Merge "Remove baremetal tempest config setting from devstack"
diff --git a/clean.sh b/clean.sh
index e369eda..90b21eb 100755
--- a/clean.sh
+++ b/clean.sh
@@ -149,5 +149,10 @@
# Clean up all *.pyc files
if [[ -n "$DEST" ]] && [[ -d "$DEST" ]]; then
- sudo find $DEST -name "*.pyc" -print0 | xargs -0 rm
+ find_version=`find --version | awk '{ print $NF; exit}'`
+ if vercmp "$find_version" "<" "4.2.3" ; then
+ sudo find $DEST -name "*.pyc" -print0 | xargs -0 rm
+ else
+ sudo find $DEST -name "*.pyc" -delete
+ fi
fi
diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index 85a5656..3732f06 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -73,7 +73,7 @@
::
sudo rmmod kvm-amd
- sudo sh -c "echo 'options amd nested=1' >> /etc/modprobe.d/dist.conf"
+ sudo sh -c "echo 'options kvm-amd nested=1' >> /etc/modprobe.d/dist.conf"
sudo modprobe kvm-amd
Ensure the Nested KVM Kernel module parameter for AMD is enabled on the
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 89f74c3..4cfbcb1 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -58,6 +58,7 @@
freezer `git://git.openstack.org/openstack/freezer <https://git.openstack.org/cgit/openstack/freezer>`__
freezer-api `git://git.openstack.org/openstack/freezer-api <https://git.openstack.org/cgit/openstack/freezer-api>`__
freezer-web-ui `git://git.openstack.org/openstack/freezer-web-ui <https://git.openstack.org/cgit/openstack/freezer-web-ui>`__
+fuxi `git://git.openstack.org/openstack/fuxi <https://git.openstack.org/cgit/openstack/fuxi>`__
gce-api `git://git.openstack.org/openstack/gce-api <https://git.openstack.org/cgit/openstack/gce-api>`__
glare `git://git.openstack.org/openstack/glare <https://git.openstack.org/cgit/openstack/glare>`__
gnocchi `git://git.openstack.org/openstack/gnocchi <https://git.openstack.org/cgit/openstack/gnocchi>`__
@@ -78,8 +79,10 @@
manila `git://git.openstack.org/openstack/manila <https://git.openstack.org/cgit/openstack/manila>`__
manila-ui `git://git.openstack.org/openstack/manila-ui <https://git.openstack.org/cgit/openstack/manila-ui>`__
masakari `git://git.openstack.org/openstack/masakari <https://git.openstack.org/cgit/openstack/masakari>`__
+meteos `git://git.openstack.org/openstack/meteos <https://git.openstack.org/cgit/openstack/meteos>`__
mistral `git://git.openstack.org/openstack/mistral <https://git.openstack.org/cgit/openstack/mistral>`__
mixmatch `git://git.openstack.org/openstack/mixmatch <https://git.openstack.org/cgit/openstack/mixmatch>`__
+mogan `git://git.openstack.org/openstack/mogan <https://git.openstack.org/cgit/openstack/mogan>`__
monasca-analytics `git://git.openstack.org/openstack/monasca-analytics <https://git.openstack.org/cgit/openstack/monasca-analytics>`__
monasca-api `git://git.openstack.org/openstack/monasca-api <https://git.openstack.org/cgit/openstack/monasca-api>`__
monasca-ceilometer `git://git.openstack.org/openstack/monasca-ceilometer <https://git.openstack.org/cgit/openstack/monasca-ceilometer>`__
@@ -93,6 +96,8 @@
networking-brocade `git://git.openstack.org/openstack/networking-brocade <https://git.openstack.org/cgit/openstack/networking-brocade>`__
networking-calico `git://git.openstack.org/openstack/networking-calico <https://git.openstack.org/cgit/openstack/networking-calico>`__
networking-cisco `git://git.openstack.org/openstack/networking-cisco <https://git.openstack.org/cgit/openstack/networking-cisco>`__
+networking-cumulus `git://git.openstack.org/openstack/networking-cumulus <https://git.openstack.org/cgit/openstack/networking-cumulus>`__
+networking-dpm `git://git.openstack.org/openstack/networking-dpm <https://git.openstack.org/cgit/openstack/networking-dpm>`__
networking-fortinet `git://git.openstack.org/openstack/networking-fortinet <https://git.openstack.org/cgit/openstack/networking-fortinet>`__
networking-generic-switch `git://git.openstack.org/openstack/networking-generic-switch <https://git.openstack.org/cgit/openstack/networking-generic-switch>`__
networking-huawei `git://git.openstack.org/openstack/networking-huawei <https://git.openstack.org/cgit/openstack/networking-huawei>`__
@@ -117,15 +122,17 @@
neutron-lbaas `git://git.openstack.org/openstack/neutron-lbaas <https://git.openstack.org/cgit/openstack/neutron-lbaas>`__
neutron-lbaas-dashboard `git://git.openstack.org/openstack/neutron-lbaas-dashboard <https://git.openstack.org/cgit/openstack/neutron-lbaas-dashboard>`__
neutron-vpnaas `git://git.openstack.org/openstack/neutron-vpnaas <https://git.openstack.org/cgit/openstack/neutron-vpnaas>`__
-nimble `git://git.openstack.org/openstack/nimble <https://git.openstack.org/cgit/openstack/nimble>`__
nova-docker `git://git.openstack.org/openstack/nova-docker <https://git.openstack.org/cgit/openstack/nova-docker>`__
+nova-dpm `git://git.openstack.org/openstack/nova-dpm <https://git.openstack.org/cgit/openstack/nova-dpm>`__
nova-lxd `git://git.openstack.org/openstack/nova-lxd <https://git.openstack.org/cgit/openstack/nova-lxd>`__
nova-mksproxy `git://git.openstack.org/openstack/nova-mksproxy <https://git.openstack.org/cgit/openstack/nova-mksproxy>`__
nova-powervm `git://git.openstack.org/openstack/nova-powervm <https://git.openstack.org/cgit/openstack/nova-powervm>`__
oaktree `git://git.openstack.org/openstack/oaktree <https://git.openstack.org/cgit/openstack/oaktree>`__
octavia `git://git.openstack.org/openstack/octavia <https://git.openstack.org/cgit/openstack/octavia>`__
+os-xenapi `git://git.openstack.org/openstack/os-xenapi <https://git.openstack.org/cgit/openstack/os-xenapi>`__
osprofiler `git://git.openstack.org/openstack/osprofiler <https://git.openstack.org/cgit/openstack/osprofiler>`__
panko `git://git.openstack.org/openstack/panko <https://git.openstack.org/cgit/openstack/panko>`__
+picasso `git://git.openstack.org/openstack/picasso <https://git.openstack.org/cgit/openstack/picasso>`__
rally `git://git.openstack.org/openstack/rally <https://git.openstack.org/cgit/openstack/rally>`__
sahara `git://git.openstack.org/openstack/sahara <https://git.openstack.org/cgit/openstack/sahara>`__
sahara-dashboard `git://git.openstack.org/openstack/sahara-dashboard <https://git.openstack.org/cgit/openstack/sahara-dashboard>`__
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 31987bc..5b3c6cf 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -99,7 +99,7 @@
should exist at this point.
- **extra** - Called near the end after layer 1 and 2 services have
been started.
- - **test-config** - Called at the end of devstack used to configure tempest
+ - **test-config** - Called at the end of devstack used to configure tempest
or any other test environments
- **unstack** - Called by ``unstack.sh`` before other services are shut
diff --git a/files/apache-placement-api.template b/files/apache-placement-api.template
index b89ef96..011abb9 100644
--- a/files/apache-placement-api.template
+++ b/files/apache-placement-api.template
@@ -1,6 +1,8 @@
-Listen %PUBLICPORT%
-
-<VirtualHost *:%PUBLICPORT%>
+# NOTE(sbauza): This virtualhost is only here because some directives can
+# only be set by a virtualhost or server context, so that's why the port is not bound.
+# TODO(sbauza): Find a better way to identify a free port that is not corresponding to an existing
+# vhost.
+<VirtualHost *:8780>
WSGIDaemonProcess placement-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup placement-api
WSGIScriptAlias / %PUBLICWSGI%
diff --git a/files/debs/general b/files/debs/general
index a1f2a4b..c121770 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -2,6 +2,7 @@
bridge-utils
bsdmainutils
curl
+default-jre-headless # NOPRIME
g++
gcc
gettext # used for compiling message catalogs
@@ -17,7 +18,6 @@
libxslt1-dev # lxml
libyaml-dev
lsof # useful when debugging
-openjdk-7-jre-headless # NOPRIME
openssh-server
openssl
pkg-config
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 3b19071..1044c25 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -21,6 +21,7 @@
psmisc
python-cmd2 # dist:opensuse-12.3
python-devel # pyOpenSSL
+python-xml
screen
tar
tcpdump
diff --git a/functions b/functions
index 6a0ac67..0be9794 100644
--- a/functions
+++ b/functions
@@ -658,7 +658,7 @@
# Enable bridge firewalling in case it's disabled in kernel (upstream
# default is enabled, but some distributions may decide to change it).
# This is at least needed for RHEL 7.2 and earlier releases.
- for proto in arp ip ip6; do
+ for proto in ip ip6; do
sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
done
}
diff --git a/functions-common b/functions-common
index cc1d42b..8d32bb4 100644
--- a/functions-common
+++ b/functions-common
@@ -87,7 +87,7 @@
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
fi
# demo -> devstack
- $TOP_DIR/tools/update_clouds_yaml.py \
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack \
--os-region-name $REGION_NAME \
@@ -99,7 +99,7 @@
--os-project-name demo
# alt_demo -> devstack-alt
- $TOP_DIR/tools/update_clouds_yaml.py \
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt \
--os-region-name $REGION_NAME \
@@ -111,7 +111,7 @@
--os-project-name alt_demo
# admin -> devstack-admin
- $TOP_DIR/tools/update_clouds_yaml.py \
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin \
--os-region-name $REGION_NAME \
@@ -216,7 +216,7 @@
function deprecated {
local text=$1
DEPRECATED_TEXT+="\n$text"
- echo "WARNING: $text"
+ echo "WARNING: $text" >&2
}
# Prints line number and "message" in error format
@@ -1678,7 +1678,7 @@
local logfile=$2
if [[ "$USE_SCREEN" = "True" ]]; then
- screen_process "$name" "sudo tail -f $logfile | sed 's/\\\\\\\\x1b/\o033/g'"
+ screen_process "$name" "sudo tail -f $logfile | sed -u 's/\\\\\\\\x1b/\o033/g'"
fi
}
diff --git a/inc/meta-config b/inc/meta-config
index 6252135..be73b60 100644
--- a/inc/meta-config
+++ b/inc/meta-config
@@ -181,7 +181,8 @@
realconfigfile=$(eval "echo $configfile")
if [[ -z $realconfigfile ]]; then
- die $LINENO "bogus config file specification: $configfile is undefined"
+ warn $LINENO "unknown config file specification: $configfile is undefined"
+ break
fi
dir=$(dirname $realconfigfile)
if [[ -d $dir ]]; then
diff --git a/inc/python b/inc/python
index e4cfab8..04cde34 100644
--- a/inc/python
+++ b/inc/python
@@ -69,6 +69,20 @@
pip_install $clean_name
}
+# Wrapper for ``pip install`` that only installs versions of libraries
+# from the global-requirements specification with extras.
+#
+# Uses globals ``REQUIREMENTS_DIR``
+#
+# pip_install_gr_extras packagename extra1,extra2,...
+function pip_install_gr_extras {
+ local name=$1
+ local extras=$2
+ local clean_name
+ clean_name=$(get_from_global_requirements $name)
+ pip_install $clean_name[$extras]
+}
+
# Determine the python versions supported by a package
function get_python_versions_for_package {
local name=$1
@@ -76,6 +90,27 @@
| grep 'Language' | cut -f5 -d: | grep '\.' | tr '\n' ' '
}
+# Check for python3 classifier in local directory
+function check_python3_support_for_package_local {
+ local name=$1
+ cd $name
+ set +e
+ classifier=$(python setup.py --classifiers \
+ | grep 'Programming Language :: Python :: 3$')
+ set -e
+ echo $classifier
+}
+
+# Check for python3 classifier on pypi
+function check_python3_support_for_package_remote {
+ local name=$1
+ set +e
+ classifier=$(curl -s -L "https://pypi.python.org/pypi/$name/json" \
+ | grep '"Programming Language :: Python :: 3"')
+ set -e
+ echo $classifier
+}
+
# Wrapper for ``pip install`` to set cache and proxy environment variables
# Uses globals ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
# ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``,
@@ -123,9 +158,41 @@
# default pip
local package_dir=${!#}
local python_versions
- if [[ -d "$package_dir" ]]; then
+
+ # Special case some services that have experimental
+ # support for python3 in progress, but don't claim support
+ # in their classifier
+ echo "Check python version for : $package_dir"
+ if [[ ${package_dir##*/} == "nova" || ${package_dir##*/} == "glance" || \
+ ${package_dir##*/} == "cinder" || ${package_dir##*/} == "swift" || \
+ ${package_dir##*/} == "uwsgi" ]]; then
+ echo "Using $PYTHON3_VERSION version to install $package_dir"
+ sudo_pip="$sudo_pip LC_ALL=en_US.UTF-8"
+ cmd_pip=$(get_pip_command $PYTHON3_VERSION)
+ elif [[ -d "$package_dir" ]]; then
python_versions=$(get_python_versions_for_package $package_dir)
if [[ $python_versions =~ $PYTHON3_VERSION ]]; then
+ echo "Using $PYTHON3_VERSION version to install $package_dir"
+ sudo_pip="$sudo_pip LC_ALL=en_US.UTF-8"
+ cmd_pip=$(get_pip_command $PYTHON3_VERSION)
+ else
+ # The package may not have yet advertised python3.5
+ # support so check for just python3 classifier and log
+ # a warning.
+ python3_classifier=$(check_python3_support_for_package_local $package_dir)
+ if [[ ! -z "$python3_classifier" ]]; then
+ echo "Using $PYTHON3_VERSION version to install $package_dir"
+ sudo_pip="$sudo_pip LC_ALL=en_US.UTF-8"
+ cmd_pip=$(get_pip_command $PYTHON3_VERSION)
+ fi
+ fi
+ else
+ # Check pypi as we don't have the package on disk
+ package=$(echo $package_dir | grep -o '^[.a-zA-Z0-9_-]*')
+ python3_classifier=$(check_python3_support_for_package_remote $package)
+ if [[ ! -z "$python3_classifier" ]]; then
+ echo "Using $PYTHON3_VERSION version to install $package"
+ sudo_pip="$sudo_pip LC_ALL=en_US.UTF-8"
cmd_pip=$(get_pip_command $PYTHON3_VERSION)
fi
fi
diff --git a/lib/apache b/lib/apache
index 2dc626f..d1a11ae 100644
--- a/lib/apache
+++ b/lib/apache
@@ -71,7 +71,15 @@
# Apache installation, because we mark it NOPRIME
if is_ubuntu; then
# Install apache2, which is NOPRIME'd
- install_package apache2 libapache2-mod-wsgi
+ install_package apache2
+ if python3_enabled; then
+ if is_package_installed libapache2-mod-wsgi; then
+ uninstall_package libapache2-mod-wsgi
+ fi
+ install_package libapache2-mod-wsgi-py3
+ else
+ install_package libapache2-mod-wsgi
+ fi
elif is_fedora; then
sudo rm -f /etc/httpd/conf.d/000-*
install_package httpd mod_wsgi
diff --git a/lib/cinder b/lib/cinder
index f6ad780..40f0f16 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -373,6 +373,13 @@
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_PROJECT_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
+
+ # Set the backend url according to the configured dlm backend
+ if is_dlm_enabled; then
+ if [[ "$(dlm_backend)" == "zookeeper" ]]; then
+ iniset $CINDER_CONF coordination backend_url "zookeeper://${SERVICE_HOST}:2181"
+ fi
+ fi
}
# create_cinder_accounts() - Set up common required cinder accounts
diff --git a/lib/databases/mysql b/lib/databases/mysql
index f6cc922..89ae082 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -82,10 +82,9 @@
fi
# Set the root password - only works the first time. For Ubuntu, we already
- # did that with debconf before installing the package.
- if ! is_ubuntu; then
- sudo mysqladmin -u root password $DATABASE_PASSWORD || true
- fi
+ # did that with debconf before installing the package, but we still try,
+ # because the package might have been installed already.
+ sudo mysqladmin -u root password $DATABASE_PASSWORD || true
# Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
sudo mysql -uroot -p$DATABASE_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index 14425a5..1f347f5 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -47,7 +47,7 @@
}
function configure_database_postgresql {
- local pg_conf pg_dir pg_hba root_roles version
+ local pg_conf pg_dir pg_hba check_role version
echo_summary "Configuring and starting PostgreSQL"
if is_fedora; then
pg_hba=/var/lib/pgsql/data/pg_hba.conf
@@ -85,8 +85,8 @@
restart_service postgresql
# Create the role if it's not here or else alter it.
- root_roles=$(sudo -u root sudo -u postgres -i psql -t -c "SELECT 'HERE' from pg_roles where rolname='root'")
- if [[ ${root_roles} == *HERE ]];then
+ check_role=$(sudo -u root sudo -u postgres -i psql -t -c "SELECT 'HERE' from pg_roles where rolname='$DATABASE_USER'")
+ if [[ ${check_role} == *HERE ]];then
sudo -u root sudo -u postgres -i psql -c "ALTER ROLE $DATABASE_USER WITH SUPERUSER LOGIN PASSWORD '$DATABASE_PASSWORD'"
else
sudo -u root sudo -u postgres -i psql -c "CREATE ROLE $DATABASE_USER WITH SUPERUSER LOGIN PASSWORD '$DATABASE_PASSWORD'"
diff --git a/lib/dlm b/lib/dlm
index e391535..b5ac0f5 100644
--- a/lib/dlm
+++ b/lib/dlm
@@ -91,6 +91,7 @@
# install_dlm() - Collect source and prepare
function install_dlm {
if is_dlm_enabled; then
+ pip_install_gr_extras tooz zookeeper
if is_ubuntu; then
install_package zookeeperd
elif is_fedora; then
diff --git a/lib/glance b/lib/glance
index da9cd43..4ba1d20 100644
--- a/lib/glance
+++ b/lib/glance
@@ -161,6 +161,9 @@
if is_service_enabled s-proxy; then
iniset $GLANCE_API_CONF glance_store default_store swift
iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True
+ if python3_enabled; then
+ iniset $GLANCE_API_CONF glance_store swift_store_auth_insecure True
+ fi
iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
@@ -186,7 +189,13 @@
fi
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
- iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
+ if python3_enabled; then
+ # NOTE(dims): Currently the glance_store+swift does not support either an insecure flag
+ # or ability to specify the CACERT. So fallback to http:// url
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address ${KEYSTONE_SERVICE_URI/https/http}/v3
+ else
+ iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
+ fi
iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
# commenting is not strictly necessary but it's confusing to have bad values in conf
diff --git a/lib/horizon b/lib/horizon
index 830da09..9c7ec00 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -81,7 +81,7 @@
# Horizon is installed as develop mode, so we can compile here.
# Message catalog compilation is handled by Django admin script,
# so compiling them after the installation avoids Django installation twice.
- (cd $HORIZON_DIR; python manage.py compilemessages)
+ (cd $HORIZON_DIR; $PYTHON manage.py compilemessages)
# ``local_settings.py`` is used to override horizon default settings.
local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
@@ -162,7 +162,7 @@
git_clone_by_name "django_openstack_auth"
# Compile message catalogs before installation
_prepare_message_catalog_compilation
- (cd $dir; python setup.py compile_catalog)
+ (cd $dir; $PYTHON setup.py compile_catalog)
setup_dev_lib "django_openstack_auth"
fi
# if we aren't using this library from git, then we just let it
diff --git a/lib/keystone b/lib/keystone
index fd1d1d4..34730b8 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -131,6 +131,12 @@
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
+# Security compliance
+KEYSTONE_SECURITY_COMPLIANCE_ENABLED=${KEYSTONE_SECURITY_COMPLIANCE_ENABLED:-True}
+KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS=${KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS:-2}
+KEYSTONE_LOCKOUT_DURATION=${KEYSTONE_LOCKOUT_DURATION:-5}
+KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT=${KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT:-2}
+
# Functions
# ---------
@@ -339,6 +345,12 @@
# allows policy changes in order to clarify the adminess scope.
#iniset $KEYSTONE_CONF resource admin_project_domain_name Default
#iniset $KEYSTONE_CONF resource admin_project_name admin
+
+ if [[ "$KEYSTONE_SECURITY_COMPLIANCE_ENABLED" = True ]]; then
+ iniset $KEYSTONE_CONF security_compliance lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
+ iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
+ iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
+ fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
@@ -445,14 +457,16 @@
#
# create_service_user <name> [role]
#
-# The role defaults to the service role. It is allowed to be provided as optional as historically
+# We always add the service role, other roles are also allowed to be added as historically
# a lot of projects have configured themselves with the admin or other role here if they are
# using this user for other purposes beyond simply auth_token middleware.
function create_service_user {
- local role=${2:-service}
-
get_or_create_user "$1" "$SERVICE_PASSWORD" "$SERVICE_DOMAIN_NAME"
- get_or_add_user_project_role "$role" "$1" "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME" "$SERVICE_DOMAIN_NAME"
+ get_or_add_user_project_role service "$1" "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME" "$SERVICE_DOMAIN_NAME"
+
+ if [[ -n "$2" ]]; then
+ get_or_add_user_project_role "$2" "$1" "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME" "$SERVICE_DOMAIN_NAME"
+ fi
}
# Configure the service to use the auth token middleware.
@@ -488,8 +502,10 @@
init_ldap
fi
- # (Re)create keystone database
- recreate_database keystone
+ if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
+ # (Re)create keystone database
+ recreate_database keystone
+ fi
# Initialize keystone database
$KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF db_sync
diff --git a/lib/neutron b/lib/neutron
index d30e185..f6c705c 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -73,6 +73,9 @@
# Add all enabled config files to a single config arg
NEUTRON_CONFIG_ARG=${NEUTRON_CONFIG_ARG:-""}
+# Additional neutron api config files
+declare -a _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS
+
# Functions
# ---------
@@ -90,6 +93,10 @@
return 1
}
+if is_neutron_legacy_enabled; then
+ source $TOP_DIR/lib/neutron-legacy
+fi
+
# cleanup_neutron() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_neutron_new {
@@ -159,9 +166,9 @@
# Configure VXLAN
# TODO(sc68cal) not hardcode?
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 tenant_network_types vxlan
- iniset $NEUTRON_CORE_PLUGIN_CONF ml2 type_drivers vxlan
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_flat flat_networks public
if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security
fi
@@ -174,10 +181,10 @@
# Configure the neutron agent
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
- iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables
iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP
else
- iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup iptables_hybrid
+ iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables_hybrid
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
fi
@@ -389,9 +396,17 @@
service_protocol="http"
fi
+ local opts = ""
+ opts+="--config-file $NEUTRON_CONF"
+ opts+="--config-file $NEUTRON_CORE_PLUGIN_CONF"
+ local cfg_file
+ for cfg_file in ${_NEUTRON_SERVER_EXTRA_CONF_FILES_ABS[@]}; do
+ opts+=" --config-file $cfg_file"
+ done
+
# Start the Neutron service
# TODO(sc68cal) Stop hard coding this
- run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server --config-file $NEUTRON_CONF --config-file $NEUTRON_CORE_PLUGIN_CONF"
+ run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $ops"
if is_ssl_enabled_service "neutron"; then
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
@@ -500,6 +515,10 @@
iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
}
+function neutron_server_config_add_new {
+ _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS+=($1)
+}
+
# Dispatch functions
# These are needed for compatibility between the old and new implementations
# where there are function name overlaps. These will be removed when
@@ -568,6 +587,24 @@
fi
}
+function install_neutron_agent_packages {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ install_neutron_agent_packages_mutnauq "$@"
+ else
+ :
+ fi
+}
+
+function neutron_server_config_add {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ mutnauq_server_config_add "$@"
+ else
+ neutron_server_config_add_new "$@"
+ fi
+}
+
function start_neutron {
if is_neutron_legacy_enabled; then
# Call back to old function
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 0b0caf1..29c187e 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -128,10 +128,24 @@
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
+# The directory which contains files for Q_PLUGIN_EXTRA_CONF_FILES.
+# /etc/neutron is assumed by many of devstack plugins. Do not change.
+_Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron
+
# List of config file names in addition to the main plugin config file
-# See _configure_neutron_common() for details about setting it up
+# To add additional plugin config files, use ``neutron_server_config_add``
+# utility function. For example:
+#
+# ``neutron_server_config_add file1``
+#
+# These config files are relative to ``/etc/neutron``. The above
+# example would specify ``--config-file /etc/neutron/file1`` for
+# neutron server.
declare -a Q_PLUGIN_EXTRA_CONF_FILES
+# same as Q_PLUGIN_EXTRA_CONF_FILES, but with absolute path.
+declare -a _Q_PLUGIN_EXTRA_CONF_FILES_ABS
+
Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
@@ -270,9 +284,23 @@
# ---------
function _determine_config_server {
+ if [[ "$Q_PLUGIN_EXTRA_CONF_PATH" != '' ]]; then
+ if [[ "$Q_PLUGIN_EXTRA_CONF_PATH" = "$_Q_PLUGIN_EXTRA_CONF_PATH" ]]; then
+ deprecated "Q_PLUGIN_EXTRA_CONF_PATH is deprecated"
+ else
+ die $LINENO "Q_PLUGIN_EXTRA_CONF_PATH is deprecated"
+ fi
+ fi
+ if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 ]]; then
+ deprecated "Q_PLUGIN_EXTRA_CONF_FILES is deprecated. Use neutron_server_config_add instead."
+ fi
+ for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
+ _Q_PLUGIN_EXTRA_CONF_FILES_ABS+=($_Q_PLUGIN_EXTRA_CONF_PATH/$cfg_file)
+ done
+
local cfg_file
local opts="--config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
- for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
+ for cfg_file in ${_Q_PLUGIN_EXTRA_CONF_FILES_ABS[@]}; do
opts+=" --config-file $cfg_file"
done
echo "$opts"
@@ -423,7 +451,7 @@
}
# install_neutron_agent_packages() - Collect source and prepare
-function install_neutron_agent_packages {
+function install_neutron_agent_packages_mutnauq {
# radvd doesn't come with the OS. Install it if the l3 service is enabled.
if is_service_enabled q-l3; then
install_package radvd
@@ -668,11 +696,6 @@
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
- # For additional plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH`` and
- # ``Q_PLUGIN_EXTRA_CONF_FILES``. For example:
- #
- # ``Q_PLUGIN_EXTRA_CONF_PATH=/path/to/plugins``
- # ``Q_PLUGIN_EXTRA_CONF_FILES=(file1 file2)``
neutron_plugin_configure_common
if [[ "$Q_PLUGIN_CONF_PATH" == '' || "$Q_PLUGIN_CONF_FILENAME" == '' || "$Q_PLUGIN_CLASS" == '' ]]; then
@@ -699,20 +722,6 @@
# NOTE(freerunner): Need to adjust Region Name for nova in multiregion installation
iniset $NEUTRON_CONF nova region_name $REGION_NAME
- # If addition config files are set, make sure their path name is set as well
- if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
- die $LINENO "Neutron additional plugin config not set.. exiting"
- fi
-
- # If additional config files exist, copy them over to neutron configuration
- # directory
- if [[ $Q_PLUGIN_EXTRA_CONF_PATH != '' ]]; then
- local f
- for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do
- Q_PLUGIN_EXTRA_CONF_FILES[$f]=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]}
- done
- fi
-
if [ "$VIRT_DRIVER" = 'fake' ]; then
# Disable arbitrary limits
iniset $NEUTRON_CONF quotas quota_network -1
@@ -863,6 +872,11 @@
fi
}
+# mutnauq_server_config_add() - add server config file
+function mutnauq_server_config_add {
+ _Q_PLUGIN_EXTRA_CONF_FILES_ABS+=($1)
+}
+
# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
function _neutron_deploy_rootwrap_filters {
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index e429714..c5a4c02 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -63,7 +63,7 @@
function neutron_plugin_configure_common {
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/ml2
Q_PLUGIN_CONF_FILENAME=ml2_conf.ini
- Q_PLUGIN_CLASS="neutron.plugins.ml2.plugin.Ml2Plugin"
+ Q_PLUGIN_CLASS="ml2"
# The ML2 plugin delegates L3 routing/NAT functionality to
# the L3 service plugin which must therefore be specified.
_neutron_service_plugin_class_add $ML2_L3_PLUGIN
@@ -105,7 +105,7 @@
if [[ -n "$PHYSICAL_NETWORK" ]]; then
Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS+="${PHYSICAL_NETWORK},"
fi
- if [[ -n "$PUBLIC_PHYSICAL_NETWORK" ]]; then
+ if [[ -n "$PUBLIC_PHYSICAL_NETWORK" ]] && [[ "${PHYSICAL_NETWORK}" != "$PUBLIC_PHYSICAL_NETWORK" ]]; then
Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS+="${PUBLIC_PHYSICAL_NETWORK},"
fi
fi
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index f009966..76a1a4f 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -97,8 +97,8 @@
# Set OVS native interface for ovs-agent in compute node
XEN_DOM0_IP=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3)
- iniset /$Q_PLUGIN_CONF_FILE ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
- iniset /$Q_PLUGIN_CONF_FILE ovs of_listen_address $HOST_IP
+ iniset /$Q_PLUGIN_CONF_FILE.domU ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
+ iniset /$Q_PLUGIN_CONF_FILE.domU ovs of_listen_address $HOST_IP
# Set up domU's L2 agent:
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 1004325..62a4d00 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -69,7 +69,11 @@
restart_service openvswitch
sudo systemctl enable openvswitch
elif is_suse; then
- restart_service openvswitch-switch
+ if [[ $DISTRO == "sle12" ]] && [[ $os_RELEASE -lt 12.2 ]]; then
+ restart_service openvswitch-switch
+ else
+ restart_service openvswitch
+ fi
fi
}
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index 569a366..cd0c1ed 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -192,8 +192,8 @@
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
- die_if_not_set $LINENO IPV6_PROVIDER_FIXED_RANGE "IPV6_PROVIDER_FIXED_RANGE has not been set, but Q_USE_PROVIDERNET_FOR_PUBLIC is true and IP_VERSION includes 6"
- die_if_not_set $LINENO IPV6_PROVIDER_NETWORK_GATEWAY "IPV6_PROVIDER_NETWORK_GATEWAY has not been set, but Q_USE_PROVIDERNET_FOR_PUBLIC is true and IP_VERSION includes 6"
+ die_if_not_set $LINENO IPV6_PROVIDER_FIXED_RANGE "IPV6_PROVIDER_FIXED_RANGE has not been set, but Q_USE_PROVIDER_NETWORKING is true and IP_VERSION includes 6"
+ die_if_not_set $LINENO IPV6_PROVIDER_NETWORK_GATEWAY "IPV6_PROVIDER_NETWORK_GATEWAY has not been set, but Q_USE_PROVIDER_NETWORKING is true and IP_VERSION includes 6"
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi
@@ -337,7 +337,7 @@
ext_gw_ip=$(echo $id_and_ext_gw_ip | get_field 2)
PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
# Configure the external network as the default router gateway
- neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-gateway-set $ROUTER_ID $EXT_NET_ID
+ openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
# This logic is specific to using the l3-agent for layer 3
if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
@@ -385,7 +385,7 @@
# If the external network has not already been set as the default router
# gateway when configuring an IPv4 public subnet, do so now
if [[ "$IP_VERSION" == "6" ]]; then
- neutron --os-cloud devstack-admin --os-region "$REGION_NAME" router-gateway-set $ROUTER_ID $EXT_NET_ID
+ openstack --os-cloud devstack-admin --os-region "$REGION_NAME" set --external-gateway $EXT_NET_ID $ROUTER_ID
fi
# This logic is specific to using the l3-agent for layer 3
diff --git a/lib/nova b/lib/nova
index d5db5ea..450242b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -663,6 +663,7 @@
if [ -n "$FLAT_INTERFACE" ]; then
iniset $NOVA_CONF DEFAULT flat_interface "$FLAT_INTERFACE"
fi
+ iniset $NOVA_CONF DEFAULT use_neutron False
}
# create_nova_keys_dir() - Part of the init_nova() process
@@ -676,12 +677,15 @@
# All nova components talk to a central database.
# Only do this step once on the API node for an entire cluster.
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
+ recreate_database $NOVA_API_DB
+ $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
+
# (Re)create nova databases
recreate_database nova
- recreate_database nova_api_cell0
+ recreate_database nova_cell0
# Migrate nova database. If "nova-manage cell_v2 simple_cell_setup" has
- # been run this migrates the "nova" and "nova_api_cell0" database.
+ # been run this migrates the "nova" and "nova_cell0" database.
# Otherwise it just migrates the "nova" database.
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db sync
@@ -689,9 +693,6 @@
recreate_database $NOVA_CELLS_DB
fi
- recreate_database $NOVA_API_DB
- $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
-
# Run online migrations on the new databases
# Needed for flavor conversion
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db online_data_migrations
@@ -822,7 +823,7 @@
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LIBVIRT_GROUP
elif [[ "$VIRT_DRIVER" = 'lxd' ]]; then
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LXD_GROUP
- elif [[ "$VIRT_DRIVER" = 'docker' ]]; then
+ elif [[ "$VIRT_DRIVER" = 'docker' || "$VIRT_DRIVER" = 'zun' ]]; then
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $DOCKER_GROUP
elif [[ "$VIRT_DRIVER" = 'fake' ]]; then
local i
@@ -945,10 +946,15 @@
# create_cell(): Group the available hosts into a cell
function create_cell {
+ # NOTE(danms): map_cell0 always returns 1 right now; remove this when that is fixed
+ (nova-manage cell_v2 map_cell0 --database_connection `database_connection_url nova_cell0`|| true)
+
if ! is_service_enabled n-cell; then
nova-manage cell_v2 simple_cell_setup --transport-url $(get_transport_url)
else
- echo 'Skipping cellsv2 setup for this cellsv1 configuration'
+ nova-manage --config-file $NOVA_CELLS_CONF --verbose cell_v2 map_cell_and_hosts \
+ --transport-url $(get_transport_url child_cell) --name 'cell1'
+ nova-manage db sync
fi
}
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index b053856..0046a36 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -48,6 +48,21 @@
if [ -z "$XENAPI_CONNECTION_URL" ]; then
die $LINENO "XENAPI_CONNECTION_URL is not specified"
fi
+
+ # Check os-xenapi plugin is enabled
+ local plugins="${DEVSTACK_PLUGINS}"
+ local plugin
+ local found=0
+ for plugin in ${plugins//,/ }; do
+ if [[ "$plugin" = "os-xenapi" ]]; then
+ found=1
+ break
+ fi
+ done
+ if [[ $found -ne 1 ]]; then
+ die $LINENO "os-xenapi plugin is not specified. Please enable this plugin in local.conf"
+ fi
+
read_password XENAPI_PASSWORD "ENTER A PASSWORD TO USE FOR XEN."
iniset $NOVA_CONF DEFAULT compute_driver "xenapi.XenAPIDriver"
iniset $NOVA_CONF xenserver connection_url "$XENAPI_CONNECTION_URL"
@@ -64,14 +79,6 @@
local ssh_dom0
ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
- # Find where the plugins should go in dom0
- xen_functions=`cat $TOP_DIR/tools/xen/functions`
- PLUGIN_DIR=`$ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location"`
-
- # install nova plugins to dom0
- tar -czf - -C $NOVA_DIR/plugins/xenserver/xenapi/etc/xapi.d/plugins/ ./ |
- $ssh_dom0 "tar -xzf - -C $PLUGIN_DIR && chmod a+x $PLUGIN_DIR/*"
-
# install console logrotate script
tar -czf - -C $NOVA_DIR/tools/xenserver/ rotate_xen_guest_logs.sh |
$ssh_dom0 'tar -xzf - -C /root/ && chmod +x /root/rotate_xen_guest_logs.sh && mkdir -p /var/log/xen/guest'
@@ -107,7 +114,9 @@
# install_nova_hypervisor() - Install external components
function install_nova_hypervisor {
- pip_install_gr xenapi
+ # xenapi functionality is now included in os-xenapi library which houses the plugin
+ # so this function intentionally left blank
+ :
}
# start_nova_hypervisor - Start any required external services
diff --git a/lib/placement b/lib/placement
index 165c670..871e282 100644
--- a/lib/placement
+++ b/lib/placement
@@ -47,7 +47,6 @@
# Public facing bits
PLACEMENT_SERVICE_PROTOCOL=${PLACEMENT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
PLACEMENT_SERVICE_HOST=${PLACEMENT_SERVICE_HOST:-$SERVICE_HOST}
-PLACEMENT_SERVICE_PORT=${PLACEMENT_SERVICE_PORT:-8778}
# Functions
# ---------
@@ -55,7 +54,7 @@
# Test if any placement services are enabled
# is_placement_enabled
function is_placement_enabled {
- [[ ,${ENABLED_SERVICES} =~ ,"placement-" ]] && return 0
+ [[ ,${ENABLED_SERVICES} =~ ,"placement-api" ]] && return 0
return 1
}
@@ -68,7 +67,6 @@
# _config_placement_apache_wsgi() - Set WSGI config files
function _config_placement_apache_wsgi {
local placement_api_apache_conf
- local placement_api_port=$PLACEMENT_SERVICE_PORT
local venv_path=""
local nova_bin_dir=""
nova_bin_dir=$(get_python_exec_prefix)
@@ -89,7 +87,6 @@
sudo cp $FILES/apache-placement-api.template $placement_api_apache_conf
sudo sed -e "
- s|%PUBLICPORT%|$placement_api_port|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
s|%PUBLICWSGI%|$nova_bin_dir/nova-placement-api|g;
s|%SSLENGINE%|$placement_ssl|g;
@@ -101,19 +98,14 @@
" -i $placement_api_apache_conf
}
-# configure_placement() - Set config files, create data dirs, etc
-function configure_placement {
- if [ "$PLACEMENT_DB_ENABLED" != False ]; then
- iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement`
- fi
-
+function configure_placement_nova_compute {
iniset $NOVA_CONF placement auth_type "password"
iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
iniset $NOVA_CONF placement username placement
iniset $NOVA_CONF placement password "$SERVICE_PASSWORD"
- iniset $NOVA_CONF placement user_domain_name "Default"
+ iniset $NOVA_CONF placement user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF placement project_name "$SERVICE_TENANT_NAME"
- iniset $NOVA_CONF placement project_domain_name "Default"
+ iniset $NOVA_CONF placement project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF placement os_region_name "$REGION_NAME"
# TODO(cdent): auth_strategy, which is common to see in these
# blocks is not currently used here. For the time being the
@@ -121,7 +113,13 @@
# established by the nova api. This avoids, for the time, being,
# creating redundant configuration items that are just used for
# testing.
+}
+# configure_placement() - Set config files, create data dirs, etc
+function configure_placement {
+ if [ "$PLACEMENT_DB_ENABLED" != False ]; then
+ iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement`
+ fi
_config_placement_apache_wsgi
}
@@ -160,10 +158,6 @@
# start_placement_api() - Start the API processes ahead of other things
function start_placement_api {
- # Get right service port for testing
- local service_port=$PLACEMENT_SERVICE_PORT
- local placement_api_port=$PLACEMENT_SERVICE_PORT
-
enable_apache_site placement-api
restart_apache_server
tail_log placement-api /var/log/$APACHE_NAME/placement-api.log
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 97b1aa4..a21f781 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -25,6 +25,9 @@
set +o xtrace
RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
+if is_service_enabled rabbit; then
+ RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
+fi
# Functions
# ---------
diff --git a/lib/swift b/lib/swift
index b175f2e..03fd454 100644
--- a/lib/swift
+++ b/lib/swift
@@ -454,7 +454,6 @@
# out. Make sure we uncomment Tempauth after we uncomment Keystoneauth
# otherwise, this code also sets the reseller_prefix for Keystoneauth.
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
- iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
if is_service_enabled swift3; then
@@ -809,10 +808,10 @@
local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
fi
- run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
+ run_process s-proxy "swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do
- run_process s-${type} "$SWIFT_DIR/bin/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
+ run_process s-${type} "swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
done
fi
diff --git a/lib/tempest b/lib/tempest
index 39b565f..3312522 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -241,7 +241,9 @@
# the public network (for floating ip access) is only available
# if the extension is enabled.
- if is_networking_extension_supported 'external-net'; then
+ # If NEUTRON_CREATE_INITIAL_NETWORKS is not true, there is no network created
+ # and the public_network_id should not be set.
+ if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]] && is_networking_extension_supported 'external-net'; then
public_network_id=$(openstack network show -f value -c id $PUBLIC_NETWORK_NAME)
fi
@@ -261,6 +263,9 @@
# Identity
iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
+ iniset $TEMPEST_CONFIG identity user_lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
+ iniset $TEMPEST_CONFIG identity user_lockout_duration $KEYSTONE_LOCKOUT_DURATION
+ iniset $TEMPEST_CONFIG identity user_unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
# Use domain scoped tokens for admin v3 tests, v3 dynamic credentials of v3 account generation
iniset $TEMPEST_CONFIG identity admin_domain_scope True
if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
@@ -285,8 +290,9 @@
fi
# Identity Features
- # TODO(rodrigods): Remove the reseller flag when Kilo and Liberty are end of life.
- iniset $TEMPEST_CONFIG identity-feature-enabled reseller True
+ if [[ "$KEYSTONE_SECURITY_COMPLIANCE_ENABLED" = True ]]; then
+ iniset $TEMPEST_CONFIG identity-feature-enabled security_compliance True
+ fi
# Image
# We want to be able to override this variable in the gate to avoid
@@ -347,8 +353,6 @@
iniset $TEMPEST_CONFIG compute max_microversion $tempest_compute_max_microversion
fi
- # TODO(mriedem): Remove allow_port_security_disabled after liberty-eol.
- iniset $TEMPEST_CONFIG compute-feature-enabled allow_port_security_disabled True
iniset $TEMPEST_CONFIG compute-feature-enabled personality ${ENABLE_FILE_INJECTION:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled resize True
iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
@@ -430,8 +434,11 @@
iniset $TEMPEST_CONFIG validation network_for_ssh $TEMPEST_SSH_NETWORK_NAME
# Volume
- # TODO(obutenko): Remove snapshot_backup when liberty-eol happens.
- iniset $TEMPEST_CONFIG volume-feature-enabled snapshot_backup True
+ # Only turn on TEMPEST_VOLUME_MANAGE_SNAPSHOT by default for "lvm" backends
+ if [[ "$CINDER_ENABLED_BACKENDS" == *"lvm"* ]]; then
+ TEMPEST_VOLUME_MANAGE_SNAPSHOT=${TEMPEST_VOLUME_MANAGE_SNAPSHOT:-True}
+ fi
+ iniset $TEMPEST_CONFIG volume-feature-enabled manage_snapshot $(trueorfalse False TEMPEST_VOLUME_MANAGE_SNAPSHOT)
# TODO(ynesenenko): Remove the volume_services flag when Liberty and Kilo will correct work with host info.
iniset $TEMPEST_CONFIG volume-feature-enabled volume_services True
# TODO(ameade): Remove the api_v3 flag when Mitaka and Liberty are end of life.
@@ -486,12 +493,6 @@
iniset $TEMPEST_CONFIG volume storage_protocol "$TEMPEST_STORAGE_PROTOCOL"
fi
- # Dashboard
- iniset $TEMPEST_CONFIG dashboard dashboard_url "http://$SERVICE_HOST/"
-
- # CLI
- iniset $TEMPEST_CONFIG cli cli_dir $NOVA_BIN_DIR
-
# Baremetal
if [ "$VIRT_DRIVER" = "ironic" ] ; then
iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 856eaff..fefd454 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -83,7 +83,7 @@
return
fi
if is_ubuntu; then
- is_package_installed openjdk-7-jre-headless || install_package openjdk-7-jre-headless
+ is_package_installed default-jre-headless || install_package default-jre-headless
sudo dpkg -i ${FILES}/elasticsearch-${ELASTICSEARCH_VERSION}.deb
sudo update-rc.d elasticsearch defaults 95 10
diff --git a/stack.sh b/stack.sh
index f4bac30..7d440a7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -573,7 +573,6 @@
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/neutron
-source $TOP_DIR/lib/neutron-legacy
source $TOP_DIR/lib/ldap
source $TOP_DIR/lib/dstat
source $TOP_DIR/lib/dlm
@@ -664,7 +663,6 @@
# In multi node DevStack, second node needs ``RABBIT_USERID``, but rabbit
# isn't enabled.
if is_service_enabled rabbit; then
- RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
fi
@@ -869,6 +867,16 @@
configure_placement
fi
+# create a placement-client fake service to know we need to configure
+# placement connectivity. We configure the placement service for nova
+# if placement-api or placement-client is active, and n-cpu on the
+# same box.
+if is_service_enabled placement placement-client; then
+ if is_service_enabled n-cpu; then
+ configure_placement_nova_compute
+ fi
+fi
+
if is_service_enabled horizon; then
# django openstack_auth
install_django_openstack_auth
diff --git a/stackrc b/stackrc
index e7771cf..d8d0ee4 100644
--- a/stackrc
+++ b/stackrc
@@ -54,6 +54,8 @@
ENABLED_SERVICES=key
# Nova - services to support libvirt based openstack clouds
ENABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth
+ # Placement service needed for Nova
+ ENABLED_SERVICES+=,placement-api,placement-client
# Glance services needed for Nova
ENABLED_SERVICES+=,g-api,g-reg
# Cinder
@@ -101,12 +103,12 @@
fi
# Control whether Python 3 should be used.
-export USE_PYTHON3=${USE_PYTHON3:-False}
+export USE_PYTHON3=$(trueorfalse False USE_PYTHON3)
# When Python 3 is supported by an application, adding the specific
# version of Python 3 to this variable will install the app using that
# version of the interpreter instead of 2.7.
-export PYTHON3_VERSION=${PYTHON3_VERSION:-3.4}
+export PYTHON3_VERSION=${PYTHON3_VERSION:-3.5}
# Just to be more explicit on the Python 2 version to use.
export PYTHON2_VERSION=${PYTHON2_VERSION:-2.7}
@@ -571,7 +573,7 @@
lxd)
LXD_GROUP=${LXD_GROUP:-"lxd"}
;;
- docker)
+ docker|zun)
DOCKER_GROUP=${DOCKER_GROUP:-"docker"}
;;
fake)
@@ -645,14 +647,9 @@
IMAGE_URLS+="http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"
IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
ironic)
- # Ironic can do both partition and full disk images, depending on the driver
- if [[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]]; then
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-disk}
- else
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-uec}
- fi
- IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz"
- IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-disk.img";;
+ # NOTE(lucasagomes): The logic setting the default image
+ # now lives in the Ironic tree
+ ;;
*) # Default to Cirros with kernel, ramdisk and disk image
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";;
@@ -819,6 +816,10 @@
# Use native SSL for servers in ``SSL_ENABLED_SERVICES``
USE_SSL=$(trueorfalse False USE_SSL)
+# We may not need to recreate database in case 2 Keystone services
+# sharing the same database. It would be useful for multinode Grenade tests.
+RECREATE_KEYSTONE_DB=$(trueorfalse True RECREATE_KEYSTONE_DB)
+
# ebtables is inherently racey. If you run it by two or more processes
# simultaneously it will collide, badly, in the kernel and produce
# failures or corruption of ebtables. The only way around it is for
diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh
index 92f9c01..087aaf4 100755
--- a/tests/test_meta_config.sh
+++ b/tests/test_meta_config.sh
@@ -29,6 +29,10 @@
exit -1
}
+function warn {
+ return 0
+}
+
TEST_1C_ADD="[eee]
type=new
multi = foo2"
@@ -92,7 +96,7 @@
[[test3|test-space.conf]]
[DEFAULT]
attribute=value
-
+
# the above line has a single space
[[test4|\$TEST4_DIR/\$TEST4_FILE]]
@@ -378,11 +382,10 @@
echo -n "merge_config_group test9 undefined conf file: "
set +e
-# function is expected to fail and exit, running it
-# in a subprocess to let this script proceed
+# function is expected to trigger warn and continue
(merge_config_group test.conf test9)
VAL=$?
-EXPECT_VAL=255
+EXPECT_VAL=0
check_result "$VAL" "$EXPECT_VAL"
set -e
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 8895e1e..da59093 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -83,6 +83,9 @@
if python3_enabled; then
install_python3
+ export PYTHON=$(which python${PYTHON3_VERSION} 2>/dev/null || which python3 2>/dev/null)
+else
+ export PYTHON=$(which python 2>/dev/null)
fi
# Mark end of run
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index bb27454..2161247 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -101,6 +101,7 @@
## Note that the lines below are coming from stackrc to support
## new-style config files
+source $RC_DIR/functions-common
# allow local overrides of env variables, including repo config
if [[ -f $RC_DIR/localrc ]]; then
diff --git a/unstack.sh b/unstack.sh
index 6cd039f..b0ebaf7 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -67,7 +67,6 @@
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/neutron
-source $TOP_DIR/lib/neutron-legacy
source $TOP_DIR/lib/ldap
source $TOP_DIR/lib/dstat
source $TOP_DIR/lib/dlm