Otherwise in standalone mode we use the new default of "trusts"
which won't work.
Change-Id: If18db711faf7810217af0a89d1e38590a94d8e5b
Closes-bug: 1436631
This change adds the dib-utils repo, and adds git_clone calls for the
required os-*-config projects.
Change-Id: I2641feb0c462d2940f2698515ff62a2ff06c0e70
This eliminated a number of sudo calls by doing the copy/chown/chmod in
a single step and sets a common pattern.
Change-Id: I9c8f48854d5bc443cc187df0948c28b82c4d2838
Heat can now run in standalone mode with the default v3 keystone
backend.
This change removes the installation of the v2 contrib backend.
It also configures saner defaults when HEAT_STANDALONE is True.
Using trusts and a stack-domain will never work in standalone mode
since they both require a service user which doesn't exist in
standalone mode.
Finally, this change prevents heat.conf being populated with service user options
not required by standalone mode.
Configuring the v2 backend may be reintroduced later with a dedicated
flag variable.
Change-Id: I88403e359e5e59e776b25ba1b65fae6fa8a3548e
iniset_rpc_backend should know what section it needs to set the
config options in better than the callers. The config options
have actually been moved to different sections and the options
in the DEFAULT section are deprecated.
Change-Id: I0e07fe03c7812ef8df49e126bf71c57588635639
diskimage-builder is a utility rather than a service, and is already
installed in devstack via pip when required.
lib/dib was created to allow an image to be created during a devstack
run for the heat functional tests, however this approach is no longer
being taken and there are no other known uses for lib/dib.
This change removes lib/dib and moves the pip mirror building to
lib/heat so that snapshot pip packages of the heat agent projects can
be made available to servers which the heat functional tests boot.
This also removes tripleo-image-elements, which has never
been utilised, and since images won't be created
during heat functional test runs it is no longer required.
Change-Id: Ic77f841437ea23c0645d3a34d9dd6bfd1ee28714
The code for creating service users is almost exactly the same. Abstract
this into a function that can be reused and standardized.
Change-Id: I3a4edbff0a928da7ef9b0097a5a8d508fdfab7ff
The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.
Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
Allow the elements built into the heat functional test image to
be overridden via the localrc, allows easier testing of local
images with different/additional elements.
Change-Id: Ibaf2322e0572d25461579bbb2dc8a18858f4e09c
When running with HEAT_CREATE_TEST_IMAGE=True, it's necessary
to add dib to ENABLED_SERVICES, or the image building will fail
so check for is_service_enabled dib before we start and error
with a helpful message if it's not.
Change-Id: Ia7ee64f6f8dd628267e485a1dc67581d8896d19c
This makes a bunch of variable cleanups that will let -o nounset
function, for the time being we hide nounset behind another setting
variable so that it's not on by default.
Because this is bash, and things are only executed on demand, this
probably only works in the config it was run in. Expect cleaning up
all the paths to be something that takes quite a while.
This also includes a new set of unit tests around the trueorfalse
function, because my change in how it worked, didn't. Tests are good
m'kay.
Change-Id: I71a896623ea9e1f042a73dc0678ce85acf0dc87d
Slowly trying to introduce more v3 concepts into a generic
devstack installation.
Work with description of none and description with spaces
Change-Id: I7d2fde58363698ff020f92f129f1ff7378f945a8
As of release 1.3 auth_token middleware can be configured to use any
authentication plugin. This allows us to move to the more generic
password mechanism which will default to using keystone v3 if available.
This will allow in future revisions to move the devstack service users
out of the default domain.
Work will need to be done in heat to remove it's dependency on the
(supposed to be private) keystone_authtoken CONF values.
Change-Id: Ieac26806bd420aa08fc79bbc6a11eb6a1c15c7df
We use InnoDB everywhere, so there should be no issues with long unicode
keys. Dropped charset parameter for recreate_database since it's not
needed anymore.
Change-Id: Ib768402a9337c918309030a92ab81da17269f4f6
There are two important reasons for this change:
- Other OpenStack components contain this code already.
- Heat store references on client/constraint/version plugins in
setup.cfg and and stevedore uses these references, so we should
install Heat after changing this part of code. As example look patch
https://review.openstack.org/#/c/86978/ for grenade job, where
heat-engine can not find two constrainsts due to changing their code
place between releases.
Change-Id: Ic6b1f70ec2d2c06002eb6877a747b7b84213c710
Closes-Bug: #1402985
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.
Change-Id: Id238748417ffab53e02d59413dba66f61e724383
Since https://review.openstack.org/#/c/128509/ heat no longer requires
the "heat_stack_owner" role by default, as we now delegate all roles
via the trust. So remove the now unnecessary role creation and assignment
from lib/heat.
Change-Id: Ia097ac9a76b3242ed6e62b11ca64c7ac7680b97c
We're moving to a model like nova where we don't maintain a static
sample config, instead providing a readme showing how to generate
it in https://review.openstack.org/#/c/138800/, so this change
is needed before we can land that change.
Change-Id: I335a33646eef72962c9036dcd1de50144d8575c8
We're using all the magic variables based on python-fooclient, however
all the inline code was using fooclient for variables. So we had a
mismatch, which was kindly pointed out by some of the 3rd party ci
testers.
Change-Id: I27a56222c7e8e610fba8bf97672d2a42f5cf14ca
expand the devstack support for libraries from released versions to
support python-* clients and tempest_lib.
Depends-On: I81b0d228e7769758c61e5b0323ecfce8c8886d39
Change-Id: I26fac0ccf8fd4818e24618d56bf04b32306f88f6
Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.
To enable SSL via proxy, in local.conf add
ENABLED_SERVICES+=,tls-proxy
This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.
To enable SSL natively, in local.conf add:
USE_SSL=True
Native SSL by default will also use the devstack-generate root and
subordinate CA.
You can override this on a per-service basis by setting
<SERVICE>_SSL_CERT=/path/to/cert
<SERVICE>_SSL_KEY=/path/to/key
<SERVICE>_SSL_PATH=/path/to/ca
You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.
Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
Closes-Bug: 1328226
For functional testing of heat-standalone it is desirable for
heat to orchestrate on the rest of the cloud which is brought up
by devstack. This change makes the following changes to enable
this when HEAT_STANDALONE=True:
- Don't register the orchestration endpoint or create any dedicated
heat accounts
- Install and configure the heat keystone V2 auth plugin instead of
the default v3
- set heat.conf [clients_heat] url so that heat can call its own
API when no orchestration endpoint is registered
- Modify create_userrc.sh to set the required heat client env
variables to work with the standalone heat
Change-Id: Idae33bf1a9d550e2575e6390d2d7c8d3b94c401d
Each project was configuring the auth_token middleware using several
lines of inisets. Since all the projects should configure the
auth_token middleware in the same way create a function and call it.
Change-Id: I3b6727d5a3bdc0ca600d8faa23bc6db32bb32260
run_process will use screen if USE_SCREEN=True (the default),
otherwise it will simply start the requested service. Therefore
wherever screen_it used, run_process can be instead.
Where stop_screen was found it has been replaced with stop_process.
A tail_log function has been added which will tail a logfile in a
screen if USE_SCREEN is True.
lib/template has been updated to reflect the use of the new
functions.
When using sg the quoting in run_process gets very complicated.
To get around this run_process and the functions it calls accepts
an optional third argument. If set it is a group to be used with sg.
Change-Id: Ia3843818014f7c6c7526ef3aa9676bbddb8a85ca
Using bc 64 times in loop is too verbose and slow,
replacing the echo/bc loop with hexdump and urandom.
The hexdump approach is 75 times faster and
does not floods the debug logs.
Using the common function for generating,
this kind of string with lib/heat and by the read_password.
Change-Id: If6a86dfaf0c21e2635c6de0a7b96a8ed7ec5b507
This is only triggered if HEAT_CREATE_TEST_IMAGE is True
This custom image contains the following:
* heat-cfntools from git rather than the packaged version, which
will allow gating on heat-cfntools changes
* os-collect-config, os-apply-config, os-refresh-config, which
will allow gating on these projects, and will allow heat
software-config tests to be written
* software-config hooks from heat-templates, which will allow tempest
tests to be written for software-config with different configuration
tools (script, puppet, cfn-init etc)
The heat functional tests will soon replace the heat-slow tempest job,
so heat-slow tempest configuration will be removed after the heat
functional test job is gating.
Change-Id: I2e0490c1662a184d4c6d8c7e9ebb128e1912f1b0
These functions allow images to be built using diskimage-builder which
contain packages built from local project checkouts:
build_dib_pip_repo() - Builds a local pip repo from local projects and configures
apache to serve it
disk_image_create_upload() - Creates and uploads a diskimage-builder built image
The unused function lib/heat disk_image_create has been deleted.
Change-Id: Ia75c7c35bfd48dbe6ae3cb9c3241de0b598cbf84
These projects contain agents which can be installed on custom
images. Installing these repos will allow a future change to
build a custom image containing these projects. This will allow
gating on any changes in these projects by running heat-slow
on the custom image.
The corresponding devstack-gate change is
https://review.openstack.org/#/c/92055/
Change-Id: I7b1343c094f755f79ddeb1bac3ff4c0daa3fb70c