22694904 Some of the OpenStack patches can be cleaned up
authordavid.comay@oracle.com
Thu, 11 Feb 2016 17:35:02 -0800
changeset 5448 56f4540f741d
parent 5447 508add8f43f1
child 5449 ba6fc2429fb0
22694904 Some of the OpenStack patches can be cleaned up
components/openstack/keystone/patches/launchpad-1459816+.patch
components/openstack/keystone/patches/sample-data.sh.patch
components/openstack/swift/patches/manager.patch
components/openstack/swift/patches/manpages.patch
components/openstack/swift/patches/orphans.patch
components/openstack/swift/patches/recon.patch
components/openstack/swift/patches/remove_PyECLib.patch
components/openstack/swift/patches/rlimit_nproc.patch
components/openstack/swift/patches/test.patch
components/openstack/swift/patches/workers.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/keystone/patches/launchpad-1459816+.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -0,0 +1,420 @@
+The following in-house jumbo patch constitutes the upstream changes in
+Kilo for the following changesets
+
+	fa43b6f6d196ea7780de4530c1d59bd43bc0b6de
+	82449dd550b4724fc90e1f2c16ae5f3237eebd25
+	e614b299408b65a6558888b1f4930a9b641f1920
+	6cd2e5eccdad0005c4a69d85aa6918cfc33062c5
+	19f3ad9eca9e9d73e6a147b06d66d4dcb66d2934
+
+which address a number of issues with tools/sample_data.sh including
+switching from the deprecated keystoneclient to the new openstackclient
+commands.
+
+commit fa43b6f6d196ea7780de4530c1d59bd43bc0b6de
+Author: phil-hopkins-a <[email protected]>
+Date:   Thu May 28 15:34:57 2015 -0500
+
+    updates sample_data script to use the new openstack commands
+    
+    Cleans up the sample_data script to replace the keystoneclient commands
+    with the new openstackclient commands
+    
+    Change-Id: Id68ff2b466e582a0c2f4418d173f7d63c14f5f37
+    Closes-Bug: #1459816
+
+commit 82449dd550b4724fc90e1f2c16ae5f3237eebd25
+Author: Eric Brown <[email protected]>
+Date:   Sun Jul 12 22:47:27 2015 -0700
+
+    Replace reference of ksc with osc
+    
+    The leading comment in sample_data.sh still references the old
+    python-keystoneclient when its python-openstackclient that is
+    used to populate sample data.
+    
+    This patch also makes a minor fix of the Swift service description.
+    
+    TrivialFix
+    
+    Change-Id: Ie4f5729dcc0b3a6164470d11ba91ddaaec0bb022
+
+commit e614b299408b65a6558888b1f4930a9b641f1920
+Author: Ghe Rivero <[email protected]>
+Date:   Sat Aug 1 05:00:05 2015 +0200
+
+    Update exported variables for openstack client
+    
+    When using openstack client to populate an initial keystone
+    deployment, instead of the former keystone client, the env.
+    variables needed are OS_TOKEN and OS_URL instead of the
+    previous OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT
+    
+    Change-Id: I79dcd56896945267cf1c8ff4378ffff63048e155
+
+commit 6cd2e5eccdad0005c4a69d85aa6918cfc33062c5
+Author: Ghe Rivero <[email protected]>
+Date:   Sat Aug 1 05:16:28 2015 +0200
+
+    Missing ADMIN_USER in sample_data.sh
+    
+    When moving from keystone to openstack client, the initialization of
+    the ADMIN_USER variable was removed, making the script to fail.
+    
+    Change-Id: Iee2d5b1cbed6c93e335a4b4dbad3034a2f8e29ed
+
+commit 19f3ad9eca9e9d73e6a147b06d66d4dcb66d2934
+Author: Ghe Rivero <[email protected]>
+Date:   Sun Aug 2 17:57:37 2015 +0200
+
+    Create neutron service in sample_data.sh
+    
+    With the addition of Neutron to the sample_data.sh script, all services
+    required by the compute starter kit tag [1] are created (plus swift and ec2
+    compatible credentials)
+    
+    [1] http://governance.openstack.org/reference/tags/compute_starter_kit.html
+    
+    Change-Id: Iebc4f6b005e0466fe60691d964c7dea0e0eee947
+
+--- keystone-2015.1.2/doc/source/developing.rst.~1~	2015-10-13 10:18:02.000000000 -0700
++++ keystone-2015.1.2/doc/source/developing.rst	2016-02-05 23:16:41.873683648 -0800
[email protected]@ -75,6 +75,7 @@ place:
+     $ bin/keystone-manage db_sync
+ 
+ .. _`python-keystoneclient`: https://github.com/openstack/python-keystoneclient
++.. _`openstackclient`: https://git.openstack.org/cgit/openstack/python-openstackclient
+ 
+ If the above commands result in a ``KeyError``, or they fail on a
+ ``.pyc`` file with the message, ``You can only have one Python script per
[email protected]@ -158,18 +159,24 @@ data for use with keystone:
+ 
+ .. code-block:: bash
+ 
+-    $ OS_SERVICE_TOKEN=ADMIN tools/with_venv.sh tools/sample_data.sh
++    $ OS_TOKEN=ADMIN tools/with_venv.sh tools/sample_data.sh
+ 
+ Notice it requires a service token read from an environment variable for
+ authentication.  The default value "ADMIN" is from the ``admin_token``
+ option in the ``[DEFAULT]`` section in ``etc/keystone.conf``.
+ 
+ Once run, you can see the sample data that has been created by using the
+-`python-keystoneclient`_ command-line interface:
++`openstackclient`_ command-line interface:
+ 
+ .. code-block:: bash
+ 
+-    $ tools/with_venv.sh keystone --os-token ADMIN --os-endpoint http://127.0.0.1:35357/v2.0/ user-list
++    $ tools/with_venv.sh openstack --os-token ADMIN --os-url http://127.0.0.1:35357/v2.0/ user list
++
++The `openstackclient`_ can be installed using the following:
++
++.. code-block:: bash
++
++    $ tools/with_venv.sh pip install python-openstackclient
+ 
+ Filtering responsibilities between controllers and drivers
+ ----------------------------------------------------------
+--- keystone-2015.1.2/tools/sample_data.sh.~1~	2015-10-13 10:18:02.000000000 -0700
++++ keystone-2015.1.2/tools/sample_data.sh	2016-02-05 23:16:41.875371581 -0800
[email protected]@ -14,14 +14,14 @@
+ # License for the specific language governing permissions and limitations
+ # under the License.
+ 
+-# Sample initial data for Keystone using python-keystoneclient
++# Sample initial data for Keystone using python-openstackclient
+ #
+ # This script is based on the original DevStack keystone_data.sh script.
+ #
+ # It demonstrates how to bootstrap Keystone with an administrative user
+-# using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
+-# and the administrative API.  It will get the admin_token (OS_SERVICE_TOKEN)
+-# and admin_port from keystone.conf if available.
++# using the OS_TOKEN and OS_URL environment variables and the administrative
++# API.  It will get the admin_token (OS_TOKEN) and admin_port from
++# keystone.conf if available.
+ #
+ # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
+ # Use this with the Catalog Templated backend.
[email protected]@ -36,17 +36,25 @@
+ # service              nova      admin
+ # service              ec2       admin
+ # service              swift     admin
++# service              neutron   admin
+ 
+ # By default, passwords used are those in the OpenStack Install and Deploy Manual.
+ # One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
+ # environment variables. A common default password for all the services can be used by
+ # setting the "SERVICE_PASSWORD" environment variable.
+ 
++# Test to verify that the openstackclient is installed, if not exit
++type openstack >/dev/null 2>&1 || {
++    echo >&2 "openstackclient is not installed. Please install it to use this script. Aborting."
++    exit 1
++    }
++
+ ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
+ NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
+ GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
+ EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
+ SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
++NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
+ 
+ CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
+ CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
[email protected]@ -79,14 +87,14 @@ if [[ -r "$KEYSTONE_CONF" ]]; then
+     fi
+ fi
+ 
+-export OS_SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
+-if [[ -z "$OS_SERVICE_TOKEN" ]]; then
++export OS_TOKEN=${OS_TOKEN:-$CONFIG_SERVICE_TOKEN}
++if [[ -z "$OS_TOKEN" ]]; then
+     echo "No service token found."
+-    echo "Set OS_SERVICE_TOKEN manually from keystone.conf admin_token."
++    echo "Set OS_TOKEN manually from keystone.conf admin_token."
+     exit 1
+ fi
+ 
+-export OS_SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
++export OS_URL=${OS_URL:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
+ 
+ function get_id () {
+     echo `"[email protected]" | grep ' id ' | awk '{print $4}'`
[email protected]@ -95,141 +103,160 @@ function get_id () {
+ #
+ # Default tenant
+ #
+-DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
+-                                            --description "Default Tenant")
++openstack project create demo \
++                         --description "Default Tenant"
+ 
+-ADMIN_USER=$(get_id keystone user-create --name=admin \
+-                                         --pass="${ADMIN_PASSWORD}")
++openstack user create admin --project demo \
++                      --password "${ADMIN_PASSWORD}"
+ 
+-ADMIN_ROLE=$(get_id keystone role-create --name=admin)
++openstack role create admin
+ 
+-keystone user-role-add --user-id $ADMIN_USER \
+-                       --role-id $ADMIN_ROLE \
+-                       --tenant-id $DEMO_TENANT
++openstack role add --user admin \
++                   --project demo\
++                   admin
+ 
+ #
+ # Service tenant
+ #
+-SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
+-                                               --description "Service Tenant")
++openstack project create service \
++                  --description "Service Tenant"
++
++openstack user create glance --project service\
++                      --password "${GLANCE_PASSWORD}"
++
++openstack role add --user glance \
++                   --project service \
++                   admin
++
++openstack user create nova --project service\
++                      --password "${NOVA_PASSWORD}"
++
++openstack role add --user nova \
++                   --project service \
++                   admin
++
++openstack user create ec2 --project service \
++                      --password "${EC2_PASSWORD}"
++
++openstack role add --user ec2 \
++                   --project service \
++                   admin
+ 
+-GLANCE_USER=$(get_id keystone user-create --name=glance \
+-                                          --pass="${GLANCE_PASSWORD}")
++openstack user create swift --project service \
++                      --password "${SWIFT_PASSWORD}" \
+ 
+-keystone user-role-add --user-id $GLANCE_USER \
+-                       --role-id $ADMIN_ROLE \
+-                       --tenant-id $SERVICE_TENANT
+-
+-NOVA_USER=$(get_id keystone user-create --name=nova \
+-                                        --pass="${NOVA_PASSWORD}" \
+-                                        --tenant-id $SERVICE_TENANT)
+-
+-keystone user-role-add --user-id $NOVA_USER \
+-                       --role-id $ADMIN_ROLE \
+-                       --tenant-id $SERVICE_TENANT
+-
+-EC2_USER=$(get_id keystone user-create --name=ec2 \
+-                                       --pass="${EC2_PASSWORD}" \
+-                                       --tenant-id $SERVICE_TENANT)
+-
+-keystone user-role-add --user-id $EC2_USER \
+-                       --role-id $ADMIN_ROLE \
+-                       --tenant-id $SERVICE_TENANT
+-
+-SWIFT_USER=$(get_id keystone user-create --name=swift \
+-                                         --pass="${SWIFT_PASSWORD}" \
+-                                         --tenant-id $SERVICE_TENANT)
+-
+-keystone user-role-add --user-id $SWIFT_USER \
+-                       --role-id $ADMIN_ROLE \
+-                       --tenant-id $SERVICE_TENANT
++openstack role add --user swift \
++                   --project service \
++                   admin
++
++openstack user create neutron --project service \
++                      --password "${NEUTRON_PASSWORD}" \
++
++openstack role add --user neutron \
++                   --project service \
++                   admin
+ 
+ #
+ # Keystone service
+ #
+-KEYSTONE_SERVICE=$(get_id \
+-keystone service-create --name=keystone \
+-                        --type=identity \
+-                        --description="Keystone Identity Service")
++openstack service create --name keystone \
++                         --description "Keystone Identity Service" \
++                         identity
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+-    keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
++    openstack endpoint create --region RegionOne \
+         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
+         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" \
++        keystone
+ fi
+ 
+ #
+ # Nova service
+ #
+-NOVA_SERVICE=$(get_id \
+-keystone service-create --name=nova \
+-                        --type=compute \
+-                        --description="Nova Compute Service")
++openstack service create --name=nova \
++                         --description="Nova Compute Service" \
++                         compute
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+-    keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
++    openstack endpoint create --region RegionOne \
+         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
+         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
++        nova
+ fi
+ 
+ #
+ # Volume service
+ #
+-VOLUME_SERVICE=$(get_id \
+-keystone service-create --name=volume \
+-                        --type=volume \
+-                        --description="Nova Volume Service")
++openstack service create --name=volume \
++                         --description="Cinder Volume Service" \
++                         volume
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+-    keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
++    openstack endpoint create --region RegionOne \
+         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
+         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
++        volume
+ fi
+ 
+ #
+ # Image service
+ #
+-GLANCE_SERVICE=$(get_id \
+-keystone service-create --name=glance \
+-                        --type=image \
+-                        --description="Glance Image Service")
++openstack service create --name=glance \
++                         --description="Glance Image Service" \
++                         image
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+-    keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
++    openstack endpoint create --region RegionOne  \
+         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
+         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
++        glance
+ fi
+ 
+ #
+ # EC2 service
+ #
+-EC2_SERVICE=$(get_id \
+-keystone service-create --name=ec2 \
+-                        --type=ec2 \
+-                        --description="EC2 Compatibility Layer")
++openstack service create --name=ec2 \
++                         --description="EC2 Compatibility Layer" \
++                         ec2
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+-    keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
++    openstack endpoint create --region RegionOne \
+         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
+         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
++        ec2
+ fi
+ 
+ #
+ # Swift service
+ #
+-SWIFT_SERVICE=$(get_id \
+-keystone service-create --name=swift \
+-                        --type="object-store" \
+-                        --description="Swift Service")
++openstack service create --name=swift \
++                         --description="Swift Object Storage Service" \
++                         object-store
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+-    keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
++    openstack endpoint create --region RegionOne \
+         --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+         --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
++        swift
++fi
++
++#
++# Neutron service
++#
++openstack service create --name=neutron \
++                         --description="Neutron Network Service" \
++                         network
++if [[ -z "$DISABLE_ENDPOINTS" ]]; then
++    openstack endpoint create --region RegionOne \
++        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
++        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
++        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
++        neutron
+ fi
+ 
+ # create ec2 creds and parse the secret and access key returned
+-RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
++ADMIN_USER=$(get_id openstack user show admin)
++RESULT=$(openstack ec2 credentials create --project service --user $ADMIN_USER)
+ ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
+ ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
+ 
--- a/components/openstack/keystone/patches/sample-data.sh.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/keystone/patches/sample-data.sh.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -1,58 +1,49 @@
-Update the upstream sample-data.sh script for Solaris shell tools,
-additional OpenStack components, and the deprecation of keystone(1) in
-lieu of openstack(1) in Kilo.
+In-house patch to the sample_data.sh script installed in
+/usr/demo/openstack/keystone in order to support all of the standard
+services and to allow customization of the individual service
+endpoints. This is a Solaris-specific patch and is not suitable for
+upstream
 
-This patch is Solaris-specific and not suitable for upstream
-contribution.
---- keystone-2015.1.2/tools/sample_data.sh.orig	2016-01-12 14:41:47.118476961 -0500
-+++ keystone-2015.1.2/tools/sample_data.sh	2016-01-12 14:49:03.317361531 -0500
[email protected]@ -2,6 +2,8 @@
- 
- # Copyright 2013 OpenStack Foundation
+It also includes a change to use the standard Solaris tr(1) rather than
+GNU sed.
+
+--- keystone-2015.1.2/tools/sample_data.sh.~2~	2016-02-07 01:41:04.218073379 -0800
++++ keystone-2015.1.2/tools/sample_data.sh	2016-02-07 01:44:19.119595020 -0800
[email protected]@ -23,8 +23,8 @@
+ # API.  It will get the admin_token (OS_TOKEN) and admin_port from
+ # keystone.conf if available.
  #
-+# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
-+#
- # Licensed under the Apache License, Version 2.0 (the "License"); you may
- # not use this file except in compliance with the License. You may obtain
- # a copy of the License at
[email protected]@ -19,8 +21,8 @@
- # This script is based on the original DevStack keystone_data.sh script.
+-# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
+-# Use this with the Catalog Templated backend.
++# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment
++# variable. Use this with the Catalog Templated backend.
  #
- # It demonstrates how to bootstrap Keystone with an administrative user
--# using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
--# and the administrative API.  It will get the admin_token (OS_SERVICE_TOKEN)
-+# using the OS_TOKEN and OS_URL environment variables
-+# and the administrative API.  It will get the admin_token (OS_TOKEN)
- # and admin_port from keystone.conf if available.
- #
- # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
[email protected]@ -29,29 +31,67 @@
  # A EC2-compatible credential is created for the admin user and
  # placed in etc/ec2rc.
- #
--# Tenant               User      Roles
--# -------------------------------------------------------
--# demo                 admin     admin
--# service              glance    admin
--# service              nova      admin
--# service              ec2       admin
--# service              swift     admin
-+# Tenant               User       Roles
-+# --------------------------------------------------------
-+# demo                 admin      admin
-+# service              glance     admin
-+# service              nova       admin
-+# service              ec2        admin
-+# service              swift      admin
-+# service              cinder     admin
-+# service              neutron    admin
-+# service              heat       admin
-+# service              ironic     admin
[email protected]@ -37,11 +37,15 @@
+ # service              ec2       admin
+ # service              swift     admin
+ # service              neutron   admin
+-
+-# By default, passwords used are those in the OpenStack Install and Deploy Manual.
+-# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
+-# environment variables. A common default password for all the services can be used by
+-# setting the "SERVICE_PASSWORD" environment variable.
++# service              cinder    admin
++# service              heat      admin
++# service              ironic    admin
++
++# By default, passwords used are those in the OpenStack Install and Deploy
++# Manual. One can override these (publicly known, and hence, insecure)
++# passwords by setting the appropriate environment variables. A common default
++# password for all the services can be used by setting the "SERVICE_PASSWORD"
++# environment variable.
  
- # By default, passwords used are those in the OpenStack Install and Deploy Manual.
- # One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
- # environment variables. A common default password for all the services can be used by
- # setting the "SERVICE_PASSWORD" environment variable.
+ # Test to verify that the openstackclient is installed, if not exit
+ type openstack >/dev/null 2>&1 || {
[email protected]@ -49,17 +53,57 @@ type openstack >/dev/null 2>&1 || {
+     exit 1
+     }
  
 +PATH=/usr/bin
 +
@@ -62,8 +53,8 @@
  EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
 -SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
 +SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swift}}
+ NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
 +CINDER_PASSWORD=${CINDER_PASSWORD:-${SERVICE_PASSWORD:-cinder}}
-+NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
 +HEAT_PASSWORD=${HEAT_PASSWORD:-${SERVICE_PASSWORD:-heat}}
 +IRONIC_PASSWORD=${IRONIC_PASSWORD:-${SERVICE_PASSWORD:-ironic}}
  
@@ -74,24 +65,27 @@
 +NOVA_PUBLIC_ADDRESS=${NOVA_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
 +NOVA_ADMIN_ADDRESS=${NOVA_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +NOVA_INTERNAL_ADDRESS=${NOVA_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
 +GLANCE_PUBLIC_ADDRESS=${GLANCE_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
 +GLANCE_ADMIN_ADDRESS=${GLANCE_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +GLANCE_INTERNAL_ADDRESS=${GLANCE_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
 +EC2_PUBLIC_ADDRESS=${EC2_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
 +EC2_ADMIN_ADDRESS=${EC2_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +EC2_INTERNAL_ADDRESS=${EC2_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
 +SWIFT_PUBLIC_ADDRESS=${SWIFT_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
 +SWIFT_ADMIN_ADDRESS=${SWIFT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +SWIFT_INTERNAL_ADDRESS=${SWIFT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
++NEUTRON_PUBLIC_ADDRESS=${NEUTRON_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
++NEUTRON_ADMIN_ADDRESS=${NEUTRON_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
++NEUTRON_INTERNAL_ADDRESS=${NEUTRON_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
 +CINDER_PUBLIC_ADDRESS=${CINDER_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
 +CINDER_ADMIN_ADDRESS=${CINDER_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +CINDER_INTERNAL_ADDRESS=${CINDER_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
-+NEUTRON_PUBLIC_ADDRESS=${NEUTRON_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
-+NEUTRON_ADMIN_ADDRESS=${NEUTRON_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
-+NEUTRON_INTERNAL_ADDRESS=${NEUTRON_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
-+IRONIC_PUBLIC_ADDRESS=${IRONIC_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
-+IRONIC_ADMIN_ADDRESS=${IRONIC_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
-+IRONIC_INTERNAL_ADDRESS=${IRONIC_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
 +HEAT_CFN_PUBLIC_ADDRESS=${HEAT_CFN_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
 +HEAT_CFN_ADMIN_ADDRESS=${HEAT_CFN_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +HEAT_CFN_INTERNAL_ADDRESS=${HEAT_CFN_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
@@ -99,342 +93,198 @@
 +HEAT_ADMIN_ADDRESS=${HEAT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
 +HEAT_INTERNAL_ADDRESS=${HEAT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
 +
++IRONIC_PUBLIC_ADDRESS=${IRONIC_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
++IRONIC_ADMIN_ADDRESS=${IRONIC_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
++IRONIC_INTERNAL_ADDRESS=${IRONIC_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
++
  TOOLS_DIR=$(cd $(dirname "$0") && pwd)
  KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
  if [[ -r "$KEYSTONE_CONF" ]]; then
[email protected]@ -67,169 +107,221 @@
[email protected]@ -75,15 +119,19 @@ fi
  
  # Extract some info from Keystone's configuration file
  if [[ -r "$KEYSTONE_CONF" ]]; then
 -    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
--    if [[ -z "${CONFIG_SERVICE_TOKEN}" ]]; then
--        # default config options are commented out, so lets try those
++    CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
++        grep ^admin_token= | cut -d'=' -f2)
+     if [[ -z "${CONFIG_SERVICE_TOKEN}" ]]; then
+         # default config options are commented out, so lets try those
 -        CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_token= | cut -d'=' -f2)
--    fi
++        CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
++            grep ^\#admin_token= | cut -d'=' -f2)
+     fi
 -    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
--    if [[ -z "${CONFIG_ADMIN_PORT}" ]]; then
--        # default config options are commented out, so lets try those
++    CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
++        grep ^admin_port= | cut -d'=' -f2)
+     if [[ -z "${CONFIG_ADMIN_PORT}" ]]; then
+         # default config options are commented out, so lets try those
 -        CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_port= | cut -d'=' -f2)
--    fi
--fi
--
--export OS_SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
--if [[ -z "$OS_SERVICE_TOKEN" ]]; then
--    echo "No service token found."
--    echo "Set OS_SERVICE_TOKEN manually from keystone.conf admin_token."
--    exit 1
-+    CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
-+    CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
++        CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
++            grep ^\#admin_port= | cut -d'=' -f2)
+     fi
  fi
  
--export OS_SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
-+export OS_TOKEN=${OS_TOKEN:-$CONFIG_SERVICE_TOKEN}
-+if [[ -z "$OS_TOKEN" ]]; then
-+    echo "No authentication token found."
-+    echo "Set OS_TOKEN manually from keystone.conf admin_token."
-+    exit 1
-+fi
- 
--function get_id () {
--    echo `"[email protected]" | grep ' id ' | awk '{print $4}'`
--}
-+export OS_URL=${OS_URL:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
- 
- #
- # Default tenant
- #
--DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
--                                            --description "Default Tenant")
--
--ADMIN_USER=$(get_id keystone user-create --name=admin \
--                                         --pass="${ADMIN_PASSWORD}")
-+openstack project create --description "Default Tenant" demo
- 
--ADMIN_ROLE=$(get_id keystone role-create --name=admin)
--
--keystone user-role-add --user-id $ADMIN_USER \
--                       --role-id $ADMIN_ROLE \
--                       --tenant-id $DEMO_TENANT
-+# Admin user/role
-+openstack user create --project demo --password "${ADMIN_PASSWORD}" admin
-+openstack role create admin
-+openstack role add --user admin --project demo admin
- 
- #
- # Service tenant
- #
--SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
--                                               --description "Service Tenant")
--
--GLANCE_USER=$(get_id keystone user-create --name=glance \
--                                          --pass="${GLANCE_PASSWORD}")
-+openstack project create --description "Service Tenant" service
[email protected]@ -156,6 +204,29 @@ openstack role add --user neutron \
+                    --project service \
+                    admin
  
--keystone user-role-add --user-id $GLANCE_USER \
--                       --role-id $ADMIN_ROLE \
--                       --tenant-id $SERVICE_TENANT
--
--NOVA_USER=$(get_id keystone user-create --name=nova \
--                                        --pass="${NOVA_PASSWORD}" \
--                                        --tenant-id $SERVICE_TENANT)
--
--keystone user-role-add --user-id $NOVA_USER \
--                       --role-id $ADMIN_ROLE \
--                       --tenant-id $SERVICE_TENANT
--
--EC2_USER=$(get_id keystone user-create --name=ec2 \
--                                       --pass="${EC2_PASSWORD}" \
--                                       --tenant-id $SERVICE_TENANT)
--
--keystone user-role-add --user-id $EC2_USER \
--                       --role-id $ADMIN_ROLE \
--                       --tenant-id $SERVICE_TENANT
--
--SWIFT_USER=$(get_id keystone user-create --name=swift \
--                                         --pass="${SWIFT_PASSWORD}" \
--                                         --tenant-id $SERVICE_TENANT)
--
--keystone user-role-add --user-id $SWIFT_USER \
--                       --role-id $ADMIN_ROLE \
--                       --tenant-id $SERVICE_TENANT
-+# Glance user
-+openstack user create --project service --password "${GLANCE_PASSWORD}" glance
-+openstack role add --user glance --project service admin
++openstack user create cinder --project service \
++                             --password "${CINDER_PASSWORD}"
++
++openstack role add --user cinder \
++                   --project service \
++                   admin
++
++openstack user create heat --project service \
++                           --password "${HEAT_PASSWORD}"
 +
-+# Nova user
-+openstack user create --project service --password "${NOVA_PASSWORD}" nova
-+openstack role add --user nova --project service admin
++openstack role add --user heat \
++                   --project service \
++                   admin
 +
-+# EC2 user
-+openstack user create --project service --password "${EC2_PASSWORD}" ec2
-+openstack role add --user ec2 --project service admin
-+
-+# Swift user
-+openstack user create --project service --password "${SWIFT_PASSWORD}" swift
-+openstack role add --user swift --project service admin
++openstack role create heat_stack_user
 +
-+# Cinder user
-+openstack user create --project service --password "${CINDER_PASSWORD}"  cinder
-+openstack role add --user cinder --project service admin
-+
-+# Neutron user
-+openstack user create --project service --password "${NEUTRON_PASSWORD}" neutron
-+openstack role add --user neutron --project service admin
++openstack user create ironic --project service \
++                             --password "${IRONIC_PASSWORD}"
 +
-+# Ironic user
-+openstack user create --project service --password "${IRONIC_PASSWORD}" ironic
-+openstack role add --user ironic --project service admin
++openstack role add --user ironic \
++                   --project service \
++                   admin
 +
-+# Heat user
-+openstack user create --project service --password "${HEAT_PASSWORD}" heat
-+openstack role add --user heat --project service admin
- 
  #
  # Keystone service
  #
--KEYSTONE_SERVICE=$(get_id \
--keystone service-create --name=keystone \
--                        --type=identity \
--                        --description="Keystone Identity Service")
-+openstack service create --name keystone \
-+                         --description "Keystone Identity Service" \
-+                        identity
[email protected]@ -178,24 +249,32 @@ openstack service create --name=nova \
+                          compute
  if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--    keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
-+    openstack endpoint create --region RegionOne \
-         --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
-         --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
--        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
-+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" \
-+       keystone
- fi
- 
-+
- #
- # Nova service
- #
--NOVA_SERVICE=$(get_id \
--keystone service-create --name=nova \
--                        --type=compute \
--                        --description="Nova Compute Service")
-+openstack service create --name nova \
-+                         --description="Nova Compute Service" \
-+                         compute
- if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--    keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
+     openstack endpoint create --region RegionOne \
 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
--        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
-+    openstack endpoint create --region RegionOne \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
 +        --publicurl "http://$NOVA_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
 +        --adminurl "http://$NOVA_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
 +        --internalurl "http://$NOVA_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
-+       nova
+         nova
  fi
  
-+
  #
--# Volume service
-+# Volume service - v1 and v2
+ # Volume service
  #
--VOLUME_SERVICE=$(get_id \
--keystone service-create --name=volume \
--                        --type=volume \
--                        --description="Nova Volume Service")
-+openstack service create --name cinder \
-+                         --description "Cinder Volume Service" \
-+                        volume
-+openstack service create --name cinderv2 \
-+                         --description "Cinder Volume Service version 2" \
-+                        volumev2
+-openstack service create --name=volume \
++openstack service create --name=cinder \
+                          --description="Cinder Volume Service" \
+                          volume
++openstack service create --name=cinderv2 \
++                         --description="Cinder Volume Service (Version 2)" \
++                         volumev2
  if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--    keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
+     openstack endpoint create --region RegionOne \
 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
--        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
-+    openstack endpoint create --region RegionOne \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
+-        volume
 +        --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
 +        --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
 +        --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
-+       cinder
- fi
-+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
++        cinder
 +    openstack endpoint create --region RegionOne \
 +        --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v2/\$(tenant_id)s" \
 +        --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v2/\$(tenant_id)s" \
 +        --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v2/\$(tenant_id)s" \
-+       cinderv2
-+fi
-+
++        cinderv2
+ fi
  
  #
- # Image service
- #
--GLANCE_SERVICE=$(get_id \
--keystone service-create --name=glance \
--                        --type=image \
--                        --description="Glance Image Service")
--if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--    keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
[email protected]@ -206,9 +285,9 @@ openstack service create --name=glance \
+                          image
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+     openstack endpoint create --region RegionOne  \
 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
--        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
-+openstack service create --name glance \
-+                         --description "Glance Image Service" \
-+                        image
-+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
-+    openstack endpoint create --region RegionOne \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
 +        --publicurl "http://$GLANCE_PUBLIC_ADDRESS:9292" \
 +        --adminurl "http://$GLANCE_ADMIN_ADDRESS:9292" \
 +        --internalurl "http://$GLANCE_INTERNAL_ADDRESS:9292" \
-+       glance
+         glance
  fi
  
-+
- #
- # EC2 service
- #
--EC2_SERVICE=$(get_id \
--keystone service-create --name=ec2 \
--                        --type=ec2 \
--                        --description="EC2 Compatibility Layer")
--if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--    keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
[email protected]@ -220,9 +299,9 @@ openstack service create --name=ec2 \
+                          ec2
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+     openstack endpoint create --region RegionOne \
 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
--        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
-+openstack service create --name ec2 \
-+                         --description "EC2 Compatibility Layer" \
-+                        ec2
-+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
-+    openstack endpoint create --region RegionOne \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
 +        --publicurl "http://$EC2_PUBLIC_ADDRESS:8773/services/Cloud" \
 +        --adminurl "http://$EC2_ADMIN_ADDRESS:8773/services/Admin" \
 +        --internalurl "http://$EC2_INTERNAL_ADDRESS:8773/services/Cloud" \
-+       ec2
+         ec2
  fi
  
-+
- #
- # Swift service
- #
--SWIFT_SERVICE=$(get_id \
--keystone service-create --name=swift \
--                        --type="object-store" \
--                        --description="Swift Service")
--if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--    keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
[email protected]@ -234,9 +313,11 @@ openstack service create --name=swift \
+                          object-store
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+     openstack endpoint create --region RegionOne \
 -        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
 -        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
--        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
-+openstack service create --name swift \
-+                         --description "Swift Object Store Service" \
-+                        object-store
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
++        --publicurl \
++            "http://$SWIFT_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
++        --adminurl    "http://$SWIFT_ADMIN_ADDRESS:8080/v1" \
++        --internalurl \
++            "http://$SWIFT_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+         swift
+ fi
+ 
[email protected]@ -248,12 +329,48 @@ openstack service create --name=neutron
+                          network
+ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+     openstack endpoint create --region RegionOne \
+-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
+-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
+-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
++        --publicurl   "http://$NEUTRON_PUBLIC_ADDRESS:9696" \
++        --adminurl    "http://$NEUTRON_ADMIN_ADDRESS:9696" \
++        --internalurl "http://$NEUTRON_INTERNAL_ADDRESS:9696" \
+         neutron
+ fi
+ 
++#
++# Heat service
++#
++openstack service create --name=heat-cfn \
++                         --description="Heat CloudFormation API" \
++                         cloudformation
++openstack service create --name=heat \
++                         --description="Heat API" \
++                         orchestration
 +if [[ -z "$DISABLE_ENDPOINTS" ]]; then
 +    openstack endpoint create --region RegionOne \
-+        --publicurl "http://$SWIFT_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
-+        --adminurl "http://$SWIFT_ADMIN_ADDRESS:8080/v1" \
-+        --internalurl "http://$SWIFT_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
-+       swift
-+fi
-+
-+
-+#
-+# Neutron service
-+#
-+openstack service create --name neutron \
-+                         --description "Neutron Network Service" \
-+                        network
-+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
++        --publicurl   "http://$HEAT_CFN_PUBLIC_ADDRESS:8000/v1" \
++        --adminurl    "http://$HEAT_CFN_ADMIN_ADDRESS:8000/v1" \
++        --internalurl "http://$HEAT_CFN_INTERNAL_ADDRESS:8000/v1" \
++        heat-cfn
 +    openstack endpoint create --region RegionOne \
-+        --publicurl "http://$NEUTRON_PUBLIC_ADDRESS:9696/" \
-+        --adminurl "http://$NEUTRON_ADMIN_ADDRESS:9696/" \
-+        --internalurl "http://$NEUTRON_INTERNAL_ADDRESS:9696/" \
-+       neutron
++        --publicurl   "http://$HEAT_PUBLIC_ADDRESS:8004/v1/\$(tenant_id)s" \
++        --adminurl    "http://$HEAT_ADMIN_ADDRESS:8004/v1/\$(tenant_id)s" \
++        --internalurl "http://$HEAT_INTERNAL_ADDRESS:8004/v1/\$(tenant_id)s" \
++        heat
 +fi
 +
 +#
 +# Ironic service
 +#
-+openstack service create --name ironic \
-+                        --description "Bare Metal Provisioning Service" \
-+                        baremetal
++openstack service create --name=ironic \
++    --description="Ironic Bare Metal Provisioning Service" \
++    baremetal
 +if [[ -z "$DISABLE_ENDPOINTS" ]]; then
 +    openstack endpoint create --region RegionOne \
-+        --publicurl "http://$IRONIC_PUBLIC_ADDRESS:6385/" \
-+        --adminurl "http://$IRONIC_ADMIN_ADDRESS:6385/" \
-+        --internalurl "http://$IRONIC_INTERNAL_ADDRESS:6385/" \
-+       ironic
++        --publicurl   "http://$IRONIC_PUBLIC_ADDRESS:6385" \
++        --adminurl    "http://$IRONIC_ADMIN_ADDRESS:6385" \
++        --internalurl "http://$IRONIC_INTERNAL_ADDRESS:6385" \
++        ironic
 +fi
 +
-+#
-+# Heat services
-+#
-+openstack service create --name heat-cfn \
-+                        --description "Heat CloudFormation API" \
-+                        cloudformation
-+
-+openstack service create --name heat \
-+                        --description "Heat API" \
-+                        orchestration
-+
-+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
-+    openstack endpoint create --region RegionOne \
-+        --publicurl "http://$HEAT_CFN_PUBLIC_ADDRESS:8000/v1" \
-+        --adminurl "http://$HEAT_CFN_ADMIN_ADDRESS:8000/v1" \
-+        --internalurl "http://$HEAT_CFN_INTERNAL_ADDRESS:8000/v1" \
-+       heat-cfn
-+
-+    openstack endpoint create --region RegionOne \
-+        --publicurl "http://$HEAT_PUBLIC_ADDRESS:8004/v1/\$(tenant_id)s" \
-+        --adminurl "http://$HEAT_ADMIN_ADDRESS:8004/v1/\$(tenant_id)s" \
-+        --internalurl "http://$HEAT_INTERNAL_ADDRESS:8004/v1/\$(tenant_id)s" \
-+       heat
- fi
- 
  # create ec2 creds and parse the secret and access key returned
--RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
-+RESULT=$(openstack ec2 credentials create --project service --user admin)
- ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
- ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
- 
+ ADMIN_USER=$(get_id openstack user show admin)
+ RESULT=$(openstack ec2 credentials create --project service --user $ADMIN_USER)
--- a/components/openstack/swift/patches/manager.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/manager.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -1,24 +1,24 @@
-We want to put the swift server executables in /usr/lib/swift, which means
+We want to put the Swift server executables in /usr/lib/swift, which means
 that we need to be able to call them from there.  We do so by using the
 "executable" keyword argument to subprocess.Popen() (and allow for it to be
 mocked out during testing).
 
 This patch is not suitable for pushing upstream.
 
---- swift-2.2.0/swift/common/manager.py.~1~	2014-10-16 05:05:21.000000000 -0700
-+++ swift-2.2.0/swift/common/manager.py	2014-12-13 21:29:46.790264480 -0800
[email protected]@ -576,7 +576,8 @@ class Server(object):
+--- swift-2.3.0/swift/common/manager.py.~1~	2015-04-30 06:57:49.000000000 -0700
++++ swift-2.3.0/swift/common/manager.py	2016-02-08 00:46:36.615826872 -0800
[email protected]@ -577,7 +577,8 @@ class Server(object):
                  re_out = subprocess.PIPE
              else:
                  re_out = open(os.devnull, 'w+b')
 -        proc = subprocess.Popen(args, stdout=re_out, stderr=re_err)
 +        proc = subprocess.Popen(args, stdout=re_out, stderr=re_err,
-+            executable='/usr/lib/swift/' + self.cmd)
++                                executable='/usr/lib/swift/' + self.cmd)
          pid_file = self.get_pid_file_name(conf_file)
          write_file(pid_file, proc.pid)
          self.procs.append(proc)
---- swift-2.2.0/test/unit/common/test_manager.py.~1~	2014-10-16 05:05:21.000000000 -0700
-+++ swift-2.2.0/test/unit/common/test_manager.py	2014-12-13 21:30:06.746265266 -0800
+--- swift-2.3.0/test/unit/common/test_manager.py.~1~	2015-04-30 06:57:49.000000000 -0700
++++ swift-2.3.0/test/unit/common/test_manager.py	2016-02-08 00:45:32.431081803 -0800
 @@ -955,7 +955,7 @@ class TestServer(unittest.TestCase):
          class MockProc(object):
  
--- a/components/openstack/swift/patches/manpages.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/manpages.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -2,8 +2,8 @@
 describing use of SMF.  Fix a few small errors.  Some of this is obviously
 Solaris-specific, but the rest could be submitted upstream.
 
---- swift-2.2.2/doc/manpages/account-server.conf.5.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/account-server.conf.5	2015-02-26 16:13:29.119848756 -0800
+--- swift-2.3.0/doc/manpages/account-server.conf.5.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/account-server.conf.5	2016-02-07 23:36:11.482101790 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -33,8 +33,8 @@
  .SH "SEE ALSO"
 -.BR swift-account-server(1),
 +.BR swift-account-server (1)
---- swift-2.2.2/doc/manpages/container-server.conf.5.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/container-server.conf.5	2015-02-26 16:13:29.120133142 -0800
+--- swift-2.3.0/doc/manpages/container-server.conf.5.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/container-server.conf.5	2016-02-07 23:36:11.482749481 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -50,7 +50,7 @@
  
  
  
[email protected]@ -279,11 +279,11 @@ Maximum amount of time to spend syncing
[email protected]@ -283,11 +283,11 @@ Internal client config file path.
  .SH DOCUMENTATION
  .LP
  More in depth documentation about the swift-container-server and
@@ -64,8 +64,8 @@
  .SH "SEE ALSO"
 -.BR swift-container-server(1)
 +.BR swift-container-server (1)
---- swift-2.2.2/doc/manpages/dispersion.conf.5.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/dispersion.conf.5	2015-02-26 16:13:29.120357358 -0800
+--- swift-2.3.0/doc/manpages/dispersion.conf.5.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/dispersion.conf.5	2016-02-07 23:36:11.483318879 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -107,8 +107,8 @@
 +.BR swift-dispersion-report (1),
 +.BR swift-dispersion-populate (1)
  
---- swift-2.2.2/doc/manpages/object-expirer.conf.5.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/object-expirer.conf.5	2015-02-26 16:13:29.120567301 -0800
+--- swift-2.3.0/doc/manpages/object-expirer.conf.5.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/object-expirer.conf.5	2016-02-07 23:36:11.483836544 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -139,8 +139,8 @@
 -.BR swift-proxy-server.conf(5),
 +.BR proxy-server.conf (4)
  
---- swift-2.2.2/doc/manpages/object-server.conf.5.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/object-server.conf.5	2015-02-26 16:13:29.120792824 -0800
+--- swift-2.3.0/doc/manpages/object-server.conf.5.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/object-server.conf.5	2016-02-07 23:36:11.484380639 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -170,8 +170,8 @@
  .SH "SEE ALSO"
 -.BR swift-object-server(1),
 +.BR swift-object-server (1)
---- swift-2.2.2/doc/manpages/proxy-server.conf.5.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/proxy-server.conf.5	2015-02-26 16:13:29.121104217 -0800
+--- swift-2.3.0/doc/manpages/proxy-server.conf.5.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/proxy-server.conf.5	2016-02-07 23:36:11.485027685 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -200,8 +200,8 @@
  .SH "SEE ALSO"
 -.BR swift-proxy-server(1)
 +.BR swift-proxy-server (1)
---- swift-2.2.2/doc/manpages/swift-account-auditor.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-account-auditor.1	2015-02-26 16:13:29.121313974 -0800
+--- swift-2.3.0/doc/manpages/swift-account-auditor.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-account-auditor.1	2016-02-07 23:36:11.485555356 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -250,8 +250,8 @@
 -.BR account-server.conf(5)
 +.BR account-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-account-info.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-account-info.1	2015-02-26 16:13:29.121513953 -0800
+--- swift-2.3.0/doc/manpages/swift-account-info.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-account-info.1	2016-02-07 23:36:11.486089148 -0800
 @@ -14,12 +14,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -283,8 +283,8 @@
 +.BR swift-container-info (1),
 +.BR swift-get-nodes (1),
 +.BR swift-object-info (1)
---- swift-2.2.2/doc/manpages/swift-account-reaper.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-account-reaper.1	2015-02-26 16:13:29.121726101 -0800
+--- swift-2.3.0/doc/manpages/swift-account-reaper.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-account-reaper.1	2016-02-07 23:36:11.486663893 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -335,8 +335,8 @@
 -.BR account-server.conf(5)
 +.BR account-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-account-replicator.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-account-replicator.1	2015-02-26 16:13:29.121955499 -0800
+--- swift-2.3.0/doc/manpages/swift-account-replicator.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-account-replicator.1	2016-02-07 23:36:11.487188226 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -386,8 +386,8 @@
 -.BR account-server.conf(5)
 +.BR account-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-account-server.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-account-server.1	2015-02-26 16:13:29.122165290 -0800
+--- swift-2.3.0/doc/manpages/swift-account-server.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-account-server.1	2016-02-07 23:36:11.487720472 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -438,8 +438,8 @@
 -.BR account-server.conf(5)
 +.BR account-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-container-auditor.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-container-auditor.1	2015-02-26 16:13:29.141897463 -0800
+--- swift-2.3.0/doc/manpages/swift-container-auditor.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-container-auditor.1	2016-02-07 23:36:11.488238332 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -491,8 +491,8 @@
 -.BR container-server.conf(5)
 +.BR container-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-container-info.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-container-info.1	2015-02-26 16:13:29.142103981 -0800
+--- swift-2.3.0/doc/manpages/swift-container-info.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-container-info.1	2016-02-07 23:36:11.488748194 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -521,8 +521,8 @@
 -.BR swift-object-info(1)
 +.BR swift-get-nodes (1),
 +.BR swift-object-info (1)
---- swift-2.2.2/doc/manpages/swift-container-replicator.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-container-replicator.1	2015-02-26 16:13:29.142311525 -0800
+--- swift-2.3.0/doc/manpages/swift-container-replicator.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-container-replicator.1	2016-02-07 23:36:11.489262124 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -573,8 +573,8 @@
 -.BR container-server.conf(5)
 +.BR container-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-container-server.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-container-server.1	2015-02-26 16:13:29.142536566 -0800
+--- swift-2.3.0/doc/manpages/swift-container-server.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-container-server.1	2016-02-07 23:36:11.489822556 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -626,8 +626,8 @@
 -.BR container-server.conf(5)
 +.BR container-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-container-sync.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-container-sync.1	2015-02-26 16:13:29.142760939 -0800
+--- swift-2.3.0/doc/manpages/swift-container-sync.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-container-sync.1	2016-02-07 23:36:11.490362130 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -658,8 +658,8 @@
  .SH "SEE ALSO"
 -.BR container-server.conf(5)
 +.BR container-server.conf (4)
---- swift-2.2.2/doc/manpages/swift-container-updater.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-container-updater.1	2015-02-26 16:13:29.142985262 -0800
+--- swift-2.3.0/doc/manpages/swift-container-updater.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-container-updater.1	2016-02-07 23:36:11.490895992 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -710,8 +710,8 @@
 -.BR container-server.conf(5)
 +.BR container-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-dispersion-populate.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-dispersion-populate.1	2015-02-26 16:13:29.143196250 -0800
+--- swift-2.3.0/doc/manpages/swift-dispersion-populate.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-dispersion-populate.1	2016-02-07 23:36:11.491414678 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -743,8 +743,8 @@
 -.BR dispersion.conf (5)
 +.BR swift-dispersion-report (1),
 +.BR dispersion.conf (4)
---- swift-2.2.2/doc/manpages/swift-dispersion-report.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-dispersion-report.1	2015-02-26 16:13:29.143403911 -0800
+--- swift-2.3.0/doc/manpages/swift-dispersion-report.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-dispersion-report.1	2016-02-07 23:36:11.491947359 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -776,8 +776,8 @@
 -.BR dispersion.conf (5)
 +.BR swift-dispersion-populate (1),
 +.BR dispersion.conf (4)
---- swift-2.2.2/doc/manpages/swift-get-nodes.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-get-nodes.1	2015-02-26 16:13:29.143614157 -0800
+--- swift-2.3.0/doc/manpages/swift-get-nodes.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-get-nodes.1	2016-02-07 23:36:11.492460076 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -813,8 +813,8 @@
 +.BR swift-container-info (1),
 +.BR swift-object-info (1),
 +.BR swift-ring-builder (1)
---- swift-2.2.2/doc/manpages/swift-init.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-init.1	2015-02-26 16:13:29.143864952 -0800
+--- swift-2.3.0/doc/manpages/swift-init.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-init.1	2016-02-07 23:36:11.493003288 -0800
 @@ -15,22 +15,54 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -903,8 +903,8 @@
 +.BR swift-proxy-server (1),
 +.BR swift-replicator-rsync (1),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-object-auditor.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-object-auditor.1	2015-02-26 16:13:29.144069821 -0800
+--- swift-2.3.0/doc/manpages/swift-object-auditor.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-object-auditor.1	2016-02-07 23:36:11.493520910 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -956,8 +956,8 @@
 -.BR object-server.conf(5)
 +.BR object-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-object-expirer.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-object-expirer.1	2015-02-26 16:13:29.144285407 -0800
+--- swift-2.3.0/doc/manpages/swift-object-expirer.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-object-expirer.1	2016-02-07 23:36:11.494051119 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1012,8 +1012,8 @@
 -
 +.BR object-expirer.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-object-info.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-object-info.1	2015-02-26 16:13:29.160574201 -0800
+--- swift-2.3.0/doc/manpages/swift-object-info.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-object-info.1	2016-02-07 23:36:11.494560238 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1045,8 +1045,8 @@
 +.BR swift-account-info (1),
 +.BR swift-container-info (1),
 +.BR swift-get-nodes (1)
---- swift-2.2.2/doc/manpages/swift-object-replicator.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-object-replicator.1	2015-02-26 16:13:29.160790039 -0800
+--- swift-2.3.0/doc/manpages/swift-object-replicator.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-object-replicator.1	2016-02-07 23:36:11.495086872 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1098,8 +1098,8 @@
 -.BR object-server.conf(5)
 +.BR object-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-object-server.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-object-server.1	2015-02-26 16:13:29.160992717 -0800
+--- swift-2.3.0/doc/manpages/swift-object-server.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-object-server.1	2016-02-07 23:36:11.495607099 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1150,8 +1150,8 @@
 -.BR object-server.conf(5)
 +.BR object-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-object-updater.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-object-updater.1	2015-02-26 16:13:29.161205584 -0800
+--- swift-2.3.0/doc/manpages/swift-object-updater.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-object-updater.1	2016-02-07 23:36:11.496138018 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1203,8 +1203,8 @@
 -.BR object-server.conf(5)
 +.BR object-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-orphans.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-orphans.1	2015-02-26 16:13:29.161459175 -0800
+--- swift-2.3.0/doc/manpages/swift-orphans.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-orphans.1	2016-02-07 23:36:11.496660523 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1228,8 +1228,8 @@
 +More documentation about OpenStack Swift can be found at
  .BI http://swift.openstack.org/index.html
  
---- swift-2.2.2/doc/manpages/swift-proxy-server.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-proxy-server.1	2015-02-26 16:13:29.161663139 -0800
+--- swift-2.3.0/doc/manpages/swift-proxy-server.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-proxy-server.1	2016-02-07 23:36:11.497176572 -0800
 @@ -15,16 +15,16 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1278,8 +1278,8 @@
 -.BR proxy-server.conf(5)
 +.BR proxy-server.conf (4),
 +.BR smf (5)
---- swift-2.2.2/doc/manpages/swift-recon.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-recon.1	2015-02-26 16:13:29.161870934 -0800
+--- swift-2.3.0/doc/manpages/swift-recon.1.~1~	2015-04-30 06:57:49.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-recon.1	2016-02-07 23:36:11.497732841 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
@@ -1295,7 +1295,7 @@
  
  .SH SYNOPSIS
  .LP
[email protected]@ -104,7 +104,7 @@ cronjob to run the swift-recon-cron scri
[email protected]@ -108,7 +108,7 @@ cronjob to run the swift-recon-cron scri
  
  .SH DOCUMENTATION
  .LP
@@ -1304,7 +1304,7 @@
  .BI http://swift.openstack.org/index.html
  Also more specific documentation about swift-recon can be found at
  .BI http://swift.openstack.org/admin_guide.html#cluster-telemetry-and-monitoring
[email protected]@ -112,6 +112,6 @@ Also more specific documentation about s
[email protected]@ -116,6 +116,6 @@ Also more specific documentation about s
  
  
  .SH "SEE ALSO"
@@ -1312,8 +1312,8 @@
 +.BR object-server.conf (4)
  
  
---- swift-2.2.2/doc/manpages/swift-ring-builder.1.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/doc/manpages/swift-ring-builder.1	2015-02-26 16:13:29.162099171 -0800
+--- swift-2.3.0/doc/manpages/swift-ring-builder.1.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/doc/manpages/swift-ring-builder.1	2016-02-07 23:36:11.498256500 -0800
 @@ -15,12 +15,12 @@
  .\" See the License for the specific language governing permissions and
  .\" limitations under the License.
--- a/components/openstack/swift/patches/orphans.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/orphans.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -1,21 +1,20 @@
 Convert the calls to ps in swift-orphans to calls that will work on
 Solaris.
 
-diff --git a/bin/swift-orphans b/bin/swift-orphans
---- a/bin/swift-orphans
-+++ b/bin/swift-orphans
+--- swift-2.3.0/bin/swift-orphans.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/bin/swift-orphans	2016-02-08 00:54:16.772518488 -0800
 @@ -54,12 +54,12 @@ Example (sends SIGTERM to all orphaned S
              if name.endswith('.pid'):
                  pids.append(open(os.path.join(root, name)).read().strip())
                  pids.extend(subprocess.Popen(
 -                    ['ps', '--ppid', pids[-1], '-o', 'pid', '--no-headers'],
-+                    ['pgrep', '-P', pids[-1]],
++                    ['/usr/bin/pgrep', '-P', pids[-1]],
                      stdout=subprocess.PIPE).communicate()[0].split())
  
      listing = []
      for line in subprocess.Popen(
 -            ['ps', '-eo', 'etime,pid,args', '--no-headers'],
-+            ['ps', '-eo', 'etime=', '-o' 'pid=', '-o' 'args='],
++            ['/usr/bin/ps', '-eo', 'etime=', '-o' 'pid=', '-o' 'args='],
              stdout=subprocess.PIPE).communicate()[0].split('\n'):
          if not line:
              continue
--- a/components/openstack/swift/patches/recon.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/recon.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -2,21 +2,22 @@
 Change some of the ways we gather information, since those are normally
 Linux-specific.  Make the tests acknowledge these changes.
 
---- swift-2.2.2/bin/swift-recon-cron.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/bin/swift-recon-cron	2015-02-26 16:49:51.937806748 -0800
[email protected]@ -57,8 +57,8 @@ def main():
+--- swift-2.3.0/bin/swift-recon-cron.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/bin/swift-recon-cron	2016-02-08 00:58:57.095754838 -0800
[email protected]@ -57,8 +57,9 @@ def main():
          sys.exit(1)
      conf = dict(c.items('filter:recon'))
      device_dir = conf.get('devices', '/srv/node')
 -    recon_cache_path = conf.get('recon_cache_path', '/var/cache/swift')
 -    recon_lock_path = conf.get('recon_lock_path', '/var/lock')
-+    recon_cache_path = conf.get('recon_cache_path', '/var/lib/swift/recon-cache')
++    recon_cache_path = conf.get('recon_cache_path',
++                                '/var/lib/swift/recon-cache')
 +    recon_lock_path = conf.get('recon_lock_path', '/var/run/swift')
      cache_file = os.path.join(recon_cache_path, "object.recon")
      lock_dir = os.path.join(recon_lock_path, "swift-recon-object-cron")
      conf['log_name'] = conf.get('log_name', 'recon-cron')
---- swift-2.2.2/etc/account-server.conf-sample.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/etc/account-server.conf-sample	2015-02-26 16:49:51.938107313 -0800
+--- swift-2.3.0/etc/account-server.conf-sample.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/etc/account-server.conf-sample	2016-02-08 00:56:36.131898549 -0800
 @@ -81,7 +81,7 @@ use = egg:swift#healthcheck
  
  [filter:recon]
@@ -44,8 +45,8 @@
  
  [account-reaper]
  # You can override the default log routing for this app here (don't use set!):
---- swift-2.2.2/etc/container-server.conf-sample.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/etc/container-server.conf-sample	2015-02-26 16:49:51.938374963 -0800
+--- swift-2.3.0/etc/container-server.conf-sample.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/etc/container-server.conf-sample	2016-02-08 00:56:36.132407941 -0800
 @@ -90,7 +90,7 @@ use = egg:swift#healthcheck
  
  [filter:recon]
@@ -82,8 +83,8 @@
  
  [container-sync]
  # You can override the default log routing for this app here (don't use set!):
---- swift-2.2.2/etc/drive-audit.conf-sample.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/etc/drive-audit.conf-sample	2015-02-26 17:03:18.476812691 -0800
+--- swift-2.3.0/etc/drive-audit.conf-sample.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/etc/drive-audit.conf-sample	2016-02-08 00:56:36.132840827 -0800
 @@ -8,7 +8,7 @@
  # log_max_line_length = 0
  # minutes = 60
@@ -93,8 +94,8 @@
  # unmount_failed_device = True
  #
  # By default, drive-audit logs only to syslog. Setting this option True
---- swift-2.2.2/etc/object-expirer.conf-sample.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/etc/object-expirer.conf-sample	2015-02-26 17:03:28.102759740 -0800
+--- swift-2.3.0/etc/object-expirer.conf-sample.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/etc/object-expirer.conf-sample	2016-02-08 00:56:36.133283025 -0800
 @@ -50,7 +50,7 @@
  # up to reclaim_age seconds before it gives up and deletes the entry in the
  # queue.
@@ -104,8 +105,8 @@
  
  [pipeline:main]
  pipeline = catch_errors proxy-logging cache proxy-server
---- swift-2.2.2/etc/object-server.conf-sample.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/etc/object-server.conf-sample	2015-02-26 16:49:51.938657130 -0800
+--- swift-2.3.0/etc/object-server.conf-sample.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/etc/object-server.conf-sample	2016-02-08 00:56:36.133858983 -0800
 @@ -143,8 +143,8 @@ use = egg:swift#healthcheck
  
  [filter:recon]
@@ -126,7 +127,7 @@
  #
  # limits how long rsync error log lines are
  # 0 means to log the entire line
[email protected]@ -224,7 +224,7 @@ use = egg:swift#recon
[email protected]@ -247,7 +247,7 @@ use = egg:swift#recon
  # slowdown will sleep that amount between objects
  # slowdown = 0.01
  #
@@ -135,7 +136,7 @@
  
  [object-auditor]
  # You can override the default log routing for this app here (don't use set!):
[email protected]@ -241,7 +241,7 @@ use = egg:swift#recon
[email protected]@ -264,7 +264,7 @@ use = egg:swift#recon
  # bytes_per_second = 10000000
  # log_time = 3600
  # zero_byte_files_per_second = 50
@@ -144,8 +145,8 @@
  
  # Takes a comma separated list of ints. If set, the object auditor will
  # increment a counter for every object whose size is <= to the given break
---- swift-2.2.2/swift/account/auditor.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/account/auditor.py	2015-02-26 16:49:51.938879416 -0800
+--- swift-2.3.0/swift/account/auditor.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/account/auditor.py	2016-02-08 00:56:36.134366990 -0800
 @@ -46,7 +46,7 @@ class AccountAuditor(Daemon):
          swift.common.db.DB_PREALLOCATION = \
              config_true_value(conf.get('db_preallocation', 'f'))
@@ -155,9 +156,9 @@
          self.rcache = os.path.join(self.recon_cache_path, "account.recon")
  
      def _one_audit_pass(self, reported):
---- swift-2.2.2/swift/common/db_replicator.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/common/db_replicator.py	2015-02-26 16:49:51.939223420 -0800
[email protected]@ -171,7 +171,7 @@ class Replicator(Daemon):
+--- swift-2.3.0/swift/common/db_replicator.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/common/db_replicator.py	2016-02-08 00:56:36.135027676 -0800
[email protected]@ -172,7 +172,7 @@ class Replicator(Daemon):
              config_true_value(conf.get('db_preallocation', 'f'))
          self._zero_stats()
          self.recon_cache_path = conf.get('recon_cache_path',
@@ -166,8 +167,8 @@
          self.recon_replicator = '%s.recon' % self.server_type
          self.rcache = os.path.join(self.recon_cache_path,
                                     self.recon_replicator)
---- swift-2.2.2/swift/common/middleware/recon.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/common/middleware/recon.py	2015-02-26 16:49:51.939514933 -0800
+--- swift-2.3.0/swift/common/middleware/recon.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/common/middleware/recon.py	2016-02-08 00:59:32.515208787 -0800
 @@ -15,6 +15,7 @@
  
  import errno
@@ -185,7 +186,7 @@
          self.object_recon_cache = os.path.join(self.recon_cache_path,
                                                 'object.recon')
          self.container_recon_cache = os.path.join(self.recon_cache_path,
[email protected]@ -90,28 +91,43 @@ class ReconMiddleware(object):
[email protected]@ -92,28 +93,44 @@ class ReconMiddleware(object):
      def get_mounted(self, openr=open):
          """get ALL mounted fs from /proc/mounts"""
          mounts = []
@@ -212,7 +213,8 @@
 +            onemin, fivemin, ftmin = os.getloadavg()
 +        else:
 +            with openr('/proc/loadavg', 'r') as f:
-+                onemin, fivemin, ftmin, tasks, procs = f.read().rstrip().split()
++                onemin, fivemin, ftmin, tasks, procs = \
++                    f.read().rstrip().split()
          loadavg['1m'] = float(onemin)
          loadavg['5m'] = float(fivemin)
          loadavg['15m'] = float(ftmin)
@@ -236,8 +238,8 @@
          meminfo = {}
          with openr('/proc/meminfo', 'r') as memlines:
              for i in memlines:
---- swift-2.2.2/swift/container/auditor.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/container/auditor.py	2015-02-26 16:49:51.939751504 -0800
+--- swift-2.3.0/swift/container/auditor.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/container/auditor.py	2016-02-08 00:56:36.136109394 -0800
 @@ -44,7 +44,7 @@ class ContainerAuditor(Daemon):
          swift.common.db.DB_PREALLOCATION = \
              config_true_value(conf.get('db_preallocation', 'f'))
@@ -247,8 +249,8 @@
          self.rcache = os.path.join(self.recon_cache_path, "container.recon")
  
      def _one_audit_pass(self, reported):
---- swift-2.2.2/swift/container/updater.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/container/updater.py	2015-02-26 16:49:51.939968905 -0800
+--- swift-2.3.0/swift/container/updater.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/container/updater.py	2016-02-08 00:56:36.136593440 -0800
 @@ -60,7 +60,7 @@ class ContainerUpdater(Daemon):
          swift.common.db.DB_PREALLOCATION = \
              config_true_value(conf.get('db_preallocation', 'f'))
@@ -258,8 +260,8 @@
          self.rcache = os.path.join(self.recon_cache_path, "container.recon")
          self.user_agent = 'container-updater %s' % os.getpid()
  
---- swift-2.2.2/swift/obj/auditor.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/obj/auditor.py	2015-02-26 16:49:51.940188415 -0800
+--- swift-2.3.0/swift/obj/auditor.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/obj/auditor.py	2016-02-08 00:56:36.137103648 -0800
 @@ -227,7 +227,7 @@ class ObjectAuditor(Daemon):
          self.conf_zero_byte_fps = int(
              conf.get('zero_byte_files_per_second', 50))
@@ -269,8 +271,8 @@
          self.rcache = os.path.join(self.recon_cache_path, "object.recon")
  
      def _sleep(self):
---- swift-2.2.2/swift/obj/expirer.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/obj/expirer.py	2015-02-26 16:49:51.940400670 -0800
+--- swift-2.3.0/swift/obj/expirer.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/obj/expirer.py	2016-02-08 00:56:36.137585778 -0800
 @@ -57,7 +57,7 @@ class ObjectExpirer(Daemon):
          self.report_first_time = self.report_last_time = time()
          self.report_objects = 0
@@ -280,9 +282,9 @@
          self.rcache = join(self.recon_cache_path, 'object.recon')
          self.concurrency = int(conf.get('concurrency', 1))
          if self.concurrency < 1:
---- swift-2.2.2/swift/obj/replicator.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/obj/replicator.py	2015-02-26 16:49:51.940644907 -0800
[email protected]@ -77,7 +77,7 @@ class ObjectReplicator(Daemon):
+--- swift-2.3.0/swift/obj/replicator.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/obj/replicator.py	2016-02-08 00:56:36.138119411 -0800
[email protected]@ -79,7 +79,7 @@ class ObjectReplicator(Daemon):
          self.http_timeout = int(conf.get('http_timeout', 60))
          self.lockup_timeout = int(conf.get('lockup_timeout', 1800))
          self.recon_cache_path = conf.get('recon_cache_path',
@@ -291,9 +293,9 @@
          self.rcache = os.path.join(self.recon_cache_path, "object.recon")
          self.conn_timeout = float(conf.get('conn_timeout', 0.5))
          self.node_timeout = float(conf.get('node_timeout', 10))
---- swift-2.2.2/swift/obj/updater.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/swift/obj/updater.py	2015-02-26 16:49:51.940853387 -0800
[email protected]@ -52,7 +52,7 @@ class ObjectUpdater(Daemon):
+--- swift-2.3.0/swift/obj/updater.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/obj/updater.py	2016-02-08 00:56:36.138592637 -0800
[email protected]@ -53,7 +53,7 @@ class ObjectUpdater(Daemon):
          self.successes = 0
          self.failures = 0
          self.recon_cache_path = conf.get('recon_cache_path',
@@ -302,8 +304,8 @@
          self.rcache = os.path.join(self.recon_cache_path, 'object.recon')
  
      def _listdir(self, path):
---- swift-2.2.2/test/unit/common/middleware/test_recon.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/test/unit/common/middleware/test_recon.py	2015-02-26 16:49:51.941363136 -0800
+--- swift-2.3.0/test/unit/common/middleware/test_recon.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/test/unit/common/middleware/test_recon.py	2016-02-08 01:01:12.393031484 -0800
 @@ -21,7 +21,9 @@ import array
  from swift.common import ring, utils
  from shutil import rmtree
@@ -314,7 +316,7 @@
  
  from swift import __version__ as swiftver
  from swift.common.swob import Request
[email protected]@ -384,10 +386,12 @@ class TestReconSuccess(TestCase):
[email protected]@ -387,10 +389,12 @@ class TestReconSuccess(TestCase):
              {'device': 'none', 'path': '/proc/fs/vmblock/mountPoint'}]
          oart = OpenAndReadTester(mounts_content)
          rv = self.app.get_mounted(openr=oart.open)
@@ -328,7 +330,7 @@
          oart = OpenAndReadTester(['0.03 0.03 0.00 1/220 16306'])
          rv = self.app.get_load(openr=oart.open)
          self.assertEquals(oart.read_calls, [((), {})])
[email protected]@ -397,6 +401,8 @@ class TestReconSuccess(TestCase):
[email protected]@ -400,6 +404,8 @@ class TestReconSuccess(TestCase):
                                 '1m': 0.029999999999999999})
  
      def test_get_mem(self):
@@ -337,25 +339,27 @@
          meminfo_content = ['MemTotal:         505840 kB',
                             'MemFree:           26588 kB',
                             'Buffers:           44948 kB',
[email protected]@ -508,7 +514,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -514,7 +520,8 @@ class TestReconSuccess(TestCase):
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['replication_time', 'replication_stats',
                                'replication_last'],
 -                              '/var/cache/swift/account.recon'), {})])
-+                              '/var/lib/swift/recon-cache/account.recon'), {})])
++                              '/var/lib/swift/recon-cache/account.recon'),
++                              {})])
          self.assertEquals(rv, {
              "replication_stats": {
                  "attempted": 1, "diff": 0,
[email protected]@ -539,7 +545,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -545,7 +552,8 @@ class TestReconSuccess(TestCase):
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['replication_time', 'replication_stats',
                                'replication_last'],
 -                              '/var/cache/swift/container.recon'), {})])
-+                              '/var/lib/swift/recon-cache/container.recon'), {})])
++                              '/var/lib/swift/recon-cache/container.recon'),
++                              {})])
          self.assertEquals(rv, {
              "replication_time": 200.0,
              "replication_stats": {
[email protected]@ -561,7 +567,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -567,7 +575,7 @@ class TestReconSuccess(TestCase):
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['object_replication_time',
                                'object_replication_last'],
@@ -364,16 +368,17 @@
          self.assertEquals(rv, {'object_replication_time': 200.0,
                                 'object_replication_last': 1357962809.15})
  
[email protected]@ -572,7 +578,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -578,7 +586,8 @@ class TestReconSuccess(TestCase):
          rv = self.app.get_updater_info('container')
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['container_updater_sweep'],
 -                             '/var/cache/swift/container.recon'), {})])
-+                             '/var/lib/swift/recon-cache/container.recon'), {})])
++                              '/var/lib/swift/recon-cache/container.recon'),
++                              {})])
          self.assertEquals(rv, {"container_updater_sweep": 18.476239919662476})
  
      def test_get_updater_info_object(self):
[email protected]@ -582,7 +588,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -588,7 +597,7 @@ class TestReconSuccess(TestCase):
          rv = self.app.get_updater_info('object')
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['object_updater_sweep'],
@@ -381,26 +386,28 @@
 +                             '/var/lib/swift/recon-cache/object.recon'), {})])
          self.assertEquals(rv, {"object_updater_sweep": 0.79848217964172363})
  
-     def test_get_auditor_info_account(self):
[email protected]@ -598,7 +604,7 @@ class TestReconSuccess(TestCase):
+     def test_get_expirer_info_object(self):
[email protected]@ -615,7 +624,8 @@ class TestReconSuccess(TestCase):
                                'account_auditor_pass_completed',
                                'account_audits_since',
                                'account_audits_failed'],
 -                              '/var/cache/swift/account.recon'), {})])
-+                              '/var/lib/swift/recon-cache/account.recon'), {})])
++                              '/var/lib/swift/recon-cache/account.recon'),
++                              {})])
          self.assertEquals(rv, {"account_auditor_pass_completed": 0.24,
                                 "account_audits_failed": 0,
                                 "account_audits_passed": 6,
[email protected]@ -617,7 +623,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -634,7 +644,8 @@ class TestReconSuccess(TestCase):
                                'container_auditor_pass_completed',
                                'container_audits_since',
                                'container_audits_failed'],
 -                              '/var/cache/swift/container.recon'), {})])
-+                              '/var/lib/swift/recon-cache/container.recon'), {})])
++                              '/var/lib/swift/recon-cache/container.recon'),
++                              {})])
          self.assertEquals(rv, {"container_auditor_pass_completed": 0.24,
                                 "container_audits_failed": 0,
                                 "container_audits_passed": 6,
[email protected]@ -645,7 +651,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -662,7 +673,7 @@ class TestReconSuccess(TestCase):
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['object_auditor_stats_ALL',
                                'object_auditor_stats_ZBF'],
@@ -409,7 +416,7 @@
          self.assertEquals(rv, {
              "object_auditor_stats_ALL": {
                  "audit_time": 115.14418768882751,
[email protected]@ -692,7 +698,7 @@ class TestReconSuccess(TestCase):
[email protected]@ -709,7 +720,7 @@ class TestReconSuccess(TestCase):
          self.assertEquals(self.fakecache.fakeout_calls,
                            [((['object_auditor_stats_ALL',
                                'object_auditor_stats_ZBF'],
--- a/components/openstack/swift/patches/remove_PyECLib.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/remove_PyECLib.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -1,24 +1,28 @@
 In-house removal of PyECLib in Swift since we do not support the
 Erasure Code storage policy.
+
 This patch is Solaris-specific and not suitable for upstream.
 
---- swift-2.3.0/requirements.txt.~1~	2015-04-30 09:57:42.000000000 -0400
-+++ swift-2.3.0/requirements.txt	2016-01-22 14:34:21.669065681 -0500
[email protected]@ -9,4 +9,3 @@
+--- swift-2.3.0/requirements.txt.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/requirements.txt	2016-02-10 22:26:24.654342455 -0800
[email protected]@ -9,4 +9,3 @@ netifaces>=0.5,!=0.10.0,!=0.10.1
  pastedeploy>=1.3.3
  simplejson>=2.0.9
  xattr>=0.4
 -PyECLib>=1.0.7
---- swift-2.3.0/swift.egg-info/requires.txt.~1~	2015-04-30 09:59:12.000000000 -0400
-+++ swift-2.3.0/swift.egg-info/requires.txt	2016-01-22 14:35:06.808030835 -0500
[email protected]@ -5,4 +5,3 @@
+--- swift-2.3.0/swift.egg-info/requires.txt.~1~	2015-04-30 06:59:12.000000000 -0700
++++ swift-2.3.0/swift.egg-info/requires.txt	2016-02-10 22:26:28.217050442 -0800
[email protected]@ -4,5 +4,4 @@ greenlet>=0.3.1
+ netifaces>=0.5,!=0.10.0,!=0.10.1
  pastedeploy>=1.3.3
  simplejson>=2.0.9
- xattr>=0.4
+-xattr>=0.4
 -PyECLib>=1.0.7
---- swift-2.3.0/swift/common/storage_policy.py.~1~	2015-04-30 09:57:42.000000000 -0400
-+++ swift-2.3.0/swift/common/storage_policy.py	2016-01-22 14:34:21.669774386 -0500
[email protected]@ -19,7 +19,12 @@
++xattr>=0.4
+\ No newline at end of file
+--- swift-2.3.0/swift/common/storage_policy.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/swift/common/storage_policy.py	2016-02-10 22:26:24.656850844 -0800
[email protected]@ -19,7 +19,12 @@ from swift.common.utils import config_tr
  from swift.common.ring import Ring
  from swift.common.utils import quorum_size
  from swift.common.exceptions import RingValidationError
@@ -32,9 +36,9 @@
  
  LEGACY_POLICY_NAME = 'Policy-0'
  VALID_CHARS = '-' + string.letters + string.digits
---- swift-2.3.0/swift/proxy/controllers/obj.py.~1~	2015-04-30 09:57:42.000000000 -0400
-+++ swift-2.3.0/swift/proxy/controllers/obj.py	2016-01-22 14:34:21.670425554 -0500
[email protected]@ -60,7 +60,7 @@
+--- swift-2.3.0/swift/proxy/controllers/obj.py.~2~	2016-02-10 22:26:24.472991667 -0800
++++ swift-2.3.0/swift/proxy/controllers/obj.py	2016-02-10 22:26:24.659144290 -0800
[email protected]@ -60,7 +60,7 @@ from swift.common.http import (
      HTTP_SERVICE_UNAVAILABLE, HTTP_INSUFFICIENT_STORAGE,
      HTTP_PRECONDITION_FAILED, HTTP_CONFLICT, is_informational)
  from swift.common.storage_policy import (POLICIES, REPL_POLICY, EC_POLICY,
@@ -43,15 +47,16 @@
  from swift.proxy.controllers.base import Controller, delay_denial, \
      cors_validation
  from swift.common.swob import HTTPAccepted, HTTPBadRequest, HTTPNotFound, \
[email protected]@ -70,6 +70,11 @@
[email protected]@ -70,6 +70,12 @@ from swift.common.swob import HTTPAccept
  from swift.common.request_helpers import is_sys_or_user_meta, is_sys_meta, \
-     remove_items, copy_header_subset, close_if_possible
+     remove_items, copy_header_subset
  
 +# Load PyEClib if installed
 +try:
 +    from swift.common.storage_policy import ECDriverError
 +except ImportError:
 +    pass
++
  
  def copy_headers_into(from_r, to_r):
      """
--- a/components/openstack/swift/patches/rlimit_nproc.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/rlimit_nproc.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -7,9 +7,9 @@
 appropriate for upstream (but has not been submitted), depending on whether
 RLIMIT_NPROC is unavailable on any platforms other than Solaris.
 
---- swift-2.2.0/swift/common/manager.py
-+++ swift-2.2.0/swift/common/manager.py
[email protected]@ -75,6 +75,8 @@
+--- swift-2.3.0/swift/common/manager.py.~2~	2016-02-08 01:15:05.393368607 -0800
++++ swift-2.3.0/swift/common/manager.py	2016-02-08 01:15:05.487373162 -0800
[email protected]@ -76,6 +76,8 @@ def setup_env():
      except ValueError:
          print _("WARNING: Unable to modify max process limit.  "
                  "Running as non-root?")
@@ -18,9 +18,9 @@
  
      # Set PYTHON_EGG_CACHE if it isn't already set
      os.environ.setdefault('PYTHON_EGG_CACHE', '/tmp')
---- swift-2.2.0/test/unit/common/test_manager.py
-+++ swift-2.2.0/test/unit/common/test_manager.py
[email protected]@ -105,9 +105,10 @@
+--- swift-2.3.0/test/unit/common/test_manager.py.~2~	2016-02-08 01:15:05.394490747 -0800
++++ swift-2.3.0/test/unit/common/test_manager.py	2016-02-08 01:20:25.280013617 -0800
[email protected]@ -105,9 +105,10 @@ class TestManagerModule(unittest.TestCas
                                            manager.MAX_DESCRIPTORS)),
                  (resource.RLIMIT_DATA, (manager.MAX_MEMORY,
                                          manager.MAX_MEMORY)),
@@ -28,8 +28,8 @@
 -                                         manager.MAX_PROCS)),
              ]
 +            if getattr(resource, "RLIMIT_NPROC", None):
-+                expected.append((resource.RLIMIT_NPROC, (manager.MAX_PROCS,
-+                                         manager.MAX_PROCS)))
++                expected.append((resource.RLIMIT_NPROC,
++                                 (manager.MAX_PROCS, manager.MAX_PROCS)))
              self.assertEquals(manager.resource.called_with_args, expected)
              self.assertTrue(
                  manager.os.environ['PYTHON_EGG_CACHE'].startswith('/tmp'))
--- a/components/openstack/swift/patches/test.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/test.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -21,9 +21,9 @@
 the test should fork a separate process to test the lock, which should work
 regardless of the OS.
 
---- swift-2.2.2/test/sample.conf.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/test/sample.conf	2015-02-26 16:36:42.753470819 -0800
[email protected]@ -62,17 +62,17 @@ fake_syslog = False
+--- swift-2.3.0/test/sample.conf.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/test/sample.conf	2016-02-08 01:24:17.841343735 -0800
[email protected]@ -87,17 +87,17 @@ fake_syslog = False
  # Note that the cluster must have "sane" values for the test suite to pass
  # (for some definition of sane).
  #
@@ -52,9 +52,9 @@
  
  # Newer swift versions default to strict cors mode, but older ones were the
  # opposite.
---- swift-2.2.2/test/unit/__init__.py.~1~	2015-02-26 16:36:42.754399372 -0800
-+++ swift-2.2.2/test/unit/__init__.py	2015-02-26 16:41:30.006380635 -0800
[email protected]@ -670,7 +670,7 @@ def fake_http_connect(*code_iter, **kwar
+--- swift-2.3.0/test/unit/__init__.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/test/unit/__init__.py	2016-02-08 01:24:17.842339594 -0800
[email protected]@ -817,7 +817,7 @@ def fake_http_connect(*code_iter, **kwar
                      etag = '"68b329da9893e34099c7d8ad5cb9c940"'
  
              headers = swob.HeaderKeyDict({
@@ -63,9 +63,9 @@
                  'content-type': 'x-application/test',
                  'x-timestamp': self.timestamp,
                  'x-backend-timestamp': self.timestamp,
---- swift-2.2.2/test/unit/common/test_utils.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/test/unit/common/test_utils.py	2015-02-26 16:36:42.756657286 -0800
[email protected]@ -52,6 +52,7 @@ from functools import partial
+--- swift-2.3.0/test/unit/common/test_utils.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/test/unit/common/test_utils.py	2016-02-08 01:24:17.844724978 -0800
[email protected]@ -53,6 +53,7 @@ from functools import partial
  from tempfile import TemporaryFile, NamedTemporaryFile, mkdtemp
  from netifaces import AF_INET6
  from mock import MagicMock, patch
@@ -73,7 +73,7 @@
  
  from swift.common.exceptions import (Timeout, MessageTimeout,
                                       ConnectionTimeout, LockTimeout,
[email protected]@ -733,6 +734,8 @@ class TestUtils(unittest.TestCase):
[email protected]@ -748,6 +749,8 @@ class TestUtils(unittest.TestCase):
          utils.HASH_PATH_PREFIX = 'startcap'
  
      def test_lock_path(self):
@@ -82,7 +82,7 @@
          tmpdir = mkdtemp()
          try:
              with utils.lock_path(tmpdir, 0.1):
[email protected]@ -749,6 +752,8 @@ class TestUtils(unittest.TestCase):
[email protected]@ -764,6 +767,8 @@ class TestUtils(unittest.TestCase):
              shutil.rmtree(tmpdir)
  
      def test_lock_path_num_sleeps(self):
@@ -91,7 +91,7 @@
          tmpdir = mkdtemp()
          num_short_calls = [0]
          exception_raised = [False]
[email protected]@ -773,6 +778,8 @@ class TestUtils(unittest.TestCase):
[email protected]@ -788,6 +793,8 @@ class TestUtils(unittest.TestCase):
          self.assertTrue(exception_raised[0])
  
      def test_lock_path_class(self):
@@ -100,7 +100,7 @@
          tmpdir = mkdtemp()
          try:
              with utils.lock_path(tmpdir, 0.1, ReplicationLockTimeout):
[email protected]@ -1195,7 +1202,8 @@ class TestUtils(unittest.TestCase):
[email protected]@ -1214,7 +1221,8 @@ class TestUtils(unittest.TestCase):
              }, 'server', log_route='server')
              expected_args = [((), {'address': '/dev/log',
                                     'facility': orig_sysloghandler.LOG_LOCAL3})]
@@ -110,7 +110,7 @@
                      os.path.isfile('/dev/log') or \
                      os.path.isdir('/dev/log'):
                  # Since socket on OSX is in /var/run/syslog, there will be
[email protected]@ -2374,6 +2382,8 @@ cluster_dfw1 = http://dfw1.host/v1/
[email protected]@ -2402,6 +2410,8 @@ cluster_dfw1 = http://dfw1.host/v1/
                  MagicMock(side_effect=BaseException('test3')))
  
      def test_lock_file(self):
@@ -119,7 +119,7 @@
          flags = os.O_CREAT | os.O_RDWR
          with NamedTemporaryFile(delete=False) as nt:
              nt.write("test string")
[email protected]@ -2452,6 +2462,8 @@ cluster_dfw1 = http://dfw1.host/v1/
[email protected]@ -2480,6 +2490,8 @@ cluster_dfw1 = http://dfw1.host/v1/
                                          os.fstat(f.fileno()).st_ino)
  
      def test_lock_file_held_on_unlink(self):
@@ -128,7 +128,7 @@
          os_unlink = os.unlink
  
          def flocking_unlink(filename):
[email protected]@ -2468,6 +2480,8 @@ cluster_dfw1 = http://dfw1.host/v1/
[email protected]@ -2496,6 +2508,8 @@ cluster_dfw1 = http://dfw1.host/v1/
                      pass
  
      def test_lock_file_no_unlink_if_fail(self):
@@ -137,18 +137,18 @@
          os_open = os.open
          with NamedTemporaryFile(delete=True) as nt:
  
---- swift-2.2.2/test/unit/obj/test_diskfile.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/test/unit/obj/test_diskfile.py	2015-02-26 16:36:42.757582696 -0800
+--- swift-2.3.0/test/unit/obj/test_diskfile.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/test/unit/obj/test_diskfile.py	2016-02-08 01:24:17.846568734 -0800
 @@ -18,6 +18,7 @@
  
  import cPickle as pickle
  import os
 +import sys
  import errno
+ import itertools
  import mock
- import unittest
[email protected]@ -902,6 +903,8 @@ class TestDiskFileManager(unittest.TestC
-         self.assertEqual(hashes, {})
[email protected]@ -608,6 +609,8 @@ class DiskFileManagerMixin(BaseDiskFileT
+         self.assertEqual(locations, [])
  
      def test_replication_lock_on(self):
 +        if sys.platform == 'sunos5':
@@ -156,9 +156,9 @@
          # Double check settings
          self.df_mgr.replication_one_per_device = True
          self.df_mgr.replication_lock_timeout = 0.1
---- swift-2.2.2/test/unit/proxy/test_server.py.~1~	2015-02-01 23:44:11.000000000 -0800
-+++ swift-2.2.2/test/unit/proxy/test_server.py	2015-02-26 16:36:42.760354922 -0800
[email protected]@ -3376,6 +3376,9 @@ class TestObjectController(unittest.Test
+--- swift-2.3.0/test/unit/proxy/test_server.py.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/test/unit/proxy/test_server.py	2016-02-08 01:24:17.849738022 -0800
[email protected]@ -4263,6 +4263,9 @@ class TestObjectController(unittest.Test
  
          class LargeResponseBody(object):
  
@@ -168,7 +168,7 @@
              def __len__(self):
                  return constraints.MAX_FILE_SIZE + 1
  
[email protected]@ -3620,6 +3623,9 @@ class TestObjectController(unittest.Test
[email protected]@ -4510,6 +4513,9 @@ class TestObjectController(unittest.Test
  
          class LargeResponseBody(object):
  
@@ -178,7 +178,7 @@
              def __len__(self):
                  return constraints.MAX_FILE_SIZE + 1
  
[email protected]@ -3644,6 +3650,9 @@ class TestObjectController(unittest.Test
[email protected]@ -4537,6 +4543,9 @@ class TestObjectController(unittest.Test
  
          class LargeResponseBody(object):
  
--- a/components/openstack/swift/patches/workers.patch	Thu Feb 11 17:35:00 2016 -0800
+++ b/components/openstack/swift/patches/workers.patch	Thu Feb 11 17:35:02 2016 -0800
@@ -3,8 +3,8 @@
 the number of CPUs (cores) found may not be efficient on a system with
 a large number of cores. This patch is not suitable for the upstream.
 
---- swift-2.2.2/etc/account-server.conf-sample.~2~	2015-03-03 13:32:49.269716798 -0800
-+++ swift-2.2.2/etc/account-server.conf-sample	2015-03-03 13:32:49.300905746 -0800
+--- swift-2.3.0/etc/account-server.conf-sample.~2~	2016-02-08 00:02:16.969218591 -0800
++++ swift-2.3.0/etc/account-server.conf-sample	2016-02-08 00:02:17.037019168 -0800
 @@ -10,8 +10,9 @@ bind_port = 6002
  # disable_fallocate = false
  #
@@ -17,8 +17,8 @@
  #
  # Maximum concurrent requests per worker
  # max_clients = 1024
---- swift-2.2.2/etc/container-server.conf-sample.~2~	2015-03-03 13:32:49.269950594 -0800
-+++ swift-2.2.2/etc/container-server.conf-sample	2015-03-03 13:32:49.301151407 -0800
+--- swift-2.3.0/etc/container-server.conf-sample.~2~	2016-02-08 00:02:16.969741046 -0800
++++ swift-2.3.0/etc/container-server.conf-sample	2016-02-08 00:02:17.037565309 -0800
 @@ -10,8 +10,9 @@ bind_port = 6001
  # disable_fallocate = false
  #
@@ -31,8 +31,8 @@
  #
  # Maximum concurrent requests per worker
  # max_clients = 1024
---- swift-2.2.2/etc/object-server.conf-sample.~2~	2015-03-03 13:32:49.270540923 -0800
-+++ swift-2.2.2/etc/object-server.conf-sample	2015-03-03 13:32:49.301367390 -0800
+--- swift-2.3.0/etc/object-server.conf-sample.~2~	2016-02-08 00:02:16.971225158 -0800
++++ swift-2.3.0/etc/object-server.conf-sample	2016-02-08 00:02:17.038057162 -0800
 @@ -12,8 +12,9 @@ bind_port = 6000
  # expiring_objects_account_name = expiring_objects
  #
@@ -45,10 +45,10 @@
  #
  # Maximum concurrent requests per worker
  # max_clients = 1024
---- swift-2.2.2/etc/proxy-server.conf-sample.~1~	2015-02-01 23:44:14.000000000 -0800
-+++ swift-2.2.2/etc/proxy-server.conf-sample	2015-03-03 13:32:49.301633168 -0800
[email protected]@ -22,10 +22,10 @@ bind_port = 8080
- # disallowed_sections = container_quotas, tempurl, bulk_delete.max_failed_deletes
+--- swift-2.3.0/etc/proxy-server.conf-sample.~1~	2015-04-30 06:57:42.000000000 -0700
++++ swift-2.3.0/etc/proxy-server.conf-sample	2016-02-08 00:02:17.038685067 -0800
[email protected]@ -23,10 +23,10 @@ bind_port = 8080
+ # disallowed_sections = swift.valid_api_versions, container_quotas, tempurl
  
  # Use an integer to override the number of pre-forked processes that will
 -# accept connections.  Should default to the number of effective cpu