@@ -2052,6 +2052,11 @@ function is_ipv4_address {

     fi

 }

+# Remove "[]" around urlquoted IPv6 addresses

+function ipv6_unquote {

+    echo $1 | tr -d []

+}

+

 # Gracefully cp only if source file/dir exists

 # cp_it source destination

 function cp_it {

@@ -67,7 +67,7 @@ CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}

 CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}

 CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}

 CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}

-CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}

+CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}

 # What type of LVM device should Cinder use for LVM backend

 # Defaults to auto, which will do thin provisioning if it's a fresh

@@ -93,7 +93,7 @@ function configure_database_mysql {

     # Change bind-address from localhost (127.0.0.1) to any (::) and

     # set default db type to InnoDB

-    iniset -sudo $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS"

+    iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"

     iniset -sudo $my_conf mysqld sql_mode TRADITIONAL

     iniset -sudo $my_conf mysqld default-storage-engine InnoDB

     iniset -sudo $my_conf mysqld max_connections 1024

@@ -65,7 +65,7 @@ fi

 # Glance connection info.  Note the port must be specified.

 GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST}

-GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}

+GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}

 GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292}

 GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292}

 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT}

@@ -151,7 +151,7 @@ function configure_glance {

     # Store specific configs

     iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/

-    iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST

+    iniset $GLANCE_API_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST)

     # CORS feature support - to allow calls from Horizon by default

     if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then

@@ -217,7 +217,7 @@ function configure_glance {

     iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME

     iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance

     iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD

-    iniset $GLANCE_CACHE_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST

+    iniset $GLANCE_CACHE_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST)

     # Store specific confs

     iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/

@@ -111,7 +111,7 @@ Q_HOST=${Q_HOST:-$SERVICE_HOST}

 # Default protocol

 Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}

 # Default listen address

-Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}

+Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}

 # Default admin username

 Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}

 # Default auth strategy

@@ -121,7 +121,7 @@ Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}

 Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}

 Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON)

 # Meta data IP

-Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}

+Q_META_DATA_IP=${Q_META_DATA_IP:-$(ipv6_unquote $SERVICE_HOST)}

 # Allow Overlapping IP among subnets

 Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}

 Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}

@@ -92,7 +92,7 @@ NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}

 NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}

 NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}

 NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}

-NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}

+NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}

 METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}

 # Option to enable/disable config drive

@@ -518,7 +518,7 @@ function create_nova_conf {

     iniset $NOVA_CONF upgrade_levels compute "auto"

     write_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI" "/compute"

-    write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" ":${METADATA_SERVICE_PORT}"

+    write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" "$SERVICE_LISTEN_ADDRESS:${METADATA_SERVICE_PORT}"

     if is_service_enabled ceilometer; then

         iniset $NOVA_CONF DEFAULT instance_usage_audit "True"

@@ -55,7 +55,7 @@ SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}

 SWIFT_DEFAULT_BIND_PORT=${SWIFT_DEFAULT_BIND_PORT:-8080}

 SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}

 SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}

-SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}

+SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}

 # TODO: add logging to different location.

@@ -37,7 +37,7 @@

 if is_service_enabled tls-proxy; then

     # TODO(dtroyer): revisit this below after the search for HOST_IP has been done

-    TLS_IP=${TLS_IP:-$SERVICE_IP}

+    TLS_IP=${TLS_IP:-$(ipv6_unquote $SERVICE_HOST)}

 fi

 DEVSTACK_HOSTNAME=$(hostname -f)

@@ -67,9 +67,9 @@ function configure_CA {

     # build common config file

     # Verify ``TLS_IP`` is good

-    if [[ -n "$HOST_IP" && "$HOST_IP" != "$TLS_IP" ]]; then

+    if [[ -n "$SERVICE_HOST" && "$(ipv6_unquote $SERVICE_HOST)" != "$TLS_IP" ]]; then

         # auto-discover has changed the IP

-        TLS_IP=$HOST_IP

+        TLS_IP=$(ipv6_unquote $SERVICE_HOST)

     fi

 }

@@ -228,6 +228,7 @@ function init_cert {

     if [[ ! -r $DEVSTACK_CERT ]]; then

         if [[ -n "$TLS_IP" ]]; then

             # Lie to let incomplete match routines work

+            # see https://bugs.python.org/issue23239

             TLS_IP="DNS:$TLS_IP,IP:$TLS_IP"

         fi

         make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP"

@@ -246,11 +247,6 @@ function make_cert {

     local alt_names=$4

     if [ "$common_name" != "$SERVICE_HOST" ]; then

-        if [[ -z "$alt_names" ]]; then

-            alt_names="DNS:$SERVICE_HOST"

-        else

-            alt_names="$alt_names,DNS:$SERVICE_HOST"

-        fi

         if is_ipv4_address "$SERVICE_HOST" ; then

             alt_names="$alt_names,IP:$SERVICE_HOST"

         fi

@@ -887,10 +887,10 @@ if [[ "$SERVICE_IP_VERSION" == 6 ]]; then

     DEF_SERVICE_HOST=[$HOST_IPV6]

     DEF_SERVICE_LOCAL_HOST=::1

-    DEF_SERVICE_LISTEN_ADDRESS=::

+    DEF_SERVICE_LISTEN_ADDRESS="[::]"

 fi

-# This is either 0.0.0.0 for IPv4 or :: for IPv6

+# This is either 0.0.0.0 for IPv4 or [::] for IPv6

 SERVICE_LISTEN_ADDRESS=${SERVICE_LISTEN_ADDRESS:-${DEF_SERVICE_LISTEN_ADDRESS}}

 # Allow the use of an alternate hostname (such as localhost/127.0.0.1) for