Merge "Fix EXTRA_OPTS handling"
diff --git a/extras.d/80-tempest.sh b/extras.d/80-tempest.sh
new file mode 100644
index 0000000..506ccef
--- /dev/null
+++ b/extras.d/80-tempest.sh
@@ -0,0 +1,20 @@
+# tempest.sh - DevStack extras script
+
+source $TOP_DIR/lib/tempest
+
+if [[ "$1" == "stack" ]]; then
+ # Configure Tempest last to ensure that the runtime configuration of
+ # the various OpenStack services can be queried.
+ if is_service_enabled tempest; then
+ echo_summary "Configuring Tempest"
+ install_tempest
+ configure_tempest
+ fi
+fi
+
+if [[ "$1" == "unstack" ]]; then
+ # no-op
+ :
+fi
+
+
diff --git a/extras.d/README b/extras.d/README
new file mode 100644
index 0000000..ffc6793
--- /dev/null
+++ b/extras.d/README
@@ -0,0 +1,14 @@
+The extras.d directory contains project initialization scripts to be
+sourced by stack.sh at the end of its run. This is expected to be
+used by external projects that want to be configured, started and
+stopped with DevStack.
+
+Order is controlled by prefixing the script names with the a two digit
+sequence number. Script names must end with '.sh'. This provides a
+convenient way to disable scripts by simoy renaming them.
+
+DevStack reserves the sequence numbers 00 through 09 and 90 through 99
+for its own use.
+
+The scripts are called with an argument of 'stack' by stack.sh and
+with an argument of 'unstack' by unstack.sh.
diff --git a/lib/cinder b/lib/cinder
index 4aaea5d..1f40984 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -37,6 +37,12 @@
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini
+# Public facing bits
+CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
+CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
+CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
+CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+
# Support entry points installation of console scripts
if [[ -d $CINDER_DIR/bin ]]; then
CINDER_BIN_DIR=$CINDER_DIR/bin
@@ -169,6 +175,11 @@
iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.openstack.volume.contrib.standard_extensions
iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
+ if is_service_enabled tls-proxy; then
+ # Set the service port for a proxy to take the original
+ iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
+ fi
+
if [ "$SYSLOG" != "False" ]; then
iniset $CINDER_CONF DEFAULT use_syslog True
fi
@@ -241,9 +252,9 @@
keystone endpoint-create \
--region RegionOne \
--service_id $CINDER_SERVICE \
- --publicurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
- --adminurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" \
- --internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s"
+ --publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+ --adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+ --internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
fi
fi
}
@@ -340,6 +351,11 @@
screen_it c-api "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
screen_it c-vol "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF"
screen_it c-sch "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
+
+ # Start proxies if enabled
+ if is_service_enabled c-api && is_service_enabled tls-proxy; then
+ start_tls_proxy '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT &
+ fi
}
# stop_cinder() - Stop running processes
diff --git a/lib/tls b/lib/tls
index 1e2a899..202edef 100644
--- a/lib/tls
+++ b/lib/tls
@@ -189,7 +189,7 @@
" >$ca_dir/signing.conf
}
-# Create root and intermediate CAs and an initial server cert
+# Create root and intermediate CAs
# init_CA
function init_CA {
# Ensure CAs are built
@@ -198,7 +198,11 @@
# Create the CA bundle
cat $ROOT_CA_DIR/cacert.pem $INT_CA_DIR/cacert.pem >>$INT_CA_DIR/ca-chain.pem
+}
+# Create an initial server cert
+# init_cert
+function init_cert {
if [[ ! -r $DEVSTACK_CERT ]]; then
if [[ -n "$TLS_IP" ]]; then
# Lie to let incomplete match routines work
diff --git a/stack.sh b/stack.sh
index da62353..c564137 100755
--- a/stack.sh
+++ b/stack.sh
@@ -321,7 +321,6 @@
source $TOP_DIR/lib/ceilometer
source $TOP_DIR/lib/heat
source $TOP_DIR/lib/quantum
-source $TOP_DIR/lib/tempest
source $TOP_DIR/lib/baremetal
# Set the destination directories for OpenStack projects
@@ -776,9 +775,6 @@
install_ceilometerclient
install_ceilometer
fi
-if is_service_enabled tempest; then
- install_tempest
-fi
# Initialization
@@ -839,6 +835,7 @@
if is_service_enabled tls-proxy; then
configure_CA
init_CA
+ init_cert
# Add name to /etc/hosts
# don't be naive and add to existing line!
fi
@@ -1323,16 +1320,6 @@
screen_it baremetal "nova-baremetal-deploy-helper"
fi
-# Configure Tempest last to ensure that the runtime configuration of
-# the various OpenStack services can be queried.
-if is_service_enabled tempest; then
- echo_summary "Configuring Tempest"
- configure_tempest
- echo '**************************************************'
- echo_summary "Finished Configuring Tempest"
- echo '**************************************************'
-fi
-
# Save some values we generated for later use
CURRENT_RUN_TIME=$(date "+$TIMESTAMP_FORMAT")
echo "# $CURRENT_RUN_TIME" >$TOP_DIR/.stackenv
@@ -1342,6 +1329,16 @@
done
+# Run extras
+# ==========
+
+if [[ -d $TOP_DIR/extras.d ]]; then
+ for i in $TOP_DIR/extras.d/*.sh; do
+ [[ -r $i ]] && source $i stack
+ done
+fi
+
+
# Run local script
# ================
diff --git a/stackrc b/stackrc
index 4e03a2f..89d4f09 100644
--- a/stackrc
+++ b/stackrc
@@ -108,7 +108,7 @@
HEAT_BRANCH=master
# python heat client library
-HEATCLIENT_REPO=${GIT_BASE}/heat-api/python-heatclient.git
+HEATCLIENT_REPO=${GIT_BASE}/openstack/python-heatclient.git
HEATCLIENT_BRANCH=master
# ryu service
diff --git a/tools/make_cert.sh b/tools/make_cert.sh
new file mode 100755
index 0000000..cb93e57
--- /dev/null
+++ b/tools/make_cert.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# **make_cert.sh**
+
+# Create a CA hierarchy (if necessary) and server certificate
+#
+# This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled
+# but in the curent directory unless ``DATA_DIR`` is set
+
+ENABLE_TLS=True
+DATA_DIR=${DATA_DIR:-`pwd`/ca-data}
+
+ROOT_CA_DIR=$DATA_DIR/root
+INT_CA_DIR=$DATA_DIR/int
+
+# Import common functions
+source $TOP_DIR/functions
+
+# Import TLS functions
+source lib/tls
+
+function usage {
+ echo "$0 - Create CA and/or certs"
+ echo ""
+ echo "Usage: $0 commonName [orgUnit]"
+ exit 1
+}
+
+CN=$1
+if [ -z "$CN" ]]; then
+ usage
+fi
+ORG_UNIT_NAME=${2:-$ORG_UNIT_NAME}
+
+# Useful on OS/X
+if [[ `uname -s` == 'Darwin' && -d /usr/local/Cellar/openssl ]]; then
+ # set up for brew-installed modern OpenSSL
+ OPENSSL_CONF=/usr/local/etc/openssl/openssl.cnf
+ OPENSSL=/usr/local/Cellar/openssl/*/bin/openssl
+fi
+
+DEVSTACK_CERT_NAME=$CN
+DEVSTACK_HOSTNAME=$CN
+DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem
+
+# Make sure the CA is set up
+configure_CA
+init_CA
+
+# Create the server cert
+make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME
+
+# Create a cert bundle
+cat $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/cacert.pem >$DEVSTACK_CERT
+
diff --git a/unstack.sh b/unstack.sh
index fd70916..1d4bfd5 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -39,6 +39,15 @@
UNSTACK_ALL=${UNSTACK_ALL:-1}
fi
+# Run extras
+# ==========
+
+if [[ -d $TOP_DIR/extras.d ]]; then
+ for i in $TOP_DIR/extras.d/*.sh; do
+ [[ -r $i ]] && source $i unstack
+ done
+fi
+
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
source $TOP_DIR/openrc
teardown_quantum_debug