Bringing into sync with devstack v1

conf/templates/horizon/horizon_settings.py

@@ -1,4 +1,4 @@
-#From commit b32c876ed5e66c8971c8126432c1ae957301eb08 of devstack.sh repo.
+#From commit 770cec73146596c686405492e523fbe8861f36f7 of devstack.sh repo.
 #
 #With adjustments to make OPENSTACK_HOST a param
 
@@ -44,6 +44,12 @@ HORIZON_CONFIG = {
     'user_home': 'openstack_dashboard.views.user_home',
 }
 
+# TODO(tres): Remove these once Keystone has an API to identify auth backend.
+OPENSTACK_KEYSTONE_BACKEND = {
+    'name': 'native',
+    'can_edit_user': True
+}
+
 OPENSTACK_HOST = "%OPENSTACK_HOST%"
 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
 # FIXME: this is only needed until keystone fixes its GET /tenants call

conf/templates/keystone/default_catalog.templates

@@ -1,40 +1,40 @@
-# From devstack commit 5f9473e8b9bdc15f42db597d5d1e766b760f764e with no modifications
+# From devstack commit 06a09d0c33f0626379cad377b4ffa20fcda54858 with no modifications
 
 # config for TemplatedCatalog, using camelCase because I don't want to do
 # translations for legacy compat
 catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
 catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0
 catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
-catalog.RegionOne.identity.name = 'Identity Service'
+catalog.RegionOne.identity.name = Identity Service
 
 
 catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
 catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
 catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
-catalog.RegionOne.compute.name = 'Compute Service'
+catalog.RegionOne.compute.name = Compute Service
 
 
 catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
 catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
 catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
-catalog.RegionOne.volume.name = 'Volume Service'
+catalog.RegionOne.volume.name = Volume Service
 
 
 catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud
 catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin
 catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
-catalog.RegionOne.ec2.name = 'EC2 Service'
+catalog.RegionOne.ec2.name = EC2 Service
 
 
 catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
 catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
 catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
-catalog.RegionOne.s3.name = 'S3 Service'
+catalog.RegionOne.s3.name = S3 Service
 
 
 catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
 catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
 catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
-catalog.RegionOne.image.name = 'Image Service'
+catalog.RegionOne.image.name = Image Service
 
 # More might be added in (in code)

conf/templates/keystone/keystone_init.sh

@@ -1,13 +1,10 @@
 #!/bin/bash
 
-# From devstack commit c4849e7f8f40f522541d8e1e03771edf942d851e with modifications
+# From devstack.sh commit edf59ca44331106ba895eee78ae1d8602764eb4c
 
 #
 # Initial data for Keystone using python-keystoneclient
 #
-# A set of EC2-compatible credentials is created for both admin and demo
-# users and placed in $DEVSTACK_DIR/ec2rc.
-#
 # Tenant               User      Roles
 # -------------------------------------------------------
 # admin                admin     admin
@@ -20,11 +17,10 @@
 # invisible_to_admin   demo      Member
 #
 # Variables set before calling this script:
-#
 # SERVICE_TOKEN - aka admin_token in keystone.conf
-# AUTH_ENDPOINT - local Keystone admin endpoint
+# SERVICE_ENDPOINT - local Keystone admin endpoint
 # SERVICE_TENANT_NAME - name of tenant containing service accounts
-# ENABLED_SERVICES - devstack's list of services being activated
+# ENABLED_SERVICES - stack.sh's list of services to start
 
 set -e
 
@@ -54,6 +50,7 @@ SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
 DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
 INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
 
+
 # Users
 ADMIN_USER=$(get_id keystone user-create --name=admin \
                                          --pass="$ADMIN_PASSWORD" \
@@ -62,6 +59,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
                                         --pass="$ADMIN_PASSWORD" \
                                         --email=demo@example.com)
 
+
 # Roles
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
@@ -69,77 +67,57 @@ KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
 SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
 NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
 
+
 # Add Roles to Users in Tenants
-keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
-keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
 
 # TODO(termie): these two might be dubious
-keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
-keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
+
 
 # The Member role is used by Horizon and Swift so we need to keep it:
 MEMBER_ROLE=$(get_id keystone role-create --name=Member)
-keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT 2>&1 >/dev/null
+keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
 
-# Services
-keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" 2>&1 >/dev/null
 
-keystone service-create --name=nova --type=compute --description="Nova Compute Service" 2>&1 >/dev/null
+# Configure service users/roles
+NOVA_USER=$(get_id keystone user-create --name=nova \
+                                        --pass="$SERVICE_PASSWORD" \
+                                        --tenant_id $SERVICE_TENANT \
+                                        --email=nova@example.com)
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+                       --user $NOVA_USER \
+                       --role $ADMIN_ROLE
 
-NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" \
+GLANCE_USER=$(get_id keystone user-create --name=glance \
-                --tenant_id $SERVICE_TENANT --email=nova@example.com)
+                                          --pass="$SERVICE_PASSWORD" \
-
+                                          --tenant_id $SERVICE_TENANT \
-keystone user-role-add --tenant_id $SERVICE_TENANT --user $NOVA_USER  --role $ADMIN_ROLE 2>&1 >/dev/null
+                                          --email=glance@example.com)
-
+keystone user-role-add --tenant_id $SERVICE_TENANT \
-keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer" 2>&1 >/dev/null
+                       --user $GLANCE_USER \
-
+                       --role $ADMIN_ROLE
-keystone service-create --name=glance  --type=image  --description="Glance Image Service" 2>&1 >/dev/null
-                        
-GLANCE_USER=$(get_id keystone user-create --name=glance  --pass="$SERVICE_PASSWORD" \
-                            --tenant_id $SERVICE_TENANT   --email=glance@example.com)
-
-keystone user-role-add --tenant_id $SERVICE_TENANT --user $GLANCE_USER --role $ADMIN_ROLE 2>&1 >/dev/null
-
-keystone service-create --name="nova-volume"  --type=volume  --description="Nova Volume Service" 2>&1 >/dev/null
 
 if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
-    keystone service-create --name=swift --type="object-store" --description="Swift Service" 2>&1 >/dev/null
     SWIFT_USER=$(get_id keystone user-create --name=swift \
                                              --pass="$SERVICE_PASSWORD" \
                                              --tenant_id $SERVICE_TENANT \
                                              --email=swift@example.com)
-    keystone user-role-add --tenant_id $SERVICE_TENANT  --user $SWIFT_USER  --role $ADMIN_ROLE 2>&1 >/dev/null
+    keystone user-role-add --tenant_id $SERVICE_TENANT \
+                           --user $SWIFT_USER \
+                           --role $ADMIN_ROLE
 fi
 
 if [[ "$ENABLED_SERVICES" =~ "quantum-server" ]]; then
-    keystone service-create --name=quantum  --type=network  --description="Quantum Service" 2>&1 >/dev/null
     QUANTUM_USER=$(get_id keystone user-create --name=quantum \
                                                --pass="$SERVICE_PASSWORD" \
                                                --tenant_id $SERVICE_TENANT \
                                                --email=quantum@example.com)
-    keystone user-role-add --tenant_id $SERVICE_TENANT  --user $QUANTUM_USER  --role $ADMIN_ROLE 2>&1 >/dev/null
+    keystone user-role-add --tenant_id $SERVICE_TENANT \
+                           --user $QUANTUM_USER \
+                           --role $ADMIN_ROLE
 fi
-
-# create ec2 creds and parse the secret and access key returned
-RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
-ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
-ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
-
-RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
-DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
-DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
-
-cat <<EOF
-# EC2 access variables (ie for euca tools...)
-export EC2_ACCESS_KEY=$DEMO_ACCESS
-export EC2_SECRET_KEY=$DEMO_SECRET
-
-# Not really EC2 but useful for knowing...
-export ADMIN_SECRET=$ADMIN_SECRET
-export ADMIN_ACCESS=$ADMIN_ACCESS
-export DEMO_ACCESS=$DEMO_ACCESS
-export DEMO_SECRET=$DEMO_SECRET
-EOF

devstack/components/keystone.py

@@ -230,9 +230,7 @@ class KeystoneRuntime(comp.PythonRuntime):
             env['BIN_DIR'] = self.bindir
             setup_cmd = MANAGE_CMD_ROOT + [tgt_fn]
             LOG.info("Running (%s) command to initialize keystone." % (" ".join(setup_cmd)))
-            (sysout, _) = sh.execute(*setup_cmd, env_overrides=env, run_as_root=False)
+            sh.execute(*setup_cmd, env_overrides=env, run_as_root=False)
-            if sysout:
-                sh.write_file(sh.abspth(settings.EC2RC_FN), sysout.strip())
             LOG.debug("Removing (%s) file since we successfully initialized keystone." % (tgt_fn))
             sh.unlink(tgt_fn)
 

devstack/env_rc.py

@@ -211,19 +211,13 @@ alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_
         lines.append('# External includes stuff')
         extern_tpl = """
 
-# Use stored ec2 env variables
-if [ -f "{ec2rc_fn}" ]; then
-    source "{ec2rc_fn}"
-fi
-
 # Allow local overrides of env variables
 if [ -f "{localrc_fn}" ]; then
     source "{localrc_fn}"
 fi
 
 """
-        extern_inc = extern_tpl.format(ec2rc_fn=sh.abspth(settings.EC2RC_FN),
+        extern_inc = extern_tpl.format(localrc_fn=sh.abspth(settings.LOCALRC_FN))
-                                   localrc_fn=sh.abspth(settings.LOCALRC_FN))
         lines.append(extern_inc.strip())
         lines.append("")
         return lines

devstack/settings.py

@@ -110,7 +110,6 @@ COMPONENT_CONFIG_DIR = "config"
 
 # RC files generated / used
 RC_FN_TEMPL = "os-%s.rc"
-EC2RC_FN = RC_FN_TEMPL % ('ec2')
 LOCALRC_FN = RC_FN_TEMPL % ('local')
 OSRC_FN = RC_FN_TEMPL % ('core')
 

tools/os-euca.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# From devstack.sh commit 0bd2410d469f11934b5965d83b57d56418e66b48
+
+# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
+#
+# Optionally set the tenant/username via openrc
+
+if [[ -n "$1" ]]; then
+    USERNAME=$1
+fi
+
+if [[ -n "$2" ]]; then
+    TENANT=$2
+fi
+
+# Find the other rc files
+RC_DIR=../
+CORE_RC="os-core.rc"
+
+# Get user configuration
+source $RC_DIR/$CORE_RC
+
+# Set the ec2 url so euca2ools works
+export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+
+# Create EC2 credentials for the current user
+CREDS=$(keystone ec2-credentials-create)
+export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
+export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
+
+# Euca2ools Certificate stuff for uploading bundles
+NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
+export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
+export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
+export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
+export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
+export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
+alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
+alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
+