This makes a bunch of variable cleanups that will let -o nounset
function, for the time being we hide nounset behind another setting
variable so that it's not on by default.
Because this is bash, and things are only executed on demand, this
probably only works in the config it was run in. Expect cleaning up
all the paths to be something that takes quite a while.
This also includes a new set of unit tests around the trueorfalse
function, because my change in how it worked, didn't. Tests are good
m'kay.
Change-Id: I71a896623ea9e1f042a73dc0678ce85acf0dc87d
The reseller_prefix option cannot be added to the
swift-proxy-server.conf-sample file because it
inadvertently gets set to "TEMPAUTH" and Tempest
tests fail.
Change-Id: Ib08d6fa1926531b8966151258eae6771c99c41ca
Closes-Bug: 1404226
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.
Change-Id: Id238748417ffab53e02d59413dba66f61e724383
We're using all the magic variables based on python-fooclient, however
all the inline code was using fooclient for variables. So we had a
mismatch, which was kindly pointed out by some of the 3rd party ci
testers.
Change-Id: I27a56222c7e8e610fba8bf97672d2a42f5cf14ca
expand the devstack support for libraries from released versions to
support python-* clients and tempest_lib.
Depends-On: I81b0d228e7769758c61e5b0323ecfce8c8886d39
Change-Id: I26fac0ccf8fd4818e24618d56bf04b32306f88f6
Swift has functional tests that check access controls
between users and projects in differing domains. Those tests
are currently skipped by default since swift tests are
configured to use keystone v2 API. In order for those
tests to pass when using keystone v3 API, a user and
project must be setup in a non-default domain.
This patch creates a domain, and a user and project in
that domain, in support of swift functional tests moving
to using keystone v3 API.
Changes:
lib/swift
- create a new domain, project and user for
swift testing
- add new project and user credentials to swift
test config file
- set correct identity service url in swift test
config file according to kesytone API version
functions-common
- add function get_or_create_domain
- modify get_or_create_user and get_or_create_project
functions to optionally specify a domain
Change-Id: I557de01bf196075f2f3adcdf4dd1b43756d8a0ae
I did a similar change in I8ba180be036836f37ebdbb6da36ff0be486c043e
but I guess somehow missed these ... maybe I forgot to add them to the
change.
As described originally, this causes TOT bashate to fail, so fix this
up before it gets released.
Change-Id: I5580cb46f1c8bd71c631549aab78428d95a6dc51
Id02ebdfa5cb3f6c763293876c6bb031184ebd663 introduced a small
regression which makes the command x509-create-cert fail with
'ERROR (CommandError): Invalid OpenStack Nova credentials.' for
Swift users.
The handling of specific password for Swift users was introduced
in Ifb57a43aad439ffe041e98465719a8a8eceae544
Change-Id: I3f328b1358bad0bdf7056796eabfe846dd5bae3a
Newer version of container-sync feature is introduced in Swift ver. 1.12.0.
The spec:
http://docs.openstack.org/developer/swift/overview_container_sync.html
Before this commit, Devstack does not configure any realm used in
container-sync, therefore this feature does not work.
To test this feature in CI system, moreover to show the sample
configuration of realms, Devstack now edits realms configuration file.
Change-Id: I9f1e3224403e08e725a989162729470357fe90b0
Closes-Bug: 1378646
Make the sed the command to change the recon_cache_path into the renamed
generate_swift_config_services
Change-Id: I6092c26836320fab607eb9cd07f63189a9ba1ddd
Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.
To enable SSL via proxy, in local.conf add
ENABLED_SERVICES+=,tls-proxy
This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.
To enable SSL natively, in local.conf add:
USE_SSL=True
Native SSL by default will also use the devstack-generate root and
subordinate CA.
You can override this on a per-service basis by setting
<SERVICE>_SSL_CERT=/path/to/cert
<SERVICE>_SSL_KEY=/path/to/key
<SERVICE>_SSL_PATH=/path/to/ca
You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.
Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
Closes-Bug: 1328226
Each project was configuring the auth_token middleware using several
lines of inisets. Since all the projects should configure the
auth_token middleware in the same way create a function and call it.
Change-Id: I3b6727d5a3bdc0ca600d8faa23bc6db32bb32260
Keep the default to 1 instead of going wild, cause Swift really would
kill the VM if we let it go (and keeps the old behavior).
Change-Id: I7449c1bb485459169b8870c871b887cbab8be865
run_process will use screen if USE_SCREEN=True (the default),
otherwise it will simply start the requested service. Therefore
wherever screen_it used, run_process can be instead.
Where stop_screen was found it has been replaced with stop_process.
A tail_log function has been added which will tail a logfile in a
screen if USE_SCREEN is True.
lib/template has been updated to reflect the use of the new
functions.
When using sg the quoting in run_process gets very complicated.
To get around this run_process and the functions it calls accepts
an optional third argument. If set it is a group to be used with sg.
Change-Id: Ia3843818014f7c6c7526ef3aa9676bbddb8a85ca
An error occurs because ANOTHER_ROLE variable in lib/swift is not set.
This patch gets and sets the value to another_role variable.
Change-Id: I9d67ce243eb6bb42ed7e3522ef816295847d48fa
Closes-Bug: #1363884
$[ is deprecated for the more familiar $((
Required when bash8 starts testing from tox and [1] goes in
[1] https://review.openstack.org/#/c/117430/
Change-Id: I8ba180be036836f37ebdbb6da36ff0be486c043e
Added a global toggle for enabling HTTPD + mod_wsgi for services
that default deploy to running under Apache. When the variable
``ENABLE_HTTPD_MOD_WSGI_SERVICES`` is set to ``True`` any service
that recommends deploying under HTTPD + mod_wsgi, will be run
under Apache.
If ``ENABLE_HTTPD_MOD_WSGI_SERVICES`` is set to ``False`` the
any service that is defaulted to running under HTTPD + mod_wsgi
will (if capable) be run in an alternate deployment strategy (e.g.
eventlet).
Updated Swift and Keystone to have individual toggles for deploying
under HTTPD + mod_wsgi. This is done to allow for gate to run on
the services under mod_wsgi where appropriate. Toggles are
``KEYSTONE_USE_MOD_WSGI`` and ``SWIFT_USE_MOD_WSGI`` and are both
defaulted to "False" (do not deploy under HTTPD + mod_wsgi).
Change-Id: Id3b121b8f1cde369d184b586e0d875bdbda34813
Ceilometer filter was previously removed from the Swift
configuration to avoid useless Ceilometer logs in the Swift
ones. This was fixed by setting only warning log level for
this Ceilometer part of the pipeline to keep only important
ones.
Change-Id: I8c41355bb98dbf3bb59ec792221b05ea936086b7
Partial-Bug: #1294789
On Ubuntu 14.04, the site configuration file must have a .conf suffix for a2ensite and a2dissite to
recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'
files are 000-default.conf and default-ssl.conf.
On Ubuntu 12.04, the site configuration file may have any format, as long as it is in
/etc/apache2/sites-available/. a2ensite and a2dissite need the entire file name to work. The default
sites' files are default and default-ssl.
On Fedora, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
On RHEL and CentOS, things should hopefully work as in Fedora.
This change puts all distribution-related site configuration file name differences in lib/apache and
the other services gets the file name for its sites using the new exported function
apache_site_config_for <sitename>.
It also makes Fedora disabled sites use the .conf.disabled suffix instead of removing the .conf from
the file name.
The table below summarizes what should happen on each distribution:
+----------------------+--------------------+--------------------------+--------------------------+
| Distribution | File name | Site enabling command | Site disabling command |
+----------------------+--------------------+--------------------------+--------------------------+
| Ubuntu 12.04 | site | a2ensite site | a2dissite site |
| Ubuntu 14.04 | site.conf | a2ensite site | a2dissite site |
| Fedora, RHEL, CentOS | site.conf.disabled | mv site.conf{.disabled,} | mv site.conf{,.disabled} |
+----------------------+--------------------+--------------------------+--------------------------+
Change-Id: Ia2ba3cb7caccb6e9b65380f9d51d9d21180b894e
Closes-bug: #1313765
With the increasing number of entries in the service_catalog header,
some projects will have a header bigger than 8192 and Swift cannot
handle headers of this size. Solum is the first one to have this issue
As a temporary hack to fix Solum's gate, we are increasing
the value of the max_header_size parameter in our "lib" script.
This patch makes this settings global to all projects using devstack,
so that in a near future, if a project has a service_catalog header
bigger than 8192, it doesn't have the same problems we had.
Closes bug 1316585
Change-Id: I5c15f8f9531839353c3d99e46d920688058ec33c
Swift was missing an 'if [[ $SYSLOG != "False" ]]' statement which is used
by other services, and therefor failed with a 'No such file or directory'
error when 'SYSLOG=False' was set in localrc.
Closes-Bug: 1308461
Change-Id: I8655a955ebb322516d92bee418b93d4cc23bdc5c
Xfsprogs package has been installed. This is the cause of the error stack does not have
permission to perform mkfs.xfs command rather mkfs.xfs command in /sbin/
path, stack in order to perform mkfs.xfs must add the full path or use
the sudo command mode.
Fixed bug #1292466
Change-Id: I488133539331b4a0034a2afb4e75665904754245
it's not clear why swift start is the place where an rsyslogd start
is happening, we should really only make this change when we actually
change a file on disk.
Also, use rsyslogd's -HUP signal directly instead of the system init
scripts which are typically doing a stop and start, and apparently
racing under some circumstances.
Change-Id: I1b9891313d67b1da2ca2582e532b2536a81f9b25
Closes-Bug: #1262906
This middleware is spamming rsyslog with rabbitmq debug logs, making
this middleware practically unusable in combination with rsyslog. Because of
this, the rsyslog logs now account for 35% percent of the logs we store
in logstash. Until the underlying problem is solved disable the
offending code.
Change-Id: I50a73ae6beb1a11c41225340779fe8d7a1081e46
Related-Bug: #1294789
Swift commit 165dd44 added tempurl to the sample config, so now it
appears twice in the default devstack-installed configuration. This
commit removes tempurl from $SWIFT_EXTRAS_MIDDLEWARE so that it only
appears once in the generated proxy pipeline.
Change-Id: I4204b2a444312ab87c17f5fb296a43818a4528a6
stop_swift() wasn't calling screen_stop() so the pid files and screen
sessions were not being cleaned up. DevStack doesn't really care but
Grenade does for the 'base' copy of DevStack. This should be backported
to stable/havana for this reason.
Change-Id: Ib5afb321cef2b7ad74e69a3fd0d1dad469f78b11
Assuming if the system does not have the xinetd.d/rsync,
the dedicated service is the prefered way.
Change-Id: Ic42651c5c3fb5bf0099786ca81a7bd06ace896a8
Check that function calls look like ^function foo {$ in bash8, and fix
all existing failures of that check. Add a note to HACKING.rst
Change-Id: Ic19eecb39e0b20273d1bcd551a42fe400d54e938
migrated most keystoneclient commands from the following libs:
ceilometer
cinder
ironic
keystone
marconi
neutron
nova
savanna
swift
trove
Also need to set and unset openstackclient specific environment
variables from stack.sh
Change-Id: I725f30bc08e1df5a4c5770576c19ad1ddaeb843a
During the process, when create_userrc.sh tries to creates
certificates and sourcable rc, it assumes that all users have
the same password.
Change-Id: Ifb57a43aad439ffe041e98465719a8a8eceae544
Closes-Bug: #1260723
This converts the special cases in the is_service_enabled() function to call
individual functions declared by the projects. This allows projects that
are not in the DevStack repo and called via the extras.d plugin to handle
an equivalent service alias.
* Ceilometer
* Cinder
* Glance
* Neutron
* Nova
* Swift
TODO: remove the tests from is_service_enabled() after a transition period
Patch Set 2: Rebased
Change-Id: Ic78be433f93a9dd5f46be548bdbd4c984e0da6e7
