@@ -1,4 +1,5 @@

 #!/usr/bin/env bash

+

 # Configurable params

 BRIDGE=${BRIDGE:-br0}

 CONTAINER=${CONTAINER:-STACK}

@@ -18,11 +19,11 @@ if ! grep -q natty /etc/lsb-release; then

 fi

 # Install deps

-apt-get install lxc debootstrap

+apt-get install -y lxc debootstrap

 # Install cgroup-bin from source, since the packaging is buggy and possibly incompatible with our setup

 if ! which cgdelete | grep -q cgdelete; then

-    apt-get install g++ bison flex libpam0g-dev

+    apt-get install -y g++ bison flex libpam0g-dev

     wget http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download -O /tmp/libcgroup-0.37.1.tar.bz2 

     cd /tmp && bunzip2 libcgroup-0.37.1.tar.bz2  && tar xfv libcgroup-0.37.1.tar

     cd libcgroup-0.37.1

@@ -49,15 +50,21 @@ if [ -d /cgroup/$CONTAINER ]; then

     cgdelete -r cpu,net_cls:$CONTAINER

 fi

+

 # Warm the base image on first install

 CACHEDIR=/var/cache/lxc/natty/rootfs-amd64

 if [ ! -d $CACHEDIR ]; then

+    # by deleting the container, we force lxc-create to re-bootstrap (lxc is

+    # lazy and doesn't do anything if a container already exists)

+    lxc-destroy -n $CONTAINER

     # trigger the initial debootstrap

     lxc-create -n $CONTAINER -t natty -f $LXC_CONF

     chroot $CACHEDIR apt-get update

-    chroot $CACHEDIR apt-get install -y `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"`

+    chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"`

     chroot $CACHEDIR pip install `cat files/pips/*`

-    git clone https://github.com/cloudbuilders/nova.git $CACHEDIR/opt/nova

+    # FIXME (anthony) - provide ability to vary source locations

+    #git clone https://github.com/cloudbuilders/nova.git $CACHEDIR/opt/nova

+    bzr clone lp:~hudson-openstack/nova/milestone-proposed/ $CACHEDIR/opt/nova

     git clone https://github.com/cloudbuilders/openstackx.git $CACHEDIR/opt/openstackx

     git clone https://github.com/cloudbuilders/noVNC.git $CACHEDIR/opt/noVNC

     git clone https://github.com/cloudbuilders/openstack-dashboard.git $CACHEDIR/opt/dash

@@ -61,14 +61,8 @@ QUANTUM_PORT = '9696'

 QUANTUM_TENANT = '1234'

 QUANTUM_CLIENT_VERSION='0.1'

-# If you have external monitoring links

-EXTERNAL_MONITORING = [

-    ['Nagios','http://foo.com'],

-    ['Ganglia','http://bar.com'],

-]

-

-# If you do not have external monitoring links

-# EXTERNAL_MONITORING = []

+# We use nixon to embed instead of external monitoring links

+EXTERNAL_MONITORING = []

 # Uncomment the following segment to silence most logging

 # django.db and boto DEBUG logging is extremely verbose.

new file mode 100644

@@ -0,0 +1,178 @@

+[DEFAULT]

+# Show more verbose log output (sets INFO log level output)

+verbose = True

+

+# Show debugging output in logs (sets DEBUG log level output)

+debug = True

+

+# Which backend store should Glance use by default is not specified

+# in a request to add a new image to Glance? Default: 'file'

+# Available choices are 'file', 'swift', and 's3'

+default_store = file

+

+# Address to bind the API server

+bind_host = 0.0.0.0

+

+# Port the bind the API server to

+bind_port = 9292

+

+# Address to find the registry server

+registry_host = 0.0.0.0

+

+# Port the registry server is listening on

+registry_port = 9191

+

+# Log to this file. Make sure you do not set the same log

+# file for both the API and registry servers!

+log_file = /var/log/glance/api.log

+

+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`

+use_syslog = False

+

+# ============ Notification System Options =====================

+

+# Notifications can be sent when images are create, updated or deleted.

+# There are three methods of sending notifications, logging (via the

+# log_file directive), rabbit (via a rabbitmq queue) or noop (no

+# notifications sent, the default)

+notifier_strategy = noop

+

+# Configuration options if sending notifications via rabbitmq (these are

+# the defaults)

+rabbit_host = localhost

+rabbit_port = 5672

+rabbit_use_ssl = false

+rabbit_userid = guest

+rabbit_password = guest

+rabbit_virtual_host = /

+rabbit_notification_topic = glance_notifications

+

+# ============ Filesystem Store Options ========================

+

+# Directory that the Filesystem backend store

+# writes image data to

+filesystem_store_datadir = /var/lib/glance/images/

+

+# ============ Swift Store Options =============================

+

+# Address where the Swift authentication service lives

+swift_store_auth_address = 127.0.0.1:8080/v1.0/

+

+# User to authenticate against the Swift authentication service

+swift_store_user = jdoe

+

+# Auth key for the user authenticating against the

+# Swift authentication service

+swift_store_key = a86850deb2742ec3cb41518e26aa2d89

+

+# Container within the account that the account should use

+# for storing images in Swift

+swift_store_container = glance

+

+# Do we create the container if it does not exist?

+swift_store_create_container_on_put = False

+

+# What size, in MB, should Glance start chunking image files

+# and do a large object manifest in Swift? By default, this is

+# the maximum object size in Swift, which is 5GB

+swift_store_large_object_size = 5120

+

+# When doing a large object manifest, what size, in MB, should

+# Glance write chunks to Swift? This amount of data is written

+# to a temporary disk buffer during the process of chunking

+# the image file, and the default is 200MB

+swift_store_large_object_chunk_size = 200

+

+# Whether to use ServiceNET to communicate with the Swift storage servers.

+# (If you aren't RACKSPACE, leave this False!)

+#

+# To use ServiceNET for authentication, prefix hostname of

+# `swift_store_auth_address` with 'snet-'.

+# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/

+swift_enable_snet = False

+

+# ============ S3 Store Options =============================

+

+# Address where the S3 authentication service lives

+s3_store_host = 127.0.0.1:8080/v1.0/

+

+# User to authenticate against the S3 authentication service

+s3_store_access_key = <20-char AWS access key>

+

+# Auth key for the user authenticating against the

+# S3 authentication service

+s3_store_secret_key = <40-char AWS secret key>

+

+# Container within the account that the account should use

+# for storing images in S3. Note that S3 has a flat namespace,

+# so you need a unique bucket name for your glance images. An

+# easy way to do this is append your AWS access key to "glance".

+# S3 buckets in AWS *must* be lowercased, so remember to lowercase

+# your AWS access key if you use it in your bucket name below!

+s3_store_bucket = <lowercased 20-char aws access key>glance

+

+# Do we create the bucket if it does not exist?

+s3_store_create_bucket_on_put = False

+

+# ============ Image Cache Options ========================

+

+image_cache_enabled = False

+

+# Directory that the Image Cache writes data to

+# Make sure this is also set in glance-pruner.conf

+image_cache_datadir = /var/lib/glance/image-cache/

+

+# Number of seconds after which we should consider an incomplete image to be

+# stalled and eligible for reaping

+image_cache_stall_timeout = 86400

+

+# ============ Delayed Delete Options =============================

+

+# Turn on/off delayed delete

+delayed_delete = False

+

+# Delayed delete time in seconds

+scrub_time = 43200

+

+# Directory that the scrubber will use to remind itself of what to delete

+# Make sure this is also set in glance-scrubber.conf

+scrubber_datadir = /var/lib/glance/scrubber

+

+[pipeline:glance-api]

+#pipeline = versionnegotiation context apiv1app

+# NOTE: use the following pipeline for keystone

+pipeline = versionnegotiation authtoken context apiv1app

+

+# To enable Image Cache Management API replace pipeline with below:

+# pipeline = versionnegotiation context imagecache apiv1app

+# NOTE: use the following pipeline for keystone auth (with caching)

+# pipeline = versionnegotiation authtoken context imagecache apiv1app

+

+[pipeline:versions]

+pipeline = versionsapp

+

+[app:versionsapp]

+paste.app_factory = glance.api.versions:app_factory

+

+[app:apiv1app]

+paste.app_factory = glance.api.v1:app_factory

+

+[filter:versionnegotiation]

+paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory

+

+[filter:imagecache]

+paste.filter_factory = glance.api.middleware.image_cache:filter_factory

+

+[filter:context]

+paste.filter_factory = glance.common.context:filter_factory

+

+[filter:authtoken]

+paste.filter_factory = keystone.middleware.auth_token:filter_factory

+service_protocol = http

+service_host = 127.0.0.1

+service_port = 5000

+auth_host = 127.0.0.1

+auth_port = 5001

+auth_protocol = http

+auth_uri = http://127.0.0.1:5000/

+admin_token = 999888777666

@@ -41,9 +41,9 @@ api_limit_max = 1000

 limit_param_default = 25

 [pipeline:glance-registry]

-pipeline = context registryapp

+#pipeline = context registryapp

 # NOTE: use the following pipeline for keystone

-# pipeline = authtoken keystone_shim context registryapp

+pipeline = authtoken keystone_shim context registryapp

 [app:registryapp]

 paste.app_factory = glance.registry.server:app_factory

@@ -42,7 +42,8 @@ admin_port = 5001

 keystone-admin-role = Admin

 #Role that allows to perform service admin operations.

-keystone-service-admin-role = KeystoneServiceAdmin

+# FIXME: need to separate this into a different role like KeystoneServiceAdmin

+keystone-service-admin-role = Admin

 [keystone.backends.sqlalchemy]

 # SQLAlchemy connection string for the reference implementation registry

@@ -5,8 +5,8 @@ $BIN_DIR/keystone-manage $* tenant add admin

 $BIN_DIR/keystone-manage $* tenant add demo

 # Users

-$BIN_DIR/keystone-manage $* user add demo secrete demo

-$BIN_DIR/keystone-manage $* user add admin secrete admin

+$BIN_DIR/keystone-manage $* user add admin secrete 1

+$BIN_DIR/keystone-manage $* user add demo secrete 2

 # Roles

 $BIN_DIR/keystone-manage $* role add Admin

@@ -21,21 +21,21 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_

 $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne identity http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1

 # Tokens

-$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00

+$BIN_DIR/keystone-manage $* token add 999888777666 1 1 2015-02-05T00:00

 #Tenant endpoints

-$BIN_DIR/keystone-manage $* endpoint add admin 1

-$BIN_DIR/keystone-manage $* endpoint add admin 2

-$BIN_DIR/keystone-manage $* endpoint add admin 3

-$BIN_DIR/keystone-manage $* endpoint add admin 4

-$BIN_DIR/keystone-manage $* endpoint add admin 5

-$BIN_DIR/keystone-manage $* endpoint add admin 6

+$BIN_DIR/keystone-manage $* endpoint add 1 1

+$BIN_DIR/keystone-manage $* endpoint add 1 2

+$BIN_DIR/keystone-manage $* endpoint add 1 3

+$BIN_DIR/keystone-manage $* endpoint add 1 4

+$BIN_DIR/keystone-manage $* endpoint add 1 5

+$BIN_DIR/keystone-manage $* endpoint add 1 6

-$BIN_DIR/keystone-manage $* endpoint add demo 1

-$BIN_DIR/keystone-manage $* endpoint add demo 2

-$BIN_DIR/keystone-manage $* endpoint add demo 3

-$BIN_DIR/keystone-manage $* endpoint add demo 4

-$BIN_DIR/keystone-manage $* endpoint add demo 5

-$BIN_DIR/keystone-manage $* endpoint add demo 6

+$BIN_DIR/keystone-manage $* endpoint add 2 1

+$BIN_DIR/keystone-manage $* endpoint add 2 2

+$BIN_DIR/keystone-manage $* endpoint add 2 3

+$BIN_DIR/keystone-manage $* endpoint add 2 4

+$BIN_DIR/keystone-manage $* endpoint add 2 5

+$BIN_DIR/keystone-manage $* endpoint add 2 6

 $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"

@@ -281,6 +281,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then

     GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf

     cp $FILES/glance-registry.conf $GLANCE_CONF

     sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF

+

+    GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf

+    cp $FILES/glance-api.conf $GLANCE_API_CONF

 fi

 # Nova

@@ -293,7 +296,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then

     # qcow images) and kvm (hardware based virtualization).  If unable to 

     # load kvm, set the libvirt type to qemu.

     sudo modprobe nbd || true

-    if ! sudo modprobe kvm; then

+    if ! -e /dev/kvm; then

         LIBVIRT_TYPE=qemu

     fi

     # User needs to be member of libvirtd group for nova-compute to use libvirt.

@@ -318,7 +321,7 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "n-net" ]]; then

     # delete traces of nova networks from prior runs

-    killall dnsmasq || true

+    sudo killall dnsmasq || true

     rm -rf $NOVA_DIR/networks

     mkdir -p $NOVA_DIR/networks

 fi

@@ -408,10 +411,33 @@ function screen_it {

 screen -d -m -S nova -t nova

 sleep 1

-screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf"

-screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf"

-screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF"

-screen_it n-api "$NOVA_DIR/bin/nova-api"

+if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then

+    screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf"

+fi

+

+if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then

+    screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf"

+    while ! wget -q -O- http://$GLANCE_HOSTPORT; do

+        echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..."

+        sleep 1

+    done

+fi

+

+if [[ "$ENABLED_SERVICES" =~ "key" ]]; then

+    screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF"

+    while ! wget -q -O- http://127.0.0.1:5000; do

+        echo "Waiting for keystone to start..."

+        sleep 1

+    done

+fi

+

+if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then

+    screen_it n-api "$NOVA_DIR/bin/nova-api"

+    while ! wget -q -O- http://127.0.0.1:8774; do

+        echo "Waiting for nova-api to start..."

+        sleep 1

+    done

+fi

 # Launching nova-compute should be as simple as running ``nova-compute`` but 

 # have to do a little more than that in our script.  Since we add the group 

 # ``libvirtd`` to our user in this script, when nova-compute is run it is

@@ -441,9 +467,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then

     # add images to glance 

     # FIXME: kernel/ramdisk is hardcoded - use return result from add

-    glance add name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image 

-    glance add name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image 

-    glance add name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image

+    glance add -A 999888777666 name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image 

+    glance add -A 999888777666 name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image 

+    glance add -A 999888777666 name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image

 fi

 # Using the cloud