cc250b78ac
The upstream default implementation of gnocchi is not to use keystone authentication, but a preferred deployment configuration in enterprise environments is to ensure that keystone authentication is configured. This patch ensures that keystone auth is enabled if keystone is implemented in the environment. Closes-Bug: 1622251 Depends-On: Ic41cf161af1d59e5b0f4b71c0d698cd7348c962c Change-Id: Iaac6174f5588856a594ca646ed869d637c04d95a
266 lines
10 KiB
Bash
Executable File
266 lines
10 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# This script was created to rapidly interate through a repo_package file
|
|
# that contains git sources and set the various repositories inside to
|
|
# the head of given branch via the SHA. This makes it possible to update
|
|
# all of the services that we support in an "automated" fashion.
|
|
|
|
OS_BRANCH=${OS_BRANCH:-"master"}
|
|
OSA_BRANCH=${OSA_BRANCH:-"$OS_BRANCH"}
|
|
SERVICE_FILE=${SERVICE_FILE:-"playbooks/defaults/repo_packages/openstack_services.yml"}
|
|
OPENSTACK_SERVICE_LIST=${OPENSTACK_SERVICE_LIST:-"$(grep 'git_repo\:' ${SERVICE_FILE} | awk -F '/' '{ print $NF }' | egrep -v 'requirements|-' | tr '\n' ' ')"}
|
|
|
|
IFS=$'\n'
|
|
|
|
if echo "$@" | grep -e '-h' -e '--help';then
|
|
echo "
|
|
Options:
|
|
-b|--openstack-branch (name of OpenStack branch, eg: stable/mitaka)
|
|
-o|--osa-branch (name of the OSA branch, eg: stable/mitaka)
|
|
-s|--service-file (path to service file to parse)
|
|
"
|
|
exit 0
|
|
fi
|
|
|
|
# Provide some CLI options
|
|
while [[ $# > 1 ]]; do
|
|
key="$1"
|
|
case $key in
|
|
-b|--openstack-branch)
|
|
OS_BRANCH="$2"
|
|
shift
|
|
;;
|
|
-o|--osa-branch)
|
|
OSA_BRANCH="$2"
|
|
shift
|
|
;;
|
|
-s|--service-file)
|
|
SERVICE_FILE="$2"
|
|
shift
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
# Iterate through the service file
|
|
for repo in $(grep 'git_repo\:' ${SERVICE_FILE}); do
|
|
|
|
echo -e "\nInspecting ${repo}..."
|
|
|
|
# Set the repo name
|
|
repo_name=$(echo "${repo}" | sed 's/_git_repo\:.*//g')
|
|
|
|
# Set the repo address
|
|
repo_address=$(echo ${repo} | awk '{print $2}')
|
|
|
|
# Get the branch data
|
|
branch_data=$(git ls-remote ${repo_address} | grep "${OS_BRANCH}$")
|
|
|
|
# If there is branch data continue
|
|
if [ ! -z "${branch_data}" ];then
|
|
|
|
# Set the branch sha for the head of the branch
|
|
branch_sha=$(echo "${branch_data}" | awk '{print $1}')
|
|
|
|
# Set the branch entry
|
|
branch_entry="${branch_sha} # HEAD of \"$OS_BRANCH\" as of $(date +%d.%m.%Y)"
|
|
|
|
# Write the branch entry into the repo_packages file
|
|
sed -i.bak "s|${repo_name}_git_install_branch:.*|${repo_name}_git_install_branch: $branch_entry|" ${SERVICE_FILE}
|
|
|
|
# If the repo is in the specified list, then action the additional updates
|
|
if [[ "${OPENSTACK_SERVICE_LIST}" =~ "${repo_name}" ]]; then
|
|
os_repo_tmp_path="/tmp/os_${repo_name}"
|
|
osa_repo_tmp_path="/tmp/osa_${repo_name}"
|
|
|
|
# Ensure that the temp path doesn't exist
|
|
rm -rf ${os_repo_tmp_path} ${osa_repo_tmp_path}
|
|
|
|
# Do a shallow clone of the OpenStack repo to work with
|
|
git clone --quiet --depth=10 --branch ${OS_BRANCH} --no-checkout --single-branch ${repo_address} ${os_repo_tmp_path}
|
|
pushd ${os_repo_tmp_path} > /dev/null
|
|
git checkout --quiet ${branch_sha}
|
|
popd > /dev/null
|
|
|
|
# Set the OSA address
|
|
osa_repo_address="https://git.openstack.org/openstack/openstack-ansible-os_${repo_name}"
|
|
|
|
# Do a shallow clone of the OSA repo to work with
|
|
git clone --quiet --depth=10 --branch ${OSA_BRANCH} --single-branch ${osa_repo_address} ${osa_repo_tmp_path}
|
|
pushd ${osa_repo_tmp_path} > /dev/null
|
|
git checkout --quiet origin/${OSA_BRANCH}
|
|
popd > /dev/null
|
|
|
|
# Update the policy files
|
|
find ${os_repo_tmp_path}/etc -name "policy.json" -exec \
|
|
cp {} "${osa_repo_tmp_path}/templates/policy.json.j2" \;
|
|
|
|
# Tweak the paste files
|
|
find ${os_repo_tmp_path}/etc -name "*[_-]paste.ini" -exec \
|
|
sed -i.bak "s|hmac_keys = SECRET_KEY|hmac_keys = {{ ${repo_name}_profiler_hmac_key }}|" {} \;
|
|
sed -i.bak "s|pipeline = gnocchi+noauth|pipeline = {{ (gnocchi_keystone_auth | bool) | ternary('gnocchi+noauth', 'gnocchi+auth') }}|" {} \;
|
|
|
|
# Update the paste files
|
|
find ${os_repo_tmp_path}/etc -name "*[_-]paste.ini" -exec \
|
|
bash -c "name=\"{}\"; cp \${name} \"${osa_repo_tmp_path}/templates/\$(basename \${name}).j2\"" \;
|
|
|
|
# Tweak the rootwrap conf filters_path (for os_neutron only)
|
|
find ${os_repo_tmp_path}/etc -name "rootwrap.conf" -exec \
|
|
sed -i.bak "s|filters_path=/etc/neutron|filters_path={{ ${repo_name}_conf_dir }}|" {} \;
|
|
|
|
# Tweak the rootwrap conf exec_dirs
|
|
find ${os_repo_tmp_path}/etc -name "rootwrap.conf" -exec \
|
|
sed -i.bak "s|exec_dirs=|exec_dirs={{ ${repo_name}_bin }},|" {} \;
|
|
|
|
# Update the rootwrap conf files
|
|
find ${os_repo_tmp_path}/etc -name "rootwrap.conf" -exec \
|
|
cp {} "${osa_repo_tmp_path}/templates/rootwrap.conf.j2" \;
|
|
|
|
# Update the rootwrap filters
|
|
find ${os_repo_tmp_path}/etc -name "*.filters" -exec \
|
|
bash -c "name=\"{}\"; cp \${name} \"${osa_repo_tmp_path}/files/rootwrap.d/\$(basename \${name})\"" \;
|
|
|
|
# Update the yaml files for Ceilometer
|
|
if [ "${repo_name}" = "ceilometer" ]; then
|
|
find ${os_repo_tmp_path}/etc -name "*.yaml" -exec \
|
|
bash -c "name=\"{}\"; cp \${name} \"${osa_repo_tmp_path}/templates/\$(basename \${name}).j2\"" \;
|
|
fi
|
|
|
|
# Update the yaml files for Heat
|
|
if [ "${repo_name}" = "heat" ]; then
|
|
find ${os_repo_tmp_path}/etc -name "*.yaml" -exec \
|
|
bash -c "name=\"{}\"; cp \${name} \"${osa_repo_tmp_path}/templates/\$(echo \${name} | rev | cut -sd / -f -2 | rev).j2\"" \;
|
|
fi
|
|
|
|
# Switch into the OSA git directory to work with it
|
|
pushd ${osa_repo_tmp_path} > /dev/null
|
|
|
|
# Check for changed files
|
|
git_changed=$(git status --porcelain | wc -l)
|
|
# Check for untracked files
|
|
git_untracked=$(git ls-files --other --exclude-standard --directory | wc -l)
|
|
if [ ${git_untracked} -gt 0 ]; then
|
|
# If there are untracked files, ensure that the commit message includes
|
|
# a WIP prefix so that the patch is revised in more detail.
|
|
git_msg_prefix="[New files - needs update] "
|
|
else
|
|
git_msg_prefix=""
|
|
fi
|
|
|
|
# If any files have changed, submit a patch including the changes
|
|
if [ ${git_changed} -gt 0 ]; then
|
|
git checkout -b sha-update
|
|
git review -s > /dev/null
|
|
git add --all
|
|
git commit -a -m "${git_msg_prefix}Update paste, policy and rootwrap configurations $(date +%Y-%m-%d)" --quiet
|
|
git review > /dev/null
|
|
fi
|
|
popd > /dev/null
|
|
|
|
# Clean up the temporary files
|
|
rm -rf ${os_repo_tmp_path} ${osa_repo_tmp_path}
|
|
fi
|
|
fi
|
|
|
|
echo -e "Processed $repo_name @ $branch_entry\n"
|
|
|
|
done
|
|
|
|
unset IFS
|
|
|
|
# Update the PIP_INSTALL_OPTIONS with the current versions of pip, wheel and setuptools
|
|
PIP_CURRENT_OPTIONS=$(./scripts/get-pypi-pkg-version.py -p pip setuptools wheel -l horizontal)
|
|
sed -i.bak "s|^PIP_INSTALL_OPTIONS=.*|PIP_INSTALL_OPTIONS=\$\{PIP_INSTALL_OPTIONS:-'${PIP_CURRENT_OPTIONS}'\}|" scripts/scripts-library.sh
|
|
|
|
for pin in ${PIP_CURRENT_OPTIONS}; do
|
|
sed -i.bak "s|^$(echo ${pin} | cut -f1 -d=).*|${pin}|" global-requirement-pins.txt
|
|
sed -i.bak "s|^ - $(echo ${pin} | cut -f1 -d=).*| - ${pin}|" playbooks/inventory/group_vars/all.yml
|
|
done
|
|
|
|
echo "Updated pip install options/pins"
|
|
|
|
# Update the ansible-role-requirements.yml file
|
|
# We don't want to be doing this for the master branch
|
|
if [[ "${OSA_BRANCH}" != "master" ]]; then
|
|
echo "Updating ansible-role-requirements.yml"
|
|
|
|
# Loop through each of the role git sources, only looking for openstack roles
|
|
for role_src in $(awk '/src: .*\/openstack\// {print $2}' ansible-role-requirements.yml); do
|
|
|
|
# Determine the role's name
|
|
role_name=$(sed 's/^[ \t-]*//' ansible-role-requirements.yml | awk '/src: / || /name: / {print $2}' | grep -B1 "${role_src}" | head -n 1)
|
|
echo "... updating ${role_name}"
|
|
|
|
# Grab the latest SHA that matches the specified branch
|
|
role_version=$(git ls-remote ${role_src} | grep "${OSA_BRANCH}$" | awk '{print $1}')
|
|
|
|
# If that branch doesn't exist, then it's probably not an OpenStack-Ansible role, so grab the latest tag instead
|
|
if [[ -z "${role_version}" ]]; then
|
|
role_version=$(git ls-remote --tags ${role_src} | awk '{print $2}' | grep -v '{}' | cut -d/ -f 3 | sort -n | tail -n 1)
|
|
else
|
|
# As this is an OSA role, we want to grab the release notes from it
|
|
|
|
# Setup a var for tmp space
|
|
osa_repo_tmp_path="/tmp/osa_${role_name}"
|
|
|
|
# Ensure that the temp path doesn't exist
|
|
rm -rf ${osa_repo_tmp_path}
|
|
|
|
# Do a shallow clone of the repo to work with
|
|
git clone --quiet --depth=10 --branch ${OSA_BRANCH} --single-branch ${role_src} ${osa_repo_tmp_path}
|
|
pushd ${osa_repo_tmp_path} > /dev/null
|
|
git checkout --quiet origin/${OSA_BRANCH}
|
|
popd > /dev/null
|
|
|
|
# If there are releasenotes to copy, then copy them
|
|
if $(ls -1 ${osa_repo_tmp_path}/releasenotes/notes/*.yaml > /dev/null 2>&1); then
|
|
rsync -aq ${osa_repo_tmp_path}/releasenotes/notes/*.yaml releasenotes/notes/
|
|
fi
|
|
|
|
# Clean up the temporary files
|
|
rm -rf ${osa_repo_tmp_path}
|
|
fi
|
|
|
|
# Now use the information we have to update the ansible-role-requirements file
|
|
"$(dirname "${0}")/ansible-role-requirements-editor.py" -f ansible-role-requirements.yml -n "${role_name}" -v "${role_version}"
|
|
done
|
|
echo "Completed updating ansible-role-requirements.yml"
|
|
else
|
|
echo "Skipping the ansible-role-requirements.yml update as we're working on the master branch"
|
|
fi
|
|
|
|
# Update the release version in playbooks/inventory/group_vars/all.yml
|
|
# We don't want to be doing this for the master branch
|
|
if [[ "${OSA_BRANCH}" != "master" ]]; then
|
|
|
|
echo "Updating the release version..."
|
|
currentversion=$(awk '/openstack_release/ {print $2}' playbooks/inventory/group_vars/all.yml)
|
|
|
|
# Extract the required version info
|
|
major_version=$( echo ${currentversion} | cut -d. -f1 )
|
|
minor_version=$( echo ${currentversion} | cut -d. -f2 )
|
|
patch_version=$( echo ${currentversion} | cut -d. -f3 )
|
|
|
|
# increment the patch version
|
|
patch_version=$(( patch_version + 1 ))
|
|
|
|
sed -i .bak "s/${currentversion}/${major_version}.${minor_version}.${patch_version}/" playbooks/inventory/group_vars/all.yml
|
|
else
|
|
echo "Skipping the release version update as we're working on the master branch"
|
|
fi
|