From a96a418171f8762e55938186b85443f47c215ad3 Mon Sep 17 00:00:00 2001 From: termie Date: Mon, 9 Jan 2012 22:13:29 -0800 Subject: [PATCH 01/30] new keystone support --- files/default_catalog.templates | 30 +++++++ files/keystone.conf | 155 +++++++++++--------------------- files/keystone_data.sh | 150 ++++++++++++++++++++++++------- stack.sh | 5 ++ stackrc | 2 +- 5 files changed, 205 insertions(+), 137 deletions(-) create mode 100644 files/default_catalog.templates diff --git a/files/default_catalog.templates b/files/default_catalog.templates new file mode 100644 index 0000000000..b527ae5034 --- /dev/null +++ b/files/default_catalog.templates @@ -0,0 +1,30 @@ +# config for TemplatedCatalog, using camelCase because I don't want to do +# translations for legacy compat +catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0 +catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0 +catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0 +catalog.RegionOne.identity.name = 'Identity Service' + + +catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v1.1/$(tenant_id)s +catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v1.1/$(tenant_id)s +catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v1.1/$(tenant_id)s +catalog.RegionOne.compute.name = 'Compute Service' + + +catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud +catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin +catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud +catalog.RegionOne.ec2.name = 'EC2 Service' + + +catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1 +catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1 +catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1 +catalog.RegionOne.image.name = 'Image Service' + + +catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_$(tenant_id)s +catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/ +catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_$(tenant_id)s +catalog.RegionOne.object_store.name = 'Swift Service' diff --git a/files/keystone.conf b/files/keystone.conf index 6d0fd7e11d..0649e90725 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -1,112 +1,61 @@ [DEFAULT] -# Show more verbose log output (sets INFO log level output) -verbose = False - -# Show debugging output in logs (sets DEBUG log level output) -debug = False - -# Which backend store should Keystone use by default. -# Default: 'sqlite' -# Available choices are 'sqlite' [future will include LDAP, PAM, etc] -default_store = sqlite - -# Log to this file. Make sure you do not set the same log -# file for both the API and registry servers! +public_port = 5000 +admin_port = 35357 +admin_token = %SERVICE_TOKEN% log_file = %DEST%/keystone/keystone.log -# List of backends to be configured -backends = keystone.backends.sqlalchemy -#For LDAP support, add: ,keystone.backends.ldap +[sql] +connection = %SQL_CONN% +idle_timeout = 30 +min_pool_size = 5 +max_pool_size = 10 +pool_timeout = 200 -# Dictionary Maps every service to a header.Missing services would get header -# X_(SERVICE_NAME) Key => Service Name, Value => Header Name -service-header-mappings = { - 'nova' : 'X-Server-Management-Url', - 'swift' : 'X-Storage-Url', - 'cdn' : 'X-CDN-Management-Url'} +[identity] +driver = keystone.backends.sql.SqlIdentity -#List of extensions currently supported -extensions= osksadm,oskscatalog +[catalog] +driver = keystone.backends.templated.TemplatedCatalog +template_file = ./etc/default_catalog.templates -# Address to bind the API server -# TODO Properties defined within app not available via pipeline. -service_host = 0.0.0.0 +[token] +driver = keystone.backends.kvs.KvsToken -# Port the bind the API server to -service_port = 5000 - -# SSL for API server -service_ssl = False - -# Address to bind the Admin API server -admin_host = 0.0.0.0 - -# Port the bind the Admin API server to -admin_port = 35357 - -# SSL for API Admin server -admin_ssl = False - -# Keystone certificate file (modify as needed) -# Only required if *_ssl is set to True -certfile = /etc/keystone/ssl/certs/keystone.pem - -# Keystone private key file (modify as needed) -# Only required if *_ssl is set to True -keyfile = /etc/keystone/ssl/private/keystonekey.pem - -# Keystone trusted CA certificates (modify as needed) -# Only required if *_ssl is set to True -ca_certs = /etc/keystone/ssl/certs/ca.pem - -# Client certificate required -# Only relevant if *_ssl is set to True -cert_required = True - -#Role that allows to perform admin operations. -keystone-admin-role = admin - -#Role that allows to perform service admin operations. -keystone-service-admin-role = KeystoneServiceAdmin - -#Tells whether password user need to be hashed in the backend -hash-password = True - -[keystone.backends.sqlalchemy] -# SQLAlchemy connection string for the reference implementation registry -# server. Any valid SQLAlchemy connection string is fine. -# See: http://bit.ly/ideIpI -sql_connection = %SQL_CONN% -backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', - 'User', 'Credentials', 'EndpointTemplates', 'Token', - 'Service'] - -# Period in seconds after which SQLAlchemy should reestablish its connection -# to the database. -sql_idle_timeout = 30 - -[pipeline:admin] -pipeline = - urlrewritefilter - admin_api - -[pipeline:keystone-legacy-auth] -pipeline = - urlrewritefilter - legacy_auth - service_api - -[app:service_api] -paste.app_factory = keystone.server:service_app_factory - -[app:admin_api] -paste.app_factory = keystone.server:admin_app_factory - -[filter:urlrewritefilter] -paste.filter_factory = keystone.middleware.url:filter_factory - -[filter:legacy_auth] -paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory +[policy] +driver = keystone.backends.policy.SimpleMatch [filter:debug] -paste.filter_factory = keystone.common.wsgi:debug_filter_factory +paste.filter_factory = keystone.wsgi:Debug.factory + +[filter:token_auth] +paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory + +[filter:admin_token_auth] +paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory + +[filter:json_body] +paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory + +[filter:crud_extension] +paste.filter_factory = keystone.service:AdminCrudExtension.factory + + +[app:public_service] +paste.app_factory = keystone.service:public_app_factory + +[app:admin_service] +paste.app_factory = keystone.service:admin_app_factory + +[pipeline:public_api] +pipeline = token_auth admin_token_auth json_body debug public_service + +[pipeline:admin_api] +pipeline = token_auth admin_token_auth json_body debug crud_extension admin_service + +[composite:main] +use = egg:Paste#urlmap +/v2.0 = public_api + +[composite:admin] +use = egg:Paste#urlmap +/v2.0 = admin_api diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 77f6b93330..8ec529a5b5 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -1,54 +1,138 @@ #!/bin/bash BIN_DIR=${BIN_DIR:-.} # Tenants -$BIN_DIR/keystone-manage tenant add admin -$BIN_DIR/keystone-manage tenant add demo -$BIN_DIR/keystone-manage tenant add invisible_to_admin +ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only + create \ + tenant_name=admin` +DEMO_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ + tenant_name=demo` +INVIS_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ + tenant_name=invisible_to_admin` + # Users -$BIN_DIR/keystone-manage user add admin %ADMIN_PASSWORD% -$BIN_DIR/keystone-manage user add demo %ADMIN_PASSWORD% +ADMIN_USER=`$BIN_DIR/keystone-manage user --ks-id-only create \ + name=admin \ + "password=%ADMIN_PASSWORD%" \ + email=admin@example.com` +DEMO_USER=`$BIN_DIR/keystone-manage user --ks-id-only create \ + name=demo \ + "password=%ADMIN_PASSWORD%" \ + email=demo@example.com` # Roles -$BIN_DIR/keystone-manage role add admin -$BIN_DIR/keystone-manage role add Member -$BIN_DIR/keystone-manage role add KeystoneAdmin -$BIN_DIR/keystone-manage role add KeystoneServiceAdmin -$BIN_DIR/keystone-manage role add sysadmin -$BIN_DIR/keystone-manage role add netadmin -$BIN_DIR/keystone-manage role grant admin admin admin -$BIN_DIR/keystone-manage role grant Member demo demo -$BIN_DIR/keystone-manage role grant sysadmin demo demo -$BIN_DIR/keystone-manage role grant netadmin demo demo -$BIN_DIR/keystone-manage role grant Member demo invisible_to_admin -$BIN_DIR/keystone-manage role grant admin admin demo -$BIN_DIR/keystone-manage role grant admin admin -$BIN_DIR/keystone-manage role grant KeystoneAdmin admin -$BIN_DIR/keystone-manage role grant KeystoneServiceAdmin admin +ADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ + name=Admin` +MEMBER_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ + name=Member` +KEYSTONEADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ + name=KeystoneAdmin` +KEYSTONESERVICE_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ + name=KeystoneServiceAdmin` +SYSADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ + name=sysadmin` +NETADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ + name=netadmin` + + +# Add Roles to Users in Tenants + +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$ADMIN_ROLE \ + user_id=$ADMIN_USER \ + tenant_id=$ADMIN_TENANT +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$MEMBER_ROLE \ + user_id=$DEMO_USER \ + tenant_id=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$SYSADMIN_ROLE \ + user_id=$DEMO_USER \ + tenant_id=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$NETADMIN_ROLE \ + user_id=$DEMO_USER \ + tenant_id=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$MEMBER_ROLE \ + user_id=$DEMO_USER \ + tenant_id=$INVIS_TENANT +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$ADMIN_ROLE \ + user_id=$ADMIN_USER \ + tenant_id=$DEMO_TENANT + +# TODO(termie): these two might be dubious +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$KEYSTONEADMIN_ROLE \ + user_id=$ADMIN_USER \ + tenant_id=$ADMIN_TENANT +$BIN_DIR/keystone-manage role add_user_to_tenant \ + role_id=$KEYSTONESERVICE_ROLE \ + user_id=$ADMIN_USER \ + tenant_id=$ADMIN_TENANT # Services -$BIN_DIR/keystone-manage service add nova compute "Nova Compute Service" -$BIN_DIR/keystone-manage service add ec2 ec2 "EC2 Compatability Layer" -$BIN_DIR/keystone-manage service add glance image "Glance Image Service" -$BIN_DIR/keystone-manage service add keystone identity "Keystone Identity Service" +$BIN_DIR/keystone-manage service create \ + name=nova \ + service_type=compute \ + "description=Nova Compute Service" + +$BIN_DIR/keystone-manage service create \ + name=ec2 \ + service_type=ec2 \ + "description=EC2 Compatibility Layer" + +$BIN_DIR/keystone-manage service create \ + name=glance \ + service_type=image \ + "description=Glance Image Service" + +$BIN_DIR/keystone-manage service create \ + name=keystone \ + service_type=identity \ + "description=Keystone Identity Service" if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then - $BIN_DIR/keystone-manage service add swift object-store "Swift Service" + $BIN_DIR/keystone-manage service create \ + name=swift \ + service_type=object-store \ + "description=Swift Service" fi #endpointTemplates -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%SERVICE_HOST%:8774/v1.1/%tenant_id% http://%SERVICE_HOST%:8774/v1.1/%tenant_id% http://%SERVICE_HOST%:8774/v1.1/%tenant_id% 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne ec2 http://%SERVICE_HOST%:8773/services/Cloud http://%SERVICE_HOST%:8773/services/Admin http://%SERVICE_HOST%:8773/services/Cloud 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%SERVICE_HOST%:9292/v1 http://%SERVICE_HOST%:9292/v1 http://%SERVICE_HOST%:9292/v1 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/v2.0 %KEYSTONE_AUTH_PROTOCOL%://%KEYSTONE_AUTH_HOST%:%KEYSTONE_AUTH_PORT%/v2.0 %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/v2.0 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add \ + RegionOne nova + http://%SERVICE_HOST%:8774/v1.1/%tenant_id% + http://%SERVICE_HOST%:8774/v1.1/%tenant_id% + http://%SERVICE_HOST%:8774/v1.1/%tenant_id% 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add + RegionOne ec2 + http://%SERVICE_HOST%:8773/services/Cloud + http://%SERVICE_HOST%:8773/services/Admin + http://%SERVICE_HOST%:8773/services/Cloud 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add + RegionOne glance + http://%SERVICE_HOST%:9292/v1 + http://%SERVICE_HOST%:9292/v1 + http://%SERVICE_HOST%:9292/v1 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add + RegionOne keystone + http://%SERVICE_HOST%:5000/v2.0 + http://%SERVICE_HOST%:35357/v2.0 + http://%SERVICE_HOST%:5000/v2.0 1 1 if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then - $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% http://%SERVICE_HOST%:8080/ http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% 1 1 + $BIN_DIR/keystone-manage $* endpointTemplates add + RegionOne swift + http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% + http://%SERVICE_HOST%:8080/ + http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% 1 1 fi # Tokens -$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00 +#$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00 # EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD # but keystone doesn't parse them - it is just a blob from keystone's # point of view -$BIN_DIR/keystone-manage credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials" -$BIN_DIR/keystone-manage credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials" +#$BIN_DIR/keystone-manage credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials" +#$BIN_DIR/keystone-manage credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials" diff --git a/stack.sh b/stack.sh index 18d1695c5d..d54d7711fe 100755 --- a/stack.sh +++ b/stack.sh @@ -1310,6 +1310,11 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then cp $FILES/keystone.conf $KEYSTONE_CONF sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF + sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF + + KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.template + cp $FILES/default_catalog.template $KEYSTONE_CATALOG + sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG # keystone_data.sh creates our admin user and our ``SERVICE_TOKEN``. KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh diff --git a/stackrc b/stackrc index e87b3cde8f..c9acdbeef6 100644 --- a/stackrc +++ b/stackrc @@ -15,7 +15,7 @@ GLANCE_REPO=https://github.com/openstack/glance.git GLANCE_BRANCH=master # unified auth system (manages accounts/tokens) -KEYSTONE_REPO=https://github.com/openstack/keystone.git +KEYSTONE_REPO=https://github.com/termie/keystonelight.git KEYSTONE_BRANCH=master # a websockets/html5 or flash powered VNC console for vm instances From 82aa41a2bd92d693309a325492df2e4ae3ef88a2 Mon Sep 17 00:00:00 2001 From: termie Date: Mon, 9 Jan 2012 22:15:40 -0800 Subject: [PATCH 02/30] oh, comment that out --- files/keystone_data.sh | 54 +++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 8ec529a5b5..edc8925837 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -100,33 +100,33 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then fi #endpointTemplates -$BIN_DIR/keystone-manage $* endpointTemplates add \ - RegionOne nova - http://%SERVICE_HOST%:8774/v1.1/%tenant_id% - http://%SERVICE_HOST%:8774/v1.1/%tenant_id% - http://%SERVICE_HOST%:8774/v1.1/%tenant_id% 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add - RegionOne ec2 - http://%SERVICE_HOST%:8773/services/Cloud - http://%SERVICE_HOST%:8773/services/Admin - http://%SERVICE_HOST%:8773/services/Cloud 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add - RegionOne glance - http://%SERVICE_HOST%:9292/v1 - http://%SERVICE_HOST%:9292/v1 - http://%SERVICE_HOST%:9292/v1 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add - RegionOne keystone - http://%SERVICE_HOST%:5000/v2.0 - http://%SERVICE_HOST%:35357/v2.0 - http://%SERVICE_HOST%:5000/v2.0 1 1 -if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then - $BIN_DIR/keystone-manage $* endpointTemplates add - RegionOne swift - http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% - http://%SERVICE_HOST%:8080/ - http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% 1 1 -fi +#$BIN_DIR/keystone-manage $* endpointTemplates add \ +# RegionOne nova +# http://%SERVICE_HOST%:8774/v1.1/%tenant_id% +# http://%SERVICE_HOST%:8774/v1.1/%tenant_id% +# http://%SERVICE_HOST%:8774/v1.1/%tenant_id% 1 1 +#$BIN_DIR/keystone-manage $* endpointTemplates add +# RegionOne ec2 +# http://%SERVICE_HOST%:8773/services/Cloud +# http://%SERVICE_HOST%:8773/services/Admin +# http://%SERVICE_HOST%:8773/services/Cloud 1 1 +#$BIN_DIR/keystone-manage $* endpointTemplates add +# RegionOne glance +# http://%SERVICE_HOST%:9292/v1 +# http://%SERVICE_HOST%:9292/v1 +# http://%SERVICE_HOST%:9292/v1 1 1 +#$BIN_DIR/keystone-manage $* endpointTemplates add +# RegionOne keystone +# http://%SERVICE_HOST%:5000/v2.0 +# http://%SERVICE_HOST%:35357/v2.0 +# http://%SERVICE_HOST%:5000/v2.0 1 1 +#if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then +# $BIN_DIR/keystone-manage $* endpointTemplates add +# RegionOne swift +# http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% +# http://%SERVICE_HOST%:8080/ +# http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% 1 1 +#fi # Tokens #$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00 From eacc5953d26a8d1c4b0db4fb4a9cd9b6e201e10b Mon Sep 17 00:00:00 2001 From: termie Date: Wed, 11 Jan 2012 01:59:00 +0000 Subject: [PATCH 03/30] bunch of fixes --- files/keystone_data.sh | 3 +- files/pips/keystone | 1 + stack.sh | 104 ++++++++++++++++++++--------------------- 3 files changed, 52 insertions(+), 56 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index edc8925837..4738e8d6a3 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -1,8 +1,7 @@ #!/bin/bash BIN_DIR=${BIN_DIR:-.} # Tenants -ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only - create \ +ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ tenant_name=admin` DEMO_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ tenant_name=demo` diff --git a/files/pips/keystone b/files/pips/keystone index 09636e4991..fef9f8b00a 100644 --- a/files/pips/keystone +++ b/files/pips/keystone @@ -1 +1,2 @@ PassLib +pycli diff --git a/stack.sh b/stack.sh index d54d7711fe..6ce86706f7 100755 --- a/stack.sh +++ b/stack.sh @@ -1297,56 +1297,6 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then fi -# Keystone -# -------- - -if [[ "$ENABLED_SERVICES" =~ "key" ]]; then - # (re)create keystone database - mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;' - mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;' - - # Configure keystone.conf - KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf - cp $FILES/keystone.conf $KEYSTONE_CONF - sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF - sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF - sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF - - KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.template - cp $FILES/default_catalog.template $KEYSTONE_CATALOG - sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG - - # keystone_data.sh creates our admin user and our ``SERVICE_TOKEN``. - KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh - cp $FILES/keystone_data.sh $KEYSTONE_DATA - sudo sed -e " - s,%KEYSTONE_AUTH_HOST%,$KEYSTONE_AUTH_HOST,g; - s,%KEYSTONE_AUTH_PORT%,$KEYSTONE_AUTH_PORT,g; - s,%KEYSTONE_AUTH_PROTOCOL%,$KEYSTONE_AUTH_PROTOCOL,g; - s,%KEYSTONE_SERVICE_HOST%,$KEYSTONE_SERVICE_HOST,g; - s,%KEYSTONE_SERVICE_PORT%,$KEYSTONE_SERVICE_PORT,g; - s,%KEYSTONE_SERVICE_PROTOCOL%,$KEYSTONE_SERVICE_PROTOCOL,g; - s,%SERVICE_HOST%,$SERVICE_HOST,g; - s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g; - s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g; - " -i $KEYSTONE_DATA - - # Prepare up the database - $KEYSTONE_DIR/bin/keystone-manage sync_database - - # initialize keystone with default users/endpoints - ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA - - if [ "$SYSLOG" != "False" ]; then - sed -i -e '/^handlers=devel$/s/=devel/=production/' \ - $KEYSTONE_DIR/etc/logging.cnf - sed -i -e "/^log_file/s/log_file/\#log_file/" \ - $KEYSTONE_DIR/etc/keystone.conf - KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.cnf" - fi -fi - - # Launch Services # =============== @@ -1362,18 +1312,18 @@ function screen_it { tmux new-window -t stack -a -n "$1" "bash" tmux send-keys "$2" C-M else - screen -S stack -X screen -t $1 + screen -L -S stack -X screen -t $1 # sleep to allow bash to be ready to be send the command - we are # creating a new window in screen and then sends characters, so if # bash isn't running by the time we send the command, nothing happens sleep 1.5 - screen -S stack -p $1 -X stuff "$2$NL" + screen -L -S stack -p $1 -X stuff "$2$NL" fi fi } # create a new named screen to run processes in -screen -d -m -S stack -t stack +screen -L -d -m -S stack -t stack sleep 1 # set a reasonable statusbar screen -r stack -X hardstatus alwayslastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%< %= %H" @@ -1393,16 +1343,62 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then fi fi +if [[ "$ENABLED_SERVICES" =~ "key" ]]; then + # (re)create keystone database + mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;' + mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;' + + # Configure keystone.conf + KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf + cp $FILES/keystone.conf $KEYSTONE_CONF + sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF + sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF + sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF + + KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.templates + cp $FILES/default_catalog.templates $KEYSTONE_CATALOG + sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG + + + if [ "$SYSLOG" != "False" ]; then + sed -i -e '/^handlers=devel$/s/=devel/=production/' \ + $KEYSTONE_DIR/etc/logging.cnf + sed -i -e "/^log_file/s/log_file/\#log_file/" \ + $KEYSTONE_DIR/etc/keystone.conf + KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.cnf" + fi +fi + # launch the keystone and wait for it to answer before continuing if [[ "$ENABLED_SERVICES" =~ "key" ]]; then screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d" echo "Waiting for keystone to start..." - if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT; do sleep 1; done"; then + if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/; do sleep 1; done"; then echo "keystone did not start" exit 1 fi + + # keystone_data.sh creates our admin user and our ``SERVICE_TOKEN``. + KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh + cp $FILES/keystone_data.sh $KEYSTONE_DATA + sudo sed -e " + s,%KEYSTONE_AUTH_HOST%,$KEYSTONE_AUTH_HOST,g; + s,%KEYSTONE_AUTH_PORT%,$KEYSTONE_AUTH_PORT,g; + s,%KEYSTONE_AUTH_PROTOCOL%,$KEYSTONE_AUTH_PROTOCOL,g; + s,%KEYSTONE_SERVICE_HOST%,$KEYSTONE_SERVICE_HOST,g; + s,%KEYSTONE_SERVICE_PORT%,$KEYSTONE_SERVICE_PORT,g; + s,%KEYSTONE_SERVICE_PROTOCOL%,$KEYSTONE_SERVICE_PROTOCOL,g; + s,%SERVICE_HOST%,$SERVICE_HOST,g; + s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g; + s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g; + " -i $KEYSTONE_DATA + + # initialize keystone with default users/endpoints + $KEYSTONE_DIR/bin/keystone-manage db_sync + ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA fi + # launch the nova-api and wait for it to answer before continuing if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then screen_it n-api "cd $NOVA_DIR && $NOVA_DIR/bin/nova-api" From 50edca6dd4fa226643e0f714c73c145845d3a6af Mon Sep 17 00:00:00 2001 From: termie Date: Wed, 11 Jan 2012 02:04:39 +0000 Subject: [PATCH 04/30] proper conf --- files/keystone.conf | 2 +- stack.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/files/keystone.conf b/files/keystone.conf index 0649e90725..1f5c445395 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -16,7 +16,7 @@ driver = keystone.backends.sql.SqlIdentity [catalog] driver = keystone.backends.templated.TemplatedCatalog -template_file = ./etc/default_catalog.templates +template_file = %KEYSTONE_DIR%/etc/default_catalog.templates [token] driver = keystone.backends.kvs.KvsToken diff --git a/stack.sh b/stack.sh index 6ce86706f7..a342a8b5e0 100755 --- a/stack.sh +++ b/stack.sh @@ -1354,6 +1354,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF + sudo sed -e "s,%KEYSTONE_DIR%,$KEYSTONE_DIR,g" -i $KEYSTONE_CONF KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.templates cp $FILES/default_catalog.templates $KEYSTONE_CATALOG From 747ee33efd9c4142cc46c4e0eb4772f0ca3e149a Mon Sep 17 00:00:00 2001 From: termie Date: Wed, 11 Jan 2012 22:31:59 +0000 Subject: [PATCH 05/30] working now --- stack.sh | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/stack.sh b/stack.sh index a342a8b5e0..c7eb2aa2c4 100755 --- a/stack.sh +++ b/stack.sh @@ -1372,7 +1372,7 @@ fi # launch the keystone and wait for it to answer before continuing if [[ "$ENABLED_SERVICES" =~ "key" ]]; then - screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d" + screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" echo "Waiting for keystone to start..." if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/; do sleep 1; done"; then echo "keystone did not start" @@ -1532,6 +1532,10 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then # Create a directory for the downloaded image tarballs. mkdir -p $FILES/images + ADMIN_USER=admin + ADMIN_TENANT=admin + TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$ADMIN_USER\", \"password\": \"$ADMIN_PASSWORD\"}, \"tenantName\": \"$ADMIN_TENANT\"}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` + # Option to upload legacy ami-tty, which works with xenserver if [ $UPLOAD_LEGACY_TTY ]; then if [ ! -f $FILES/tty.tgz ]; then @@ -1539,11 +1543,11 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then fi tar -zxf $FILES/tty.tgz -C $FILES/images - RVAL=`glance add -A $SERVICE_TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image` + RVAL=`glance add -A $TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image` KERNEL_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "` - RVAL=`glance add -A $SERVICE_TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image` + RVAL=`glance add -A $TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image` RAMDISK_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "` - glance add -A $SERVICE_TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=$KERNEL_ID ramdisk_id=$RAMDISK_ID < $FILES/images/ami-tty/image + glance add -A $TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=$KERNEL_ID ramdisk_id=$RAMDISK_ID < $FILES/images/ami-tty/image fi for image_url in ${IMAGE_URLS//,/ }; do @@ -1590,14 +1594,14 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then # kernel for use when uploading the root filesystem. KERNEL_ID=""; RAMDISK_ID=""; if [ -n "$KERNEL" ]; then - RVAL=`glance add -A $SERVICE_TOKEN name="$IMAGE_NAME-kernel" is_public=true container_format=aki disk_format=aki < "$KERNEL"` + RVAL=`glance add -A $TOKEN name="$IMAGE_NAME-kernel" is_public=true container_format=aki disk_format=aki < "$KERNEL"` KERNEL_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "` fi if [ -n "$RAMDISK" ]; then - RVAL=`glance add -A $SERVICE_TOKEN name="$IMAGE_NAME-ramdisk" is_public=true container_format=ari disk_format=ari < "$RAMDISK"` + RVAL=`glance add -A $TOKEN name="$IMAGE_NAME-ramdisk" is_public=true container_format=ari disk_format=ari < "$RAMDISK"` RAMDISK_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "` fi - glance add -A $SERVICE_TOKEN name="${IMAGE_NAME%.img}" is_public=true container_format=ami disk_format=ami ${KERNEL_ID:+kernel_id=$KERNEL_ID} ${RAMDISK_ID:+ramdisk_id=$RAMDISK_ID} < <(zcat --force "${IMAGE}") + glance add -A $TOKEN name="${IMAGE_NAME%.img}" is_public=true container_format=ami disk_format=ami ${KERNEL_ID:+kernel_id=$KERNEL_ID} ${RAMDISK_ID:+ramdisk_id=$RAMDISK_ID} < <(zcat --force "${IMAGE}") done fi From 708a2ad10d1cab4a928b38c7455e0b853faae73e Mon Sep 17 00:00:00 2001 From: Joe Heck Date: Wed, 18 Jan 2012 10:19:15 -0800 Subject: [PATCH 06/30] logging tweaks for devstack/keystone and cd for keystone db_sync --- stack.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/stack.sh b/stack.sh index c7eb2aa2c4..33665e21d7 100755 --- a/stack.sh +++ b/stack.sh @@ -1362,11 +1362,12 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then if [ "$SYSLOG" != "False" ]; then + cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf sed -i -e '/^handlers=devel$/s/=devel/=production/' \ - $KEYSTONE_DIR/etc/logging.cnf + $KEYSTONE_DIR/etc/logging.conf sed -i -e "/^log_file/s/log_file/\#log_file/" \ $KEYSTONE_DIR/etc/keystone.conf - KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.cnf" + KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.conf" fi fi @@ -1395,8 +1396,10 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then " -i $KEYSTONE_DATA # initialize keystone with default users/endpoints + pushd $KEYSTONE_DIR $KEYSTONE_DIR/bin/keystone-manage db_sync ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA + popd fi From 950bb4555aad563fc91ba2d09382fd5a0d66f03f Mon Sep 17 00:00:00 2001 From: Joe Heck Date: Sun, 29 Jan 2012 12:54:57 -0800 Subject: [PATCH 07/30] updating to match master ksl CLI options --- files/keystone_data.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 4738e8d6a3..d6ddcb34f5 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -1,36 +1,36 @@ #!/bin/bash BIN_DIR=${BIN_DIR:-.} # Tenants -ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ +ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ tenant_name=admin` -DEMO_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ +DEMO_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ tenant_name=demo` -INVIS_TENANT=`$BIN_DIR/keystone-manage tenant --ks-id-only create \ +INVIS_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ tenant_name=invisible_to_admin` # Users -ADMIN_USER=`$BIN_DIR/keystone-manage user --ks-id-only create \ +ADMIN_USER=`$BIN_DIR/keystone-manage user --id-only create \ name=admin \ "password=%ADMIN_PASSWORD%" \ email=admin@example.com` -DEMO_USER=`$BIN_DIR/keystone-manage user --ks-id-only create \ +DEMO_USER=`$BIN_DIR/keystone-manage user --id-only create \ name=demo \ "password=%ADMIN_PASSWORD%" \ email=demo@example.com` # Roles -ADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ +ADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=Admin` -MEMBER_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ +MEMBER_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=Member` -KEYSTONEADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ +KEYSTONEADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=KeystoneAdmin` -KEYSTONESERVICE_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ +KEYSTONESERVICE_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=KeystoneServiceAdmin` -SYSADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ +SYSADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=sysadmin` -NETADMIN_ROLE=`$BIN_DIR/keystone-manage role --ks-id-only create \ +NETADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=netadmin` From 3b15b0566435ba4a11fe948b4c8c74306406da34 Mon Sep 17 00:00:00 2001 From: termie Date: Thu, 2 Feb 2012 16:45:48 -0800 Subject: [PATCH 08/30] update keystone.conf --- files/keystone.conf | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/files/keystone.conf b/files/keystone.conf index 1f5c445395..31620329c6 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -2,7 +2,18 @@ public_port = 5000 admin_port = 35357 admin_token = %SERVICE_TOKEN% -log_file = %DEST%/keystone/keystone.log +compute_port = 3000 +verbose = True +debug = True +log_config = %DEST%/keystone/keystone.log + +# ================= Syslog Options ============================ +# Send logs to syslog (/dev/log) instead of to file specified +# by `log-file` +use_syslog = False + +# Facility to use. If unset defaults to LOG_USER. +# syslog_log_facility = LOG_LOCAL0 [sql] connection = %SQL_CONN% @@ -12,20 +23,23 @@ max_pool_size = 10 pool_timeout = 200 [identity] -driver = keystone.backends.sql.SqlIdentity +driver = keystone.identity.backends.kvs.Identity [catalog] -driver = keystone.backends.templated.TemplatedCatalog +driver = keystone.catalog.backends.templated.TemplatedCatalog template_file = %KEYSTONE_DIR%/etc/default_catalog.templates [token] -driver = keystone.backends.kvs.KvsToken +driver = keystone.token.backends.kvs.Token [policy] -driver = keystone.backends.policy.SimpleMatch +driver = keystone.policy.backends.simple.SimpleMatch + +[ec2] +driver = keystone.contrib.ec2.backends.kvs.Ec2 [filter:debug] -paste.filter_factory = keystone.wsgi:Debug.factory +paste.filter_factory = keystone.common.wsgi:Debug.factory [filter:token_auth] paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory @@ -37,8 +51,10 @@ paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory [filter:crud_extension] -paste.filter_factory = keystone.service:AdminCrudExtension.factory +paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory +[filter:ec2_extension] +paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory [app:public_service] paste.app_factory = keystone.service:public_app_factory @@ -47,10 +63,10 @@ paste.app_factory = keystone.service:public_app_factory paste.app_factory = keystone.service:admin_app_factory [pipeline:public_api] -pipeline = token_auth admin_token_auth json_body debug public_service +pipeline = token_auth admin_token_auth json_body debug ec2_extension public_service [pipeline:admin_api] -pipeline = token_auth admin_token_auth json_body debug crud_extension admin_service +pipeline = token_auth admin_token_auth json_body debug ec2_extension crud_extension admin_service [composite:main] use = egg:Paste#urlmap From 221367c0a3f278b923f32881b585787a826ea9da Mon Sep 17 00:00:00 2001 From: termie Date: Thu, 2 Feb 2012 16:53:42 -0800 Subject: [PATCH 09/30] yup --- files/keystone.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/keystone.conf b/files/keystone.conf index 31620329c6..745abeea2f 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -5,7 +5,7 @@ admin_token = %SERVICE_TOKEN% compute_port = 3000 verbose = True debug = True -log_config = %DEST%/keystone/keystone.log +log_file = %DEST%/keystone/keystone.log # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified From 8a41c9dad483c1da89f8763e76d76a0c9a9984b4 Mon Sep 17 00:00:00 2001 From: termie Date: Thu, 2 Feb 2012 17:31:19 -0800 Subject: [PATCH 10/30] update to get keystone working --- files/apts/keystone | 2 +- files/keystone.conf | 2 +- files/keystone_data.sh | 64 +++++++++++++++++++++--------------------- stack.sh | 2 +- 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/files/apts/keystone b/files/apts/keystone index 6e6d3d53ab..94479c9251 100644 --- a/files/apts/keystone +++ b/files/apts/keystone @@ -12,4 +12,4 @@ python-greenlet python-routes libldap2-dev libsasl2-dev - +python-bcrypt diff --git a/files/keystone.conf b/files/keystone.conf index 745abeea2f..1155d92536 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -23,7 +23,7 @@ max_pool_size = 10 pool_timeout = 200 [identity] -driver = keystone.identity.backends.kvs.Identity +driver = keystone.identity.backends.sql.Identity [catalog] driver = keystone.catalog.backends.templated.TemplatedCatalog diff --git a/files/keystone_data.sh b/files/keystone_data.sh index d6ddcb34f5..75260841fc 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -36,40 +36,40 @@ NETADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ # Add Roles to Users in Tenants -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$ADMIN_ROLE \ - user_id=$ADMIN_USER \ - tenant_id=$ADMIN_TENANT -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$MEMBER_ROLE \ - user_id=$DEMO_USER \ - tenant_id=$DEMO_TENANT -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$SYSADMIN_ROLE \ - user_id=$DEMO_USER \ - tenant_id=$DEMO_TENANT -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$NETADMIN_ROLE \ - user_id=$DEMO_USER \ - tenant_id=$DEMO_TENANT -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$MEMBER_ROLE \ - user_id=$DEMO_USER \ - tenant_id=$INVIS_TENANT -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$ADMIN_ROLE \ - user_id=$ADMIN_USER \ - tenant_id=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$ADMIN_ROLE \ + user=$ADMIN_USER \ + tenant=$ADMIN_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$MEMBER_ROLE \ + user=$DEMO_USER \ + tenant=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$SYSADMIN_ROLE \ + user=$DEMO_USER \ + tenant=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$NETADMIN_ROLE \ + user=$DEMO_USER \ + tenant=$DEMO_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$MEMBER_ROLE \ + user=$DEMO_USER \ + tenant=$INVIS_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$ADMIN_ROLE \ + user=$ADMIN_USER \ + tenant=$DEMO_TENANT # TODO(termie): these two might be dubious -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$KEYSTONEADMIN_ROLE \ - user_id=$ADMIN_USER \ - tenant_id=$ADMIN_TENANT -$BIN_DIR/keystone-manage role add_user_to_tenant \ - role_id=$KEYSTONESERVICE_ROLE \ - user_id=$ADMIN_USER \ - tenant_id=$ADMIN_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$KEYSTONEADMIN_ROLE \ + user=$ADMIN_USER \ + tenant=$ADMIN_TENANT +$BIN_DIR/keystone-manage role add_user_role \ + role=$KEYSTONESERVICE_ROLE \ + user=$ADMIN_USER \ + tenant=$ADMIN_TENANT # Services $BIN_DIR/keystone-manage service create \ diff --git a/stack.sh b/stack.sh index 33665e21d7..2bac11cdb9 100755 --- a/stack.sh +++ b/stack.sh @@ -1373,7 +1373,7 @@ fi # launch the keystone and wait for it to answer before continuing if [[ "$ENABLED_SERVICES" =~ "key" ]]; then - screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" + screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" echo "Waiting for keystone to start..." if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/; do sleep 1; done"; then echo "keystone did not start" From b0b6d315bd12f952d95c9dc02ca9f5e6c4e53a01 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Fri, 3 Feb 2012 21:40:32 -0800 Subject: [PATCH 11/30] Changes to get devstack working again with ksl + trunk Change-Id: I7261b2d88325d4f9cb3337478dbcbd04c25e52ed --- files/keystone.conf | 1 + files/keystone_data.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/files/keystone.conf b/files/keystone.conf index 1155d92536..ca8e31eada 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -5,6 +5,7 @@ admin_token = %SERVICE_TOKEN% compute_port = 3000 verbose = True debug = True +# should use stdout for devstack, but leaving this for now log_file = %DEST%/keystone/keystone.log # ================= Syslog Options ============================ diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 75260841fc..35eaa5dd12 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -21,7 +21,7 @@ DEMO_USER=`$BIN_DIR/keystone-manage user --id-only create \ # Roles ADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=Admin` + name=admin` MEMBER_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ name=Member` KEYSTONEADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ From d281376de8059d0f29bb2df725c0924800ab06db Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Mon, 6 Feb 2012 21:21:52 +0000 Subject: [PATCH 12/30] fix logging and move keystone client earlier in the install chain --- files/keystone.conf | 4 ++-- stack.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/keystone.conf b/files/keystone.conf index ca8e31eada..0ee08279d5 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -5,8 +5,8 @@ admin_token = %SERVICE_TOKEN% compute_port = 3000 verbose = True debug = True -# should use stdout for devstack, but leaving this for now -log_file = %DEST%/keystone/keystone.log +# commented out so devstack logs to stdout +# log_file = %DEST%/keystone/keystone.log # ================= Syslog Options ============================ # Send logs to syslog (/dev/log) instead of to file specified diff --git a/stack.sh b/stack.sh index 2bac11cdb9..cedf597f06 100755 --- a/stack.sh +++ b/stack.sh @@ -653,6 +653,8 @@ fi # setup our checkouts so they are installed into python path # allowing ``import nova`` or ``import glance.client`` +cd $KEYSTONECLIENT_DIR; sudo python setup.py develop +cd $NOVACLIENT_DIR; sudo python setup.py develop if [[ "$ENABLED_SERVICES" =~ "key" || "$ENABLED_SERVICES" =~ "g-api" || "$ENABLED_SERVICES" =~ "n-api" || @@ -667,10 +669,8 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" || "$ENABLED_SERVICES" =~ "n-api" ]]; then cd $GLANCE_DIR; sudo python setup.py develop fi -cd $NOVACLIENT_DIR; sudo python setup.py develop cd $NOVA_DIR; sudo python setup.py develop if [[ "$ENABLED_SERVICES" =~ "horizon" ]]; then - cd $KEYSTONECLIENT_DIR; sudo python setup.py develop cd $HORIZON_DIR/horizon; sudo python setup.py develop cd $HORIZON_DIR/openstack-dashboard; sudo python setup.py develop fi From 658ac7a4cc0f54ce64e9704dcabd2d4a262bb24f Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Mon, 6 Feb 2012 22:56:37 +0000 Subject: [PATCH 13/30] create and store secret and access keys --- files/keystone.conf | 2 +- files/keystone_data.sh | 24 +++++++++++++++++++----- openrc | 4 ++-- stack.sh | 2 +- stackrc | 5 +++++ 5 files changed, 28 insertions(+), 9 deletions(-) diff --git a/files/keystone.conf b/files/keystone.conf index 0ee08279d5..3167c0f455 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -37,7 +37,7 @@ driver = keystone.token.backends.kvs.Token driver = keystone.policy.backends.simple.SimpleMatch [ec2] -driver = keystone.contrib.ec2.backends.kvs.Ec2 +driver = keystone.contrib.ec2.backends.sql.Ec2 [filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 35eaa5dd12..39952b16c6 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -98,6 +98,25 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then "description=Swift Service" fi +# create ec2 creds and parse the secret and access key returned +RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$ADMIN_USER tenant_id=$ADMIN_TENANT` +ADMIN_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"` +ADMIN_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"` + + +RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$DEMO_USER tenant_id=$DEMO_TENANT` +DEMO_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"` +DEMO_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"` + +# write the secret and access to ec2rc +cat > $DEVSTACK_DIR/ec2rc < Date: Fri, 3 Feb 2012 21:40:32 -0800 Subject: [PATCH 14/30] Move the clone of keystoneclient Change-Id: I82eb457e36e9f43636bc27242fb4a1b4b1ecad36 --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 8421c3c23a..8dc54ce248 100755 --- a/stack.sh +++ b/stack.sh @@ -602,6 +602,7 @@ function git_clone { # compute service git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH # python client library to nova that horizon (and others) use +git_clone $KEYSTONECLIENT_REPO $KEYSTONECLIENT_DIR $KEYSTONECLIENT_BRANCH git_clone $NOVACLIENT_REPO $NOVACLIENT_DIR $NOVACLIENT_BRANCH # glance, swift middleware and nova api needs keystone middleware @@ -630,7 +631,6 @@ fi if [[ "$ENABLED_SERVICES" =~ "horizon" ]]; then # django powered web control panel for openstack git_clone $HORIZON_REPO $HORIZON_DIR $HORIZON_BRANCH $HORIZON_TAG - git_clone $KEYSTONECLIENT_REPO $KEYSTONECLIENT_DIR $KEYSTONECLIENT_BRANCH fi if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then # quantum From 6563a3ce76c5ea8e20056350d68c19a6366bca5d Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Tue, 31 Jan 2012 12:11:56 -0600 Subject: [PATCH 15/30] Extract common functions into a separate file This is the start of an effort to organize devstack's code to better document the requirements for configuring the individual components. Change-Id: I3476b76b9d1f9ee63687fb9898a98729118cbd84 --- functions | 91 ++++++++++++++++++++++++++++ stack.sh | 75 +---------------------- tools/build_ramdisk.sh | 34 ++--------- tools/build_tempest.sh | 41 ++----------- tools/build_uec.sh | 7 ++- tools/build_uec_ramdisk.sh | 36 ++--------- tools/configure_tempest.sh | 5 +- tools/copy_dev_environment_to_uec.sh | 12 ++-- tools/get_uec_image.sh | 5 +- 9 files changed, 125 insertions(+), 181 deletions(-) create mode 100644 functions diff --git a/functions b/functions new file mode 100644 index 0000000000..01c4758fa0 --- /dev/null +++ b/functions @@ -0,0 +1,91 @@ +# functions - Common functions used by DevStack components + + +# apt-get wrapper to set arguments correctly +# apt_get package [package ...] +function apt_get() { + [[ "$OFFLINE" = "True" ]] && return + local sudo="sudo" + [[ "$(id -u)" = "0" ]] && sudo="env" + $sudo DEBIAN_FRONTEND=noninteractive \ + http_proxy=$http_proxy https_proxy=$https_proxy \ + apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@" +} + + +# Gracefully cp only if source file/dir exists +# cp_it source destination +function cp_it { + if [ -e $1 ] || [ -d $1 ]; then + cp -pRL $1 $2 + fi +} + + +# git clone only if directory doesn't exist already. Since ``DEST`` might not +# be owned by the installation user, we create the directory and change the +# ownership to the proper user. +# Set global RECLONE=yes to simulate a clone when dest-dir exists +# git_clone remote dest-dir branch +function git_clone { + [[ "$OFFLINE" = "True" ]] && return + + GIT_REMOTE=$1 + GIT_DEST=$2 + GIT_BRANCH=$3 + + if echo $GIT_BRANCH | egrep -q "^refs"; then + # If our branch name is a gerrit style refs/changes/... + if [[ ! -d $GIT_DEST ]]; then + git clone $GIT_REMOTE $GIT_DEST + fi + cd $GIT_DEST + git fetch $GIT_REMOTE $GIT_BRANCH && git checkout FETCH_HEAD + else + # do a full clone only if the directory doesn't exist + if [[ ! -d $GIT_DEST ]]; then + git clone $GIT_REMOTE $GIT_DEST + cd $GIT_DEST + # This checkout syntax works for both branches and tags + git checkout $GIT_BRANCH + elif [[ "$RECLONE" == "yes" ]]; then + # if it does exist then simulate what clone does if asked to RECLONE + cd $GIT_DEST + # set the url to pull from and fetch + git remote set-url origin $GIT_REMOTE + git fetch origin + # remove the existing ignored files (like pyc) as they cause breakage + # (due to the py files having older timestamps than our pyc, so python + # thinks the pyc files are correct using them) + find $GIT_DEST -name '*.pyc' -delete + git checkout -f origin/$GIT_BRANCH + # a local branch might not exist + git branch -D $GIT_BRANCH || true + git checkout -b $GIT_BRANCH + fi + fi +} + + +# pip install wrapper to set cache and proxy environment variables +# pip_install package [package ...] +function pip_install { + [[ "$OFFLINE" = "True" ]] && return + sudo PIP_DOWNLOAD_CACHE=/var/cache/pip \ + HTTP_PROXY=$http_proxy \ + HTTPS_PROXY=$https_proxy \ + pip install --use-mirrors $@ +} + + +# Normalize config values to True or False +# VAR=`trueorfalse default-value test-value` +function trueorfalse() { + local default=$1 + local testval=$2 + + [[ -z "$testval" ]] && { echo "$default"; return; } + [[ "0 no false False FALSE" =~ "$testval" ]] && { echo "False"; return; } + [[ "1 yes true True TRUE" =~ "$testval" ]] && { echo "True"; return; } + echo "$default" +} diff --git a/stack.sh b/stack.sh index 8dc54ce248..c40b24c996 100755 --- a/stack.sh +++ b/stack.sh @@ -35,6 +35,9 @@ fi # Keep track of the current devstack directory. TOP_DIR=$(cd $(dirname "$0") && pwd) +# Import common functions +. $TOP_DIR/functions + # stack.sh keeps the list of **apt** and **pip** dependencies in external # files, along with config templates and other useful files. You can find these # in the ``files`` directory (next to this script). We will reference this @@ -86,16 +89,6 @@ source ./stackrc # Destination path for installation ``DEST`` DEST=${DEST:-/opt/stack} -# apt-get wrapper to just get arguments set correctly -function apt_get() { - [[ "$OFFLINE" = "True" ]] && return - local sudo="sudo" - [ "$(id -u)" = "0" ] && sudo="env" - $sudo DEBIAN_FRONTEND=noninteractive \ - http_proxy=$http_proxy https_proxy=$https_proxy \ - apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@" -} - # Check to see if we are already running a stack.sh if screen -ls | egrep -q "[0-9].stack"; then echo "You are already running a stack.sh session." @@ -155,18 +148,6 @@ else sudo mv $TEMPFILE /etc/sudoers.d/stack_sh_nova fi -# Normalize config values to True or False -# VAR=`trueorfalse default-value test-value` -function trueorfalse() { - local default=$1 - local testval=$2 - - [[ -z "$testval" ]] && { echo "$default"; return; } - [[ "0 no false False FALSE" =~ "$testval" ]] && { echo "False"; return; } - [[ "1 yes true True TRUE" =~ "$testval" ]] && { echo "True"; return; } - echo "$default" -} - # Set True to configure stack.sh to run cleanly without Internet access. # stack.sh must have been previously run with Internet access to install # prerequisites and initialize $DEST. @@ -542,14 +523,6 @@ function get_packages() { done } -function pip_install { - [[ "$OFFLINE" = "True" ]] && return - sudo PIP_DOWNLOAD_CACHE=/var/cache/pip \ - HTTP_PROXY=$http_proxy \ - HTTPS_PROXY=$https_proxy \ - pip install --use-mirrors $@ -} - # install apt requirements apt_get update apt_get install $(get_packages) @@ -557,48 +530,6 @@ apt_get install $(get_packages) # install python requirements pip_install `cat $FILES/pips/* | uniq` -# git clone only if directory doesn't exist already. Since ``DEST`` might not -# be owned by the installation user, we create the directory and change the -# ownership to the proper user. -function git_clone { - [[ "$OFFLINE" = "True" ]] && return - - GIT_REMOTE=$1 - GIT_DEST=$2 - GIT_BRANCH=$3 - - if echo $GIT_BRANCH | egrep -q "^refs"; then - # If our branch name is a gerrit style refs/changes/... - if [ ! -d $GIT_DEST ]; then - git clone $GIT_REMOTE $GIT_DEST - fi - cd $GIT_DEST - git fetch $GIT_REMOTE $GIT_BRANCH && git checkout FETCH_HEAD - else - # do a full clone only if the directory doesn't exist - if [ ! -d $GIT_DEST ]; then - git clone $GIT_REMOTE $GIT_DEST - cd $GIT_DEST - # This checkout syntax works for both branches and tags - git checkout $GIT_BRANCH - elif [[ "$RECLONE" == "yes" ]]; then - # if it does exist then simulate what clone does if asked to RECLONE - cd $GIT_DEST - # set the url to pull from and fetch - git remote set-url origin $GIT_REMOTE - git fetch origin - # remove the existing ignored files (like pyc) as they cause breakage - # (due to the py files having older timestamps than our pyc, so python - # thinks the pyc files are correct using them) - find $GIT_DEST -name '*.pyc' -delete - git checkout -f origin/$GIT_BRANCH - # a local branch might not exist - git branch -D $GIT_BRANCH || true - git checkout -b $GIT_BRANCH - fi - fi -} - # compute service git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH # python client library to nova that horizon (and others) use diff --git a/tools/build_ramdisk.sh b/tools/build_ramdisk.sh index feaa8a97ad..7c1600b1ec 100755 --- a/tools/build_ramdisk.sh +++ b/tools/build_ramdisk.sh @@ -47,7 +47,10 @@ IMG_FILE=$1 # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions # Store cwd CWD=`pwd` @@ -170,35 +173,6 @@ if [ ! -r "`ls $MNTDIR/boot/vmlinuz-*-generic | head -1`" ]; then chroot $MNTDIR apt-get install -y linux-generic fi -# git clone only if directory doesn't exist already. Since ``DEST`` might not -# be owned by the installation user, we create the directory and change the -# ownership to the proper user. -function git_clone { - - # clone new copy or fetch latest changes - CHECKOUT=${MNTDIR}$2 - if [ ! -d $CHECKOUT ]; then - mkdir -p $CHECKOUT - git clone $1 $CHECKOUT - else - pushd $CHECKOUT - git fetch - popd - fi - - # FIXME(ja): checkout specified version (should works for branches and tags) - - pushd $CHECKOUT - # checkout the proper branch/tag - git checkout $3 - # force our local version to be the same as the remote version - git reset --hard origin/$3 - popd - - # give ownership to the stack user - chroot $MNTDIR chown -R stack $2 -} - git_clone $NOVA_REPO $DEST/nova $NOVA_BRANCH git_clone $GLANCE_REPO $DEST/glance $GLANCE_BRANCH git_clone $KEYSTONE_REPO $DEST/keystone $KEYSTONE_BRANCH diff --git a/tools/build_tempest.sh b/tools/build_tempest.sh index aa44766ae8..230e8f9b72 100755 --- a/tools/build_tempest.sh +++ b/tools/build_tempest.sh @@ -26,7 +26,10 @@ trap cleanup SIGHUP SIGINT SIGTERM SIGQUIT EXIT # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions # Abort if localrc is not set if [ ! -e $TOP_DIR/localrc ]; then @@ -43,42 +46,8 @@ DEST=${DEST:-/opt/stack} TEMPEST_DIR=$DEST/tempest -DIST_NAME=${DIST_NAME:-oneiric} - -# git clone only if directory doesn't exist already. Since ``DEST`` might not -# be owned by the installation user, we create the directory and change the -# ownership to the proper user. -function git_clone { - - GIT_REMOTE=$1 - GIT_DEST=$2 - GIT_BRANCH=$3 - - # do a full clone only if the directory doesn't exist - if [ ! -d $GIT_DEST ]; then - git clone $GIT_REMOTE $GIT_DEST - cd $2 - # This checkout syntax works for both branches and tags - git checkout $GIT_BRANCH - elif [[ "$RECLONE" == "yes" ]]; then - # if it does exist then simulate what clone does if asked to RECLONE - cd $GIT_DEST - # set the url to pull from and fetch - git remote set-url origin $GIT_REMOTE - git fetch origin - # remove the existing ignored files (like pyc) as they cause breakage - # (due to the py files having older timestamps than our pyc, so python - # thinks the pyc files are correct using them) - find $GIT_DEST -name '*.pyc' -delete - git checkout -f origin/$GIT_BRANCH - # a local branch might not exist - git branch -D $GIT_BRANCH || true - git checkout -b $GIT_BRANCH - fi -} - # Install tests and prerequisites -sudo PIP_DOWNLOAD_CACHE=/var/cache/pip pip install --use-mirrors `cat $TOP_DIR/files/pips/tempest` +pip_install `cat $TOP_DIR/files/pips/tempest` git_clone $TEMPEST_REPO $TEMPEST_DIR $TEMPEST_BRANCH diff --git a/tools/build_uec.sh b/tools/build_uec.sh index 04e1a45913..ed5a017174 100755 --- a/tools/build_uec.sh +++ b/tools/build_uec.sh @@ -8,7 +8,10 @@ fi # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions cd $TOP_DIR @@ -34,7 +37,7 @@ fi # Install deps if needed DEPS="kvm libvirt-bin kpartx cloud-utils curl" -apt-get install -y --force-yes $DEPS || true # allow this to fail gracefully for concurrent builds +apt_get install -y --force-yes $DEPS || true # allow this to fail gracefully for concurrent builds # Where to store files and instances WORK_DIR=${WORK_DIR:-/opt/uecstack} diff --git a/tools/build_uec_ramdisk.sh b/tools/build_uec_ramdisk.sh index 174eaac72c..32f90c05c0 100755 --- a/tools/build_uec_ramdisk.sh +++ b/tools/build_uec_ramdisk.sh @@ -40,7 +40,10 @@ DEST_FILE=$1 # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions cd $TOP_DIR @@ -68,7 +71,7 @@ fi # Install deps if needed DEPS="kvm libvirt-bin kpartx cloud-utils curl" -apt-get install -y --force-yes $DEPS +apt_get install -y --force-yes $DEPS # Where to store files and instances CACHEDIR=${CACHEDIR:-/opt/stack/cache} @@ -113,35 +116,6 @@ if [ ! -r "`ls $MNT_DIR/boot/vmlinuz-*-generic | head -1`" ]; then chroot $MNT_DIR apt-get install -y linux-generic fi -# git clone only if directory doesn't exist already. Since ``DEST`` might not -# be owned by the installation user, we create the directory and change the -# ownership to the proper user. -function git_clone { - - # clone new copy or fetch latest changes - CHECKOUT=${MNT_DIR}$2 - if [ ! -d $CHECKOUT ]; then - mkdir -p $CHECKOUT - git clone $1 $CHECKOUT - else - pushd $CHECKOUT - git fetch - popd - fi - - # FIXME(ja): checkout specified version (should works for branches and tags) - - pushd $CHECKOUT - # checkout the proper branch/tag - git checkout $3 - # force our local version to be the same as the remote version - git reset --hard origin/$3 - popd - - # give ownership to the stack user - chroot $MNT_DIR chown -R stack $2 -} - git_clone $NOVA_REPO $DEST/nova $NOVA_BRANCH git_clone $GLANCE_REPO $DEST/glance $GLANCE_BRANCH git_clone $KEYSTONE_REPO $DEST/keystone $KEYSTONE_BRANCH diff --git a/tools/configure_tempest.sh b/tools/configure_tempest.sh index 00add9a336..f6ef0d3b95 100755 --- a/tools/configure_tempest.sh +++ b/tools/configure_tempest.sh @@ -30,7 +30,10 @@ trap cleanup SIGHUP SIGINT SIGTERM SIGQUIT EXIT # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions # Abort if localrc is not set if [ ! -e $TOP_DIR/localrc ]; then diff --git a/tools/copy_dev_environment_to_uec.sh b/tools/copy_dev_environment_to_uec.sh index c949b329df..d5687dc14d 100755 --- a/tools/copy_dev_environment_to_uec.sh +++ b/tools/copy_dev_environment_to_uec.sh @@ -8,7 +8,10 @@ set -o errexit # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions # Change dir to top of devstack cd $TOP_DIR @@ -47,13 +50,6 @@ echo stack:pass | chroot $STAGING_DIR chpasswd ( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ > $STAGING_DIR/etc/sudoers.d/50_stack_sh ) -# Gracefully cp only if source file/dir exists -function cp_it { - if [ -e $1 ] || [ -d $1 ]; then - cp -pRL $1 $2 - fi -} - # Copy over your ssh keys and env if desired cp_it ~/.ssh $STAGING_DIR/$DEST/.ssh cp_it ~/.ssh/id_rsa.pub $STAGING_DIR/$DEST/.ssh/authorized_keys diff --git a/tools/get_uec_image.sh b/tools/get_uec_image.sh index f66f2bc2fb..09630740dc 100755 --- a/tools/get_uec_image.sh +++ b/tools/get_uec_image.sh @@ -6,7 +6,10 @@ ROOTSIZE=${ROOTSIZE:-2000} # Keep track of the current directory TOOLS_DIR=$(cd $(dirname "$0") && pwd) -TOP_DIR=`cd $TOOLS_DIR/..; pwd` +TOP_DIR=$(cd $TOOLS_DIR/..; pwd) + +# Import common functions +. $TOP_DIR/functions # exit on error to stop unexpected errors set -o errexit From efa578aabe8a2fa3b1d432856186b0e193fcad89 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Fri, 3 Feb 2012 11:23:32 -0600 Subject: [PATCH 16/30] Fixes bug 920762: change Admin to admin in swift/proxy-server.conf Change-Id: I6cb564ed2a6eaaf325a9573b4a6d372ae8a73c8d --- files/swift/proxy-server.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/swift/proxy-server.conf b/files/swift/proxy-server.conf index da6b1fa25d..3ef027695f 100644 --- a/files/swift/proxy-server.conf +++ b/files/swift/proxy-server.conf @@ -19,7 +19,7 @@ account_autocreate = true use = egg:swiftkeystone2#keystone2 keystone_admin_token = %SERVICE_TOKEN% keystone_url = http://localhost:35357/v2.0 -keystone_swift_operator_roles = Member,Admin +keystone_swift_operator_roles = Member,admin [filter:tempauth] use = egg:swift#tempauth From af6d47cb3da92df0a49adbad1d4c9d4f50124147 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 12 Jan 2012 17:11:56 -0800 Subject: [PATCH 17/30] Separate out build_xva process so that it can be run on a machine besides dom0 Change-Id: I3a6e1ef874c83d79d09a8df1f086ec06d39db2df --- tools/xen/README.md | 13 ++- tools/xen/build_domU.sh | 200 +++------------------------------------- tools/xen/build_xva.sh | 164 ++++++++++++++++++++++++++++++++ tools/xen/xenrc | 38 ++++++++ 4 files changed, 227 insertions(+), 188 deletions(-) create mode 100755 tools/xen/build_xva.sh create mode 100644 tools/xen/xenrc diff --git a/tools/xen/README.md b/tools/xen/README.md index 63350ea7f2..a3398a7879 100644 --- a/tools/xen/README.md +++ b/tools/xen/README.md @@ -54,7 +54,16 @@ Of course, use real passwords if this machine is exposed. ACTIVE_TIMEOUT=45 EOF -Step 4: Run ./build_domU.sh +Step 4: Run ./build_xva.sh +-------------------------- +This script prpares your nova xva image. This script can be run on a separate machine +and copied to dom0. If you run this on a different machine, copy the resulting xva +file to tools/xen/xvas/[GUEST_NAME].xva (by default tools/xen/xvas/ALLINONE.xva) + +It is likely that for XS6 you will need to build_xva.sh on a separate machine due +to dom0 space constraints. + +Step 5: Run ./build_domU.sh -------------------------- This script does a lot of stuff, it is probably best to read it in its entirety. But in a nutshell, it performs the following: @@ -63,7 +72,7 @@ But in a nutshell, it performs the following: * Creates and installs a OpenStack all-in-one domU in an HA-FlatDHCP configuration * A script to create a multi-domU (ie. head node separated from compute) configuration is coming soon! -Step 5: Do cloudy stuff! +Step 6: Do cloudy stuff! -------------------------- * Play with horizon * Play with the CLI diff --git a/tools/xen/build_domU.sh b/tools/xen/build_domU.sh index 642b40f753..cd28f15574 100755 --- a/tools/xen/build_domU.sh +++ b/tools/xen/build_domU.sh @@ -10,42 +10,18 @@ fi # This directory TOP_DIR=$(cd $(dirname "$0") && pwd) -# Source params -cd ../.. && source ./stackrc && cd $TOP_DIR +# Source params - override xenrc params in your localrc to suite your taste +source xenrc # Echo commands set -o xtrace -# Name of this guest -GUEST_NAME=${GUEST_NAME:-ALLINONE} - -# dom0 ip -HOST_IP=${HOST_IP:-`ifconfig xenbr0 | grep "inet addr" | cut -d ":" -f2 | sed "s/ .*//"`} - -# Our nova host's network info -VM_IP=${VM_IP:-10.255.255.255} # A host-only ip that let's the interface come up, otherwise unused -MGT_IP=${MGT_IP:-172.16.100.55} -PUB_IP=${PUB_IP:-192.168.1.55} - -# Public network -PUB_BR=${PUB_BR:-xenbr0} -PUB_NETMASK=${PUB_NETMASK:-255.255.255.0} - -# VM network params -VM_NETMASK=${VM_NETMASK:-255.255.255.0} -VM_BR=${VM_BR:-xapi1} -VM_VLAN=${VM_VLAN:-100} - -# MGMT network params -MGT_NETMASK=${MGT_NETMASK:-255.255.255.0} -MGT_BR=${MGT_BR:-xapi2} -MGT_VLAN=${MGT_VLAN:-101} - -# VM Password -GUEST_PASSWORD=${GUEST_PASSWORD:-secrete} - -# Size of image -VDI_MB=${VDI_MB:-2500} +# Check for xva file +if [ ! -e $XVA ]; then + echo "Missing xva file. Please run build_xva.sh (ideally on a non dom0 host since the build can require lots of space)." + echo "Place the resulting xva file in $XVA" + exit 1 +fi # Make sure we have git if ! which git; then @@ -95,6 +71,9 @@ function create_vlan() { create_vlan $PIF $VM_VLAN $VM_NET create_vlan $PIF $MGT_VLAN $MGT_NET +# dom0 ip +HOST_IP=${HOST_IP:-`ifconfig xenbr0 | grep "inet addr" | cut -d ":" -f2 | sed "s/ .*//"`} + # Setup host-only nat rules HOST_NET=169.254.0.0/16 if ! iptables -L -v -t nat | grep -q $HOST_NET; then @@ -117,86 +96,9 @@ fi # Enable ip forwarding at runtime as well echo 1 > /proc/sys/net/ipv4/ip_forward -# Directory where we stage the build -STAGING_DIR=$TOP_DIR/stage - -# Option to clean out old stuff -CLEAN=${CLEAN:-0} -if [ "$CLEAN" = "1" ]; then - rm -rf $STAGING_DIR -fi - -# Download our base image. This image is made using prepare_guest.sh -BASE_IMAGE_URL=${BASE_IMAGE_URL:-http://images.ansolabs.com/xen/stage.tgz} -if [ ! -e $STAGING_DIR ]; then - if [ ! -e /tmp/stage.tgz ]; then - wget $BASE_IMAGE_URL -O /tmp/stage.tgz - fi - tar xfz /tmp/stage.tgz - cd $TOP_DIR -fi - -# Free up precious disk space -rm -f /tmp/stage.tgz - -# Make sure we have a stage -if [ ! -d $STAGING_DIR/etc ]; then - echo "Stage is not properly set up!" - exit 1 -fi - -# Directory where our conf files are stored -FILES_DIR=$TOP_DIR/files -TEMPLATES_DIR=$TOP_DIR/templates - -# Directory for supporting script files -SCRIPT_DIR=$TOP_DIR/scripts - -# Version of ubuntu with which we are working -UBUNTU_VERSION=`cat $STAGING_DIR/etc/lsb-release | grep "DISTRIB_CODENAME=" | sed "s/DISTRIB_CODENAME=//"` -KERNEL_VERSION=`ls $STAGING_DIR/boot/vmlinuz* | head -1 | sed "s/.*vmlinuz-//"` - -# Setup fake grub -rm -rf $STAGING_DIR/boot/grub/ -mkdir -p $STAGING_DIR/boot/grub/ -cp $TEMPLATES_DIR/menu.lst.in $STAGING_DIR/boot/grub/menu.lst -sed -e "s,@KERNEL_VERSION@,$KERNEL_VERSION,g" -i $STAGING_DIR/boot/grub/menu.lst - -# Setup fstab, tty, and other system stuff -cp $FILES_DIR/fstab $STAGING_DIR/etc/fstab -cp $FILES_DIR/hvc0.conf $STAGING_DIR/etc/init/ - -# Put the VPX into UTC. -rm -f $STAGING_DIR/etc/localtime - -# Configure dns (use same dns as dom0) -cp /etc/resolv.conf $STAGING_DIR/etc/resolv.conf - -# Copy over devstack -rm -f /tmp/devstack.tar -tar --exclude='stage' --exclude='xen/xvas' --exclude='xen/nova' -cvf /tmp/devstack.tar $TOP_DIR/../../../devstack -cd $STAGING_DIR/opt/stack/ -tar xf /tmp/devstack.tar -cd $TOP_DIR - -# Configure OVA -VDI_SIZE=$(($VDI_MB*1024*1024)) -PRODUCT_BRAND=${PRODUCT_BRAND:-openstack} -PRODUCT_VERSION=${PRODUCT_VERSION:-001} -BUILD_NUMBER=${BUILD_NUMBER:-001} -LABEL="$PRODUCT_BRAND $PRODUCT_VERSION-$BUILD_NUMBER" -OVA=$STAGING_DIR/tmp/ova.xml -cp $TEMPLATES_DIR/ova.xml.in $OVA -sed -e "s,@VDI_SIZE@,$VDI_SIZE,g" -i $OVA -sed -e "s,@PRODUCT_BRAND@,$PRODUCT_BRAND,g" -i $OVA -sed -e "s,@PRODUCT_VERSION@,$PRODUCT_VERSION,g" -i $OVA -sed -e "s,@BUILD_NUMBER@,$BUILD_NUMBER,g" -i $OVA - -# Directory for xvas -XVA_DIR=$TOP_DIR/xvas - -# Create xva dir -mkdir -p $XVA_DIR +# Set local storage il8n +SR_UUID=`xe sr-list --minimal name-label="Local storage"` +xe sr-param-set uuid=$SR_UUID other-config:i18n-key=local-storage # Clean nova if desired if [ "$CLEAN" = "1" ]; then @@ -210,24 +112,12 @@ if [ ! -d $TOP_DIR/nova ]; then git checkout $NOVA_BRANCH fi -# Run devstack on launch -cat <$STAGING_DIR/etc/rc.local -GUEST_PASSWORD=$GUEST_PASSWORD STAGING_DIR=/ DO_TGZ=0 bash /opt/stack/devstack/tools/xen/prepare_guest.sh -su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack -exit 0 -EOF - # Install plugins cp -pr $TOP_DIR/nova/plugins/xenserver/xenapi/etc/xapi.d /etc/ chmod a+x /etc/xapi.d/plugins/* yum --enablerepo=base install -y parted mkdir -p /boot/guest -# Set local storage il8n -SR_UUID=`xe sr-list --minimal name-label="Local storage"` -xe sr-param-set uuid=$SR_UUID other-config:i18n-key=local-storage - - # Shutdown previous runs DO_SHUTDOWN=${DO_SHUTDOWN:-1} if [ "$DO_SHUTDOWN" = "1" ]; then @@ -248,68 +138,6 @@ if [ "$DO_SHUTDOWN" = "1" ]; then done fi -# Path to head xva. By default keep overwriting the same one to save space -USE_SEPARATE_XVAS=${USE_SEPARATE_XVAS:-0} -if [ "$USE_SEPARATE_XVAS" = "0" ]; then - XVA=$XVA_DIR/$UBUNTU_VERSION.xva -else - XVA=$XVA_DIR/$UBUNTU_VERSION.$GUEST_NAME.xva -fi - -# Clean old xva. In the future may not do this every time. -rm -f $XVA - -# Configure the hostname -echo $GUEST_NAME > $STAGING_DIR/etc/hostname - -# Hostname must resolve for rabbit -cat <$STAGING_DIR/etc/hosts -$MGT_IP $GUEST_NAME -127.0.0.1 localhost localhost.localdomain -EOF - -# Configure the network -INTERFACES=$STAGING_DIR/etc/network/interfaces -cp $TEMPLATES_DIR/interfaces.in $INTERFACES -sed -e "s,@ETH1_IP@,$VM_IP,g" -i $INTERFACES -sed -e "s,@ETH1_NETMASK@,$VM_NETMASK,g" -i $INTERFACES -sed -e "s,@ETH2_IP@,$MGT_IP,g" -i $INTERFACES -sed -e "s,@ETH2_NETMASK@,$MGT_NETMASK,g" -i $INTERFACES -sed -e "s,@ETH3_IP@,$PUB_IP,g" -i $INTERFACES -sed -e "s,@ETH3_NETMASK@,$PUB_NETMASK,g" -i $INTERFACES - -# Gracefully cp only if source file/dir exists -function cp_it { - if [ -e $1 ] || [ -d $1 ]; then - cp -pRL $1 $2 - fi -} - -# Copy over your ssh keys and env if desired -COPYENV=${COPYENV:-1} -if [ "$COPYENV" = "1" ]; then - cp_it ~/.ssh $STAGING_DIR/opt/stack/.ssh - cp_it ~/.ssh/id_rsa.pub $STAGING_DIR/opt/stack/.ssh/authorized_keys - cp_it ~/.gitconfig $STAGING_DIR/opt/stack/.gitconfig - cp_it ~/.vimrc $STAGING_DIR/opt/stack/.vimrc - cp_it ~/.bashrc $STAGING_DIR/opt/stack/.bashrc -fi - -# Configure run.sh -cat <$STAGING_DIR/opt/stack/run.sh -#!/bin/bash -cd /opt/stack/devstack -killall screen -UPLOAD_LEGACY_TTY=yes HOST_IP=$PUB_IP VIRT_DRIVER=xenserver FORCE=yes MULTI_HOST=1 $STACKSH_PARAMS ./stack.sh -EOF -chmod 755 $STAGING_DIR/opt/stack/run.sh - -# Create xva -if [ ! -e $XVA ]; then - rm -rf /tmp/mkxva* - UID=0 $SCRIPT_DIR/mkxva -o $XVA -t xva -x $OVA $STAGING_DIR $VDI_MB /tmp/ -fi - # Start guest $TOP_DIR/scripts/install-os-vpx.sh -f $XVA -v $VM_BR -m $MGT_BR -p $PUB_BR diff --git a/tools/xen/build_xva.sh b/tools/xen/build_xva.sh new file mode 100755 index 0000000000..e4de2a1af6 --- /dev/null +++ b/tools/xen/build_xva.sh @@ -0,0 +1,164 @@ +#!/bin/bash + +# Abort if localrc is not set +if [ ! -e ../../localrc ]; then + echo "You must have a localrc with ALL necessary passwords defined before proceeding." + echo "See the xen README for required passwords." + exit 1 +fi + +# This directory +TOP_DIR=$(cd $(dirname "$0") && pwd) + +# Source params - override xenrc params in your localrc to suite your taste +source xenrc + +# Echo commands +set -o xtrace + +# Directory where we stage the build +STAGING_DIR=$TOP_DIR/stage + +# Option to clean out old stuff +CLEAN=${CLEAN:-0} +if [ "$CLEAN" = "1" ]; then + rm -rf $STAGING_DIR +fi + +# Download our base image. This image is made using prepare_guest.sh +BASE_IMAGE_URL=${BASE_IMAGE_URL:-http://images.ansolabs.com/xen/stage.tgz} +if [ ! -e $STAGING_DIR ]; then + if [ ! -e /tmp/stage.tgz ]; then + wget $BASE_IMAGE_URL -O /tmp/stage.tgz + fi + tar xfz /tmp/stage.tgz + cd $TOP_DIR +fi + +# Free up precious disk space +rm -f /tmp/stage.tgz + +# Make sure we have a stage +if [ ! -d $STAGING_DIR/etc ]; then + echo "Stage is not properly set up!" + exit 1 +fi + +# Directory where our conf files are stored +FILES_DIR=$TOP_DIR/files +TEMPLATES_DIR=$TOP_DIR/templates + +# Directory for supporting script files +SCRIPT_DIR=$TOP_DIR/scripts + +# Version of ubuntu with which we are working +UBUNTU_VERSION=`cat $STAGING_DIR/etc/lsb-release | grep "DISTRIB_CODENAME=" | sed "s/DISTRIB_CODENAME=//"` +KERNEL_VERSION=`ls $STAGING_DIR/boot/vmlinuz* | head -1 | sed "s/.*vmlinuz-//"` + +# Directory for xvas +XVA_DIR=$TOP_DIR/xvas + +# Create xva dir +mkdir -p $XVA_DIR + +# Path to xva +XVA=$XVA_DIR/$GUEST_NAME.xva + +# Setup fake grub +rm -rf $STAGING_DIR/boot/grub/ +mkdir -p $STAGING_DIR/boot/grub/ +cp $TEMPLATES_DIR/menu.lst.in $STAGING_DIR/boot/grub/menu.lst +sed -e "s,@KERNEL_VERSION@,$KERNEL_VERSION,g" -i $STAGING_DIR/boot/grub/menu.lst + +# Setup fstab, tty, and other system stuff +cp $FILES_DIR/fstab $STAGING_DIR/etc/fstab +cp $FILES_DIR/hvc0.conf $STAGING_DIR/etc/init/ + +# Put the VPX into UTC. +rm -f $STAGING_DIR/etc/localtime + +# Configure dns (use same dns as dom0) +cp /etc/resolv.conf $STAGING_DIR/etc/resolv.conf + +# Copy over devstack +rm -f /tmp/devstack.tar +tar --exclude='stage' --exclude='xen/xvas' --exclude='xen/nova' -cvf /tmp/devstack.tar $TOP_DIR/../../../devstack +cd $STAGING_DIR/opt/stack/ +tar xf /tmp/devstack.tar +cd $TOP_DIR + +# Configure OVA +VDI_SIZE=$(($VDI_MB*1024*1024)) +PRODUCT_BRAND=${PRODUCT_BRAND:-openstack} +PRODUCT_VERSION=${PRODUCT_VERSION:-001} +BUILD_NUMBER=${BUILD_NUMBER:-001} +LABEL="$PRODUCT_BRAND $PRODUCT_VERSION-$BUILD_NUMBER" +OVA=$STAGING_DIR/tmp/ova.xml +cp $TEMPLATES_DIR/ova.xml.in $OVA +sed -e "s,@VDI_SIZE@,$VDI_SIZE,g" -i $OVA +sed -e "s,@PRODUCT_BRAND@,$PRODUCT_BRAND,g" -i $OVA +sed -e "s,@PRODUCT_VERSION@,$PRODUCT_VERSION,g" -i $OVA +sed -e "s,@BUILD_NUMBER@,$BUILD_NUMBER,g" -i $OVA + +# Run devstack on launch +cat <$STAGING_DIR/etc/rc.local +GUEST_PASSWORD=$GUEST_PASSWORD STAGING_DIR=/ DO_TGZ=0 bash /opt/stack/devstack/tools/xen/prepare_guest.sh +su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack +exit 0 +EOF + +# Clean old xva. In the future may not do this every time. +rm -f $XVA + +# Configure the hostname +echo $GUEST_NAME > $STAGING_DIR/etc/hostname + +# Hostname must resolve for rabbit +cat <$STAGING_DIR/etc/hosts +$MGT_IP $GUEST_NAME +127.0.0.1 localhost localhost.localdomain +EOF + +# Configure the network +INTERFACES=$STAGING_DIR/etc/network/interfaces +cp $TEMPLATES_DIR/interfaces.in $INTERFACES +sed -e "s,@ETH1_IP@,$VM_IP,g" -i $INTERFACES +sed -e "s,@ETH1_NETMASK@,$VM_NETMASK,g" -i $INTERFACES +sed -e "s,@ETH2_IP@,$MGT_IP,g" -i $INTERFACES +sed -e "s,@ETH2_NETMASK@,$MGT_NETMASK,g" -i $INTERFACES +sed -e "s,@ETH3_IP@,$PUB_IP,g" -i $INTERFACES +sed -e "s,@ETH3_NETMASK@,$PUB_NETMASK,g" -i $INTERFACES + +# Gracefully cp only if source file/dir exists +function cp_it { + if [ -e $1 ] || [ -d $1 ]; then + cp -pRL $1 $2 + fi +} + +# Copy over your ssh keys and env if desired +COPYENV=${COPYENV:-1} +if [ "$COPYENV" = "1" ]; then + cp_it ~/.ssh $STAGING_DIR/opt/stack/.ssh + cp_it ~/.ssh/id_rsa.pub $STAGING_DIR/opt/stack/.ssh/authorized_keys + cp_it ~/.gitconfig $STAGING_DIR/opt/stack/.gitconfig + cp_it ~/.vimrc $STAGING_DIR/opt/stack/.vimrc + cp_it ~/.bashrc $STAGING_DIR/opt/stack/.bashrc +fi + +# Configure run.sh +cat <$STAGING_DIR/opt/stack/run.sh +#!/bin/bash +cd /opt/stack/devstack +killall screen +UPLOAD_LEGACY_TTY=yes HOST_IP=$PUB_IP VIRT_DRIVER=xenserver FORCE=yes MULTI_HOST=1 $STACKSH_PARAMS ./stack.sh +EOF +chmod 755 $STAGING_DIR/opt/stack/run.sh + +# Create xva +if [ ! -e $XVA ]; then + rm -rf /tmp/mkxva* + UID=0 $SCRIPT_DIR/mkxva -o $XVA -t xva -x $OVA $STAGING_DIR $VDI_MB /tmp/ +fi + +echo "Built $XVA. If your dom0 is on a different machine, copy this to [devstackdir]/tools/xen/$XVA" diff --git a/tools/xen/xenrc b/tools/xen/xenrc new file mode 100644 index 0000000000..246ac16be3 --- /dev/null +++ b/tools/xen/xenrc @@ -0,0 +1,38 @@ +#!/bin/bash + +# Name of this guest +GUEST_NAME=${GUEST_NAME:-ALLINONE} + +# Size of image +VDI_MB=${VDI_MB:-2500} + +# VM Password +GUEST_PASSWORD=${GUEST_PASSWORD:-secrete} + +# Our nova host's network info +VM_IP=${VM_IP:-10.255.255.255} # A host-only ip that let's the interface come up, otherwise unused +MGT_IP=${MGT_IP:-172.16.100.55} +PUB_IP=${PUB_IP:-192.168.1.55} + +# Public network +PUB_BR=${PUB_BR:-xenbr0} +PUB_NETMASK=${PUB_NETMASK:-255.255.255.0} + +# VM network params +VM_NETMASK=${VM_NETMASK:-255.255.255.0} +VM_BR=${VM_BR:-xapi1} +VM_VLAN=${VM_VLAN:-100} + +# MGMT network params +MGT_NETMASK=${MGT_NETMASK:-255.255.255.0} +MGT_BR=${MGT_BR:-xapi2} +MGT_VLAN=${MGT_VLAN:-101} + +# XVA Directory +XVA_DIR=${XVA_DIR:-xvas} + +# Path to xva file +XVA=${XVA:-$XVA_DIR/$GUEST_NAME.xva } + +# Source params +cd ../.. && source ./stackrc && cd $TOP_DIR From 44b5736d23aa544ea4ac1c9feadd4724b18102be Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Tue, 7 Feb 2012 18:13:44 +0100 Subject: [PATCH 18/30] Check if screen is installed before using it. Fixes 928377 Change-Id: Ie34860e6d08a457dd52a6c3106d63b54c284f6f3 --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index c40b24c996..093d5d83b3 100755 --- a/stack.sh +++ b/stack.sh @@ -90,7 +90,7 @@ source ./stackrc DEST=${DEST:-/opt/stack} # Check to see if we are already running a stack.sh -if screen -ls | egrep -q "[0-9].stack"; then +if type -p screen >/dev/null && screen -ls | egrep -q "[0-9].stack"; then echo "You are already running a stack.sh session." echo "To rejoin this session type 'screen -x stack'." echo "To destroy this session, kill the running screen." From d1f5243d91de2756fecd52c3b3a15a4f0a488fdf Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 9 Feb 2012 03:50:57 +0000 Subject: [PATCH 19/30] Uses keystone client instead of keystone-manage * Depends on https://review.openstack.org/#change,3948 * Depends on https://review.openstack.org/#change,3945 * Fixes bug 928558 Change-Id: I83c337e3b92a9ab0dac254afe83673185867b7b0 --- files/keystone_data.sh | 178 ++++++++++++++--------------------------- openrc | 2 +- stack.sh | 20 +---- 3 files changed, 64 insertions(+), 136 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 39952b16c6..408e36d382 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -1,112 +1,86 @@ #!/bin/bash -BIN_DIR=${BIN_DIR:-.} # Tenants -ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ - tenant_name=admin` -DEMO_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ - tenant_name=demo` -INVIS_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ - tenant_name=invisible_to_admin` +export SERVICE_TOKEN=$SERVICE_TOKEN +export SERVICE_ENDPOINT=$SERVICE_ENDPOINT + +function get_id () { + echo `$@ | grep id | awk '{print $4}'` +} + +ADMIN_TENANT=`get_id keystone tenant-create --name=admin` +DEMO_TENANT=`get_id keystone tenant-create --name=demo` +INVIS_TENANT=`get_id keystone tenant-create --name=invisible_to_admin` # Users -ADMIN_USER=`$BIN_DIR/keystone-manage user --id-only create \ - name=admin \ - "password=%ADMIN_PASSWORD%" \ - email=admin@example.com` -DEMO_USER=`$BIN_DIR/keystone-manage user --id-only create \ - name=demo \ - "password=%ADMIN_PASSWORD%" \ - email=demo@example.com` +ADMIN_USER=`get_id keystone user-create \ + --name=admin \ + --pass="$ADMIN_PASSWORD" \ + --email=admin@example.com` +DEMO_USER=`get_id keystone user-create \ + --name=demo \ + --pass="$ADMIN_PASSWORD" \ + --email=admin@example.com` # Roles -ADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=admin` -MEMBER_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=Member` -KEYSTONEADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=KeystoneAdmin` -KEYSTONESERVICE_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=KeystoneServiceAdmin` -SYSADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=sysadmin` -NETADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ - name=netadmin` +ADMIN_ROLE=`get_id keystone role-create --name=admin` +MEMBER_ROLE=`get_id keystone role-create --name=Member` +KEYSTONEADMIN_ROLE=`get_id keystone role-create --name=KeystoneAdmin` +KEYSTONESERVICE_ROLE=`get_id keystone role-create --name=KeystoneServiceAdmin` +SYSADMIN_ROLE=`get_id keystone role-create --name=sysadmin` +NETADMIN_ROLE=`get_id keystone role-create --name=netadmin` # Add Roles to Users in Tenants -$BIN_DIR/keystone-manage role add_user_role \ - role=$ADMIN_ROLE \ - user=$ADMIN_USER \ - tenant=$ADMIN_TENANT -$BIN_DIR/keystone-manage role add_user_role \ - role=$MEMBER_ROLE \ - user=$DEMO_USER \ - tenant=$DEMO_TENANT -$BIN_DIR/keystone-manage role add_user_role \ - role=$SYSADMIN_ROLE \ - user=$DEMO_USER \ - tenant=$DEMO_TENANT -$BIN_DIR/keystone-manage role add_user_role \ - role=$NETADMIN_ROLE \ - user=$DEMO_USER \ - tenant=$DEMO_TENANT -$BIN_DIR/keystone-manage role add_user_role \ - role=$MEMBER_ROLE \ - user=$DEMO_USER \ - tenant=$INVIS_TENANT -$BIN_DIR/keystone-manage role add_user_role \ - role=$ADMIN_ROLE \ - user=$ADMIN_USER \ - tenant=$DEMO_TENANT +keystone add-user-role $ADMIN_USER $ADMIN_ROLE $ADMIN_TENANT +keystone add-user-role $DEMO_USER $MEMBER_ROLE $DEMO_TENANT +keystone add-user-role $DEMO_USER $SYSADMIN_ROLE $DEMO_TENANT +keystone add-user-role $DEMO_USER $NETADMIN_ROLE $DEMO_TENANT +keystone add-user-role $DEMO_USER $MEMBER_ROLE $INVIS_TENANT +keystone add-user-role $ADMIN_USER $ADMIN_ROLE $DEMO_TENANT # TODO(termie): these two might be dubious -$BIN_DIR/keystone-manage role add_user_role \ - role=$KEYSTONEADMIN_ROLE \ - user=$ADMIN_USER \ - tenant=$ADMIN_TENANT -$BIN_DIR/keystone-manage role add_user_role \ - role=$KEYSTONESERVICE_ROLE \ - user=$ADMIN_USER \ - tenant=$ADMIN_TENANT +keystone add-user-role $ADMIN_USER $KEYSTONEADMIN_ROLE $ADMIN_TENANT +keystone add-user-role $ADMIN_USER $KEYSTONESERVICE_ROLE $ADMIN_TENANT # Services -$BIN_DIR/keystone-manage service create \ - name=nova \ - service_type=compute \ - "description=Nova Compute Service" +keystone service-create \ + --name=nova \ + --type=compute \ + --description="Nova Compute Service" -$BIN_DIR/keystone-manage service create \ - name=ec2 \ - service_type=ec2 \ - "description=EC2 Compatibility Layer" +keystone service-create \ + --name=ec2 \ + --type=ec2 \ + --description="EC2 Compatibility Layer" -$BIN_DIR/keystone-manage service create \ - name=glance \ - service_type=image \ - "description=Glance Image Service" +keystone service-create \ + --name=glance \ + --type=image \ + --description="Glance Image Service" -$BIN_DIR/keystone-manage service create \ - name=keystone \ - service_type=identity \ - "description=Keystone Identity Service" +keystone service-create \ + --name=keystone \ + --type=identity \ + --description="Keystone Identity Service" if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then - $BIN_DIR/keystone-manage service create \ - name=swift \ - service_type=object-store \ - "description=Swift Service" + keystone service-create \ + --name=swift \ + --type="object-store" \ + --description="Swift Service" fi # create ec2 creds and parse the secret and access key returned -RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$ADMIN_USER tenant_id=$ADMIN_TENANT` -ADMIN_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"` -ADMIN_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"` +RESULT=`keystone ec2-create-credentials --tenant_id=$ADMIN_TENANT --user_id=$ADMIN_USER` + echo `$@ | grep id | awk '{print $4}'` +ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'` +ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'` -RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$DEMO_USER tenant_id=$DEMO_TENANT` -DEMO_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"` -DEMO_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"` +RESULT=`keystone ec2-create-credentials --tenant_id=$DEMO_TENANT --user_id=$DEMO_USER` +DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'` +DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'` # write the secret and access to ec2rc cat > $DEVSTACK_DIR/ec2rc < Date: Wed, 8 Feb 2012 23:33:41 +0000 Subject: [PATCH 20/30] Change to use the right keystonelight repo Change-Id: Ie216b9eade59f09c76d193a6d0fd353a02dd575f --- stackrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stackrc b/stackrc index d30bf6679f..2274e6241a 100644 --- a/stackrc +++ b/stackrc @@ -15,8 +15,8 @@ GLANCE_REPO=https://github.com/openstack/glance.git GLANCE_BRANCH=master # unified auth system (manages accounts/tokens) -KEYSTONE_REPO=https://github.com/termie/keystonelight.git -KEYSTONE_BRANCH=master +KEYSTONE_REPO=https://github.com/openstack/keystone.git +KEYSTONE_BRANCH=redux # a websockets/html5 or flash powered VNC console for vm instances NOVNC_REPO=https://github.com/cloudbuilders/noVNC.git From 6325216cde36c3af89161c0be0d7b652fdc0fccd Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 8 Feb 2012 00:54:20 +0000 Subject: [PATCH 21/30] Update code to remove iscsi targets * Fixes bug 928475 Change-Id: I9b54436522422d865c7add750d612c371945817a --- stack.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/stack.sh b/stack.sh index cccde2954d..0ecbdf8a86 100755 --- a/stack.sh +++ b/stack.sh @@ -1077,15 +1077,12 @@ if [[ "$ENABLED_SERVICES" =~ "n-vol" ]]; then fi if sudo vgs $VOLUME_GROUP; then + # Remove nova iscsi targets + sudo tgtadm --op show --mode target | grep $VOLUME_NAME_PREFIX | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true # Clean out existing volumes for lv in `sudo lvs --noheadings -o lv_name $VOLUME_GROUP`; do # VOLUME_NAME_PREFIX prefixes the LVs we want if [[ "${lv#$VOLUME_NAME_PREFIX}" != "$lv" ]]; then - tid=`egrep "^tid.+$lv" /proc/net/iet/volume | cut -f1 -d' ' | tr ':' '='` - if [[ -n "$tid" ]]; then - lun=`egrep "lun.+$lv" /proc/net/iet/volume | cut -f1 -d' ' | tr ':' '=' | tr -d '\t'` - sudo ietadm --op delete --$tid --$lun - fi sudo lvremove -f $VOLUME_GROUP/$lv fi done From e830a780f03753b18e423c0e66abc5813e84d0cf Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Wed, 8 Feb 2012 11:49:28 -0600 Subject: [PATCH 22/30] Not all distros include a symlink from euca-describe-group to euca-describe-groups Change-Id: Iaba71c36b405d2891aebdb45c1b9fd84853988f5 --- exercises/euca.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/exercises/euca.sh b/exercises/euca.sh index e569196a28..834e4ecf69 100755 --- a/exercises/euca.sh +++ b/exercises/euca.sh @@ -39,9 +39,9 @@ IMAGE=`euca-describe-images | grep machine | cut -f2 | head -n1` SECGROUP=euca_secgroup # Add a secgroup -if ! euca-describe-group | grep -q $SECGROUP; then +if ! euca-describe-groups | grep -q $SECGROUP; then euca-add-group -d "$SECGROUP description" $SECGROUP - if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! euca-describe-group | grep -q $SECGROUP; do sleep 1; done"; then + if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! euca-describe-groups | grep -q $SECGROUP; do sleep 1; done"; then echo "Security group not created" exit 1 fi From 36867add0ea38dc88f58a1b77bf28f762f384a91 Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Thu, 9 Feb 2012 16:27:58 +0100 Subject: [PATCH 23/30] Remove TMUX support. After discussion on the mailing list tmux is not used much and since it was broken for a while remove that support. Fixes bug 928967. Change-Id: Iff1eea45190f4ef873c60b3563fe94359702446d --- stack.sh | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/stack.sh b/stack.sh index 0ecbdf8a86..00cc1dd2c9 100755 --- a/stack.sh +++ b/stack.sh @@ -1236,17 +1236,12 @@ fi function screen_it { NL=`echo -ne '\015'` if [[ "$ENABLED_SERVICES" =~ "$1" ]]; then - if [[ "$USE_TMUX" =~ "yes" ]]; then - tmux new-window -t stack -a -n "$1" "bash" - tmux send-keys "$2" C-M - else - screen -L -S stack -X screen -t $1 - # sleep to allow bash to be ready to be send the command - we are - # creating a new window in screen and then sends characters, so if - # bash isn't running by the time we send the command, nothing happens - sleep 1.5 - screen -L -S stack -p $1 -X stuff "$2$NL" - fi + screen -S stack -X screen -t $1 + # sleep to allow bash to be ready to be send the command - we are + # creating a new window in screen and then sends characters, so if + # bash isn't running by the time we send the command, nothing happens + sleep 1.5 + screen -S stack -p $1 -X stuff "$2$NL" fi } From 6869d1ab7812c378ae65cab92ed6b84b699ec019 Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Thu, 9 Feb 2012 16:44:32 +0100 Subject: [PATCH 24/30] Add object-expirer. Fixes bug 928198. Change-Id: I0f3bbe323cdb285714d1c80fe7e7b7d9842ece06 --- files/swift/object-server.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/swift/object-server.conf b/files/swift/object-server.conf index 06fbffea77..2f888a275f 100644 --- a/files/swift/object-server.conf +++ b/files/swift/object-server.conf @@ -18,3 +18,5 @@ vm_test_mode = yes [object-updater] [object-auditor] + +[object-expirer] From 73c70890785e2c9e7312fe5ad579bf9a9d400de1 Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Thu, 9 Feb 2012 16:36:15 +0100 Subject: [PATCH 25/30] Launch screen with bash as shell Since screen commands are bash specifics make sure we launch screen with bash login shell instead of other shells. Fixes bug928883. Change-Id: I62b4c7182682deb4ef16ed0cf1a3b5a130c1c4ee --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 00cc1dd2c9..f9ac5bab6f 100755 --- a/stack.sh +++ b/stack.sh @@ -1246,7 +1246,7 @@ function screen_it { } # create a new named screen to run processes in -screen -L -d -m -S stack -t stack +screen -d -m -S stack -t stack -s /bin/bash sleep 1 # set a reasonable statusbar screen -r stack -X hardstatus alwayslastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%< %= %H" From 2fcb6661cc13d77add8133e769b3c1650e093272 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Fri, 3 Feb 2012 20:17:22 +0000 Subject: [PATCH 26/30] Configure vnc url endpoints on compute hosts * The compute manager constructs access urls, and so needs this info Change-Id: Ifa5f515a071d5006f6fc5cc6103eff91eafdb2b7 --- stack.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/stack.sh b/stack.sh index f9ac5bab6f..596ebd6f05 100755 --- a/stack.sh +++ b/stack.sh @@ -1141,11 +1141,11 @@ add_nova_flag "--vlan_interface=$VLAN_INTERFACE" add_nova_flag "--sql_connection=$BASE_SQL_CONN/nova" add_nova_flag "--libvirt_type=$LIBVIRT_TYPE" add_nova_flag "--instance_name_template=${INSTANCE_NAME_PREFIX}%08x" -if [[ "$ENABLED_SERVICES" =~ "n-novnc" ]]; then +# All nova-compute workers need to know the vnc configuration options +# These settings don't hurt anything if n-xvnc and n-novnc are disabled +if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then NOVNCPROXY_URL=${NOVNCPROXY_URL:-"http://$SERVICE_HOST:6080/vnc_auto.html"} add_nova_flag "--novncproxy_base_url=$NOVNCPROXY_URL" -fi -if [[ "$ENABLED_SERVICES" =~ "n-xvnc" ]]; then XVPVNCPROXY_URL=${XVPVNCPROXY_URL:-"http://$SERVICE_HOST:6081/console"} add_nova_flag "--xvpvncproxy_base_url=$XVPVNCPROXY_URL" fi From 4f830e11f3e2497693243a423913d5799af71012 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Sat, 11 Feb 2012 00:17:31 -0800 Subject: [PATCH 27/30] Logout and delete iscsi sessions Change-Id: I4906f943adc226c2dba9faf5e1595f47c4466432 --- stack.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/stack.sh b/stack.sh index 596ebd6f05..5cc1424b47 100755 --- a/stack.sh +++ b/stack.sh @@ -899,6 +899,10 @@ if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then echo $instances | xargs -n1 virsh undefine || true fi + # Logout and delete iscsi sessions + sudo iscsiadm --mode node | grep $VOLUME_NAME_PREFIX | cut -d " " -f2 | xargs sudo iscsiadm --mode node --logout || true + sudo iscsiadm --mode node | grep $VOLUME_NAME_PREFIX | cut -d " " -f2 | sudo iscsiadm --mode node --op delete || true + # Clean out the instances directory. sudo rm -rf $NOVA_DIR/instances/* fi From 00596bb5f227732045c0aa0fab38f2e0c6054aca Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Fri, 16 Dec 2011 20:23:07 +0000 Subject: [PATCH 28/30] switch public_interface to br100 so that floating ips don't get bumped between interfaces * Set VLAN_INTERFACE to eth0 by default Change-Id: I8a85465fa389af3af04d91775a99df58b2da575a --- stack.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stack.sh b/stack.sh index 5cc1424b47..788c16049e 100755 --- a/stack.sh +++ b/stack.sh @@ -271,14 +271,14 @@ function read_password { # FIXME: more documentation about why these are important flags. Also # we should make sure we use the same variable names as the flag names. -PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-eth0} +PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-br100} FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24} FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256} FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.224/28} NET_MAN=${NET_MAN:-FlatDHCPManager} EC2_DMZ_HOST=${EC2_DMZ_HOST:-$SERVICE_HOST} FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-br100} -VLAN_INTERFACE=${VLAN_INTERFACE:-$PUBLIC_INTERFACE} +VLAN_INTERFACE=${VLAN_INTERFACE:-eth0} # Test floating pool and range are used for testing. They are defined # here until the admin APIs can replace nova-manage From 31cce21808d259037703cc3386ad99b50482d5f5 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Wed, 1 Feb 2012 18:01:01 -0600 Subject: [PATCH 29/30] Blueprint cli-auth * Add proper test for swift in client-env.sh * Remove all VERIFY variables; nothing beyond the 4 OS_ vars is set now * Update exercises for Keystone 2.0 auth * swift understands Keystone 2.0 auth now, don't download custom binary * cleanup uploaded bundle in bundle.sh Change-Id: I99c818d81534bbf93c0e142513acb80e5fe613ea --- exercises/bundle.sh | 3 +++ exercises/client-env.sh | 46 ++++++++++----------------------------- exercises/floating_ips.sh | 13 ++--------- exercises/volumes.sh | 13 ++--------- stack.sh | 6 ----- 5 files changed, 18 insertions(+), 63 deletions(-) diff --git a/exercises/bundle.sh b/exercises/bundle.sh index ca35c9afa3..d5c78af32b 100755 --- a/exercises/bundle.sh +++ b/exercises/bundle.sh @@ -46,3 +46,6 @@ if ! timeout $REGISTER_TIMEOUT sh -c "while euca-describe-images | grep '$AMI' | echo "Image $AMI not available within $REGISTER_TIMEOUT seconds" exit 1 fi + +# Clean up +euca-deregister $AMI diff --git a/exercises/client-env.sh b/exercises/client-env.sh index f4172bcb9d..a15a5c04d9 100755 --- a/exercises/client-env.sh +++ b/exercises/client-env.sh @@ -52,18 +52,13 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then if [[ "$SKIP_EXERCISES" =~ "key" ]] ; then STATUS_KEYSTONE="Skipped" else - if [[ -n "$VERIFY" ]]; then - # Save original environment - xOS_AUTH_URL=$OS_AUTH_URL - xOS_TENANT_NAME=$OS_TENANT_NAME - xOS_USERNAME=$OS_USERNAME - xOS_PASSWORD=$OS_PASSWORD - # keystone can't handle a trailing '/' - export OS_AUTH_URL=${OS_AUTH_URL%/} - # does any non-admin request work? - export OS_USERNAME=admin - export OS_TENANT_NAME=admin - fi + # We need to run the keystone test as admin since there doesn't + # seem to be anything to test the cli vars that runs as a user + # tenant-list should do that, it isn't implemented (yet) + xOS_TENANT_NAME=$OS_TENANT_NAME + xOS_USERNAME=$OS_USERNAME + export OS_USERNAME=admin + export OS_TENANT_NAME=admin echo -e "\nTest Keystone" if keystone service-list; then @@ -72,13 +67,9 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then STATUS_KEYSTONE="Failed" RETURN=1 fi - if [[ -n "$VERIFY" ]]; then - # Save original environment - OS_AUTH_URL=$xOS_AUTH_URL - OS_TENANT_NAME=$xOS_TENANT_NAME - OS_USERNAME=$xOS_USERNAME - OS_PASSWORD=$xOS_PASSWORD - fi + + OS_TENANT_NAME=$xOS_TENANT_NAME + OS_USERNAME=$xOS_USERNAME fi fi @@ -89,12 +80,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then if [[ "$SKIP_EXERCISES" =~ "n-api" ]] ; then STATUS_NOVA="Skipped" else - if [[ -n "$VERIFY" ]]; then - # Known novaclient breakage: - # NOVA_VERSION must be set or nova silently fails - export NOVA_VERSION=2 - fi - echo -e "\nTest Nova" if nova flavor-list; then STATUS_NOVA="Succeeded" @@ -112,14 +97,6 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then if [[ "$SKIP_EXERCISES" =~ "g-api" ]] ; then STATUS_GLANCE="Skipped" else - if [[ -n "$VERIFY" ]]; then - # Known glance client differage: - export OS_AUTH_TENANT=$OS_TENANT_NAME - export OS_AUTH_USER=$OS_USERNAME - export OS_AUTH_KEY=$OS_PASSWORD - export OS_AUTH_STRATEGY=keystone - fi - echo -e "\nTest Glance" if glance index; then STATUS_GLANCE="Succeeded" @@ -138,8 +115,7 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then STATUS_SWIFT="Skipped" else echo -e "\nTest Swift" - # FIXME(dtroyer): implement swift test - if true; then + if swift stat; then STATUS_SWIFT="Succeeded" else STATUS_SWIFT="Failed" diff --git a/exercises/floating_ips.sh b/exercises/floating_ips.sh index c1cffa4a73..233313e829 100755 --- a/exercises/floating_ips.sh +++ b/exercises/floating_ips.sh @@ -48,15 +48,6 @@ DEFAULT_FLOATING_POOL=${DEFAULT_FLOATING_POOL:-nova} # Additional floating IP pool and range TEST_FLOATING_POOL=${TEST_FLOATING_POOL:-test} -# Get a token for clients that don't support service catalog -# ========================================================== - -# manually create a token by querying keystone (sending JSON data). Keystone -# returns a token and catalog of endpoints. We use python to parse the token -# and save it. - -TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$OS_USERNAME\", \"password\": \"$OS_PASSWORD\"}}}" -H "Content-type: application/json" ${OS_AUTH_URL%/}/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` - # Launching a server # ================== @@ -70,10 +61,10 @@ nova list nova image-list # But we recommend using glance directly -glance -f -A $TOKEN -H $GLANCE_HOST index +glance -f index # Grab the id of the image to launch -IMAGE=`glance -f -A $TOKEN -H $GLANCE_HOST index | egrep $DEFAULT_IMAGE_NAME | head -1 | cut -d" " -f1` +IMAGE=`glance -f index | egrep $DEFAULT_IMAGE_NAME | head -1 | cut -d" " -f1` # Security Groups # --------------- diff --git a/exercises/volumes.sh b/exercises/volumes.sh index 1f7c25f5b1..1fcc034bbf 100755 --- a/exercises/volumes.sh +++ b/exercises/volumes.sh @@ -34,15 +34,6 @@ DEFAULT_INSTANCE_TYPE=${DEFAULT_INSTANCE_TYPE:-m1.tiny} # Boot this image, use first AMi image if unset DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ami} -# Get a token for clients that don't support service catalog -# ========================================================== - -# manually create a token by querying keystone (sending JSON data). Keystone -# returns a token and catalog of endpoints. We use python to parse the token -# and save it. - -TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$OS_USERNAME\", \"password\": \"$OS_PASSWORD\"}}}" -H "Content-type: application/json" ${OS_AUTH_URL%/}/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"` - # Launching a server # ================== @@ -56,10 +47,10 @@ nova list nova image-list # But we recommend using glance directly -glance -f -A $TOKEN -H $GLANCE_HOST index +glance -f index # Grab the id of the image to launch -IMAGE=`glance -f -A $TOKEN -H $GLANCE_HOST index | egrep $DEFAULT_IMAGE_NAME | head -1 | cut -d" " -f1` +IMAGE=`glance -f index | egrep $DEFAULT_IMAGE_NAME | head -1 | cut -d" " -f1` # determinine instance type # ------------------------- diff --git a/stack.sh b/stack.sh index 788c16049e..d803816ca9 100755 --- a/stack.sh +++ b/stack.sh @@ -981,12 +981,6 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then # We install the memcache server as this is will be used by the # middleware to cache the tokens auths for a long this is needed. apt_get install memcached - - # We need a special version of bin/swift which understand the - # OpenStack api 2.0, we download it until this is getting - # integrated in swift. - sudo https_proxy=$https_proxy curl -s -o/usr/local/bin/swift \ - 'https://review.openstack.org/gitweb?p=openstack/swift.git;a=blob_plain;f=bin/swift;hb=48bfda6e2fdf3886c98bd15649887d54b9a2574e' else swift_auth_server=tempauth fi From 258c95de099309bd6b26f441d004ca3f67e9c25a Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 14 Feb 2012 14:20:36 -0800 Subject: [PATCH 30/30] Update paste config to return version info Change-Id: I67edb5c9aab6899c105666a4541918bad9116386 --- files/keystone.conf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/files/keystone.conf b/files/keystone.conf index 3167c0f455..45044f7631 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -69,10 +69,24 @@ pipeline = token_auth admin_token_auth json_body debug ec2_extension public_serv [pipeline:admin_api] pipeline = token_auth admin_token_auth json_body debug ec2_extension crud_extension admin_service +[app:public_version_service] +paste.app_factory = keystone.service:public_version_app_factory + +[app:admin_version_service] +paste.app_factory = keystone.service:admin_version_app_factory + +[pipeline:public_version_api] +pipeline = public_version_service + +[pipeline:admin_version_api] +pipeline = admin_version_service + [composite:main] use = egg:Paste#urlmap /v2.0 = public_api +/ = public_version_api [composite:admin] use = egg:Paste#urlmap /v2.0 = admin_api +/ = admin_version_service