It seems like the fallout from this was not well sorted.
A lot of things aren't working, and there is still vestigial
v2 bits left behind.
This should have come with a much greater warning and some
spot checking of additional services working with this.
This reverts commit b162a1d58cdecfb32847b59bd341e06c26efb1ed.
Change-Id: Ia792b23119c00089542ba08879dca1c29dc80945
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f165
Partially-Implements: bp keystonev3
Since:
- novaclient doesn't require specify the *compute api* version
(default is 2.latest now)
- novaclient doesn't use COMPUTE_API_VERSION, since it's wrong name(
OS_COMPUTE_API_VERSION is a correct name)
we can remove COMPUTE_API_VERSION and NOVA_VERSION vars
Change-Id: I47856863e9403870b8d60c778b97d3de1a212ae1
Assumes devstack was configured with SERVICE_IP_VERSION in
local.conf
SERVICE_IP_VERSION is stored in .stackenv and checked in
openrc. If SERVICE_IP_VERSION is set to 6, openrc will use
IPv6.
NOTE: At first, I added a '-6' option to the openrc call
which would set the HOSTS accordingly. I then simplified
the code by saving SERVICE_IP_VERSION to the .stackenv file
which is sourced by openrc. After that, I simplified the
code even more by removing an extra, unnecessary, variable.
Change-Id: I5d46d5438d3e56fea788720ca17f0010caef3df1
In openrc, if we set OS_CACERT, some things will expect it to be there
in pre-flight checks. But it may very well be missing. This "fails
closed" because if we find the file, we try to use it, but if we don't
find the file, and the user thought we should be using it, we'll just
not be able to verify the server's name, and the libs will fail on that.
Change-Id: Ia5d06afa74bc645c2f19711cfa37e57a377c329b
Closes-Bug: #1452036
Allow providing certificates through environment variables to be used
for keystone, and provide the basis for doing this for other services.
It cannot be used in conjunction with tls-proxy as the service provides
it's own encrypted endpoint.
Impletmenting: blueprint devstack-https
Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0
Replacing $BASH_SOURCE with ${BASH_SOURCE:-$0} makes devstack zsh friendly: in
bash, $BASH_SOURCE is used per usual; in zsh, where $BASH_SOURCE isn't
defined, $0 is used, which, unlike in bash, evaluates to the current
source file.
Now you can source devstack's openrc from a zsh shell.
Tested with bash and zsh from directories other than the root devstack
directory.
Change-Id: Iab1a817b15d86144163b5094bb58f94b15c598a0
Set OS_VOLUME_API_VERSION environment variable to 2 so we use
specifically Cinder REST API v2. v1 is still enabled in the catalog, but
we want more exposure to v2 for testing.
Change-Id: I6c2f29edf44a0f58a7830fe4dd2db35f2db3658c
* Default IDENTITY_API_VERSION to '2.0' in stackrc
Note: the value of these *_API_VERSION variables will NOT include
the leading 'v' as the CLI tools do not allow it.
Change-Id: Ic6473833be35625282e7442f3c88fc1c4d0cc134
This is essentially a revert of
73695d0ea490c4c7a1158957dd5a85586cfa0933. Since stackrc is
responsible for sourcing localrc, the required functions
are necessary (like for enable_service).
fixes bug 1186488
Change-Id: Iad90f802e77b94416821008c294c1a2ede8a4729
- Cleanup openrc, removing the sourcing of functions (which was failing
for zsh) and remove the *_DEBUG comment since they have been removed
from the clients.
Change-Id: Ie2e6fb1e770403c4ef3463a850e8151bd312614c
Specifically to recall HOST_IP and SERVICE_HOST for the current DevStack configuration.
Bug 930274
Change-Id: I299d94101ab93faccc88917503409e0afaa0a523
There are some environment variables that are derived in stack.sh
and cubersome to re-create later, so save them at the end of stack.sh
for use by other supporting scripts, such as openrc.
Change-Id: I1bbf717b970f8ceac0ff7da74aeaf19474997e07
* Adds lib/tls to create test CA/certs
* Start proxy if 'tls-proxy' is enabled
* Configure keystone service catalog for TLS
* Tear down proxy in unstack.sh
* Set auth protocol and ca-cert chain in openrc
* Add DATA_DIR to stackrc
This is the first in a series of patches to enable TLS support
for the service API endpoints.
Change-Id: Ia1c91dc8f1aaf94fbec9dc71da322559a83d14b6
sudo is only allowed in stack.sh on the CI, so move setup_quantum code
to the stack.sh.
also fixes quantum debug command setup for linuxbridge and ryu
Change-Id: I11bc0aa242a690e25acc088b3e9f483ceab38f26
Editing ENABLED_SERVICES directly can get tricky when
the user wants to disable something. This patch includes
two new functions for adding or removing services
safely, and a third (for completeness) to clear the
settings entirely before adding a minimal set of
services.
It also moves the logic for dealing with "negated"
services into a function so it can be tested and
applied by the new functions for manipulating
ENABLED_SERVICES.
Change-Id: I88f205f3666b86e6f0b6a94e0ec32a26c4bc6873
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
Fix bug 967429.
Don't use $USERNAME as a variable in openrc. It's commonly set by
default and can result in $OS_USERNAME getting set to something else
unexpectedly, resulting in an environment that doesn't work.
Change-Id: I6083a871209d30c81ca6876b1ef6c154aef7f598
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
This patch waits for instance termination to complete before trying to
delete the security group. The last change to simply move the security
group deletion to after euca-terminate-instance was not sufficient, as
it has to wait until the termination is complete.
Change-Id: Icba579534f324afb4d44abd42d8c755834dd2a57
Add the OS_* env variables to mirror the NOVA_* vars; example:
setting OS_USERNAME will override NOVA_USERNAME in the clients and
tools, but if left unset it defaults to NOVA_USERNAME.
Adds exercises/client-env.sh to test operation of command-line
clients with only the OS_* variables set
Addresses bug 897304, http://wiki.openstack.org/CLIAuth
Change-Id: I72450153541072fe8026a82748cfcd1cf5ed31d8
floating_ips and volumes exercises both access Glance directly, but
assume it is running locally. To better accomodate exercising a
multi-host cloud, specify glance host via GLANCE_HOST setting which
defaults to HOST_IP to maintain current single-node functionality.
Change-Id: Iad06044af031083afa477204d446ada5161ca521
* modifies stack.sh to run nova-cert and nova-objectstore
* adds exercises/bundle.sh to test for bundling
* requires https://review.openstack.org/#change,3200
Change-Id: I850891948fbdfdf5890225f94df755e5dbc733d0
* increase some timeouts
* tolerate existing security groups and rules
* add optional DEFAULT_IMAGE_NAME to select the image to boot
* fix image lists via glance
Change-Id: I31ae743e602f69a2c9f872273273f542fc4afda3