From 33f0c13ef40f8972a434019514be0d504e4a22ce Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Sun, 22 Mar 2015 09:09:53 -0500 Subject: [PATCH] Updated repository for minimum viable kilo install * Updated Keystone wsgi and paste files from upstream. * Updated all clients in the openstack_client.yml file. * Kilo services are tracking the head of master. * Removed pinned middleware because they're pinned else where. * Added additional service references for neutron vpnaas, fwaas, and lbaas which have now been moved into their own repos and no longer exist within the core neutron repository. * The neutron vpnaas, fwaas, and lbaas have been removed from the basic plugins being loaded and a comment has been added to describe how one might add them back in. * Updated rootwrap filters for neutron dhcp and l3. * Updated heat policy.json * Added the `python-libguestfs` to the nova-compute installation packages. * Updates all services to point to the latest kilo tag Services updated due to deprecated configs: * Keystone * Glance * Nova * Neutron (is still using the deprecated nova auth plugin) * Heat * Tempest Items for future work post initial release: * roles/os_neutron/files/post-up-checksum-rules:25: TODO(cloudnull) remove this script once the bug is fixed. * roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml:17: TODO(someone): implement a more robust way of checking Implements: blueprint minimal-kilo Closes-Bug: 1428421 Closes-Bug: 1428431 Closes-Bug: 1428437 Closes-Bug: 1428445 Closes-Bug: 1428451 Closes-Bug: 1428469 Closes-Bug: 1428639 Change-Id: I28a305d9e40a9cf70148ef7d7b00d467a65ca076 --- playbooks/roles/os_glance/defaults/main.yml | 8 + playbooks/roles/os_glance/files/policy.json | 33 +++- .../os_glance/tasks/glance_post_install.yml | 15 +- .../os_glance/tasks/glance_pre_install.yml | 5 +- .../os_glance/templates/glance-api.conf.j2 | 11 +- playbooks/roles/os_heat/files/api-paste.ini | 20 ++- playbooks/roles/os_heat/files/policy.json | 11 +- .../roles/os_heat/tasks/heat_pre_install.yml | 5 +- .../roles/os_heat/templates/heat.conf.j2 | 17 +- playbooks/roles/os_keystone/defaults/main.yml | 22 +++ .../os_keystone/files/keystone-paste.ini | 29 ++-- .../roles/os_keystone/files/keystone-wsgi.py | 39 +---- .../os_keystone/templates/keystone.conf.j2 | 44 +++-- playbooks/roles/os_neutron/defaults/main.yml | 8 +- .../roles/os_neutron/files/api-paste.ini | 6 +- playbooks/roles/os_neutron/files/policy.json | 40 +++-- .../os_neutron/files/rootwrap.d/dhcp.filters | 6 +- .../os_neutron/files/rootwrap.d/l3.filters | 10 +- .../os_neutron/templates/neutron.conf.j2 | 19 ++- playbooks/roles/os_nova/defaults/main.yml | 8 + playbooks/roles/os_nova/files/api-paste.ini | 80 +++++---- playbooks/roles/os_nova/files/policy.json | 160 ++---------------- .../os_nova/tasks/nova_service_setup.yml | 4 + .../roles/os_nova/tasks/nova_upstart_init.yml | 8 +- .../roles/os_nova/templates/nova.conf.j2 | 26 ++- playbooks/roles/os_tempest/defaults/main.yml | 1 + .../os_tempest/tasks/tempest_resources.yml | 1 + .../os_tempest/templates/tempest.conf.j2 | 2 +- playbooks/setup-openstack.yml | 1 + .../vars/repo_packages/openstack_clients.yml | 29 ++-- .../vars/repo_packages/openstack_other.yml | 29 +--- .../vars/repo_packages/openstack_services.yml | 32 ++-- playbooks/vars/repo_packages/turbolift.yml | 19 --- scripts/run-tempest.sh | 5 +- 34 files changed, 363 insertions(+), 390 deletions(-) delete mode 100644 playbooks/vars/repo_packages/turbolift.yml diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml index 48c6276ae0..d8dd5d7b10 100644 --- a/playbooks/roles/os_glance/defaults/main.yml +++ b/playbooks/roles/os_glance/defaults/main.yml @@ -34,6 +34,14 @@ glance_notification_driver: noop glance_rpc_backend: glance.openstack.common.rpc.impl_kombu glance_default_store: file + +## API options +glance_enable_v1_api: True +glance_enable_v1_registry: True +glance_enable_v2_api: True +glance_enable_v2_registry: True + + ## Swift Options glance_swift_store_auth_address: NoAuthAddress glance_swift_store_user: NoUser diff --git a/playbooks/roles/os_glance/files/policy.json b/playbooks/roles/os_glance/files/policy.json index d8f0a78cb6..4bbc8b46c6 100644 --- a/playbooks/roles/os_glance/files/policy.json +++ b/playbooks/roles/os_glance/files/policy.json @@ -7,7 +7,7 @@ "get_image": "", "get_images": "", "modify_image": "", - "publicize_image": "", + "publicize_image": "role:admin", "copy_from": "", "download_image": "", @@ -28,5 +28,34 @@ "get_task": "", "get_tasks": "", "add_task": "", - "modify_task": "" + "modify_task": "", + + "deactivate": "", + "reactivate": "", + + "get_metadef_namespace": "", + "get_metadef_namespaces":"", + "modify_metadef_namespace":"", + "add_metadef_namespace":"", + + "get_metadef_object":"", + "get_metadef_objects":"", + "modify_metadef_object":"", + "add_metadef_object":"", + + "list_metadef_resource_types":"", + "get_metadef_resource_type":"", + "add_metadef_resource_type_association":"", + + "get_metadef_property":"", + "get_metadef_properties":"", + "modify_metadef_property":"", + "add_metadef_property":"", + + "get_metadef_tag":"", + "get_metadef_tags":"", + "modify_metadef_tag":"", + "add_metadef_tag":"", + "add_metadef_tags":"" + } diff --git a/playbooks/roles/os_glance/tasks/glance_post_install.yml b/playbooks/roles/os_glance/tasks/glance_post_install.yml index 2873ee51fa..7ab9983e73 100644 --- a/playbooks/roles/os_glance/tasks/glance_post_install.yml +++ b/playbooks/roles/os_glance/tasks/glance_post_install.yml @@ -49,17 +49,18 @@ tags: - glance-config -- name: Drop Glance Config(s) +- name: Drop Glance static Config(s) copy: - src: "{{ item }}" - dest: "/etc/glance/{{ item }}" + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: "{{ glance_system_user_name }}" group: "{{ glance_system_group_name }}" with_items: - - glance-api-paste.ini - - glance-registry-paste.ini - - policy.json - - schema.json + - { src: "glance-api-paste.ini", dest: "/etc/glance/glance-api-paste.ini" } + - { src: "glance-registry-paste.ini", dest: "/etc/glance/glance-registry-paste.ini" } + - { src: "policy.json", dest: "/etc/glance/policy.json" } + - { src: "schema.json", dest: "/etc/glance/schema.json" } + - { src: "schema.json", dest: "/etc/glance/schema-image.json" } notify: - Restart glance api - Restart glance registry diff --git a/playbooks/roles/os_glance/tasks/glance_pre_install.yml b/playbooks/roles/os_glance/tasks/glance_pre_install.yml index 5bbab69404..273b5a2d81 100644 --- a/playbooks/roles/os_glance/tasks/glance_pre_install.yml +++ b/playbooks/roles/os_glance/tasks/glance_pre_install.yml @@ -39,12 +39,13 @@ state: directory owner: "{{ item.owner|default(glance_system_user_name) }}" group: "{{ item.group|default(glance_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" with_items: - { path: "/etc/glance" } - - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } + - { path: "/etc/sudoers.d", mode: "0755", owner: "root", group: "root" } - { path: "/var/cache/glance" } - { path: "{{ glance_system_user_home }}" } - - { path: "{{ glance_system_user_home }}/cache/api" } + - { path: "{{ glance_system_user_home }}/cache/api", mode: "0700" } - { path: "{{ glance_system_user_home }}/cache/registry" } - { path: "{{ glance_system_user_home }}/images/" } - { path: "{{ glance_system_user_home }}/scrubber" } diff --git a/playbooks/roles/os_glance/templates/glance-api.conf.j2 b/playbooks/roles/os_glance/templates/glance-api.conf.j2 index bc2a72b8c3..47d07bd14f 100644 --- a/playbooks/roles/os_glance/templates/glance-api.conf.j2 +++ b/playbooks/roles/os_glance/templates/glance-api.conf.j2 @@ -18,6 +18,11 @@ registry_port = {{ glance_registry_service_port }} registry_client_protocol = {{ glance_service_proto }} cinder_catalog_info = volume:cinder:internalURL +enable_v1_api = {{ glance_enable_v1_api }} +enable_v1_registry = {{ glance_enable_v1_registry }} +enable_v2_api = {{ glance_enable_v2_api }} +enable_v2_registry = {{ glance_enable_v2_registry }} + notification_driver = {{ glance_notification_driver }} {% if glance_notification_driver == "messaging" %} ##### RPC MESSAGING OPTIONS ##### @@ -66,13 +71,11 @@ flavor = {{ glance_flavor }} [glance_store] default_store = {{ glance_default_store }} -stores = glance.store.filesystem.Store, - glance.store.http.Store, - glance.store.cinder.Store, - glance.store.swift.Store {% if glance_default_store == "file" %} +stores = glance.store.filesystem.Store,glance.store.http.Store,glance.store.cinder.Store filesystem_store_datadir = {{ glance_system_user_home }}/images/ {% elif glance_default_store == "swift" %} +stores = glance.store.swift.Store,glance.store.http.Store,glance.store.cinder.Store swift_store_auth_version = 2 swift_store_auth_address = {{ glance_swift_store_auth_address }} swift_store_user = {{ glance_swift_store_user }} diff --git a/playbooks/roles/os_heat/files/api-paste.ini b/playbooks/roles/os_heat/files/api-paste.ini index 31a49e9744..a0b48fe47e 100644 --- a/playbooks/roles/os_heat/files/api-paste.ini +++ b/playbooks/roles/os_heat/files/api-paste.ini @@ -1,6 +1,7 @@ + # heat-api pipeline [pipeline:heat-api] -pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app +pipeline = request_id faultwrap ssl versionnegotiation osprofiler authurl authtoken context apiv1app # heat-api pipeline for standalone heat # ie. uses alternative auth backend that authenticates users against keystone @@ -11,7 +12,7 @@ pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app # flavor = standalone # [pipeline:heat-api-standalone] -pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1app +pipeline = request_id faultwrap ssl versionnegotiation authurl authpassword context apiv1app # heat-api pipeline for custom cloud backends # i.e. in heat.conf: @@ -19,11 +20,11 @@ pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1ap # flavor = custombackend # [pipeline:heat-api-custombackend] -pipeline = faultwrap versionnegotiation context custombackendauth apiv1app +pipeline = request_id faultwrap versionnegotiation context custombackendauth apiv1app # heat-api-cfn pipeline [pipeline:heat-api-cfn] -pipeline = cfnversionnegotiation ec2authtoken authtoken context apicfnv1app +pipeline = cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app # heat-api-cfn pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests @@ -32,7 +33,7 @@ pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app # heat-api-cloudwatch pipeline [pipeline:heat-api-cloudwatch] -pipeline = versionnegotiation ec2authtoken authtoken context apicwapp +pipeline = versionnegotiation osprofiler ec2authtoken authtoken context apicwapp # heat-api-cloudwatch pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests @@ -92,3 +93,12 @@ paste.filter_factory = heat.common.auth_password:filter_factory # Auth middleware that validates against custom backend [filter:custombackendauth] paste.filter_factory = heat.common.custom_backend_auth:filter_factory + +# Middleware to set x-openstack-request-id in http response header +[filter:request_id] +paste.filter_factory = oslo.middleware.request_id:RequestId.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes diff --git a/playbooks/roles/os_heat/files/policy.json b/playbooks/roles/os_heat/files/policy.json index e3e8822b18..54c845b346 100644 --- a/playbooks/roles/os_heat/files/policy.json +++ b/playbooks/roles/os_heat/files/policy.json @@ -8,6 +8,7 @@ "cloudformation:DescribeStacks": "rule:deny_stack_user", "cloudformation:DeleteStack": "rule:deny_stack_user", "cloudformation:UpdateStack": "rule:deny_stack_user", + "cloudformation:CancelUpdateStack": "rule:deny_stack_user", "cloudformation:DescribeStackEvents": "rule:deny_stack_user", "cloudformation:ValidateTemplate": "rule:deny_stack_user", "cloudformation:GetTemplate": "rule:deny_stack_user", @@ -50,7 +51,13 @@ "stacks:show": "rule:deny_stack_user", "stacks:template": "rule:deny_stack_user", "stacks:update": "rule:deny_stack_user", + "stacks:update_patch": "rule:deny_stack_user", "stacks:validate_template": "rule:deny_stack_user", + "stacks:snapshot": "rule:deny_stack_user", + "stacks:show_snapshot": "rule:deny_stack_user", + "stacks:delete_snapshot": "rule:deny_stack_user", + "stacks:list_snapshots": "rule:deny_stack_user", + "stacks:restore_snapshot": "rule:deny_stack_user", "software_configs:create": "rule:deny_stack_user", "software_configs:show": "rule:deny_stack_user", @@ -60,5 +67,7 @@ "software_deployments:show": "rule:deny_stack_user", "software_deployments:update": "rule:deny_stack_user", "software_deployments:delete": "rule:deny_stack_user", - "software_deployments:metadata": "" + "software_deployments:metadata": "", + + "service:index": "rule:context_is_admin" } diff --git a/playbooks/roles/os_heat/tasks/heat_pre_install.yml b/playbooks/roles/os_heat/tasks/heat_pre_install.yml index bc0835c20a..3e8bc7eb67 100644 --- a/playbooks/roles/os_heat/tasks/heat_pre_install.yml +++ b/playbooks/roles/os_heat/tasks/heat_pre_install.yml @@ -39,12 +39,13 @@ state: directory owner: "{{ item.owner|default(heat_system_user_name) }}" group: "{{ item.group|default(heat_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" with_items: - { path: "/etc/heat" } - { path: "/etc/heat/environment.d" } - { path: "/etc/heat/templates" } - - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } - - { path: "/var/cache/heat" } + - { path: "/etc/sudoers.d", owner: "root", group: "root" } + - { path: "/var/cache/heat", mode: "0700" } - { path: "{{ heat_system_home_folder }}" } tags: - heat-dirs diff --git a/playbooks/roles/os_heat/templates/heat.conf.j2 b/playbooks/roles/os_heat/templates/heat.conf.j2 index 49808cb4ed..d667d72eed 100644 --- a/playbooks/roles/os_heat/templates/heat.conf.j2 +++ b/playbooks/roles/os_heat/templates/heat.conf.j2 @@ -19,18 +19,9 @@ heat_watch_server_url = {{ heat_watch_server_url }} heat_waitcondition_server_url = {{ heat_waitcondition_server_url }} heat_metadata_server_url = {{ heat_metadata_server_url }} - ## RPC Backend rpc_backend = {{ heat_rpc_backend }} - -## RabbitMQ -rabbit_port = {{ rabbitmq_port }} -rabbit_userid = {{ rabbitmq_userid }} -rabbit_password = {{ rabbitmq_password }} -rabbit_hosts = {{ rabbitmq_servers }} - - ## Plugin dirs plugin_dirs = {{ heat_plugin_dirs | join(',') }} @@ -80,6 +71,14 @@ bind_port = {{ heat_cfn_service_port }} [heat_api_cloudwatch] bind_port = {{ heat_watch_port }} + +[oslo_messaging_rabbit] +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} + + [keystone_authtoken] signing_dir = /var/cache/heat identity_uri = {{ keystone_service_adminuri }} diff --git a/playbooks/roles/os_keystone/defaults/main.yml b/playbooks/roles/os_keystone/defaults/main.yml index 5714634393..01bc432390 100644 --- a/playbooks/roles/os_keystone/defaults/main.yml +++ b/playbooks/roles/os_keystone/defaults/main.yml @@ -37,16 +37,36 @@ keystone_identity_driver: "keystone.identity.backends.sql.Identity" # For a sql backed token storage use: "keystone.token.backends.sql.Token" keystone_token_driver: "keystone.token.persistence.backends.memcache.Token" keystone_token_provider: "keystone.token.providers.uuid.Provider" +keystone_token_expiration: 43200 +keystone_token_cache_time: 3600 + +# Set the revocation driver used within keystone. +keystone_revocation_driver: keystone.contrib.revoke.backends.sql.Revoke +keystone_revocation_cache_time: 3600 +keystone_revocation_expiration_buffer: 1800 + +keystone_cache_expiration_time: 5400 + +keystone_assignment_driver: keystone.assignment.backends.sql.Assignment + +keystone_resource_cache_time: 3600 +keystone_resource_driver: keystone.resource.backends.sql.Resource keystone_bind_address: 0.0.0.0 ## Memcached servers used within keystone. # String or Comma separated list of servers. keystone_memcached_servers: 127.0.0.1 +keystone_memcached_max_compare_and_set_retry: 16 ## DB info keystone_galera_user: keystone keystone_galera_database: keystone +# Database tuning +keystone_database_idle_timeout: 200 +keystone_database_min_pool_size: 5 +keystone_database_max_pool_size: 10 +keystone_database_pool_timeout: 200 ## Role info keystone_role_name: admin @@ -131,8 +151,10 @@ keystone_pip_packages: - ldappool - lxml - MySQL-python + - oslo.middleware - pbr - pycrypto + - pysaml2 - python-keystoneclient - python-memcached - repoze.lru diff --git a/playbooks/roles/os_keystone/files/keystone-paste.ini b/playbooks/roles/os_keystone/files/keystone-paste.ini index b9515747b6..3e195aa521 100644 --- a/playbooks/roles/os_keystone/files/keystone-paste.ini +++ b/playbooks/roles/os_keystone/files/keystone-paste.ini @@ -3,6 +3,9 @@ [filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory + [filter:build_auth_context] paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory @@ -39,6 +42,9 @@ paste.filter_factory = keystone.contrib.s3:S3Extension.factory [filter:endpoint_filter_extension] paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory +[filter:endpoint_policy_extension] +paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory + [filter:simple_cert_extension] paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory @@ -49,16 +55,7 @@ paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory paste.filter_factory = keystone.middleware:NormalizingFilter.factory [filter:sizelimit] -paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory - -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - -[filter:access_log] -paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory +paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory [app:public_service] paste.app_factory = keystone.service:public_app_factory @@ -70,13 +67,19 @@ paste.app_factory = keystone.service:v3_app_factory paste.app_factory = keystone.service:admin_app_factory [pipeline:public_api] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service +# The last item in this pipeline must be public_service or an equivalent +# application. It cannot be a filter. +pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service [pipeline:admin_api] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service +# The last item in this pipeline must be admin_service or an equivalent +# application. It cannot be a filter. +pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service [pipeline:api_v3] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3 +# The last item in this pipeline must be service_v3 or an equivalent +# application. It cannot be a filter. +pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension endpoint_policy_extension service_v3 [app:public_version_service] paste.app_factory = keystone.service:public_version_app_factory diff --git a/playbooks/roles/os_keystone/files/keystone-wsgi.py b/playbooks/roles/os_keystone/files/keystone-wsgi.py index f5ce498c51..0c7018ff60 100644 --- a/playbooks/roles/os_keystone/files/keystone-wsgi.py +++ b/playbooks/roles/os_keystone/files/keystone-wsgi.py @@ -12,49 +12,14 @@ # License for the specific language governing permissions and limitations # under the License. -import logging import os -from oslo import i18n +from keystone.server import wsgi as wsgi_server -# NOTE(dstanek): i18n.enable_lazy() must be called before -# keystone.i18n._() is called to ensure it has the desired lazy lookup -# behavior. This includes cases, like keystone.exceptions, where -# keystone.i18n._() is called at import time. -i18n.enable_lazy() - - -from keystone import backends -from keystone.common import dependency -from keystone.common import environment -from keystone.common import sql -from keystone import config -from keystone.openstack.common import log -from keystone import service - - -CONF = config.CONF - -config.configure() -sql.initialize() -config.set_default_for_default_log_levels() - -CONF(project='keystone') -config.setup_logging() - -environment.use_stdlib() name = os.path.basename(__file__) -if CONF.debug: - CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG) - - -drivers = backends.load_backends() - # NOTE(ldbragst): 'application' is required in this context by WSGI spec. # The following is a reference to Python Paste Deploy documentation # http://pythonpaste.org/deploy/ -application = service.loadapp('config:%s' % config.find_paste_config(), name) - -dependency.resolve_future_dependencies() +application = wsgi_server.initialize_application(name) diff --git a/playbooks/roles/os_keystone/templates/keystone.conf.j2 b/playbooks/roles/os_keystone/templates/keystone.conf.j2 index 42f0fc9361..8e45a9b7aa 100644 --- a/playbooks/roles/os_keystone/templates/keystone.conf.j2 +++ b/playbooks/roles/os_keystone/templates/keystone.conf.j2 @@ -4,12 +4,9 @@ verbose = {{ verbose }} debug = {{ debug }} admin_token = {{ keystone_auth_admin_token }} -bind_host = {{ keystone_bind_address }} -public_port = {{ keystone_service_port }} {% if keystone_public_endpoint is defined %} public_endpoint = {{ keystone_public_endpoint }} {% endif %} -admin_port = {{ keystone_admin_port }} admin_endpoint = {{ keystone_service_adminuri }} fatal_deprecations = {{ keystone_fatal_deprecations }} @@ -23,40 +20,52 @@ rpc_backend = {{ keystone_rpc_backend }} [memcache] servers = {{ keystone_memcached_servers }} +max_compare_and_set_retry = {{ keystone_memcached_max_compare_and_set_retry }} -max_compare_and_set_retry = 16 - {% if keystone_cache_backend_argument is defined %} [cache] backend = dogpile.cache.memcached backend_argument = {{ keystone_cache_backend_argument }} config_prefix = cache.keystone distributed_lock = True -expiration_time = 5400 +expiration_time = {{ keystone_cache_expiration_time }} enabled = true {% endif %} + [revoke] -expiration_buffer = 1800 caching = true +driver = {{ keystone_revocation_driver }} +expiration_buffer = {{ keystone_revocation_expiration_buffer }} +cache_time = {{ keystone_revocation_cache_time }} + [auth] methods = {{ keystone_auth_methods }} + [database] connection = mysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ galera_address }}/{{ keystone_galera_database }}?charset=utf8 -idle_timeout = 200 -min_pool_size = 5 -max_pool_size = 10 -pool_timeout = 200 +idle_timeout = {{ keystone_database_idle_timeout }} +min_pool_size = {{ keystone_database_min_pool_size }} +max_pool_size = {{ keystone_database_max_pool_size }} +pool_timeout = {{ keystone_database_pool_timeout }} + [identity] driver = {{ keystone_identity_driver }} + [assignment] -driver = keystone.assignment.backends.sql.Assignment +driver = {{ keystone_assignment_driver }} + + +[resource] +cache_time = {{ keystone_resource_cache_time }} caching = true +driver = {{ keystone_resource_driver }} + {% if keystone_ldap is defined %} {% for section in keystone_ldap|dictsort %} @@ -70,9 +79,14 @@ caching = true [token] enforce_token_bind = permissive -revocation_cache_time = 3600 -expiration = 43200 +expiration = {{ keystone_token_expiration }} caching = true -cache_time = 5400 +cache_time = {{ keystone_token_cache_time }} provider = {{ keystone_token_provider }} driver = {{ keystone_token_driver }} + + +[eventlet_server] +admin_bind_host = {{ keystone_bind_address }} +admin_port = {{ keystone_admin_port }} +public_port = {{ keystone_service_port }} diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml index 2240c2c27c..cf9b657b32 100644 --- a/playbooks/roles/os_neutron/defaults/main.yml +++ b/playbooks/roles/os_neutron/defaults/main.yml @@ -38,10 +38,14 @@ neutron_db_plugin: /etc/neutron/plugins/ml2/ml2_conf.ini ## Plugins neutron_plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin +# Other plugins can be added to the system by simply extending the list `neutron_plugin_base`. +# neutron_plugin_base: +# - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin +# - neutron.services.metering.metering_plugin.MeteringPlugin +# - neutron.services.loadbalancer.plugin.LoadBalancerPlugin +# - neutron.services.vpn.plugin.VPNDriverPlugin neutron_plugin_base: - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin - - neutron.services.loadbalancer.plugin.LoadBalancerPlugin - - neutron.services.vpn.plugin.VPNDriverPlugin - neutron.services.metering.metering_plugin.MeteringPlugin neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}" diff --git a/playbooks/roles/os_neutron/files/api-paste.ini b/playbooks/roles/os_neutron/files/api-paste.ini index bbcd41527d..780853da8f 100644 --- a/playbooks/roles/os_neutron/files/api-paste.ini +++ b/playbooks/roles/os_neutron/files/api-paste.ini @@ -9,10 +9,10 @@ noauth = request_id catch_errors extensions neutronapiapp_v2_0 keystone = request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0 [filter:request_id] -paste.filter_factory = neutron.openstack.common.middleware.request_id:RequestIdMiddleware.factory +paste.filter_factory = oslo.middleware:RequestId.factory [filter:catch_errors] -paste.filter_factory = neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware.factory +paste.filter_factory = oslo.middleware:CatchErrors.factory [filter:keystonecontext] paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory @@ -27,4 +27,4 @@ paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_ paste.app_factory = neutron.api.versions:Versions.factory [app:neutronapiapp_v2_0] -paste.app_factory = neutron.api.v2.router:APIRouter.factory +paste.app_factory = neutron.api.v2.router:APIRouter.factory \ No newline at end of file diff --git a/playbooks/roles/os_neutron/files/policy.json b/playbooks/roles/os_neutron/files/policy.json index e7db435754..ae46bc2cd4 100644 --- a/playbooks/roles/os_neutron/files/policy.json +++ b/playbooks/roles/os_neutron/files/policy.json @@ -1,11 +1,14 @@ { "context_is_admin": "role:admin", "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "context_is_advsvc": "role:advsvc", "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", "admin_only": "rule:context_is_admin", "regular_user": "", "shared": "field:networks:shared=True", "shared_firewalls": "field:firewalls:shared=True", + "shared_firewall_policies": "field:firewall_policies:shared=True", + "shared_subnetpools": "field:subnetpools:shared=True", "external": "field:networks:router:external=True", "default": "rule:admin_or_owner", @@ -14,8 +17,14 @@ "update_subnet": "rule:admin_or_network_owner", "delete_subnet": "rule:admin_or_network_owner", + "create_subnetpool": "", + "create_subnetpool:shared": "rule:admin_only", + "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools", + "update_subnetpool": "rule:admin_or_owner", + "delete_subnetpool": "rule:admin_or_owner", + "create_network": "", - "get_network": "rule:admin_or_owner or rule:shared or rule:external", + "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc", "get_network:router:external": "rule:regular_user", "get_network:segments": "rule:admin_only", "get_network:provider:network_type": "rule:admin_only", @@ -38,25 +47,26 @@ "delete_network": "rule:admin_or_owner", "create_port": "", - "create_port:mac_address": "rule:admin_or_network_owner", - "create_port:fixed_ips": "rule:admin_or_network_owner", - "create_port:port_security_enabled": "rule:admin_or_network_owner", + "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", "create_port:binding:host_id": "rule:admin_only", "create_port:binding:profile": "rule:admin_only", - "create_port:mac_learning_enabled": "rule:admin_or_network_owner", - "get_port": "rule:admin_or_owner", + "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", + "get_port": "rule:admin_or_owner or rule:context_is_advsvc", "get_port:queue_id": "rule:admin_only", "get_port:binding:vif_type": "rule:admin_only", "get_port:binding:vif_details": "rule:admin_only", "get_port:binding:host_id": "rule:admin_only", "get_port:binding:profile": "rule:admin_only", - "update_port": "rule:admin_or_owner", - "update_port:fixed_ips": "rule:admin_or_network_owner", - "update_port:port_security_enabled": "rule:admin_or_network_owner", + "update_port": "rule:admin_or_owner or rule:context_is_advsvc", + "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc", + "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", "update_port:binding:host_id": "rule:admin_only", "update_port:binding:profile": "rule:admin_only", - "update_port:mac_learning_enabled": "rule:admin_or_network_owner", - "delete_port": "rule:admin_or_owner", + "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", + "delete_port": "rule:admin_or_owner or rule:context_is_advsvc", "get_router:ha": "rule:admin_only", "create_router": "rule:regular_user", @@ -73,6 +83,9 @@ "add_router_interface": "rule:admin_or_owner", "remove_router_interface": "rule:admin_or_owner", + "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only", + "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only", + "create_firewall": "", "get_firewall": "rule:admin_or_owner", "create_firewall:shared": "rule:admin_only", @@ -82,7 +95,7 @@ "delete_firewall": "rule:admin_or_owner", "create_firewall_policy": "", - "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls", + "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies", "create_firewall_policy:shared": "rule:admin_or_owner", "update_firewall_policy": "rule:admin_or_owner", "delete_firewall_policy": "rule:admin_or_owner", @@ -109,8 +122,11 @@ "get_l3-agents": "rule:admin_only", "get_loadbalancer-agent": "rule:admin_only", "get_loadbalancer-pools": "rule:admin_only", + "get_agent-loadbalancers": "rule:admin_only", + "get_loadbalancer-hosting-agent": "rule:admin_only", "create_floatingip": "rule:regular_user", + "create_floatingip:floating_ip_address": "rule:admin_only", "update_floatingip": "rule:admin_or_owner", "delete_floatingip": "rule:admin_or_owner", "get_floatingip": "rule:admin_or_owner", diff --git a/playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters b/playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters index 26c2ffa86c..20d2800116 100644 --- a/playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters +++ b/playbooks/roles/os_neutron/files/rootwrap.d/dhcp.filters @@ -9,7 +9,7 @@ [Filters] # dhcp-agent -dnsmasq: EnvFilter, dnsmasq, root, NEUTRON_NETWORK_ID= +dnsmasq: CommandFilter, dnsmasq, root # dhcp-agent uses kill as well, that's handled by the generic KillFilter # it looks like these are the only signals needed, per # neutron/agent/linux/dhcp.py @@ -23,16 +23,14 @@ dhcp_release: CommandFilter, dhcp_release, root # metadata proxy metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root -metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root # If installed from source (say, by devstack), the prefix will be # /usr/local instead of /usr/bin. metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root -metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root # RHEL invocation of the metadata proxy will report /usr/bin/python kill_metadata: KillFilter, root, python, -9 kill_metadata7: KillFilter, root, python2.7, -9 -kill_metadata6: KillFilter, root, python2.6, -9 # ip_lib ip: IpFilter, ip, root +find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.* ip_exec: IpNetnsExecFilter, ip, root diff --git a/playbooks/roles/os_neutron/files/rootwrap.d/l3.filters b/playbooks/roles/os_neutron/files/rootwrap.d/l3.filters index 9a3031822a..27c78742c9 100644 --- a/playbooks/roles/os_neutron/files/rootwrap.d/l3.filters +++ b/playbooks/roles/os_neutron/files/rootwrap.d/l3.filters @@ -18,22 +18,23 @@ radvd: CommandFilter, radvd, root # metadata proxy metadata_proxy: CommandFilter, neutron-ns-metadata-proxy, root -metadata_proxy_quantum: CommandFilter, quantum-ns-metadata-proxy, root # If installed from source (say, by devstack), the prefix will be # /usr/local instead of /usr/bin. metadata_proxy_local: CommandFilter, /usr/local/bin/neutron-ns-metadata-proxy, root -metadata_proxy_local_quantum: CommandFilter, /usr/local/bin/quantum-ns-metadata-proxy, root # RHEL invocation of the metadata proxy will report /usr/bin/python kill_metadata: KillFilter, root, python, -9 kill_metadata7: KillFilter, root, python2.7, -9 -kill_metadata6: KillFilter, root, python2.6, -9 kill_radvd_usr: KillFilter, root, /usr/sbin/radvd, -9, -HUP kill_radvd: KillFilter, root, /sbin/radvd, -9, -HUP # ip_lib ip: IpFilter, ip, root +find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.* ip_exec: IpNetnsExecFilter, ip, root +# For ip monitor +kill_ip_monitor: KillFilter, root, ip, -9 + # ovs_lib (if OVSInterfaceDriver is used) ovs-vsctl: CommandFilter, ovs-vsctl, root @@ -49,3 +50,6 @@ kill_keepalived: KillFilter, root, /usr/sbin/keepalived, -HUP, -15, -9 # l3 agent to delete floatingip's conntrack state conntrack: CommandFilter, conntrack, root + +# keepalived state change monitor +keepalived_state_change: CommandFilter, neutron-keepalived-state-change, root diff --git a/playbooks/roles/os_neutron/templates/neutron.conf.j2 b/playbooks/roles/os_neutron/templates/neutron.conf.j2 index 17ecaabfaa..01bfa3ed5c 100644 --- a/playbooks/roles/os_neutron/templates/neutron.conf.j2 +++ b/playbooks/roles/os_neutron/templates/neutron.conf.j2 @@ -12,7 +12,6 @@ use_syslog = False log_file = /var/log/neutron/neutron.log auth_strategy = keystone -lock_path = /var/lock/neutron network_device_mtu = {{ neutron_network_device_mtu }} allow_overlapping_ips = True @@ -62,13 +61,6 @@ dhcp_delete_namespaces = True dhcp_lease_duration = 86400 -## RabbitMQ -rabbit_port = {{ rabbitmq_port }} -rabbit_userid = {{ rabbitmq_userid }} -rabbit_password = {{ rabbitmq_password }} -rabbit_hosts = {{ rabbitmq_servers }} - - ## Notifications notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True @@ -119,6 +111,17 @@ check_revocations_for_cached = False connection = mysql://{{ neutron_galera_user }}:{{ neutron_container_mysql_password }}@{{ galera_address }}/{{ neutron_galera_database }}?charset=utf8 +[oslo_messaging_rabbit] +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} + + +[oslo_concurrency] +lock_path = /var/lock/neutron + + [service_providers] service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default diff --git a/playbooks/roles/os_nova/defaults/main.yml b/playbooks/roles/os_nova/defaults/main.yml index 96dc91eb4e..2a8bd23964 100644 --- a/playbooks/roles/os_nova/defaults/main.yml +++ b/playbooks/roles/os_nova/defaults/main.yml @@ -44,6 +44,9 @@ nova_service_tenant_name: "service" nova_service_user_name: "nova" nova_service_role_name: "admin" +## Nova enabled apis +nova_enabled_apis: "osapi_compute,metadata" + ## Nova s3 nova_s3_service_name: s3 nova_s3_service_type: s3 @@ -57,6 +60,7 @@ nova_s3_service_adminurl: "{{ nova_s3_service_adminuri }}" nova_s3_service_internaluri: "{{ nova_s3_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}" nova_s3_service_internalurl: "{{ nova_s3_service_internaluri }}" nova_s3_program_name: nova-api-ec2 +nova_s3_deprecated_but_enabled: false ## Nova v3 nova_v3_service_name: novav3 @@ -86,6 +90,8 @@ nova_service_internalurl: "{{ nova_service_internaluri }}/v2/%(tenant_id)s" nova_program_name: nova-api-os-compute ## Nova ec2 +# WARNNING: The EC2 api in the nova tree has been deprecated. To consume this API you'll need to +# uncomment the EC2 section found within the nova `api-paste.ini` file. nova_ec2_service_name: ec2 nova_ec2_service_type: ec2 nova_ec2_service_proto: http @@ -98,6 +104,7 @@ nova_ec2_service_adminurl: "{{ nova_ec2_service_adminuri }}/services/Admin" nova_ec2_service_internaluri: "{{ nova_ec2_service_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}" nova_ec2_service_internalurl: "{{ nova_ec2_service_internaluri }}/services/Cloud" nova_ec2_program_name: nova-api-ec2 +nova_ec2_deprecated_but_enabled: false ## Nova spice nova_spice_html5proxy_base_proto: http @@ -207,6 +214,7 @@ nova_compute_kvm_apt_packages: - kpartx - libvirt-bin - open-iscsi + - python-libguestfs - python-libvirt - qemu - qemu-utils diff --git a/playbooks/roles/os_nova/files/api-paste.ini b/playbooks/roles/os_nova/files/api-paste.ini index 2a825a5be4..0d5598a853 100644 --- a/playbooks/roles/os_nova/files/api-paste.ini +++ b/playbooks/roles/os_nova/files/api-paste.ini @@ -6,7 +6,8 @@ use = egg:Paste#urlmap /: meta [pipeline:meta] -pipeline = ec2faultwrap logrequest metaapp +pipeline = metaapp +# pipeline = ec2faultwrap logrequest metaapp [app:metaapp] paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory @@ -15,42 +16,44 @@ paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory # EC2 # ####### -[composite:ec2] -use = egg:Paste#urlmap -/services/Cloud: ec2cloud +# [composite:ec2] +# use = egg:Paste#urlmap +# /: ec2cloud -[composite:ec2cloud] -use = call:nova.api.auth:pipeline_factory -noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor -keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor +# [composite:ec2cloud] +# use = call:nova.api.auth:pipeline_factory +# noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor +# noauth2 = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor +# keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor -[filter:ec2faultwrap] -paste.filter_factory = nova.api.ec2:FaultWrapper.factory +# [filter:ec2faultwrap] +# paste.filter_factory = nova.api.ec2:FaultWrapper.factory -[filter:logrequest] -paste.filter_factory = nova.api.ec2:RequestLogging.factory +# [filter:logrequest] +# paste.filter_factory = nova.api.ec2:RequestLogging.factory -[filter:ec2lockout] -paste.filter_factory = nova.api.ec2:Lockout.factory +# [filter:ec2lockout] +# paste.filter_factory = nova.api.ec2:Lockout.factory -[filter:ec2keystoneauth] -paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory +# [filter:ec2keystoneauth] +# paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory -[filter:ec2noauth] -paste.filter_factory = nova.api.ec2:NoAuth.factory +# [filter:ec2noauth] +# paste.filter_factory = nova.api.ec2:NoAuth.factory -[filter:cloudrequest] -controller = nova.api.ec2.cloud.CloudController -paste.filter_factory = nova.api.ec2:Requestify.factory +# [filter:cloudrequest] +# controller = nova.api.ec2.cloud.CloudController +# paste.filter_factory = nova.api.ec2:Requestify.factory -[filter:authorizer] -paste.filter_factory = nova.api.ec2:Authorizer.factory +# [filter:authorizer] +# paste.filter_factory = nova.api.ec2:Authorizer.factory -[filter:validator] -paste.filter_factory = nova.api.ec2:Validator.factory +# [filter:validator] +# paste.filter_factory = nova.api.ec2:Validator.factory + +# [app:ec2executor] +# paste.app_factory = nova.api.ec2:Executor.factory -[app:ec2executor] -paste.app_factory = nova.api.ec2:Executor.factory ############# # OpenStack # @@ -61,21 +64,30 @@ use = call:nova.api.openstack.urlmap:urlmap_factory /: oscomputeversions /v1.1: openstack_compute_api_v2 /v2: openstack_compute_api_v2 +/v2.1: openstack_compute_api_v21 /v3: openstack_compute_api_v3 [composite:openstack_compute_api_v2] use = call:nova.api.auth:pipeline_factory noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 +noauth2 = compute_req_id faultwrap sizelimit noauth2 ratelimit osapi_compute_app_v2 keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 +[composite:openstack_compute_api_v21] +use = call:nova.api.auth:pipeline_factory_v21 +noauth = compute_req_id faultwrap sizelimit noauth osapi_compute_app_v21 +noauth2 = compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21 +keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 + [composite:openstack_compute_api_v3] -use = call:nova.api.auth:pipeline_factory_v3 +use = call:nova.api.auth:pipeline_factory_v21 noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 +noauth2 = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 [filter:request_id] -paste.filter_factory = nova.openstack.common.middleware.request_id:RequestIdMiddleware.factory +paste.filter_factory = oslo.middleware:RequestId.factory [filter:compute_req_id] paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory @@ -84,6 +96,9 @@ paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory paste.filter_factory = nova.api.openstack:FaultWrapper.factory [filter:noauth] +paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareOld.factory + +[filter:noauth2] paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory [filter:noauth_v3] @@ -93,11 +108,14 @@ paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory [filter:sizelimit] -paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory +paste.filter_factory = oslo.middleware:RequestBodySizeLimiter.factory [app:osapi_compute_app_v2] paste.app_factory = nova.api.openstack.compute:APIRouter.factory +[app:osapi_compute_app_v21] +paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory + [app:osapi_compute_app_v3] paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory @@ -115,4 +133,4 @@ paste.app_factory = nova.api.openstack.compute.versions:Versions.factory paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory [filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory +paste.filter_factory = keystonemiddleware.auth_token:filter_factory \ No newline at end of file diff --git a/playbooks/roles/os_nova/files/policy.json b/playbooks/roles/os_nova/files/policy.json index 61aed1ba8c..c8464b1f34 100644 --- a/playbooks/roles/os_nova/files/policy.json +++ b/playbooks/roles/os_nova/files/policy.json @@ -18,15 +18,16 @@ "compute:shelve": "", "compute:shelve_offload": "", "compute:unshelve": "", + "compute:resize": "", + "compute:confirm_resize": "", + "compute:revert_resize": "", + "compute:rebuild": "", + "compute:reboot": "", "compute:volume_snapshot_create": "", "compute:volume_snapshot_delete": "", "admin_api": "is_admin:True", - "compute:v3:servers:start": "rule:admin_or_owner", - "compute:v3:servers:stop": "rule:admin_or_owner", - "compute_extension:v3:os-access-ips:discoverable": "", - "compute_extension:v3:os-access-ips": "", "compute_extension:accounts": "rule:admin_api", "compute_extension:admin_actions": "rule:admin_api", "compute_extension:admin_actions:pause": "rule:admin_or_owner", @@ -41,87 +42,37 @@ "compute_extension:admin_actions:migrateLive": "rule:admin_api", "compute_extension:admin_actions:resetState": "rule:admin_api", "compute_extension:admin_actions:migrate": "rule:admin_api", - "compute_extension:v3:os-admin-actions": "rule:admin_api", - "compute_extension:v3:os-admin-actions:discoverable": "", - "compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api", - "compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api", - "compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api", - "compute_extension:v3:os-admin-password": "", - "compute_extension:v3:os-admin-password:discoverable": "", "compute_extension:aggregates": "rule:admin_api", - "compute_extension:v3:os-aggregates:discoverable": "", - "compute_extension:v3:os-aggregates:index": "rule:admin_api", - "compute_extension:v3:os-aggregates:create": "rule:admin_api", - "compute_extension:v3:os-aggregates:show": "rule:admin_api", - "compute_extension:v3:os-aggregates:update": "rule:admin_api", - "compute_extension:v3:os-aggregates:delete": "rule:admin_api", - "compute_extension:v3:os-aggregates:add_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:remove_host": "rule:admin_api", - "compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api", "compute_extension:agents": "rule:admin_api", - "compute_extension:v3:os-agents": "rule:admin_api", - "compute_extension:v3:os-agents:discoverable": "", "compute_extension:attach_interfaces": "", - "compute_extension:v3:os-attach-interfaces": "", - "compute_extension:v3:os-attach-interfaces:discoverable": "", "compute_extension:baremetal_nodes": "rule:admin_api", "compute_extension:cells": "rule:admin_api", - "compute_extension:v3:os-cells": "rule:admin_api", - "compute_extension:v3:os-cells:discoverable": "", + "compute_extension:cells:create": "rule:admin_api", + "compute_extension:cells:delete": "rule:admin_api", + "compute_extension:cells:update": "rule:admin_api", + "compute_extension:cells:sync_instances": "rule:admin_api", "compute_extension:certificates": "", - "compute_extension:v3:os-certificates:create": "", - "compute_extension:v3:os-certificates:show": "", - "compute_extension:v3:os-certificates:discoverable": "", "compute_extension:cloudpipe": "rule:admin_api", "compute_extension:cloudpipe_update": "rule:admin_api", "compute_extension:console_output": "", - "compute_extension:v3:consoles:discoverable": "", - "compute_extension:v3:os-console-output:discoverable": "", - "compute_extension:v3:os-console-output": "", "compute_extension:consoles": "", - "compute_extension:v3:os-remote-consoles": "", - "compute_extension:v3:os-remote-consoles:discoverable": "", "compute_extension:createserverext": "", - "compute_extension:v3:os-create-backup:discoverable": "", - "compute_extension:v3:os-create-backup": "rule:admin_or_owner", "compute_extension:deferred_delete": "", - "compute_extension:v3:os-deferred-delete": "", - "compute_extension:v3:os-deferred-delete:discoverable": "", "compute_extension:disk_config": "", "compute_extension:evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate": "rule:admin_api", - "compute_extension:v3:os-evacuate:discoverable": "", "compute_extension:extended_server_attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes": "rule:admin_api", - "compute_extension:v3:os-extended-server-attributes:discoverable": "", "compute_extension:extended_status": "", - "compute_extension:v3:os-extended-status": "", - "compute_extension:v3:os-extended-status:discoverable": "", "compute_extension:extended_availability_zone": "", - "compute_extension:v3:os-extended-availability-zone": "", - "compute_extension:v3:os-extended-availability-zone:discoverable": "", "compute_extension:extended_ips": "", "compute_extension:extended_ips_mac": "", "compute_extension:extended_vif_net": "", - "compute_extension:v3:extension_info:discoverable": "", "compute_extension:extended_volumes": "", - "compute_extension:v3:os-extended-volumes": "", - "compute_extension:v3:os-extended-volumes:swap": "", - "compute_extension:v3:os-extended-volumes:discoverable": "", - "compute_extension:v3:os-extended-volumes:attach": "", - "compute_extension:v3:os-extended-volumes:detach": "", "compute_extension:fixed_ips": "rule:admin_api", "compute_extension:flavor_access": "", "compute_extension:flavor_access:addTenantAccess": "rule:admin_api", "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api", - "compute_extension:v3:flavor-access": "", - "compute_extension:v3:flavor-access:discoverable": "", - "compute_extension:v3:flavor-access:remove_tenant_access": "rule:admin_api", - "compute_extension:v3:flavor-access:add_tenant_access": "rule:admin_api", "compute_extension:flavor_disabled": "", "compute_extension:flavor_rxtx": "", - "compute_extension:v3:os-flavor-rxtx": "", - "compute_extension:v3:os-flavor-rxtx:discoverable": "", "compute_extension:flavor_swap": "", "compute_extension:flavorextradata": "", "compute_extension:flavorextraspecs:index": "", @@ -129,15 +80,7 @@ "compute_extension:flavorextraspecs:create": "rule:admin_api", "compute_extension:flavorextraspecs:update": "rule:admin_api", "compute_extension:flavorextraspecs:delete": "rule:admin_api", - "compute_extension:v3:flavors:discoverable": "", - "compute_extension:v3:flavor-extra-specs:discoverable": "", - "compute_extension:v3:flavor-extra-specs:index": "", - "compute_extension:v3:flavor-extra-specs:show": "", - "compute_extension:v3:flavor-extra-specs:create": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:update": "rule:admin_api", - "compute_extension:v3:flavor-extra-specs:delete": "rule:admin_api", "compute_extension:flavormanage": "rule:admin_api", - "compute_extension:v3:flavor-manage": "rule:admin_api", "compute_extension:floating_ip_dns": "", "compute_extension:floating_ip_pools": "", "compute_extension:floating_ips": "", @@ -145,99 +88,39 @@ "compute_extension:fping": "", "compute_extension:fping:all_tenants": "rule:admin_api", "compute_extension:hide_server_addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses": "is_admin:False", - "compute_extension:v3:os-hide-server-addresses:discoverable": "", "compute_extension:hosts": "rule:admin_api", - "compute_extension:v3:os-hosts": "rule:admin_api", - "compute_extension:v3:os-hosts:discoverable": "", "compute_extension:hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors": "rule:admin_api", - "compute_extension:v3:os-hypervisors:discoverable": "", "compute_extension:image_size": "", "compute_extension:instance_actions": "", - "compute_extension:v3:os-instance-actions": "", - "compute_extension:v3:os-instance-actions:discoverable": "", "compute_extension:instance_actions:events": "rule:admin_api", - "compute_extension:v3:os-instance-actions:events": "rule:admin_api", "compute_extension:instance_usage_audit_log": "rule:admin_api", - "compute_extension:v3:ips:discoverable": "", "compute_extension:keypairs": "", "compute_extension:keypairs:index": "", "compute_extension:keypairs:show": "", "compute_extension:keypairs:create": "", "compute_extension:keypairs:delete": "", - "compute_extension:v3:keypairs:discoverable": "", - "compute_extension:v3:keypairs": "", - "compute_extension:v3:keypairs:index": "", - "compute_extension:v3:keypairs:show": "", - "compute_extension:v3:keypairs:create": "", - "compute_extension:v3:keypairs:delete": "", - "compute_extension:v3:os-lock-server:discoverable": "", - "compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner", - "compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner", - "compute_extension:v3:os-migrate-server:discoverable": "", - "compute_extension:v3:os-migrate-server:migrate": "rule:admin_api", - "compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api", "compute_extension:multinic": "", - "compute_extension:v3:os-multinic": "", - "compute_extension:v3:os-multinic:discoverable": "", "compute_extension:networks": "rule:admin_api", "compute_extension:networks:view": "", "compute_extension:networks_associate": "rule:admin_api", - "compute_extension:v3:os-pause-server:discoverable": "", - "compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner", - "compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner", - "compute_extension:v3:os-pci:pci_servers": "", - "compute_extension:v3:os-pci:discoverable": "", - "compute_extension:v3:os-pci:index": "rule:admin_api", - "compute_extension:v3:os-pci:detail": "rule:admin_api", - "compute_extension:v3:os-pci:show": "rule:admin_api", "compute_extension:quotas:show": "", "compute_extension:quotas:update": "rule:admin_api", "compute_extension:quotas:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:discoverable": "", - "compute_extension:v3:os-quota-sets:show": "", - "compute_extension:v3:os-quota-sets:update": "rule:admin_api", - "compute_extension:v3:os-quota-sets:delete": "rule:admin_api", - "compute_extension:v3:os-quota-sets:detail": "rule:admin_api", "compute_extension:quota_classes": "", "compute_extension:rescue": "", - "compute_extension:v3:os-rescue": "", - "compute_extension:v3:os-rescue:discoverable": "", - "compute_extension:v3:os-scheduler-hints:discoverable": "", "compute_extension:security_group_default_rules": "rule:admin_api", "compute_extension:security_groups": "", - "compute_extension:v3:os-security-groups": "", - "compute_extension:v3:os-security-groups:discoverable": "", "compute_extension:server_diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics": "rule:admin_api", - "compute_extension:v3:os-server-diagnostics:discoverable": "", "compute_extension:server_groups": "", "compute_extension:server_password": "", - "compute_extension:v3:os-server-password": "", - "compute_extension:v3:os-server-password:discoverable": "", "compute_extension:server_usage": "", - "compute_extension:v3:os-server-usage": "", - "compute_extension:v3:os-server-usage:discoverable": "", "compute_extension:services": "rule:admin_api", - "compute_extension:v3:os-services": "rule:admin_api", - "compute_extension:v3:os-services:discoverable": "", - "compute_extension:v3:server-metadata:discoverable": "", - "compute_extension:v3:servers:discoverable": "", "compute_extension:shelve": "", "compute_extension:shelveOffload": "rule:admin_api", - "compute_extension:v3:os-shelve:shelve": "", - "compute_extension:v3:os-shelve:shelve:discoverable": "", - "compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api", "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:discoverable": "", - "compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner", - "compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner", "compute_extension:simple_tenant_usage:list": "rule:admin_api", "compute_extension:unshelve": "", - "compute_extension:v3:os-shelve:unshelve": "", "compute_extension:users": "rule:admin_api", - "compute_extension:v3:os-user-data:discoverable": "", "compute_extension:virtual_interfaces": "", "compute_extension:virtual_storage_arrays": "", "compute_extension:volumes": "", @@ -248,34 +131,13 @@ "compute_extension:volume_attachments:delete": "", "compute_extension:volumetypes": "", "compute_extension:availability_zone:list": "", - "compute_extension:v3:os-availability-zone:list": "", - "compute_extension:v3:os-availability-zone:discoverable": "", "compute_extension:availability_zone:detail": "rule:admin_api", - "compute_extension:v3:os-availability-zone:detail": "rule:admin_api", "compute_extension:used_limits_for_admin": "rule:admin_api", "compute_extension:migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:index": "rule:admin_api", - "compute_extension:v3:os-migrations:discoverable": "", "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api", "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api", "compute_extension:console_auth_tokens": "rule:admin_api", - "compute_extension:v3:os-console-auth-tokens": "rule:admin_api", "compute_extension:os-server-external-events:create": "rule:admin_api", - "compute_extension:v3:os-server-external-events:create": "rule:admin_api", - - "volume:create": "", - "volume:get_all": "", - "volume:get_volume_metadata": "", - "volume:get_snapshot": "", - "volume:get_all_snapshots": "", - - - "volume_extension:types_manage": "rule:admin_api", - "volume_extension:types_extra_specs": "rule:admin_api", - "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", - "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", - "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - "network:get_all": "", "network:get": "", @@ -298,7 +160,6 @@ "network:get_floating_ips_by_project": "", "network:get_floating_ips_by_fixed_address": "", "network:allocate_floating_ip": "", - "network:deallocate_floating_ip": "", "network:associate_floating_ip": "", "network:disassociate_floating_ip": "", "network:release_floating_ip": "", @@ -320,5 +181,6 @@ "network:get_dns_entries_by_name": "", "network:create_private_dns_domain": "", "network:create_public_dns_domain": "", - "network:delete_dns_domain": "" + "network:delete_dns_domain": "", + "network:attach_external_network": "rule:admin_api" } diff --git a/playbooks/roles/os_nova/tasks/nova_service_setup.yml b/playbooks/roles/os_nova/tasks/nova_service_setup.yml index 899b67e9d8..3f487506a7 100644 --- a/playbooks/roles/os_nova/tasks/nova_service_setup.yml +++ b/playbooks/roles/os_nova/tasks/nova_service_setup.yml @@ -60,6 +60,8 @@ service_internalurl: "{{ nova_s3_service_internalurl }}" service_adminurl: "{{ nova_s3_service_adminurl }}" role_name: "{{ nova_service_role_name }}" + when: > + nova_s3_deprecated_but_enabled == true or nova_s3_deprecated_but_enabled == 'True' tags: - nova-api - nova-api-s3 @@ -77,6 +79,8 @@ service_internalurl: "{{ nova_ec2_service_internalurl }}" service_adminurl: "{{ nova_ec2_service_adminurl }}" role_name: "{{ nova_service_role_name }}" + when: > + nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True' tags: - nova-api - nova-api-ec2 diff --git a/playbooks/roles/os_nova/tasks/nova_upstart_init.yml b/playbooks/roles/os_nova/tasks/nova_upstart_init.yml index 2ca917fb85..249cdd219b 100644 --- a/playbooks/roles/os_nova/tasks/nova_upstart_init.yml +++ b/playbooks/roles/os_nova/tasks/nova_upstart_init.yml @@ -56,7 +56,9 @@ system_user: "{{ nova_system_user_name }}" system_group: "{{ nova_system_group_name }}" service_home: "{{ nova_system_home_folder }}" - when: inventory_hostname in groups['nova_api_ec2'] + when: > + inventory_hostname in groups['nova_api_ec2'] and + (nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True') - include: nova_upstart_common_init.yml vars: @@ -65,7 +67,9 @@ system_user: "{{ nova_system_user_name }}" system_group: "{{ nova_system_group_name }}" service_home: "{{ nova_system_home_folder }}" - when: inventory_hostname in groups['nova_api_ec2'] + when: > + inventory_hostname in groups['nova_api_ec2'] and + (nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True') - include: nova_upstart_common_init.yml vars: diff --git a/playbooks/roles/os_nova/templates/nova.conf.j2 b/playbooks/roles/os_nova/templates/nova.conf.j2 index 86db6fb2b8..56066f7e91 100644 --- a/playbooks/roles/os_nova/templates/nova.conf.j2 +++ b/playbooks/roles/os_nova/templates/nova.conf.j2 @@ -10,7 +10,6 @@ verbose = {{ verbose }} fatal_deprecations = {{ nova_fatal_deprecations }} log_dir = /var/log/nova state_path = {{ nova_system_home_folder }} -lock_path = /var/lock/nova rootwrap_config = /etc/nova/rootwrap.conf service_down_time = 120 @@ -47,23 +46,20 @@ allow_resize_to_same_host = True image_cache_manager_interval = {{ nova_image_cache_manager_interval }} # Api's -enabled_apis = osapi_compute,metadata,ec2 +enabled_apis = {{ nova_enabled_apis }} osapi_compute_workers = {{ nova_osapi_compute_workers | default(api_threads) }} +{% if nova_ec2_deprecated_but_enabled == true or nova_ec2_deprecated_but_enabled == 'True' %} ec2_workers = {{ nova_ec2_workers | default(api_threads) }} ec2_dmz_host = {{ external_lb_vip_address }} +{% endif %} +{% if nova_s3_deprecated_but_enabled == true or nova_s3_deprecated_but_enabled == 'True' %} s3_port = {{ nova_s3_service_port }} s3_host = {{ ansible_ssh_host }} +{% endif %} # Rpc all -amqp_auto_delete = False rpc_backend = {{ nova_rpc_backend }} -# RabbitMQ -rabbit_port = {{ rabbitmq_port }} -rabbit_userid = {{ rabbitmq_userid }} -rabbit_password = {{ rabbitmq_password }} -rabbit_hosts = {{ rabbitmq_servers }} - # Metadata metadata_host = {{ internal_lb_vip_address }} metadata_port = {{ nova_metadata_port }} @@ -176,6 +172,18 @@ connection = mysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@ {% endif %} +[oslo_concurrency] +lock_path = /var/lock/nova + + +[oslo_messaging_rabbit] +amqp_auto_delete = False +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ rabbitmq_userid }} +rabbit_password = {{ rabbitmq_password }} +rabbit_hosts = {{ rabbitmq_servers }} + + [libvirt] vif_driver = {{ nova_libvirt_vif_driver }} inject_partition = -2 diff --git a/playbooks/roles/os_tempest/defaults/main.yml b/playbooks/roles/os_tempest/defaults/main.yml index 48a1b57b70..04c8a569d6 100644 --- a/playbooks/roles/os_tempest/defaults/main.yml +++ b/playbooks/roles/os_tempest/defaults/main.yml @@ -49,6 +49,7 @@ tempest_service_available_swift: True tempest_service_available_trove: False tempest_service_available_zaqar: False +tempest_image_api_v1_enabled: true tempest_image_api_v2_enabled: True tempest_boto_s3_url: "http://{{ external_lb_vip_address }}:3333" diff --git a/playbooks/roles/os_tempest/tasks/tempest_resources.yml b/playbooks/roles/os_tempest/tasks/tempest_resources.yml index e9cbcd5bdd..6c1f319728 100644 --- a/playbooks/roles/os_tempest/tasks/tempest_resources.yml +++ b/playbooks/roles/os_tempest/tasks/tempest_resources.yml @@ -154,6 +154,7 @@ tenant_id: "{{ keystone_demo_tenant_id }}" tags: - tempest-setup + - tempest-config - name: Store neutron private network id set_fact: diff --git a/playbooks/roles/os_tempest/templates/tempest.conf.j2 b/playbooks/roles/os_tempest/templates/tempest.conf.j2 index b3cb14fdd1..bbce92ceb3 100644 --- a/playbooks/roles/os_tempest/templates/tempest.conf.j2 +++ b/playbooks/roles/os_tempest/templates/tempest.conf.j2 @@ -144,7 +144,7 @@ http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar. [image-feature-enabled] -api_v1 = true +api_v1 = {{ tempest_image_api_v1_enabled }} api_v2 = {{ tempest_image_api_v2_enabled }} diff --git a/playbooks/setup-openstack.yml b/playbooks/setup-openstack.yml index 53eed310e4..3f9e4e282b 100644 --- a/playbooks/setup-openstack.yml +++ b/playbooks/setup-openstack.yml @@ -14,6 +14,7 @@ # limitations under the License. - include: os-keystone-install.yml +- include: os-swift-install.yml - include: os-glance-install.yml - include: os-cinder-install.yml - include: os-nova-install.yml diff --git a/playbooks/vars/repo_packages/openstack_clients.yml b/playbooks/vars/repo_packages/openstack_clients.yml index cc754613fa..29a0df205d 100644 --- a/playbooks/vars/repo_packages/openstack_clients.yml +++ b/playbooks/vars/repo_packages/openstack_clients.yml @@ -15,25 +15,24 @@ ## NOTICE on items in this file: -## * If you use anything in the *._git_install_branch field that is not a TAG +## * If you use anything in the *._git_install_branch field that is not a TAG ## make sure to leave an in-line comment as to "why". -## For the sake of anyone else editing this file: +## For the sake of anyone else editing this file: ## * If you add clients to this file please do so in alphabetical order. ## * Every entry should be name spaced with the name of the client followed by an "_" ## * All items with this file should be separated by `name_` note that the name of the ## package should be one long name with no additional `_` separating it. - ## Barbican client barbicanclient_git_repo: https://github.com/openstack/python-barbicanclient -barbicanclient_git_install_branch: 2.2.1 +barbicanclient_git_install_branch: 3.0.2 barbicanclient_git_dest: "/opt/barbicanclient_{{ barbicanclient_git_install_branch | replace('/', '_') }}" ## Ceilometer client ceilometerclient_git_repo: https://github.com/openstack/python-ceilometerclient -ceilometerclient_git_install_branch: 1.0.9 +ceilometerclient_git_install_branch: 1.0.13 ceilometerclient_git_dest: "/opt/ceilometerclient_{{ ceilometerclient_git_install_branch | replace('/', '_') }}" @@ -45,55 +44,55 @@ cinderclient_git_dest: "/opt/cinderclient_{{ cinderclient_git_install_branch | r ## Designate client designateclient_git_repo: https://github.com/openstack/python-designateclient -designateclient_git_install_branch: 1.0.3 +designateclient_git_install_branch: 1.1.1 designateclient_git_dest: "/opt/designateclient_{{ designateclient_git_install_branch | replace('/', '_') }}" ## Glance client glanceclient_git_repo: https://github.com/openstack/python-glanceclient -glanceclient_git_install_branch: 0.15.0 +glanceclient_git_install_branch: 0.16.0 glanceclient_git_dest: "/opt/glanceclient_{{ glanceclient_git_install_branch | replace('/', '_') }}" ## Heat client heatclient_git_repo: https://github.com/openstack/python-heatclient -heatclient_git_install_branch: 0.2.12 +heatclient_git_install_branch: 0.3.0 heatclient_git_dest: "/opt/heatclient_{{ heatclient_git_install_branch | replace('/', '_') }}" # Ironic client ironicclient_git_repo: https://github.com/openstack/python-ironicclient -ironicclient_git_install_branch: 0.2.1 +ironicclient_git_install_branch: 0.4.1 ironicclient_git_dest: "/opt/ironicclient_{{ ironicclient_git_install_branch | replace('/', '_') }}" # Keystone client keystoneclient_git_repo: https://github.com/openstack/python-keystoneclient -keystoneclient_git_install_branch: 1.0.0 +keystoneclient_git_install_branch: 1.2.0 keystoneclient_git_dest: "/opt/keystoneclient_{{ keystoneclient_git_install_branch | replace('/', '_') }}" ## Neutron client neutronclient_git_repo: https://github.com/openstack/python-neutronclient -neutronclient_git_install_branch: 2.3.10 +neutronclient_git_install_branch: 2.3.11 neutronclient_git_dest: "/opt/neutronclient_{{ neutronclient_git_install_branch | replace('/', '_') }}" ## Nova client novaclient_git_repo: https://github.com/openstack/python-novaclient -novaclient_git_install_branch: 2.20.0 +novaclient_git_install_branch: 2.22.0 novaclient_git_dest: "/opt/novaclient_{{ novaclient_git_install_branch | replace('/', '_') }}" ## OpenStack client openstackclient_git_repo: https://github.com/openstack/python-openstackclient -openstackclient_git_install_branch: 1.0.1 +openstackclient_git_install_branch: 1.0.2 openstackclient_git_dest: "/opt/openstackclient_{{ openstackclient_git_install_branch | replace('/', '_') }}" ## Sahara client saharaclient_git_repo: https://github.com/openstack/python-saharaclient -saharaclient_git_install_branch: 0.7.6 +saharaclient_git_install_branch: 0.7.7 saharaclient_git_dest: "/opt/saharaclient_{{ saharaclient_git_install_branch | replace('/', '_') }}" @@ -111,7 +110,7 @@ troveclient_git_dest: "/opt/troveclient_{{ troveclient_git_install_branch | repl ## Tuskar client tuskarclient_git_repo: https://github.com/openstack/python-tuskarclient -tuskarclient_git_install_branch: 0.1.8 +tuskarclient_git_install_branch: 0.1.15 tuskarclient_git_dest: "/opt/tuskarclient_{{ tuskarclient_git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/openstack_other.yml b/playbooks/vars/repo_packages/openstack_other.yml index a43fdb6fbc..fda00ecfe2 100644 --- a/playbooks/vars/repo_packages/openstack_other.yml +++ b/playbooks/vars/repo_packages/openstack_other.yml @@ -15,47 +15,28 @@ ## NOTICE on items in this file: -## * If you use anything in the *._git_install_branch field that is not a TAG +## * If you use anything in the *._git_install_branch field that is not a TAG ## make sure to leave an in-line comment as to "why". -## For the sake of anyone else editing this file: +## For the sake of anyone else editing this file: ## * If you add clients to this file please do so in alphabetical order. ## * Every entry should be name spaced with the name of the client followed by an "_" ## * All items with this file should be separated by `name_` note that the name of the ## package should be one long name with no additional `_` separating it. - -## Keystone middleware service -keystonemiddleware_git_repo: https://github.com/openstack/keystonemiddleware -keystonemiddleware_git_install_branch: 1.3.1 -keystonemiddleware_git_dest: "/opt/keystonemiddleware_{{ keystonemiddleware_git_install_branch | replace('/', '_') }}" - - ## Glance store library glancestore_git_repo: https://github.com/openstack/glance_store -glancestore_git_install_branch: 0.1.10 +glancestore_git_install_branch: 0.4.0 glancestore_git_dest: "/opt/glancestore_{{ glancestore_git_repo | replace('/', '_') }}" -## Oslo Messaging -oslomessaging_git_repo: https://github.com/openstack/oslo.messaging -oslomessaging_git_install_branch: 1.4.1 -oslomessaging_git_dest: "/opt/oslo_messaging{{ oslo_messaging_git_install_branch | replace('/', '_') }}" - - -## Oslo Middleware -oslomiddleware_git_repo: https://github.com/openstack/oslo.middleware -oslomiddleware_git_install_branch: 0.4.0 -oslomiddleware_git_dest: "/opt/oslo_middleware{{ oslomiddleware_git_install_branch | replace('/', '_') }}" - - ## Global Requirements requirements_git_repo: https://github.com/openstack/requirements -requirements_git_install_branch: stable/juno ## Uses a branch because there are no stable tags +requirements_git_install_branch: 1e85f2b2e6e2f417d168e898589d096385a77e30 # SHA at the head of master as of 20.3.2015 requirements_git_dest: "/opt/requirements_{{ requirements_git_install_branch | replace('/', '_') }}" ## Tempest Library tempestlib_git_repo: https://github.com/openstack/tempest-lib -tempestlib_git_install_branch: 0.2.1 +tempestlib_git_install_branch: 0.4.0 tempestlib_git_dest: "/opt/tempest-lib_{{ requirements_git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/openstack_services.yml b/playbooks/vars/repo_packages/openstack_services.yml index 83bf6795ca..5fdc2e907e 100644 --- a/playbooks/vars/repo_packages/openstack_services.yml +++ b/playbooks/vars/repo_packages/openstack_services.yml @@ -30,55 +30,67 @@ ## Cinder service cinder_git_repo: https://github.com/openstack/cinder -cinder_git_install_branch: 2014.2.2 +cinder_git_install_branch: master cinder_git_dest: "/opt/cinder_{{ cinder_git_install_branch | replace('/', '_') }}" ## Glance service glance_git_repo: https://github.com/openstack/glance -glance_git_install_branch: 2014.2.2 +glance_git_install_branch: master glance_git_dest: "/opt/glance_{{ glance_git_install_branch | replace('/', '_') }}" ## Heat service heat_git_repo: https://github.com/openstack/heat -heat_git_install_branch: 2014.2.2 +heat_git_install_branch: master heat_git_dest: "/opt/heat_{{ heat_git_install_branch | replace('/', '_') }}" heat_repo_plugins: - { path: "contrib", package: "extraroute" } + ## Horizon service horizon_git_repo: https://github.com/openstack/horizon -horizon_git_install_branch: 2014.2.2 +horizon_git_install_branch: master horizon_git_dest: "/opt/horizon_{{ horizon_git_install_branch | replace('/', '_') }}" ## Keystone service keystone_git_repo: https://github.com/openstack/keystone -keystone_git_install_branch: 2014.2.2 +keystone_git_install_branch: master keystone_git_dest: "/opt/keystone_{{ keystone_git_install_branch | replace('/', '_') }}" ## Neutron service neutron_git_repo: https://github.com/openstack/neutron -neutron_git_install_branch: 2014.2.2 +neutron_git_install_branch: master neutron_git_dest: "/opt/neutron_{{ neutron_git_install_branch | replace('/', '_') }}" +neutron_lbaas_git_repo: https://github.com/openstack/neutron-lbaas +neutron_lbaas_git_install_branch: master +neutron_lbaas_git_dest: "/opt/neutron_lbaas_{{ neutron_lbaas_git_install_branch | replace('/', '_') }}" + +neutron_vpnaas_git_repo: https://github.com/openstack/neutron-vpnaas +neutron_vpnaas_git_install_branch: master +neutron_vpnaas_git_dest: "/opt/neutron_vpnaas_{{ neutron_vpnaas_git_install_branch | replace('/', '_') }}" + +neutron_fwaas_git_repo: https://github.com/openstack/neutron-fwaas +neutron_fwaas_git_install_branch: master +neutron_fwaas_git_dest: "/opt/neutron_fwaas_{{ neutron_fwaas_git_install_branch | replace('/', '_') }}" + ## Nova service nova_git_repo: https://github.com/openstack/nova -nova_git_install_branch: 2014.2.2 +nova_git_install_branch: master nova_git_dest: "/opt/nova_{{ nova_git_install_branch | replace('/', '_') }}" ## Swift service swift_git_repo: https://github.com/openstack/swift -swift_git_install_branch: 2.2.1 +swift_git_install_branch: 2.2.2 swift_git_dest: "/opt/swift_{{ swift_git_install_branch | replace('/', '_') }}" ## Tempest service -# using a sha to match the other branches and also include fixes after the tag '3' tempest_git_repo: https://github.com/openstack/tempest -tempest_git_install_branch: 17f81d4cc83569438fe11b1ee6ee2afe74c0b501 +tempest_git_install_branch: d1a391a55482d64b9014e7b41219af195722d990 # SHA at the head of master as of 20.3.2015 tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}" diff --git a/playbooks/vars/repo_packages/turbolift.yml b/playbooks/vars/repo_packages/turbolift.yml deleted file mode 100644 index 75a6558ac2..0000000000 --- a/playbooks/vars/repo_packages/turbolift.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## Git source for turbolift client -git_repo: "https://github.com/cloudnull/turbolift" -git_install_branch: v2.1.3 -git_dest: "/opt/turbolift_{{ git_install_branch | replace('/', '_') }}" diff --git a/scripts/run-tempest.sh b/scripts/run-tempest.sh index e7c658ecf0..7a36226891 100755 --- a/scripts/run-tempest.sh +++ b/scripts/run-tempest.sh @@ -19,7 +19,10 @@ set -e -u +x ## Vars ---------------------------------------------------------------------- export TEMPEST_SCRIPT_PATH=${TEMPEST_SCRIPT_PATH:-/opt/openstack_tempest_gate.sh} -export TEMPEST_SCRIPT_PARAMETERS=${TEMPEST_SCRIPT_PARAMETERS:-""} +## TODO(someone) this needs to be changed back to the normal tests once someone +## is able to dig into tempest/the updated/deprecated config(s). This test should +## go back to being the scenario tests. +export TEMPEST_SCRIPT_PARAMETERS=${TEMPEST_SCRIPT_PARAMETERS:-"scenario"} export RUN_TEMPEST_OPTS=${RUN_TEMPEST_OPTS:-''} export TESTR_OPTS=${TESTR_OPTS:-''}