From dc7b4294632172d0b743f98448942fe260a8a3ff Mon Sep 17 00:00:00 2001 From: Jens Harbott Date: Tue, 19 Sep 2017 10:52:32 +0000 Subject: [PATCH] Fix running with SERVICE_IP_VERSION=6 - There are some locations where we need the raw IPv6 address instead of the url-quoted version enclosed in brackets. - Make nova-api-metadata service listen on IPv6 when we need that. - Use SERVICE_HOST instead of HOST_IP for TLS_IP. Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad Partial-Bug: 1656329 --- functions-common | 5 +++++ lib/cinder | 2 +- lib/databases/mysql | 2 +- lib/glance | 6 +++--- lib/neutron-legacy | 4 ++-- lib/nova | 4 ++-- lib/swift | 2 +- lib/tls | 12 ++++-------- stackrc | 4 ++-- 9 files changed, 21 insertions(+), 20 deletions(-) diff --git a/functions-common b/functions-common index df295a3395..5f933d67cf 100644 --- a/functions-common +++ b/functions-common @@ -2049,6 +2049,11 @@ function is_ipv4_address { fi } +# Remove "[]" around urlquoted IPv6 addresses +function ipv6_unquote { + echo $1 | tr -d [] +} + # Gracefully cp only if source file/dir exists # cp_it source destination function cp_it { diff --git a/lib/cinder b/lib/cinder index c0356fe09c..4d6085fe48 100644 --- a/lib/cinder +++ b/lib/cinder @@ -67,7 +67,7 @@ CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776} CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} -CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} +CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} # What type of LVM device should Cinder use for LVM backend # Defaults to auto, which will do thin provisioning if it's a fresh diff --git a/lib/databases/mysql b/lib/databases/mysql index 0089663285..cf61056389 100644 --- a/lib/databases/mysql +++ b/lib/databases/mysql @@ -93,7 +93,7 @@ function configure_database_mysql { # Change bind-address from localhost (127.0.0.1) to any (::) and # set default db type to InnoDB - iniset -sudo $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" + iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)" iniset -sudo $my_conf mysqld sql_mode TRADITIONAL iniset -sudo $my_conf mysqld default-storage-engine InnoDB iniset -sudo $my_conf mysqld max_connections 1024 diff --git a/lib/glance b/lib/glance index 95d2450da7..4a3e25e9a2 100644 --- a/lib/glance +++ b/lib/glance @@ -65,7 +65,7 @@ fi # Glance connection info. Note the port must be specified. GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST} -GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} +GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292} GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292} GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT} @@ -152,7 +152,7 @@ function configure_glance { # Store specific configs iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ - iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST + iniset $GLANCE_API_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST) # CORS feature support - to allow calls from Horizon by default if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then @@ -228,7 +228,7 @@ function configure_glance { iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD - iniset $GLANCE_CACHE_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST + iniset $GLANCE_CACHE_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST) # Store specific confs iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ diff --git a/lib/neutron-legacy b/lib/neutron-legacy index 9701ee7632..3c6ec68b67 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -111,7 +111,7 @@ Q_HOST=${Q_HOST:-$SERVICE_HOST} # Default protocol Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL} # Default listen address -Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} +Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} # Default admin username Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron} # Default auth strategy @@ -121,7 +121,7 @@ Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False} Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True} Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON) # Meta data IP -Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST} +Q_META_DATA_IP=${Q_META_DATA_IP:-$(ipv6_unquote $SERVICE_HOST)} # Allow Overlapping IP among subnets Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True} Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True} diff --git a/lib/nova b/lib/nova index 580f87f277..da07579b74 100644 --- a/lib/nova +++ b/lib/nova @@ -92,7 +92,7 @@ NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774} NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774} NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST} -NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} +NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775} # Option to enable/disable config drive @@ -507,7 +507,7 @@ function create_nova_conf { setup_logging $NOVA_CONF write_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI" "/compute" - write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" ":${METADATA_SERVICE_PORT}" + write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" "$SERVICE_LISTEN_ADDRESS:${METADATA_SERVICE_PORT}" if is_service_enabled ceilometer; then iniset $NOVA_CONF DEFAULT instance_usage_audit "True" diff --git a/lib/swift b/lib/swift index 1187846dfc..62b8a32fed 100644 --- a/lib/swift +++ b/lib/swift @@ -56,7 +56,7 @@ SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} SWIFT_DEFAULT_BIND_PORT=${SWIFT_DEFAULT_BIND_PORT:-8080} SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081} SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST} -SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} +SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} # TODO: add logging to different location. diff --git a/lib/tls b/lib/tls index a72b7084d0..e3ed3cc2ac 100644 --- a/lib/tls +++ b/lib/tls @@ -37,7 +37,7 @@ if is_service_enabled tls-proxy; then # TODO(dtroyer): revisit this below after the search for HOST_IP has been done - TLS_IP=${TLS_IP:-$SERVICE_IP} + TLS_IP=${TLS_IP:-$(ipv6_unquote $SERVICE_HOST)} fi DEVSTACK_HOSTNAME=$(hostname -f) @@ -67,9 +67,9 @@ function configure_CA { # build common config file # Verify ``TLS_IP`` is good - if [[ -n "$HOST_IP" && "$HOST_IP" != "$TLS_IP" ]]; then + if [[ -n "$SERVICE_HOST" && "$(ipv6_unquote $SERVICE_HOST)" != "$TLS_IP" ]]; then # auto-discover has changed the IP - TLS_IP=$HOST_IP + TLS_IP=$(ipv6_unquote $SERVICE_HOST) fi } @@ -228,6 +228,7 @@ function init_cert { if [[ ! -r $DEVSTACK_CERT ]]; then if [[ -n "$TLS_IP" ]]; then # Lie to let incomplete match routines work + # see https://bugs.python.org/issue23239 TLS_IP="DNS:$TLS_IP,IP:$TLS_IP" fi make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP" @@ -246,11 +247,6 @@ function make_cert { local alt_names=$4 if [ "$common_name" != "$SERVICE_HOST" ]; then - if [[ -z "$alt_names" ]]; then - alt_names="DNS:$SERVICE_HOST" - else - alt_names="$alt_names,DNS:$SERVICE_HOST" - fi if is_ipv4_address "$SERVICE_HOST" ; then alt_names="$alt_names,IP:$SERVICE_HOST" fi diff --git a/stackrc b/stackrc index 59442529f4..0b49fbca57 100644 --- a/stackrc +++ b/stackrc @@ -894,10 +894,10 @@ if [[ "$SERVICE_IP_VERSION" == 6 ]]; then DEF_SERVICE_HOST=[$HOST_IPV6] DEF_SERVICE_LOCAL_HOST=::1 - DEF_SERVICE_LISTEN_ADDRESS=:: + DEF_SERVICE_LISTEN_ADDRESS="[::]" fi -# This is either 0.0.0.0 for IPv4 or :: for IPv6 +# This is either 0.0.0.0 for IPv4 or [::] for IPv6 SERVICE_LISTEN_ADDRESS=${SERVICE_LISTEN_ADDRESS:-${DEF_SERVICE_LISTEN_ADDRESS}} # Allow the use of an alternate hostname (such as localhost/127.0.0.1) for