Updated repository for minimum viable kilo install

* Updated Keystone wsgi and paste files from upstream.
* Updated all clients in the openstack_client.yml file.
* Kilo services are tracking the head of master.
* Removed pinned middleware because they're pinned else where.
* Added additional service references for neutron vpnaas, fwaas, and
  lbaas which have now been moved into their own repos and no longer
  exist within the core neutron repository.
* The neutron vpnaas, fwaas, and lbaas have been removed from the
  basic plugins being loaded and a comment has been added to describe
  how one might add them back in.
* Updated rootwrap filters for neutron dhcp and l3.
* Updated heat policy.json
* Added the `python-libguestfs` to the nova-compute installation
  packages.
* Updates all services to point to the latest kilo tag

Services updated due to deprecated configs:
* Keystone
* Glance
* Nova
* Neutron (is still using the deprecated nova auth plugin)
* Heat
* Tempest

Items for future work post initial release:
* roles/os_neutron/files/post-up-checksum-rules:25:
  TODO(cloudnull) remove this script once the bug is fixed.
* roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml:17:
  TODO(someone): implement a more robust way of checking

Implements: blueprint minimal-kilo

Closes-Bug: 1428421
Closes-Bug: 1428431
Closes-Bug: 1428437
Closes-Bug: 1428445
Closes-Bug: 1428451
Closes-Bug: 1428469
Closes-Bug: 1428639

Change-Id: I28a305d9e40a9cf70148ef7d7b00d467a65ca076

playbooks/roles/os_glance/defaults/main.yml

@@ -34,6 +34,14 @@ glance_notification_driver: noop
 glance_rpc_backend: glance.openstack.common.rpc.impl_kombu
 glance_default_store: file
 
+
+## API options
+glance_enable_v1_api: True
+glance_enable_v1_registry: True
+glance_enable_v2_api: True
+glance_enable_v2_registry: True
+
+
 ## Swift Options
 glance_swift_store_auth_address: NoAuthAddress
 glance_swift_store_user: NoUser

playbooks/roles/os_glance/files/policy.json

@@ -7,7 +7,7 @@
     "get_image": "",
     "get_images": "",
     "modify_image": "",
-    "publicize_image": "",
+    "publicize_image": "role:admin",
     "copy_from": "",
 
     "download_image": "",
@@ -28,5 +28,34 @@
     "get_task": "",
     "get_tasks": "",
     "add_task": "",
-    "modify_task": ""
+    "modify_task": "",
+
+    "deactivate": "",
+    "reactivate": "",
+
+    "get_metadef_namespace": "",
+    "get_metadef_namespaces":"",
+    "modify_metadef_namespace":"",
+    "add_metadef_namespace":"",
+
+    "get_metadef_object":"",
+    "get_metadef_objects":"",
+    "modify_metadef_object":"",
+    "add_metadef_object":"",
+
+    "list_metadef_resource_types":"",
+    "get_metadef_resource_type":"",
+    "add_metadef_resource_type_association":"",
+
+    "get_metadef_property":"",
+    "get_metadef_properties":"",
+    "modify_metadef_property":"",
+    "add_metadef_property":"",
+
+    "get_metadef_tag":"",
+    "get_metadef_tags":"",
+    "modify_metadef_tag":"",
+    "add_metadef_tag":"",
+    "add_metadef_tags":""
+
 }

playbooks/roles/os_glance/tasks/glance_post_install.yml

@@ -49,17 +49,18 @@
   tags:
     - glance-config
 
-- name: Drop Glance Config(s)
+- name: Drop Glance static Config(s)
   copy:
-    src: "{{ item }}"
-    dest: "/etc/glance/{{ item }}"
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
     owner: "{{ glance_system_user_name }}"
     group: "{{ glance_system_group_name }}"
   with_items:
-    - glance-api-paste.ini
-    - glance-registry-paste.ini
-    - policy.json
-    - schema.json
+    - { src: "glance-api-paste.ini", dest: "/etc/glance/glance-api-paste.ini" }
+    - { src: "glance-registry-paste.ini", dest: "/etc/glance/glance-registry-paste.ini" }
+    - { src: "policy.json", dest: "/etc/glance/policy.json" }
+    - { src: "schema.json", dest: "/etc/glance/schema.json" }
+    - { src: "schema.json", dest: "/etc/glance/schema-image.json" }
   notify:
     - Restart glance api
     - Restart glance registry

playbooks/roles/os_glance/tasks/glance_pre_install.yml

@@ -39,12 +39,13 @@
     state: directory
     owner: "{{ item.owner|default(glance_system_user_name) }}"
     group: "{{ item.group|default(glance_system_group_name) }}"
+    mode: "{{ item.mode|default('0755') }}"
   with_items:
     - { path: "/etc/glance" }
-    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
+    - { path: "/etc/sudoers.d", mode: "0755", owner: "root", group: "root" }
     - { path: "/var/cache/glance" }
     - { path: "{{ glance_system_user_home }}" }
-    - { path: "{{ glance_system_user_home }}/cache/api" }
+    - { path: "{{ glance_system_user_home }}/cache/api", mode: "0700" }
     - { path: "{{ glance_system_user_home }}/cache/registry" }
     - { path: "{{ glance_system_user_home }}/images/" }
     - { path: "{{ glance_system_user_home }}/scrubber" }

playbooks/roles/os_glance/templates/glance-api.conf.j2

@@ -18,6 +18,11 @@ registry_port = {{ glance_registry_service_port }}
 registry_client_protocol = {{ glance_service_proto }}
 cinder_catalog_info = volume:cinder:internalURL
 
+enable_v1_api = {{ glance_enable_v1_api }}
+enable_v1_registry = {{ glance_enable_v1_registry }}
+enable_v2_api = {{ glance_enable_v2_api }}
+enable_v2_registry = {{ glance_enable_v2_registry }}
+
 notification_driver = {{ glance_notification_driver }}
 {% if glance_notification_driver == "messaging" %}
 ##### RPC MESSAGING OPTIONS #####
@@ -66,13 +71,11 @@ flavor = {{ glance_flavor }}
 
 [glance_store]
 default_store = {{ glance_default_store }}
-stores = glance.store.filesystem.Store,
-         glance.store.http.Store,
-         glance.store.cinder.Store,
-         glance.store.swift.Store
 {% if glance_default_store == "file" %}
+stores = glance.store.filesystem.Store,glance.store.http.Store,glance.store.cinder.Store
 filesystem_store_datadir = {{ glance_system_user_home }}/images/
 {% elif glance_default_store == "swift" %}
+stores = glance.store.swift.Store,glance.store.http.Store,glance.store.cinder.Store
 swift_store_auth_version = 2
 swift_store_auth_address = {{ glance_swift_store_auth_address }}
 swift_store_user = {{ glance_swift_store_user }}

playbooks/roles/os_heat/files/api-paste.ini

@@ -1,6 +1,7 @@
+
 # heat-api pipeline
 [pipeline:heat-api]
-pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app
+pipeline = request_id faultwrap ssl versionnegotiation osprofiler authurl authtoken context apiv1app
 
 # heat-api pipeline for standalone heat
 # ie. uses alternative auth backend that authenticates users against keystone
@@ -11,7 +12,7 @@ pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app
 #   flavor = standalone
 #
 [pipeline:heat-api-standalone]
-pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1app
+pipeline = request_id faultwrap ssl versionnegotiation authurl authpassword context apiv1app
 
 # heat-api pipeline for custom cloud backends
 # i.e. in heat.conf:
@@ -19,11 +20,11 @@ pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1ap
 #   flavor = custombackend
 #
 [pipeline:heat-api-custombackend]
-pipeline = faultwrap versionnegotiation context custombackendauth apiv1app
+pipeline = request_id faultwrap versionnegotiation context custombackendauth apiv1app
 
 # heat-api-cfn pipeline
 [pipeline:heat-api-cfn]
-pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app
+pipeline = cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
 
 # heat-api-cfn pipeline for standalone heat
 # relies exclusively on authenticating with ec2 signed requests
@@ -32,7 +33,7 @@ pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app
 
 # heat-api-cloudwatch pipeline
 [pipeline:heat-api-cloudwatch]
-pipeline = versionnegotiation ec2authtoken authtoken context apicwapp
+pipeline = versionnegotiation osprofiler ec2authtoken authtoken context apicwapp
 
 # heat-api-cloudwatch pipeline for standalone heat
 # relies exclusively on authenticating with ec2 signed requests
@@ -92,3 +93,12 @@ paste.filter_factory = heat.common.auth_password:filter_factory
 # Auth middleware that validates against custom backend
 [filter:custombackendauth]
 paste.filter_factory = heat.common.custom_backend_auth:filter_factory
+
+# Middleware to set x-openstack-request-id in http response header
+[filter:request_id]
+paste.filter_factory = oslo.middleware.request_id:RequestId.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes

playbooks/roles/os_heat/files/policy.json

@@ -8,6 +8,7 @@
     "cloudformation:DescribeStacks": "rule:deny_stack_user",
     "cloudformation:DeleteStack": "rule:deny_stack_user",
     "cloudformation:UpdateStack": "rule:deny_stack_user",
+    "cloudformation:CancelUpdateStack": "rule:deny_stack_user",
     "cloudformation:DescribeStackEvents": "rule:deny_stack_user",
     "cloudformation:ValidateTemplate": "rule:deny_stack_user",
     "cloudformation:GetTemplate": "rule:deny_stack_user",
@@ -50,7 +51,13 @@
     "stacks:show": "rule:deny_stack_user",
     "stacks:template": "rule:deny_stack_user",
     "stacks:update": "rule:deny_stack_user",
+    "stacks:update_patch": "rule:deny_stack_user",
     "stacks:validate_template": "rule:deny_stack_user",
+    "stacks:snapshot": "rule:deny_stack_user",
+    "stacks:show_snapshot": "rule:deny_stack_user",
+    "stacks:delete_snapshot": "rule:deny_stack_user",
+    "stacks:list_snapshots": "rule:deny_stack_user",
+    "stacks:restore_snapshot": "rule:deny_stack_user",
 
     "software_configs:create": "rule:deny_stack_user",
     "software_configs:show": "rule:deny_stack_user",
@@ -60,5 +67,7 @@
     "software_deployments:show": "rule:deny_stack_user",
     "software_deployments:update": "rule:deny_stack_user",
     "software_deployments:delete": "rule:deny_stack_user",
-    "software_deployments:metadata": ""
+    "software_deployments:metadata": "",
+
+    "service:index": "rule:context_is_admin"
 }

playbooks/roles/os_heat/tasks/heat_pre_install.yml

@@ -39,12 +39,13 @@
     state: directory
     owner: "{{ item.owner|default(heat_system_user_name) }}"
     group: "{{ item.group|default(heat_system_group_name) }}"
+    mode: "{{ item.mode|default('0755') }}"
   with_items:
     - { path: "/etc/heat" }
     - { path: "/etc/heat/environment.d" }
     - { path: "/etc/heat/templates" }
-    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
-    - { path: "/var/cache/heat" }
+    - { path: "/etc/sudoers.d", owner: "root", group: "root" }
+    - { path: "/var/cache/heat", mode: "0700" }
     - { path: "{{ heat_system_home_folder }}" }
   tags:
     - heat-dirs

playbooks/roles/os_heat/templates/heat.conf.j2

@@ -19,18 +19,9 @@ heat_watch_server_url = {{ heat_watch_server_url }}
 heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
 heat_metadata_server_url = {{ heat_metadata_server_url }}
 
-
 ## RPC Backend
 rpc_backend = {{ heat_rpc_backend }}
 
-
-## RabbitMQ
-rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
-rabbit_hosts = {{ rabbitmq_servers }}
-
-
 ## Plugin dirs
 plugin_dirs = {{ heat_plugin_dirs | join(',') }}
 
@@ -80,6 +71,14 @@ bind_port = {{ heat_cfn_service_port }}
 [heat_api_cloudwatch]
 bind_port = {{ heat_watch_port }}
 
+
+[oslo_messaging_rabbit]
+rabbit_port = {{ rabbitmq_port }}
+rabbit_userid = {{ rabbitmq_userid }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_hosts = {{ rabbitmq_servers }}
+
+
 [keystone_authtoken]
 signing_dir = /var/cache/heat
 identity_uri = {{ keystone_service_adminuri }}

playbooks/roles/os_keystone/defaults/main.yml

@@ -37,16 +37,36 @@ keystone_identity_driver: "keystone.identity.backends.sql.Identity"
 # For a sql backed token storage use: "keystone.token.backends.sql.Token"
 keystone_token_driver: "keystone.token.persistence.backends.memcache.Token"
 keystone_token_provider: "keystone.token.providers.uuid.Provider"
+keystone_token_expiration: 43200
+keystone_token_cache_time: 3600
+
+# Set the revocation driver used within keystone.
+keystone_revocation_driver: keystone.contrib.revoke.backends.sql.Revoke
+keystone_revocation_cache_time: 3600
+keystone_revocation_expiration_buffer: 1800
+
+keystone_cache_expiration_time: 5400
+
+keystone_assignment_driver: keystone.assignment.backends.sql.Assignment
+
+keystone_resource_cache_time: 3600
+keystone_resource_driver: keystone.resource.backends.sql.Resource
 
 keystone_bind_address: 0.0.0.0
 
 ## Memcached servers used within keystone.
 # String or Comma separated list of servers.
 keystone_memcached_servers: 127.0.0.1
+keystone_memcached_max_compare_and_set_retry: 16
 
 ## DB info
 keystone_galera_user: keystone
 keystone_galera_database: keystone
+# Database tuning
+keystone_database_idle_timeout: 200
+keystone_database_min_pool_size: 5
+keystone_database_max_pool_size: 10
+keystone_database_pool_timeout: 200
 
 ## Role info
 keystone_role_name: admin
@@ -131,8 +151,10 @@ keystone_pip_packages:
   - ldappool
   - lxml
   - MySQL-python
+  - oslo.middleware
   - pbr
   - pycrypto
+  - pysaml2
   - python-keystoneclient
   - python-memcached
   - repoze.lru

playbooks/roles/os_keystone/files/keystone-paste.ini

@@ -3,6 +3,9 @@
 [filter:debug]
 paste.filter_factory = keystone.common.wsgi:Debug.factory
 
+[filter:request_id]
+paste.filter_factory = oslo_middleware:RequestId.factory
+
 [filter:build_auth_context]
 paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory
 
@@ -39,6 +42,9 @@ paste.filter_factory = keystone.contrib.s3:S3Extension.factory
 [filter:endpoint_filter_extension]
 paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
 
+[filter:endpoint_policy_extension]
+paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory
+
 [filter:simple_cert_extension]
 paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory
 
@@ -49,16 +55,7 @@ paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
 paste.filter_factory = keystone.middleware:NormalizingFilter.factory
 
 [filter:sizelimit]
-paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
-
-[filter:stats_monitoring]
-paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
-
-[filter:stats_reporting]
-paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
-
-[filter:access_log]
-paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
+paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
 
 [app:public_service]
 paste.app_factory = keystone.service:public_app_factory
@@ -70,13 +67,19 @@ paste.app_factory = keystone.service:v3_app_factory
 paste.app_factory = keystone.service:admin_app_factory
 
 [pipeline:public_api]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
+# The last item in this pipeline must be public_service or an equivalent
+# application. It cannot be a filter.
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
 
 [pipeline:admin_api]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
+# The last item in this pipeline must be admin_service or an equivalent
+# application. It cannot be a filter.
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
 
 [pipeline:api_v3]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3
+# The last item in this pipeline must be service_v3 or an equivalent
+# application. It cannot be a filter.
+pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension endpoint_policy_extension service_v3
 
 [app:public_version_service]
 paste.app_factory = keystone.service:public_version_app_factory

playbooks/roles/os_keystone/files/keystone-wsgi.py

@@ -12,49 +12,14 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import logging
 import os
 
-from oslo import i18n
+from keystone.server import wsgi as wsgi_server
 
 
-# NOTE(dstanek): i18n.enable_lazy() must be called before
-# keystone.i18n._() is called to ensure it has the desired lazy lookup
-# behavior. This includes cases, like keystone.exceptions, where
-# keystone.i18n._() is called at import time.
-i18n.enable_lazy()
-
-
-from keystone import backends
-from keystone.common import dependency
-from keystone.common import environment
-from keystone.common import sql
-from keystone import config
-from keystone.openstack.common import log
-from keystone import service
-
-
-CONF = config.CONF
-
-config.configure()
-sql.initialize()
-config.set_default_for_default_log_levels()
-
-CONF(project='keystone')
-config.setup_logging()
-
-environment.use_stdlib()
 name = os.path.basename(__file__)
 
-if CONF.debug:
-    CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
-
-
-drivers = backends.load_backends()
-
 # NOTE(ldbragst): 'application' is required in this context by WSGI spec.
 # The following is a reference to Python Paste Deploy documentation
 # http://pythonpaste.org/deploy/
-application = service.loadapp('config:%s' % config.find_paste_config(), name)
-
-dependency.resolve_future_dependencies()
+application = wsgi_server.initialize_application(name)

playbooks/roles/os_keystone/templates/keystone.conf.j2

@@ -4,12 +4,9 @@
 verbose = {{ verbose }}
 debug = {{ debug }}
 admin_token = {{ keystone_auth_admin_token }}
-bind_host = {{ keystone_bind_address }}
-public_port = {{ keystone_service_port }}
 {% if keystone_public_endpoint is defined %}
 public_endpoint = {{ keystone_public_endpoint }}
 {% endif %}
-admin_port = {{ keystone_admin_port }}
 admin_endpoint = {{ keystone_service_adminuri }}
 fatal_deprecations = {{ keystone_fatal_deprecations }}
 
@@ -23,40 +20,52 @@ rpc_backend = {{ keystone_rpc_backend }}
 
 [memcache]
 servers = {{ keystone_memcached_servers }}
+max_compare_and_set_retry = {{ keystone_memcached_max_compare_and_set_retry }}
 
 
-max_compare_and_set_retry = 16
-
 {% if keystone_cache_backend_argument is defined %}
 [cache]
 backend = dogpile.cache.memcached
 backend_argument = {{ keystone_cache_backend_argument }}
 config_prefix = cache.keystone
 distributed_lock = True
-expiration_time = 5400
+expiration_time = {{ keystone_cache_expiration_time }}
 enabled = true
 {% endif %}
 
+
 [revoke]
-expiration_buffer = 1800
 caching = true
+driver = {{ keystone_revocation_driver }}
+expiration_buffer = {{ keystone_revocation_expiration_buffer }}
+cache_time = {{ keystone_revocation_cache_time }}
+
 
 [auth]
 methods = {{ keystone_auth_methods }}
 
+
 [database]
 connection = mysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ galera_address }}/{{ keystone_galera_database }}?charset=utf8
-idle_timeout = 200
-min_pool_size = 5
-max_pool_size = 10
-pool_timeout = 200
+idle_timeout = {{ keystone_database_idle_timeout }}
+min_pool_size = {{ keystone_database_min_pool_size }}
+max_pool_size = {{ keystone_database_max_pool_size }}
+pool_timeout = {{ keystone_database_pool_timeout }}
+
 
 [identity]
 driver = {{ keystone_identity_driver }}
 
+
 [assignment]
-driver = keystone.assignment.backends.sql.Assignment
+driver = {{ keystone_assignment_driver }}
+
+
+[resource]
+cache_time = {{ keystone_resource_cache_time }}
 caching = true
+driver = {{ keystone_resource_driver }}
+
 
 {% if keystone_ldap is defined %}
 {% for section in keystone_ldap|dictsort %}
@@ -70,9 +79,14 @@ caching = true
 
 [token]
 enforce_token_bind = permissive
-revocation_cache_time = 3600
-expiration = 43200
+expiration = {{ keystone_token_expiration }}
 caching = true
-cache_time = 5400
+cache_time = {{ keystone_token_cache_time }}
 provider = {{ keystone_token_provider }}
 driver = {{ keystone_token_driver }}
+
+
+[eventlet_server]
+admin_bind_host = {{ keystone_bind_address }}
+admin_port = {{ keystone_admin_port }}
+public_port = {{ keystone_service_port }}

playbooks/roles/os_neutron/defaults/main.yml

@@ -38,10 +38,14 @@ neutron_db_plugin: /etc/neutron/plugins/ml2/ml2_conf.ini
 
 ## Plugins
 neutron_plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
+# Other plugins can be added to the system by simply extending the list `neutron_plugin_base`.
+# neutron_plugin_base:
+#   - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
+#   - neutron.services.metering.metering_plugin.MeteringPlugin
+#   - neutron.services.loadbalancer.plugin.LoadBalancerPlugin
+#   - neutron.services.vpn.plugin.VPNDriverPlugin
 neutron_plugin_base:
   - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
-  - neutron.services.loadbalancer.plugin.LoadBalancerPlugin
-  - neutron.services.vpn.plugin.VPNDriverPlugin
   - neutron.services.metering.metering_plugin.MeteringPlugin
 neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}"
 

playbooks/roles/os_neutron/files/api-paste.ini

@@ -9,10 +9,10 @@ noauth = request_id catch_errors extensions neutronapiapp_v2_0
 keystone = request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
 
 [filter:request_id]
-paste.filter_factory = neutron.openstack.common.middleware.request_id:RequestIdMiddleware.factory
+paste.filter_factory = oslo.middleware:RequestId.factory
 
 [filter:catch_errors]
-paste.filter_factory = neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware.factory
+paste.filter_factory = oslo.middleware:CatchErrors.factory
 
 [filter:keystonecontext]
 paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
@@ -27,4 +27,4 @@ paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_
 paste.app_factory = neutron.api.versions:Versions.factory
 
 [app:neutronapiapp_v2_0]
-paste.app_factory = neutron.api.v2.router:APIRouter.factory
+paste.app_factory = neutron.api.v2.router:APIRouter.factory

playbooks/roles/os_neutron/files/policy.json

@@ -1,11 +1,14 @@
 {
     "context_is_admin":  "role:admin",
     "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
+    "context_is_advsvc":  "role:advsvc",
     "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
     "admin_only": "rule:context_is_admin",
     "regular_user": "",
     "shared": "field:networks:shared=True",
     "shared_firewalls": "field:firewalls:shared=True",
+    "shared_firewall_policies": "field:firewall_policies:shared=True",
+    "shared_subnetpools": "field:subnetpools:shared=True",
     "external": "field:networks:router:external=True",
     "default": "rule:admin_or_owner",
 
@@ -14,8 +17,14 @@
     "update_subnet": "rule:admin_or_network_owner",
     "delete_subnet": "rule:admin_or_network_owner",
 
+    "create_subnetpool": "",
+    "create_subnetpool:shared": "rule:admin_only",
+    "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
+    "update_subnetpool": "rule:admin_or_owner",
+    "delete_subnetpool": "rule:admin_or_owner",
+
     "create_network": "",
-    "get_network": "rule:admin_or_owner or rule:shared or rule:external",
+    "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
     "get_network:router:external": "rule:regular_user",
     "get_network:segments": "rule:admin_only",
     "get_network:provider:network_type": "rule:admin_only",
@@ -38,25 +47,26 @@
     "delete_network": "rule:admin_or_owner",
 
     "create_port": "",
-    "create_port:mac_address": "rule:admin_or_network_owner",
-    "create_port:fixed_ips": "rule:admin_or_network_owner",
-    "create_port:port_security_enabled": "rule:admin_or_network_owner",
+    "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
     "create_port:binding:host_id": "rule:admin_only",
     "create_port:binding:profile": "rule:admin_only",
-    "create_port:mac_learning_enabled": "rule:admin_or_network_owner",
-    "get_port": "rule:admin_or_owner",
+    "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "get_port": "rule:admin_or_owner or rule:context_is_advsvc",
     "get_port:queue_id": "rule:admin_only",
     "get_port:binding:vif_type": "rule:admin_only",
     "get_port:binding:vif_details": "rule:admin_only",
     "get_port:binding:host_id": "rule:admin_only",
     "get_port:binding:profile": "rule:admin_only",
-    "update_port": "rule:admin_or_owner",
-    "update_port:fixed_ips": "rule:admin_or_network_owner",
-    "update_port:port_security_enabled": "rule:admin_or_network_owner",
+    "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
+    "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
+    "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
     "update_port:binding:host_id": "rule:admin_only",
     "update_port:binding:profile": "rule:admin_only",
-    "update_port:mac_learning_enabled": "rule:admin_or_network_owner",
-    "delete_port": "rule:admin_or_owner",
+    "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
+    "delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
 
     "get_router:ha": "rule:admin_only",
     "create_router": "rule:regular_user",
@@ -73,6 +83,9 @@
     "add_router_interface": "rule:admin_or_owner",
     "remove_router_interface": "rule:admin_or_owner",
 
+    "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
+    "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
+
     "create_firewall": "",
     "get_firewall": "rule:admin_or_owner",
     "create_firewall:shared": "rule:admin_only",
@@ -82,7 +95,7 @@
     "delete_firewall": "rule:admin_or_owner",
 
     "create_firewall_policy": "",
-    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
+    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
     "create_firewall_policy:shared": "rule:admin_or_owner",
     "update_firewall_policy": "rule:admin_or_owner",
     "delete_firewall_policy": "rule:admin_or_owner",
@@ -109,8 +122,11 @@
     "get_l3-agents": "rule:admin_only",
     "get_loadbalancer-agent": "rule:admin_only",
     "get_loadbalancer-pools": "rule:admin_only",
+    "get_agent-loadbalancers": "rule:admin_only",
+    "get_loadbalancer-hosting-agent": "rule:admin_only",
 
     "create_floatingip": "rule:regular_user",
+    "create_floatingip:floating_ip_address": "rule:admin_only",
     "update_floatingip": "rule:admin_or_owner",
     "delete_floatingip": "rule:admin_or_owner",
     "get_floatingip": "rule:admin_or_owner",

playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters

@@ -9,7 +9,7 @@
 [Filters]
 
 # dhcp-agent
-dnsmasq: EnvFilter, dnsmasq, root, NEUTRON_NETWORK_ID=
+dnsmasq: CommandFilter, dnsmasq, root
 # dhcp-agent uses kill as well, that's handled by the generic KillFilter
 # it looks like these are the only signals needed, per
 # neutron/agent/linux/dhcp.py
@@ -23,16 +23,14 @@ dhcp_release: CommandFilter, dhcp_release, root
 
 # metadata proxy
 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
-metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root
 # If installed from source (say, by devstack), the prefix will be
 # /usr/local instead of /usr/bin.
 metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
-metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
 # RHEL invocation of the metadata proxy will report /usr/bin/python
 kill_metadata: KillFilter, root, python, -9
 kill_metadata7: KillFilter, root, python2.7, -9
-kill_metadata6: KillFilter, root, python2.6, -9
 
 # ip_lib
 ip: IpFilter, ip, root
+find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
 ip_exec: IpNetnsExecFilter, ip, root

playbooks/roles/os_neutron/files/rootwrap.d/l3.filters

@@ -18,22 +18,23 @@ radvd: CommandFilter, radvd, root
 
 # metadata proxy
 metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root
-metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root
 # If installed from source (say, by devstack), the prefix will be
 # /usr/local instead of /usr/bin.
 metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root
-metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root
 # RHEL invocation of the metadata proxy will report /usr/bin/python
 kill_metadata: KillFilter, root, python, -9
 kill_metadata7: KillFilter, root, python2.7, -9
-kill_metadata6: KillFilter, root, python2.6, -9
 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -9, -HUP
 kill_radvd: KillFilter, root, /sbin/radvd, -9, -HUP
 
 # ip_lib
 ip: IpFilter, ip, root
+find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
 ip_exec: IpNetnsExecFilter, ip, root
 
+# For ip monitor
+kill_ip_monitor: KillFilter, root, ip, -9
+
 # ovs_lib (if OVSInterfaceDriver is used)
 ovs-vsctl: CommandFilter, ovs-vsctl, root
 
@@ -49,3 +50,6 @@ kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9
 
 # l3 agent to delete floatingip's conntrack state
 conntrack: CommandFilter, conntrack, root
+
+# keepalived state change monitor
+keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root

playbooks/roles/os_neutron/templates/neutron.conf.j2

@@ -12,7 +12,6 @@ use_syslog = False
 
 log_file = /var/log/neutron/neutron.log
 auth_strategy = keystone
-lock_path = /var/lock/neutron
 network_device_mtu = {{ neutron_network_device_mtu }}
 allow_overlapping_ips = True
 
@@ -62,13 +61,6 @@ dhcp_delete_namespaces = True
 dhcp_lease_duration = 86400
 
 
-## RabbitMQ
-rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
-rabbit_hosts = {{ rabbitmq_servers }}
-
-
 ## Notifications
 notify_nova_on_port_status_changes = True
 notify_nova_on_port_data_changes = True
@@ -119,6 +111,17 @@ check_revocations_for_cached = False
 connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ galera_address }}/{{ neutron_galera_database }}?charset=utf8
 
 
+[oslo_messaging_rabbit]
+rabbit_port = {{ rabbitmq_port }}
+rabbit_userid = {{ rabbitmq_userid }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_hosts = {{ rabbitmq_servers }}
+
+
+[oslo_concurrency]
+lock_path = /var/lock/neutron
+
+
 [service_providers]
 service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
 service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

playbooks/roles/os_nova/defaults/main.yml

@@ -44,6 +44,9 @@ nova_service_tenant_name: "service"
 nova_service_user_name: "nova"
 nova_service_role_name: "admin"
 
+## Nova enabled apis
+nova_enabled_apis: "osapi_compute,metadata"
+
 ## Nova s3
 nova_s3_service_name: s3
 nova_s3_service_type: s3
@@ -57,6 +60,7 @@ nova_s3_service_adminurl: "{{ nova_s3_service_adminuri }}"
 nova_s3_service_internaluri: "{{ nova_s3_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}"
 nova_s3_service_internalurl: "{{ nova_s3_service_internaluri }}"
 nova_s3_program_name: nova-api-ec2
+nova_s3_deprecated_but_enabled: false
 
 ## Nova v3
 nova_v3_service_name: novav3
@@ -86,6 +90,8 @@ nova_service_internalurl: "{{ nova_service_internaluri }}/v2/%(tenant_id)s"
 nova_program_name: nova-api-os-compute
 
 ## Nova ec2
+# WARNNING: The EC2 api in the nova tree has been deprecated. To consume this API you'll need to
+# uncomment the EC2 section found within the nova `api-paste.ini` file.
 nova_ec2_service_name: ec2
 nova_ec2_service_type: ec2
 nova_ec2_service_proto: http
@@ -98,6 +104,7 @@ nova_ec2_service_adminurl: "{{ nova_ec2_service_adminuri }}/services/Admin"
 nova_ec2_service_internaluri: "{{ nova_ec2_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}"
 nova_ec2_service_internalurl: "{{ nova_ec2_service_internaluri }}/services/Cloud"
 nova_ec2_program_name: nova-api-ec2
+nova_ec2_deprecated_but_enabled: false
 
 ## Nova spice
 nova_spice_html5proxy_base_proto: http
@@ -207,6 +214,7 @@ nova_compute_kvm_apt_packages:
   - kpartx
   - libvirt-bin
   - open-iscsi
+  - python-libguestfs
   - python-libvirt
   - qemu
   - qemu-utils

playbooks/roles/os_nova/files/api-paste.ini

@@ -6,7 +6,8 @@ use = egg:Paste#urlmap
 /: meta
 
 [pipeline:meta]
-pipeline = ec2faultwrap logrequest metaapp
+pipeline = metaapp
+# pipeline = ec2faultwrap logrequest metaapp
 
 [app:metaapp]
 paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
@@ -15,42 +16,44 @@ paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
 # EC2 #
 #######
 
-[composite:ec2]
-use = egg:Paste#urlmap
-/services/Cloud: ec2cloud
+# [composite:ec2]
+# use = egg:Paste#urlmap
+# /: ec2cloud
 
-[composite:ec2cloud]
-use = call:nova.api.auth:pipeline_factory
-noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
-keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
+# [composite:ec2cloud]
+# use = call:nova.api.auth:pipeline_factory
+# noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
+# noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
+# keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
 
-[filter:ec2faultwrap]
-paste.filter_factory = nova.api.ec2:FaultWrapper.factory
+# [filter:ec2faultwrap]
+# paste.filter_factory = nova.api.ec2:FaultWrapper.factory
 
-[filter:logrequest]
-paste.filter_factory = nova.api.ec2:RequestLogging.factory
+# [filter:logrequest]
+# paste.filter_factory = nova.api.ec2:RequestLogging.factory
 
-[filter:ec2lockout]
-paste.filter_factory = nova.api.ec2:Lockout.factory
+# [filter:ec2lockout]
+# paste.filter_factory = nova.api.ec2:Lockout.factory
 
-[filter:ec2keystoneauth]
-paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
+# [filter:ec2keystoneauth]
+# paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
 
-[filter:ec2noauth]
-paste.filter_factory = nova.api.ec2:NoAuth.factory
+# [filter:ec2noauth]
+# paste.filter_factory = nova.api.ec2:NoAuth.factory
 
-[filter:cloudrequest]
-controller = nova.api.ec2.cloud.CloudController
-paste.filter_factory = nova.api.ec2:Requestify.factory
+# [filter:cloudrequest]
+# controller = nova.api.ec2.cloud.CloudController
+# paste.filter_factory = nova.api.ec2:Requestify.factory
 
-[filter:authorizer]
-paste.filter_factory = nova.api.ec2:Authorizer.factory
+# [filter:authorizer]
+# paste.filter_factory = nova.api.ec2:Authorizer.factory
 
-[filter:validator]
-paste.filter_factory = nova.api.ec2:Validator.factory
+# [filter:validator]
+# paste.filter_factory = nova.api.ec2:Validator.factory
+
+# [app:ec2executor]
+# paste.app_factory = nova.api.ec2:Executor.factory
 
-[app:ec2executor]
-paste.app_factory = nova.api.ec2:Executor.factory
 
 #############
 # OpenStack #
@@ -61,21 +64,30 @@ use = call:nova.api.openstack.urlmap:urlmap_factory
 /: oscomputeversions
 /v1.1: openstack_compute_api_v2
 /v2: openstack_compute_api_v2
+/v2.1: openstack_compute_api_v21
 /v3: openstack_compute_api_v3
 
 [composite:openstack_compute_api_v2]
 use = call:nova.api.auth:pipeline_factory
 noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
+noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2
 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
 keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
 
+[composite:openstack_compute_api_v21]
+use = call:nova.api.auth:pipeline_factory_v21
+noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21
+noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
+keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
+
 [composite:openstack_compute_api_v3]
-use = call:nova.api.auth:pipeline_factory_v3
+use = call:nova.api.auth:pipeline_factory_v21
 noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
+noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3
 keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3
 
 [filter:request_id]
-paste.filter_factory = nova.openstack.common.middleware.request_id:RequestIdMiddleware.factory
+paste.filter_factory = oslo.middleware:RequestId.factory
 
 [filter:compute_req_id]
 paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
@@ -84,6 +96,9 @@ paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
 paste.filter_factory = nova.api.openstack:FaultWrapper.factory
 
 [filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory
+
+[filter:noauth2]
 paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
 
 [filter:noauth_v3]
@@ -93,11 +108,14 @@ paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory
 paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
 
 [filter:sizelimit]
-paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory
+paste.filter_factory = oslo.middleware:RequestBodySizeLimiter.factory
 
 [app:osapi_compute_app_v2]
 paste.app_factory = nova.api.openstack.compute:APIRouter.factory
 
+[app:osapi_compute_app_v21]
+paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
+
 [app:osapi_compute_app_v3]
 paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory
 
@@ -115,4 +133,4 @@ paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
 paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
 
 [filter:authtoken]
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory

playbooks/roles/os_nova/files/policy.json

@@ -18,15 +18,16 @@
     "compute:shelve": "",
     "compute:shelve_offload": "",
     "compute:unshelve": "",
+    "compute:resize": "",
+    "compute:confirm_resize": "",
+    "compute:revert_resize": "",
+    "compute:rebuild": "",
+    "compute:reboot": "",
 
     "compute:volume_snapshot_create": "",
     "compute:volume_snapshot_delete": "",
 
     "admin_api": "is_admin:True",
-    "compute:v3:servers:start": "rule:admin_or_owner",
-    "compute:v3:servers:stop": "rule:admin_or_owner",
-    "compute_extension:v3:os-access-ips:discoverable": "",
-    "compute_extension:v3:os-access-ips": "",
     "compute_extension:accounts": "rule:admin_api",
     "compute_extension:admin_actions": "rule:admin_api",
     "compute_extension:admin_actions:pause": "rule:admin_or_owner",
@@ -41,87 +42,37 @@
     "compute_extension:admin_actions:migrateLive": "rule:admin_api",
     "compute_extension:admin_actions:resetState": "rule:admin_api",
     "compute_extension:admin_actions:migrate": "rule:admin_api",
-    "compute_extension:v3:os-admin-actions": "rule:admin_api",
-    "compute_extension:v3:os-admin-actions:discoverable": "",
-    "compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api",
-    "compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api",
-    "compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api",
-    "compute_extension:v3:os-admin-password": "",
-    "compute_extension:v3:os-admin-password:discoverable": "",
     "compute_extension:aggregates": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:discoverable": "",
-    "compute_extension:v3:os-aggregates:index": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:create": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:show": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:update": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:delete": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:add_host": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:remove_host": "rule:admin_api",
-    "compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api",
     "compute_extension:agents": "rule:admin_api",
-    "compute_extension:v3:os-agents": "rule:admin_api",
-    "compute_extension:v3:os-agents:discoverable": "",
     "compute_extension:attach_interfaces": "",
-    "compute_extension:v3:os-attach-interfaces": "",
-    "compute_extension:v3:os-attach-interfaces:discoverable": "",
     "compute_extension:baremetal_nodes": "rule:admin_api",
     "compute_extension:cells": "rule:admin_api",
-    "compute_extension:v3:os-cells": "rule:admin_api",
-    "compute_extension:v3:os-cells:discoverable": "",
+    "compute_extension:cells:create": "rule:admin_api",
+    "compute_extension:cells:delete": "rule:admin_api",
+    "compute_extension:cells:update": "rule:admin_api",
+    "compute_extension:cells:sync_instances": "rule:admin_api",
     "compute_extension:certificates": "",
-    "compute_extension:v3:os-certificates:create": "",
-    "compute_extension:v3:os-certificates:show": "",
-    "compute_extension:v3:os-certificates:discoverable": "",
     "compute_extension:cloudpipe": "rule:admin_api",
     "compute_extension:cloudpipe_update": "rule:admin_api",
     "compute_extension:console_output": "",
-    "compute_extension:v3:consoles:discoverable": "",
-    "compute_extension:v3:os-console-output:discoverable": "",
-    "compute_extension:v3:os-console-output": "",
     "compute_extension:consoles": "",
-    "compute_extension:v3:os-remote-consoles": "",
-    "compute_extension:v3:os-remote-consoles:discoverable": "",
     "compute_extension:createserverext": "",
-    "compute_extension:v3:os-create-backup:discoverable": "",
-    "compute_extension:v3:os-create-backup": "rule:admin_or_owner",
     "compute_extension:deferred_delete": "",
-    "compute_extension:v3:os-deferred-delete": "",
-    "compute_extension:v3:os-deferred-delete:discoverable": "",
     "compute_extension:disk_config": "",
     "compute_extension:evacuate": "rule:admin_api",
-    "compute_extension:v3:os-evacuate": "rule:admin_api",
-    "compute_extension:v3:os-evacuate:discoverable": "",
     "compute_extension:extended_server_attributes": "rule:admin_api",
-    "compute_extension:v3:os-extended-server-attributes": "rule:admin_api",
-    "compute_extension:v3:os-extended-server-attributes:discoverable": "",
     "compute_extension:extended_status": "",
-    "compute_extension:v3:os-extended-status": "",
-    "compute_extension:v3:os-extended-status:discoverable": "",
     "compute_extension:extended_availability_zone": "",
-    "compute_extension:v3:os-extended-availability-zone": "",
-    "compute_extension:v3:os-extended-availability-zone:discoverable": "",
     "compute_extension:extended_ips": "",
     "compute_extension:extended_ips_mac": "",
     "compute_extension:extended_vif_net": "",
-    "compute_extension:v3:extension_info:discoverable": "",
     "compute_extension:extended_volumes": "",
-    "compute_extension:v3:os-extended-volumes": "",
-    "compute_extension:v3:os-extended-volumes:swap": "",
-    "compute_extension:v3:os-extended-volumes:discoverable": "",
-    "compute_extension:v3:os-extended-volumes:attach": "",
-    "compute_extension:v3:os-extended-volumes:detach": "",
     "compute_extension:fixed_ips": "rule:admin_api",
     "compute_extension:flavor_access": "",
     "compute_extension:flavor_access:addTenantAccess": "rule:admin_api",
     "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api",
-    "compute_extension:v3:flavor-access": "",
-    "compute_extension:v3:flavor-access:discoverable": "",
-    "compute_extension:v3:flavor-access:remove_tenant_access": "rule:admin_api",
-    "compute_extension:v3:flavor-access:add_tenant_access": "rule:admin_api",
     "compute_extension:flavor_disabled": "",
     "compute_extension:flavor_rxtx": "",
-    "compute_extension:v3:os-flavor-rxtx": "",
-    "compute_extension:v3:os-flavor-rxtx:discoverable": "",
     "compute_extension:flavor_swap": "",
     "compute_extension:flavorextradata": "",
     "compute_extension:flavorextraspecs:index": "",
@@ -129,15 +80,7 @@
     "compute_extension:flavorextraspecs:create": "rule:admin_api",
     "compute_extension:flavorextraspecs:update": "rule:admin_api",
     "compute_extension:flavorextraspecs:delete": "rule:admin_api",
-    "compute_extension:v3:flavors:discoverable": "",
-    "compute_extension:v3:flavor-extra-specs:discoverable": "",
-    "compute_extension:v3:flavor-extra-specs:index": "",
-    "compute_extension:v3:flavor-extra-specs:show": "",
-    "compute_extension:v3:flavor-extra-specs:create": "rule:admin_api",
-    "compute_extension:v3:flavor-extra-specs:update": "rule:admin_api",
-    "compute_extension:v3:flavor-extra-specs:delete": "rule:admin_api",
     "compute_extension:flavormanage": "rule:admin_api",
-    "compute_extension:v3:flavor-manage": "rule:admin_api",
     "compute_extension:floating_ip_dns": "",
     "compute_extension:floating_ip_pools": "",
     "compute_extension:floating_ips": "",
@@ -145,99 +88,39 @@
     "compute_extension:fping": "",
     "compute_extension:fping:all_tenants": "rule:admin_api",
     "compute_extension:hide_server_addresses": "is_admin:False",
-    "compute_extension:v3:os-hide-server-addresses": "is_admin:False",
-    "compute_extension:v3:os-hide-server-addresses:discoverable": "",
     "compute_extension:hosts": "rule:admin_api",
-    "compute_extension:v3:os-hosts": "rule:admin_api",
-    "compute_extension:v3:os-hosts:discoverable": "",
     "compute_extension:hypervisors": "rule:admin_api",
-    "compute_extension:v3:os-hypervisors": "rule:admin_api",
-    "compute_extension:v3:os-hypervisors:discoverable": "",
     "compute_extension:image_size": "",
     "compute_extension:instance_actions": "",
-    "compute_extension:v3:os-instance-actions": "",
-    "compute_extension:v3:os-instance-actions:discoverable": "",
     "compute_extension:instance_actions:events": "rule:admin_api",
-    "compute_extension:v3:os-instance-actions:events": "rule:admin_api",
     "compute_extension:instance_usage_audit_log": "rule:admin_api",
-    "compute_extension:v3:ips:discoverable": "",
     "compute_extension:keypairs": "",
     "compute_extension:keypairs:index": "",
     "compute_extension:keypairs:show": "",
     "compute_extension:keypairs:create": "",
     "compute_extension:keypairs:delete": "",
-    "compute_extension:v3:keypairs:discoverable": "",
-    "compute_extension:v3:keypairs": "",
-    "compute_extension:v3:keypairs:index": "",
-    "compute_extension:v3:keypairs:show": "",
-    "compute_extension:v3:keypairs:create": "",
-    "compute_extension:v3:keypairs:delete": "",
-    "compute_extension:v3:os-lock-server:discoverable": "",
-    "compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner",
-    "compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner",
-    "compute_extension:v3:os-migrate-server:discoverable": "",
-    "compute_extension:v3:os-migrate-server:migrate": "rule:admin_api",
-    "compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api",
     "compute_extension:multinic": "",
-    "compute_extension:v3:os-multinic": "",
-    "compute_extension:v3:os-multinic:discoverable": "",
     "compute_extension:networks": "rule:admin_api",
     "compute_extension:networks:view": "",
     "compute_extension:networks_associate": "rule:admin_api",
-    "compute_extension:v3:os-pause-server:discoverable": "",
-    "compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner",
-    "compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner",
-    "compute_extension:v3:os-pci:pci_servers": "",
-    "compute_extension:v3:os-pci:discoverable": "",
-    "compute_extension:v3:os-pci:index": "rule:admin_api",
-    "compute_extension:v3:os-pci:detail": "rule:admin_api",
-    "compute_extension:v3:os-pci:show": "rule:admin_api",
     "compute_extension:quotas:show": "",
     "compute_extension:quotas:update": "rule:admin_api",
     "compute_extension:quotas:delete": "rule:admin_api",
-    "compute_extension:v3:os-quota-sets:discoverable": "",
-    "compute_extension:v3:os-quota-sets:show": "",
-    "compute_extension:v3:os-quota-sets:update": "rule:admin_api",
-    "compute_extension:v3:os-quota-sets:delete": "rule:admin_api",
-    "compute_extension:v3:os-quota-sets:detail": "rule:admin_api",
     "compute_extension:quota_classes": "",
     "compute_extension:rescue": "",
-    "compute_extension:v3:os-rescue": "",
-    "compute_extension:v3:os-rescue:discoverable": "",
-    "compute_extension:v3:os-scheduler-hints:discoverable": "",
     "compute_extension:security_group_default_rules": "rule:admin_api",
     "compute_extension:security_groups": "",
-    "compute_extension:v3:os-security-groups": "",
-    "compute_extension:v3:os-security-groups:discoverable": "",
     "compute_extension:server_diagnostics": "rule:admin_api",
-    "compute_extension:v3:os-server-diagnostics": "rule:admin_api",
-    "compute_extension:v3:os-server-diagnostics:discoverable": "",
     "compute_extension:server_groups": "",
     "compute_extension:server_password": "",
-    "compute_extension:v3:os-server-password": "",
-    "compute_extension:v3:os-server-password:discoverable": "",
     "compute_extension:server_usage": "",
-    "compute_extension:v3:os-server-usage": "",
-    "compute_extension:v3:os-server-usage:discoverable": "",
     "compute_extension:services": "rule:admin_api",
-    "compute_extension:v3:os-services": "rule:admin_api",
-    "compute_extension:v3:os-services:discoverable": "",
-    "compute_extension:v3:server-metadata:discoverable": "",
-    "compute_extension:v3:servers:discoverable": "",
     "compute_extension:shelve": "",
     "compute_extension:shelveOffload": "rule:admin_api",
-    "compute_extension:v3:os-shelve:shelve": "",
-    "compute_extension:v3:os-shelve:shelve:discoverable": "",
-    "compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api",
     "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
-    "compute_extension:v3:os-suspend-server:discoverable": "",
-    "compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner",
-    "compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner",
     "compute_extension:simple_tenant_usage:list": "rule:admin_api",
     "compute_extension:unshelve": "",
-    "compute_extension:v3:os-shelve:unshelve": "",
     "compute_extension:users": "rule:admin_api",
-    "compute_extension:v3:os-user-data:discoverable": "",
     "compute_extension:virtual_interfaces": "",
     "compute_extension:virtual_storage_arrays": "",
     "compute_extension:volumes": "",
@@ -248,34 +131,13 @@
     "compute_extension:volume_attachments:delete": "",
     "compute_extension:volumetypes": "",
     "compute_extension:availability_zone:list": "",
-    "compute_extension:v3:os-availability-zone:list": "",
-    "compute_extension:v3:os-availability-zone:discoverable": "",
     "compute_extension:availability_zone:detail": "rule:admin_api",
-    "compute_extension:v3:os-availability-zone:detail": "rule:admin_api",
     "compute_extension:used_limits_for_admin": "rule:admin_api",
     "compute_extension:migrations:index": "rule:admin_api",
-    "compute_extension:v3:os-migrations:index": "rule:admin_api",
-    "compute_extension:v3:os-migrations:discoverable": "",
     "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api",
     "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api",
     "compute_extension:console_auth_tokens": "rule:admin_api",
-    "compute_extension:v3:os-console-auth-tokens": "rule:admin_api",
     "compute_extension:os-server-external-events:create": "rule:admin_api",
-    "compute_extension:v3:os-server-external-events:create": "rule:admin_api",
-
-    "volume:create": "",
-    "volume:get_all": "",
-    "volume:get_volume_metadata": "",
-    "volume:get_snapshot": "",
-    "volume:get_all_snapshots": "",
-
-
-    "volume_extension:types_manage": "rule:admin_api",
-    "volume_extension:types_extra_specs": "rule:admin_api",
-    "volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
-    "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
-    "volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
-
 
     "network:get_all": "",
     "network:get": "",
@@ -298,7 +160,6 @@
     "network:get_floating_ips_by_project": "",
     "network:get_floating_ips_by_fixed_address": "",
     "network:allocate_floating_ip": "",
-    "network:deallocate_floating_ip": "",
     "network:associate_floating_ip": "",
     "network:disassociate_floating_ip": "",
     "network:release_floating_ip": "",
@@ -320,5 +181,6 @@
     "network:get_dns_entries_by_name": "",
     "network:create_private_dns_domain": "",
     "network:create_public_dns_domain": "",
-    "network:delete_dns_domain": ""
+    "network:delete_dns_domain": "",
+    "network:attach_external_network": "rule:admin_api"
 }

playbooks/roles/os_nova/tasks/nova_service_setup.yml

@@ -60,6 +60,8 @@
     service_internalurl: "{{ nova_s3_service_internalurl }}"
     service_adminurl: "{{ nova_s3_service_adminurl }}"
     role_name: "{{ nova_service_role_name }}"
+  when: >
+    nova_s3_deprecated_but_enabled == true or nova_s3_deprecated_but_enabled == 'True'
   tags:
     - nova-api
     - nova-api-s3
@@ -77,6 +79,8 @@
     service_internalurl: "{{ nova_ec2_service_internalurl }}"
     service_adminurl: "{{ nova_ec2_service_adminurl }}"
     role_name: "{{ nova_service_role_name }}"
+  when: >
+    nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True'
   tags:
     - nova-api
     - nova-api-ec2

playbooks/roles/os_nova/tasks/nova_upstart_init.yml

@@ -56,7 +56,9 @@
     system_user: "{{ nova_system_user_name }}"
     system_group: "{{ nova_system_group_name }}"
     service_home: "{{ nova_system_home_folder }}"
-  when: inventory_hostname in groups['nova_api_ec2']
+  when: >
+    inventory_hostname in groups['nova_api_ec2'] and
+    (nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True')
 
 - include: nova_upstart_common_init.yml
   vars:
@@ -65,7 +67,9 @@
     system_user: "{{ nova_system_user_name }}"
     system_group: "{{ nova_system_group_name }}"
     service_home: "{{ nova_system_home_folder }}"
-  when: inventory_hostname in groups['nova_api_ec2']
+  when: >
+    inventory_hostname in groups['nova_api_ec2'] and
+    (nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True')
 
 - include: nova_upstart_common_init.yml
   vars:

playbooks/roles/os_nova/templates/nova.conf.j2

@@ -10,7 +10,6 @@ verbose = {{ verbose }}
 fatal_deprecations = {{ nova_fatal_deprecations }}
 log_dir = /var/log/nova
 state_path = {{ nova_system_home_folder }}
-lock_path = /var/lock/nova
 rootwrap_config = /etc/nova/rootwrap.conf
 service_down_time = 120
 
@@ -47,23 +46,20 @@ allow_resize_to_same_host = True
 image_cache_manager_interval = {{ nova_image_cache_manager_interval }}
 
 # Api's
-enabled_apis = osapi_compute,metadata,ec2
+enabled_apis = {{ nova_enabled_apis }}
 osapi_compute_workers = {{ nova_osapi_compute_workers | default(api_threads) }}
+{% if nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True' %}
 ec2_workers = {{ nova_ec2_workers | default(api_threads) }}
 ec2_dmz_host = {{ external_lb_vip_address }}
+{% endif %}
+{% if nova_s3_deprecated_but_enabled == true or nova_s3_deprecated_but_enabled == 'True' %}
 s3_port = {{ nova_s3_service_port }}
 s3_host = {{ ansible_ssh_host }}
+{% endif %}
 
 # Rpc all
-amqp_auto_delete = False
 rpc_backend = {{ nova_rpc_backend }}
 
-# RabbitMQ
-rabbit_port = {{ rabbitmq_port }}
-rabbit_userid = {{ rabbitmq_userid }}
-rabbit_password = {{ rabbitmq_password }}
-rabbit_hosts = {{ rabbitmq_servers }}
-
 # Metadata
 metadata_host = {{ internal_lb_vip_address }}
 metadata_port = {{ nova_metadata_port }}
@@ -176,6 +172,18 @@ connection = mysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@
 {% endif %}
 
 
+[oslo_concurrency]
+lock_path = /var/lock/nova
+
+
+[oslo_messaging_rabbit]
+amqp_auto_delete = False
+rabbit_port = {{ rabbitmq_port }}
+rabbit_userid = {{ rabbitmq_userid }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_hosts = {{ rabbitmq_servers }}
+
+
 [libvirt]
 vif_driver = {{ nova_libvirt_vif_driver }}
 inject_partition = -2

playbooks/roles/os_tempest/defaults/main.yml

@@ -49,6 +49,7 @@ tempest_service_available_swift: True
 tempest_service_available_trove: False
 tempest_service_available_zaqar: False
 
+tempest_image_api_v1_enabled: true
 tempest_image_api_v2_enabled: True
 
 tempest_boto_s3_url: "http://{{ external_lb_vip_address }}:3333"

playbooks/roles/os_tempest/tasks/tempest_resources.yml

@@ -154,6 +154,7 @@
     tenant_id: "{{ keystone_demo_tenant_id }}"
   tags:
     - tempest-setup
+    - tempest-config
 
 - name: Store neutron private network id
   set_fact:

playbooks/roles/os_tempest/templates/tempest.conf.j2

@@ -144,7 +144,7 @@ http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.
 
 
 [image-feature-enabled]
-api_v1 = true
+api_v1 = {{ tempest_image_api_v1_enabled }}
 api_v2 = {{ tempest_image_api_v2_enabled }}
 
 

playbooks/setup-openstack.yml

@@ -14,6 +14,7 @@
 # limitations under the License.
 
 - include: os-keystone-install.yml
+- include: os-swift-install.yml
 - include: os-glance-install.yml
 - include: os-cinder-install.yml
 - include: os-nova-install.yml

playbooks/vars/repo_packages/openstack_clients.yml

@@ -15,25 +15,24 @@
 
 
 ## NOTICE on items in this file:
-##   * If you use anything in the *._git_install_branch field that is not a TAG 
+##   * If you use anything in the *._git_install_branch field that is not a TAG
 ##     make sure to leave an in-line comment as to "why".
 
-## For the sake of anyone else editing this file: 
+## For the sake of anyone else editing this file:
 ##   * If you add clients to this file please do so in alphabetical order.
 ##   * Every entry should be name spaced with the name of the client followed by an "_"
 ##   * All items with this file should be separated by `name_` note that the name of the
 ##     package should be one long name with no additional `_` separating it.
 
-
 ## Barbican client
 barbicanclient_git_repo: https://github.com/openstack/python-barbicanclient
-barbicanclient_git_install_branch: 2.2.1
+barbicanclient_git_install_branch: 3.0.2
 barbicanclient_git_dest: "/opt/barbicanclient_{{ barbicanclient_git_install_branch | replace('/', '_') }}"
 
 
 ## Ceilometer client
 ceilometerclient_git_repo: https://github.com/openstack/python-ceilometerclient
-ceilometerclient_git_install_branch: 1.0.9
+ceilometerclient_git_install_branch: 1.0.13
 ceilometerclient_git_dest: "/opt/ceilometerclient_{{ ceilometerclient_git_install_branch | replace('/', '_') }}"
 
 
@@ -45,55 +44,55 @@ cinderclient_git_dest: "/opt/cinderclient_{{ cinderclient_git_install_branch | r
 
 ## Designate client
 designateclient_git_repo: https://github.com/openstack/python-designateclient
-designateclient_git_install_branch: 1.0.3
+designateclient_git_install_branch: 1.1.1
 designateclient_git_dest: "/opt/designateclient_{{ designateclient_git_install_branch | replace('/', '_') }}"
 
 
 ## Glance client
 glanceclient_git_repo: https://github.com/openstack/python-glanceclient
-glanceclient_git_install_branch: 0.15.0
+glanceclient_git_install_branch: 0.16.0
 glanceclient_git_dest: "/opt/glanceclient_{{ glanceclient_git_install_branch | replace('/', '_') }}"
 
 
 ## Heat client
 heatclient_git_repo: https://github.com/openstack/python-heatclient
-heatclient_git_install_branch: 0.2.12
+heatclient_git_install_branch: 0.3.0
 heatclient_git_dest: "/opt/heatclient_{{ heatclient_git_install_branch | replace('/', '_') }}"
 
 
 # Ironic client
 ironicclient_git_repo: https://github.com/openstack/python-ironicclient
-ironicclient_git_install_branch: 0.2.1
+ironicclient_git_install_branch: 0.4.1
 ironicclient_git_dest: "/opt/ironicclient_{{ ironicclient_git_install_branch | replace('/', '_') }}"
 
 
 # Keystone client
 keystoneclient_git_repo: https://github.com/openstack/python-keystoneclient
-keystoneclient_git_install_branch: 1.0.0
+keystoneclient_git_install_branch: 1.2.0
 keystoneclient_git_dest: "/opt/keystoneclient_{{ keystoneclient_git_install_branch | replace('/', '_') }}"
 
 
 ## Neutron client
 neutronclient_git_repo: https://github.com/openstack/python-neutronclient
-neutronclient_git_install_branch: 2.3.10
+neutronclient_git_install_branch: 2.3.11
 neutronclient_git_dest: "/opt/neutronclient_{{ neutronclient_git_install_branch | replace('/', '_') }}"
 
 
 ## Nova client
 novaclient_git_repo: https://github.com/openstack/python-novaclient
-novaclient_git_install_branch: 2.20.0
+novaclient_git_install_branch: 2.22.0
 novaclient_git_dest: "/opt/novaclient_{{ novaclient_git_install_branch | replace('/', '_') }}"
 
 
 ## OpenStack client
 openstackclient_git_repo: https://github.com/openstack/python-openstackclient
-openstackclient_git_install_branch: 1.0.1
+openstackclient_git_install_branch: 1.0.2
 openstackclient_git_dest: "/opt/openstackclient_{{ openstackclient_git_install_branch | replace('/', '_') }}"
 
 
 ## Sahara client
 saharaclient_git_repo: https://github.com/openstack/python-saharaclient
-saharaclient_git_install_branch: 0.7.6
+saharaclient_git_install_branch: 0.7.7
 saharaclient_git_dest: "/opt/saharaclient_{{ saharaclient_git_install_branch | replace('/', '_') }}"
 
 
@@ -111,7 +110,7 @@ troveclient_git_dest: "/opt/troveclient_{{ troveclient_git_install_branch | repl
 
 ## Tuskar client
 tuskarclient_git_repo: https://github.com/openstack/python-tuskarclient
-tuskarclient_git_install_branch: 0.1.8
+tuskarclient_git_install_branch: 0.1.15
 tuskarclient_git_dest: "/opt/tuskarclient_{{ tuskarclient_git_install_branch | replace('/', '_') }}"
 
 

playbooks/vars/repo_packages/openstack_other.yml

@@ -15,47 +15,28 @@
 
 
 ## NOTICE on items in this file:
-##   * If you use anything in the *._git_install_branch field that is not a TAG 
+##   * If you use anything in the *._git_install_branch field that is not a TAG
 ##     make sure to leave an in-line comment as to "why".
 
-## For the sake of anyone else editing this file: 
+## For the sake of anyone else editing this file:
 ##   * If you add clients to this file please do so in alphabetical order.
 ##   * Every entry should be name spaced with the name of the client followed by an "_"
 ##   * All items with this file should be separated by `name_` note that the name of the
 ##     package should be one long name with no additional `_` separating it.
 
-
-## Keystone middleware service
-keystonemiddleware_git_repo: https://github.com/openstack/keystonemiddleware
-keystonemiddleware_git_install_branch: 1.3.1
-keystonemiddleware_git_dest: "/opt/keystonemiddleware_{{ keystonemiddleware_git_install_branch | replace('/', '_') }}"
-
-
 ## Glance store library
 glancestore_git_repo: https://github.com/openstack/glance_store
-glancestore_git_install_branch: 0.1.10
+glancestore_git_install_branch: 0.4.0
 glancestore_git_dest: "/opt/glancestore_{{ glancestore_git_repo | replace('/', '_') }}"
 
 
-## Oslo Messaging
-oslomessaging_git_repo: https://github.com/openstack/oslo.messaging
-oslomessaging_git_install_branch: 1.4.1
-oslomessaging_git_dest: "/opt/oslo_messaging{{ oslo_messaging_git_install_branch | replace('/', '_') }}"
-
-
-## Oslo Middleware
-oslomiddleware_git_repo: https://github.com/openstack/oslo.middleware
-oslomiddleware_git_install_branch: 0.4.0
-oslomiddleware_git_dest: "/opt/oslo_middleware{{ oslomiddleware_git_install_branch | replace('/', '_') }}"
-
-
 ## Global Requirements
 requirements_git_repo: https://github.com/openstack/requirements
-requirements_git_install_branch: stable/juno  ## Uses a branch because there are no stable tags
+requirements_git_install_branch: 1e85f2b2e6e2f417d168e898589d096385a77e30  # SHA at the head of master as of 20.3.2015
 requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}"
 
 
 ## Tempest Library
 tempestlib_git_repo: https://github.com/openstack/tempest-lib
-tempestlib_git_install_branch: 0.2.1
+tempestlib_git_install_branch: 0.4.0
 tempestlib_git_dest: "/opt/tempest-lib_{{ requirements_git_install_branch | replace('/', '_') }}"

playbooks/vars/repo_packages/openstack_services.yml

@@ -30,55 +30,67 @@
 
 ## Cinder service
 cinder_git_repo: https://github.com/openstack/cinder
-cinder_git_install_branch: 2014.2.2
+cinder_git_install_branch: master
 cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}"
 
 
 ## Glance service
 glance_git_repo: https://github.com/openstack/glance
-glance_git_install_branch: 2014.2.2
+glance_git_install_branch: master
 glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}"
 
 
 ## Heat service
 heat_git_repo: https://github.com/openstack/heat
-heat_git_install_branch: 2014.2.2
+heat_git_install_branch: master
 heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}"
 heat_repo_plugins:
   - { path: "contrib", package: "extraroute" }
 
+
 ## Horizon service
 horizon_git_repo: https://github.com/openstack/horizon
-horizon_git_install_branch: 2014.2.2
+horizon_git_install_branch: master
 horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}"
 
 
 ## Keystone service
 keystone_git_repo: https://github.com/openstack/keystone
-keystone_git_install_branch: 2014.2.2
+keystone_git_install_branch: master
 keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}"
 
 
 ## Neutron service
 neutron_git_repo: https://github.com/openstack/neutron
-neutron_git_install_branch: 2014.2.2
+neutron_git_install_branch: master
 neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}"
 
+neutron_lbaas_git_repo: https://github.com/openstack/neutron-lbaas
+neutron_lbaas_git_install_branch: master
+neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}"
+
+neutron_vpnaas_git_repo: https://github.com/openstack/neutron-vpnaas
+neutron_vpnaas_git_install_branch: master
+neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}"
+
+neutron_fwaas_git_repo: https://github.com/openstack/neutron-fwaas
+neutron_fwaas_git_install_branch: master
+neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}"
+
 
 ## Nova service
 nova_git_repo: https://github.com/openstack/nova
-nova_git_install_branch: 2014.2.2
+nova_git_install_branch: master
 nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}"
 
 
 ## Swift service
 swift_git_repo: https://github.com/openstack/swift
-swift_git_install_branch: 2.2.1
+swift_git_install_branch: 2.2.2
 swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}"
 
 
 ## Tempest service
-# using a sha to match the other branches and also include fixes after the tag '3'
 tempest_git_repo: https://github.com/openstack/tempest
-tempest_git_install_branch: 17f81d4cc83569438fe11b1ee6ee2afe74c0b501
+tempest_git_install_branch: d1a391a55482d64b9014e7b41219af195722d990  # SHA at the head of master as of 20.3.2015
 tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}"

playbooks/vars/repo_packages/turbolift.yml

@@ -1,19 +0,0 @@
----
-# Copyright 2014, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-## Git source for turbolift client
-git_repo: "https://github.com/cloudnull/turbolift"
-git_install_branch: v2.1.3  
-git_dest: "/opt/turbolift_{{ git_install_branch | replace('/', '_') }}"

scripts/run-tempest.sh

@@ -19,7 +19,10 @@ set -e -u +x
 
 ## Vars ----------------------------------------------------------------------
 export TEMPEST_SCRIPT_PATH=${TEMPEST_SCRIPT_PATH:-/opt/openstack_tempest_gate.sh}
-export TEMPEST_SCRIPT_PARAMETERS=${TEMPEST_SCRIPT_PARAMETERS:-""}
+## TODO(someone) this needs to be changed back to the normal tests once someone
+## is able to dig into tempest/the updated/deprecated config(s). This test should
+## go back to being the scenario tests.
+export TEMPEST_SCRIPT_PARAMETERS=${TEMPEST_SCRIPT_PARAMETERS:-"scenario"}
 export RUN_TEMPEST_OPTS=${RUN_TEMPEST_OPTS:-''}
 export TESTR_OPTS=${TESTR_OPTS:-''}