_devstack_plugin(proj):
+ r = requests.get("https://git.openstack.org/cgit/%s/plain/devstack/plugin.sh" % proj)
+ if len(r.text) > 0:
+ return True
+ else:
+ False
+
+r = requests.get(url)
+projects = sorted(filter(is_in_openstack_namespace, json.loads(r.text[4:])))
+
+found_plugins = filter(has_devstack_plugin, projects)
+
+for project in found_plugins:
+ print project[10:]
diff --git a/tools/generate-devstack-plugins-list.sh b/tools/generate-devstack-plugins-list.sh
index 6e9e828..be3f60a 100644
--- a/tools/generate-devstack-plugins-list.sh
+++ b/tools/generate-devstack-plugins-list.sh
@@ -19,11 +19,19 @@
#
# In order to function correctly, the environment in which the
# script runs must have
+# * a writable doc/source directory relative to the current
+# working directory
+# AND ( (
# * git
# * all git repos meant to be searched for plugins cloned and
# at the desired level of up-to-datedness
-# * a writable doc/source directory relative to the current
+# * the environment variable git_dir pointing to the location
+# * of said git repositories
+# ) OR (
+# * network access to the review.openstack.org Gerrit API
# working directory
+# * network access to https://git.openstack.org/cgit
+# ))
#
# If a file named data/devstack-plugins-registry.header or
# data/devstack-plugins-registry.footer is found relative to the
@@ -33,27 +41,24 @@
(
declare -A plugins
-test -r data/devstack-plugins-registry.header && cat data/devstack-plugins-registry.header
+if [[ -r data/devstack-plugins-registry.header ]]; then
+ cat data/devstack-plugins-registry.header
+fi
-pushd ${git_dir:-/opt/openstack} >/dev/null
-for i in *; do
- pushd ${i} >/dev/null
- if output="$(git log --diff-filter=A --format='%cd' --date=short -1 -- devstack/plugin.sh)"; then
- test -n "$output" && plugins[$i]=${output}
- fi
- popd >/dev/null
-done
-popd >/dev/null
+sorted_plugins=$(python tools/generate-devstack-plugins-list.py)
-sorted_plugins=( $(for k in "${!plugins[@]}"; do echo "$k"; done | sort))
-
-for k in "${sorted_plugins[@]}"; do
- project=${k:0:18}
+for k in ${sorted_plugins}; do
+ project=${k:0:28}
giturl="git://git.openstack.org/openstack/${k:0:26}"
- pdate="${plugins[$k]}"
- printf "|%-18s|%-60s|%-12s|\n" "${project}" "${giturl}" "${pdate}"
- printf "+------------------+------------------------------------------------------------+------------+\n"
+ printf "|%-28s|%-73s|\n" "${project}" "${giturl}"
+ printf "+----------------------------+-------------------------------------------------------------------------+\n"
done
-test -r data/devstack-plugins-registry.footer && cat data/devstack-plugins-registry.footer
+if [[ -r data/devstack-plugins-registry.footer ]]; then
+ cat data/devstack-plugins-registry.footer
+fi
) > doc/source/plugin-registry.rst
+
+if [[ -n ${1} ]]; then
+ cp doc/source/plugin-registry.rst ${1}/doc/source/plugin-registry.rst
+fi
diff --git a/tools/info.sh b/tools/info.sh
index 433206e..c056fa7 100755
--- a/tools/info.sh
+++ b/tools/info.sh
@@ -52,10 +52,6 @@
echo "os|distro=$DISTRO"
echo "os|vendor=$os_VENDOR"
echo "os|release=$os_RELEASE"
-if [ -n "$os_UPDATE" ]; then
- echo "os|version=$os_UPDATE"
-fi
-
# Repos
# -----
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 2a9d813..dfa4f42 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -2,16 +2,12 @@
# **install_pip.sh**
-# install_pip.sh [--pip-version <version>] [--use-get-pip] [--force]
-#
# Update pip and friends to a known common version
# Assumptions:
-# - update pip to $INSTALL_PIP_VERSION
# - if USE_PYTHON3=True, PYTHON3_VERSION refers to a version already installed
set -o errexit
-set -o xtrace
# Keep track of the current directory
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
@@ -23,6 +19,9 @@
# Import common functions
source $TOP_DIR/stackrc
+# don't start tracing until after we've sourced the world
+set -o xtrace
+
FILES=$TOP_DIR/files
PIP_GET_PIP_URL=https://bootstrap.pypa.io/get-pip.py
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 031f8a8..8895e1e 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -28,7 +28,7 @@
source $TOP_DIR/functions
# Determine what system we are running on. This provides ``os_VENDOR``,
- # ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+ # ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
diff --git a/tools/worlddump.py b/tools/worlddump.py
index 9d2b082..72a257f 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -18,6 +18,7 @@
import argparse
import datetime
+from distutils import spawn
import fnmatch
import os
import os.path
@@ -56,8 +57,16 @@
print
try:
subprocess.check_call(cmd, shell=True)
- except subprocess.CalledProcessError:
- print "*** Failed to run: %s" % cmd
+ print
+ except subprocess.CalledProcessError as e:
+ print "*** Failed to run '%(cmd)s': %(err)s" % {'cmd': cmd, 'err': e}
+
+
+def _find_cmd(cmd):
+ if not spawn.find_executable(cmd):
+ print "*** %s not found: skipping" % cmd
+ return False
+ return True
def _header(name):
@@ -88,6 +97,8 @@
def ebtables_dump():
tables = ['filter', 'nat', 'broute']
_header("EB Tables Dump")
+ if not _find_cmd('ebtables'):
+ return
for table in tables:
_dump_cmd("sudo ebtables -t %s -L" % table)
@@ -100,14 +111,43 @@
_dump_cmd("sudo iptables --line-numbers -L -nv -t %s" % table)
+def _netns_list():
+ process = subprocess.Popen(['ip', 'netns'], stdout=subprocess.PIPE)
+ stdout, _ = process.communicate()
+ return stdout.split()
+
+
def network_dump():
_header("Network Dump")
_dump_cmd("brctl show")
_dump_cmd("arp -n")
- _dump_cmd("ip addr")
- _dump_cmd("ip link")
- _dump_cmd("ip route")
+ ip_cmds = ["addr", "link", "route"]
+ for cmd in ip_cmds + ['netns']:
+ _dump_cmd("ip %s" % cmd)
+ for netns_ in _netns_list():
+ for cmd in ip_cmds:
+ args = {'netns': netns_, 'cmd': cmd}
+ _dump_cmd('sudo ip netns exec %(netns)s ip %(cmd)s' % args)
+
+
+def ovs_dump():
+ _header("Open vSwitch Dump")
+
+ # NOTE(cdent): If we're not using neutron + ovs these commands
+ # will not be present so
+ if not _find_cmd('ovs-vsctl'):
+ return
+
+ # NOTE(ihrachys): worlddump is used outside of devstack context (f.e. in
+ # grenade), so there is no single place to determine the bridge names from.
+ # Hardcode for now.
+ bridges = ('br-int', 'br-tun', 'br-ex')
+ _dump_cmd("sudo ovs-vsctl show")
+ for bridge in bridges:
+ _dump_cmd("sudo ovs-ofctl show %s" % bridge)
+ for bridge in bridges:
+ _dump_cmd("sudo ovs-ofctl dump-flows %s" % bridge)
def process_list():
@@ -147,6 +187,7 @@
disk_space()
process_list()
network_dump()
+ ovs_dump()
iptables_dump()
ebtables_dump()
compute_consoles()
diff --git a/tools/xen/functions b/tools/xen/functions
index 8c674dc..cf14568 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -23,9 +23,10 @@
if [ -d "/boot/guest" ]; then
echo "INFO: /boot/guest directory already exists, using that" >&2
else
- local LOCALPATH="$(get_local_sr_path)/os-guest-kernels"
- mkdir -p $LOCALPATH
- ln -s $LOCALPATH /boot/guest
+ local local_path
+ local_path="$(get_local_sr_path)/os-guest-kernels"
+ mkdir -p $local_path
+ ln -s $local_path /boot/guest
fi
}
@@ -33,9 +34,10 @@
if [ -d "/images" ]; then
echo "INFO: /images directory already exists, using that" >&2
else
- local LOCALPATH="$(get_local_sr_path)/os-images"
- mkdir -p $LOCALPATH
- ln -s $LOCALPATH /images
+ local local_path
+ local_path="$(get_local_sr_path)/os-images"
+ mkdir -p $local_path
+ ln -s $local_path /images
fi
}
@@ -73,7 +75,7 @@
if [ -z "$ipaddress" ]; then
sleep $period
- ((i++))
+ i=$((i+1))
else
echo $ipaddress
break
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index be6c5ca..bb27454 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -32,7 +32,7 @@
XEN_INT_BRIDGE_OR_NET_NAME="OpenStack VM Integration Network"
# VM Password
-GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
+GUEST_PASSWORD=${GUEST_PASSWORD:-secret}
# Extracted variables for OpenStack VM network device numbers.
# Make sure they form a continuous sequence starting from 0
diff --git a/tox.ini b/tox.ini
index f9d04f2..4ec2939 100644
--- a/tox.ini
+++ b/tox.ini
@@ -8,19 +8,25 @@
install_command = pip install {opts} {packages}
[testenv:bashate]
+# if you want to test out some changes you have made to bashate
+# against devstack, just set BASHATE_INSTALL_PATH=/path/... to your
+# modified bashate tree
deps =
- {env:BASHATE_INSTALL_PATH:bashate==0.3.2}
+ {env:BASHATE_INSTALL_PATH:bashate==0.5.0}
whitelist_externals = bash
commands = bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-not \( -type d -name doc -prune \) \
-not \( -type d -name shocco -prune \) \
+ -not \( -type f -name localrc -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
+ -not -name stack-screenrc \
+ -not -name \*.orig \
+ -not -name \*.rej \
\( \
-name \*.sh -or \
- -name \*.orig -or \
-name \*rc -or \
-name functions\* -or \
-wholename \*/inc/\* -or \
diff --git a/unstack.sh b/unstack.sh
index 47beb04..7a7c945 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -9,12 +9,12 @@
# Stop all processes by setting ``UNSTACK_ALL`` or specifying ``-a``
# on the command line
-UNSTACK_ALL=""
+UNSTACK_ALL=${UNSTACK_ALL:-""}
while getopts ":a" opt; do
case $opt in
a)
- UNSTACK_ALL=""
+ UNSTACK_ALL="-1"
;;
esac
done
@@ -84,7 +84,7 @@
load_plugin_settings
# Determine what system we are running on. This provides ``os_VENDOR``,
-# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
GetOSVersion
set -o xtrace
@@ -182,7 +182,7 @@
# Clean up the remainder of the screen processes
SCREEN=$(which screen)
if [[ -n "$SCREEN" ]]; then
- SESSION=$(screen -ls | awk '/[0-9].stack/ { print $1 }')
+ SESSION=$(screen -ls | awk "/[0-9]+.${SCREEN_NAME}/"'{ print $1 }')
if [[ -n "$SESSION" ]]; then
screen -X -S $SESSION quit
fi