Allow providing certificates through environment variables to be used
for keystone, and provide the basis for doing this for other services.
It cannot be used in conjunction with tls-proxy as the service provides
it's own encrypted endpoint.
Impletmenting: blueprint devstack-https
Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0
Replacing $BASH_SOURCE with ${BASH_SOURCE:-$0} makes devstack zsh friendly: in
bash, $BASH_SOURCE is used per usual; in zsh, where $BASH_SOURCE isn't
defined, $0 is used, which, unlike in bash, evaluates to the current
source file.
Now you can source devstack's openrc from a zsh shell.
Tested with bash and zsh from directories other than the root devstack
directory.
Change-Id: Iab1a817b15d86144163b5094bb58f94b15c598a0
Set OS_VOLUME_API_VERSION environment variable to 2 so we use
specifically Cinder REST API v2. v1 is still enabled in the catalog, but
we want more exposure to v2 for testing.
Change-Id: I6c2f29edf44a0f58a7830fe4dd2db35f2db3658c
* Default IDENTITY_API_VERSION to '2.0' in stackrc
Note: the value of these *_API_VERSION variables will NOT include
the leading 'v' as the CLI tools do not allow it.
Change-Id: Ic6473833be35625282e7442f3c88fc1c4d0cc134
This is essentially a revert of
73695d0ea490c4c7a1158957dd5a85586cfa0933. Since stackrc is
responsible for sourcing localrc, the required functions
are necessary (like for enable_service).
fixes bug 1186488
Change-Id: Iad90f802e77b94416821008c294c1a2ede8a4729
- Cleanup openrc, removing the sourcing of functions (which was failing
for zsh) and remove the *_DEBUG comment since they have been removed
from the clients.
Change-Id: Ie2e6fb1e770403c4ef3463a850e8151bd312614c
Specifically to recall HOST_IP and SERVICE_HOST for the current DevStack configuration.
Bug 930274
Change-Id: I299d94101ab93faccc88917503409e0afaa0a523
There are some environment variables that are derived in stack.sh
and cubersome to re-create later, so save them at the end of stack.sh
for use by other supporting scripts, such as openrc.
Change-Id: I1bbf717b970f8ceac0ff7da74aeaf19474997e07
* Adds lib/tls to create test CA/certs
* Start proxy if 'tls-proxy' is enabled
* Configure keystone service catalog for TLS
* Tear down proxy in unstack.sh
* Set auth protocol and ca-cert chain in openrc
* Add DATA_DIR to stackrc
This is the first in a series of patches to enable TLS support
for the service API endpoints.
Change-Id: Ia1c91dc8f1aaf94fbec9dc71da322559a83d14b6
sudo is only allowed in stack.sh on the CI, so move setup_quantum code
to the stack.sh.
also fixes quantum debug command setup for linuxbridge and ryu
Change-Id: I11bc0aa242a690e25acc088b3e9f483ceab38f26
Editing ENABLED_SERVICES directly can get tricky when
the user wants to disable something. This patch includes
two new functions for adding or removing services
safely, and a third (for completeness) to clear the
settings entirely before adding a minimal set of
services.
It also moves the logic for dealing with "negated"
services into a function so it can be tested and
applied by the new functions for manipulating
ENABLED_SERVICES.
Change-Id: I88f205f3666b86e6f0b6a94e0ec32a26c4bc6873
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
Fix bug 967429.
Don't use $USERNAME as a variable in openrc. It's commonly set by
default and can result in $OS_USERNAME getting set to something else
unexpectedly, resulting in an environment that doesn't work.
Change-Id: I6083a871209d30c81ca6876b1ef6c154aef7f598
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
This patch waits for instance termination to complete before trying to
delete the security group. The last change to simply move the security
group deletion to after euca-terminate-instance was not sufficient, as
it has to wait until the termination is complete.
Change-Id: Icba579534f324afb4d44abd42d8c755834dd2a57
Add the OS_* env variables to mirror the NOVA_* vars; example:
setting OS_USERNAME will override NOVA_USERNAME in the clients and
tools, but if left unset it defaults to NOVA_USERNAME.
Adds exercises/client-env.sh to test operation of command-line
clients with only the OS_* variables set
Addresses bug 897304, http://wiki.openstack.org/CLIAuth
Change-Id: I72450153541072fe8026a82748cfcd1cf5ed31d8
floating_ips and volumes exercises both access Glance directly, but
assume it is running locally. To better accomodate exercising a
multi-host cloud, specify glance host via GLANCE_HOST setting which
defaults to HOST_IP to maintain current single-node functionality.
Change-Id: Iad06044af031083afa477204d446ada5161ca521
* modifies stack.sh to run nova-cert and nova-objectstore
* adds exercises/bundle.sh to test for bundling
* requires https://review.openstack.org/#change,3200
Change-Id: I850891948fbdfdf5890225f94df755e5dbc733d0
* increase some timeouts
* tolerate existing security groups and rules
* add optional DEFAULT_IMAGE_NAME to select the image to boot
* fix image lists via glance
Change-Id: I31ae743e602f69a2c9f872273273f542fc4afda3