Merge "Add an option in lib/swift to increase max_header_size"
diff --git a/README.md b/README.md
index f9a996e..37b960e 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,16 @@
# Goals
-* To quickly build dev OpenStack environments in a clean Ubuntu or Fedora environment
-* To describe working configurations of OpenStack (which code branches work together? what do config files look like for those branches?)
-* To make it easier for developers to dive into OpenStack so that they can productively contribute without having to understand every part of the system at once
+* To quickly build dev OpenStack environments in a clean Ubuntu or Fedora
+ environment
+* To describe working configurations of OpenStack (which code branches
+ work together? what do config files look like for those branches?)
+* To make it easier for developers to dive into OpenStack so that they can
+ productively contribute without having to understand every part of the
+ system at once
* To make it easy to prototype cross-project features
-* To provide an environment for the OpenStack CI testing on every commit to the projects
+* To provide an environment for the OpenStack CI testing on every commit
+ to the projects
Read more at http://devstack.org.
@@ -42,12 +47,14 @@
./stack.sh
-When the script finishes executing, you should be able to access OpenStack endpoints, like so:
+When the script finishes executing, you should be able to access OpenStack
+endpoints, like so:
* Horizon: http://myhost/
* Keystone: http://myhost:5000/v2.0/
-We also provide an environment file that you can use to interact with your cloud via CLI:
+We also provide an environment file that you can use to interact with your
+cloud via CLI:
# source openrc file to load your environment with OpenStack CLI creds
. openrc
@@ -63,7 +70,12 @@
# DevStack Execution Environment
-DevStack runs rampant over the system it runs on, installing things and uninstalling other things. Running this on a system you care about is a recipe for disappointment, or worse. Alas, we're all in the virtualization business here, so run it in a VM. And take advantage of the snapshot capabilities of your hypervisor of choice to reduce testing cycle times. You might even save enough time to write one more feature before the next feature freeze...
+DevStack runs rampant over the system it runs on, installing things and
+uninstalling other things. Running this on a system you care about is a recipe
+for disappointment, or worse. Alas, we're all in the virtualization business
+here, so run it in a VM. And take advantage of the snapshot capabilities
+of your hypervisor of choice to reduce testing cycle times. You might even save
+enough time to write one more feature before the next feature freeze...
``stack.sh`` needs to have root access for a lot of tasks, but uses ``sudo``
for all of those tasks. However, it needs to be not-root for most of its
@@ -93,7 +105,8 @@
# Database Backend
-Multiple database backends are available. The available databases are defined in the lib/databases directory.
+Multiple database backends are available. The available databases are defined
+in the lib/databases directory.
`mysql` is the default database, choose a different one by putting the
following in the `localrc` section:
@@ -235,10 +248,14 @@
(e.g. linuxbridge).
Variable Name Notes
- -------------------------------------------------------------------------------------
- Q_AGENT This specifies which agent to run with the ML2 Plugin (either `openvswitch` or `linuxbridge`).
- Q_ML2_PLUGIN_MECHANISM_DRIVERS The ML2 MechanismDrivers to load. The default is none. Note, ML2 will work with the OVS and LinuxBridge agents by default.
- Q_ML2_PLUGIN_TYPE_DRIVERS The ML2 TypeDrivers to load. Defaults to all available TypeDrivers.
+ ----------------------------------------------------------------------------
+ Q_AGENT This specifies which agent to run with the
+ ML2 Plugin (either `openvswitch` or `linuxbridge`).
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS The ML2 MechanismDrivers to load. The default
+ is none. Note, ML2 will work with the OVS
+ and LinuxBridge agents by default.
+ Q_ML2_PLUGIN_TYPE_DRIVERS The ML2 TypeDrivers to load. Defaults to
+ all available TypeDrivers.
Q_ML2_PLUGIN_GRE_TYPE_OPTIONS GRE TypeDriver options. Defaults to none.
Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS VXLAN TypeDriver options. Defaults to none.
Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS VLAN TypeDriver options. Defaults to none.
@@ -262,14 +279,16 @@
# Tempest
-If tempest has been successfully configured, a basic set of smoke tests can be run as follows:
+If tempest has been successfully configured, a basic set of smoke
+tests can be run as follows:
$ cd /opt/stack/tempest
$ nosetests tempest/scenario/test_network_basic_ops.py
# DevStack on Xenserver
-If you would like to use Xenserver as the hypervisor, please refer to the instructions in `./tools/xen/README.md`.
+If you would like to use Xenserver as the hypervisor, please refer
+to the instructions in `./tools/xen/README.md`.
# Additional Projects
@@ -283,8 +302,10 @@
# Multi-Node Setup
-A more interesting setup involves running multiple compute nodes, with Neutron networks connecting VMs on different compute nodes.
-You should run at least one "controller node", which should have a `stackrc` that includes at least:
+A more interesting setup involves running multiple compute nodes, with Neutron
+networks connecting VMs on different compute nodes.
+You should run at least one "controller node", which should have a `stackrc`
+that includes at least:
disable_service n-net
enable_service q-svc
@@ -299,7 +320,8 @@
SCHEDULER=nova.scheduler.simple.SimpleScheduler
-You can then run many compute nodes, each of which should have a `stackrc` which includes the following, with the IP address of the above controller node:
+You can then run many compute nodes, each of which should have a `stackrc`
+which includes the following, with the IP address of the above controller node:
ENABLED_SERVICES=n-cpu,rabbit,g-api,neutron,q-agt
SERVICE_HOST=[IP of controller node]
@@ -310,22 +332,31 @@
# Cells
-Cells is a new scaling option with a full spec at http://wiki.openstack.org/blueprint-nova-compute-cells.
+Cells is a new scaling option with a full spec at:
+http://wiki.openstack.org/blueprint-nova-compute-cells.
To setup a cells environment add the following to your `localrc` section:
enable_service n-cell
-Be aware that there are some features currently missing in cells, one notable one being security groups. The exercises have been patched to disable functionality not supported by cells.
+Be aware that there are some features currently missing in cells, one notable
+one being security groups. The exercises have been patched to disable
+functionality not supported by cells.
# Local Configuration
-Historically DevStack has used ``localrc`` to contain all local configuration and customizations. More and more of the configuration variables available for DevStack are passed-through to the individual project configuration files. The old mechanism for this required specific code for each file and did not scale well. This is handled now by a master local configuration file.
+Historically DevStack has used ``localrc`` to contain all local configuration
+and customizations. More and more of the configuration variables available for
+DevStack are passed-through to the individual project configuration files.
+The old mechanism for this required specific code for each file and did not
+scale well. This is handled now by a master local configuration file.
# local.conf
-The new config file ``local.conf`` is an extended-INI format that introduces a new meta-section header that provides some additional information such as a phase name and destination config filename:
+The new config file ``local.conf`` is an extended-INI format that introduces
+a new meta-section header that provides some additional information such
+as a phase name and destination config filename:
[[ <phase> | <config-file-name> ]]
@@ -339,11 +370,15 @@
The defined phases are:
* **local** - extracts ``localrc`` from ``local.conf`` before ``stackrc`` is sourced
-* **post-config** - runs after the layer 2 services are configured and before they are started
-* **extra** - runs after services are started and before any files in ``extra.d`` are executed
+* **post-config** - runs after the layer 2 services are configured
+ and before they are started
+* **extra** - runs after services are started and before any files
+ in ``extra.d`` are executed
* **post-extra** - runs after files in ``extra.d`` are executed
-The file is processed strictly in sequence; meta-sections may be specified more than once but if any settings are duplicated the last to appear in the file will be used.
+The file is processed strictly in sequence; meta-sections may be specified more
+than once but if any settings are duplicated the last to appear in the file
+will be used.
[[post-config|$NOVA_CONF]]
[DEFAULT]
diff --git a/exercises/client-env.sh b/exercises/client-env.sh
index 4e8259c..cc518d9 100755
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@@ -28,7 +28,7 @@
source $TOP_DIR/functions
# Import configuration
-source $TOP_DIR/openrc
+source $TOP_DIR/openrc admin
# Import exercise configuration
source $TOP_DIR/exerciserc
diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco
index 7f7c049..dccf400 100644
--- a/lib/neutron_plugins/cisco
+++ b/lib/neutron_plugins/cisco
@@ -183,6 +183,15 @@
ovs_neutron_plugin_configure_common
Q_PLUGIN_EXTRA_CONF_PATH=etc/neutron/plugins/cisco
Q_PLUGIN_EXTRA_CONF_FILES=(cisco_plugins.ini)
+ # Copy extra config files to /etc so that they can be modified
+ # later according to Cisco-specific localrc settings.
+ mkdir -p /$Q_PLUGIN_EXTRA_CONF_PATH
+ local f
+ local extra_conf_file
+ for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do
+ extra_conf_file=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]}
+ cp $NEUTRON_DIR/$extra_conf_file /$extra_conf_file
+ done
else
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/cisco
Q_PLUGIN_CONF_FILENAME=cisco_plugins.ini
diff --git a/lib/neutron_plugins/linuxbridge b/lib/neutron_plugins/linuxbridge
index 96b14f1..113a7df 100644
--- a/lib/neutron_plugins/linuxbridge
+++ b/lib/neutron_plugins/linuxbridge
@@ -15,7 +15,7 @@
}
function neutron_plugin_configure_service {
- if [[ "$ENABLE_TENANT_VLANS" = "True" ]]; then
+ if [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE vlans tenant_network_type vlan
else
echo "WARNING - The linuxbridge plugin is using local tenant networks, with no connectivity between hosts."
@@ -23,7 +23,7 @@
# Override ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc``
# for more complex physical network configurations.
- if [[ "$LB_VLAN_RANGES" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
+ if [[ "$LB_VLAN_RANGES" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
LB_VLAN_RANGES=$PHYSICAL_NETWORK
if [[ "$TENANT_VLAN_RANGE" != "" ]]; then
LB_VLAN_RANGES=$LB_VLAN_RANGES:$TENANT_VLAN_RANGE
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index 74799e4..82b5fc9 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -35,7 +35,7 @@
# Setup physical network interface mappings. Override
# ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc`` for more
# complex physical network configurations.
- if [[ "$LB_INTERFACE_MAPPINGS" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then
+ if [[ "$LB_INTERFACE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then
LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE
fi
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index db43fcf..9966373 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -11,7 +11,7 @@
# This has to be set here since the agent will set this in the config file
if [[ "$Q_ML2_TENANT_NETWORK_TYPE" != "" ]]; then
Q_AGENT_EXTRA_AGENT_OPTS+=(tunnel_types=$Q_ML2_TENANT_NETWORK_TYPE)
-elif [[ "$ENABLE_TENANT_TUNNELS" = "True" ]]; then
+elif [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then
Q_AGENT_EXTRA_AGENT_OPTS+=(tunnel_types=gre)
fi
@@ -60,12 +60,12 @@
function neutron_plugin_configure_service {
if [[ "$Q_ML2_TENANT_NETWORK_TYPE" != "" ]]; then
Q_SRV_EXTRA_OPTS+=(tenant_network_types=$Q_ML2_TENANT_NETWORK_TYPE)
- elif [[ "$ENABLE_TENANT_TUNNELS" = "True" ]]; then
+ elif [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then
# This assumes you want a simple configuration, and will overwrite
# Q_SRV_EXTRA_OPTS if set in addition to ENABLE_TENANT_TUNNELS.
Q_SRV_EXTRA_OPTS+=(tenant_network_types=gre)
Q_ML2_PLUGIN_GRE_TYPE_OPTIONS=(tunnel_id_ranges=$TENANT_TUNNEL_RANGES)
- elif [[ "$ENABLE_TENANT_VLANS" = "True" ]]; then
+ elif [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then
Q_SRV_EXTRA_OPTS+=(tenant_network_types=vlan)
else
echo "WARNING - The ml2 plugin is using local tenant networks, with no connectivity between hosts."
@@ -74,7 +74,7 @@
# Allow for overrding VLAN configuration (for example, to configure provider
# VLANs) by first checking if Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS is set.
if [ "$Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS" == "" ]; then
- if [[ "$ML2_VLAN_RANGES" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
+ if [[ "$ML2_VLAN_RANGES" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
ML2_VLAN_RANGES=$PHYSICAL_NETWORK
if [[ "$TENANT_VLAN_RANGE" != "" ]]; then
ML2_VLAN_RANGES=$ML2_VLAN_RANGES:$TENANT_VLAN_RANGE
diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index 6610ea3..b8321f3 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -46,7 +46,7 @@
fi
# Enable tunnel networks if selected
- if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then
+ if [[ "$OVS_ENABLE_TUNNELING" == "True" ]]; then
# Verify tunnels are supported
# REVISIT - also check kernel module support for GRE and patch ports
OVS_VERSION=`ovs-vsctl --version | head -n 1 | grep -E -o "[0-9]+\.[0-9]+"`
@@ -60,7 +60,7 @@
# Setup physical network bridge mappings. Override
# ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc`` for more
# complex physical network configurations.
- if [[ "$OVS_BRIDGE_MAPPINGS" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
+ if [[ "$OVS_BRIDGE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE
# Configure bridge manually with physical interface as port for multi-node
diff --git a/lib/neutron_plugins/openvswitch b/lib/neutron_plugins/openvswitch
index c644fed..fc81092 100644
--- a/lib/neutron_plugins/openvswitch
+++ b/lib/neutron_plugins/openvswitch
@@ -15,10 +15,10 @@
}
function neutron_plugin_configure_service {
- if [[ "$ENABLE_TENANT_TUNNELS" = "True" ]]; then
+ if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE ovs tenant_network_type gre
iniset /$Q_PLUGIN_CONF_FILE ovs tunnel_id_ranges $TENANT_TUNNEL_RANGES
- elif [[ "$ENABLE_TENANT_VLANS" = "True" ]]; then
+ elif [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE ovs tenant_network_type vlan
else
echo "WARNING - The openvswitch plugin is using local tenant networks, with no connectivity between hosts."
@@ -26,7 +26,7 @@
# Override ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc``
# for more complex physical network configurations.
- if [[ "$OVS_VLAN_RANGES" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
+ if [[ "$OVS_VLAN_RANGES" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
OVS_VLAN_RANGES=$PHYSICAL_NETWORK
if [[ "$TENANT_VLAN_RANGE" != "" ]]; then
OVS_VLAN_RANGES=$OVS_VLAN_RANGES:$TENANT_VLAN_RANGE
@@ -37,7 +37,7 @@
fi
# Enable tunnel networks if selected
- if [[ $OVS_ENABLE_TUNNELING = "True" ]]; then
+ if [[ $OVS_ENABLE_TUNNELING == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE ovs enable_tunneling True
fi
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 3604a50..fbc013f 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -9,7 +9,7 @@
function neutron_plugin_create_nova_conf {
_neutron_ovs_base_configure_nova_vif_driver
- if [ "$VIRT_DRIVER" = 'xenserver' ]; then
+ if [ "$VIRT_DRIVER" == 'xenserver' ]; then
iniset $NOVA_CONF xenserver vif_driver nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
iniset $NOVA_CONF xenserver ovs_integration_bridge $XEN_INTEGRATION_BRIDGE
# Disable nova's firewall so that it does not conflict with neutron
@@ -40,7 +40,7 @@
_neutron_ovs_base_configure_firewall_driver
# Setup agent for tunneling
- if [[ "$OVS_ENABLE_TUNNELING" = "True" ]]; then
+ if [[ "$OVS_ENABLE_TUNNELING" == "True" ]]; then
# Verify tunnels are supported
# REVISIT - also check kernel module support for GRE and patch ports
OVS_VERSION=`ovs-vsctl --version | head -n 1 | grep -E -o "[0-9]+\.[0-9]+"`
@@ -54,7 +54,7 @@
# Setup physical network bridge mappings. Override
# ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc`` for more
# complex physical network configurations.
- if [[ "$OVS_BRIDGE_MAPPINGS" = "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
+ if [[ "$OVS_BRIDGE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE
# Configure bridge manually with physical interface as port for multi-node
@@ -65,7 +65,7 @@
fi
AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-openvswitch-agent"
- if [ "$VIRT_DRIVER" = 'xenserver' ]; then
+ if [ "$VIRT_DRIVER" == 'xenserver' ]; then
# Make a copy of our config for domU
sudo cp /$Q_PLUGIN_CONF_FILE "/$Q_PLUGIN_CONF_FILE.domu"
diff --git a/lib/neutron_plugins/plumgrid b/lib/neutron_plugins/plumgrid
index 67080f4..178bca7 100644
--- a/lib/neutron_plugins/plumgrid
+++ b/lib/neutron_plugins/plumgrid
@@ -24,14 +24,16 @@
PLUMGRID_ADMIN=${PLUMGRID_ADMIN:-username}
PLUMGRID_PASSWORD=${PLUMGRID_PASSWORD:-password}
PLUMGRID_TIMEOUT=${PLUMGRID_TIMEOUT:-70}
+ PLUMGRID_DRIVER=${PLUMGRID_DRIVER:-neutron.plugins.plumgrid.drivers.fake_plumlib.Plumlib}
}
function neutron_plugin_configure_service {
- iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector director_server $PLUMGRID_DIRECTOR_IP
- iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector director_server_port $PLUMGRID_DIRECTOR_PORT
- iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector username $PLUMGRID_ADMIN
- iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector password $PLUMGRID_PASSWORD
- iniset /$Q_PLUGIN_CONF_FILE PLUMgridDirector servertimeout $PLUMGRID_TIMEOUT
+ iniset /$Q_PLUGIN_CONF_FILE plumgriddirector director_server $PLUMGRID_DIRECTOR_IP
+ iniset /$Q_PLUGIN_CONF_FILE plumgriddirector director_server_port $PLUMGRID_DIRECTOR_PORT
+ iniset /$Q_PLUGIN_CONF_FILE plumgriddirector username $PLUMGRID_ADMIN
+ iniset /$Q_PLUGIN_CONF_FILE plumgriddirector password $PLUMGRID_PASSWORD
+ iniset /$Q_PLUGIN_CONF_FILE plumgriddirector servertimeout $PLUMGRID_TIMEOUT
+ iniset /$Q_PLUGIN_CONF_FILE plumgriddirector driver $PLUMGRID_DRIVER
}
function neutron_plugin_configure_debug_command {
diff --git a/lib/trove b/lib/trove
index 42d2219..8631470 100644
--- a/lib/trove
+++ b/lib/trove
@@ -21,8 +21,11 @@
# Defaults
# --------
-
-NETWORK_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
+if is_service_enabled neutron; then
+ TROVE_HOST_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
+else
+ TROVE_HOST_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
+fi
# Set up default configuration
TROVE_DIR=$DEST/trove
@@ -152,7 +155,7 @@
iniset $TROVE_CONF_DIR/trove.conf DEFAULT swift_url http://$SERVICE_HOST:8080/v1/AUTH_
iniset $TROVE_LOCAL_CONF_DIR/trove-guestagent.conf.sample DEFAULT rabbit_password $RABBIT_PASSWORD
- sed -i "s/localhost/$NETWORK_GATEWAY/g" $TROVE_LOCAL_CONF_DIR/trove-guestagent.conf.sample
+ sed -i "s/localhost/$TROVE_HOST_GATEWAY/g" $TROVE_LOCAL_CONF_DIR/trove-guestagent.conf.sample
setup_trove_logging $TROVE_CONF_DIR/trove.conf
setup_trove_logging $TROVE_LOCAL_CONF_DIR/trove-guestagent.conf.sample
diff --git a/stack.sh b/stack.sh
index 19d47d6..8fb57c4 100755
--- a/stack.sh
+++ b/stack.sh
@@ -410,7 +410,7 @@
echo "Invalid chars in password. Try again:"
done
if [ ! $pw ]; then
- pw=`openssl rand -hex 10`
+ pw=$(cat /dev/urandom | tr -cd 'a-f0-9' | head -c 20)
fi
eval "$var=$pw"
echo "$var=$pw" >> $localrc
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 47da334..5c1c329 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -34,7 +34,7 @@
-P include password to the rc files; with -A it assume all users password is the same
-A try with all user
-u <username> create files just for the specified user
--C <tanent_name> create user and tenant, the specifid tenant will be the user's tenant
+-C <tenant_name> create user and tenant, the specifid tenant will be the user's tenant
-r <name> when combined with -C and the (-u) user exists it will be the user's tenant role in the (-C)tenant (default: Member)
-p <userpass> password for the user
--os-username <username>
@@ -62,8 +62,8 @@
# The services users usually in the service tenant.
# rc files for service users, is out of scope.
-# Supporting different tanent for services is out of scope.
-SKIP_TENANT=",service," # tenant names are between commas(,)
+# Supporting different tenant for services is out of scope.
+SKIP_TENANT="service"
MODE=""
ROLE=Member
USER_NAME=""
@@ -126,15 +126,15 @@
export -n SERVICE_TOKEN SERVICE_ENDPOINT OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
-EC2_URL=http://localhost:8773/service/Cloud
-S3_URL=http://localhost:3333
+EC2_URL=`openstack endpoint show ec2 | grep " ec2.publicURL " | cut -d " " -f4`
+if [[ -z $EC2_URL ]]; then
+ EC2_URL=http://localhost:8773/service/Cloud
+fi
-ec2=`keystone endpoint-get --service ec2 | awk '/\|[[:space:]]*ec2.publicURL/ {print $4}'`
-[ -n "$ec2" ] && EC2_URL=$ec2
-
-s3=`keystone endpoint-get --service s3 | awk '/\|[[:space:]]*s3.publicURL/ {print $4}'`
-[ -n "$s3" ] && S3_URL=$s3
-
+S3_URL=`openstack endpoint show s3 | grep " s3.publicURL " | cut -d " " -f4`
+if [[ -z $S3_URL ]]; then
+ S3_URL=http://localhost:3333
+fi
mkdir -p "$ACCOUNT_DIR"
ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`
@@ -158,13 +158,13 @@
local user_passwd=$5
# The admin user can see all user's secret AWS keys, it does not looks good
- local line=`keystone ec2-credentials-list --user_id $user_id | grep -E "^\\|[[:space:]]*($tenant_name|$tenant_id)[[:space:]]*\\|" | head -n 1`
+ local line=`openstack ec2 credentials list --user $user_id | grep " $tenant_id "`
if [ -z "$line" ]; then
- keystone ec2-credentials-create --user-id $user_id --tenant-id $tenant_id 1>&2
- line=`keystone ec2-credentials-list --user_id $user_id | grep -E "^\\|[[:space:]]*($tenant_name|$tenant_id)[[:space:]]*\\|" | head -n 1`
+ openstack ec2 credentials create --user $user_id --project $tenant_id 1>&2
+ line=`openstack ec2 credentials list --user $user_id | grep " $tenant_id "`
fi
local ec2_access_key ec2_secret_key
- read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $4 " " $6 }'`
+ read ec2_access_key ec2_secret_key <<< `echo $line | awk '{print $2 " " $4 }'`
mkdir -p "$ACCOUNT_DIR/$tenant_name"
local rcfile="$ACCOUNT_DIR/$tenant_name/$user_name"
# The certs subject part are the tenant ID "dash" user ID, but the CN should be the first part of the DN
@@ -212,41 +212,35 @@
}
#admin users expected
-function create_or_get_tenant {
- local tenant_name=$1
- local tenant_id=`keystone tenant-list | awk '/\|[[:space:]]*'"$tenant_name"'[[:space:]]*\|.*\|/ {print $2}'`
- if [ -n "$tenant_id" ]; then
- echo $tenant_id
- else
- keystone tenant-create --name "$tenant_name" | awk '/\|[[:space:]]*id[[:space:]]*\|.*\|/ {print $4}'
+function create_or_get_project {
+ local name=$1
+ local id
+ eval $(openstack project show -f shell -c id $name)
+ if [[ -z $id ]]; then
+ eval $(openstack project create -f shell -c id $name)
fi
+ echo $id
}
function create_or_get_role {
- local role_name=$1
- local role_id=`keystone role-list| awk '/\|[[:space:]]*'"$role_name"'[[:space:]]*\|/ {print $2}'`
- if [ -n "$role_id" ]; then
- echo $role_id
- else
- keystone role-create --name "$role_name" |awk '/\|[[:space:]]*id[[:space:]]*\|.*\|/ {print $4}'
+ local name=$1
+ local id
+ eval $(openstack role show -f shell -c id $name)
+ if [[ -z $id ]]; then
+ eval $(openstack role create -f shell -c id $name)
fi
+ echo $id
}
# Provides empty string when the user does not exists
function get_user_id {
- local user_name=$1
- keystone user-list | awk '/^\|[^|]*\|[[:space:]]*'"$user_name"'[[:space:]]*\|.*\|/ {print $2}'
+ openstack user list | grep " $1 " | cut -d " " -f2
}
if [ $MODE != "create" ]; then
-# looks like I can't ask for all tenant related to a specified user
- for tenant_id_at_name in `keystone tenant-list | awk 'BEGIN {IGNORECASE = 1} /true[[:space:]]*\|$/ {print $2 "@" $4}'`; do
- read tenant_id tenant_name <<< `echo "$tenant_id_at_name" | sed 's/@/ /'`
- if echo $SKIP_TENANT| grep -q ",$tenant_name,"; then
- continue;
- fi
- for user_id_at_name in `keystone user-list --tenant-id $tenant_id | awk 'BEGIN {IGNORECASE = 1} /true[[:space:]]*\|[^|]*\|$/ {print $2 "@" $4}'`; do
- read user_id user_name <<< `echo "$user_id_at_name" | sed 's/@/ /'`
+# looks like I can't ask for all tenant related to a specified user
+ openstack project list --long --quote none -f csv | grep ',True' | grep -v "${SKIP_TENANT}" | while IFS=, read tenant_id tenant_name desc enabled; do
+ openstack user list --project $tenant_id --long --quote none -f csv | grep ',True' | while IFS=, read user_id user_name project email enabled; do
if [ $MODE = one -a "$user_name" != "$USER_NAME" ]; then
continue;
fi
@@ -263,18 +257,16 @@
done
else
tenant_name=$TENANT
- tenant_id=`create_or_get_tenant "$TENANT"`
+ tenant_id=$(create_or_get_project "$TENANT")
user_name=$USER_NAME
user_id=`get_user_id $user_name`
if [ -z "$user_id" ]; then
- #new user
- user_id=`keystone user-create --name "$user_name" --tenant-id "$tenant_id" --pass "$USER_PASS" --email "$user_name@example.com" | awk '/\|[[:space:]]*id[[:space:]]*\|.*\|/ {print $4}'`
- #The password is in the cmd line. It is not a good thing
+ eval $(openstack user create "$user_name" --project "$tenant_id" --password "$USER_PASS" --email "$user_name@example.com" -f shell -c id)
+ user_id=$id
add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
else
- #new role
- role_id=`create_or_get_role "$ROLE"`
- keystone user-role-add --user-id "$user_id" --tenant-id "$tenant_id" --role-id "$role_id"
+ role_id=$(create_or_get_role "$ROLE")
+ openstack role add "$role_id" --user "$user_id" --project "$tenant_id"
add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
fi
fi