* Move remaining role creation to create_keystone_accounts()
* Move glance creation to create_glance_accounts()
* Move nova/ec2/s3 creation to create_nova_accounts()
* Move ceilometer creation to create_ceilometer_accounts()
* Move tempest creation to create_tempest_accounts()
* Convert moved code to use OpenStackClient for setup
* files/keystone_data.sh is removed
Note that the SERVICE_TENANT and ADMIN_ROLE lookups in the other service
implementations are not necessary with OSC, all operations can be done
using names rather than requiring IDs.
Change-Id: I4283ca0036ae39fd44ed2eed834b69d78e4f8257
Check that function calls look like ^function foo {$ in bash8, and fix
all existing failures of that check. Add a note to HACKING.rst
Change-Id: Ic19eecb39e0b20273d1bcd551a42fe400d54e938
This converts the special cases in the is_service_enabled() function to call
individual functions declared by the projects. This allows projects that
are not in the DevStack repo and called via the extras.d plugin to handle
an equivalent service alias.
* Ceilometer
* Cinder
* Glance
* Neutron
* Nova
* Swift
TODO: remove the tests from is_service_enabled() after a transition period
Patch Set 2: Rebased
Change-Id: Ic78be433f93a9dd5f46be548bdbd4c984e0da6e7
glance just used to admin role for token validation,
the service role is sufficient for this.
glance also needs an user with enough permission to use swift,
so creating a dedictated service user for swift usage when s-proxy is
enabled.
Change-Id: I6df3905e5db35ea3421468ca1ee6d8de3271f8d1
The list of services that Tempest used to set its 'service_available'
config values was hard-coded. To be plugin-friendly have each
service (project) add its name to the TEMPEST_SERVICES variable
and use that for setting the 'service_avilable' values.
Change-Id: I208efd7fd0798b18ac2e6353ee70b773e84a2683
Change Id9aab356b36b2150312324a0349d120bbbbd4e63 introduced a call to
iniset_multiline to enable swift stores explicitly. However, the call
has a missing file argument which resulted in this call setting the
values to the wrong file, section and param. This patch fixes that.
Change-Id: Ib17048e05c467bc8ca2c13fe4297d6bac6c8a880
* Save PID when using screen in screen_it()
* Add screen_stop()
* Call out service stop_*() in unstack.sh functions so screen_stop()
can do its thing
Closes-bug: 1183449
Change-Id: Iac84231cfda960c4197de5b6e8ba6eb19225169a
The version of the authentication url is set to v1.0 for some
projects by default. We can make it configurable via the parameter
"$IDENTITY_API_VERSION".
Closes-Bug: #1253539
Change-Id: I6640e345d1317b1308403c95b13f8a998320241b
Devstack currently relies on the default value of the `known_stores`
configuration option. This patch enables explicitly the default stores
used by devstack.
The real fix for the issue below will land in Glance. However, since the
default stores will be FS and HTTP we need devstack to enable Swift's as
well, which is required in the gates, hence this patch.
Partially-fixes: #1255556
Change-Id: Id9aab356b36b2150312324a0349d120bbbbd4e63
Allow providing certificates through environment variables to be used
for keystone, and provide the basis for doing this for other services.
It cannot be used in conjunction with tls-proxy as the service provides
it's own encrypted endpoint.
Impletmenting: blueprint devstack-https
Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0
Address miscellaneous issues with Markdown formatting in comments which
are consumed by shocco when generating the online documentation.
Change-Id: I953075cdbddbf1f119c6c7e35f039e2e54b79078
When end users specify proxy settings in config file for wget /etc/wgetrc:
http_proxy = http://...
or for curl ${HOME}/.curlrc:
proxy = http://...
Using `http_proxy="" wget' can not skip the proxy setting in the
config files, also it can skip proxy settings in env viriables.
In order to skip proxy setting in both env and config file, we pass
--no-proxy option for wget, and --noproxy '*' for curl.
Fixes bug #1224836
Change-Id: I2b25aeca9edf2ce4525fb1db325e5e24c18b4d55
As per https://bugs.launchpad.net/glance/+bug/1213197, and subsequent
review at https://review.openstack.org/#/c/47161/ Glance-manage commands
are proposed to be subcommands of 'db'. This would require change to the
script to recreate_db which calls the db_sync command.
Implements blueprint edit-glance-manage-command-for-recreate-db
Change-Id: I9470709ec34896dba7a37fdff4791206bb5ef5ed
I find that enabling the debug log level often causes me to miss
important error messages due to the sheer volume of information
logged. This change allows configuration of the debug option
in a number of the projects so it can be disabled globally
without having to make one-off changes after each re-stack.
Note that this does not apply to Keystone or Swift right now.
They use a different method to configure their logging level and
I'm not as familiar with them so I didn't want to mess with their
settings.
Change-Id: I185d496543d245a644854c8a37f3359377cb978c
configure remains just to generate configs, install now
gets the setup_develop in addition to the git clone. This lets
use remove configure_glanceclient as a function
Change-Id: I68e3e3973d15dc0b4f534662a4f57a9f38f69784
for files that don't start with a #! or end in .sh, the added tags
are nice for emacs users to automatically switch to the right mode.
Change-Id: If4b93e106191bc744ccad8420cef20e751cdf902
clean.sh gets rid of all residue of running DevStack except installed
packages and pip modules.
And it eradicates rabbitmq-server and ts erlang dependencies as well as
the other RPC backends and databases.
Change-Id: I2b9a251a0a151c012bae85a5a2f9c2f72e7700be
Fixes bug 1137667
Previously the auth/sasl config for qpidd was broken, and the
openstack services using RPC were not properly configured.
Now we ensure that:
- the admin qpid_username/password are configured for all services
(as the qpidd ACL config denies all access to non-admin users)
- the PLAIN sasl mechanism is configured for qpidd (otherwise the
qpid_password is not propogated)
- the qpidd process has read permission on the sasl DB (otherwise
thw admin user/apss cannot be verified even if set)
Change-Id: Id6bd675841884451b78f257afe786f494a03c0f7
It is hard to grep errors in current log. so in this patch,
I'm updating die function which also writes log for
screen_log_dir/error.log.
In future, we may categolize negative fault by using
this error.log.
Change-Id: I70a8cfe67ed408284f5c88c762c6bb8acb8ecdb2
get_python_exec_prefix returns the path to the direcotry where python
executables are installed, that is /usr/bin on Fedora and /usr/local/bin
everywhere else.
It is used to properly locate OpenStack executables.
Fixes: bug #1068386
Change-Id: I228498ebe2762568d00757d065e37377ee2c8fb3
On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.
Just several "su" variant has an option for skipping the new session creation step.
Only one session can posses a tty, so after a "su -c" the sudo will not
work.
We will use sudo instead of su, when we create the stack account.
This change adds new variable the STACK_USER for
service username.
Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c
This prevents old invalid tokens from working after a rerun of stack.sh
and potentially providing users and tenants that don't exist.
Fixes bug 1089700
Change-Id: Icfc22978e41e459d51b50bc7ad2e6d98d766e402
Fixes bug 1088801
devstack does not create signing_dir when keystone token format is UUID.
If the default value of signing_dir is read-only, OpenStack services
such as Quantum server failed to start due to permission denied.
On the keystone client cannot know which token_format is used in keystone
in advance, so signing_dir should be created regardless of the token format.
Change-Id: I1b0d25c1ac4d22d9fb2c5443d15b96fdaa5a4c81
This reverts commit 71cf53a9f60176419732f3ecbbce11c75190c059.
The attempt to set the queue durability for Glance notifications always
sets the queues to durable. We are reverting this until a refined
approach is available.
Change-Id: I469e5149d21e3fcdd409da8114d5ccef1ff1243c
Due to a problematic bug in Glance (https://bugs.launchpad.net/glance/+bug/1074132),
I was unable to get stack.sh to complete successfully. The workaround on the
Glance bug was to set the rabbit_durable_queues value to match the setting
of the local Rabbit consumers and exchanges.
This patch merely looks for any consumer or exchange that
is durable and ensures that the default durable_rabbit_queues
config option of False is set to True in that case.
Change-Id: Ia5a165a5a06d11d1fe6492ca32139972d49d3a1e
This patch adds an interface for supporting multiple database backend
types and implemnts support for PostgreSQL. It also adds a function,
use_exclusive_service, which serves as a base for enabling a service
that conflicts with other services. The use_database function uses it,
and it might also be useful for selecting messaging backends.
MySQL is still selected by default. Tested on Fedora 17 and Ubuntu
12.04 with MySQL and PostgreSQL. Implements blueprint postgresql-support
Change-Id: I4b1373e25676fd9a9809fe70cb4a6450a2479174
* Configure Cinder, Glance, Keystone, Nova to put cached credentials
from keystone.auth_token into /var/cache/<service>
It is not obvious to me that having each of these service share a
credentials cache is a good idea. It does appear to work but this
patch takes the conservative approach of putting each service's cache
in a distinct directory.
More importantly it gets them out of $HOME!
Change-Id: If88088fc287a2f2f4f3e34f6d9be9de3da7ee00d
Some changes are required so that ceilometer can gather usage data
from glance (notification & polling) out-of-the-box in devstack:
- configure glance to emit notifications if rabbitmq or qpid
is enabled
- configure the ceilometer collector to consume notifications
on the default glance topic (glance_notifications.*)
- pass credentials to ceilometer central agent so that it
authtenticate polling calls to glance
Change-Id: I0eac223eddb615266e28447b18fcaaadcd40dddf
The next in a line of changes to break down stack.sh and make
it a bit more manageable.
Part of blueprint devstack-modular
Change-Id: Ie0104f0de281497f2c10f653aebb8e7cbedc4204