openSUSE Commits
Threads by month
- ----- 2024 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
June 2013
- 1 participants
- 1952 discussions
Hello community,
here is the log from the commit of package apache2-mod_perl for openSUSE:Factory checked in at 2013-06-28 11:46:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_perl (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_perl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_perl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_perl/apache2-mod_perl.changes 2013-04-08 14:25:31.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.apache2-mod_perl.new/apache2-mod_perl.changes 2013-06-28 11:46:50.000000000 +0200
@@ -1,0 +2,36 @@
+Tue Jun 25 08:53:37 UTC 2013 - coolo(a)suse.com
+
+- update to version 2.0.8 (http24 branch as used by debian):
+
+ Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke
+ the workaround for the old hash collision attack, which breaks mod_perl's
+ t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix
+ previously applied as revision 1455340. [Zefram]
+
+ On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has
+ disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921.
+ [Zefram]
+
+ Restore build with Perl 5.8.1, 5.8.2 etc: take care to use
+ $Config{useithreads} rather than $Config{usethreads}, and supply definitions
+ of Newx and Newxz as necessary. [Steve Hay]
+
+ On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value"
+ warning is generated for the buffer being autovivified. This is because
+ the sv_setpvn() that's meant to vivify the buffer doesn't perform set
+ magic; the warning is generated by the immediately following SvPV_force().
+ Patch to fix this from rt.cpan.org #83922. [Zefram]
+
+ Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which
+ contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash
+ keys). This resolves rt.perl.org #116863, from where the patch was taken.
+ [Hugo van der Sanden]
+
+ use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to
+ generate HTTP code 404 even if the requested filename contains newlines
+ [Torsten]
+- disable patch lfs-perl-5.14.patch as it no longer applies, but
+ I can't find out if it's still need for ppc64 or if upstream's
+ changes are good enough
+
+-------------------------------------------------------------------
Old:
----
mod_perl-2.0.7+svn1448242.tar.gz
New:
----
libapache2-mod-perl2_2.0.8+httpd24-r1449661.orig.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_perl.spec ++++++
--- /var/tmp/diff_new_pack.ozAKxC/_old 2013-06-28 11:46:51.000000000 +0200
+++ /var/tmp/diff_new_pack.ozAKxC/_new 2013-06-28 11:46:51.000000000 +0200
@@ -52,15 +52,12 @@
Url: http://perl.apache.org/
Obsoletes: mod_perl_2
Conflicts: mod_perl
-Version: 2.0.7+svn1448242
+Version: 2.0.8
Release: 0
-Source0: http://perl.apache.org/dist/mod_perl-%{version}.tar.gz
+Source0: http://ftp.de.debian.org/debian/pool/main/liba/libapache2-mod-perl2/libapac…
Patch: %{name}-2.0.4-tests.diff
+# PATCH-NEEDS-REBASE
Patch1: lfs-perl-5.14.patch
-#%define apache_test_version 1_99_15
-# cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic up -r MODPERL_%{apache_test_version}
-#Source1: Apache-Test-%{apache_test_version}.tar.bz2
-#Url: http://perl.apache.org/
Icon: mod_perl.xpm
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -115,8 +112,8 @@
%prep
#%setup -q -n modperl-2.0 -a 1
-%setup -q -n mod_perl-%{version}
-%patch1 -p1
+%setup -q -n httpd24
+#%patch1 -p1
find -name ".svn" -type d | xargs rm -rfv
%build
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package patchinfo.1785 for openSUSE:12.3:Update checked in at 2013-06-27 16:18:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.1785 (Old)
and /work/SRC/openSUSE:12.3:Update/.patchinfo.1785.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1785"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo>
<issue id="817415" tracker="bnc">VUL-1: python-keystoneclient: CVE-2013-2013: password disclosure on command line</issue>
<issue id="CVE-2013-2013" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>vuntz</packager>
<description>This update of python-keystoneclient fixes a security vulnerability.
- Add CVE-2013-2013.patch: allow secure user password update
(CVE-2013-2013, bnc#817415).
</description>
<summary>update for python-keystoneclient</summary>
</patchinfo>
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package python-keystoneclient for openSUSE:12.3:Update checked in at 2013-06-27 16:18:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/python-keystoneclient (Old)
and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneclient"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.o0FDMx/_old 2013-06-27 16:18:58.000000000 +0200
+++ /var/tmp/diff_new_pack.o0FDMx/_new 2013-06-27 16:18:58.000000000 +0200
@@ -1 +1 @@
-<link package='python-keystoneclient.1429' cicount='copy' />
+<link package='python-keystoneclient.1785' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
27 Jun '13
Hello community,
here is the log from the commit of package python-keystoneclient.1785 for openSUSE:12.3:Update checked in at 2013-06-27 16:18:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/python-keystoneclient.1785 (Old)
and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneclient.1785"
Changes:
--------
New Changes file:
--- /dev/null 2013-06-25 18:53:24.372030255 +0200
+++ /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes 2013-06-27 16:18:56.000000000 +0200
@@ -0,0 +1,221 @@
+-------------------------------------------------------------------
+Mon Jun 17 09:04:14 UTC 2013 - vuntz(a)suse.com
+
+- Add CVE-2013-2013.patch: allow secure user password update
+ (CVE-2013-2013, bnc#817415).
+
+-------------------------------------------------------------------
+Mon Mar 11 10:01:24 UTC 2013 - vuntz(a)suse.com
+
+- Update 12.3 packages to Folsom as of March 5th. This comes with·
+ security fixes and bug fixes that we need to have OpenStack work
+ nicely. Fix bnc#802278.
+
+-------------------------------------------------------------------
+Wed Mar 6 14:01:15 UTC 2013 - vuntz(a)suse.com
+
+- Add compat-newer-requests.patch: take patches from upstream to
+ allow working with newer versions of python-requests.
+
+-------------------------------------------------------------------
+Thu Jan 10 11:55:04 UTC 2013 - saschpe(a)suse.de
+
+- Recommend python-keyring
+
+-------------------------------------------------------------------
+Wed Jan 9 13:52:31 UTC 2013 - vuntz(a)suse.com
+
+- Add missing Requires on python-requests: without it, the keystone
+ executable won't even start.
+
+-------------------------------------------------------------------
+Mon Jan 7 12:44:14 UTC 2013 - saschpe(a)suse.de
+
+- Fix PKI example certs location for testsuite
+
+--------------------------------------------------------------------
+Mon Jan 7 08:27:30 UTC 2013 - saschpe(a)suse.de
+
+- Update to version 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb:
+ + Add support for user groups
+ + Make it possible to debug by running module.
+ + remove unused import
+ + Bug 1052674: added support for Swift cache
+ + Add file 'ChangeLog' to MANIFEST.in
+ + Use requests module for HTTP/HTTPS
+ + Print to stderr when keyring module is missing.
+ + Prevent an uncaught exception from being rasied.
+ + modify ca-certificate default value
+ + URL-encode user-supplied tokens (bug 974319)
+ + Fix middleware logging for swift
+ + Fix keystoneclient user-list output order
+ + Misspelling error in README.rst
+ + Rename --no_cache to --os_cache.
+ + Make use_keyring False by default.
+ + bug-1040361: use keyring to store tokens
+ + Don't try to split a list of memcache servers
+ + Drop hashlib/hmac from pip-requires.
+ + Add --version CLI opt and __version__ module attr
+ + Add Ec2Signer utility class to keystoneclient
+ + Add command to allow users to change their own password
+ + updating PEP8 to 1.3.3
+ + Correct a misspelled in comments
+ + Remove Policy.endpoint_id reference
+ + Fix scoped auth for non-admins (bug 1081192)
+ + Throw validation response into the environment
+ + fixes auth_ref initialization error
+ + Update README and CLI help
+ + Add auth-token code to keystoneclient, along with supporting files
+ + Make initial structural changes to keystoneclient in preparation
+- Use --install-data=%{python_sitelib} to install novaclient/versioninfo
+ into the correct location (instead of %{_prefix})
+
+-------------------------------------------------------------------
+Wed Dec 5 09:30:38 UTC 2012 - saschpe(a)suse.de
+
+- Use @PARENT_TAG@ in _service file to automate versioning
+
+-------------------------------------------------------------------
+Thu Nov 15 09:17:10 UTC 2012 - saschpe(a)suse.de
+
+- Use openstack-macros
+- Run fdupes on HTML documentation
+
+-------------------------------------------------------------------
+Fri Nov 9 14:28:05 UTC 2012 - saschpe(a)suse.de
+
+- Downgrade version to new upstream scheme: 0.1.3 (bnc#787387)
+
+-------------------------------------------------------------------
+Thu Nov 8 10:39:13 UTC 2012 - saschpe(a)suse.de
+
+- Drop from_vcs build flag
+
+-------------------------------------------------------------------
+Tue Oct 30 10:14:40 UTC 2012 - saschpe(a)suse.de
+
+- Add Provides/Obsoletes for openSUSE-12.2 package name
+ (openstack-keystoneclient and python-python-keystoneclient)
+
+-------------------------------------------------------------------
+Fri Oct 12 13:26:06 UTC 2012 - vuntz(a)suse.com
+
+- Update to version 2012.2 (Folsom), which is really 0.1.3:
+ + See https://github.com/openstack/python-keystoneclient/commits/0.1.3
+- Install bash completion for 'keystone' binary
+- Buildrequire python-base instead of python-devel:
+ + Sufficient for Python-only modules (containing no C/C++ code)
+- Additional Buildrequires for documentation
+
+-------------------------------------------------------------------
+Mon Oct 1 09:28:18 UTC 2012 - jenkins(a)suse.de
+
+- Update to latest git (6c127df):
+ + Fix PEP8 issues.
+ + fixing pep8 formatting for 1.0.1+ pep8
+ + Fixed httplib2 mocking (bug 1050091, bug 1050097)
+ + Require httplib2 version 0.7 or higher.
+ + removing deprecated commandline options
+ + Handle "503 Service Unavailable" exception.
+ + Fixes setup compatibility issue on Windows
+ + switching options to match authentication paths
+ + Add wrap option to keystone token-get for humans
+ + Allow empty description for tenants.
+ + pep8 1.3.1 cleanup
+
+-------------------------------------------------------------------
+Fri Aug 24 19:00:18 UTC 2012 - jenkins(a)suse.de
+
+- Update to latest git (b391319):
+ + Add nosehtmloutput as a test dependency.
+
+-------------------------------------------------------------------
+Thu Aug 23 22:05:51 UTC 2012 - jenkins(a)suse.de
+
+- Update to latest git (ad9dee5):
+ + Change underscores in new cert options to dashes
+ + splitting http req and resp logging also some pep8 cleanup in shell.py
+
+-------------------------------------------------------------------
+Thu Aug 2 16:27:37 UTC 2012 - rhafer(a)suse.de
+
+- Fixed dependencies, package required python-simplejson
+
+-------------------------------------------------------------------
+Sat Jul 28 08:32:28 UTC 2012 - cthiel(a)suse.com
+
+- add BuildRequires to python-httplib2, to fix documentation building
+
+-------------------------------------------------------------------
+Sat Jul 28 08:30:58 UTC 2012 - jenkins(a)suse.de
+
+- Update to latest git (dec8f77):
+ + Add '--insecure' commandline argument
+
+-------------------------------------------------------------------
+Sat Jul 28 08:29:09 UTC 2012 - cthiel(a)suse.com
+
+- remove insecure-commandline-argument.patch which has been merged upstream:
+ https://review.openstack.org/#/c/9582/
+
+-------------------------------------------------------------------
+Fri Jul 27 08:13:20 UTC 2012 - cthiel(a)suse.com
+
+- rebase insecure-commandline-argument.patch to master
+- adapt doc paths for building from master
+
+-------------------------------------------------------------------
+Thu Jul 26 10:38:47 UTC 2012 - saschpe(a)suse.de
+
+- Require python-distribute, /usr/bin/keystone needs it
+
+-------------------------------------------------------------------
+Tue Jul 10 09:54:26 UTC 2012 - saschpe(a)suse.de
+
+- Add '--insecure' commandline argument to ignore (amongst others)
+ self-signed certificate errors
+
+-------------------------------------------------------------------
+Wed Jun 27 10:02:48 UTC 2012 - saschpe(a)suse.de
+
+- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV
+- Simplify from_vcs macros
+
+-------------------------------------------------------------------
+Tue Jun 26 11:43:43 UTC 2012 - saschpe(a)suse.de
+
+- Consistent package summaries
+- Macro cleanup:
+ + Package is noarch except for SLE-11
+- Added rpmlintrc for non-issues
+- Use correct upstream URL
+- Remove empty %check section
+- The doc package should require the base package
+
+-------------------------------------------------------------------
+Thu May 24 11:03:22 MDT 2012 - jfehlig(a)suse.com
+
++++ 24 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes
New:
----
CVE-2013-2013.patch
_service
compat-newer-requests.patch
openstack-keystone.sh
python-keystoneclient-master.tar.gz
python-keystoneclient.changes
python-keystoneclient.spec
rpmlintrc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-keystoneclient.spec ++++++
#
# spec file for package python-keystoneclient
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define component keystoneclient
Name: python-%{component}
Version: 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb
Release: 0
Summary: Openstack Identity (Keystone) API Client
License: Apache-2.0
Group: Development/Languages/Python
Url: http://launchpad.net/python-keystoneclient
Source: python-keystoneclient-master.tar.gz
Source2: openstack-keystone.sh
# PATCH-FIX-UPSTREAM compat-newer-requests.patch vuntz(a)suse.com -- Add patches from git to work with more recent versions of python-requests
Patch0: compat-newer-requests.patch
# PATCH-FIX-UPSTREAM CVE-2013-2013.patch -- allow secure user password update
Patch1: CVE-2013-2013.patch
BuildRequires: fdupes
BuildRequires: openstack-macros
BuildRequires: python-base
BuildRequires: python-distribute
# Packages below are only needed for documentation build
BuildRequires: python-Sphinx
BuildRequires: python-WebOb
BuildRequires: python-argparse
BuildRequires: python-httplib2
BuildRequires: python-iso8601
BuildRequires: python-prettytable
BuildRequires: python-requests
Requires: python >= 2.6.8
# /usr/bin/keystone uses pkg_resources, thus:
Requires: python-distribute
Requires: python-httplib2
Requires: python-prettytable
Requires: python-requests
Requires: python-simplejson
Recommends: python-keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch: noarch
%endif
# Provides/Obsoletes for openSUSE-12.2 package names:
Provides: openstack-%{component} = %{version}
Obsoletes: openstack-%{component} < %{version}
Provides: python-python-%{component} = %{version}
Obsoletes: python-python-%{component} < %{version}
%description
This is a client for the OpenStack Keystone API. There's a Python API
(the keystoneclient module), and a command-line tool (keystone).
%package doc
Summary: Openstack Identity (Keystone) API Client - Documentation
Group: Documentation/HTML
Requires: %{name} = %{version}
%description doc
This package contains documentation files for %{name}.
%package test
Summary: Openstack Identity (Keystone) API Client - Testsuite
Group: System/Management
Requires: %{name} = %{version}
Requires: python-coverage
Requires: python-mock
Requires: python-mox
Requires: python-nose
Requires: python-nose-exclude
#openstack.nose_plugin
Requires: python-nosehtmloutput
Requires: python-pep8
Requires: python-unittest2
%description test
This package contains testsuite files for %{name}.
%prep
%setup -q -n python-keystoneclient-0.2.1.3.gd37a3fb
# Fix example PKI certs location for testsuite:
sed -i "s|python-keystoneclient/examples|python-keystoneclient-test/examples|" tests/test_auth_token_middleware.py
%patch0 -p1
%patch1 -p1
%openstack_cleanup_prep
%build
python setup.py build
python setup.py build_sphinx
# Currently no man pages:
#python setup.py build_sphinx -b man
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot} --install-data=%{python_sitelib}
rm -rf doc/build/html/{.buildinfo,.doctrees}
%fdupes doc
### bash-completion
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/bash_completion.d/openstack-keystone.sh
### test subpackage
%openstack_test_package_install
%files
%defattr(-,root,root,-)
%doc LICENSE README.rst
%{_sysconfdir}/bash_completion.d/openstack-keystone.sh
%{_bindir}/keystone
%{python_sitelib}/%{component}/
%{python_sitelib}/python_%{component}-*.egg-info
%files doc
%defattr(-,root,root,-)
%doc LICENSE doc/build/html
%files test
%defattr(-,root,root,-)
%{_localstatedir}/lib/%{name}-test/
%changelog
++++++ CVE-2013-2013.patch ++++++
(patch manually tweaked to apply)
>From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001
From: Pradeep Kilambi <pkilambi(a)cisco.com>
Date: Thu, 9 May 2013 09:29:02 -0700
Subject: [PATCH] Allow secure user password update.
This patch allows the ability for user password to be updated via
a command prompt so the password doesnt show up in the bash history.
The prompted password is asked twice to verify the match.
If user cntl-D's the prompt a message appears suggesting user to use
either of the options to update the password.
Fixes: bug#938315
Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39
---
keystoneclient/utils.py | 23 ++++++++++++++++++++++-
keystoneclient/v2_0/shell.py | 10 ++++++++--
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py
index 3d708ca..f45ec34 100644
--- a/keystoneclient/utils.py
+++ b/keystoneclient/utils.py
@@ -1,5 +1,7 @@
-import uuid
+import getpass
import hashlib
+import sys
+import uuid
import prettytable
@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):
hash_ = hashlib.md5()
hash_.update(signed_text)
return hash_.hexdigest()
+
+
+def prompt_for_password():
+ """
+ Prompt user for password if not provided so the password
+ doesn't show up in the bash history.
+ """
+ if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
+ # nothing to do
+ return
+
+ while True:
+ try:
+ new_passwd = getpass.getpass('New Password: ')
+ rep_passwd = getpass.getpass('Repeat New Password: ')
+ if new_passwd == rep_passwd:
+ return new_passwd
+ except EOFError:
+ return
diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py
index 4c53cf7..0c7c233 100755
--- a/keystoneclient/v2_0/shell.py
+++ b/keystoneclient/v2_0/shell.py
@@ -17,6 +17,7 @@
import argparse
import getpass
+import sys
from keystoneclient.v2_0 import client
from keystoneclient import utils
@@ -103,12 +104,17 @@ def do_user_update(kc, args):
print 'Unable to update user: %s' % e
-(a)utils.arg('--pass', metavar='<password>', dest='passwd', required=True,
+(a)utils.arg('--pass', metavar='<password>', dest='passwd', required=False,
help='Desired new password')
@utils.arg('id', metavar='<user-id>', help='User ID to update')
def do_user_password_update(kc, args):
"""Update user password"""
- kc.users.update_password(args.id, args.passwd)
+ new_passwd = args.passwd or utils.prompt_for_password()
+ if new_passwd is None:
+ msg = ("\nPlease specify password using the --pass option "
+ "or using the prompt")
+ sys.exit(msg)
+ kc.users.update_password(args.id, new_passwd)
@utils.arg('--current-password', metavar='<current-password>',
--
1.8.1.4
++++++ _service ++++++
<services>
<service name="git_tarballs" mode="disabled">
<param name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-m…</param>
<param name="email">cloud-devel(a)suse.de</param>
</service>
</services>
++++++ compat-newer-requests.patch ++++++
Based on the following commits (but tweaked to apply to this tarball):
commit dd24bcf15c5e690c56619e92b11fd4a340572fb5
Author: Yaguang Tang <yaguang.tang(a)canonical.com>
Date: Mon Dec 31 00:31:50 2012 +0800
Pin requests to >=0.8.8.
requests add SSL CERT VERIFICATION support since 0.8.8.
fix bug #1094699
Change-Id: I7974983087f7483283438906d738bec7cba84ed2
commit b998ff92527cf542f7e8db127cd65bfc7ccceb1a
Author: Chuck Short <chuck.short(a)canonical.com>
Date: Wed Feb 6 09:36:51 2013 -0600
Allow requests up to 0.8 and greater
The requests module dropped all configuration with the 1.0.0 release.
There's no danger_mode and no 'verbose'' mode. The former
shouldn't be necessary anymore and the latter can be done by setting
a different log handler for the request.logging root logger.
Change-Id: I41bfaf2574f6d7fc21f86e0124ceae7df6481eee
Signed-off-by: Chuck Short <chuck.short(a)canonical.com>
diff --git a/tools/pip-requires b/tools/pip-requires
index fab4830..0019f6c 100644
--- a/tools/pip-requires
+++ b/tools/pip-requires
@@ -1,4 +1,4 @@
argparse
prettytable
-requests<1.0
+requests>=0.8.8,<1.0
simplejson
diff --git a/keystoneclient/client.py b/keystoneclient/client.py
index 0233aeb..14c38b0 100644
--- a/keystoneclient/client.py
+++ b/keystoneclient/client.py
@@ -50,10 +50,6 @@ class HTTPClient(object):
USER_AGENT = 'python-keystoneclient'
- requests_config = {
- 'danger_mode': False,
- }
-
def __init__(self, username=None, tenant_id=None, tenant_name=None,
password=None, auth_url=None, region_name=None, timeout=None,
endpoint=None, token=None, cacert=None, key=None,
@@ -121,7 +117,8 @@ class HTTPClient(object):
ch = logging.StreamHandler()
_logger.setLevel(logging.DEBUG)
_logger.addHandler(ch)
- self.requests_config['verbose'] = sys.stderr
+ if hasattr(requests, logging):
+ requests.logging.getLogger(requests.__name__).addHandler(ch)
# keyring setup
self.use_keyring = use_keyring and keyring_available
@@ -336,7 +333,6 @@ class HTTPClient(object):
method,
url,
verify=self.verify_cert,
- config=self.requests_config,
**request_kwargs)
self.http_log_resp(resp)
diff --git a/tests/utils.py b/tests/utils.py
index 6e8dbaf..9d9bf8d 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -17,7 +17,6 @@ class TestCase(testtools.TestCase):
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0')
TEST_REQUEST_BASE = {
- 'config': {'danger_mode': False},
'verify': True,
}
@@ -94,7 +93,6 @@ class UnauthenticatedTestCase(testtools.TestCase):
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0')
TEST_REQUEST_BASE = {
- 'config': {'danger_mode': False},
'verify': True,
}
diff --git a/tests/v3/utils.py b/tests/v3/utils.py
index e2a1412..bfb3861 100644
--- a/tests/v3/utils.py
+++ b/tests/v3/utils.py
@@ -40,7 +40,6 @@ class TestCase(testtools.TestCase):
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v3')
TEST_REQUEST_BASE = {
- 'config': {'danger_mode': False},
'verify': True,
}
@@ -70,7 +69,6 @@ class UnauthenticatedTestCase(testtools.TestCase):
TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v3')
TEST_REQUEST_BASE = {
- 'config': {'danger_mode': False},
'verify': True,
}
diff --git a/tools/pip-requires b/tools/pip-requires
index f93089e..81d0663 100644
--- a/tools/pip-requires
+++ b/tools/pip-requires
@@ -1,4 +1,4 @@
argparse
prettytable
-requests>=0.8.8,<1.0
+requests>=0.8.8
simplejson
++++++ openstack-keystone.sh ++++++
# bash completion for openstack keystone
# by Dominik Heidler <dheidler suse.de>
_keystone_opts="" # lazy init
_keystone_opts_exp="" # lazy init
_keystone()
{
local cur prev
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
if [ "x$_keystone_opts" == "x" ] ; then
_keystone_opts="`keystone bash-completion 2>&1 | tail -n1 | sed -e "s/^.*(choose from //" -e "s/)$//" -e "s/,//g" -e "s/'//g"`"
_keystone_opts_exp="`echo $_keystone_opts | sed -e "s/\s/|/g"`"
fi
if [[ ! " ${COMP_WORDS[@]} " =~ " "($_keystone_opts_exp)" " || "$prev" == "help" ]] ; then
COMPREPLY=($(compgen -W "${_keystone_opts}" -- ${cur}))
fi
return 0
}
complete -F _keystone keystone
++++++ rpmlintrc ++++++
# Bash completion files reside in /etc but are not meant to be configurable:
addFilter("non-conffile-in-etc /etc/bash_completion.d/openstack-keystone.sh")
# This symling is for the -test package and can be ignored:
addFilter("dangling-symlink /var/lib/python-keystoneclient-test/keystoneclient")
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package openstack-keystone for openSUSE:12.3:Update checked in at 2013-06-27 16:18:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/openstack-keystone (Old)
and /work/SRC/openSUSE:12.3:Update/.openstack-keystone.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-keystone"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.aByUow/_old 2013-06-27 16:18:51.000000000 +0200
+++ /var/tmp/diff_new_pack.aByUow/_new 2013-06-27 16:18:51.000000000 +0200
@@ -1 +1 @@
-<link package='openstack-keystone.1670' cicount='copy' />
+<link package='openstack-keystone.1784' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
27 Jun '13
Hello community,
here is the log from the commit of package openstack-keystone-doc for openSUSE:12.3:Update checked in at 2013-06-27 16:18:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/openstack-keystone-doc (Old)
and /work/SRC/openSUSE:12.3:Update/.openstack-keystone-doc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-keystone-doc"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.idPyjq/_old 2013-06-27 16:18:48.000000000 +0200
+++ /var/tmp/diff_new_pack.idPyjq/_new 2013-06-27 16:18:48.000000000 +0200
@@ -1 +1 @@
-<link package='openstack-keystone-doc.1670' cicount='copy' />
+<link package='openstack-keystone-doc.1784' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package patchinfo.1782 for openSUSE:12.3:Update checked in at 2013-06-27 12:52:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.1782 (Old)
and /work/SRC/openSUSE:12.3:Update/.patchinfo.1782.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1782"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo>
<issue id="819349" tracker="bnc">VUL-1: openstack-nova: CVE-2013-2030: Nova uses insecure keystone middleware tmpdir by default</issue>
<issue id="CVE-2013-2030" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>vuntz</packager>
<description>This update of openstack-nova fixes a security vulnerability.
- Add CVE-2013-2030.patch: fix insecure keystone middleware tmpdir
by default (CVE-2013-2030, bnc#819349).
- Use explicit keystone-signing dir to workaround lp#1181157.</description>
<summary>update for openstack-nova</summary>
</patchinfo>
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package python-greenlet.1782 for openSUSE:12.3:Update checked in at 2013-06-27 12:51:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/python-greenlet.1782 (Old)
and /work/SRC/openSUSE:12.3:Update/.python-greenlet.1782.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-greenlet.1782"
Changes:
--------
New Changes file:
--- /dev/null 2013-06-25 18:53:24.372030255 +0200
+++ /work/SRC/openSUSE:12.3:Update/.python-greenlet.1782.new/python-greenlet.changes 2013-06-27 12:51:59.000000000 +0200
@@ -0,0 +1,81 @@
+-------------------------------------------------------------------
+Wed Dec 19 15:52:27 UTC 2012 - saschpe(a)suse.de
+
+- The devel subpackage contains only headers and thus is noarch
+
+-------------------------------------------------------------------
+Fri Nov 23 12:05:16 UTC 2012 - saschpe(a)suse.de
+
+- Update to version 0.4.0:
+ + Greenlet has an instance dictionary now, which means it can be
+ used for implementing greenlet local storage, etc. However, this
+ might introduce incompatibility if subclasses have __dict__ in their
+ __slots__. Classes like that will fail, because greenlet already
+ has __dict__ out of the box.
+ + Greenlet no longer leaks memory after thread termination, as long as
+ terminated thread has no running greenlets left at the time.
+ + Add support for debian sparc and openbsd5-sparc64
+ + Add support for ppc64 linux
+ + Don't allow greenlets to be copied with copy.copy/deepcopy
+ + Fix arm32/thumb support
+ + Restore greenlet's parent after kill
+ + Add experimental greenlet tracing
+- Changes from version 0.3.4:
+ + Use plain distutils for install command, this fixes installation of
+ the greenlet.h header.
+ + Enhanced arm32 support
+ + Fix support for Linux/S390 zSeries
+ + Workaround compiler bug on RHEL 3 / CentOS 3
+- Changes from version 0.3.3:
+ + Use sphinx to build documentation and publish it on greenlet.rtfd.org
+ + Prevent segfaults on openbsd 4/i386
+ + Workaround gcc-4.0 not allowing to clobber rbx
+ + Enhance test infrastructure
+ + Fix possible compilation problems when including greenlet.h in C++ mode
+ + Make the greenlet module work on x64 windows
+ + Add a test for greenlet C++ exceptions
+ + Fix compilation on Solaris with SunStudio
+- Changes from version 0.3.2:
+ + Fix various crashes with recent gcc versions and VC90
+ + Try to fix stack save/restore on arm32
+ + Store and restore the threadstate on exceptions like pypy/stackless do
+ + GreenletExit is now based on BaseException on Python >= 2.5
+ + Switch to using PyCapsule for Python 2.7 and 3.1
+ + Port for AIX on PowerPC
+ + Fix the sparc/solaris header
+ + Improved build dependencies patch from flub.
+ + Can't pass parent=None to greenlet.greenlet() (fixes #21)
+ + Rudimentary gc support (only non-live greenlets are garbage collected though)
+- Dropped the following patches (merged upstream):
+ + get-rid-of-ts_origin.patch
+ + i686-register-fixes.patch
+ + ppc-support.patch
+ + ppc64-support.patch
+- Build HTML documentation
+
+-------------------------------------------------------------------
+Tue Jul 3 09:53:32 UTC 2012 - dvaleev(a)suse.com
+
+- add ppc64 platform support
+- fix ppc platform
+
+-------------------------------------------------------------------
+Fri Dec 23 13:20:47 UTC 2011 - idonmez(a)suse.com
+
+- Add upstream commits 25bf29f4d3b7 and 2d5b17472757 (bnc#738431)
+- Implement %check
+
+-------------------------------------------------------------------
+Wed Sep 21 09:35:58 UTC 2011 - saschpe(a)suse.de
+
+- Spec file cleanup:
+ * BuildRequire modern python-distribute instead of python-setuptools
+ * No need for changing executable bits for benchmarks
+ * Use SUSE version checks around specific macros
+ * Only require %{name} = %{version} in devel package
+
+-------------------------------------------------------------------
+Fri Nov 26 14:44:42 UTC 2010 - seife+obs(a)b1-systems.com
+
+- initial package (version 0.3.1)
+
New:
----
greenlet-0.4.0.zip
python-greenlet.changes
python-greenlet.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-greenlet.spec ++++++
#
# spec file for package python-greenlet
#
# Copyright (c) 2010 B1 Systems GmbH, Vohburg, Germany.
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "O2en Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: python-greenlet
Version: 0.4.0
Release: 0
URL: http://pypi.python.org/pypi/greenlet
Summary: Lightweight in-process concurrent programming
License: MIT
Group: Development/Libraries/Python
Source0: http://pypi.python.org/packages/source/g/greenlet/greenlet-%{version}.zip
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: python-devel
BuildRequires: python-distribute
BuildRequires: unzip
BuildRequires: gcc-c++
BuildRequires: python-Sphinx
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitearch: %global python_sitearch %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
%endif
%description
The greenlet package is a spin-off of Stackless, a version of CPython
that supports micro-threads called "tasklets". Tasklets run
pseudo-concurrently (typically in a single or a few OS-level threads)
and are synchronized with data exchanges on "channels".
%package devel
Summary: C development headers for python-greenlet
Group: Development/Libraries/Python
BuildArch: noarch
Requires: %{name} = %{version}
%description devel
This package contains header files required for C modules development.
%prep
%setup -q -n greenlet-%{version}
%build
CFLAGS="%{optflags}" python setup.py build
cd doc && make html
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}
%check
python setup.py test
%files
%defattr(-,root,root)
%doc AUTHORS NEWS README.rst doc/_build/html
%{python_sitearch}/*
%files devel
%defattr(-,root,root,-)
%{_includedir}/python*/greenlet
%changelog
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package openstack-nova for openSUSE:12.3:Update checked in at 2013-06-27 12:51:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/openstack-nova (Old)
and /work/SRC/openSUSE:12.3:Update/.openstack-nova.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-nova"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.GB4vMw/_old 2013-06-27 12:51:58.000000000 +0200
+++ /var/tmp/diff_new_pack.GB4vMw/_new 2013-06-27 12:51:58.000000000 +0200
@@ -1 +1 @@
-<link package='openstack-nova.1429' cicount='copy' />
+<link package='openstack-nova.1782' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package openstack-nova.1782 for openSUSE:12.3:Update checked in at 2013-06-27 12:51:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/openstack-nova.1782 (Old)
and /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-nova.1782"
Changes:
--------
New Changes file:
--- /dev/null 2013-06-25 18:53:24.372030255 +0200
+++ /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new/openstack-nova-doc.changes 2013-06-27 12:51:53.000000000 +0200
@@ -0,0 +1,91 @@
+-------------------------------------------------------------------
+Fri Jan 18 13:42:51 UTC 2013 - vuntz(a)suse.com
+
+- Update to version 2012.2.3+git.1358515929.3545a7d:
+ + Add NFS to the libvirt volume driver list
+ + Call plug_vifs() for all instances in init_host
+ + Fix addition of CPU features when running against legacy libvirt
+ + Fix typo in resource tracker audit message
+- Move back to "git_tarballs" source service.
+
+--------------------------------------------------------------------
+Thu Jan 17 15:22:36 UTC 2013 - cloud-devel(a)suse.de
+
+- Start using obs-service-github_tarballs
+
+--------------------------------------------------------------------
+Thu Jan 17 14:52:08 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.3+git.1358434328.a41b913:
+ + Provide better error message for aggregate-create
+ + Fix errors in used_limits extension
+ + Add an iptables mangle rule per-bridge for DHCP.
+ + Limit formatting routes when adding resources
+
+--------------------------------------------------------------------
+Thu Jan 3 12:17:48 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.3+git.1357215468.451003e:
+ + Fix a crash when launching qcow2 images containing snapshots
+
+-------------------------------------------------------------------
+Wed Dec 19 15:36:47 UTC 2012 - saschpe(a)suse.de
+
+- It's a noarch package
+
+--------------------------------------------------------------------
+Tue Dec 11 17:36:43 UTC 2012 - cloud-devel(a)suse.de
+
+- Move to obs-service-git_tarballs
+ + Drop BuildRequires: python-setuptools-git
+- Update to version 2012.2.3+git.1355243803.9e62846:
+ + Bump version to 2012.2.3
+ + Final versioning for 2012.2.2
+ + Don't leak info from libvirt LVM backed instances
+
+--------------------------------------------------------------------
+Mon Dec 10 17:20:47 UTC 2012 - iartarisi(a)suse.com
+
+- Update to latest git (670b388):
+ + Fix rpc control_exchange regression.
+
+-------------------------------------------------------------------
+Thu Dec 6 13:51:20 UTC 2012 - iartarisi(a)suse.com
+
+- Fix version name
+
+-------------------------------------------------------------------
+Fri Nov 16 12:52:08 UTC 2012 - saschpe(a)suse.de
+
+- Add more documentation requirements but disable some, currently
+ the build fails if too much is enabled (I/O error)
+
+-------------------------------------------------------------------
+Thu Nov 15 13:26:43 UTC 2012 - saschpe(a)suse.de
+
+- Use openstack-macros
+- Additional documentation requirements
+
+-------------------------------------------------------------------
+Thu Nov 8 11:49:52 UTC 2012 - saschpe(a)suse.de
+
+- Drop from_vcs build flag
+
+-------------------------------------------------------------------
+Wed Jun 27 12:39:11 UTC 2012 - saschpe(a)suse.de
+
+- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV
+- Simplify from_vcs macros
+
+-------------------------------------------------------------------
+Wed Jun 27 10:13:39 CEST 2012 - vuntz(a)suse.com
+
+- Sync version to the version we currently have, to fix build.
+- Add jsonutils-fix-new-anyjson.patch: fix nova.utils to be
+ compatibly with the version of python-anyjson we use
+ (lp#1017765).
+
+-------------------------------------------------------------------
+Mon Jun 25 09:33:07 UTC 2012 - saschpe(a)suse.de
+
+- Initial version
New Changes file:
--- /dev/null 2013-06-25 18:53:24.372030255 +0200
+++ /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new/openstack-nova.changes 2013-06-27 12:51:53.000000000 +0200
@@ -0,0 +1,1786 @@
+-------------------------------------------------------------------
+Mon Jun 17 08:08:02 UTC 2013 - vuntz(a)suse.com
+
+- Add CVE-2013-2030.patch: fix insecure keystone middleware tmpdir
+ by default (CVE-2013-2030, bnc#819349).
+- Use explicit keystone-signing dir to workaround lp#1181157.
+
+--------------------------------------------------------------------
+Thu Mar 14 21:51:50 UTC 2013 - vuntz(a)suse.com
+
+- Update to version 2012.2.4+git.1363297910.9561484:
+ + Avoid vm instance shutdown when power state is NOSTATE
+ + Fix an error in affinity filters
+ + Add quotas for fixed ips. (CVE-2013-1838)
+- This fixes bnc#808622.
+
+-------------------------------------------------------------------
+Mon Mar 11 10:01:24 UTC 2013 - vuntz(a)suse.com
+
+- Update 12.3 packages to Folsom as of March 5th. This comes with·
+ security fixes and bug fixes that we need to have OpenStack work
+ nicely. Fix bnc#802278.
+
+-------------------------------------------------------------------
+Thu Mar 7 12:58:51 UTC 2013 - vuntz(a)suse.com
+
+- Install polkit rules file in /usr/share/polkit-1/rules.d/ since
+ it's not a configuration file, and use 10 instead of 50 as
+ priority to make sure it is taken into account.
+
+--------------------------------------------------------------------
+Wed Mar 6 15:26:14 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.4+git.1362583574.da38af5:
+ + VNC Token Validation (CVE-2013-0335)
+
+--------------------------------------------------------------------
+Tue Mar 5 16:57:22 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.4+git.1362502642.8c4df00:
+ + Ensure we add a new line when appending to rc.local
+ + Handle compute node not available for live migration
+ + remove intermediate libvirt downloaded images
+
+-------------------------------------------------------------------
+Mon Feb 25 15:43:09 UTC 2013 - vuntz(a)suse.com
+
+- Add openstack-nova-polkit.rules: polkit rules for the new polkit
+ that uses javascript. On openSUSE 12.3 and later, we install this
+ file in /etc/polkit-1/rules.d/ instead of installing the pkla
+ file which is of no use with the new polkit.
+
+--------------------------------------------------------------------
+Fri Feb 22 10:11:47 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.4+git.1361527907.d5e7f55:
+ + Avoid stuck task_state on snapshot image failure
+ + Add a safe_minidom_parse_string function. (CVE-2013-1664)
+ + Enable libvirt to work with NoopFirewallDriver
+ + Fix state sync logic related to the PAUSED VM state
+ + libvirt: Fix nova-compute start when missing ip.
+
+--------------------------------------------------------------------
+Wed Feb 6 06:59:13 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.4+git.1360133953.e5d0f4b:
+ + Final versioning for 2012.2.3
+ + Bump version to 2012.2.4
+
+--------------------------------------------------------------------
+Wed Jan 30 07:09:51 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.3+git.1359529791.317cc0a:
+ + remove session parameter from fixed_ip_get
+ + Eliminate race conditions in floating association
+ + Fix to include error message in instance faults
+ + disallow boot from volume from specifying arbitrary volumes
+ (CVE-2013-0208)
+
+--------------------------------------------------------------------
+Fri Jan 25 10:59:36 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.3+git.1359111576.03c3e9b:
+ + Ensure that Quantum uses configured fixed IP
+ + Makes sure compute doesn't crash on failed resume.
+
+-------------------------------------------------------------------
+Fri Jan 18 13:42:51 UTC 2013 - vuntz(a)suse.com
+
+- Update to version 2012.2.3+git.1358515929.3545a7d:
+ + Add NFS to the libvirt volume driver list
+ + Call plug_vifs() for all instances in init_host
+ + Fix addition of CPU features when running against legacy libvirt
+ + Fix typo in resource tracker audit message
+- Move back to "git_tarballs" source service.
+
+--------------------------------------------------------------------
+Thu Jan 17 15:22:36 UTC 2013 - cloud-devel(a)suse.de
+
+- Start using obs-service-github_tarballs
+
+--------------------------------------------------------------------
+Thu Jan 17 14:52:08 UTC 2013 - cloud-devel(a)suse.de
+
+- Update to version 2012.2.3+git.1358434328.a41b913:
+ + Provide better error message for aggregate-create
+ + Fix errors in used_limits extension
+ + Add an iptables mangle rule per-bridge for DHCP.
+ + Limit formatting routes when adding resources
+
+-------------------------------------------------------------------
+Tue Jan 15 08:01:05 UTC 2013 - vuntz(a)suse.com
+
+- Drop nova-migration-config.patch: the patch is not used anymore,
+ as we don't need it anymore with the _service we're using now.
+
+--------------------------------------------------------------------
+Thu Jan 3 12:17:48 UTC 2013 - cloud-devel(a)suse.de
+
+- Switch to github_tarballs source service
+- Update to version 2012.2.3+git.1357215468.451003e:
+ + Fix a crash when launching qcow2 images containing snapshots
+
+-------------------------------------------------------------------
+Wed Dec 19 14:49:49 UTC 2012 - saschpe(a)suse.de
+
+- Use macro %openstack_sphinx_build_manpages_only
+
+-------------------------------------------------------------------
+Wed Dec 19 11:57:05 UTC 2012 - saschpe(a)suse.de
+
+- Move to obs-service-git_tarballs
+ + Drop BuildRequires: python-setuptools-git
+ + Drop %majorversion macro
+- Fix testsuite requirements
+
+-------------------------------------------------------------------
+Wed Dec 19 09:05:52 UTC 2012 - bwiedemann(a)suse.com
+
+- update init scripts and nova.conf for Folsom
+
+--------------------------------------------------------------------
+Tue Dec 11 17:36:43 UTC 2012 - cloud-devel(a)suse.de
+
+- Use new git_tarballs source service
+- Update to version 2012.2.3+git.1355243803.9e62846:
+ + Bump version to 2012.2.3
+ + Final versioning for 2012.2.2
+ + Don't leak info from libvirt LVM backed instances
+
+--------------------------------------------------------------------
+Mon Dec 10 17:20:47 UTC 2012 - iartarisi(a)suse.com
+
+- Update to latest git (670b388):
+ + Fix rpc control_exchange regression.
+
+-------------------------------------------------------------------
+Thu Dec 6 11:44:38 UTC 2012 - iartarisi(a)suse.com
+
+- Set the version to seconds from epoch
+
+-------------------------------------------------------------------
+Thu Dec 6 11:03:34 UTC 2012 - iartarisi(a)suse.com
+
+- Use upstream tarballs instead of the git repository
+
+-------------------------------------------------------------------
+Wed Dec 5 09:36:59 UTC 2012 - saschpe(a)suse.de
+
+- Use @PARENT_TAG@ in _service file to automate versioning
+
+-------------------------------------------------------------------
+Mon Dec 3 14:44:22 UTC 2012 - iartarisi(a)suse.com
+
+- Add sqlalchemy-migrate config to the python package
+
+-------------------------------------------------------------------
+Thu Nov 15 12:39:52 UTC 2012 - saschpe(a)suse.de
+
+- Use openstack-macros
+
+-------------------------------------------------------------------
+Fri Nov 9 10:24:55 UTC 2012 - saschpe(a)suse.de
+
+- Add more test requirements for which we have packages now:
+ + Requires: python-nosehtmloutput
+
+-------------------------------------------------------------------
+Thu Nov 8 11:36:41 UTC 2012 - saschpe(a)suse.de
+
+- Drop from_vcs build flag
+
+-------------------------------------------------------------------
+Tue Oct 30 09:21:25 UTC 2012 - saschpe(a)suse.de
+
+- Drop temporary fixes for file permissions and attributes in %post
+ section. They were necessary only to migrate from pre-1.0 packages.
++++ 1589 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.openstack-nova.1782.new/openstack-nova.changes
New:
----
CVE-2013-2030.patch
_service
nova-network-filter-bnc777488.patch
nova-rbd-use-local-devices.patch
nova-stable-folsom.tar.gz
nova.conf
openstack-nova-api.wsgi
openstack-nova-doc.changes
openstack-nova-doc.spec
openstack-nova-manage.sh
openstack-nova-network-init-bnc777488.patch
openstack-nova-novncproxy.init
openstack-nova-polkit.rules
openstack-nova-vncproxy.init
openstack-nova.changes
openstack-nova.init
openstack-nova.logrotate
openstack-nova.spec
org.openstack.nova.compute.pkla
rpmlintrc
sysconfig.openstack-novncproxy
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openstack-nova-doc.spec ++++++
#
# spec file for package openstack-nova-doc
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define component nova
%define majorversion 2012.2.3
Name: openstack-%{component}-doc
Version: 2012.2.4+git.1363297910.9561484
Release: 0
Summary: OpenStack Compute (Nova) - Documentation
License: Apache-2.0
Group: Documentation/HTML
Url: http://openstack.org/projects/compute/
Source: nova-stable-folsom.tar.gz
BuildRequires: graphviz
BuildRequires: openstack-macros
BuildRequires: python-Cheetah
BuildRequires: python-PasteDeploy
BuildRequires: python-Sphinx
#BuildRequires: python-SQLAlchemy
BuildRequires: python-WebOb
BuildRequires: python-base
BuildRequires: python-boto
#BuildRequires: python-cinderclient
BuildRequires: python-distribute
BuildRequires: python-eventlet
BuildRequires: python-feedparser
#BuildRequires: python-glanceclient
BuildRequires: python-iso8601
BuildRequires: python-ldap
BuildRequires: python-lxml
BuildRequires: python-mox
BuildRequires: python-netaddr
#BuildRequires: python-nova
BuildRequires: python-openssl
BuildRequires: python-paste
#BuildRequires: python-qpid
#BuildRequires: python-quantumclient
BuildRequires: python-routes
#BuildRequires: python-zmq
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Nova is a cloud computing fabric controller (the main part of an IaaS
system) built to match the popular AWS EC2 and S3 APIs. It is written
in Python, using the Tornado and Twisted frameworks, and relies on the
standard AMQP messaging protocol.
This package contains documentation files for openstack-nova.
%prep
%setup -q -n nova-2012.2.4
%openstack_cleanup_prep
%build
python setup.py build_sphinx
rm -rf doc/build/html/.buildinfo # Remove unneeded files
%install
%files
%defattr(-,root,root,-)
%doc LICENSE doc/build/html
%changelog
++++++ openstack-nova.spec ++++++
#
# spec file for package openstack-nova
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2011 B1 Systems GmbH, Vohburg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define component nova
%define groupname openstack-%{component}
%define username openstack-%{component}
Name: openstack-%{component}
Version: 2012.2.4+git.1363297910.9561484
Release: 0
Summary: OpenStack Compute (Nova)
License: Apache-2.0
Group: System/Management
Url: https://launchpad.net/nova
Source: nova-stable-folsom.tar.gz
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: nova.conf
Source4: openstack-nova-manage.sh
Source6: openstack-nova-vncproxy.init
# WSGI application skeleton for API app (for the SSL proxy):
Source7: openstack-nova-api.wsgi
Source8: openstack-nova-network-init-bnc777488.patch
Source9: org.openstack.nova.compute.pkla
Source10: openstack-nova-novncproxy.init
Source11: sysconfig.openstack-novncproxy
Source12: openstack-nova-polkit.rules
# This adds support for using /dev/rdb? devices for ceph volumes. It's need
# because our qemu and libvirt don't have librados support yet. (Not sure yet if
# this is worth upstreaming, we would at least have to make in configurable)
Patch5: nova-rbd-use-local-devices.patch
Patch7: nova-network-filter-bnc777488.patch
# PATCH-FIX-UPSTREAM CVE-2013-2030.patch -- fix insecure keystone middleware tmpdir by default, https://review.openstack.org/#/c/28570/
Patch8: CVE-2013-2030.patch
BuildRequires: apache2
BuildRequires: fdupes
BuildRequires: openstack-macros
BuildRequires: python-base
BuildRequires: python-distribute
# Documentation requirements:
BuildRequires: python-Sphinx
%if 0%{?suse_version} > 1110
# to make orphaned-file-tests happy
BuildRequires: polkit-default-privs
Requires: polkit-default-privs
%endif
Requires: /usr/bin/truncate
Requires: euca2ools
Requires: logrotate
Requires: python >= 2.6.8
Requires: python-nova = %{version}
Requires: sudo
#Requires: vblade-persist
# To generate a self-signed certificate to be used in demo setups:
Requires(post): apache2-utils
Requires(post): openssl
Requires(post): sysconfig
%if 0%{?suse_version} > 1110
Requires(pre): pwdutils
%else
Requires(pre): shadow-utils
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch: noarch
%endif
%description
Nova is a cloud computing fabric controller (the main part of an IaaS
system) built to match the popular AWS EC2 and S3 APIs. It is written
in Python, using the Tornado and Twisted frameworks, and relies on the
standard AMQP messaging protocol.
%package -n python-nova
Summary: OpenStack Compute (Nova) - Python module
Group: Development/Languages/Python
Requires: python >= 2.6.8
Requires: python-Paste
Requires: python-PasteDeploy
Requires: python-SQLAlchemy
Requires: python-WebOb
Requires: python-amqplib
Requires: python-anyjson
Requires: python-boto
Requires: python-cheetah
Requires: python-eventlet
Requires: python-glanceclient
Requires: python-greenlet
Requires: python-httplib2
Requires: python-iso8601
Requires: python-kombu
Requires: python-lxml
Requires: python-netaddr
Requires: python-paramiko
Requires: python-quantumclient
Requires: python-routes
Requires: python-sqlalchemy-migrate
Requires: python-suds
%description -n python-nova
This package contains the core Python module of OpenStack Nova.
%package api
Summary: OpenStack Compute (Nova) - API
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description api
This package contains the OpenStack Nova API.
%package cert
Summary: OpenStack Compute (Nova) - Certificate Manager
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description cert
This package contains the certificate manager of OpenStack Nova.
%package compute
Summary: OpenStack Compute (Nova) - Compute
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: bridge-utils
Requires: libvirt >= 0.8.1
Requires: libvirt-python >= 0.8.1
Requires: tunctl
%if 0%{?suse_version} < 1220
Requires(post): PolicyKit
%endif
%description compute
This package contains the compute part of OpenStack.
%package network
Summary: OpenStack Compute (Nova) - Network
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: dnsmasq
Requires: iptables
%description network
This package contains the network services for OpenStack.
%package novncproxy
Summary: OpenStack Compute (Nova) - Websocket Proxy
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description novncproxy
This package contains the novnc-proxy service for OpenStack.
%package objectstore
Summary: OpenStack Compute (Nova) - Object Store
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description objectstore
This package contains the objectstore service for OpenStack.
%package scheduler
Summary: OpenStack Compute (Nova) - Scheduler
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description scheduler
This package contains the scheduler for OpenStack.
%package vncproxy
Summary: OpenStack Compute (Nova) - VNC Proxy
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description vncproxy
This package contains the vnc-proxy service for OpenStack.
%package volume
Summary: OpenStack Compute (Nova) - Volume
Group: Development/Languages/Python
Requires: %{name} = %{version}
%description volume
This package contains the volume-manager for OpenStack.
%package test
Summary: OpenStack Compute (Nova) - Testsuite
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: curl
Requires: pylint
Requires: python-cinderclient
Requires: python-coverage
Requires: python-feedparser
Requires: python-mox
Requires: python-nose
Requires: python-nosehtmloutput
Requires: python-openstack.nose_plugin
Requires: python-pep8
%description test
The OpenStack Nova testsuite. It is used to verify the functionality of
OpenStack Nova and its components.
%prep
%setup -q -n nova-2012.2.4
%patch5 -p1
%patch7 -p1
%patch8 -p1
%openstack_cleanup_prep
%build
python setup.py build
%openstack_sphinx_build_manpages_only
%install
python setup.py install -O1 --skip-build --root %{buildroot} --prefix %{_prefix}
### directories
install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova
install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/images
install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/instances
install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/keys
install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/networks
install -d -m 755 %{buildroot}%{_localstatedir}/lib/nova/tmp
install -d -m 755 %{buildroot}%{_localstatedir}/lock/nova
install -d -m 755 %{buildroot}%{_localstatedir}/log/nova
install -d -m 755 %{buildroot}%{_localstatedir}/run/nova
### configuration files
install -p -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/nova/nova.conf
sed -i -e 's/^#\(signing_dir = \)/\1/' etc/nova/api-paste.ini # workaround https://bugs.launchpad.net/nova/+bug/1181157
install -p -D -m 644 etc/nova/api-paste.ini etc/nova/policy.json %{buildroot}%{_sysconfdir}/nova/
install -p -D -m 644 etc/nova/rootwrap.conf %{buildroot}%{_sysconfdir}/nova/
cp -a etc/nova/rootwrap.d/ %{buildroot}%{_sysconfdir}/nova/
# bash-completion/logrotate/etc.
install -p -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/bash_completion.d/openstack-nova-manage.sh
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
### init scripts
mkdir -p %{buildroot}%{_initddir}
mkdir -p %{buildroot}%{_sbindir}
for i in api cert compute consoleauth network objectstore rpc-zmq-receiver scheduler volume
do
tmp=$(mktemp)
cat %{SOURCE1} | sed "s/__NAME__/$i/g" > $tmp
if [ "x$i" = "xcompute" ] ; then
sed -i -e "s/# Should-Start:.*/& libvirtd/" $tmp
fi
install -m 755 $tmp %{buildroot}%{_initddir}/%{name}-$i
ln -s ../..%{_initddir}/%{name}-$i %{buildroot}%{_sbindir}/rc%{name}-$i
done
# patch nova-network init script:
( cd %{buildroot}%{_initddir}/ ; patch -p0 < %{S:8} )
install -p -D -m 755 %{SOURCE6} %{buildroot}%{_initddir}/openstack-nova-vncproxy
install -p -D -m 755 %{SOURCE10} %{buildroot}%{_initddir}/openstack-nova-novncproxy
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_initddir}/openstack-nova-vncproxy %{buildroot}%{_sbindir}/rcopenstack-nova-vncproxy
ln -s %{_initddir}/openstack-nova-novncproxy %{buildroot}%{_sbindir}/rcopenstack-nova-novncproxy
### documentation
install -d %{buildroot}%{_mandir}/man1
install -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1
### test subpackage
%openstack_test_package_install
%fdupes %{buildroot}%{_localstatedir}/lib/%{name}-test
### apache/WSGI for SSL
# Apache2 SSL certificate stubs (generated in %%post)
install -d %{buildroot}%{_sysconfdir}/apache2/ssl.{crt,csr,key}
install -d %{buildroot}/srv/www/htdocs
touch %{buildroot}%{_sysconfdir}/apache2/ssl.key/openstack-nova-{ca,server}.key
touch %{buildroot}%{_sysconfdir}/apache2/ssl.csr/openstack-nova-server.csr
touch %{buildroot}%{_sysconfdir}/apache2/ssl.crt/openstack-nova-{ca,server}.crt
# Apache2 WSGI apps
for api in ec2 osapi_compute osapi_volume metadata ; do
install -D %{SOURCE7} %{buildroot}%{_localstatedir}/lib/nova/wsgi/$api.wsgi
done
### misc
%fdupes %{buildroot}%{python_sitelib}/%{component}
install -p -D -m 644 %{SOURCE11} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.openstack-nova-novncproxy
%if 0%{?suse_version} > 1110 && 0%{?suse_version} < 1230
mkdir -p %{buildroot}%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/
cp -a %{SOURCE9} %{buildroot}%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/
%endif
%if 0%{?suse_version} >= 1230
install -D -m 644 %{SOURCE12} %{buildroot}%{_datadir}/polkit-1/rules.d/10-openstack-nova-compute.rules
%endif
%pre
getent group %{groupname} >/dev/null || groupadd -r %{groupname}
getent passwd %{username} >/dev/null || \
useradd -r -g %{groupname} -d %{_localstatedir}/lib/nova -s /sbin/nologin \
-c "OpenStack Nova Daemons" %{username}
exit 0
%post
%{fillup_and_insserv -f openstack-nova-consoleauth openstack-nova-rpc-zmq-receiver}
if [ ! -s %{_sysconfdir}/apache2/ssl.csr/openstack-nova-server.csr ] ; then
# Generate a self-signed certificate to be used in non-production setups:
(umask 377 ; /usr/bin/gensslcert -C openstack-nova -n nova.example.com)
fi
%preun
%stop_on_removal openstack-nova-consoleauth openstack-nova-rpc-zmq-receiver
%postun
%restart_on_update openstack-nova-consoleauth openstack-nova-rpc-zmq-receiver
%insserv_cleanup
%post api
%{fillup_and_insserv -f openstack-nova-api}
%preun api
%stop_on_removal openstack-nova-api
%postun api
%restart_on_update openstack-nova-api
%insserv_cleanup
%post cert
%{fillup_and_insserv -f openstack-nova-cert}
%preun cert
%stop_on_removal openstack-nova-cert
%postun cert
%restart_on_update openstack-nova-cert
%insserv_cleanup
%post compute
polkit-auth --grant org.libvirt.unix.manage --user %{username} 2>/dev/null || true
%{fillup_and_insserv -f openstack-nova-compute}
%preun compute
%stop_on_removal openstack-nova-compute
%postun compute
%restart_on_update openstack-nova-compute
%insserv_cleanup
%post network
%{fillup_and_insserv -f openstack-nova-network}
%preun network
%stop_on_removal openstack-nova-network
%postun network
%restart_on_update openstack-nova-network
%insserv_cleanup
%post vncproxy
%{fillup_and_insserv -f openstack-nova-vncproxy}
%preun vncproxy
%stop_on_removal openstack-nova-vncproxy
%postun vncproxy
%restart_on_update openstack-nova-vncproxy
%insserv_cleanup
%post novncproxy
%{fillup_and_insserv openstack-nova-novncproxy}
%preun novncproxy
%stop_on_removal openstack-nova-novncproxy
%postun novncproxy
%restart_on_update openstack-nova-novncproxy
%insserv_cleanup
%post objectstore
%{fillup_and_insserv -f openstack-nova-objectstore}
%preun objectstore
%stop_on_removal openstack-nova-objectstore
%postun objectstore
%restart_on_update openstack-nova-objectstore
%insserv_cleanup
%post scheduler
%{fillup_and_insserv -f openstack-nova-scheduler}
%preun scheduler
%stop_on_removal openstack-nova-scheduler
%postun scheduler
%restart_on_update openstack-nova-scheduler
%insserv_cleanup
%post volume
%{fillup_and_insserv -f openstack-nova-volume}
%preun volume
%stop_on_removal openstack-nova-volume
%postun volume
%restart_on_update openstack-nova-volume
%insserv_cleanup
%files
%defattr(-,root,root,-)
%doc LICENSE README.rst
%{_sysconfdir}/bash_completion.d/openstack-nova-manage.sh
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%dir %{_sysconfdir}/nova
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/nova/api-paste.ini
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/nova/nova.conf
%config(noreplace) %{_sysconfdir}/nova/policy.json
%config(noreplace) %{_sysconfdir}/nova/rootwrap.conf
%dir %{_sysconfdir}/nova/rootwrap.d
%attr(0755, %{username}, root) %{_localstatedir}/lib/nova
%dir %attr(0755, %{username}, %{groupname}) %{_localstatedir}/log/nova
%ghost %attr(0755, %{username}, root) %{_localstatedir}/lock/nova
%ghost %dir %attr(0755, %{username}, root) %{_localstatedir}/run/nova
%{_bindir}/nova-all
%{_bindir}/nova-clear-rabbit-queues
%{_bindir}/nova-console
%{_bindir}/nova-manage
%{_bindir}/nova-rootwrap
%{_mandir}/man1/nova-all.1%{?ext_man}
%{_mandir}/man1/nova-console.1%{?ext_man}
%{_mandir}/man1/nova-manage.1%{?ext_man}
%{_mandir}/man1/nova-rootwrap.1%{?ext_man}
# apache integration for ssl setup
%ghost %{_sysconfdir}/apache2/ssl.key/openstack-nova-*.key
%ghost %{_sysconfdir}/apache2/ssl.csr/openstack-nova-server.csr
%ghost %{_sysconfdir}/apache2/ssl.crt/openstack-nova-*.crt
%dir %attr(0755, root, root) %{_localstatedir}/lib/nova/wsgi
%attr(0644, root, root) %{_localstatedir}/lib/nova/wsgi/*.wsgi
# FIXME: which package should these go in?
%{_initddir}/%{name}-consoleauth
%{_sbindir}/rc%{name}-consoleauth
%{_bindir}/nova-consoleauth
%{_mandir}/man1/nova-consoleauth.1%{?ext_man}
%{_initddir}/%{name}-rpc-zmq-receiver
%{_sbindir}/rc%{name}-rpc-zmq-receiver
%{_bindir}/nova-rpc-zmq-receiver
%{_mandir}/man1/nova-rpc-zmq-receiver.1%{?ext_man}
%files -n python-nova
%defattr(-,root,root,-)
%doc LICENSE
%{python_sitelib}/%{component}/
%{python_sitelib}/%{component}-*.egg-info
# Part of test subpackage
%exclude %{python_sitelib}/%{component}/tests/
%files api
%defattr(-,root,root,-)
%doc LICENSE
%config(noreplace) %{_sysconfdir}/nova/rootwrap.d/api-metadata.filters
%{_initddir}/%{name}-api
%{_sbindir}/rc%{name}-api
%{_bindir}/nova-api
%{_bindir}/nova-api-ec2
%{_bindir}/nova-api-metadata
%{_bindir}/nova-api-os-compute
%{_bindir}/nova-api-os-volume
%{_mandir}/man1/nova-api.1%{?ext_man}
%{_mandir}/man1/nova-api-ec2.1%{?ext_man}
%{_mandir}/man1/nova-api-metadata.1%{?ext_man}
%{_mandir}/man1/nova-api-os-compute.1%{?ext_man}
%{_mandir}/man1/nova-api-os-volume.1%{?ext_man}
%files cert
%defattr(-,root,root,-)
%doc LICENSE
%{_initddir}/%{name}-cert
%{_sbindir}/rc%{name}-cert
%{_bindir}/nova-cert
%{_mandir}/man1/nova-cert.1%{?ext_man}
%files compute
%defattr(-,root,root,-)
%doc LICENSE
%config(noreplace) %{_sysconfdir}/nova/rootwrap.d/compute.filters
%{_initddir}/%{name}-compute
%{_sbindir}/rc%{name}-compute
%{_bindir}/nova-compute
%{_mandir}/man1/nova-compute.1%{?ext_man}
%if 0%{?suse_version} > 1110 && 0%{?suse_version} < 1230
%{_localstatedir}/lib/polkit-1/localauthority/10-vendor.d/org.openstack.nova.compute.pkla
%endif
%if 0%{?suse_version} >= 1230
%{_datadir}/polkit-1/rules.d/10-openstack-nova-compute.rules
%endif
%files network
%defattr(-,root,root,-)
%doc LICENSE
%config(noreplace) %{_sysconfdir}/nova/rootwrap.d/network.filters
%{_initddir}/%{name}-network
%{_sbindir}/rc%{name}-network
%{_bindir}/nova-dhcpbridge
%{_bindir}/nova-network
%{_mandir}/man1/nova-dhcpbridge.1%{?ext_man}
%{_mandir}/man1/nova-network.1%{?ext_man}
%files novncproxy
%defattr(-,root,root,-)
%doc LICENSE
%{_initddir}/%{name}-novncproxy
%{_sbindir}/rc%{name}-novncproxy
%{_bindir}/nova-novncproxy
%{_mandir}/man1/nova-novncproxy.1%{?ext_man}
%{_var}/adm/fillup-templates/sysconfig.openstack-nova-novncproxy
%files objectstore
%defattr(-,root,root,-)
%doc LICENSE
%{_initddir}/%{name}-objectstore
%{_sbindir}/rc%{name}-objectstore
%{_bindir}/nova-objectstore
%{_mandir}/man1/nova-objectstore.1%{?ext_man}
%files scheduler
%defattr(-,root,root,-)
%doc LICENSE
%{_initddir}/%{name}-scheduler
%{_sbindir}/rc%{name}-scheduler
%{_bindir}/nova-scheduler
%{_mandir}/man1/nova-scheduler.1%{?ext_man}
%files vncproxy
%defattr(-,root,root,-)
%doc LICENSE
%{_initddir}/%{name}-vncproxy
%{_sbindir}/rc%{name}-vncproxy
%{_bindir}/nova-xvpvncproxy
%{_mandir}/man1/nova-xvpvncproxy.1%{?ext_man}
%files volume
%defattr(-,root,root,-)
%doc LICENSE
%config(noreplace) %{_sysconfdir}/nova/rootwrap.d/volume.filters
%{_initddir}/%{name}-volume
%{_sbindir}/rc%{name}-volume
%{_bindir}/nova-volume
%{_bindir}/nova-volume-usage-audit
%{_mandir}/man1/nova-volume.1%{?ext_man}
%{_mandir}/man1/nova-volume-usage-audit.1%{?ext_man}
%files test
%defattr(-,root,root)
%{python_sitelib}/%{component}/tests/
%{_localstatedir}/lib/%{name}-test/
%changelog
++++++ CVE-2013-2030.patch ++++++
>From 74aa04e2ca7942cb1e1a86dcbaffeb72d260ccd7 Mon Sep 17 00:00:00 2001
From: Russell Bryant <rbryant(a)redhat.com>
Date: Wed, 1 May 2013 09:41:57 -0400
Subject: [PATCH] Remove insecure default for signing_dir option.
The sample api-paste.ini file included an insecure value for the
signing_dir option for the keystone authtoken middleware. Comment out
the option so that we just rely on the default behavior by default.
Fix bug 1174608.
Conflicts:
etc/nova/api-paste.ini
Change-Id: I6189788953d789c34456bbe150b8ed6ce6f68403
(cherry picked from commit 58d6879b1caaa750c39c8e452a0634c24ffef2ce)
---
etc/nova/api-paste.ini | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/etc/nova/api-paste.ini b/etc/nova/api-paste.ini
index 3970974..95307b2 100644
--- a/etc/nova/api-paste.ini
+++ b/etc/nova/api-paste.ini
@@ -124,4 +124,7 @@ auth_protocol = http
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
-signing_dir = /tmp/keystone-signing-nova
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient. It will create a temporary directory
+# in the home directory for the user the nova process is running as.
+#signing_dir = /var/lib/nova/keystone-signing
--
1.8.1.6
++++++ _service ++++++
<services>
<service name="git_tarballs" mode="disabled">
<param name="url">http://tarballs.openstack.org/nova/nova-stable-folsom.tar.gz</param>
<param name="email">cloud-devel(a)suse.de</param>
</service>
</services>
++++++ nova-network-filter-bnc777488.patch ++++++
Index: nova-2012.1+git.1345844892.4d2a4af/nova/network/linux_net.py
===================================================================
--- nova-2012.1+git.1345844892.4d2a4af.orig/nova/network/linux_net.py
+++ nova-2012.1+git.1345844892.4d2a4af/nova/network/linux_net.py
@@ -262,6 +262,9 @@ class IptablesManager(object):
# among the various nova components. It sits at the very top
# of FORWARD and OUTPUT.
for tables in [self.ipv4, self.ipv6]:
+ tables['filter'].add_chain('nova-filter-FORWARD-sitelocl', wrap=False)
+ tables['filter'].add_rule('FORWARD', '-j nova-filter-FORWARD-sitelocl', wrap=False, top=True)
+
tables['filter'].add_chain('nova-filter-top', wrap=False)
tables['filter'].add_rule('FORWARD', '-j nova-filter-top',
wrap=False, top=True)
Index: nova-2012.1+git.1345844892.4d2a4af/nova/tests/test_iptables_network.py
===================================================================
--- nova-2012.1+git.1345844892.4d2a4af.orig/nova/tests/test_iptables_network.py
+++ nova-2012.1+git.1345844892.4d2a4af/nova/tests/test_iptables_network.py
@@ -144,7 +144,15 @@ class IptablesManagerTestCase(test.TestC
"Duplicate line: %s" % line)
seen_lines.add(line)
- for chain in ['FORWARD', 'OUTPUT']:
+ for chain in ['FORWARD']:
+ for line in new_lines:
+ if line.startswith('[0:0] -A %s' % chain):
+ self.assertTrue('-j nova-filter-FORWARD-sitelocl' in line,
+ "First %s rule does not "
+ "jump to nova-filter-FORWARD-sitelocl" % chain)
+ break
+
+ for chain in ['OUTPUT']:
for line in new_lines:
if line.startswith('[0:0] -A %s' % chain):
self.assertTrue('-j nova-filter-top' in line,
++++++ nova-rbd-use-local-devices.patch ++++++
>From e9c36242bc3a5addad26cd622f35706d55a3f6c5 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer(a)suse.de>
Date: Tue, 3 Jul 2012 17:42:06 +0200
Subject: [PATCH] Use local rbd devices (/dev/rbd*) for rbd volumes
This adds a new LibirtVolumeDriver to nova-compute that will take care to
map/unmap local block devices for rbd volumes. The original approach for rbd
volumes required rbd-enabled libvirt and kvm/qemu. Which we currently don't
have on SLES-11-SP2.
Change-Id: I62e7664200bc83b948e19a65a3cbda81ebb0470e
---
nova/rootwrap/compute.py | 3 ++
nova/virt/libvirt/connection.py | 2 +-
nova/virt/libvirt/volume.py | 58 +++++++++++++++++++++++++++++++++++++++
nova/volume/driver.py | 6 ++++
4 files changed, 68 insertions(+), 1 deletions(-)
Index: nova-2012.2+git.1349813491.b7e509a/nova/virt/libvirt/volume.py
===================================================================
--- nova-2012.2+git.1349813491.b7e509a.orig/nova/virt/libvirt/volume.py
+++ nova-2012.2+git.1349813491.b7e509a/nova/virt/libvirt/volume.py
@@ -30,6 +30,8 @@ from nova.virt.libvirt import utils as v
LOG = logging.getLogger(__name__)
FLAGS = flags.FLAGS
flags.DECLARE('num_iscsi_scan_tries', 'nova.volume.driver')
+flags.DECLARE('rbd_secret_file', 'nova.volume.driver')
+flags.DECLARE('rbd_user', 'nova.volume.driver')
class LibvirtVolumeDriver(object):
@@ -71,6 +73,62 @@ class LibvirtFakeVolumeDriver(LibvirtVol
conf.serial = connection_info.get('serial')
return conf
+class LibvirtRbdVolumeDriver(LibvirtVolumeDriver):
+ """Driver to attach RBD volumes to libvirt."""
+
+ def _rbd_get_mapped_device(self, pool, image):
+ (out, err) = utils.execute('rbd', 'showmapped')
+ lines = out.split('\n')
+ del(lines[0])
+ device_path=""
+ for line in lines:
+ elements = line.split('\t')
+ # elements is now [ id, pool, image, snap, device ]
+ if len(elements) == 5 and elements[1] == pool and elements[2] == image:
+ device_path = elements[4]
+ break
+ LOG.debug("device path: %s" % ( device_path))
+ if len(device_path) == 0:
+ LOG.info("No host device found for rbd image %s/%s" % (pool, image))
+ return device_path
+
+ def _rbd_map_volume(self, connection_info):
+ pool = connection_info['data']['pool']
+ image = connection_info['data']['image']
+ (out, err) = utils.execute('rbd', 'map', '-p', pool, image,
+ '--secret', FLAGS.rbd_secret_file,
+ '--user', FLAGS.rbd_user,
+ run_as_root=True)
+ LOG.debug("rbd map: stdout=%s stderr=%s" % ( out, err))
+ return self._rbd_get_mapped_device(pool, image)
+
+ def _rbd_unmap_volume(self, connection_info):
+ pool = connection_info['data']['pool']
+ image = connection_info['data']['image']
+ host_device = self._rbd_get_mapped_device(pool, image)
+ if len(host_device) > 0:
+ (out, err) = utils.execute('rbd', 'unmap', host_device,
+ '--secret', FLAGS.rbd_secret_file,
+ '--user', FLAGS.rbd_user,
+ run_as_root=True)
+ LOG.debug("rbd unmap: stdout=%s stderr=%s" % ( out, err))
+
+
+ def connect_volume(self, connection_info, mount_device):
+ """Connect the volume. Returns xml for libvirt."""
+ driver = self._pick_volume_driver()
+ host_device = self._rbd_map_volume(connection_info)
+
+ connection_info['data']['device_path'] = host_device
+ sup = super(LibvirtRbdVolumeDriver, self)
+ return sup.connect_volume(connection_info, mount_device)
+
+ def disconnect_volume(self, connection_info, mount_device):
+ """Detach the volume from instance_name"""
+ sup = super(LibvirtRbdVolumeDriver, self)
+ sup.disconnect_volume(connection_info, mount_device)
+ self._rbd_unmap_volume(connection_info)
+
class LibvirtNetVolumeDriver(LibvirtVolumeDriver):
"""Driver to attach Network volumes to libvirt."""
Index: nova-2012.2+git.1349813491.b7e509a/nova/volume/driver.py
===================================================================
--- nova-2012.2+git.1349813491.b7e509a.orig/nova/volume/driver.py
+++ nova-2012.2+git.1349813491.b7e509a/nova/volume/driver.py
@@ -67,6 +67,10 @@ volume_opts = [
default=None,
help='the libvirt uuid of the secret for the rbd_user'
'volumes'),
+ cfg.StrOpt('rbd_secret_file',
+ default=None,
+ help='path the file containing the secret for the rbd_user'
+ 'volumes'),
cfg.StrOpt('volume_tmp_dir',
default=None,
help='where to store temporary image files if the volume '
@@ -724,6 +728,8 @@ class RBDDriver(VolumeDriver):
'driver_volume_type': 'rbd',
'data': {
'name': '%s/%s' % (FLAGS.rbd_pool, volume['name']),
+ 'pool': FLAGS.rbd_pool,
+ 'image' : volume['name'],
'auth_enabled': FLAGS.rbd_secret_uuid is not None,
'auth_username': FLAGS.rbd_user,
'secret_type': 'ceph',
Index: nova-2012.2+git.1349813491.b7e509a/etc/nova/rootwrap.d/compute.filters
===================================================================
--- nova-2012.2+git.1349813491.b7e509a.orig/etc/nova/rootwrap.d/compute.filters
+++ nova-2012.2+git.1349813491.b7e509a/etc/nova/rootwrap.d/compute.filters
@@ -101,6 +101,9 @@ ovs-ofctl: CommandFilter, /usr/bin/ovs-o
# nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ...
dd: CommandFilter, /bin/dd, root
+# nova/virt/libvirt/volume.py: 'rbd', "map/showmapped", ...
+rbd: CommandFilter, /usr/bin/rbd, root
+
# nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ...
iscsiadm: CommandFilter, /sbin/iscsiadm, root
iscsiadm_usr: CommandFilter, /usr/bin/iscsiadm, root
++++++ nova.conf ++++++
[DEFAULT]
# example nova.conf
# replace the values
verbose=True
auth_strategy=keystone
api_paste_config=/etc/nova/api-paste.ini
rootwrap_config=/etc/nova/rootwrap.conf
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
fixed_range=192.168.0.0/24
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/run/nova
#instances_path=/var/lib/nova/instances
root_helper=sudo /usr/bin/nova-rootwrap
sql_connection=mysql://root:<mysql-password>@<IP>/nova
s3_host=<IP>
#s3_port=3333
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
my_ip=<IP>
rabbit_host=<IP>
#rabbit_password=
glance_api_servers=<IP>
ec2_url=http://<IP>:8773/services/Cloud
network_manager=nova.network.manager.FlatDHCPManager
fixed_range=192.168.0.0/24
network_size=5000
compute_driver=libvirt.LibvirtDriver
libvirt_type=kvm
#libvirt_cpu_mode=none
instance_name_template=instance-%08x
enabled_apis=ec2,osapi_compute,metadata
#bridge_interface=br0
++++++ openstack-nova-api.wsgi ++++++
#
# OpenStack Compute (Nova) API WSGI app skeleton
#
import eventlet
eventlet.monkey_patch()
import os
import sys
from paste import deploy
from nova import flags
from nova import log as logging
from nova import utils
utils.default_flagfile()
flags.FLAGS(sys.argv)
logging.setup()
utils.monkey_patch()
LOG = logging.getLogger(__name__)
app_name = os.path.basename(__file__).rsplit('.')[0]
config_path = utils.find_config(flags.FLAGS.api_paste_config)
if app_name in flags.FLAGS.enabled_apis:
application = deploy.loadapp("config:%s" % config_path, name=app_name)
else:
LOG.error("Not starting disabled Nova WSGI application '%s'" % app_name)
++++++ openstack-nova-manage.sh ++++++
# bash completion for openstack nova-manage
# by Dominik Heidler <dheidler suse.de>
_nova_manage_opts="" # lazy init
_nova_manage_opts_exp="" # lazy init
# this will only work with bash 4
## declare dict
#declare -A _nova_manage_subopts
# dict hack for bash 3
# ...yea yea and eval is evil and you
# could use it to inject malicious
# code to .....yourself?
# bash 3 sucks...
_set_nova_manage_subopts () {
eval _nova_manage_subopts_"$1"='$2'
}
_get_nova_manage_subopts () {
eval echo '${_nova_manage_subopts_'"$1"'#_nova_manage_subopts_}'
}
_nova_manage()
{
local cur prev subopts
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
if [ "x$_nova_manage_opts" == "x" ] ; then
_nova_manage_opts="`nova-manage bash-completion 2>/dev/null | sed -e "1d" -e "s/^\s*//g"`"
_nova_manage_opts_exp="`echo $_nova_manage_opts | sed -e "s/\s/|/g"`"
fi
if [[ " `echo $_nova_manage_opts` " =~ " $prev " ]] ; then
#if [ "x${_nova_manage_subopts["$prev"]}" == "x" ] ; then
if [ "x$(_get_nova_manage_subopts "$prev")" == "x" ] ; then
subopts="`nova-manage $prev bash-completion 2>/dev/null | sed -e "1d"`"
#_nova_manage_subopts+=( ["$prev"]="$subopts" )
_set_nova_manage_subopts "$prev" "$subopts"
fi
#COMPREPLY=($(compgen -W "${_nova_manage_subopts["$prev"]}" -- ${cur}))
COMPREPLY=($(compgen -W "$(_get_nova_manage_subopts "$prev")" -- ${cur}))
elif [[ ! " ${COMP_WORDS[@]} " =~ " "($_nova_manage_opts_exp)" " ]] ; then
COMPREPLY=($(compgen -W "${_nova_manage_opts}" -- ${cur}))
fi
return 0
}
complete -F _nova_manage nova-manage
++++++ openstack-nova-network-init-bnc777488.patch ++++++
--- openstack-nova-network.orig 2012-08-17 15:38:54.000000000 +0000
+++ openstack-nova-network 2012-08-28 18:06:45.000000000 +0000
@@ -45,9 +45,31 @@
FULLNAME="OpenStack::Nova $name server"
CHUSER="-u $USER"
+iptables_setup()
+{
+ mode=$1
+ if [ -n "$ADMINNETWORK" ] && grep -qx 'enabled_apis=metadata' /etc/nova/nova.conf ; then # this must not run outside of compute nodes
+ interface=$(perl -ne 'm/flat_network_bridge=([0-9a-z.-]+)/ && print $1' /etc/nova/nova.conf)
+ if [ -z "$interface" ] ; then
+ echo "error: no flat_network_bridge interface found in nova.conf"
+ echo "can not set iptables rules"
+ else
+ PATH="/sbin:/usr/sbin:/usr/bin:/bin"
+ c="nova-filter-FORWARD-sitelocl"
+ iptables -N $c 2>/dev/null
+ iptables -$mode $c -d $STORAGENETWORK/$STORAGENETMASK -j REJECT
+ iptables -$mode INPUT -d $STORAGENETWORK/$STORAGENETMASK -i $interface -j REJECT
+ iptables -$mode $c -d $ADMINNETWORK/$ADMINNETMASK -j REJECT
+ iptables -$mode INPUT -d $ADMINNETWORK/$ADMINNETMASK -i $interface -j REJECT
+ iptables -$mode INPUT -p tcp --dport 8775 -i $interface -j ACCEPT # metadata api
+ fi
+ fi
+}
+
case "$1" in
start)
echo -n "Starting $FULLNAME"
+ iptables_setup I
startproc -s $CHUSER -t ${STARTUP_TIMEOUT:-5} -q /usr/bin/nova-$name $OPTIONS
rc_status -v
;;
@@ -55,6 +77,7 @@
echo -n "Shutting down $FULLNAME"
killproc /usr/bin/nova-$name
rc_status -v
+ iptables_setup D
;;
restart)
$0 stop
++++++ openstack-nova-novncproxy.init ++++++
#!/bin/sh
### BEGIN INIT INFO
# Provides: openstack-novncproxy
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start: rabbitmq-server mysql
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Nova novncproxy server
# Description: Nova novncproxy server.
### END INIT INFO
name="novncproxy"
USER="openstack-nova"
GROUP="nobody"
CONFIGFILE="/etc/nova/nova.conf"
RUNDIR="/var/run/nova"
LOGFILE="/var/log/nova/$name.log"
WEBROOT="/var/lib/nova/noVNC"
DAEMON="nova-novncproxy"
[ -e "/etc/sysconfig/openstack-$name" ] && . "/etc/sysconfig/openstack-$name"
mkdir -p $RUNDIR
DAEMON_OPTIONS="--config-file=$CONFIGFILE --logfile=$LOGFILE --web=$WEBROOT --daemon"
OPTIONS="${OPTIONS} $DAEMON_OPTIONS"
if [ "x$NOVNC_SSL_ENABLE" = "xyes" ] ; then
SSL_KEY_FILE=`umask 077 >/dev/null ; mktemp /dev/shm/openstack-novnc-key.XXXXXX`
SSL_CRT_FILE=`umask 077 >/dev/null ; mktemp /dev/shm/openstack-novnc-crt.XXXXXX`
chown "$USER" "$SSL_KEY_FILE" "$SSL_CRT_FILE"
OPTIONS="--cert $SSL_CRT_FILE --key $SSL_KEY_FILE ${OPTIONS}"
fi
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
FULLNAME="OpenStack::Nova $name server"
case "$1" in
start)
echo -n "Starting $DAEMON"
[ ! -z "$SSL_CRT_FILE" ] && [ ! -z "$SSL_KEY_FILE" ] && ( umask 077 ; cp "$NOVNC_SSL_KEY" "$SSL_KEY_FILE" ; cp "$NOVNC_SSL_CERT" "$SSL_CRT_FILE" )
startproc -u $USER /usr/bin/$DAEMON $OPTIONS </dev/null >/dev/null 2>&1 &
rc_status -v
;;
stop)
echo -n "Shutting down $DAEMON"
killproc python /usr/bin/$DAEMON 2>/dev/null
rc_status -v
;;
restart)
$0 stop
$0 start
rc_status
;;
reload)
;;
status)
echo -n "Checking $DAEMON"
/sbin/checkproc python /usr/bin/$DAEMON
rc_status -v
;;
condrestart|try-restart)
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
;;
*)
echo $"Usage: $0 {start|stop|status|restart|try-restart}"
exit 2
esac
exit $?
++++++ openstack-nova-polkit.rules ++++++
// grant nova-compute libvirt management permissions
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.user == "openstack-nova") {
return polkit.Result.YES;
}
});
++++++ openstack-nova-vncproxy.init ++++++
#!/bin/sh
### BEGIN INIT INFO
# Provides: openstack-nova-vncproxy
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start: rabbitmq-server mysql postgresql
# Should-Stop: rabbitmq-server mysql postgresql
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Nova vncproxy server
# Description: Nova vncproxy server.
### END INIT INFO
name="vncproxy"
USER="openstack-nova"
GROUP="nobody"
CONFIGFILE="/etc/nova/nova.conf"
RUNDIR="/var/run/nova"
LOGFILE="/var/log/nova/$name.log"
[ -e "/etc/sysconfig/openstack-nova-$name" ] && . "/etc/sysconfig/openstack-nova-$name"
mkdir -p $RUNDIR
DAEMON="/usr/bin/nova-xvpvncproxy"
DAEMON_OPTIONS="--config-file=$CONFIGFILE --logfile=$LOGFILE"
OPTIONS="${OPTIONS} $DAEMON_OPTIONS"
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
FULLNAME="OpenStack::Nova $name server"
CHUSER="-u $USER"
case "$1" in
start)
echo -n "Starting $FULLNAME"
startproc -s $CHUSER -t ${STARTUP_TIMEOUT:-5} -q $DAEMON $OPTIONS
rc_status -v
;;
stop)
echo -n "Shutting down $FULLNAME"
killproc $DAEMON
rc_status -v
;;
restart)
$0 stop
$0 start
rc_status
;;
reload)
;;
status)
echo -n "Checking $FULLNAME"
/sbin/checkproc $DAEMON
rc_status -v
;;
condrestart|try-restart)
$0 restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
exit 2
esac
exit $?
++++++ openstack-nova.init ++++++
#!/bin/sh
### BEGIN INIT INFO
# Provides: openstack-nova-__NAME__
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start: rabbitmq-server mysql postgresql
# Should-Stop: rabbitmq-server mysql postgresql
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Nova __NAME__ server
# Description: Nova __NAME__ server.
### END INIT INFO
name="__NAME__"
USER="openstack-nova"
GROUP="nobody"
CONFIGFILE="/etc/nova/nova.conf"
RUNDIR="/var/run/nova"
LOGFILE="/var/log/nova/$name.log"
[ -e "/etc/sysconfig/openstack-nova-$name" ] && . "/etc/sysconfig/openstack-nova-$name"
[ -e $LOGFILE ] || touch $LOGFILE
mkdir -p $RUNDIR
chown $USER. $RUNDIR $LOGFILE
DAEMON_OPTIONS="--config-file=$CONFIGFILE --logfile=$LOGFILE"
OPTIONS="${OPTIONS} $DAEMON_OPTIONS"
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
FULLNAME="OpenStack::Nova $name server"
CHUSER="-u $USER"
case "$1" in
start)
echo -n "Starting $FULLNAME"
startproc -s $CHUSER -t ${STARTUP_TIMEOUT:-5} -q /usr/bin/nova-$name $OPTIONS
rc_status -v
;;
stop)
echo -n "Shutting down $FULLNAME"
killproc /usr/bin/nova-$name
rc_status -v
;;
restart)
$0 stop
$0 start
rc_status
;;
reload)
;;
status)
echo -n "Checking $FULLNAME"
/sbin/checkproc /usr/bin/nova-$name
rc_status -v
;;
condrestart|try-restart)
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
rc_status
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
exit 2
esac
exit $?
++++++ openstack-nova.logrotate ++++++
/var/log/nova/*.log {
daily
missingok
su openstack-nova openstack-nova
}
++++++ org.openstack.nova.compute.pkla ++++++
[Grant nova-compute libvirt management permissions]
Identity=unix-user:openstack-nova
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes
++++++ rpmlintrc ++++++
# Bash completion files reside in /etc but are not meant to be configurable:
addFilter("non-conffile-in-etc /etc/bash_completion.d/openstack-nova-manage.sh")
#TODO: Fix this later on (i.e. SLE-12), Python on SLE-11 is way beyond broken:
addFilter("no-binary")
# This symling is for the -test package and can be ignored:
addFilter("dangling-symlink /var/lib/openstack-nova-test/nova")
addFilter("/var/lib/openstack-nova-test")
++++++ sysconfig.openstack-novncproxy ++++++
## Path: System/Management
## Description: OpenStack noVNC Proxy
## Type: yesno
## Default: "no"
#
# Enable SSL for noVNC Proxy.
#
NOVNC_SSL_ENABLE="no"
## Type: string
## Default: ""
#
# Path to certificate for noVNC Proxy in SSL mode.
#
NOVNC_SSL_CERT=""
## Type: string
## Default: ""
#
# Path to the key for noVNC Proxy in SSL mode.
#
NOVNC_SSL_KEY=""
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0