IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.
Amend variable list for bootstrap_keystone().
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
This reverts commit f6286cb586.
This patch is blocking glance as it needs mod_wsgi to perform new import workflow.
Change-Id: I4475247dfe986114d37678b3d3d552c0c7d02ddc
Those historic references to port 5000 and 35357 aren't being used
anymore for some time, so let us drop them.
Clean up some python2/3 wording along the way.
No longer mention Identity API v2, which is also a thing of the past.
Change-Id: Iafff097eee082f24ea2ae27ad038ad115aa36c61
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
* v3 is a superset of v2 and has been the defacto Cinder version for
several years now.
* Devstack installs Cinder v3 API by default, so the default environment
variables should reflect this.
Change-Id: I86e1ae4e020e2be043cf8e190d7959b65b6c093c
This makes sure that it is available to subprocesses like the other
authentication data.
Change-Id: I513b7c2620b171ce20a1ceb5536226f3a69f2b82
Closes-Bug: 1760901
There are some comment errors, it's modify 'Captial' to 'Capital' in
keystone file, and modify 'possition' to 'position' in openrc file, and
modify 'comming' to 'coming' in stack file, and
modify 'prefered' to 'preferred' in stackrc file.
Change-Id: I0fdd539cbfff842a4ba7fca9100b881443300f9a
This makes openrc more robust for the grenade scenarios by having a
sane fallback when stackrc is not found.
Change-Id: I297ba519d581d2b6fb4d80d59434acace054bada
Things like SERVICE_PROTOCOL and KEYSTONE_AUTH_PROTOCOL shouldn't
really be exported in openrc as they encourage using them directly to
build up keystone urls instead of actually using the OS_AUTH_URL.
Remove them.
Change-Id: I4b7cc680f7f14dae29b706a227be540c9e212cad
This makes keystone use the proxy uwsgi module when running in uwsgi
mode. It also introduces a new stackrc variable which is WSGI_MODE
that we can use to control the conditionals in services that current
work with mod_wsgi.
Also update retry timeouts on proxy pass so that workers don't disable
their connections during polling for initial activity.
Change-Id: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Devstack configures keystone for auth mechanism but don't tell
keystoneauth1 library that it should use keystone too.
In simple case, this is not an issue because some application
set 'password' by default (like the openstack cli).
But applications can have no default or another default.
Change-Id: Idd1e1d2e7546fce7531175440788a8c7cb27aec1
Nothing uses this variable either in devstack or libraries,
so it's dead code (at least on master), and we can remove it.
Change-Id: I5975c476ae5b26402c209d6e5746e7a5a5a91507
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f166
Partially-Implements: bp keystonev3
Change I24546f02067ea23d088d383b85e3a78d7b43f165 aimed to use
keystone v3 as default in devstack. The change was later reverted in
Ia792b23119c00089542ba08879dca1c29dc80945 because it broke some
projects.
This patch contains a small portion of the first change to set the
environment variables $OS_USER_DOMAIN_ID and $OS_PROJECT_DOMAIN_ID in
openrc, so that users don't have to set them manually when using
keystone v3.
Change-Id: Ie4c316d60590d55830d417f13817298dac70864f
Partially-Implements: bp keystonev3
Closes-Bug: 1387814
Apparently this is intentional as a joke on devstack leaking
passwords, but the dual meaning of the word confuses people. Let's
change it before we get yet another review fixing it.
Change-Id: I3bee03612f6ea197362aab04a37f81043f77f235
This replaces the use of TENANT variables with PROJECT ones during the
initial setup. The openrc will still export a OS_TENANT_NAME because
many tools (cinderclient, glanceclient amoung them) will not function
without it. We warn when we do that.
Change-Id: I824b1121842eb5821034071874bf1bb2d7c3631e
It seems like the fallout from this was not well sorted.
A lot of things aren't working, and there is still vestigial
v2 bits left behind.
This should have come with a much greater warning and some
spot checking of additional services working with this.
This reverts commit b162a1d58c.
Change-Id: Ia792b23119c00089542ba08879dca1c29dc80945
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f165
Partially-Implements: bp keystonev3
Since:
- novaclient doesn't require specify the *compute api* version
(default is 2.latest now)
- novaclient doesn't use COMPUTE_API_VERSION, since it's wrong name(
OS_COMPUTE_API_VERSION is a correct name)
we can remove COMPUTE_API_VERSION and NOVA_VERSION vars
Change-Id: I47856863e9403870b8d60c778b97d3de1a212ae1
Assumes devstack was configured with SERVICE_IP_VERSION in
local.conf
SERVICE_IP_VERSION is stored in .stackenv and checked in
openrc. If SERVICE_IP_VERSION is set to 6, openrc will use
IPv6.
NOTE: At first, I added a '-6' option to the openrc call
which would set the HOSTS accordingly. I then simplified
the code by saving SERVICE_IP_VERSION to the .stackenv file
which is sourced by openrc. After that, I simplified the
code even more by removing an extra, unnecessary, variable.
Change-Id: I5d46d5438d3e56fea788720ca17f0010caef3df1
In openrc, if we set OS_CACERT, some things will expect it to be there
in pre-flight checks. But it may very well be missing. This "fails
closed" because if we find the file, we try to use it, but if we don't
find the file, and the user thought we should be using it, we'll just
not be able to verify the server's name, and the libs will fail on that.
Change-Id: Ia5d06afa74bc645c2f19711cfa37e57a377c329b
Closes-Bug: #1452036
Allow providing certificates through environment variables to be used
for keystone, and provide the basis for doing this for other services.
It cannot be used in conjunction with tls-proxy as the service provides
it's own encrypted endpoint.
Impletmenting: blueprint devstack-https
Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0
Replacing $BASH_SOURCE with ${BASH_SOURCE:-$0} makes devstack zsh friendly: in
bash, $BASH_SOURCE is used per usual; in zsh, where $BASH_SOURCE isn't
defined, $0 is used, which, unlike in bash, evaluates to the current
source file.
Now you can source devstack's openrc from a zsh shell.
Tested with bash and zsh from directories other than the root devstack
directory.
Change-Id: Iab1a817b15d86144163b5094bb58f94b15c598a0
Set OS_VOLUME_API_VERSION environment variable to 2 so we use
specifically Cinder REST API v2. v1 is still enabled in the catalog, but
we want more exposure to v2 for testing.
Change-Id: I6c2f29edf44a0f58a7830fe4dd2db35f2db3658c
* Default IDENTITY_API_VERSION to '2.0' in stackrc
Note: the value of these *_API_VERSION variables will NOT include
the leading 'v' as the CLI tools do not allow it.
Change-Id: Ic6473833be35625282e7442f3c88fc1c4d0cc134
This is essentially a revert of
73695d0ea4. Since stackrc is
responsible for sourcing localrc, the required functions
are necessary (like for enable_service).
fixes bug 1186488
Change-Id: Iad90f802e77b94416821008c294c1a2ede8a4729
- Cleanup openrc, removing the sourcing of functions (which was failing
for zsh) and remove the *_DEBUG comment since they have been removed
from the clients.
Change-Id: Ie2e6fb1e770403c4ef3463a850e8151bd312614c
Specifically to recall HOST_IP and SERVICE_HOST for the current DevStack configuration.
Bug 930274
Change-Id: I299d94101ab93faccc88917503409e0afaa0a523
There are some environment variables that are derived in stack.sh
and cubersome to re-create later, so save them at the end of stack.sh
for use by other supporting scripts, such as openrc.
Change-Id: I1bbf717b970f8ceac0ff7da74aeaf19474997e07
* Adds lib/tls to create test CA/certs
* Start proxy if 'tls-proxy' is enabled
* Configure keystone service catalog for TLS
* Tear down proxy in unstack.sh
* Set auth protocol and ca-cert chain in openrc
* Add DATA_DIR to stackrc
This is the first in a series of patches to enable TLS support
for the service API endpoints.
Change-Id: Ia1c91dc8f1aaf94fbec9dc71da322559a83d14b6
sudo is only allowed in stack.sh on the CI, so move setup_quantum code
to the stack.sh.
also fixes quantum debug command setup for linuxbridge and ryu
Change-Id: I11bc0aa242a690e25acc088b3e9f483ceab38f26
Editing ENABLED_SERVICES directly can get tricky when
the user wants to disable something. This patch includes
two new functions for adding or removing services
safely, and a third (for completeness) to clear the
settings entirely before adding a minimal set of
services.
It also moves the logic for dealing with "negated"
services into a function so it can be tested and
applied by the new functions for manipulating
ENABLED_SERVICES.
Change-Id: I88f205f3666b86e6f0b6a94e0ec32a26c4bc6873
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
Fix bug 967429.
Don't use $USERNAME as a variable in openrc. It's commonly set by
default and can result in $OS_USERNAME getting set to something else
unexpectedly, resulting in an environment that doesn't work.
Change-Id: I6083a871209d30c81ca6876b1ef6c154aef7f598
* Remove credential creation from files/keystone_data.sh
* Remove EC2 cert setup from openrc
* Remove sourcing of ec2rc from stackrc
* Collect the above in eucarc
* Allow rc files to be sourced from other directories; based on Chmouel's
4881 proposal but is simpler and doesn't actually change the directory
* Create S3 endpoint
* Get EC2 and S3 endpoints from Keystone service catalog
* Add EC2 credential checks to exercises/client-env.sh
* exercises/bundle.sh and exercises/euca.sh use eucarc
Updates:
* remove readlink -f to stay bash 3 compatible
* use service catalog
* create S3 endpoint
Fixes bug 949528
Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
Dr. Jens Harbott