keystone v3 is the default API version in horizon now,
so there is no need to specify it in local_settings.py explicitly.
This commit also makes minor changes in lib/horizon
_horizon_config_set().
* Do not insert a blank line after each setting.
* Use the local variable $file to specify the target file
consistently.
Change-Id: I5faea3e1f357726a256d2b48fc1afeabfead4998
Keystone now provides a set of default roles in addition to `admin`
by default [0]. This is done during the `keystone-manage bootstrap`
process.
This change aligns the `Member` role override from devstack with the
`member` role provided from keystone.
[0] https://review.openstack.org/#/c/572243/
Change-Id: I3da3530aa73a8a1500116bcefdcba7b947d5e05e
Closes-Bug: 1777359
In Queens cycle, the code of django_openstack_auth was merged into
the horizon repository. The master branch of django_openstack_auth
will be retired. (horizon blueprint merge-openstack-auth)
This commit drops django_openstack_auth related code from DevStack.
_prepare_message_catalog_compilation in lib/horizon was used only
in install_django_openstack_auth, so it is dropped too.
Change-Id: If9467c520a1e07d1968b29e485df0097330356bc
When the ldap service is enable on local.conf devstack ldap
plugin starts slapd service using its default config on Ubuntu
and installs ldap-utils package.
Enables domain specific drivers on Keystone and creates LDAP
domain 'Users' with a demo user.
Change-Id: I8d7aa260b01f675e4ed201ef93bfd66474f4b228
Use trueorfalse to normalize the values for USE_PYTHON3
Install 3.5 instead of 3.4 When USE_PYTHON3 is specified.
Also, since not many packages are classified correctly, fallback
to looking for just "Programming Language :: Python :: 3" and
log a message for the package to highlight the problem.
Also special case some services that are *almost* ready
Depends-On: Id48e1b328230fcdf97ed1cb4b97f4c3f9cf6eb8a
Depends-On: Ib7d9aa0e0b74a936002e0eea0b3af05102b06a62
Change-Id: I243ea4b76f0d5ef57a03b5b0798a05468ee6de9b
Horizon is removing run_tests in favour of tox during Ocata, as part of
https://blueprints.launchpad.net/horizon/+spec/enhance-tox. To complete
this move, we need to remove any reliance on run_tests.
Change-Id: Ia8ad073aee68d1660d3bb5a68ec07516d8ce0665
If devstack is deployed in the VM with defined
public IP address (like 192.168.10.6) it is not possible to
access the Horizon from the browser.
This is because DEBUG=True means that ALLOWED_HOSTS, if not set,
is equal to ['localhost', '127.0.0.1', '[::1]'] according
to Django's documentation.
Change-Id: I0ab2b57e459dbfa3b01b3e9388bbcefac076a142
Co-Authored-By: David Lyle <dklyle0@gmail.com>
Closes-Bug: #1643050
Using devstack on a RHEL based system results in
"Listen 0.0.0.0:80" being added to the
/etc/httpd/conf/httpd.conf.
This configures Apache to only listen to port 80 on an IPv4 interface.
This makes it not possible to access Horizon via IPv6 without
re-configuring and restarting httpd.
Removing this sed leaves the default "Listen 80" from the rpm package,
which binds to all interfaces and will allow connection to Horizon
via IPv6.
Change-Id: I9fe8cbebff0ca6a30ceeaae0f7e035c9bb828d44
If devstack is deployed in the VM with defined
public IP address (like 192.168.10.6) it is not possible to
access the Horizon from the browser.
This is because DEBUG=True means that ALLOWED_HOSTS, if not set,
is equal to ['localhost', '127.0.0.1', '[::1]'] according
to Django's documentation.
Change-Id: I74ae99569dafa10eee7066713a05fb49183e3fca
The horizon cleanup function wasn't being called at all during
cleanup which left the Apache configuration.
Change-Id: Iff5336d0c5e79cfc82f1c648afaabb869d86020e
lib/keystone sets KEYSTONE_AUTH_URI and KEYSTONE_SERVICE_URI that
other projects should use rather than building the URL themselves.
This will allow us to more easily drop the port altogether.
Change-Id: I7467aae680215f3045d32a088af2187e1eba8169
Horizon now uses the WEBROOT to populate the value of $webroot in
the CSS code. The CUSTOM_THEME_PATH pointing to the webroot theme
to explicitly set the same value is no longer necessary.
Closes-Bug: 1540801
Change-Id: Ic212796ee0905751ac3fd619bbbc902d25ea10d5
Previously horizon configuration and start are done too early
and as a result horizon init and start need to be run twice
after horizon plugins are enabled.
- horizon config was done before "run_phase stack install"
- horizon init and start were done before "run_phase stack post-config"
This commit rearrange horizon setup to the appropriate phases
defined in the devstack plugin interface.
- Configuration of horizon settings is moved to configure_horizon.
- horizon config is now called between run_phase stack install
and post-config.
- horizon init and start are now called between run_phase stack
post-config and extra.
Change-Id: I8bf2ceaf7734c4f7cec68bc05d7cdbae81ef311e
I noticed this when debugging some grenade issues failures.
An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.
We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.
When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).
The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.
The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.
Some files had already discovered this. In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste. This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.
Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
Ia0957b47187c3dcadd46154b17022c4213781112 proposes to have bashate
find instances of setting a local value. The issue is that "local"
always returns 0, thus hiding any failure in the commands running to
set the variable.
This is an automated replacement of such instances
Depends-On: I676c805e8f0401f75cc5367eee83b3d880cdef81
Change-Id: I9c8912a8fd596535589b207d7fc553b9d951d3fe
The previous approach assumed that devstack in tree service support
would always be a super set of tempest. That's not necessarily
true. Instead when configuring tempest we should look at all the
possible services that tempest could know about, which will let us
disable services we don't have support for.
Change-Id: I9c24705e494689f09a885eb0a640efd50db33fcf
Currently horizon configures keystone using v3 only if v2 is not
available. Really we should just always be using v3.
Change-Id: Icac4d90b617209da75abf33f8e25ffc021c45fdb
With keystone's move to /identity, a conflict in for resources was
created as both keystone and horizon used /identity. The keystone
config took precedence and rendered API output in the horizon UI.
This patch sets the root for horizon to /dashboard and serves all
horizon content from there. Additionally, a RedirectMatch has been added
to the apache config for horizon to redirect '/' to '/dashboard' this
will allow the implementation to change without being immediately
painful to users.
Also made the path '/dashboard/' configurable in stackrc.
Closes-Bug: #1478306
Depends-On: I9a04f936ed6d8c14775a332dc28e903992806c42
for devstack-gate changes to remove hard coded horizon url structure
assumptions.
Change-Id: I6fbca5cea9e44df160afbccc71bd045437657320
The setting for overriding Horizon's OPENSTACK_API_VERSIONS is not
the correct format. The version should be a number, not a string.
so should be 3, not "v3".
Change-Id: I193d21514b196336796eac067417dc2aaec56433
Closes-Bug: #1460190
When the property ENABLE_IDENTITY_V2 is set to
False in the local.conf file, devstack will:
* Disable the v2 API in Keystone paste config;
* Set Tempest to skip Identity v2 tests and use
v3 auth tokens to run all the other tests;
* Set Horizon to use v3 API and v3 auth tokens;
* Register the Identity endpoint as v3.
Change-Id: I2575a516244b848e5ed461e7f488c59edc41068d
This creates a new pip_install_gr that installs from global
requirements allowed versions. Now that stable branches are getting
capped all of devstack needs to be fixed to do things like this.
Change-Id: I8fd0ef2bfc544ca2576fab09d3018f760b8848fe
Horizon by default using the _member_ role,
which is considered as a legacy role.
The tools/create_userrc.sh already creates the regular users,
with Member role.
Change-Id: Ibc07a0f28d0729f8a717a54e94fe014853363592
Closes-Bug: #1421616
Instead of specifying the version of a library in devstack, use the version from
global-requirements
Add new function get_from_global_requirements and use it
where it makes sense.
Change-Id: I6b2f062761ac05ef72fc6cc9993bc204faf06fa5
el6 is shipped with Python 2.6.x which is not expected
to be supported with the openstack kilo release.
For el6 support we need to do lot of thing differently,
which makes the code more complicated.
This change removes el6 and py26 support from devstack.
This change also removed a discontinued (1 year ago)
openSUSE 12.2 code path, which used a similar codepath as el6.
Several comment related to el6 also removed or modified.
Change-Id: Iea0b0c98a5e11fd85bb5e93c099f740fe05d2f3a
This makes a bunch of variable cleanups that will let -o nounset
function, for the time being we hide nounset behind another setting
variable so that it's not on by default.
Because this is bash, and things are only executed on demand, this
probably only works in the config it was run in. Expect cleaning up
all the paths to be something that takes quite a while.
This also includes a new set of unit tests around the trueorfalse
function, because my change in how it worked, didn't. Tests are good
m'kay.
Change-Id: I71a896623ea9e1f042a73dc0678ce85acf0dc87d
Now that Keystone is back to UUID token defaults the use case for this
in devstack is extremely dubious, and it can be set through via
local.conf if anyone *really* cares.
Part of bp:devstack-nounset
Change-Id: I644b5b1579952959d253758b2a12b97d8a704657
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.
Change-Id: Id238748417ffab53e02d59413dba66f61e724383
After the recent patch [1] the devstack is broken for Fedora 20 with
the error "django-admin.py: command not found" during horizon setup.
This is due to differences in how django currently packaged for Fedora,
where we should use "django-admin", without the .py
This patch sets up executable alias by checking if "django-admin"
exists, and falling back on "django-admin.py".
[1] https://review.openstack.org/#/c/120940/
Change-Id: I2b6de25fe32446edbdc0418674fea8579ec739d9
Making the horizon scss compilation and compression happen offline.
Potentially fixing an issue with parallel compression in devstack.
Related-Bug: #1345955
Change-Id: I066c80e06a92302a3f8dc5fd45d127fbde6cf99c
Recently compiled message catalogs (mo files) were removed
in Horizon and django_openstack_auth repositories.
We need to compile message catalogs to make translations
available for Horizon users. It is useful for developers too.
Change-Id: I0831e8308205c116d8e3bb8b43be7f0dd6fa0c0a
- Horizon no longer has "enable_security_group" setting
so we need to remove it.
- There is no need to set enable_lb/firewall/vpn to True
when q-lbaas/q-fwaas/q-vpn is enabled because Horizon now checks if
Neutron ext-list and enables corresponding dashboards accordingly.
Change-Id: I37073d73e4cba0103ab1a3d935302f1cd0ef73c5
The Keystone server and auth_token middleware were enhanced to
support a configurable hash algorithm.
With this change, the user can set
KEYSTONE_TOKEN_HASH_ALGORITHM=sha256
in their localrc to use the SHA256 algorithm rather than the
default md5. Any hash algorithm supported by Python's hashlib can
be used. The MD5 algorithm doesn't provide enough protection from
hash collisions and some security standards mandate a SHA2 hash
algorithm.
Change-Id: I8b373291ceb760a03c4c14aebfeb53d8d0dfbcc1
Closes-Bug: #1174499
run_process will use screen if USE_SCREEN=True (the default),
otherwise it will simply start the requested service. Therefore
wherever screen_it used, run_process can be instead.
Where stop_screen was found it has been replaced with stop_process.
A tail_log function has been added which will tail a logfile in a
screen if USE_SCREEN is True.
lib/template has been updated to reflect the use of the new
functions.
When using sg the quoting in run_process gets very complicated.
To get around this run_process and the functions it calls accepts
an optional third argument. If set it is a group to be used with sg.
Change-Id: Ia3843818014f7c6c7526ef3aa9676bbddb8a85ca
This change uses mod_version (shipped by default on everything we care
about) to set-up version-specific config within apache rather than
within devstack scripts.
Clean up the horizon and keystone config file generation to use the
internal apache matching.
Since I6478db385fda2fa1c75ced12d3e886b2e1152852 the apache matching in
'functions' is actually duplicated. just leave get_apache_version in
lib/apache as it is used for config-file name matching in there.
Change-Id: I6478db385fda2fa1c75ced12d3e886b2e1152852
This is fundamentally a library. As such we should setup_install
so that we can possibly pin it, otherwise we *always* get the
git version instead.
Change-Id: Ia815f2675cf535bb05a7e8eda853690171559b86
It would be useful for development, reviewing and testing to add
support for django_openstack_auth to devstack.
This change adds the integration tests to the openstack_auth
list of test: https://review.openstack.org/#/c/86528/
Change-Id: Ifbd336b83f6b2beb23996b599ec820232c13efdd
Closes-Bug: #1262121
