2013-08-09 15:09:31 -05:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
# **fixup_stuff.sh**
|
|
|
|
|
|
|
|
# fixup_stuff.sh
|
|
|
|
#
|
|
|
|
# All distro and package specific hacks go in here
|
2013-10-05 12:11:07 +01:00
|
|
|
#
|
2013-08-09 15:09:31 -05:00
|
|
|
# - prettytable 0.7.2 permissions are 600 in the package and
|
|
|
|
# pip 1.4 doesn't fix it (1.3 did)
|
2013-10-05 12:11:07 +01:00
|
|
|
#
|
2013-08-09 15:09:31 -05:00
|
|
|
# - httplib2 0.8 permissions are 600 in the package and
|
|
|
|
# pip 1.4 doesn't fix it (1.3 did)
|
2013-10-05 12:11:07 +01:00
|
|
|
#
|
2015-01-26 16:39:57 +01:00
|
|
|
# - Fedora:
|
2013-08-09 19:51:20 -05:00
|
|
|
# - set selinux not enforcing
|
2015-01-26 16:39:57 +01:00
|
|
|
# - uninstall firewalld (f20 only)
|
|
|
|
|
2013-08-09 19:51:20 -05:00
|
|
|
|
2014-08-15 14:03:52 -05:00
|
|
|
# If TOP_DIR is set we're being sourced rather than running stand-alone
|
|
|
|
# or in a sub-shell
|
|
|
|
if [[ -z "$TOP_DIR" ]]; then
|
|
|
|
set -o errexit
|
|
|
|
set -o xtrace
|
2013-08-09 15:09:31 -05:00
|
|
|
|
2014-08-15 14:03:52 -05:00
|
|
|
# Keep track of the current directory
|
|
|
|
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
|
|
|
|
TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
|
2013-08-09 15:09:31 -05:00
|
|
|
|
2014-08-15 14:03:52 -05:00
|
|
|
# Change dir to top of devstack
|
|
|
|
cd $TOP_DIR
|
2013-08-09 15:09:31 -05:00
|
|
|
|
2014-08-15 14:03:52 -05:00
|
|
|
# Import common functions
|
|
|
|
source $TOP_DIR/functions
|
2013-08-09 15:09:31 -05:00
|
|
|
|
2014-08-15 14:03:52 -05:00
|
|
|
FILES=$TOP_DIR/files
|
|
|
|
fi
|
2013-08-09 15:09:31 -05:00
|
|
|
|
2014-06-12 15:08:48 -07:00
|
|
|
# Keystone Port Reservation
|
|
|
|
# -------------------------
|
|
|
|
# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
|
|
|
|
# being used as ephemeral ports by the system. The default(s) are 35357 and
|
|
|
|
# 35358 which are in the Linux defined ephemeral port range (in disagreement
|
|
|
|
# with the IANA ephemeral port range). This is a workaround for bug #1253482
|
|
|
|
# where Keystone will try and bind to the port and the port will already be
|
|
|
|
# in use as an ephemeral port by another process. This places an explicit
|
|
|
|
# exception into the Kernel for the Keystone AUTH ports.
|
|
|
|
keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
|
|
|
|
|
2014-10-02 20:58:20 +02:00
|
|
|
# only do the reserved ports when available, on some system (like containers)
|
|
|
|
# where it's not exposed we are almost pretty sure these ports would be
|
|
|
|
# exclusive for our devstack.
|
|
|
|
if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
|
|
|
|
# Get any currently reserved ports, strip off leading whitespace
|
|
|
|
reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
|
2014-06-12 15:08:48 -07:00
|
|
|
|
2014-10-02 20:58:20 +02:00
|
|
|
if [[ -z "${reserved_ports}" ]]; then
|
|
|
|
# If there are no currently reserved ports, reserve the keystone ports
|
|
|
|
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
|
|
|
|
else
|
|
|
|
# If there are currently reserved ports, keep those and also reserve the
|
|
|
|
# keystone specific ports. Duplicate reservations are merged into a single
|
|
|
|
# reservation (or range) automatically by the kernel.
|
|
|
|
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
|
|
|
|
fi
|
2014-06-12 15:08:48 -07:00
|
|
|
else
|
2014-10-02 20:58:20 +02:00
|
|
|
echo_summary "WARNING: unable to reserve keystone ports"
|
2014-06-12 15:08:48 -07:00
|
|
|
fi
|
|
|
|
|
2013-08-09 19:51:20 -05:00
|
|
|
|
|
|
|
# Python Packages
|
|
|
|
# ---------------
|
|
|
|
|
2013-10-16 12:10:13 -05:00
|
|
|
# get_package_path python-package # in import notation
|
2014-02-21 15:35:08 +11:00
|
|
|
function get_package_path {
|
2013-10-16 12:10:13 -05:00
|
|
|
local package=$1
|
|
|
|
echo $(python -c "import os; import $package; print(os.path.split(os.path.realpath($package.__file__))[0])")
|
|
|
|
}
|
2013-08-09 15:09:31 -05:00
|
|
|
|
|
|
|
|
2013-10-16 12:10:13 -05:00
|
|
|
# Pre-install affected packages so we can fix the permissions
|
|
|
|
# These can go away once we are confident that pip 1.4.1+ is available everywhere
|
2013-08-09 15:09:31 -05:00
|
|
|
|
2013-10-16 12:10:13 -05:00
|
|
|
# Fix prettytable 0.7.2 permissions
|
|
|
|
# Don't specify --upgrade so we use the existing package if present
|
2014-12-22 17:17:51 +00:00
|
|
|
pip_install 'prettytable>=0.7'
|
2013-10-16 12:10:13 -05:00
|
|
|
PACKAGE_DIR=$(get_package_path prettytable)
|
|
|
|
# Only fix version 0.7.2
|
|
|
|
dir=$(echo $PACKAGE_DIR/prettytable-0.7.2*)
|
|
|
|
if [[ -d $dir ]]; then
|
|
|
|
sudo chmod +r $dir/*
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Fix httplib2 0.8 permissions
|
|
|
|
# Don't specify --upgrade so we use the existing package if present
|
|
|
|
pip_install httplib2
|
|
|
|
PACKAGE_DIR=$(get_package_path httplib2)
|
|
|
|
# Only fix version 0.8
|
|
|
|
dir=$(echo $PACKAGE_DIR-0.8*)
|
|
|
|
if [[ -d $dir ]]; then
|
|
|
|
sudo chmod +r $dir/*
|
|
|
|
fi
|
2013-08-09 19:51:20 -05:00
|
|
|
|
2014-06-12 11:41:54 +02:00
|
|
|
if is_fedora; then
|
2013-08-09 19:51:20 -05:00
|
|
|
# Disable selinux to avoid configuring to allow Apache access
|
2013-11-05 10:35:55 +01:00
|
|
|
# to Horizon files (LP#1175444)
|
2013-08-09 19:51:20 -05:00
|
|
|
if selinuxenabled; then
|
|
|
|
sudo setenforce 0
|
|
|
|
fi
|
2014-08-19 10:54:59 -05:00
|
|
|
|
|
|
|
FORCE_FIREWALLD=$(trueorfalse False $FORCE_FIREWALLD)
|
2015-01-02 18:39:29 +01:00
|
|
|
if [[ ${DISTRO} =~ (f20) && $FORCE_FIREWALLD == "False" ]]; then
|
|
|
|
# On Fedora 20 firewalld interacts badly with libvirt and
|
2014-08-19 10:54:59 -05:00
|
|
|
# slows things down significantly. However, for those cases
|
|
|
|
# where that combination is desired, allow this fix to be skipped.
|
|
|
|
|
|
|
|
# There was also an additional issue with firewalld hanging
|
|
|
|
# after install of libvirt with polkit. See
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1099031
|
|
|
|
if is_package_installed firewalld; then
|
|
|
|
uninstall_package firewalld
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2014-06-12 11:41:54 +02:00
|
|
|
fi
|