commit openstack-quickstart for openSUSE:Factory
Hello community,
here is the log from the commit of package openstack-quickstart for openSUSE:Factory checked in at 2012-10-23 19:41:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openstack-quickstart (Old)
and /work/SRC/openSUSE:Factory/.openstack-quickstart.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-quickstart", Maintainer is "CThiel@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openstack-quickstart/openstack-quickstart.changes 2012-02-14 13:07:03.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openstack-quickstart.new/openstack-quickstart.changes 2012-10-23 19:41:30.000000000 +0200
@@ -1,0 +2,102 @@
+Tue Aug 14 11:36:09 UTC 2012 - bwiedemann@suse.com
+
+- export OS_TENANT_NAME for new glanceclient
+
+-------------------------------------------------------------------
+Tue Aug 7 13:46:38 UTC 2012 - bwiedemann@suse.com
+
+- fix dashboard to use SSL,
+ but not use secure cookies without SSL
+
+-------------------------------------------------------------------
+Fri Jul 27 12:03:03 UTC 2012 - cthiel@suse.com
+
+- update keystone_data.sh from upstream devstack (stable/essex branch)
+
+-------------------------------------------------------------------
+Thu Jul 19 11:17:41 UTC 2012 - cthiel@suse.com
+
+- change libvirt to run qemu as user qemu
+
+-------------------------------------------------------------------
+Fri Jul 6 13:12:51 UTC 2012 - saschpe@suse.de
+
+- fix pg_hba.conf 'horizon' database name
+
+-------------------------------------------------------------------
+Fri Jun 22 08:15:35 UTC 2012 - bwiedemann@suse.com
+
+- allow nova-rootwrap
+
+-------------------------------------------------------------------
+Wed Jun 13 13:12:00 UTC 2012 - saschpe@suse.de
+
+- Use SSL-enabled vhost with a self-signed certificate for dashboard
+- Use secure session and csrf cookies in dashboard Django config
+
+-------------------------------------------------------------------
+Tue Jun 12 11:14:53 UTC 2012 - saschpe@suse.de
+
+- Use system users prefixed with 'openstack-'
+
+-------------------------------------------------------------------
+Tue Jun 5 13:38:33 UTC 2012 - bwiedemann@suse.com
+
+- allow to force lxc mode
+
+-------------------------------------------------------------------
+Wed Apr 18 20:06:26 UTC 2012 - bwiedemann@suse.com
+
+- fix hardcoded horizon PW
+- also start consoleauth service
+
+-------------------------------------------------------------------
+Mon Apr 2 10:59:55 CEST 2012 - jdsn@suse.de
+
+- use postgresql by default for all services
+- add support for postgresql for dashboard
+
+-------------------------------------------------------------------
+Fri Mar 16 14:09:40 UTC 2012 - bwiedemann@suse.com
+
+- check for existence of volumes file (fixes bnc#752035)
+
+-------------------------------------------------------------------
+Mon Feb 27 17:54:07 UTC 2012 - bwiedemann@suse.com
+
+- add postgresql support
+
+-------------------------------------------------------------------
+Tue Feb 7 17:21:54 UTC 2012 - bwiedemann@suse.com
+
+- only initialize db once for glance
+- setup keystone for glance
+
+-------------------------------------------------------------------
+Tue Feb 7 13:12:21 UTC 2012 - bwiedemann@suse.com
+
+- split openstackquickstartrc
+- update for new glance with two init scripts
+
+-------------------------------------------------------------------
+Tue Feb 7 12:40:54 UTC 2012 - cstender@suse.com
+
+- replace pipelines in /etc/nova/api-paste.ini to use keystone
+
+-------------------------------------------------------------------
+Mon Feb 6 12:12:09 UTC 2012 - cstender@suse.com
+
+- upgrade keystone database to latest schema before
+ adding anything to it
+
+-------------------------------------------------------------------
+Mon Feb 6 10:33:13 UTC 2012 - bwiedemann@suse.com
+
+- add connection_type=libvirt
+
+-------------------------------------------------------------------
+Fri Jan 27 12:13:37 UTC 2012 - bwiedemann@suse.com
+
+- drop unsupported --flat_injected=False
+
+-------------------------------------------------------------------
New:
----
keystone_data.sh
openstack-quickstart-democleanup
openstackquickstartrc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openstack-quickstart.spec ++++++
--- /var/tmp/diff_new_pack.cz600n/_old 2012-10-23 19:41:32.000000000 +0200
+++ /var/tmp/diff_new_pack.cz600n/_new 2012-10-23 19:41:32.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package openstack-quickstart
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,6 +12,11 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+
Name: openstack-quickstart
Version: 2011.3
Release: 0
@@ -24,24 +29,32 @@
Source1: openstack-quickstart-extranodesetup
Source2: openstack-loopback-lvm
Source3: getkstoken
+Source4: keystone_data.sh
+Source5: openstack-quickstart-democleanup
Source10: bash.openstackrc
+Source11: openstackquickstartrc
Source100: COPYING
+Suggests: patterns-OpenStack-controller patterns-OpenStack-compute-node
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
-Includes scripts and configs to easily generate an openstack demo setup.
+Includes scripts and configs to easily generate an openstack demo
+setup.
%prep
%build
%install
-mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_sbindir} %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}/usr/lib/devstack
install -p -m 755 %{SOURCE0} %{buildroot}%{_sbindir}
install -p -m 755 %{SOURCE1} %{buildroot}%{_sbindir}
install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}
+install -p -m 755 %{SOURCE5} %{buildroot}%{_sbindir}
install -p -m 755 %{SOURCE3} %{buildroot}%{_bindir}
+install -p -m 755 %{SOURCE4} %{buildroot}/usr/lib/devstack
install -p -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}
+install -p -m 600 %{SOURCE11} %{buildroot}%{_sysconfdir}
cp -a %{SOURCE100} .
%files
@@ -49,7 +62,9 @@
%config %{_sbindir}/openstack-quickstart-*
%{_sbindir}/openstack-loopback-lvm
%{_bindir}/getkstoken
+/usr/lib/devstack
%config %{_sysconfdir}/bash.openstackrc
+%config %{_sysconfdir}/openstackquickstartrc
%doc COPYING
%changelog
++++++ bash.openstackrc ++++++
--- /var/tmp/diff_new_pack.cz600n/_old 2012-10-23 19:41:33.000000000 +0200
+++ /var/tmp/diff_new_pack.cz600n/_new 2012-10-23 19:41:33.000000000 +0200
@@ -18,8 +18,15 @@
fi
export EC2_ACCESS_KEY=$NOVA_PROJECT_ID
export EC2_SECRET_KEY=$NOVA_API_KEY
- # for glance
- export TOKEN=`getkstoken`
+ # for glance/keystone
+ export OS_AUTH_USER=$NOVA_USERNAME
+ export OS_USERNAME=$NOVA_USERNAME
+ export OS_TENANT_NAME=$NOVA_PROJECT_ID
+ export OS_AUTH_KEY=$NOVA_API_KEY
+ export OS_PASSWORD=$NOVA_API_KEY
+ export OS_AUTH_TENANT=$NOVA_PROJECT_ID
+ export OS_AUTH_URL=$NOVA_URL
+ export OS_AUTH_STRATEGY=keystone
}
export NOVA_URL=http://127.0.0.1:5000/v2.0/
@@ -31,9 +38,8 @@
# for euca2ools
export EC2_URL=http://127.0.0.1:8773/services/Cloud
+# for keystone administration
+export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
+# don't put secrets in world readable files - this line is just for reference
+#export SERVICE_TOKEN=999888777666
-#export OS_AUTH_USER=$NOVA_USERNAME
-#export OS_AUTH_KEY=$NOVA_API_KEY
-#export OS_AUTH_TENANT=$NOVA_PROJECT_ID
-#export OS_AUTH_URL=$NOVA_URL
-#export OS_AUTH_STRATEGY=keystone
++++++ keystone_data.sh ++++++
#!/bin/bash
#
# Initial data for Keystone using python-keystoneclient
#
# Tenant User Roles
# ------------------------------------------------------------------
# admin admin admin
# service glance admin
# service nova admin, [ResellerAdmin (swift only)]
# service quantum admin # if enabled
# service swift admin # if enabled
# demo admin admin
# demo demo Member, anotherrole
# invisible_to_admin demo Member
#
# Variables set before calling this script:
# SERVICE_TOKEN - aka admin_token in keystone.conf
# SERVICE_ENDPOINT - local Keystone admin endpoint
# SERVICE_TENANT_NAME - name of tenant containing service accounts
# ENABLED_SERVICES - stack.sh's list of services to start
# DEVSTACK_DIR - Top-level DevStack directory
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
export SERVICE_TOKEN=$SERVICE_TOKEN
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
function get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com)
DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=demo@example.com)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
# Add Roles to Users in Tenants
keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user_id $DEMO_USER --role_id $ANOTHER_ROLE --tenant_id $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone user-role-add --user_id $ADMIN_USER --role_id $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user_id $ADMIN_USER --role_id $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
# The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $NOVA_USER \
--role_id $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $GLANCE_USER \
--role_id $ADMIN_ROLE
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $SWIFT_USER \
--role_id $ADMIN_ROLE
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $NOVA_USER \
--role_id $RESELLER_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=quantum@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $QUANTUM_USER \
--role_id $ADMIN_ROLE
fi
++++++ openstack-loopback-lvm ++++++
--- /var/tmp/diff_new_pack.cz600n/_old 2012-10-23 19:41:33.000000000 +0200
+++ /var/tmp/diff_new_pack.cz600n/_new 2012-10-23 19:41:33.000000000 +0200
@@ -16,15 +16,17 @@
#losetup -d $loop
-# calc wanted size
-size=$(df -P -k /var/lib/nova/|tail -1| perl -ne 'm/^\S+\s*\d+\s+\d+\s+(\d+)/; print int($1*0.3)')
+if ! test -e $f ; then
+ # calc wanted size
+ size=$(df -P -k /var/lib/nova/|tail -1| perl -ne 'm/^\S+\s*\d+\s+\d+\s+(\d+)/; print int($1*0.3)')
-if [ $size -le 2000000 ] ; then
- echo "error detecting free space or FS too small: $size KB"
- exit 12
-fi
+ if [ $size -le 2000000 ] ; then
+ echo "error detecting free space or FS too small: $size KB"
+ exit 12
+ fi
-truncate --size=${size}K $f
+ truncate --size=${size}K $f
+fi
losetup $loop $f
pvcreate $loop
vgcreate nova-volumes $loop
++++++ openstack-quickstart-democleanup ++++++
#!/bin/bash
# Warning: this script deletes most of the files
# and stops most services of a cloud from openstack-quickstart-demosetup
# try normal cleanup first to stop VMs
nova list| perl -ne 'if(/^\| (\S+) /){print "$1\n"}' |xargs -l nova delete
nova image-list| perl -ne 'if(/^\| (\S+) /){print "$1\n"}' | xargs -l nova image-delete
for i in /etc/init.d/{openstack-*,rabbitmq-server,memcached,libvirtd} ; do
$i stop
done
killall dnsmasq
killall postmaster
/etc/init.d/postgresql restart
cd /
for n in nova keystone glance horizon ; do
sudo -u postgres dropdb $n
sudo -u postgres dropuser $n
echo "drop database $n;" | mysql
done
for m in /var/lib/nova/instances/*/rootfs ; do
umount $m # for LXC
done
killall qemu-nbd 2>/dev/null # for LXC
rm -f /var/lib/keystone/keystone.sqlite /var/lib/openstack-dashboard/openstack_dashboard/local/dashboard_openstack.sqlite3 /var/lib/glance/glance.sqlite
rm -rf /var/lib/nova/instances/*
rm -f /var/lib/glance/images/*
rm -f /var/log/keystone/* /var/log/nova/* /var/log/glance/*
rm -f /var/lib/nova/*/*
/etc/init.d/postgresql stop
++++++ openstack-quickstart-demosetup ++++++
--- /var/tmp/diff_new_pack.cz600n/_old 2012-10-23 19:41:33.000000000 +0200
+++ /var/tmp/diff_new_pack.cz600n/_new 2012-10-23 19:41:33.000000000 +0200
@@ -1,22 +1,41 @@
#!/bin/bash -x
-pw=openstack
-mpw=m$pw
-IP=127.0.0.1
-testnet=10.10.134.16/29
-/etc/init.d/mysql start
+. /etc/openstackquickstartrc
+ADMIN_PASSWORD=$pw
+SERVICE_HOST=$IP
+
+KEYSTONE_SYSTEM_USER=openstack-keystone
+KEYSTONE_SYSTEM_GROUP=openstack-keystone
+GLANCE_SYSTEM_USER=openstack-glance
+GLANCE_SYSTEM_GROUP=openstack-glance
+HORIZON_SYSTEM_USER=openstack-horizon
echo "Setting up OpenStack demo controller..."
+if [ "$DB" = "postgresql" ] ; then
+ zypper -n in postgresql-server python-psycopg2
+ /etc/init.d/postgresql restart
+else
+ # start mysql
+ /etc/init.d/mysql start
+fi
+
+
+grep -q -e vmx -e svm /proc/cpuinfo || MODE=lxc
# use lxc or qemu, if kvm is unavailable
-if rpm -q openstack-nova-compute >/dev/null && ! grep -q -e vmx -e svm /proc/cpuinfo ; then
+if rpm -q openstack-nova-compute >/dev/null ; then
+ if [ "$MODE" = lxc ] ; then
sed -i -e 's/\(--libvirt_type\).*/\1=lxc/' /etc/nova/nova.conf
zypper -n install lxc
- modprobe nbd
- sed -i -e 's/\(MODULES_LOADED_ON_BOOT="\)/\1nbd\ /' /etc/sysconfig/kernel
echo mount -t cgroup none /cgroup >> /etc/init.d/boot.local
mkdir /cgroup
mount -t cgroup none /cgroup
+ else
+ modprobe kvm-intel ; modprobe kvm-amd
+ sed -i -e 's/\(MODULES_LOADED_ON_BOOT="\)/\1kvm-intel kvm-amd\ /' /etc/sysconfig/kernel
+ fi
+ modprobe nbd
+ sed -i -e 's/\(MODULES_LOADED_ON_BOOT="\)/\1nbd\ /' /etc/sysconfig/kernel
fi
# activate ip-forwarding
@@ -52,44 +71,146 @@
# configure dashboard/apache
cat >/etc/apache2/conf.d/openstack-dashboard.conf <
participants (1)
-
root@hilbert.suse.de