This was a temporary workaround because RDO didn't update to
keystone bootstrap command operations.
This reverts commit c5f27aa8a69cffd4393ad56dbee1acd7ed5ba4bf.
Closes-Bug: #1573102
Change-Id: Ic6db97cf15d6f96c8e660aa15f089c1f10d6dfa7
httpd/keystone.py is already deprecated in Keystone upstream[1] post
9.0.0 release. This change swiches to use keystone-wsgi-admin and
keystone-wsgi-public to match the upstream change.
[1] 70a42e7a82
Change-Id: Iac3bb7309fc88c3e62bb2e92a3272545cbf9a778
Closes-Bug: #1579275
Proposed patch to change keystone and heka log dir
from /var/log/kolla/apache2/ to /var/log/kolla/keystone/
Closes-Bug: #1560620
Change-Id: I70c65ceba5a301cc56880313ca86f01bd35676cb
RDO isn't moving for approxximately 1 week new packages into
current-passed-ci. This blocks Sam's keystone bootstrap patch.
To unblock this, we temporarily have provided copr built RPMs
based upon the srpm from RDO and keystone-master tarball.
TrivialFix
Change-Id: Ic0fe30c56e8dd229f2a25157125272324621bad9
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
A recent change in keystone [1] has deprecated the token auth
mechanism that we used. We reintroduce it temporarily while a more
permanant solution is worked on.
[1] 5286b4a297
Change-Id: I4d585733a9abd201c1b0680e6196dd2a36db3c7e
Closes-Bug: #1545292
The CentOS packages install a default version of the paste file
but don't install them in the /etc directory. Kolla doesn't
configure the paste files, so this file never gets setup properly.
With the recent change in Keystone around the default admin_token
being changed, this triggered Keystone to return a 401 Auth error.
A follow-on patch from Sam edits this file, and that patch breaks
the build without this dependent patch.
TrivialFix
Change-Id: Ib1568e186bdd7d19b7e5af151388197755902488
There were some inconsistencies with pip install instructions
thoughout Kolla. We fix those here.
Additionally, we fix the virtualenv to properly use the site-packages
on the host if a library is not available in the venv.
Change-Id: Ib84d48e8826bb96060338b3fa0782620c98794a8
Related-Bug: #1524684
Closes-Bug: #1529434
Create the admin project, user, role and keystone service info by
using ansible task rather than shell script
Closes-Bug: #1526251
Change-Id: Ieee215b9de1618b3d31f3d1a766a9d0ebafdee4d
Use virtualenv for installation of OpenStack projects and
dependencies to avoid conflicts with Python libraries installed
by non-OpenStack binary packages.
Change-Id: I21ecd673b2e93335b1d3dd4e279e940c9d694c3c
Implements: blueprint virtualenv
In some cases we're seeing httpd not cleaning up properly after itself,
which results in the keystone container failing to restart. This is
confirmed to happen on rpm based distros, but have not had any reports
on Ubuntu.
Change-Id: I58b006189e700f1c851601b4f64dd0fae931103c
Closes-Bug: #1489676
Co-Authored-By: Tim Potter <tpot@hpe.com>
Long story short, some kernels before 3.15 had an issue with using su
in a container when the network namespace was --net=host. The gate
has a 3.10 and a 3.13 kernel and has a problem with this. This changes
everything to use sudo
backport: liberty
Partially-Implements: blueprint functional-testing-gate
Change-Id: I4d79ccaa1cddffcc8393f64e7e1be2538efe33e5
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.
The start.sh is moved into /usr/local/bin/kolla_start in the container
The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.
Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.
Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.
Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295
This prepares for the RHEL OSP implementation by making the build
tool convert all binary-* into an install_type of binary and * into
an install_metatype variable substitution inside the Dockerfiles.
Further binary-* is substituted as install_name to enable proper
building only.
Change-Id: Ib681b29176eb79a3cab12ec824313fdecb6e7a5f
Partially-Implements: blueprint rhel-based-image-support
Ubuntu binary is not supported and may never be. Installing from
cloud-archive packaging is only for the current stable distros, Ubuntu
does not have a Delorean type repo. We place a fail message in the
base image to catch this and remove the messages throughout the
project.
An additional fail message is placed to catch all other things.
Change-Id: Id2953f503ebd42226f6a08e75979ae56511c40f7
Implements: blueprint install-from-ubuntu
I removed the files but not the COPY commands thus breaking all of
Kolla
Change-Id: I37d3e0cb94a1ecc12971f485f953310ba8fee53c
Partially-Implements: blueprint replace-config-external
Removes config-external for all services that have been replaced in
Ansible
Change-Id: I839a14418638b977fbc1d02ba6839811b0f909ea
Partially-Implements: blueprint replace-config-external
Add 'rhel' to list for RPM based distros. Also sort the distro
list for rpm packages for affected lines.
Change-Id: Ied4cb3e9763d6c6359f314d16185383ac3e006ed
Partially-Implements: blueprint rhel-based-image-support
Currently we cannot import source archives with names different
than expected by hardcoded line in Dockerfiles. This worked well
for Openstack services' tarballs where we expected SERVICE-* root
folder after extraction or kanaka-noVNC for nova-novncproxy docker.
The latter fails if one tries to clone or get tarball under other
names. This fix allows any archive (tar,tgz,zip) or repo name to be
imported into dockerfile.
Change-Id: I869a6a19afaf0e93925572746c22b7589b6600c9
Closes-Bug: #1491415
This creates and moves the dependencies for Ubuntu into a common
openstack-base container. This commit shows dramatically smaller
sizes for all non-openstack containers. The Openstack container remain
the same size.
Change-Id: I2f46420d4b9edcfddda374caddcce906fc708f6c
Partially-Implements: blueprint openstack-common-container
Initially it did not use this client due to the fact that the client
didn't seem to want to work in the containers. Now it works fine and
it should be used instead of the deprecated keystone client
Change-Id: Ib0e172c677e200e5df01c478b7ea257b30c0df0b
Closes-Bug: #1490126
This changes bootstrapping of the Heat container to bootstrap
the Heat container with a heat domain user. This requires some
work from bootstrap.yml to pass in several environment variables
needed by the heat domain setup script.
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: Iab05983754fa514835cb5ff54d775faa18773110
Partially-implements: blueprint ansible-heat
A default configuration file is present in RPM distros which
listen to http on port 80 by default.
With this patch the keystone container works on centos+binary
where it did not previously.
Closes-Bug: 1490025
Change-Id: I4b5260200521e79d76eec324eb0ef026aa61b23d
Updated build.py to reflect this change.
Deprecate --template option and make it a noop.
Change-Id: I7cd98d1ee684a4c64984a49597159868152683b2
Partially-Implements: blueprint remove-docker-dir
As a restructure, nothing is changed from the original behaviour and
naming despite the file structure changing. The symlinks to build had
to be updated generating lots of "deleted" and "new_file".
The new structure is:
docker/${base_distro}/${type}/${container}
base_distro == centos, ubuntu, fedora, etc
type == source, binary, rdo
type rdo is a symlink to binary for backwards compatibility
Two new flags are added to the build-all script to support the ability
to support different base distros and a flag to support binary or source
containers.
There are several added folders that are empty to hold the directory
structure for future containers of these types.
To use a prefix other than centos-rdo- you can set PREFIX in the toplevel
directory .buildconf file
Change-Id: Ifc7bac0d827470f506c8b5c004a833da9ce13b90
This represents making build-docker-images --release build
with the icehouse tag and causes docker-compsoe to pull from
the icehouse tag.
Partially-implements: blueprint port-kilo
Change-Id: I66b2c39abc55c0f47152dd90e696fc46b9c58f50
In order for the `check_for_*` functions to be consumed by `wait_for`,
they should notify of their success but not exit.
As a consequence, the previous behavior is restored by the fail_unless_*
companion functions.
With this change, it is now possible to do:
wait_for 30 1 check_for_os_service_running keystone
Change-Id: I16ddf8913027030c3ccb5487713d172904508fd6
When using ';' this can allow the previous command to fail and while the
docker build proceeds without realizing a command failed. Switching to
'&&' allows the exit code to make it to the docker build command and the
build to fail appropriately.
Change-Id: Idd0991ed4549542bb10d27da1a0a025d0503b6c1