PSARC/2014/207 OpenStack Glance Update to Havana
PSARC/2014/208 OpenStack Cinder Update to Havana
PSARC/2014/209 OpenStack Keystone Update to Havana
PSARC/2014/210 OpenStack Nova Update to Havana
18416146 Neutron agents (L3 and DHCP) should cleanup resources when they are disabled
18562372 Failed to create a new project under Horizon
18645763 ZFSSA Cinder Driver support
18686327 evs agent silently ignores user-specified pool allocation ranges
18702697 fibre channel volumes should be supported in the cinder volume driver
18734289 nova won't terminate failed kz deployments
18738371 cinder-volume:setup should account for commented-out zfs_volume_base
18738374 cinder-volume:setup should check for existence of configuration file
18826190 nova-compute fails due to nova.utils.to_bytes
18855698 Update OpenStack to Havana 2013.2.3
18855710 Update python-cinderclient to 1.0.9
18855743 Update python-keystoneclient to 0.8.0
18855754 Update python-neutronclient to 2.3.4
18855764 Update python-novaclient to 2.17.0
18855793 Update python-swiftclient to 2.1.0
18856992 External networks can be deleted even when floating IP addresses are in use
18857784 bake in some more openstack configuration
18884923 Incorrect locale facets in python modules for openstack
18913890 the error in _get_view_and_lun may cause the failure of deleting volumes
18943044 Disable 'Security Groups' tab in Horizon dashboard
In-house patch to the sample_data.sh script installed in
/usr/demo/openstack/keystone in order to support all of the standard
services and to allow customization of the individual service
endpoints. Solaris-specific patch and is not suitable for upstream
It also includes a change to use the standard Solaris tr(1) rather than
GNU sed.
--- keystone-2013.2.3/tools/sample_data.sh.orig 2014-05-27 09:17:02.379736817 -0700
+++ keystone-2013.2.3/tools/sample_data.sh 2014-05-27 11:09:25.741756254 -0700
@@ -2,6 +2,8 @@
# Copyright 2013 OpenStack Foundation
#
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
@@ -23,8 +25,8 @@
# and the administrative API. It will get the admin_token (SERVICE_TOKEN)
# and admin_port from keystone.conf if available.
#
-# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
-# Use this with the Catalog Templated backend.
+# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment
+# variable. Use this with the Catalog Templated backend.
#
# A EC2-compatible credential is created for the admin user and
# placed in etc/ec2rc.
@@ -36,22 +38,48 @@
# service nova admin
# service ec2 admin
# service swift admin
+# service cinder admin
+# service neutron admin
+
+# By default, passwords used are those in the OpenStack Install and Deploy
+# Manual. One can override these (publicly known, and hence, insecure)
+# passwords by setting the appropriate environment variables. A common default
+# password for all the services can be used by setting the "SERVICE_PASSWORD"
+# environment variable.
-# By default, passwords used are those in the OpenStack Install and Deploy Manual.
-# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
-# environment variables. A common default password for all the services can be used by
-# setting the "SERVICE_PASSWORD" environment variable.
+PATH=/usr/bin
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
+CINDER_PASSWORD=${CINDER_PASSWORD:-${SERVICE_PASSWORD:-cinder}}
+NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}
+NOVA_PUBLIC_ADDRESS=${NOVA_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
+NOVA_ADMIN_ADDRESS=${NOVA_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
+NOVA_INTERNAL_ADDRESS=${NOVA_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
+GLANCE_PUBLIC_ADDRESS=${GLANCE_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
+GLANCE_ADMIN_ADDRESS=${GLANCE_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
+GLANCE_INTERNAL_ADDRESS=${GLANCE_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
+EC2_PUBLIC_ADDRESS=${EC2_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
+EC2_ADMIN_ADDRESS=${EC2_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
+EC2_INTERNAL_ADDRESS=${EC2_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
+SWIFT_PUBLIC_ADDRESS=${SWIFT_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
+SWIFT_ADMIN_ADDRESS=${SWIFT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
+SWIFT_INTERNAL_ADDRESS=${SWIFT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
+CINDER_PUBLIC_ADDRESS=${CINDER_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
+CINDER_ADMIN_ADDRESS=${CINDER_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
+CINDER_INTERNAL_ADDRESS=${CINDER_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
+NEUTRON_PUBLIC_ADDRESS=${NEUTRON_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
+NEUTRON_ADMIN_ADDRESS=${NEUTRON_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
+NEUTRON_INTERNAL_ADDRESS=${NEUTRON_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
+
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
if [[ -r "$KEYSTONE_CONF" ]]; then
@@ -67,8 +95,8 @@
# Extract some info from Keystone's configuration file
if [[ -r "$KEYSTONE_CONF" ]]; then
- CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
- CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
+ CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
+ CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
fi
export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
@@ -136,6 +164,22 @@
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
+CINDER_USER=$(get_id keystone user-create --name=cinder \
+ --pass="${CINDER_PASSWORD}" \
+ --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $CINDER_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $SERVICE_TENANT
+
+NEUTRON_USER=$(get_id keystone user-create --name=neutron \
+ --pass="${NEUTRON_PASSWORD}" \
+ --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $NEUTRON_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $SERVICE_TENANT
+
#
# Keystone service
#
@@ -159,23 +203,23 @@
--description="Nova Compute Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
+ --publicurl "http://$NOVA_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
+ --adminurl "http://$NOVA_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
+ --internalurl "http://$NOVA_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
fi
#
# Volume service
#
VOLUME_SERVICE=$(get_id \
-keystone service-create --name=volume \
+keystone service-create --name=cinder \
--type=volume \
- --description="Nova Volume Service")
+ --description="Cinder Volume Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
+ --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
+ --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
+ --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
fi
#
@@ -187,9 +231,9 @@
--description="Glance Image Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
+ --publicurl "http://$GLANCE_PUBLIC_ADDRESS:9292" \
+ --adminurl "http://$GLANCE_ADMIN_ADDRESS:9292" \
+ --internalurl "http://$GLANCE_INTERNAL_ADDRESS:9292"
fi
#
@@ -201,9 +245,9 @@
--description="EC2 Compatibility Layer")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
+ --publicurl "http://$EC2_PUBLIC_ADDRESS:8773/services/Cloud" \
+ --adminurl "http://$EC2_ADMIN_ADDRESS:8773/services/Admin" \
+ --internalurl "http://$EC2_INTERNAL_ADDRESS:8773/services/Cloud"
fi
#
@@ -212,15 +256,34 @@
SWIFT_SERVICE=$(get_id \
keystone service-create --name=swift \
--type="object-store" \
- --description="Swift Service")
+ --description="Swift Object Store Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
+ --publicurl "http://$SWIFT_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+ --adminurl "http://$SWIFT_ADMIN_ADDRESS:8080/v1" \
+ --internalurl "http://$SWIFT_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
+fi
+
+#
+# Neutron service
+#
+NEUTRON_SERVICE=$(get_id \
+keystone service-create --name=neutron \
+ --type=network \
+ --description="Neutron Network Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service-id $NEUTRON_SERVICE \
+ --publicurl "http://$NEUTRON_PUBLIC_ADDRESS:9696/" \
+ --adminurl "http://$NEUTRON_ADMIN_ADDRESS:9696/" \
+ --internalurl "http://$NEUTRON_INTERNAL_ADDRESS:9696/"
fi
# create ec2 creds and parse the secret and access key returned
+unset SERVICE_ENDPOINT SERVICE_TOKEN
+export OS_AUTH_URL=http://localhost:5000/v2.0
+export OS_PASSWORD="${ADMIN_PASSWORD}"
+export OS_TENANT_NAME=demo
+export OS_USERNAME=admin
RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`