Fix running with SERVICE_IP_VERSION=6
- There are some locations where we need the raw IPv6 address instead of the
url-quoted version enclosed in brackets.
- Make nova-api-metadata service listen on IPv6 when we need that.
- Use SERVICE_HOST instead of HOST_IP for TLS_IP.
Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
Partial-Bug: 1656329
diff --git a/functions-common b/functions-common
index df295a3..5f933d6 100644
--- a/functions-common
+++ b/functions-common
@@ -2049,6 +2049,11 @@
fi
}
+# Remove "[]" around urlquoted IPv6 addresses
+function ipv6_unquote {
+ echo $1 | tr -d []
+}
+
# Gracefully cp only if source file/dir exists
# cp_it source destination
function cp_it {
diff --git a/lib/cinder b/lib/cinder
index c0356fe..4d6085f 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -67,7 +67,7 @@
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
-CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
+CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
# What type of LVM device should Cinder use for LVM backend
# Defaults to auto, which will do thin provisioning if it's a fresh
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 0089663..cf61056 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -93,7 +93,7 @@
# Change bind-address from localhost (127.0.0.1) to any (::) and
# set default db type to InnoDB
- iniset -sudo $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS"
+ iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"
iniset -sudo $my_conf mysqld sql_mode TRADITIONAL
iniset -sudo $my_conf mysqld default-storage-engine InnoDB
iniset -sudo $my_conf mysqld max_connections 1024
diff --git a/lib/glance b/lib/glance
index 95d2450..4a3e25e 100644
--- a/lib/glance
+++ b/lib/glance
@@ -65,7 +65,7 @@
# Glance connection info. Note the port must be specified.
GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST}
-GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
+GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292}
GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292}
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT}
@@ -152,7 +152,7 @@
# Store specific configs
iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
- iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST
+ iniset $GLANCE_API_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST)
# CORS feature support - to allow calls from Horizon by default
if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then
@@ -228,7 +228,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
- iniset $GLANCE_CACHE_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST
+ iniset $GLANCE_CACHE_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST)
# Store specific confs
iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 9701ee7..3c6ec68 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -111,7 +111,7 @@
# Default protocol
Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}
# Default listen address
-Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
+Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
# Default admin username
Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
# Default auth strategy
@@ -121,7 +121,7 @@
Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON)
# Meta data IP
-Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
+Q_META_DATA_IP=${Q_META_DATA_IP:-$(ipv6_unquote $SERVICE_HOST)}
# Allow Overlapping IP among subnets
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
diff --git a/lib/nova b/lib/nova
index 580f87f..da07579 100644
--- a/lib/nova
+++ b/lib/nova
@@ -92,7 +92,7 @@
NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
-NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
+NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}
# Option to enable/disable config drive
@@ -507,7 +507,7 @@
setup_logging $NOVA_CONF
write_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI" "/compute"
- write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" ":${METADATA_SERVICE_PORT}"
+ write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" "$SERVICE_LISTEN_ADDRESS:${METADATA_SERVICE_PORT}"
if is_service_enabled ceilometer; then
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
diff --git a/lib/swift b/lib/swift
index 1187846..62b8a32 100644
--- a/lib/swift
+++ b/lib/swift
@@ -56,7 +56,7 @@
SWIFT_DEFAULT_BIND_PORT=${SWIFT_DEFAULT_BIND_PORT:-8080}
SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}
SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
-SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
+SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
# TODO: add logging to different location.
diff --git a/lib/tls b/lib/tls
index a72b708..e3ed3cc 100644
--- a/lib/tls
+++ b/lib/tls
@@ -37,7 +37,7 @@
if is_service_enabled tls-proxy; then
# TODO(dtroyer): revisit this below after the search for HOST_IP has been done
- TLS_IP=${TLS_IP:-$SERVICE_IP}
+ TLS_IP=${TLS_IP:-$(ipv6_unquote $SERVICE_HOST)}
fi
DEVSTACK_HOSTNAME=$(hostname -f)
@@ -67,9 +67,9 @@
# build common config file
# Verify ``TLS_IP`` is good
- if [[ -n "$HOST_IP" && "$HOST_IP" != "$TLS_IP" ]]; then
+ if [[ -n "$SERVICE_HOST" && "$(ipv6_unquote $SERVICE_HOST)" != "$TLS_IP" ]]; then
# auto-discover has changed the IP
- TLS_IP=$HOST_IP
+ TLS_IP=$(ipv6_unquote $SERVICE_HOST)
fi
}
@@ -228,6 +228,7 @@
if [[ ! -r $DEVSTACK_CERT ]]; then
if [[ -n "$TLS_IP" ]]; then
# Lie to let incomplete match routines work
+ # see https://bugs.python.org/issue23239
TLS_IP="DNS:$TLS_IP,IP:$TLS_IP"
fi
make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP"
@@ -246,11 +247,6 @@
local alt_names=$4
if [ "$common_name" != "$SERVICE_HOST" ]; then
- if [[ -z "$alt_names" ]]; then
- alt_names="DNS:$SERVICE_HOST"
- else
- alt_names="$alt_names,DNS:$SERVICE_HOST"
- fi
if is_ipv4_address "$SERVICE_HOST" ; then
alt_names="$alt_names,IP:$SERVICE_HOST"
fi
diff --git a/stackrc b/stackrc
index 5944252..0b49fbc 100644
--- a/stackrc
+++ b/stackrc
@@ -894,10 +894,10 @@
DEF_SERVICE_HOST=[$HOST_IPV6]
DEF_SERVICE_LOCAL_HOST=::1
- DEF_SERVICE_LISTEN_ADDRESS=::
+ DEF_SERVICE_LISTEN_ADDRESS="[::]"
fi
-# This is either 0.0.0.0 for IPv4 or :: for IPv6
+# This is either 0.0.0.0 for IPv4 or [::] for IPv6
SERVICE_LISTEN_ADDRESS=${SERVICE_LISTEN_ADDRESS:-${DEF_SERVICE_LISTEN_ADDRESS}}
# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for