Fixes bug 1193004
The ceilometer user needs the admin role, so that the resources
(instances etc.) associated with all tenants are visible to the
ceilometer agents for metering purposes.
Change-Id: I4d8a88d2d88a11a4b408e0c68ef227ec2af2d822
Instead of using a full admin role to validate tokens just use the
service role. Change where possible, some services use the service user
for more then just token validation.
Fixes bug 1153789
Change-Id: I0801475b62a7b025fdd871f52d8606aa614d1a32
- Set by default SWIFT_REPLICAS to 1 since this is the most common use
case when using it in devstack.
- If we have swift_replicas to 1 launch the object container account and
proxy servers in foreground in screen.
- Allow any s- services if we have just 'swift' in service enabled
instead of having to specify all s- services to enable swift. This will be
removed in the future.
- Set object server starting at 6013 instead of 6010 to not conflict
with remote ssh x11 forwarding.
Change-Id: I890b6953b70283bfa0927fff0cf5e92f3c08455b
Fixes bug 1146794
Ensure the URLs configured for the ceilometer endpoint in the keystone
service catalog do not contain a trailing forward slash.
Otherwise, this leads to an extra forward slash in the URL paths
constructed by the ceilometer client, which in turn is problematic
for the v2 API.
Change-Id: I7d457efc6e01e4e955388f52a4907524052f0173
This reverts commit 5a5cbf7274.
This breaks on a default openstack install on Ubuntu 12.10,
revert for now until this can be cleaned up to work out of the
box.
Change-Id: I185509cc30bd28e920cdab60fc92129949bd6b0d
- Set by default SWIFT_REPLICAS to 1 since this is the most common use
case when using it in devstack.
- If we have swift_replicas to 1 launch the object container account and
proxy servers in foreground in screen.
- Allow any s- services if we have just 'swift' in service enabled
instead of having to specify all s- services to enable swift. This will be
removed in the future.
Change-Id: I496f79e14f99bd7e9f2c7deee12a4b6e935c3a5b
* Move quantum installation to lib/quantum
* Refactor quantum configuration
* Move Quantum service account creation from keystone_data.sh to lib/quantum
* Define generic functions to install third party programs
* Minor cleanups related to Quantum
* Kill dnsmasq which watches an interface 'ns-XXXXXX' in unstack.sh
* Set default_floating_pool in nova.conf to make default flaoting pool
work when PUBLIC_NETWORK_NAME is other than 'nova'
* Make tempest work even when PRIVATE_NETWORK_NAME is other than 'private'
Change-Id: I4a6e7fcebfb11556968f53ab6a0e862ce16bb139
keystone_data.sh is getting unwieldly and increasingly needs
configuration information for services. Also need the ability
to manipulate HOST/IP information for hosts to handle service
HA/proxy configurations.
Begin moving the creation of service account information into
the service lib files, starting with the common accounts and
keystone itself.
Change-Id: Ie259f7b71983c4f4a2e33ab9c8a8e2b00238ba38
hard tabs somehow snuck into keystone_data.sh, noticed
in an unrelated review. Remove for consistency.
Change-Id: I04f3b4597fd3629c7f123588c512832a67228597
For the sake of swift metering, 'ceilometer' user needs to be a
ResellerAdmin for tenant 'service'.
Change-Id: I65b3bdedddded9d5f3bac5c5d714288800ffa8b6
Fixes bug 1081975
Nova endpoint in keystone was registered if n-cpu is enabled. However it is
a usual case where n-cpu runs on a different host in multi-node setup and
it results in no endpoint for nova. n-api is a better condition since nova-api
and keystone usually run on a same host.
Change-Id: Ic097e1c3bd30798d9d3c5fb76023fbdb3ae189d9
Copy the policy.json file for ceilometer into place
and configure the API service to find it.
Create a service user for ceilometer when the service
is enabled.
Use the service user for the admin_user and admin_password
in the ceilometer config file so the middleware can
verify tokens.
Change-Id: I39be13da0c86704d35e0ce3dc3d27fd38d787058
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
This is a REST API in the same style as other OpenStack APIs.
This also creates a new endpoint for the REST API which uses the
serivce type 'orchestration'. The old endpoint now has the service
type 'cloudformation'.
This matches the pattern where the native openstack API gets a
generic service type while the emulated EC2 API gets a specific
type (eg, object-store, s3).
There will be breakage for the time period where only one of this
change and https://review.openstack.org/#/c/14263/ are approved,
since keystone will have the incorrect service type for that period.
Change-Id: I6a0d51a63da8017d375b4c065c4c9079dfca8fe3
- Rename heat-api to heat-api-cfn
- Add heat-api-cloudwatch
- Also removed unused heat-engine-paste.ini file.
- Fix the path to the conf dir (etc/heat not etc/)
Change-Id: I9b2c7c5cd7052d5eb6d730833c65812c2f8a0ee1
Signed-off-by: Angus Salkeld <asalkeld@redhat.com>
Endpoint creating in keystone_data.sh tends to drift because
KEYSTONE_CATALOG_BACKEND=sql is not the default.
This patch should bring them closer together, and fix a problem I was having
with keystone auth
Change-Id: Ifac57b8e69234975d1ff65ace72d46d3a5808119
This allows the heat service to be started as a devstack service.
Heat is disabled by default, and can be enabled with this in your localrc:
ENABLED_SERVICES+=,heat
There is now a repo of heat-enabled images here:
https://github.com/heat-api/prebuilt-jeos-images/downloads
These can be added to the IMAGE_URLS in your localrc.
After devstack is launched, a template can be invoked with:
nova keypair-add --pub_key $HOME/.ssh/id_rsa.pub heat_key
heat -d create wordpress \
--template-file=../heat/templates/WordPress_Single_Instance.template \
--parameters="InstanceType=m1.tiny;DBUsername=wpuser;DBPassword=wppassword;\
KeyName=heat_key;LinuxDistribution=F16"
Change-Id: I07591295eb2b9eb7868b1577dd3c24b19812a689
* using the new functional pattern: cinder_XXX functions are in
lib/cinder
* enable with 'c-api,c-sch,c-vol' in ENABLED_SERVICES, n-vol is still the default
* exercises/volumes.sh runs for cinder and n-vol
* move config to /etc/cinder
* change volume_group to stack-volumes; this also renames the backing file
to /opt/stack/data/stack-volumes-backing-file.
* removes osapi_volume from nova.conf enabled_apis
* integrates cinder + keystone
* launches c-sch
* tweaks for multi node
* move enabled_apis substitution to init_cinder
18Jun2010
* restored & rebased
* update setup.py to use setup_develop() in lib/cinder
Change-Id: I1e1aa4387031c56e4fa239eb73bea2af8cef0e38
* Add KEYSTONE_CATALOG_BACKEND to select 'sql' or 'template'
'template' is the default
* Add service creation to keystone_data.sh
Rebased and re-submitted
Fixes bug 966457
Change-Id: Id24fbdeba3de11537559e24b72571ec92ab44750
Adds an alternate user to Keystone for Tempest
Tempest has a number of tests that are skipped if
the compute.alt_username is the same as compute.username
or None. Here, we modify files/keystone_data.sh to add
an additional regular user called alt_demo if Tempest
is enabled in stackrc. We also make corresponding changes
to the tools/configure_tempest.sh script to make use
of this alternate user credential
Change-Id: I551f3b378f843c62fffcf6effa916056708d54d3
This change should be applied after [bug/994744 b7fe11c] in python-keystoneclient.
Fixes bug 994744.
Change-Id: I13e643f8552d86ed0bf92799271899f777bde9b2
- Fix keystone s3token configuration (in admin api not public api).
- Set s3 service in keystone to swift if installed.
- Fixes a bug in bundle.sh
- Adds config options for nova to use swift as s3 store
Change-Id: Ic2fca5aba06a25c0b3a74f1e97d062390a8e2ab1
* remove replace_pipeline
* removes references to sysadmin and netadmin roles
* removes references to admin ec2 api
* fixes bug 953744
* related fix in nova: https://review.openstack.org/#change,5024
Change-Id: I8792dae0157b8596a5f946670742411781fe47c0
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
* Use username/password instead of service token for service auth to Keystone
* Updates files/glance-*-paste.ini and files/swift/proxy-server.conf
* keystone_data.sh creates 'service' tenant, 'nova' and 'glance' users
('swift' and 'quantum' if those services are enabled)
* Uses $SERVICE_PASSWORD for the service auth password. There is no default;
to default to $ADMIN_PASSWORD, place the assignment in localrc.
Fixes bug 942983
Change-Id: If78eed1b509a9c1e8441bb4cfa095da9052f9395
Keystone client commands and options have been normalized and
keystone_data.sh needs to support both versions for a transition
period.
The merge prop for the updated keystone client is
https://review.openstack.org/4375
Necessary for bug 396422
Also fix an intermittent problem extacting IDs from command output.
Change-Id: Ib13445a0bd3029fb02b0b7a86e8e0b8278717b57
