Merge "Configure heat keystone client for SSL when keystone uses SSL"
diff --git a/README.md b/README.md
index 37b960e..f0406c6 100644
--- a/README.md
+++ b/README.md
@@ -262,10 +262,10 @@
# Heat
-Heat is disabled by default. To enable it you'll need the following settings
-in your `localrc` section:
+Heat is enabled by default (see `stackrc` file). To disable it explicitly
+you'll need the following settings in your `localrc` section:
- enable_service heat h-api h-api-cfn h-api-cw h-eng
+ disable_service heat h-api h-api-cfn h-api-cw h-eng
Heat can also run in standalone mode, and be configured to orchestrate
on an external OpenStack cloud. To launch only Heat in standalone mode
diff --git a/extras.d/80-opendaylight.sh b/extras.d/80-opendaylight.sh
index bfbabc2..b673777 100644
--- a/extras.d/80-opendaylight.sh
+++ b/extras.d/80-opendaylight.sh
@@ -40,7 +40,9 @@
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
install_opendaylight-compute
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
- create_nova_conf_neutron
+ if is_service_enabled nova; then
+ create_nova_conf_neutron
+ fi
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing OpenDaylight"
ODL_LOCAL_IP=${ODL_LOCAL_IP:-$HOST_IP}
diff --git a/files/apts/ironic b/files/apts/ironic
index b77a6b1..fe9c07f 100644
--- a/files/apts/ironic
+++ b/files/apts/ironic
@@ -1,3 +1,4 @@
+ipmitool
iptables
libguestfs0
libvirt-bin
diff --git a/files/rpms/ironic b/files/rpms/ironic
index 6534095..0c81081 100644
--- a/files/rpms/ironic
+++ b/files/rpms/ironic
@@ -1,3 +1,4 @@
+ipmitool
iptables
libguestfs
libvirt
diff --git a/functions b/functions
index 80f98ad..543a6fe 100644
--- a/functions
+++ b/functions
@@ -16,6 +16,10 @@
XTRACE=$(set +o | grep xtrace)
set +o xtrace
+# Check if a function already exists
+function function_exists {
+ declare -f -F $1 > /dev/null
+}
# Checks if installed Apache is <= given version
# $1 = x.y.z (version string of Apache)
@@ -527,6 +531,20 @@
iniset $conf_file $conf_section logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
}
+# These functions are provided for basic fall-back functionality for
+# projects that include parts of devstack (grenade). stack.sh will
+# override these with more specific versions for devstack (with fancy
+# spinners, etc). We never override an existing version
+if ! function_exists echo_summary; then
+ function echo_summary {
+ echo $@
+ }
+fi
+if ! function_exists echo_nolog; then
+ function echo_nolog {
+ echo $@
+ }
+fi
# Restore xtrace
$XTRACE
diff --git a/functions-common b/functions-common
index cc90c07..613a86c 100644
--- a/functions-common
+++ b/functions-common
@@ -881,29 +881,43 @@
# Distro-agnostic package installer
# install_package package [package ...]
-function install_package {
- local xtrace=$(set +o | grep xtrace)
- set +o xtrace
- if is_ubuntu; then
- # if there are transient errors pulling the updates, that's fine. It may
- # be secondary repositories that we don't really care about.
- [[ "$NO_UPDATE_REPOS" = "True" ]] || apt_get update || /bin/true
- NO_UPDATE_REPOS=True
+function update_package_repo {
+ if [[ "NO_UPDATE_REPOS" = "True" ]]; then
+ return 0
+ fi
+ if is_ubuntu; then
+ local xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+ if [[ "$REPOS_UPDATED" != "True" || "$RETRY_UPDATE" = "True" ]]; then
+ # if there are transient errors pulling the updates, that's fine.
+ # It may be secondary repositories that we don't really care about.
+ apt_get update || /bin/true
+ REPOS_UPDATED=True
+ fi
$xtrace
+ fi
+}
+
+function real_install_package {
+ if is_ubuntu; then
apt_get install "$@"
elif is_fedora; then
- $xtrace
yum_install "$@"
elif is_suse; then
- $xtrace
zypper_install "$@"
else
- $xtrace
exit_distro_not_supported "installing packages"
fi
}
+# Distro-agnostic package installer
+# install_package package [package ...]
+function install_package {
+ update_package_repo
+ real_install_package $@ || RETRY_UPDATE=True update_package_repo && real_install_package $@
+}
+
# Distro-agnostic function to tell if a package is installed
# is_package_installed package [package ...]
function is_package_installed {
@@ -1067,7 +1081,7 @@
# sleep to allow bash to be ready to be send the command - we are
# creating a new window in screen and then sends characters, so if
# bash isn't running by the time we send the command, nothing happens
- sleep 1.5
+ sleep 3
NL=`echo -ne '\015'`
# This fun command does the following:
diff --git a/lib/apache b/lib/apache
index 2d5e39a..f7255be 100644
--- a/lib/apache
+++ b/lib/apache
@@ -11,6 +11,7 @@
# - is_apache_enabled_service
# - install_apache_wsgi
# - config_apache_wsgi
+# - apache_site_config_for
# - enable_apache_site
# - disable_apache_site
# - start_apache_server
@@ -30,13 +31,13 @@
# Set up apache name and configuration directory
if is_ubuntu; then
APACHE_NAME=apache2
- APACHE_CONF_DIR=sites-available
+ APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/sites-available}
elif is_fedora; then
APACHE_NAME=httpd
- APACHE_CONF_DIR=conf.d
+ APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
elif is_suse; then
APACHE_NAME=apache2
- APACHE_CONF_DIR=vhosts.d
+ APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
fi
# Functions
@@ -78,14 +79,62 @@
fi
}
+# apache_site_config_for() - The filename of the site's configuration file.
+# This function uses the global variables APACHE_NAME and APACHE_CONF_DIR.
+#
+# On Ubuntu 14.04, the site configuration file must have a .conf suffix for a2ensite and a2dissite to
+# recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'
+# files are 000-default.conf and default-ssl.conf.
+#
+# On Ubuntu 12.04, the site configuration file may have any format, as long as it is in
+# /etc/apache2/sites-available/. a2ensite and a2dissite need the entire file name to work. The default
+# sites' files are default and default-ssl.
+#
+# On Fedora and openSUSE, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
+#
+# On RHEL and CentOS, things should hopefully work as in Fedora.
+#
+# The table below summarizes what should happen on each distribution:
+# +----------------------+--------------------+--------------------------+--------------------------+
+# | Distribution | File name | Site enabling command | Site disabling command |
+# +----------------------+--------------------+--------------------------+--------------------------+
+# | Ubuntu 12.04 | site | a2ensite site | a2dissite site |
+# | Ubuntu 14.04 | site.conf | a2ensite site | a2dissite site |
+# | Fedora, RHEL, CentOS | site.conf.disabled | mv site.conf{.disabled,} | mv site.conf{,.disabled} |
+# +----------------------+--------------------+--------------------------+--------------------------+
+function apache_site_config_for {
+ local site=$@
+ if is_ubuntu; then
+ local apache_version=$(sudo /usr/sbin/apache2ctl -v | awk '/Server version/ {print $3}' | cut -f2 -d/)
+ if [[ "$apache_version" =~ ^2\.2\. ]]; then
+ # Ubuntu 12.04 - Apache 2.2
+ echo $APACHE_CONF_DIR/${site}
+ else
+ # Ubuntu 14.04 - Apache 2.4
+ echo $APACHE_CONF_DIR/${site}.conf
+ fi
+ elif is_fedora || is_suse; then
+ # fedora conf.d is only imported if it ends with .conf so this is approx the same
+ local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
+ if [ -f $enabled_site_file ]; then
+ echo ${enabled_site_file}
+ else
+ echo ${enabled_site_file}.disabled
+ fi
+ fi
+}
+
# enable_apache_site() - Enable a particular apache site
function enable_apache_site {
local site=$@
if is_ubuntu; then
sudo a2ensite ${site}
- elif is_fedora; then
- # fedora conf.d is only imported if it ends with .conf so this is approx the same
- sudo mv /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site} /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site}.conf
+ elif is_fedora || is_suse; then
+ local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
+ # Do nothing if site already enabled or no site config exists
+ if [[ -f ${enabled_site_file}.disabled ]] && [[ ! -f ${enabled_site_file} ]]; then
+ sudo mv ${enabled_site_file}.disabled ${enabled_site_file}
+ fi
fi
}
@@ -94,8 +143,12 @@
local site=$@
if is_ubuntu; then
sudo a2dissite ${site}
- elif is_fedora; then
- sudo mv /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site}.conf /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site}
+ elif is_fedora || is_suse; then
+ local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
+ # Do nothing if no site config exists
+ if [[ -f ${enabled_site_file} ]]; then
+ sudo mv ${enabled_site_file} ${enabled_site_file}.disabled
+ fi
fi
}
diff --git a/lib/ceilometer b/lib/ceilometer
index a4be7af..286f199 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -164,9 +164,7 @@
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
- iniset $CEILOMETER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $CEILOMETER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $CEILOMETER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
diff --git a/lib/cinder b/lib/cinder
index dadbe40..4183676 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -233,11 +233,7 @@
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
- cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
-
- iniset $CINDER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $CINDER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $CINDER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_CONF keystone_authtoken admin_user cinder
diff --git a/lib/databases/mysql b/lib/databases/mysql
index ea22d14..0ccfce5 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -88,6 +88,7 @@
# set default db type to InnoDB
sudo bash -c "source $TOP_DIR/functions && \
iniset $MY_CONF mysqld bind-address 0.0.0.0 && \
+ iniset $MY_CONF mysqld sql_mode STRICT_ALL_TABLES && \
iniset $MY_CONF mysqld default-storage-engine InnoDB"
diff --git a/lib/glance b/lib/glance
index 51e4399..4eb0ada 100644
--- a/lib/glance
+++ b/lib/glance
@@ -89,9 +89,7 @@
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
@@ -107,9 +105,7 @@
iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
- iniset $GLANCE_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $GLANCE_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $GLANCE_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION
iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
@@ -128,7 +124,7 @@
# Store the images in swift if enabled.
if is_service_enabled s-proxy; then
iniset $GLANCE_API_CONF DEFAULT default_store swift
- iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
+ iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/
iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
@@ -147,7 +143,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/heat b/lib/heat
index a9f9f2a..b8c0359 100644
--- a/lib/heat
+++ b/lib/heat
@@ -107,9 +107,7 @@
fi
# keystone authtoken
- iniset $HEAT_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $HEAT_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $HEAT_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
@@ -122,7 +120,7 @@
fi
# ec2authtoken
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
+ iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
# paste_deploy
[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone
@@ -273,7 +271,7 @@
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
# Note we have to pass token/endpoint here because the current endpoint and
# version negotiation in OSC means just --os-identity-api-version=3 won't work
- KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
+ KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
--os-identity-api-version=3 domain create heat \
--description "Owns users and projects created by heat" \
diff --git a/lib/horizon b/lib/horizon
index 9ce4853..02715ce 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -75,6 +75,9 @@
sudo rm /usr/bin/node
fi
fi
+
+ local horizon_conf=$(apache_site_config_for horizon)
+ sudo rm -f $horizon_conf
}
# configure_horizon() - Set config files, create data dirs, etc
@@ -122,22 +125,7 @@
HORIZON_REQUIRE='Require all granted'
fi
- local horizon_conf=/etc/$APACHE_NAME/$APACHE_CONF_DIR/horizon.conf
- if is_ubuntu; then
- disable_apache_site 000-default
- sudo touch $horizon_conf
- enable_apache_site horizon.conf
- elif is_fedora; then
- sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
- elif is_suse; then
- : # nothing to do
- else
- exit_distro_not_supported "horizon apache configuration"
- fi
-
- # Remove old log files that could mess with how devstack detects whether Horizon
- # has been successfully started (see start_horizon() and functions::screen_it())
- sudo rm -f /var/log/$APACHE_NAME/horizon_*
+ local horizon_conf=$(apache_site_config_for horizon)
# Configure apache to run horizon
sudo sh -c "sed -e \"
@@ -148,6 +136,23 @@
s,%DEST%,$DEST,g;
s,%HORIZON_REQUIRE%,$HORIZON_REQUIRE,g;
\" $FILES/apache-horizon.template >$horizon_conf"
+
+ if is_ubuntu; then
+ disable_apache_site 000-default
+ sudo touch $horizon_conf
+ elif is_fedora; then
+ sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
+ elif is_suse; then
+ : # nothing to do
+ else
+ exit_distro_not_supported "horizon apache configuration"
+ fi
+ enable_apache_site horizon
+
+ # Remove old log files that could mess with how devstack detects whether Horizon
+ # has been successfully started (see start_horizon() and functions::screen_it())
+ sudo rm -f /var/log/$APACHE_NAME/horizon_*
+
}
# install_horizon() - Collect source and prepare
diff --git a/lib/ironic b/lib/ironic
index 389040c..d53e1ad 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -147,6 +147,11 @@
configure_ironic_api
fi
+ # Format logging
+ if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+ setup_colorized_logging $IRONIC_CONF_FILE DEFAULT
+ fi
+
if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" ]]; then
configure_ironic_auxiliary
fi
@@ -157,11 +162,9 @@
function configure_ironic_api {
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
+ iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
@@ -352,6 +355,8 @@
while read MAC; do
NODE_ID=$(ironic node-create --chassis_uuid $CHASSIS_ID --driver pxe_ssh \
+ -i pxe_deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID \
+ -i pxe_deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID \
-i ssh_virt_type=$IRONIC_SSH_VIRT_TYPE \
-i ssh_address=$IRONIC_VM_SSH_ADDRESS \
-i ssh_port=$IRONIC_VM_SSH_PORT \
@@ -372,6 +377,10 @@
# create the nova flavor
adjusted_disk=$(($IRONIC_VM_SPECS_DISK - $IRONIC_VM_EPHEMERAL_DISK))
nova flavor-create --ephemeral $IRONIC_VM_EPHEMERAL_DISK baremetal auto $IRONIC_VM_SPECS_RAM $adjusted_disk $IRONIC_VM_SPECS_CPU
+ # TODO(lucasagomes): Remove the 'baremetal:deploy_kernel_id'
+ # and 'baremetal:deploy_ramdisk_id' parameters
+ # from the flavor after the completion of
+ # https://blueprints.launchpad.net/ironic/+spec/add-node-instance-info
nova flavor-key baremetal set "cpu_arch"="x86_64" "baremetal:deploy_kernel_id"="$IRONIC_DEPLOY_KERNEL_ID" "baremetal:deploy_ramdisk_id"="$IRONIC_DEPLOY_RAMDISK_ID"
# intentional sleep to make sure the tag has been set to port
diff --git a/lib/keystone b/lib/keystone
index f8e92f4..849ea75 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -55,7 +55,7 @@
KEYSTONE_ASSIGNMENT_BACKEND=${KEYSTONE_ASSIGNMENT_BACKEND:-sql}
# Select Keystone's token format
-# Choose from 'UUID' and 'PKI'
+# Choose from 'UUID', 'PKI', or 'PKIZ'
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
# Set Keystone interface configuration
@@ -87,6 +87,9 @@
KEYSTONE_SERVICE_PROTOCOL="https"
fi
+# complete URIs
+KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
# Functions
# ---------
@@ -103,18 +106,20 @@
function _cleanup_keystone_apache_wsgi {
sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
disable_apache_site keystone
- sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+ sudo rm -f $(apache_site_config_for keystone)
}
# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
function _config_keystone_apache_wsgi {
sudo mkdir -p $KEYSTONE_WSGI_DIR
+ local keystone_apache_conf=$(apache_site_config_for keystone)
+
# copy proxy vhost and wsgi file
sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
- sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+ sudo cp $FILES/apache-keystone.template $keystone_apache_conf
sudo sed -e "
s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
@@ -122,7 +127,7 @@
s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
s|%USER%|$STACK_USER|g
- " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+ " -i $keystone_apache_conf
enable_apache_site keystone
}
@@ -201,6 +206,8 @@
if [[ "$KEYSTONE_TOKEN_FORMAT" = "UUID" ]]; then
iniset $KEYSTONE_CONF token provider keystone.token.providers.uuid.Provider
+ elif [[ "$KEYSTONE_TOKEN_FORMAT" = "PKIZ" ]]; then
+ iniset $KEYSTONE_CONF token provider keystone.token.providers.pkiz.Provider
fi
iniset $KEYSTONE_CONF database connection `database_connection_url keystone`
@@ -381,7 +388,7 @@
# Initialize keystone database
$KEYSTONE_DIR/bin/keystone-manage db_sync
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" || "$KEYSTONE_TOKEN_FORMAT" == "PKIZ" ]]; then
# Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl
$KEYSTONE_DIR/bin/keystone-manage pki_setup
diff --git a/lib/marconi b/lib/marconi
index 143f38a..20bf0e1 100644
--- a/lib/marconi
+++ b/lib/marconi
@@ -154,7 +154,7 @@
# start_marconi() - Start running processes, including screen
function start_marconi {
- if [[ ${USE_SCREEN,,} == "false" ]];; then
+ if [[ "$USE_SCREEN" = "False" ]]; then
screen_it marconi-server "marconi-server --config-file $MARCONI_CONF --daemon"
else
screen_it marconi-server "marconi-server --config-file $MARCONI_CONF"
diff --git a/lib/neutron b/lib/neutron
index d327eff..6c0ca06 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -115,6 +115,9 @@
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
+## Provider Network Information
+PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
+
# The next two variables are configured by plugin
# e.g. _configure_neutron_l3_agent or lib/neutron_plugins/*
#
@@ -395,6 +398,15 @@
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $TENANT_ID"
sudo ifconfig $OVS_PHYSICAL_BRIDGE up
sudo route add default gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+ elif is_provider_network; then
+ die_if_not_set $LINENO SEGMENTATION_ID "A SEGMENTATION_ID is required to use provider networking"
+ die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
+ NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" --provider:segmentation_id "$SEGMENTATION_ID" --router:external=true --shared | grep ' id ' | get_field 2)
+ SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+ SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+ sudo ip link set $OVS_PHYSICAL_BRIDGE up
+ sudo ip link set br-int up
+ sudo ip link set $PUBLIC_INTERFACE up
else
NET_ID=$(neutron net-create --tenant-id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
@@ -495,6 +507,13 @@
L3_CONF_FILES="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
+ if is_provider_network; then
+ sudo ovs-vsctl add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
+ sudo ip link set $OVS_PHYSICAL_BRIDGE up
+ sudo ip link set br-int up
+ sudo ip link set $PUBLIC_INTERFACE up
+ fi
+
if is_service_enabled q-fwaas; then
L3_CONF_FILES="$L3_CONF_FILES --config-file $Q_FWAAS_CONF_FILE"
VPN_CONF_FILES="$VPN_CONF_FILES --config-file $Q_FWAAS_CONF_FILE"
@@ -707,7 +726,7 @@
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
- _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True True
+ _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True
}
@@ -849,18 +868,9 @@
local section=$2
local use_auth_url=$3
local skip_auth_cache=$4
- local use_service_port=$5
- local keystone_port=$KEYSTONE_AUTH_PORT
- if [[ -n $use_service_port ]]; then
- keystone_port=$KEYSTONE_SERVICE_PORT
- fi
- if [[ -n $use_auth_url ]]; then
- iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$keystone_port/v2.0"
- else
- iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
- iniset $conf_file $section auth_port $keystone_port
- iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
- fi
+
+ iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
+ iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
@@ -999,6 +1009,13 @@
_neutron_third_party_do check
}
+function is_provider_network {
+ if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ] && [ "$Q_L3_ENABLED" == "False" ]; then
+ return 0
+ fi
+ return 1
+}
+
# Restore xtrace
$XTRACE
diff --git a/lib/neutron_plugins/vmware_nsx b/lib/neutron_plugins/vmware_nsx
index f2f8735..c7672db 100644
--- a/lib/neutron_plugins/vmware_nsx
+++ b/lib/neutron_plugins/vmware_nsx
@@ -58,7 +58,7 @@
function neutron_plugin_configure_l3_agent {
# VMware NSX plugin does not run L3 agent
- die $LINENO "q-l3 should must not be executed with VMware NSX plugin!"
+ die $LINENO "q-l3 should not be executed with VMware NSX plugin!"
}
function neutron_plugin_configure_plugin_agent {
diff --git a/lib/neutron_thirdparty/trema b/lib/neutron_thirdparty/trema
index f829aa8..3e59ef2 100644
--- a/lib/neutron_thirdparty/trema
+++ b/lib/neutron_thirdparty/trema
@@ -28,7 +28,7 @@
TREMA_LOG_LEVEL=${TREMA_LOG_LEVEL:-info}
TREMA_SS_CONFIG=$TREMA_SS_ETC_DIR/sliceable.conf
-TREMA_SS_APACHE_CONFIG=/etc/apache2/sites-available/sliceable_switch.conf
+TREMA_SS_APACHE_CONFIG=$(apache_site_config_for sliceable_switch)
# configure_trema - Set config files, create data dirs, etc
function configure_trema {
@@ -61,8 +61,9 @@
sudo cp $TREMA_SS_DIR/apache/sliceable_switch $TREMA_SS_APACHE_CONFIG
sudo sed -i -e "s|/home/sliceable_switch/script|$TREMA_SS_SCRIPT_DIR|" \
$TREMA_SS_APACHE_CONFIG
+ # TODO(gabriel-bezerra): use some function from lib/apache to enable these modules
sudo a2enmod rewrite actions
- sudo a2ensite sliceable_switch.conf
+ enable_apache_site sliceable_switch
cp $TREMA_SS_DIR/sliceable_switch_null.conf $TREMA_SS_CONFIG
sed -i -e "s|^\$apps_dir.*$|\$apps_dir = \"$TREMA_DIR/apps\"|" \
@@ -98,8 +99,7 @@
}
function start_trema {
- # APACHE_NAME is defined in init_horizon (in lib/horizon)
- restart_service $APACHE_NAME
+ restart_apache_server
sudo LOGGING_LEVEL=$TREMA_LOG_LEVEL TREMA_TMP=$TREMA_TMP_DIR \
trema run -d -c $TREMA_SS_CONFIG
diff --git a/lib/nova b/lib/nova
index c51d584..9dd6bb0 100644
--- a/lib/nova
+++ b/lib/nova
@@ -75,8 +75,18 @@
# Set default defaults here as some hypervisor drivers override these
PUBLIC_INTERFACE_DEFAULT=br100
-GUEST_INTERFACE_DEFAULT=eth0
FLAT_NETWORK_BRIDGE_DEFAULT=br100
+# set the GUEST_INTERFACE_DEFAULT to some interface on the box so that
+# the default isn't completely crazy. This will match eth*, em*, or
+# the new p* interfaces, then basically picks the first
+# alphabetically. It's probably wrong, however it's less wrong than
+# always using 'eth0' which doesn't exist on new Linux distros at all.
+GUEST_INTERFACE_DEFAULT=$(ip link \
+ | grep 'state UP' \
+ | awk '{print $2}' \
+ | sed 's/://' \
+ | grep ^[ep] \
+ | head -1)
# Get hypervisor configuration
# ----------------------------
@@ -236,16 +246,6 @@
# Get the sample configuration file in place
cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF_DIR
-
- # Comment out the keystone configs in Nova's api-paste.ini.
- # We are using nova.conf to configure this instead.
- inicomment $NOVA_API_PASTE_INI filter:authtoken auth_host
- inicomment $NOVA_API_PASTE_INI filter:authtoken auth_protocol
- inicomment $NOVA_API_PASTE_INI filter:authtoken admin_tenant_name
- inicomment $NOVA_API_PASTE_INI filter:authtoken cafile
- inicomment $NOVA_API_PASTE_INI filter:authtoken admin_user
- inicomment $NOVA_API_PASTE_INI filter:authtoken admin_password
- inicomment $NOVA_API_PASTE_INI filter:authtoken signing_dir
fi
if is_service_enabled n-cpu; then
@@ -433,10 +433,6 @@
iniset $NOVA_CONF DEFAULT s3_host "$SERVICE_HOST"
iniset $NOVA_CONF DEFAULT s3_port "$S3_SERVICE_PORT"
iniset $NOVA_CONF DEFAULT my_ip "$HOST_IP"
- iniset $NOVA_CONF DEFAULT osapi_compute_workers "4"
- iniset $NOVA_CONF DEFAULT ec2_workers "4"
- iniset $NOVA_CONF DEFAULT metadata_workers "4"
- iniset $NOVA_CONF conductor workers "4"
iniset $NOVA_CONF DEFAULT sql_connection `database_connection_url nova`
iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x"
iniset $NOVA_CONF osapi_v3 enabled "True"
@@ -460,9 +456,7 @@
# Add keystone authtoken configuration
- iniset $NOVA_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $NOVA_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $NOVA_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $NOVA_CONF keystone_authtoken admin_user nova
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index f435456..18bdf89 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -29,21 +29,16 @@
install_package python-libguestfs
fi
- # workaround for
- # https://bugzilla.redhat.com/show_bug.cgi?id=1098376; if we see
- # the empty Xen proc file then remove the xen/libxl plugin
- # shared-libraries (yum remove would uninstall libvirt due to
- # dependencies, so let's avoid that...)
- if is_fedora && [ -f /proc/xen/capabilities ] && \
- [ $(stat -c '%s' /proc/xen/capabilities) -eq 0 ]; then
- sudo rm -f /usr/lib64/libvirt/connection-driver/libvirt_driver_libxl.so
- sudo rm -f /usr/lib64/libvirt/connection-driver/libvirt_driver_xen.so
+ # Restart firewalld after install of libvirt to avoid a problem
+ # with polkit, which libvirtd brings in. See
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1099031
- # another bug requires these to be restarted to avoid
- # potential hang of libvirtd
- # https://bugzilla.redhat.com/show_bug.cgi?id=1098866
- sudo service dbus restart
- sudo service firewalld restart
+ # Note there is a difference between F20 rackspace cloud images
+ # and HP images used in the gate; rackspace has firewalld but hp
+ # cloud doesn't. RHEL6 doesn't have firewalld either. So we
+ # don't care if it fails.
+ if is_fedora; then
+ sudo service firewalld restart || true
fi
}
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index e72f7c1..c068c74 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -48,7 +48,7 @@
# ironic section
iniset $NOVA_CONF ironic admin_username admin
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
+ iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
iniset $NOVA_CONF ironic admin_tenant_name demo
iniset $NOVA_CONF ironic api_endpoint http://$SERVICE_HOST:6385/v1
iniset $NOVA_CONF ironic sql_connection `database_connection_url nova_bm`
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index c37969b..0dba471 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -49,9 +49,9 @@
fi
read_password XENAPI_PASSWORD "ENTER A PASSWORD TO USE FOR XEN."
iniset $NOVA_CONF DEFAULT compute_driver "xenapi.XenAPIDriver"
- iniset $NOVA_CONF DEFAULT xenapi_connection_url "$XENAPI_CONNECTION_URL"
- iniset $NOVA_CONF DEFAULT xenapi_connection_username "$XENAPI_USER"
- iniset $NOVA_CONF DEFAULT xenapi_connection_password "$XENAPI_PASSWORD"
+ iniset $NOVA_CONF xenserver connection_url "$XENAPI_CONNECTION_URL"
+ iniset $NOVA_CONF xenserver connection_username "$XENAPI_USER"
+ iniset $NOVA_CONF xenserver connection_password "$XENAPI_PASSWORD"
iniset $NOVA_CONF DEFAULT flat_injected "False"
# Need to avoid crash due to new firewall support
XEN_FIREWALL_DRIVER=${XEN_FIREWALL_DRIVER:-"nova.virt.firewall.IptablesFirewallDriver"}
diff --git a/lib/swift b/lib/swift
index 1e24c2c..c47b09f 100644
--- a/lib/swift
+++ b/lib/swift
@@ -152,7 +152,7 @@
for type in object container account; do
site_name=${type}-server-${node_number}
disable_apache_site ${site_name}
- sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site_name}
+ sudo rm -f $(apache_site_config_for ${site_name})
done
done
}
@@ -160,18 +160,17 @@
# _config_swift_apache_wsgi() - Set WSGI config files of Swift
function _config_swift_apache_wsgi {
sudo mkdir -p ${SWIFT_APACHE_WSGI_DIR}
- local apache_vhost_dir=/etc/${APACHE_NAME}/$APACHE_CONF_DIR
local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080}
# copy proxy vhost and wsgi file
- sudo cp ${SWIFT_DIR}/examples/apache2/proxy-server.template ${apache_vhost_dir}/proxy-server
+ sudo cp ${SWIFT_DIR}/examples/apache2/proxy-server.template $(apache_site_config_for proxy-server)
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$proxy_port/g;
s/%SERVICENAME%/proxy-server/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
- " -i ${apache_vhost_dir}/proxy-server
+ " -i $(apache_site_config_for proxy-server)
enable_apache_site proxy-server
sudo cp ${SWIFT_DIR}/examples/wsgi/proxy-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
@@ -186,13 +185,13 @@
container_port=$[CONTAINER_PORT_BASE + 10 * ($node_number - 1)]
account_port=$[ACCOUNT_PORT_BASE + 10 * ($node_number - 1)]
- sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template ${apache_vhost_dir}/object-server-${node_number}
+ sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template $(apache_site_config_for object-server-${node_number})
sudo sed -e "
s/%PORT%/$object_port/g;
s/%SERVICENAME%/object-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
- " -i ${apache_vhost_dir}/object-server-${node_number}
+ " -i $(apache_site_config_for object-server-${node_number})
enable_apache_site object-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/object-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
@@ -201,14 +200,14 @@
s/%SERVICECONF%/object-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
- sudo cp ${SWIFT_DIR}/examples/apache2/container-server.template ${apache_vhost_dir}/container-server-${node_number}
+ sudo cp ${SWIFT_DIR}/examples/apache2/container-server.template $(apache_site_config_for container-server-${node_number})
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$container_port/g;
s/%SERVICENAME%/container-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
- " -i ${apache_vhost_dir}/container-server-${node_number}
+ " -i $(apache_site_config_for container-server-${node_number})
enable_apache_site container-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/container-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
@@ -217,14 +216,14 @@
s/%SERVICECONF%/container-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
- sudo cp ${SWIFT_DIR}/examples/apache2/account-server.template ${apache_vhost_dir}/account-server-${node_number}
+ sudo cp ${SWIFT_DIR}/examples/apache2/account-server.template $(apache_site_config_for account-server-${node_number})
sudo sed -e "
/^#/d;/^$/d;
s/%PORT%/$account_port/g;
s/%SERVICENAME%/account-server-${node_number}/g;
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
- " -i ${apache_vhost_dir}/account-server-${node_number}
+ " -i $(apache_site_config_for account-server-${node_number})
enable_apache_site account-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/account-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
diff --git a/lib/tempest b/lib/tempest
index 79412f9..1e98bec 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -64,6 +64,7 @@
# Neutron/Network variables
IPV6_ENABLED=$(trueorfalse True $IPV6_ENABLED)
+IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True $IPV6_SUBNET_ATTRIBUTES_ENABLED)
# Functions
# ---------
@@ -148,6 +149,7 @@
TEMPEST_TENANT_NAME=${TEMPEST_TENANT_NAME:-demo}
ALT_USERNAME=${ALT_USERNAME:-alt_demo}
ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
+ ADMIN_TENANT_ID=$(openstack project list | awk "/ admin / { print \$2 }")
# If the ``DEFAULT_INSTANCE_TYPE`` not declared, use the new behavior
# Tempest creates instane types for himself
@@ -241,9 +243,6 @@
iniset $TEMPEST_CONFIG compute build_timeout $BUILD_TIMEOUT
iniset $TEMPEST_CONFIG volume build_timeout $BUILD_TIMEOUT
iniset $TEMPEST_CONFIG boto build_timeout $BUILD_TIMEOUT
- iniset $TEMPEST_CONFIG compute build_interval $BUILD_INTERVAL
- iniset $TEMPEST_CONFIG volume build_interval $BUILD_INTERVAL
- iniset $TEMPEST_CONFIG boto build_interval $BUILD_INTERVAL
iniset $TEMPEST_CONFIG boto http_socket_timeout 5
# Identity
@@ -258,6 +257,7 @@
iniset $TEMPEST_CONFIG identity admin_username $ADMIN_USERNAME
iniset $TEMPEST_CONFIG identity admin_password "$password"
iniset $TEMPEST_CONFIG identity admin_tenant_name $ADMIN_TENANT_NAME
+ iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID
iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
@@ -283,6 +283,7 @@
iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
# Compute Features
+ iniset $TEMPEST_CONFIG compute-feature-enabled api_v3 ${TEMPEST_NOVA_API_V3:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled resize True
iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
@@ -318,10 +319,10 @@
if [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
iniset $TEMPEST_CONFIG orchestration image_ref $(basename "$HEAT_CFN_IMAGE_URL" ".qcow2")
fi
- # build a specialized heat flavor that is likely to be fast
+ # build a specialized heat flavor
available_flavors=$(nova flavor-list)
if [[ ! ( $available_flavors =~ 'm1.heat' ) ]]; then
- nova flavor-create m1.heat 451 1024 0 2
+ nova flavor-create m1.heat 451 512 0 1
fi
iniset $TEMPEST_CONFIG orchestration instance_type "m1.heat"
iniset $TEMPEST_CONFIG orchestration build_timeout 900
@@ -336,6 +337,11 @@
# Large Ops Number
iniset $TEMPEST_CONFIG scenario large_ops_number ${TEMPEST_LARGE_OPS_NUMBER:-0}
+ # Telemetry
+ # Ceilometer API optimization happened in juno that allows to run more tests in tempest.
+ # Once Tempest retires support for icehouse this flag can be removed.
+ iniset $TEMPEST_CONFIG telemetry too_slow_to_test "False"
+
# Volume
if ! is_service_enabled c-bak; then
iniset $TEMPEST_CONFIG volume-feature-enabled backup False
diff --git a/lib/trove b/lib/trove
index 82c8c96..e467c90 100644
--- a/lib/trove
+++ b/lib/trove
@@ -133,9 +133,8 @@
# Copy api-paste file over to the trove conf dir and configure it
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+
+ iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA
iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove
@@ -158,7 +157,7 @@
# (Re)create trove taskmanager conf file if needed
if is_service_enabled tr-tmgr; then
- TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT//v$IDENTITY_API_VERSION
+ TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
diff --git a/stack.sh b/stack.sh
index 8fb57c4..df509cc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -246,7 +246,12 @@
# ... and also optional to be enabled
is_package_installed yum-utils || install_package yum-utils
- sudo yum-config-manager --enable rhel-6-server-optional-rpms
+ if [[ $DISTRO =~ (rhel7) ]]; then
+ OPTIONAL_REPO=rhel-7-server-optional-rpms
+ else
+ OPTIONAL_REPO=rhel-6-server-optional-rpms
+ fi
+ sudo yum-config-manager --enable ${OPTIONAL_REPO}
fi
@@ -548,25 +553,14 @@
exec 3>&1
if [[ "$VERBOSE" == "True" ]]; then
# Set fd 1 and 2 to write the log file
- exec 1> >( awk -v logfile=${LOGFILE} '
- /((set \+o$)|xtrace)/ { next }
- {
- cmd ="date +\"%Y-%m-%d %H:%M:%S.%3N | \""
- cmd | getline now
- close("date +\"%Y-%m-%d %H:%M:%S.%3N | \"")
- sub(/^/, now)
- print > logfile
- fflush(logfile)
- print
- fflush("")
- }' ) 2>&1
+ exec 1> >( ./tools/outfilter.py -v -o "${LOGFILE}" ) 2>&1
# Set fd 6 to summary log file
- exec 6> >( tee "${SUMFILE}" )
+ exec 6> >( ./tools/outfilter.py -o "${SUMFILE}" )
else
# Set fd 1 and 2 to primary logfile
- exec 1> "${LOGFILE}" 2>&1
+ exec 1> >( ./tools/outfilter.py -o "${LOGFILE}" ) 2>&1
# Set fd 6 to summary logfile and stdout
- exec 6> >( tee "${SUMFILE}" >&3 )
+ exec 6> >( ./tools/outfilter.py -v -o "${SUMFILE}" >&3 )
fi
echo_summary "stack.sh log $LOGFILE"
@@ -583,7 +577,7 @@
exec 1>/dev/null 2>&1
fi
# Always send summary fd to original stdout
- exec 6>&3
+ exec 6> >( ./tools/outfilter.py -v >&3 )
fi
# Set up logging of screen windows
@@ -924,7 +918,7 @@
start_keystone
# Set up a temporary admin URI for Keystone
- SERVICE_ENDPOINT=$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
@@ -1026,7 +1020,7 @@
if is_service_enabled n-net; then
rm -rf ${NOVA_STATE_PATH}/networks
sudo mkdir -p ${NOVA_STATE_PATH}/networks
- safe_chown -R ${USER} ${NOVA_STATE_PATH}/networks
+ safe_chown -R ${STACK_USER} ${NOVA_STATE_PATH}/networks
fi
# Force IP forwarding on, just in case
@@ -1357,7 +1351,7 @@
# If Keystone is present you can point ``nova`` cli to this server
if is_service_enabled key; then
- echo "Keystone is serving at $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/"
+ echo "Keystone is serving at $KEYSTONE_SERVICE_URI/v2.0/"
echo "Examples on using novaclient command line is in exercise.sh"
echo "The default users are: admin and demo"
echo "The password: $ADMIN_PASSWORD"
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index e6a6a79..f1dc76a 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -35,6 +35,30 @@
FILES=$TOP_DIR/files
+# Keystone Port Reservation
+# -------------------------
+# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
+# being used as ephemeral ports by the system. The default(s) are 35357 and
+# 35358 which are in the Linux defined ephemeral port range (in disagreement
+# with the IANA ephemeral port range). This is a workaround for bug #1253482
+# where Keystone will try and bind to the port and the port will already be
+# in use as an ephemeral port by another process. This places an explicit
+# exception into the Kernel for the Keystone AUTH ports.
+keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
+
+# Get any currently reserved ports, strip off leading whitespace
+reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
+
+if [[ -z "${reserved_ports}" ]]; then
+ # If there are no currently reserved ports, reserve the keystone ports
+ sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+else
+ # If there are currently reserved ports, keep those and also reserve the
+ # keystone specific ports. Duplicate reservations are merged into a single
+ # reservation (or range) automatically by the kernel.
+ sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+fi
+
# Python Packages
# ---------------
@@ -87,16 +111,18 @@
fi
-# RHEL6
-# -----
-
-if [[ $DISTRO =~ (rhel6) ]]; then
-
+if is_fedora; then
# Disable selinux to avoid configuring to allow Apache access
# to Horizon files (LP#1175444)
if selinuxenabled; then
sudo setenforce 0
fi
+fi
+
+# RHEL6
+# -----
+
+if [[ $DISTRO =~ (rhel6) ]]; then
# If the ``dbus`` package was installed by DevStack dependencies the
# uuid may not be generated because the service was never started (PR#598200),
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 1eb9e7a..150faaa 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -24,28 +24,8 @@
FILES=$TOP_DIR/files
-# Handle arguments
-
-USE_GET_PIP=${USE_GET_PIP:-0}
-INSTALL_PIP_VERSION=${INSTALL_PIP_VERSION:-"1.4.1"}
-while [[ -n "$1" ]]; do
- case $1 in
- --force)
- FORCE=1
- ;;
- --pip-version)
- INSTALL_PIP_VERSION="$2"
- shift
- ;;
- --use-get-pip)
- USE_GET_PIP=1;
- ;;
- esac
- shift
-done
-
-PIP_GET_PIP_URL=https://raw.github.com/pypa/pip/master/contrib/get-pip.py
-PIP_TAR_URL=https://pypi.python.org/packages/source/p/pip/pip-$INSTALL_PIP_VERSION.tar.gz
+PIP_GET_PIP_URL=https://bootstrap.pypa.io/get-pip.py
+LOCAL_PIP="$FILES/$(basename $PIP_GET_PIP_URL)"
GetDistro
echo "Distro: $DISTRO"
@@ -62,23 +42,13 @@
function install_get_pip {
- if [[ ! -r $FILES/get-pip.py ]]; then
- (cd $FILES; \
- curl -O $PIP_GET_PIP_URL; \
- )
+ if [[ ! -r $LOCAL_PIP ]]; then
+ curl -o $LOCAL_PIP $PIP_GET_PIP_URL || \
+ die $LINENO "Download of get-pip.py failed"
fi
- sudo -E python $FILES/get-pip.py
+ sudo -E python $LOCAL_PIP
}
-function install_pip_tarball {
- if [[ ! -r $FILES/pip-$INSTALL_PIP_VERSION.tar.gz ]]; then
- (cd $FILES; \
- curl -O $PIP_TAR_URL; \
- tar xvfz pip-$INSTALL_PIP_VERSION.tar.gz 1>/dev/null)
- fi
- (cd $FILES/pip-$INSTALL_PIP_VERSION; \
- sudo -E python setup.py install 1>/dev/null)
-}
# Show starting versions
get_versions
@@ -88,10 +58,8 @@
# Eradicate any and all system packages
uninstall_package python-pip
-if [[ "$USE_GET_PIP" == "1" ]]; then
- install_get_pip
-else
- install_pip_tarball
-fi
+install_get_pip
+
+pip_install -U setuptools
get_versions
diff --git a/tools/outfilter.py b/tools/outfilter.py
new file mode 100755
index 0000000..9686a38
--- /dev/null
+++ b/tools/outfilter.py
@@ -0,0 +1,87 @@
+#!/usr/bin/env python
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This is an output filter to filter and timestamp the logs from grenade and
+# devstack. Largely our awk filters got beyond the complexity level which were
+# sustainable, so this provides us much more control in a single place.
+#
+# The overhead of running python should be less than execing `date` a million
+# times during a run.
+
+import argparse
+import datetime
+import re
+import sys
+
+IGNORE_LINES = re.compile('(set \+o|xtrace)')
+HAS_DATE = re.compile('^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \|')
+
+
+def get_options():
+ parser = argparse.ArgumentParser(
+ description='Filter output by devstack and friends')
+ parser.add_argument('-o', '--outfile',
+ help='Output file for content',
+ default=None)
+ parser.add_argument('-v', '--verbose', action='store_true',
+ default=False)
+ return parser.parse_args()
+
+
+def skip_line(line):
+ """Should we skip this line."""
+ return IGNORE_LINES.search(line) is not None
+
+
+def main():
+ opts = get_options()
+ outfile = None
+ if opts.outfile:
+ outfile = open(opts.outfile, 'a', 0)
+
+ # otherwise fileinput reprocess args as files
+ sys.argv = []
+ while True:
+ line = sys.stdin.readline()
+ if not line:
+ return 0
+
+ # put skip lines here
+ if skip_line(line):
+ continue
+
+ # this prevents us from nesting date lines, because
+ # we'd like to pull this in directly in grenade and not double
+ # up on devstack lines
+ if HAS_DATE.search(line) is None:
+ now = datetime.datetime.utcnow()
+ line = ("%s | %s" % (
+ now.strftime("%Y-%m-%d %H:%M:%S.%f")[:-3],
+ line))
+
+ if opts.verbose:
+ sys.stdout.write(line)
+ sys.stdout.flush()
+ if outfile:
+ outfile.write(line)
+ outfile.flush()
+
+
+if __name__ == '__main__':
+ try:
+ sys.exit(main())
+ except KeyboardInterrupt:
+ sys.exit(1)