Client-side changes from Juno to Kilo

This patch makes all the necessary changes to port the labs scripts from Juno to Kilo. Change-Id: I1ff50dcee2181a209e336cfc70c1164385292568 Co-Authored-By: Pranav Salunke <dguitarbite@gmail.com> Co-Authored-By: Roger Luethi <rl@patchworkscience.org>
2015-10-18 20:07:28 +02:00
parent a263b9eb46
commit 3f09cf9c3b
27 changed files with 732 additions and 386 deletions
--- a/labs/osbash/config/admin-openstackrc.sh
+++ b/labs/osbash/config/admin-openstackrc.sh
@@ -9,7 +9,18 @@ CONFIG_DIR=$(dirname "$BASH_SOURCE")
 source "$CONFIG_DIR/openstack"
 source "$CONFIG_DIR/credentials"
 #------------------------------------------------------------------------------
 # OpenStack client environment scripts
 # http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-client-environment-scripts.html
 #------------------------------------------------------------------------------
 export OS_PROJECT_DOMAIN_ID=default
 export OS_USER_DOMAIN_ID=default
 export OS_PROJECT_NAME=$ADMIN_PROJECT_NAME
 export OS_TENANT_NAME=$ADMIN_PROJECT_NAME
 export OS_USERNAME=$ADMIN_USER_NAME
 export OS_PASSWORD=$ADMIN_PASSWORD
-export OS_TENANT_NAME=$ADMIN_TENANT_NAME
+export OS_AUTH_URL=http://controller-mgmt:35357/v3
-export OS_AUTH_URL="http://controller-mgmt:35357/v2.0"
+export OS_IMAGE_API_VERSION=2
 export OS_VOLUME_API_VERSION=2
 export OS_REGION_NAME=$REGION
--- a/labs/osbash/config/config.controller
+++ b/labs/osbash/config/config.controller
@@ -12,9 +12,9 @@ NET_IF_0=nat
 NET_IF_1=MGMT_NET
 NET_IF_2=API_NET
-# Controller node is running many services. It needs 1 GB RAM for better
+# Controller node is running many services. For Kilo, 2GB RAM
-# performance.
+# is required for expected performance.
-VM_MEM=1024
+VM_MEM=2048
 # Override number of virtual CPUs (default is 1)
 # To edit uncomment the line below
--- a/labs/osbash/config/credentials
+++ b/labs/osbash/config/credentials
@@ -12,9 +12,9 @@
 # Used for MySQL or whatever other DBMS is configured
 : ${RABBIT_PASSWORD:=rabbitPass}
-# Tenant and role for admin accounts
+# Project and role for admin accounts
 : ${ADMIN_ROLE_NAME:=admin}
-: ${ADMIN_TENANT_NAME:=admin}
+: ${ADMIN_PROJECT_NAME:=admin}
 # Member role for generic use
 : ${MEMBER_ROLE_NAME:=_member_}
@@ -23,18 +23,21 @@
 : ${ADMIN_USER_NAME:=admin}
 : ${ADMIN_PASSWORD:=admin_pass}
-# Tenant name, user name and password for normal (demo) user
+# Project name, user name and password for normal (demo) user
-: ${DEMO_TENANT_NAME:=demo}
+: ${DEMO_PROJECT_NAME:=demo}
 : ${DEMO_USER_NAME:=demo}
 : ${DEMO_PASSWORD:=demo_pass}
 # User role
 : ${USER_ROLE_NAME:=user}
 # OpenStack Services needs to be affiliated with a tenant to provide
 # authentication to other OpenStack services. We create a "service" tenant for
 # the OpenStack services. All the OpenStack services will be registered via
 # service tenant.
-# Tenant and role for service accounts.
+# Project and role for service accounts.
-: ${SERVICE_TENANT_NAME:=service}
+: ${SERVICE_PROJECT_NAME:=service}
 # Domain to use for email addresses (e.g. admin@example.com)
 : ${MAIL_DOMAIN:=example.com}
@@ -42,7 +45,10 @@
 # Metadata secret used by neutron and nova.
 : ${METADATA_SECRET:=osbash_training}
-# Metering secret used by ceilometer.
+# Heat domain password
-: ${METERING_SECRET:=osbash_training}
+: ${HEAT_DOMAIN_PASS:=heat_dom_pw}
 # Telemetry secret used by ceilometer.
 : ${TELEMETRY_SECRET:=osbash_training}
 # vim: set ai ts=4 sw=4 et ft=sh:
--- a/labs/osbash/config/demo-openstackrc.sh
+++ b/labs/osbash/config/demo-openstackrc.sh
@@ -9,7 +9,16 @@ CONFIG_DIR=$(dirname "$BASH_SOURCE")
 source "$CONFIG_DIR/openstack"
 source "$CONFIG_DIR/credentials"
 #------------------------------------------------------------------------------
 # OpenStack client environment scripts
 # http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-client-environment-scripts.html
 #------------------------------------------------------------------------------
 export OS_PROJECT_DOMAIN_ID=default
 export OS_USER_DOMAIN_ID=default
 export OS_PROJECT_NAME=$DEMO_PROJECT_NAME
 export OS_TENANT_NAME=$DEMO_PROJECT_NAME
 export OS_USERNAME=$DEMO_USER_NAME
 export OS_PASSWORD=$DEMO_PASSWORD
-export OS_TENANT_NAME=$DEMO_TENANT_NAME
+export OS_AUTH_URL=http://controller-mgmt:5000/v3
-export OS_AUTH_URL="http://controller-mgmt:5000/v2.0"
+export OS_REGION_NAME=$REGION
--- a/labs/osbash/config/openstack
+++ b/labs/osbash/config/openstack
@@ -1,8 +1,8 @@
 # This file contains OpenStack configuration data. It is used by both
 # host (osbash, Windows batch) and VM guest scripts.
-# one of: icehouse, juno
+# one of: icehouse, juno, kilo
-: ${OPENSTACK_RELEASE:=juno}
+: ${OPENSTACK_RELEASE:=kilo}
 # CirrOS image URL
 CIRROS_URL="http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img"
--- a/labs/osbash/config/scripts.ubuntu_cluster
+++ b/labs/osbash/config/scripts.ubuntu_cluster
@@ -32,8 +32,10 @@ cmd queue config_external_network.sh
 cmd queue config_tenant_network.sh
 cmd snapshot_cycle -n controller openstack_networks_configured
-cmd queue ubuntu/setup_lbaas_controller.sh
+# FIXME Our LBaaS support for kilo is broken; the configuration edits
-cmd snapshot_cycle -n controller lbaas-controller_installed
+#       in setup_lbaas_controller.sh break neutron
 #cmd queue ubuntu/setup_lbaas_controller.sh
 #cmd snapshot_cycle -n controller lbaas-controller_installed
 # Telemetry service is disabled for the time being as it overloads
 # the cluster. For enabling the same, please uncomment the following.
@@ -87,8 +89,9 @@ cmd snapshot_cycle -n network network_node_init
 cmd queue ubuntu/setup_neutron_network.sh
 cmd snapshot_cycle -n network neutron_configured
-cmd queue ubuntu/setup_lbaas_network.sh
+# FIXME Our LBaaS support for kilo is broken
-cmd snapshot_cycle -n network lbaas-network_installed
+#cmd queue ubuntu/setup_lbaas_network.sh
 #cmd snapshot_cycle -n network lbaas-network_installed
 cmd queue ubuntu/setup_heat_network.sh
 cmd snapshot_cycle -n network heat_network_installed
--- a/labs/osbash/lib/functions.guest
+++ b/labs/osbash/lib/functions.guest
@@ -145,9 +145,11 @@ function as_root_exec_script {
 }
 #-------------------------------------------------------------------------------
-# Root wrapper around devstack function for manipulating config files
+# Root wrapper around devstack functions for manipulating config files
 #-------------------------------------------------------------------------------
 # Set an option in an INI file
 # iniset config-file section option value
 function iniset_sudo {
    local file=$1
    shift
@@ -158,6 +160,29 @@ function iniset_sudo {
    cat "$tmpfile" | sudo tee "$file" >/dev/null
 }
 # Comment an option in an INI file
 # inicomment config-file section option
 function inicomment_sudo {
    local file=$1
    shift
    local tmpfile=$(mktemp)
    # Create a temporary copy, work on it, and copy it back into place
    sudo cp -fv "$file" "$tmpfile"
    inicomment "$tmpfile" "$@"
    cat "$tmpfile" | sudo tee "$file" >/dev/null
 }
 # Determinate is the given option present in the INI file
 # ini_has_option config-file section option
 function ini_has_option_sudo {
    local file=$1
    shift
    local tmpfile=$(mktemp)
    # Create a temporary copy, work on it
    sudo cp -fv "$file" "$tmpfile"
    ini_has_option "$tmpfile" "$@"
 }
 #-------------------------------------------------------------------------------
 # Functions for manipulating config files without section
 #-------------------------------------------------------------------------------
@@ -241,7 +266,7 @@ function setup_database {
 # Wait for keystone to come up
 function wait_for_keystone {
    echo -n "Waiting for keystone to come up."
-    until keystone user-list >/dev/null 2>&1; do
+    until openstack user list >/dev/null 2>&1; do
        echo -n .
        sleep 1
    done
--- a/labs/osbash/scripts/config_external_network.sh
+++ b/labs/osbash/scripts/config_external_network.sh
@@ -10,7 +10,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Create the external network and a subnet on it
-# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-external-network.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron_initial-external-network.html
 #------------------------------------------------------------------------------
 echo "Sourcing the admin credentials."
@@ -23,14 +23,14 @@ done
 echo "Creating the external network."
 neutron net-create ext-net \
-    --router:external True \
+    --router:external \
    --provider:physical_network external \
    --provider:network_type flat
 echo "Creating a subnet on the external network."
-neutron subnet-create ext-net \
+neutron subnet-create ext-net  \
    "$EXTERNAL_NETWORK_CIDR" \
    --name ext-subnet \
    --allocation-pool start="$FLOATING_IP_START,end=$FLOATING_IP_END" \
    --disable-dhcp \
-    --gateway "$EXTERNAL_NETWORK_GATEWAY" \
+    --gateway "$EXTERNAL_NETWORK_GATEWAY"
    "$EXTERNAL_NETWORK_CIDR"
--- a/labs/osbash/scripts/config_tenant_network.sh
+++ b/labs/osbash/scripts/config_tenant_network.sh
@@ -10,7 +10,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Create tenant network
-# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-tenant-network.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron_initial-tenant-network.html
 #------------------------------------------------------------------------------
 echo "Sourcing the demo credentials."
@@ -26,9 +26,9 @@ neutron net-create demo-net
 echo "Creating a subnet on the tenant network."
 neutron subnet-create demo-net \
    "$TENANT_NETWORK_CIDR" \
    --name demo-subnet \
-    --gateway "$TENANT_NETWORK_GATEWAY" \
+    --gateway "$TENANT_NETWORK_GATEWAY"
    "$TENANT_NETWORK_CIDR"
 echo "Creating a router on the tenant network."
 neutron router-create demo-router
--- a/labs/osbash/scripts/ubuntu/apt_install_mysql.sh
+++ b/labs/osbash/scripts/ubuntu/apt_install_mysql.sh
@@ -21,29 +21,41 @@ source "$CONFIG_DIR/openstack"
 DB_IP=$(get_ip_from_net_and_fourth "MGMT_NET" "$FOURTH_OCTET")
 echo "Will bind MySQL server to $DB_IP."
 #------------------------------------------------------------------------------
 # Install and configure the database server
 # http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_basic_environment.html
 #------------------------------------------------------------------------------
 echo "Sourced MySQL password from credentials: $DATABASE_PASSWORD"
 sudo debconf-set-selections  <<< 'mysql-server mysql-server/root_password password '$DATABASE_PASSWORD''
 sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '$DATABASE_PASSWORD''
 echo "Installing MySQL."
-sudo apt-get install -y mysql-server python-mysqldb
+sudo apt-get install -y mariadb-server python-mysqldb
 echo "Creating /etc/mysql/conf.d/mysqld_openstack.cnf."
 echo '[mysqld]' | sudo tee -a /etc/mysql/conf.d/mysqld_openstack.cnf
 echo "Configuring MySQL to accept requests by other nodes."
 conf=/etc/mysql/conf.d/mysqld_openstack.cnf
 # Enable access by other nodes via the management network
-iniset_sudo /etc/mysql/my.cnf mysqld bind-address "$DB_IP"
+iniset_sudo $conf mysqld bind-address "$DB_IP"
 # Enable InnoDB
-iniset_sudo /etc/mysql/my.cnf mysqld default-storage-engine innodb
+iniset_sudo $conf mysqld default-storage-engine innodb
-iniset_sudo /etc/mysql/my.cnf mysqld innodb_file_per_table 1
+iniset_sudo $conf mysqld innodb_file_per_table 1
 # Enable UTF-8 character set and UTF-8 collation by default
-iniset_sudo /etc/mysql/my.cnf mysqld collation-server utf8_general_ci
+iniset_sudo $conf mysqld collation-server utf8_general_ci
-iniset_sudo /etc/mysql/my.cnf mysqld init-connect "'SET NAMES utf8'"
+iniset_sudo $conf mysqld init-connect "'SET NAMES utf8'"
-iniset_sudo /etc/mysql/my.cnf mysqld character-set-server utf8
+iniset_sudo $conf mysqld character-set-server utf8
 echo "Restarting MySQL service."
-sudo service mysql restart
+# Close the file descriptor or the script will hang due to open ssh connection
 sudo service mysql restart 2>/dev/null
 # TODO(rluethi) do we need mysql_secure_installation?
 # XXX --use-default only in MySQL 5.7.4+ (Ubuntu 12.04 LTS: MySQL 5.5)
--- a/labs/osbash/scripts/ubuntu/apt_pre-download.sh
+++ b/labs/osbash/scripts/ubuntu/apt_pre-download.sh
@@ -39,6 +39,12 @@ function get_cirros {
 }
 get_cirros
 function get_keystone_httpd_files {
    wget --directory-prefix "$HOME" -O "keystone.py" "http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo"
 }
 get_keystone_httpd_files
 function apt_download {
    sudo apt-get install -y --download-only "$@"
@@ -48,36 +54,41 @@ function apt_download {
 # Download packages for all nodes
 # MySQL, RabbitMQ
-apt_download mysql-server python-mysqldb rabbitmq-server
+apt_download mariadb-server python-mysqldb rabbitmq-server
 # Other dependencies
 apt_download python-argparse
 # Keystone
-apt_download keystone
+apt_download keystone python-openstackclient apache2 \
    libapache2-mod-wsgi memcached python-memcache
 # Glance
-apt_download glance
+apt_download glance python-glanceclient
 # Nova Controller
 apt_download nova-api nova-cert nova-conductor nova-consoleauth \
    nova-novncproxy nova-scheduler python-novaclient
 # Neutron Controller
-apt_download neutron-server neutron-plugin-ml2 neutron-lbaas-agent
+apt_download neutron-server neutron-plugin-ml2 neutron-lbaas-agent \
    python-neutronclient
 # Cinder Controller
-apt_download cinder-api cinder-scheduler
+apt_download cinder-api cinder-scheduler python-cinderclient
 # Horizon
-apt_download openstack-dashboard memcached
+apt_download openstack-dashboard
 # Cinder Volumes
 apt_download lvm2 cinder-volume
 # Nova Compute
-apt_download nova-compute-qemu sysfsutils
+apt_download nova-compute-qemu qemu sysfsutils
 # Neutron Compute
 apt_download neutron-common neutron-plugin-ml2 \
-    neutron-plugin-openvswitch-agent
+    neutron-plugin-openvswitch-agent openvswitch-datapath-dkms
 # Neutron Network
 apt_download neutron-common neutron-plugin-ml2 \
--- a/labs/osbash/scripts/ubuntu/install_rabbitmq.sh
+++ b/labs/osbash/scripts/ubuntu/install_rabbitmq.sh
@@ -15,5 +15,8 @@ indicate_current_auto
 echo "Installing RabbitMQ."
 sudo apt-get install -y rabbitmq-server
-echo "Setting RabbitMQ password to '$RABBIT_PASSWORD'."
+echo "Adding openstack user to messaging service."
-sudo rabbitmqctl change_password guest "$RABBIT_PASSWORD"
+sudo rabbitmqctl add_user openstack "$RABBIT_PASSWORD"
 echo "Permit configuration, write and read access for the openstack user."
 sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"
--- a/labs/osbash/scripts/ubuntu/setup_cinder_controller.sh
+++ b/labs/osbash/scripts/ubuntu/setup_cinder_controller.sh
@@ -10,7 +10,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up Block Storage service controller (cinder controller node)
-# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-install-controller-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-install-controller-node.html
 #------------------------------------------------------------------------------
 echo "Setting up database for cinder."
@@ -25,40 +25,40 @@ cinder_admin_password=$(service_to_user_password cinder)
 wait_for_keystone
 echo "Creating cinder user."
-keystone user-create \
+openstack user create \
-    --name "$cinder_admin_user" \
+    --password "$cinder_admin_password" \
-    --pass "$cinder_admin_password"
+    "$cinder_admin_user"
 echo "Linking cinder user, service tenant and admin role."
-keystone user-role-add \
+openstack role add \
    --user "$cinder_admin_user" \
-    --tenant "$SERVICE_TENANT_NAME" \
+    --project "$SERVICE_PROJECT_NAME" \
-    --role "$ADMIN_ROLE_NAME"
+    "$ADMIN_ROLE_NAME"
 echo "Registering cinder with keystone so that other services can locate it."
-keystone service-create \
+openstack service create \
    --name cinder \
-    --type volume \
+    --description "OpenStack Block Storage" \
-    --description "OpenStack Block Storage"
+    volume
-keystone service-create \
+openstack service create \
    --name cinderv2 \
-    --type volumev2 \
+    --description "OpenStack Block Storage v2" \
-    --description "OpenStack Block Storage v2"
+    volumev2
-cinder_service_id=$(keystone service-list | awk '/ volume / {print $2}')
+openstack endpoint create \
 keystone endpoint-create \
    --service-id "$cinder_service_id" \
    --publicurl 'http://controller-api:8776/v1/%(tenant_id)s' \
    --adminurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' \
-    --internalurl 'http://controller-mgmt:8776/v1/%(tenant_id)s'
+    --internalurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' \
    --region "$REGION" \
    volume
-cinder_v2_service_id=$(keystone service-list | awk '/ volumev2 / {print $2}')
+openstack endpoint create \
 keystone endpoint-create \
    --service-id "$cinder_v2_service_id" \
    --publicurl 'http://controller-api:8776/v2/%(tenant_id)s' \
    --adminurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' \
-    --internalurl 'http://controller-mgmt:8776/v2/%(tenant_id)s'
+    --internalurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' \
    --region "$REGION" \
    volumev2
 echo "Installing cinder."
 sudo apt-get install -y cinder-api cinder-scheduler python-cinderclient \
@@ -85,19 +85,27 @@ iniset_sudo $conf database connection "$database_url"
 # Configure [DEFAULT] section to use RabbitMQ message broker.
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 iniset_sudo $conf DEFAULT auth_strategy keystone
 # Configure [keystone_authtoken] section.
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
-iniset_sudo $conf keystone_authtoken admin_user "$cinder_admin_user"
+iniset_sudo $conf keystone_authtoken project_domain_id default
-iniset_sudo $conf keystone_authtoken admin_password "$cinder_admin_password"
+iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$cinder_admin_user"
 iniset_sudo $conf keystone_authtoken password "$cinder_admin_password"
 iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip controller-mgmt)"
 iniset_sudo $conf oslo_concurrency lock_path /var/lock/cinder
 iniset_sudo $conf DEFAULT verbose True
 echo "Creating the database tables for cinder."
--- a/labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh
+++ b/labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh
@@ -12,7 +12,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up Block Storage service (cinder).
-# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-install-storage-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-install-storage-node.html
 #------------------------------------------------------------------------------
 # Get FOURTH_OCTET for this node
@@ -21,6 +21,9 @@ source "$CONFIG_DIR/config.$(hostname)"
 MY_MGMT_IP=$(get_ip_from_net_and_fourth "MGMT_NET" "$FOURTH_OCTET")
 echo "IP address of this node's interface in management network: $MY_MGMT_IP."
 echo "Installing qemu support package for non-raw image types."
 sudo apt-get install -y qemu
 echo "Installing the Logical Volume Manager (LVM)."
 sudo apt-get install -y lvm2
@@ -70,24 +73,37 @@ iniset_sudo $conf database connection "$database_url"
 # Configure [DEFAULT] section.
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 iniset_sudo $conf DEFAULT auth_strategy keystone
 # Configure [keystone_authtoken] section.
 cinder_admin_user=$(service_to_user_name cinder)
 cinder_admin_password=$(service_to_user_password cinder)
-iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
-iniset_sudo $conf keystone_authtoken admin_user "$cinder_admin_user"
+iniset_sudo $conf keystone_authtoken project_domain_id default
-iniset_sudo $conf keystone_authtoken admin_password "$cinder_admin_password"
+iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$cinder_admin_user"
 iniset_sudo $conf keystone_authtoken password "$cinder_admin_password"
 iniset_sudo $conf DEFAULT my_ip "$MY_MGMT_IP"
 iniset_sudo $conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
 iniset_sudo $conf lvm volume_group  cinder-volumes
 iniset_sudo $conf lvm iscsi_protocol iscsi
 iniset_sudo $conf lvm iscsi_helper  tgtadm
 iniset_sudo $conf DEFAULT enabled_backends lvm
 iniset_sudo $conf DEFAULT glance_host controller-mgmt
 iniset_sudo $conf oslo_concurrency lock_path /var/lock/cinder
 iniset_sudo $conf DEFAULT verbose True
 echo "Restarting cinder service."
@@ -98,7 +114,7 @@ sudo rm -f /var/lib/cinder/cinder.sqlite
 #------------------------------------------------------------------------------
 # Verify the Block Storage installation
-# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-verify.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-verify.html
 #------------------------------------------------------------------------------
 echo "Verifying Block Storage installation on controller node."
@@ -153,8 +169,9 @@ AUTH="source $CONFIG_DIR/demo-openstackrc.sh"
 echo "cinder create --display-name demo-volume1 1"
 node_ssh controller-mgmt "$AUTH; cinder create --display-name demo-volume1 1;sleep 20"
-echo "check if cinder has the given volume"
+echo -n "Waiting for cinder to list the new volume."
 until node_ssh controller-mgmt "$AUTH; cinder list | grep demo-volume1" > /dev/null 2>&1; do
    echo -n .
    sleep 1
 done
--- a/labs/osbash/scripts/ubuntu/setup_glance.sh
+++ b/labs/osbash/scripts/ubuntu/setup_glance.sh
@@ -10,7 +10,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Install the Image Service (glance).
-# http://docs.openstack.org/juno/install-guide/install/apt/content/glance-install.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/glance-install.html
 #------------------------------------------------------------------------------
 echo "Setting up database for glance."
@@ -26,28 +26,27 @@ glance_admin_password=$(service_to_user_password glance)
 wait_for_keystone
 echo "Creating glance user and giving it admin role under service tenant."
-keystone user-create \
+openstack user create \
-    --name "$glance_admin_user" \
+    --password "$glance_admin_password" \
-    --pass "$glance_admin_password" \
+    "$glance_admin_user"
-keystone user-role-add \
+openstack role add \
    --project "$SERVICE_PROJECT_NAME" \
    --user "$glance_admin_user" \
-    --tenant "$SERVICE_TENANT_NAME" \
+    "$ADMIN_ROLE_NAME"
    --role "$ADMIN_ROLE_NAME"
 echo "Registering glance with keystone so that other services can locate it."
-keystone service-create \
+openstack service create \
    --name glance \
-    --type image \
+    --description "OpenStack Image Service" \
-    --description "OpenStack Image Service"
+    image
-glance_service_id=$(keystone service-list | awk '/ image / {print $2}')
+openstack endpoint create \
 keystone endpoint-create \
    --service-id "$glance_service_id" \
    --publicurl "http://controller-api:9292" \
    --internalurl "http://controller-mgmt:9292" \
    --adminurl "http://controller-mgmt:9292" \
-    --region "$REGION"
+    --region "$REGION" \
    image
 echo "Installing glance."
 sudo apt-get install -y glance python-glanceclient
@@ -65,26 +64,56 @@ echo "Database connection: $database_url."
 echo "Configuring glance-api.conf."
 conf=/etc/glance/glance-api.conf
 # Database
 iniset_sudo $conf database connection "$database_url"
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+# Keystone_authtoken
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken admin_user "$glance_admin_user"
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_password "$glance_admin_password"
+iniset_sudo $conf keystone_authtoken auth_plugin password
 iniset_sudo $conf keystone_authtoken project_domain_id default
 iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$glance_admin_user"
 iniset_sudo $conf keystone_authtoken password "$glance_admin_password"
 # Paste_deploy
 iniset_sudo $conf paste_deploy flavor "keystone"
 # Glance_store
 iniset_sudo $conf glance_store default_store file
 iniset_sudo $conf glance_store filesystem_store_datadir /var/lib/glance/images/
 # Default section
 iniset_sudo $conf DEFAULT notification_driver noop
 iniset_sudo $conf DEFAULT verbose True
 echo "Configuring glance-registry.conf."
 conf=/etc/glance/glance-registry.conf
 # Database section
 iniset_sudo $conf database connection "$database_url"
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+# Keystone authtoken section
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken admin_user "$glance_admin_user"
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_password "$glance_admin_password"
+iniset_sudo $conf keystone_authtoken auth_plugin password
 iniset_sudo $conf keystone_authtoken project_domain_id default
 iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$glance_admin_user"
 iniset_sudo $conf keystone_authtoken password "$glance_admin_password"
 # Glance store
 iniset_sudo $conf glance_store default_store file
 iniset_sudo $conf glance_store filesystem_store_datadir /var/lib/glance/images/
 # Paste deploy section
 iniset_sudo $conf paste_deploy flavor "keystone"
 # Default section
 iniset_sudo $conf DEFAULT notification_driver noop
 iniset_sudo $conf DEFAULT verbose True
 echo "Creating the database tables for glance."
@@ -99,7 +128,7 @@ sudo rm -f /var/lib/glance/glance.sqlite
 #------------------------------------------------------------------------------
 # Verify the Image Service installation
-# http://docs.openstack.org/juno/install-guide/install/apt/content/glance-verify.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/glance-verify.html
 #------------------------------------------------------------------------------
 echo "Waiting for glance to start."
@@ -117,7 +146,8 @@ glance image-create \
    --file "$HOME/img/$(basename $CIRROS_URL)" \
    --disk-format qcow2 \
    --container-format bare \
-    --is-public True
+    --visibility public \
    --progress
 echo "Verifying that the image was successfully added to the service."
--- a/labs/osbash/scripts/ubuntu/setup_heat_controller.sh
+++ b/labs/osbash/scripts/ubuntu/setup_heat_controller.sh
@@ -11,7 +11,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Install the Orchestration Service (heat).
-# http://docs.openstack.org/juno/install-guide/install/apt/content/heat-install-controller-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/heat-install-controller-node.html
 #------------------------------------------------------------------------------
 echo "Setting up database for heat."
@@ -27,58 +27,53 @@ heat_admin_password=$(service_to_user_password heat)
 wait_for_keystone
 echo "Creating heat user and giving it admin role under service tenant."
-keystone user-create \
+openstack user create \
-    --name "$heat_admin_user" \
+    --password "$heat_admin_password" \
-    --pass "$heat_admin_password" \
+    "$heat_admin_user"
-keystone user-role-add \
+openstack role add \
    --project "$SERVICE_PROJECT_NAME" \
    --user "$heat_admin_user" \
-    --tenant "$SERVICE_TENANT_NAME" \
+    "$ADMIN_ROLE_NAME"
    --role "$ADMIN_ROLE_NAME"
 echo "Creating the heat stack owner role."
-keystone role-create --name "heat_stack_owner"
+openstack role create "heat_stack_owner"
-keystone user-role-add \
+openstack role add \
    --project "$DEMO_PROJECT_NAME" \
    --user "$DEMO_USER_NAME" \
-    --tenant "$DEMO_TENANT_NAME" \
+    "heat_stack_owner"
    --role heat_stack_owner
 echo "Creating the heat stack user role."
-keystone role-create --name "heat_stack_user"
+openstack role create "heat_stack_user"
-echo "Registering heat with keystone so that other services can locate it."
+echo "Creating the heat and heat-cfn service entities."
-keystone service-create \
+openstack service create \
    --name heat \
-    --type orchestration \
+    --description "Orchestration" \
-    --description "Orchestration"
+    orchestration
-keystone service-create \
+openstack service create \
    --name heat-cfn \
-    --type cloudformation \
+    --description "Orchestration" \
-    --description "Orchestration"
+    cloudformation
-
+openstack endpoint create \
 heat_service_id=$(keystone service-list | awk '/ orchestration / {print $2}')
 keystone endpoint-create \
    --service-id "$heat_service_id" \
    --publicurl "http://controller-api:8004/v1/%(tenant_id)s" \
    --internalurl "http://controller-mgmt:8004/v1/%(tenant_id)s" \
    --adminurl "http://controller-mgmt:8004/v1/%(tenant_id)s" \
-    --region "$REGION"
+    --region "$REGION" \
    orchestration
-heatcfn_service_id=$(keystone service-list | awk '/ cloudformation / {print $2}')
+openstack endpoint create \
 keystone endpoint-create \
    --service-id "$heatcfn_service_id" \
    --publicurl "http://controller-api:8000/v1" \
    --internalurl "http://controller-mgmt:8000/v1" \
    --adminurl "http://controller-mgmt:8000/v1" \
-    --region "$REGION"
+    --region "$REGION" \
-
+    cloudformation
 echo "Installing heat."
-sudo apt-get install -y heat-api heat-api-cfn heat-engine \
+sudo apt-get install -y heat-api heat-api-cfn heat-engine python-heatclient
    python-heatclient
 function get_database_url {
    local db_user=$(service_to_db_user heat)
@@ -99,19 +94,30 @@ echo "Configuring [DEFAULT] section in /etc/heat/heat.conf."
 iniset_sudo $conf DEFAULT rpc_backend rabbit
 iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
 iniset_sudo $conf DEFAULT rabbit_userid openstack
 iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
-
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
 iniset_sudo $conf keystone_authtoken admin_user "$heat_admin_user"
 iniset_sudo $conf keystone_authtoken admin_password "$heat_admin_password"
-iniset_sudo $conf ec2authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+
-iniset_sudo $conf DEFAULT heat_metadata_server_url "http://controller-mgmt:8000"
+iniset_sudo $conf ec2authtoken auth_uri http://controller-mgmt:5000/v2.0
-iniset_sudo $conf DEFAULT heat_waitcondition_server_url "http://controller-mgmt:8000/v1/waitcondition"
+
 iniset_sudo $conf DEFAULT heat_metadata_server_url http://controller-mgmt:8000
 iniset_sudo $conf DEFAULT heat_waitcondition_server_url http://controller-mgmt:8000/v1/waitcondition
 iniset_sudo $conf DEFAULT stack_domain_admin heat_domain_admin
 iniset_sudo $conf DEFAULT stack_domain_admin_password "$HEAT_DOMAIN_PASS"
 iniset_sudo $conf DEFAULT stack_user_domain_name heat_user_domain
 iniset_sudo $conf DEFAULT verbose True
 heat-keystone-setup-domain \
    --stack-user-domain-name heat_user_domain \
    --stack-domain-admin heat_domain_admin \
    --stack-domain-admin-password "$HEAT_DOMAIN_PASS"
 echo "Creating the database tables for heat."
 sudo heat-manage db_sync
@@ -121,5 +127,10 @@ sudo service heat-api restart
 sudo service heat-api-cfn restart
 sudo service heat-engine restart
 echo "Waiting for heat stack-list."
 until heat stack-list; do
    sleep 1
 done
 echo "Removing default SQLite database."
 sudo rm -f /var/lib/heat/heat.sqlite
--- a/labs/osbash/scripts/ubuntu/setup_heat_network.sh
+++ b/labs/osbash/scripts/ubuntu/setup_heat_network.sh
@@ -12,7 +12,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Verify the Orchestration Service installation
-# http://docs.openstack.org/juno/install-guide/install/apt/content/heat-verify.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/heat-verify.html
 #------------------------------------------------------------------------------
 echo "Verifying heat installation."
--- a/labs/osbash/scripts/ubuntu/setup_horizon.sh
+++ b/labs/osbash/scripts/ubuntu/setup_horizon.sh
@@ -9,12 +9,11 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up OpenStack Dashboard (horizon)
-# http://docs.openstack.org/juno/install-guide/install/apt/content/install_dashboard.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/install_dashboard.html
 #------------------------------------------------------------------------------
 echo "Installing horizon."
-sudo apt-get install -y openstack-dashboard apache2 libapache2-mod-wsgi \
+sudo apt-get install -y openstack-dashboard
    memcached python-memcache
 echo "Purging Ubuntu theme."
 sudo dpkg --purge openstack-dashboard-ubuntu-theme
@@ -71,4 +70,4 @@ function check_apache_service {
 echo "Reloading apache and memcached service."
 sudo service apache2 stop
 check_apache_service
-sudo service memcached restart
+sudo service apache2 start
--- a/labs/osbash/scripts/ubuntu/setup_keystone.sh
+++ b/labs/osbash/scripts/ubuntu/setup_keystone.sh
@@ -13,20 +13,25 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up keystone for controller node
-# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-install.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-install.html
 #------------------------------------------------------------------------------
 echo "Setting up database for keystone."
 setup_database keystone
-# Create a "shared secret" used as OS_SERVICE_TOKEN, together with
+# Create a "shared secret" used as OS_TOKEN, together with OS_URL, before
-# OS_SERVICE_ENDPOINT, before keystone can be used for authentication
+# keystone can be used for authentication
 echo -n "Using openssl to generate a random admin token: "
 ADMIN_TOKEN=$(openssl rand -hex 10)
 echo "$ADMIN_TOKEN"
 echo "Disabling the keystone service from starting automatically after installation."
 echo "manual" | sudo tee /etc/init/keystone.override
 echo "Installing keystone."
-sudo apt-get install -y keystone python-keystoneclient
+sudo apt-get install -y keystone python-openstackclient apache2 \
    libapache2-mod-wsgi memcached python-memcache
 conf=/etc/keystone/keystone.conf
 echo "Configuring [DEFAULT] section in $conf."
@@ -49,9 +54,16 @@ echo "Configuring [database] section in /etc/keystone/keystone.conf."
 echo "Setting database connection: $database_url."
 iniset_sudo $conf database connection "$database_url"
 echo "Configuring the Memcache service."
 iniset_sudo $conf memcache servers localhost:11211
 echo "Configuring the UUID token provider and SQL driver."
 iniset_sudo $conf token provider keystone.token.providers.uuid.Provider
-iniset_sudo $conf token driver keystone.token.persistence.backends.sql.Token
+iniset_sudo $conf token driver keystone.token.persistence.backends.memcache.Token
 echo "Configuring the SQL revocation driver."
 iniset_sudo $conf revoke driver keystone.contrib.revoke.backends.sql.Revoke
 echo "Enabling verbose logging."
 iniset_sudo $conf DEFAULT verbose True
@@ -59,110 +71,235 @@ iniset_sudo $conf DEFAULT verbose True
 echo "Creating the database tables for keystone."
 sudo keystone-manage db_sync
-echo "Restarting keystone."
+# Configure Apache HTTP server.
-sudo service keystone restart
+
 echo "Configuring ServerName option in /etc/apache2/apache2.conf to reference controller node."
 echo "ServerName controller-mgmt" | sudo tee -a /etc/apache2/apache2.conf
 echo "Creating /etc/apache2/sites-available/wsgi-keystone.conf."
 cat << WSGI | sudo tee -a /etc/apache2/sites-available/wsgi-keystone.conf
 Listen 5000
 Listen 35357
 <VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    LogLevel info
    ErrorLog /var/log/apache2/keystone-error.log
    CustomLog /var/log/apache2/keystone-access.log combined
 </VirtualHost>
 <VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    LogLevel info
    ErrorLog /var/log/apache2/keystone-error.log
    CustomLog /var/log/apache2/keystone-access.log combined
 </VirtualHost>
 WSGI
 echo "Enabling the identity service virtual hosts."
 sudo ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
 echo "Creating the directory structure for WSGI components."
 sudo mkdir -p /var/www/cgi-bin/keystone
 echo "Copying WSGI component from upstream repository."
 # Note: Since we have offline installation, use pre-cached files.
 cat "$HOME/keystone.py" | sudo tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
 echo "Adjusting ownership and permissions."
 sudo chown -R keystone:keystone /var/www/cgi-bin/keystone
 sudo chmod 755 /var/www/cgi-bin/keystone/*
 echo "Restarting apache."
 sudo service apache2 restart
 echo "Removing default SQLite database."
 sudo rm -f /var/lib/keystone/keystone.db
-if ! sudo crontab -l -u keystone 2>&1 | grep token_flush; then
+sudo rm "$HOME/keystone.py"
-    # No existing crontab entry for token_flush -- add one now.
+
-    echo "Adding crontab entry to purge expired tokens:"
+#------------------------------------------------------------------------------
-    cat << CRON | sudo tee -a /var/spool/cron/crontabs/keystone
+# Configure keystone services and API endpoints
-# Purges expired tokens every hour and logs the output
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-services.html
-@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1
+#------------------------------------------------------------------------------
-CRON
+
-    echo "---------------------------------------------"
+echo "Using OS_TOKEN, OS_URL for authentication."
-fi
+export OS_TOKEN=$ADMIN_TOKEN
 export OS_URL=http://controller-mgmt:35357/v2.0
 echo "Creating keystone service."
 openstack service create \
    --name keystone \
    --description "OpenStack Identity" \
    identity
 echo "Creating endpoints for keystone."
 openstack endpoint create \
    --publicurl http://controller-mgmt:5000/v2.0 \
    --internalurl http://controller-mgmt:5000/v2.0 \
    --adminurl http://controller-mgmt:35357/v2.0 \
    --region "$REGION" \
    identity
 #------------------------------------------------------------------------------
 # Configure keystone users, tenants and roles
-# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-users.html
 #------------------------------------------------------------------------------
 echo "Using OS_SERVICE_TOKEN, OS_SERVICE_ENDPOINT for authentication."
 export OS_SERVICE_TOKEN=$ADMIN_TOKEN
 export OS_SERVICE_ENDPOINT="http://controller-mgmt:35357/v2.0"
 # Wait for keystone to come up
 wait_for_keystone
-echo "Adding admin tenant."
+echo "Creating admin project."
-keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant"
+openstack project create \
    --description "Admin Project" \
    "$ADMIN_PROJECT_NAME"
 echo "Creating admin user."
-keystone user-create \
+openstack user create \
-    --name "$ADMIN_USER_NAME" \
+    --password "$ADMIN_PASSWORD" \
-    --pass "$ADMIN_PASSWORD" \
+    "$ADMIN_USER_NAME"
    --email "admin@$MAIL_DOMAIN"
 echo "Creating admin role."
-keystone role-create --name "$ADMIN_ROLE_NAME"
+openstack role create "$ADMIN_ROLE_NAME"
-echo "Linking admin user, admin role and admin tenant."
+echo "Adding admin role to admin project."
-keystone user-role-add \
+openstack role add \
    --project "$ADMIN_PROJECT_NAME" \
    --user "$ADMIN_USER_NAME" \
-    --tenant "$ADMIN_TENANT_NAME" \
+    "$ADMIN_ROLE_NAME"
    --role "$ADMIN_ROLE_NAME"
-echo "Creating demo tenant."
+echo "Creating service project."
-keystone tenant-create --name "$DEMO_TENANT_NAME" --description "Demo Tenant"
+openstack project create \
    --description "Service Project" \
    "$SERVICE_PROJECT_NAME"
 echo "Creating demo project."
 openstack project create \
    --description "Demo Project" \
    "$DEMO_PROJECT_NAME"
 echo "Creating demo user."
-# Using the --tenant option automatically assigns the _member_ role to a user.
+openstack user create \
-# This option will also create the _member_ role if it does not exist.
+    --password "$DEMO_PASSWORD" \
-keystone user-create \
+    "$DEMO_USER_NAME"
    --name "$DEMO_USER_NAME" \
    --tenant "$DEMO_TENANT_NAME" \
    --pass "$DEMO_PASSWORD" \
    --email "demo@$MAIL_DOMAIN"
-echo "Adding service tenant."
+echo "Creating the user role."
-keystone tenant-create \
+openstack role create \
-    --name "$SERVICE_TENANT_NAME" \
+    "$USER_ROLE_NAME"
    --description "Service Tenant"
-#------------------------------------------------------------------------------
+echo "Linking user role to demo project and user."
-# Configure keystone services and API endpoints
+openstack role add \
-# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-services.html
+    --project "$DEMO_PROJECT_NAME" \
-#------------------------------------------------------------------------------
+    --user "$DEMO_USER_NAME" \
-
+    "$USER_ROLE_NAME"
 echo "Creating keystone service."
 keystone service-create \
    --name keystone \
    --type identity \
    --description 'OpenStack Identity'
 echo "Creating endpoints for keystone."
 keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}')
 keystone endpoint-create \
    --service-id "$keystone_service_id" \
    --publicurl "http://controller-api:5000/v2.0" \
    --internalurl "http://controller-mgmt:5000/v2.0" \
    --adminurl "http://controller-mgmt:35357/v2.0" \
    --region "$REGION"
 #------------------------------------------------------------------------------
 # Verify the Identity Service installation
-# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-verify.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-verify.html
 #------------------------------------------------------------------------------
 echo "Verifying keystone installation."
 # Disable temporary authentication token mechanism
 conf=/etc/keystone/keystone-paste.ini
 for section in pipeline:public_api pipeline:admin_api pipeline:api_v3; do
    if ini_has_option_sudo $conf $section admin_token_auth; then
        echo "Disabling admin_token_auth in section $section."
        inicomment_sudo $conf $section admin_token_auth
    fi
 done
 # From this point on, we are going to use keystone for authentication
-unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
+unset OS_TOKEN OS_URL
-# Load keystone credentials
+echo "Requesting an authentication token."
-source "$CONFIG_DIR/admin-openstackrc.sh"
+openstack \
    --os-auth-url http://controller:35357 \
    --os-project-name "$ADMIN_PROJECT_NAME" \
    --os-username "$ADMIN_USER_NAME" \
    --os-auth-type password \
    --os-password "$ADMIN_PASSWORD" \
    token issue
-# The output of the following commands can be used to verify or debug the
+echo "Requesting an authentication token using the version 3 API."
-# service.
+openstack \
    --os-auth-url http://controller:35357 \
    --os-project-domain-id default \
    --os-user-domain-id default \
    --os-project-name "$ADMIN_PROJECT_NAME" \
    --os-username "$ADMIN_USER_NAME" \
    --os-auth-type password \
    --os-password "$ADMIN_PASSWORD" \
      token issue
-echo "keystone token-get"
+echo "Requesting project list."
-keystone token-get
+openstack \
    --os-auth-url http://controller:35357 \
    --os-project-name "$ADMIN_PROJECT_NAME" \
    --os-username "$ADMIN_USER_NAME" \
    --os-auth-type password \
    --os-password "$ADMIN_PASSWORD" \
    project list
-echo "keystone user-list"
+echo "Requesting user list."
-keystone user-list
+openstack \
    --os-auth-url http://controller:35357 \
    --os-project-name "$ADMIN_PROJECT_NAME" \
    --os-username "$ADMIN_USER_NAME" \
    --os-auth-type password \
    --os-password "$ADMIN_PASSWORD" \
    user list
-echo "keystone user-role-list --user $ADMIN_USER_NAME --tenant $ADMIN_TENANT_NAME"
+echo "Requesting role list."
-keystone user-role-list --user "$ADMIN_USER_NAME" --tenant "$ADMIN_TENANT_NAME"
+openstack \
    --os-auth-url http://controller:35357 \
    --os-project-name "$ADMIN_PROJECT_NAME" \
    --os-username "$ADMIN_USER_NAME" \
    --os-auth-type password \
    --os-password "$ADMIN_PASSWORD" \
    role list
 echo "Requesting an authentication token for the demo user."
 openstack \
    --os-auth-url http://controller:5000 \
    --os-project-domain-id default \
    --os-user-domain-id default \
    --os-project-name "$DEMO_PROJECT_NAME" \
    --os-username "$DEMO_USER_NAME" \
    --os-auth-type password \
    --os-password "$DEMO_PASSWORD" \
    token issue
 echo "Verifying that an admin-only request by the demo user is denied."
 openstack \
    --os-auth-url http://controller:5000 \
    --os-project-domain-id default \
    --os-user-domain-id default \
    --os-project-name "$DEMO_PROJECT_NAME" \
    --os-username "$DEMO_USER_NAME" \
    --os-auth-type password \
    --os-password "$DEMO_PASSWORD" \
    user list || rc=$?
 echo rc=$rc
 if [ $rc -eq 0 ]; then
    echo "The request was not denied. This is an error. Exiting."
    exit 1
 else
    echo "The request was correctly denied."
 fi
--- a/labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh
+++ b/labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh
@@ -18,6 +18,7 @@ echo "Configuring neutron lbaas for controller node."
 conf=/etc/neutron/neutron.conf
 # Configure network plugin parameters
 # FIXME The following line breaks neutron
 iniset_sudo $conf DEFAULT service_plugins "router,lbaas"
 echo "Restarting neutron service."
--- a/labs/osbash/scripts/ubuntu/setup_neutron_compute.sh
+++ b/labs/osbash/scripts/ubuntu/setup_neutron_compute.sh
@@ -11,7 +11,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up OpenStack Networking (neutron) for compute node.
-# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-compute-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-compute-node.html
 #------------------------------------------------------------------------------
 echo "Editing /etc/sysctl.conf: disable Reverse Path Forwarding filter."
@@ -19,6 +19,12 @@ cat << SYSCTL | sudo tee -a /etc/sysctl.conf
 # Disable Reverse Path Forwarding filter (RFC 3704)
 net.ipv4.conf.all.rp_filter=0
 net.ipv4.conf.default.rp_filter=0
 # XXX NOTE This was added to the install-guide because CentOS needs it. On
 #          Ubuntu it results in an error because the bridge kernel modules
 #          are not loaded at this point.
 #net.bridge.bridge-nf-call-iptables=1
 #net.bridge.bridge-nf-call-ip6tables=1
 SYSCTL
 # Reload changed file
@@ -38,18 +44,23 @@ echo "Configuring $conf."
 # Configure AMQP parameters
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 # Configuring [DEFAULT] section
 iniset_sudo $conf DEFAULT auth_strategy keystone
 # Configuring [keystone_authtoken] section
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
-iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
+iniset_sudo $conf keystone_authtoken project_domain_id default
-iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
+iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
 iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
 # Configure network plugin parameters
 iniset_sudo $conf DEFAULT core_plugin ml2
@@ -62,7 +73,7 @@ echo "Configuring the OVS plug-in to use GRE tunneling."
 conf=/etc/neutron/plugins/ml2/ml2_conf.ini
 # Under the ml2 section
-iniset_sudo $conf ml2 type_drivers flat,gre
+iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
 iniset_sudo $conf ml2 tenant_network_types gre
 iniset_sudo $conf ml2 mechanism_drivers openvswitch
@@ -87,14 +98,14 @@ echo "Configuring Compute to use Networking."
 conf=/etc/nova/nova.conf
 iniset_sudo $conf DEFAULT network_api_class nova.network.neutronv2.api.API
 iniset_sudo $conf DEFAULT security_group_api neutron
-iniset_sudo $conf DEFAULT linuxnet_interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
 iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 iniset_sudo $conf neutron url http://controller-mgmt:9696
 iniset_sudo $conf neutron auth_strategy keystone
 iniset_sudo $conf neutron admin_auth_url http://controller-mgmt:35357/v2.0
-iniset_sudo $conf neutron admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf neutron admin_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf neutron admin_username "$neutron_admin_user"
 iniset_sudo $conf neutron admin_password "$neutron_admin_password"
--- a/labs/osbash/scripts/ubuntu/setup_neutron_controller.sh
+++ b/labs/osbash/scripts/ubuntu/setup_neutron_controller.sh
@@ -10,7 +10,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up OpenStack Networking (neutron) for controller node.
-# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-controller-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-controller-node.html
 #------------------------------------------------------------------------------
 echo "Setting up database for neutron."
@@ -25,31 +25,31 @@ neutron_admin_password=$(service_to_user_password neutron)
 wait_for_keystone
 echo "Creating neutron user and giving it admin role under service tenant."
-keystone user-create \
+openstack user create \
-    --name "$neutron_admin_user" \
+    --password "$neutron_admin_password" \
-    --pass "$neutron_admin_password"
+    "$neutron_admin_user"
-keystone user-role-add \
+openstack role add \
    --project "$SERVICE_PROJECT_NAME" \
    --user "$neutron_admin_user" \
-    --tenant "$SERVICE_TENANT_NAME" \
+    "$ADMIN_ROLE_NAME"
    --role "$ADMIN_ROLE_NAME"
 echo "Registering neutron with keystone so that other services can locate it."
-keystone service-create \
+openstack service create \
    --name neutron \
-    --type network \
+    --description "OpenStack Networking" \
-    --description "OpenStack Networking"
+    network
-neutron_service_id=$(keystone service-list | awk '/ network / {print $2}')
+openstack endpoint create \
-keystone endpoint-create \
+    --publicurl http://controller-api:9696 \
-    --service-id "$neutron_service_id" \
+    --adminurl http://controller-mgmt:9696 \
-    --publicurl "http://controller-mgmt:9696" \
+    --internalurl http://controller-mgmt:9696 \
-    --adminurl "http://controller-mgmt:9696" \
+    --region "$REGION" \
-    --internalurl "http://controller-mgmt:9696" \
+    network
    --region "$REGION"
 echo "Installing neutron for controller node."
-sudo apt-get install -y neutron-server neutron-plugin-ml2 python-neutronclient
+sudo apt-get install -y \
    neutron-server neutron-plugin-ml2 python-neutronclient
 echo "Configuring neutron for controller node."
@@ -69,16 +69,24 @@ iniset_sudo $conf database connection "$database_url"
 # Configure AMQP parameters
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 # Configuring [DEFAULT] section
 iniset_sudo $conf DEFAULT auth_strategy keystone
 # Configuring [keystone_authtoken] section
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
 iniset_sudo $conf keystone_authtoken project_domain_id default
 iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
 iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
 iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
 iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
@@ -90,25 +98,26 @@ iniset_sudo $conf DEFAULT allow_overlapping_ips True
 nova_admin_user=$(service_to_user_name nova)
 nova_admin_password=$(service_to_user_password nova)
 service_tenant_id=$(keystone tenant-get "$SERVICE_TENANT_NAME" | awk '/ id / {print $4}')
 echo "Service tenant id: $service_tenant_id"
 # Configure nova related parameters
 iniset_sudo $conf DEFAULT notify_nova_on_port_status_changes True
 iniset_sudo $conf DEFAULT notify_nova_on_port_data_changes True
 iniset_sudo $conf DEFAULT nova_url http://controller-mgmt:8774/v2
-iniset_sudo $conf DEFAULT nova_admin_auth_url http://controller-mgmt:35357/v2.0
+
-iniset_sudo $conf DEFAULT nova_region_name "$REGION"
+iniset_sudo $conf nova auth_url http://controller-mgmt:35357
-iniset_sudo $conf DEFAULT nova_admin_username "$nova_admin_user"
+iniset_sudo $conf nova auth_plugin password
-iniset_sudo $conf DEFAULT nova_admin_tenant_id "$service_tenant_id"
+iniset_sudo $conf nova project_domain_id default
-iniset_sudo $conf DEFAULT nova_admin_password "$nova_admin_password"
+iniset_sudo $conf nova user_domain_id default
 iniset_sudo $conf nova region_name "$REGION"
 iniset_sudo $conf nova project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf nova username "$nova_admin_user"
 iniset_sudo $conf nova password "$nova_admin_password"
 iniset_sudo $conf DEFAULT verbose True
 echo "Configuring the OVS plug-in to use GRE tunneling."
 conf=/etc/neutron/plugins/ml2/ml2_conf.ini
 # Edit the [ml2] section.
-iniset_sudo $conf ml2 type_drivers flat,gre
+iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
 iniset_sudo $conf ml2 tenant_network_types gre
 iniset_sudo $conf ml2 mechanism_drivers openvswitch
@@ -124,30 +133,28 @@ echo "Configure Compute to use Networking"
 conf=/etc/nova/nova.conf
 iniset_sudo $conf DEFAULT network_api_class nova.network.neutronv2.api.API
 iniset_sudo $conf DEFAULT security_group_api neutron
-iniset_sudo $conf DEFAULT linuxnet_interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
 iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 iniset_sudo $conf neutron url http://controller-mgmt:9696
 iniset_sudo $conf neutron auth_strategy keystone
 iniset_sudo $conf neutron admin_auth_url http://controller-mgmt:35357/v2.0
-iniset_sudo $conf neutron admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf neutron admin_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf neutron admin_username "$neutron_admin_user"
 iniset_sudo $conf neutron admin_password "$neutron_admin_password"
 # service_neutron_metadata_proxy, neutron_metadata_proxy_shared_secret from:
-# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html
 iniset_sudo $conf neutron service_metadata_proxy True
 iniset_sudo $conf neutron metadata_proxy_shared_secret "$METADATA_SECRET"
 sudo neutron-db-manage \
    --config-file /etc/neutron/neutron.conf \
    --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
-    upgrade juno
+    upgrade head
-echo "Restart nova services"
+echo "Restarting nova services."
 sudo service nova-api restart
 sudo service nova-scheduler restart
 sudo service nova-conductor restart
 echo "Restarting neutron service."
 sudo service neutron-server restart
--- a/labs/osbash/scripts/ubuntu/setup_neutron_network.sh
+++ b/labs/osbash/scripts/ubuntu/setup_neutron_network.sh
@@ -11,12 +11,11 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up OpenStack Networking (neutron) for network node.
-# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html
 #------------------------------------------------------------------------------
 echo "Editing /etc/sysctl.conf: enable IP forwarding, disable RPF filter."
 cat << SYSCTL | sudo tee -a /etc/sysctl.conf
 # Enable IP forwarding
 net.ipv4.ip_forward=1
 # Disable Reverse Path Forwarding filter (RFC 3704)
 net.ipv4.conf.all.rp_filter=0
@@ -27,8 +26,9 @@ SYSCTL
 sudo sysctl -p
 echo "Installing networking components for network node."
-sudo apt-get install -y neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
+sudo apt-get install -y \
-    neutron-l3-agent neutron-dhcp-agent
+    neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
    neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
 # neutron-l3-agent has just been installed and is about to start. We are also
 # about to change its configuration file which tends to result in the agent
@@ -50,18 +50,23 @@ echo "Configuring $conf."
 # Configure AMQP parameters
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 # Configuring [DEFAULT] section
 iniset_sudo $conf DEFAULT auth_strategy keystone
 # Configuring [keystone_authtoken] section
-iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
-iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
+iniset_sudo $conf keystone_authtoken project_domain_id default
-iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
+iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
 iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
 # Configure network plugin parameters
 iniset_sudo $conf DEFAULT core_plugin ml2
@@ -74,7 +79,7 @@ echo "Configuring the OVS plug-in to use GRE tunneling."
 conf=/etc/neutron/plugins/ml2/ml2_conf.ini
 # Under the ml2 section
-iniset_sudo $conf ml2 type_drivers flat,gre
+iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
 iniset_sudo $conf ml2 tenant_network_types gre
 iniset_sudo $conf ml2 mechanism_drivers openvswitch
@@ -90,7 +95,6 @@ iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_fir
 # Under the ovs section
 iniset_sudo $conf ovs local_ip "$(hostname_to_ip network-data)"
 iniset_sudo $conf ovs enable_tunneling True
 iniset_sudo $conf ovs bridge_mappings external:br-ex
 iniset_sudo $conf agent tunnel_types gre
@@ -98,8 +102,9 @@ iniset_sudo $conf agent tunnel_types gre
 echo "Configuring Layer-3 agent."
 conf=/etc/neutron/l3_agent.ini
 iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-iniset_sudo $conf DEFAULT use_namespaces True
+# The external_network_bridge option intentionally lacks a value to enable
-iniset_sudo $conf DEFAULT external_network_bridge br-ex
+# multiple external networks on a single agent.
 iniset_sudo $conf DEFAULT external_network_bridge ""
 iniset_sudo $conf DEFAULT router_delete_namespaces True
 iniset_sudo $conf DEFAULT verbose True
@@ -107,7 +112,6 @@ echo "Configuring the DHCP agent"
 conf=/etc/neutron/dhcp_agent.ini
 iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
 iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
 iniset_sudo $conf DEFAULT use_namespaces True
 iniset_sudo $conf DEFAULT dhcp_delete_namespaces True
 iniset_sudo $conf DEFAULT verbose True
 iniset_sudo $conf DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
@@ -137,11 +141,15 @@ sudo killall dnsmasq||rc=$?
 echo "Configuring the metadata agent"
 conf=/etc/neutron/metadata_agent.ini
-iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:5000/v2.0
+iniset_sudo $conf DEFAULT auth_uri http://controller-mgmt:5000
 iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:35357
 iniset_sudo $conf DEFAULT auth_region "$REGION"
-iniset_sudo $conf DEFAULT admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf DEFAULT auth_plugin password
-iniset_sudo $conf DEFAULT admin_user "$neutron_admin_user"
+iniset_sudo $conf DEFAULT project_domain_id default
-iniset_sudo $conf DEFAULT admin_password "$neutron_admin_password"
+iniset_sudo $conf DEFAULT user_domain_id default
 iniset_sudo $conf DEFAULT project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf DEFAULT username "$neutron_admin_user"
 iniset_sudo $conf DEFAULT password "$neutron_admin_password"
 iniset_sudo $conf DEFAULT nova_metadata_ip "$(hostname_to_ip controller-mgmt)"
 iniset_sudo $conf DEFAULT metadata_proxy_shared_secret "$METADATA_SECRET"
 iniset_sudo $conf DEFAULT verbose True
@@ -184,6 +192,8 @@ ping -c 1 controller-api
 echo "Restarting the network service."
 sudo service neutron-plugin-openvswitch-agent restart
 # Without sleep, we get port in limbo; FIXME needs a proper test condition
 sleep 1
 sudo service neutron-l3-agent restart
 echo -n "Checking VLAN tags."
--- a/labs/osbash/scripts/ubuntu/setup_nova_compute.sh
+++ b/labs/osbash/scripts/ubuntu/setup_nova_compute.sh
@@ -11,7 +11,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Set up OpenStack Compute (nova) for compute node.
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ch_nova.html#nova-compute-install
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_nova.html#nova-compute-install
 #------------------------------------------------------------------------------
 echo "Installing nova for compute node."
@@ -23,10 +23,13 @@ echo "Configuring nova for compute node."
 conf=/etc/nova/nova.conf
 echo "Configuring $conf."
-# Configure RabbitMQ variables
+# Configure Default section
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+# Configure oslo_messaging_rabbit
 iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 # Configuring [DEFAULT] section
 iniset_sudo $conf DEFAULT auth_strategy keystone
@@ -35,11 +38,14 @@ nova_admin_user=$(service_to_user_name nova)
 nova_admin_password=$(service_to_user_password nova)
 # Configure [keystone_authtoken] section
-iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
-iniset_sudo $conf keystone_authtoken admin_user "$nova_admin_user"
+iniset_sudo $conf keystone_authtoken project_domain_id default
-iniset_sudo $conf keystone_authtoken admin_password "$nova_admin_password"
+iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$nova_admin_user"
 iniset_sudo $conf keystone_authtoken password "$nova_admin_password"
 iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip compute-mgmt)"
@@ -50,6 +56,8 @@ iniset_sudo $conf DEFAULT novncproxy_base_url http://"$(hostname_to_ip controlle
 iniset_sudo $conf glance host controller-mgmt
 iniset_sudo $conf glance oslo_concurrency /var/lib/nova/tmp
 iniset_sudo $conf DEFAULT verbose True
 # Configure nova-compute.conf
@@ -57,6 +65,7 @@ conf=/etc/nova/nova-compute.conf
 echo -n "Hardware acceleration for virtualization: "
 if sudo egrep -q '(vmx|svm)' /proc/cpuinfo; then
    echo "available."
    iniset_sudo $conf libvirt virt_type kvm
 else
    echo "not available."
    iniset_sudo $conf libvirt virt_type qemu
--- a/labs/osbash/scripts/ubuntu/setup_nova_controller.sh
+++ b/labs/osbash/scripts/ubuntu/setup_nova_controller.sh
@@ -10,7 +10,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Install Compute controller services
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ch_nova.html#nova-controller-install
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_nova.html#nova-controller-install
 #------------------------------------------------------------------------------
 echo "Setting up database for nova."
@@ -25,33 +25,33 @@ nova_admin_password=$(service_to_user_password nova)
 # Wait for keystone to come up
 wait_for_keystone
-echo "Creating nova user and giving it admin role under service tenant."
+echo "Creating nova user and giving it the admin role."
-keystone user-create \
+openstack user create \
-    --name "$nova_admin_user" \
+    --password "$nova_admin_password" \
-    --pass "$nova_admin_password"
+    "$nova_admin_user"
-keystone user-role-add \
+openstack role add \
    --project "$SERVICE_PROJECT_NAME" \
    --user "$nova_admin_user" \
-    --tenant "$SERVICE_TENANT_NAME" \
+    "$ADMIN_ROLE_NAME"
    --role "$ADMIN_ROLE_NAME"
-echo "Registering nova with keystone so that other services can locate it."
+echo "Creating the nova service entity."
-keystone service-create \
+openstack service create \
    --name nova \
-    --type compute \
+    --description "OpenStack Compute" \
-    --description "OpenStack Compute"
+    compute
-nova_service_id=$(keystone service-list | awk '/ compute / {print $2}')
+openstack endpoint create \
 keystone endpoint-create \
    --service-id "$nova_service_id" \
    --publicurl 'http://controller-api:8774/v2/%(tenant_id)s' \
    --internalurl 'http://controller-mgmt:8774/v2/%(tenant_id)s' \
    --adminurl 'http://controller-mgmt:8774/v2/%(tenant_id)s' \
-    --region "$REGION"
+    --region "$REGION" \
    compute
 echo "Installing nova for controller node."
-sudo apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth \
+sudo apt-get install -y \
-                        nova-novncproxy nova-scheduler python-novaclient
+    nova-api nova-cert nova-conductor nova-consoleauth \
    nova-novncproxy nova-scheduler python-novaclient
 function get_database_url {
    local db_user=$(service_to_db_user nova)
@@ -68,36 +68,53 @@ conf=/etc/nova/nova.conf
 echo "Setting database connection: $database_url."
 iniset_sudo $conf database connection "$database_url"
-echo "Configuring [DEFAULT] section in /etc/nova/nova.conf for controller node."
+echo "Configuring nova services."
 # Default Section.
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+# oslo_messaging_rabbit section.
 iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 iniset_sudo $conf DEFAULT auth_strategy keystone
 # Configure keystone_authtoken section.
 iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
-iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
+iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken auth_plugin password
-iniset_sudo $conf keystone_authtoken admin_user "$nova_admin_user"
+iniset_sudo $conf keystone_authtoken project_domain_id default
-iniset_sudo $conf keystone_authtoken admin_password "$nova_admin_password"
+iniset_sudo $conf keystone_authtoken user_domain_id default
 iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken username "$nova_admin_user"
 iniset_sudo $conf keystone_authtoken password "$nova_admin_password"
 # Default section
 iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip controller-mgmt)"
 iniset_sudo $conf DEFAULT vncserver_listen controller-mgmt
 iniset_sudo $conf DEFAULT vncserver_proxyclient_address controller-mgmt
 # Glance section
 iniset_sudo $conf glance host controller-mgmt
 # oslo_concurrency section
 iniset_sudo $conf oslo_concurrency lock_path /var/lib/nova/tmp
 # default section
 iniset_sudo $conf DEFAULT verbose True
 echo "Creating the database tables for nova."
 sudo nova-manage db sync
 echo "Restarting nova services."
-declare -a components=(nova-api nova-cert nova-consoleauth nova-scheduler
+declare -a nova_services=(nova-api nova-cert nova-consoleauth \
-                        nova-conductor nova-novncproxy)
+    nova-scheduler nova-conductor nova-novncproxy)
-for component in "${components[@]}"; do
+
-    echo "Restarting $component"
+for nova_service in "${nova_services[@]}"; do
-    sudo service "$component" restart
+    echo "Restarting $nova_service"
    sudo service "$nova_service" restart
 done
 # Remove SQLite database created by Ubuntu package for nova.
@@ -112,6 +129,12 @@ echo "Verify nova service status."
 echo "sudo nova-manage service list"
 sudo nova-manage service list
 echo "nova service-list"
 nova service-list
 echo "nova endpoints"
 nova endpoints
 echo "nova image-list"
 nova image-list
--- a/labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh
+++ b/labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh
@@ -11,7 +11,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Install the Telemetry service
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-nova.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-nova.html
 #------------------------------------------------------------------------------
 echo "Installing ceilometer."
@@ -23,27 +23,28 @@ ceilometer_admin_password=$(service_to_user_password ceilometer)
 echo "Configuring ceilometer.conf."
 conf=/etc/ceilometer/ceilometer.conf
-iniset_sudo $conf publisher metering_secret "$METERING_SECRET"
+iniset_sudo $conf publisher telemetry_secret "$TELEMETRY_SECRET"
 # Configure RabbitMQ variables
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+iniset_sudo $conf DEFAULT rpc_backend rabbit
 iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
 iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
 iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken admin_user "$ceilometer_admin_user"
 iniset_sudo $conf keystone_authtoken admin_password "$ceilometer_admin_password"
-iniset_sudo $conf service_credentials os_auth_url "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf service_credentials os_auth_url http://controller-mgmt:5000/v2.0
 iniset_sudo $conf service_credentials os_username "$ceilometer_admin_user"
-iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf service_credentials os_password "$ceilometer_admin_password"
 iniset_sudo $conf service_credentials os_endpoint_type internalURL
 iniset_sudo $conf service_credentials os_region_name "$REGION"
 iniset_sudo $conf DEFAULT verbose True
 echo "Configuring nova.conf."
@@ -62,7 +63,7 @@ sudo service nova-compute restart
 #------------------------------------------------------------------------------
 # Configure the Block Storage service(cinder-volume)
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-cinder.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-cinder.html
 #------------------------------------------------------------------------------
 # Configure the Block Storage Service to send notifications to the message bus
@@ -78,7 +79,7 @@ sudo service cinder-volume restart
 #------------------------------------------------------------------------------
 # Verify the Telemetry installation
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-verify.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-verify.html
 #------------------------------------------------------------------------------
 echo "Verifying the telemetry installation."
--- a/labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh
+++ b/labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh
@@ -12,7 +12,7 @@ indicate_current_auto
 #------------------------------------------------------------------------------
 # Install the Telemetry service
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-controller-install.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-controller-install.html
 #------------------------------------------------------------------------------
 echo "Setting up database for telemetry."
@@ -28,7 +28,7 @@ iniset_sudo_no_section $conf smallfiles true
 echo "Restarting mongodb."
 sudo service mongodb restart
-echo "Waiting for mongodb to start."
+echo -n "Waiting for mongodb to start."
 while sudo service mongodb status 2>/dev/null | grep "stop"; do
    sleep 5
    echo -n .
@@ -51,28 +51,27 @@ echo "Sourcing the admin credentials."
 source "$CONFIG_DIR/admin-openstackrc.sh"
 echo "Creating ceilometer user and giving it admin role under service tenant."
-keystone user-create \
+openstack user create \
-    --name "$ceilometer_admin_user" \
+    --password "$ceilometer_admin_password" \
-    --pass "$ceilometer_admin_password" \
+    "$ceilometer_admin_user"
-keystone user-role-add \
+openstack role add \
    --project "$SERVICE_PROJECT_NAME" \
    --user "$ceilometer_admin_user" \
-    --tenant "$SERVICE_TENANT_NAME" \
+    "$ADMIN_ROLE_NAME"
    --role "$ADMIN_ROLE_NAME"
 echo "Registering ceilometer with keystone so that other services can locate it."
-keystone service-create \
+openstack service create \
    --name ceilometer \
-    --type metering \
+    --description "Telemetry" \
-    --description "Telemetry"
+    metering
-ceilometer_service_id=$(keystone service-list | awk '/ metering / {print $2}')
+openstack endpoint create \
-keystone endpoint-create \
+    --publicurl http://controller-api:8777 \
-    --service-id "$ceilometer_service_id" \
+    --internalurl http://controller-mgmt:8777 \
-    --publicurl "http://controller-api:8777" \
+    --adminurl http://controller-mgmt:8777 \
-    --internalurl "http://controller-mgmt:8777" \
+    --region "$REGION" \
-    --adminurl "http://controller-mgmt:8777" \
+    metering
    --region "$REGION"
 echo "Installing ceilometer."
 sudo apt-get install -y ceilometer-api ceilometer-collector \
@@ -83,11 +82,9 @@ sudo apt-get install -y ceilometer-api ceilometer-collector \
                        python-ceilometerclient
 function get_database_url {
    local db_user=$(service_to_db_user ceilometer)
    local db_password=$(service_to_db_password ceilometer)
    local database_host=controller-mgmt
-    echo "mongodb://$db_user:$db_password@$database_host:27017/ceilometer"
+    echo "mongodb://$mongodb_user:$mongodb_password@$database_host:27017/ceilometer"
 }
 database_url=$(get_database_url)
@@ -99,28 +96,31 @@ iniset_sudo $conf database connection "$database_url"
 # Configure RabbitMQ variables
 iniset_sudo $conf DEFAULT rpc_backend rabbit
-iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
+
-iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
+iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
 iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
 iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
 # Configure the [DEFAULT] section
 iniset_sudo $conf DEFAULT auth_strategy keystone
-iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
-iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
+iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
-iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf keystone_authtoken admin_user "$ceilometer_admin_user"
 iniset_sudo $conf keystone_authtoken admin_password "$ceilometer_admin_password"
-iniset_sudo $conf service_credentials os_auth_url "http://controller-mgmt:5000/v2.0"
+iniset_sudo $conf service_credentials os_auth_url http://controller-mgmt:5000/v2.0
 iniset_sudo $conf service_credentials os_username "$ceilometer_admin_user"
-iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_TENANT_NAME"
+iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_PROJECT_NAME"
 iniset_sudo $conf service_credentials os_password "$ceilometer_admin_password"
 iniset_sudo $conf service_credentials os_endpoint_type internalURL
 iniset_sudo $conf service_credentials os_region_name "$REGION"
-iniset_sudo $conf publisher metering_secret "$METERING_SECRET"
+iniset_sudo $conf publisher telemetry_secret "$TELEMETRY_SECRET"
 iniset_sudo $conf DEFAULT verbose True
 echo "Restarting telemetry service."
 sudo service ceilometer-agent-central restart
 sudo service ceilometer-agent-notification restart
@@ -131,7 +131,7 @@ sudo service ceilometer-alarm-notifier restart
 #------------------------------------------------------------------------------
 # Configure the Image service
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-glance.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-glance.html
 #------------------------------------------------------------------------------
 # Configure the Image Service to send notifications to the message bus
@@ -142,6 +142,7 @@ conf=/etc/glance/glance-api.conf
 iniset_sudo $conf DEFAULT notification_driver messagingv2
 iniset_sudo $conf DEFAULT rpc_backend rabbit
 iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
 iniset_sudo $conf DEFAULT rabbit_userid openstack
 iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
 echo "Configuring glance-registry.conf."
@@ -150,6 +151,7 @@ conf=/etc/glance/glance-registry.conf
 iniset_sudo $conf DEFAULT notification_driver messagingv2
 iniset_sudo $conf DEFAULT rpc_backend rabbit
 iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
 iniset_sudo $conf DEFAULT rabbit_userid openstack
 iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
 sudo service glance-registry restart
@@ -157,7 +159,7 @@ sudo service glance-api restart
 #------------------------------------------------------------------------------
 # Configure the Block Storage service
-# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-cinder.html
+# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-cinder.html
 #------------------------------------------------------------------------------
 # Configure the Block Storage Service to send notifications to the message bus