| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Barbican expects configuration files for its tests to be in the same
location as they appear in the source tree. However, during
deployment configuration files are put into the /etc/barbican
directory. This fix patches the tests to find the configuration files
in the directory they are placed by the barbican recipe.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Novaclient contains a test that fails because it can't
find the path to the test certficate. This is because
the test is based off of running the test from the base
of the source tree. This fix changes the path to look
for the certificate from a relative path to the absolute
path allowing the test to be ran from any directory.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When running the keystone tests, the tests ensures that
keystone is being tested against the latest version of
keystone-client available by downloading keystone-client from
source using git. However, on the target system
keystone-client is installed as a separate package and it is
undesirable to download a newer version to test against. This
fix comments out the portion of the testing code that attempts
to retrieve keystone-client from source code using git.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Some Keystone tests create temporary files, usually
databases for testing. These files are stored in the
"tmp" directory under the "tests" directory in Keystone.
The fix creates this directory so these tests don't fail
on failing to create temporary files because the path
doesn't exist.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Keystone tests define the location of certificate files
as the location of the files in the source tree. However,
when installed on the system files are put in different
locations. This change patches the configuration file
for some tests to contain the full path to the tests
directories.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some tests provided by Keystone tests signing with an
example certificate and signing key. If these certificates
are not found these particular tests will hang. Thus, in
order for these tests to pass we must install the example
certificates to the system. This fix updates the install
script for Keystone to include installing the example
certificates.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keystone tests are designed to run on the source tree.
However, Keystone is installed on a system with files
in various directories. This fix patches the testing
source files to be able to find the files on the
distribution. This fix incorporates the changes of
a previous patch file into a new patch file that is
generated, since the previous patch are related and
close to eachother in the source and it is easier to
maintain less patch files.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Openstack components provide a run_tests.sh script for
running unit tests. Some of these tests expect the
openstack-nose plugin to be installed. This fix provides
a recipe for the building that plugin in order to allow
the various run_tests.sh scripts to run.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bitbake recipe file for building Keystone is inconsistent
with the use of tabs versus spaces. According to guidelines
for the Yocto project (style guide), the tabs should be
replaced with spaces in the case of indenting for lists. The
style guide can be found at:
https://wiki.yoctoproject.org/wiki/Recipe_&_Patch_Style_Guide
This fix changes the Keystone recipe file to use spaces instead
of tabs in list of files and package dependencies.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Colorama is a python interface for sending ASCII terminal
codes to facilitate setting cursor locations and outputting
color to terminal windows. This change provides a recipe for
obtaining the colorama package.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
| |
Some packages require the termcolor package, which is used
to generate colour output on terminal screens. This change
provides a recipe for installing the termcolor package.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tests included Horizon expect all files to be in a single
location in order to be run directly from the source tree. The
recipe for installing Horizon on the system installs Horizon
as a python site-package and puts files in different locations
depending on the file type. In order to have the tests support
this type of install we need to explicitly indicate the full path
of the test files to exclude in order to have the tests run
successfully. This fix adds the absolute path to the test
locations allows the Horizon tests to pass as expected.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Nose is a package to support unit testing of python source code.
Node-exclude is a plugin extending Nose to specify directories
to exclude from testing via the command line. Some packages
require this plugin to be installed in order to run all the tests
successfully. This fix creates recipe to install the node-exclude
plugin on the target system.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Horizon provides unit tests for testing its deployment in
target environment. These tests make use of django-nose
testing framework. This provides a recipe for building
django-nose and adds a dependency from Horizon on this
recipe.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, the run_tests.sh script provided by the horizon
package requires the command "coverage" to be available
even if the "-c" option (test with code coverage) is not
specified on the command line. This fix patches the test
script to remove the calls to the "coverage" tool and calls
the test script directly if the "-c" option is not provided.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
There are some missing ceilometer meters (e.g. vcpu) which have
origin from notification. This is due to ceilometer-agent-notification
service is not started on controller node.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The Fix-rbd-backend-not-working-for-none-admin-ceph-user.patch patch
was removed when Nova was updating to latest, and this causes nova-compute
fails to use Ceph cluster.
Re-apply the patch.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To support tempest, modify keystone identity.sh
script to:
* add user with username=alt_demo, tenant=alt_demo,
and password=password into keystone.
* add user "admin" into tenant "demo".
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
| |
Change license to MIT
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Modifying license to LGPL-3.0
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
uWSGI defaults to a maximum packet size of 4096 bytes. This
is too small to support working with PKI tokens that are now default
in Keystone. The size of the packets within Barbican are dependent
on both the size of the Keystone token and the size of the secret to
be stored & retrieved. Increasing the buffer size to the maximum
allowed by uWSGI allows Barbican to support the largest possible
secrets.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
| |
Currently, the /var/log/barbican directory is created but remains
empty. This change outputs a Barbican log file for debugging
communication problems that occur via uWSGI.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Heatclient tests requires python-mox3 and python-testscenarios.
Create additional heatclient-tests package when included into
final image will also include these 2 packages into final image.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
| |
mox3 package is required by heatclient tests,
so pulling this package in.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
| |
testscenarios package is required by heatclient tests,
so pulling this package in.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
By default, heat-tests sets project dir to
/usr/<lib/lib64>/python2.7/site-packages/ which
is the starting place for heat-tests to search
for default environment setting file. However all
the required file are in /etc/heat. So
set project_dir to "/"
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
| |
Add 2 hot templates which can be used to create
heat stack for demonstrating heat stack lifecycle
management and autoscaling
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
| |
Set heat_metadata_server_url, heat_waitcondition_server_url
config options in heat.conf to allow Ceilometer to be
able to invoke heat when resource alarm triggered.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently statistic values for all the meters are the same,
for example, 2 commands:
$ ceilometer statistics -m cpu_util
$ ceilometer statistics -m cpu
return the same statistic values, and this is incorrect.
It needs to query Ceilometer database for samples for the
correct meter-id to calculate statistic.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Make sure all Cinder services have the right setting
for log_dir in the init script as well as in the
config setting in .conf file as we shouldn't only
count on our init script launch to get logging right.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By turning on "log_dir=/var/log/cinder" in /etc/cinder/cinder.conf
all cinder services require folder /var/log/cinder exist to be
able to start. This folder is created through startup
scripts "/etc/init.d/cinder-xxxx"
However, at very first boot, cinder postinst script invokes
"cinder-manage db sync" without first creating folder /var/log/cinder
which causes "cinder-manage db sync" to fail with the following errors:
Tue May 20 18:26:59 2014: Running postinst /etc/rpm-postinsts/114...
Tue May 20 18:26:59 2014: Starting postgres server...already running.
Tue May 20 18:27:01 2014: Traceback (most recent call last):
Tue May 20 18:27:01 2014: File "/usr/bin/cinder-manage", line 543, in <module>
Tue May 20 18:27:01 2014: main()
Tue May 20 18:27:01 2014: File "/usr/bin/cinder-manage", line 523, in main
Tue May 20 18:27:01 2014: logging.setup("cinder")
Tue May 20 18:27:01 2014: File "/usr/lib64/python2.7/site-packages/cinder/openstack/common/log.py", line 359, in setup
Tue May 20 18:27:01 2014: _setup_logging_from_conf()
Tue May 20 18:27:01 2014: File "/usr/lib64/python2.7/site-packages/cinder/openstack/common/log.py", line 406, in _setup_logging_from_conf
Tue May 20 18:27:01 2014: filelog = logging.handlers.WatchedFileHandler(logpath)
Tue May 20 18:27:01 2014: File "/usr/lib64/python2.7/logging/handlers.py", line 386, in __init__
Tue May 20 18:27:01 2014: logging.FileHandler.__init__(self, filename, mode, encoding, delay)
Tue May 20 18:27:01 2014: File "/usr/lib64/python2.7/logging/__init__.py", line 893, in __init__
Tue May 20 18:27:01 2014: StreamHandler.__init__(self, self._open())
Tue May 20 18:27:01 2014: File "/usr/lib64/python2.7/logging/__init__.py", line 912, in _open
Tue May 20 18:27:01 2014: stream = open(self.baseFilename, self.mode)
Tue May 20 18:27:01 2014: IOError: [Errno 2] No such file or directory: '/var/log/cinder/cinder-manage.log'
So make sure "/var/log/cinder" is created before "cinder-manage db sync"
is invoked.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
| |
distutils.bbclass does not work when there is a build/src separation
so inherit autotools-brokensep so continue building in the src dir.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since Grizzly release Keystone defaults to storing tokens in PKI
format. Some software works better with keystone if tokens
are in the older UUID format. This change allows a simple way
to set the storage format within the bitbake receipes. The default
is to use the newer PKI format.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Issue: US-34303
Barbican source code comes with scripts that are intended to control
the service. Added previously was a script for this same purpose
that is placed into init.d that integrates more consistently with
the system. This makes the need for these scripts redundant. This
patch removes the scripts being put into the final system package.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
authentication chaining
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and
icehouse before icehouse-rc2 allows remote attackers to cause a denial of
service (CPU consumption) via a large number of the same authentication
method in a request, aka "authentication chaining."
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through
1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain
secret URLs by leveraging an object name and a timing side-channel attack.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon
Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable
permissions for /etc/keystone/ec2rc, which allows local users to obtain
access to EC2 services by reading administrative access and secret values
from this file.
Modify /etc/keystone to have permission 750
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
We need iproute2 or the agent will fail to start as 'ip' from busybox
is not capable enough.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Editing the files in ${WORKDIR} using sed or similar tools as part of
do_install means they can only be edited once. Supplying a modified
CONTROLLER_IP in local.conf and building the image again will not
result in the CONTROLLER_IP being properly updated since the
substitution placeholders will no longer exist. We therefore simply
swap the other of things, installing the configuration files first,
then editing them to swap the placeholders. This means we can run the
do_install again and again and get the results we expect.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
management of secrets
Introduce the barbican package: https://wiki.openstack.org/wiki/Barbican, to
support the management of keys and secrets on an OpenStack system.
The barbican api service can be started with the packaged initscript, and has
been validated against the barbican quick start guide.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
| |
barbican uses the standalone wsgi reference library.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
| |
barbican uses sqlite for its database, and uses pysqlite to access data.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
