Browse code
Fix running with SERVICE_IP_VERSION=6
- There are some locations where we need the raw IPv6 address instead of the
url-quoted version enclosed in brackets.
- Make nova-api-metadata service listen on IPv6 when we need that.
- Use SERVICE_HOST instead of HOST_IP for TLS_IP.
Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
Partial-Bug: 1656329
Jens Harbott authored on 2017/09/19 19:52:32Showing 9 changed files
- functions-common
- lib/cinder
- lib/databases/mysql
- lib/glance
- lib/neutron-legacy
- lib/nova
- lib/swift
- lib/tls
- stackrc
| ... | ... |
@@ -2049,6 +2049,11 @@ function is_ipv4_address {
|
| 2049 | 2049 |
fi |
| 2050 | 2050 |
} |
| 2051 | 2051 |
|
| 2052 |
+# Remove "[]" around urlquoted IPv6 addresses |
|
| 2053 |
+function ipv6_unquote {
|
|
| 2054 |
+ echo $1 | tr -d [] |
|
| 2055 |
+} |
|
| 2056 |
+ |
|
| 2052 | 2057 |
# Gracefully cp only if source file/dir exists |
| 2053 | 2058 |
# cp_it source destination |
| 2054 | 2059 |
function cp_it {
|
| ... | ... |
@@ -67,7 +67,7 @@ CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
|
| 67 | 67 |
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
|
| 68 | 68 |
CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
|
| 69 | 69 |
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
| 70 |
-CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
|
|
| 70 |
+CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
|
|
| 71 | 71 |
|
| 72 | 72 |
# What type of LVM device should Cinder use for LVM backend |
| 73 | 73 |
# Defaults to auto, which will do thin provisioning if it's a fresh |
| ... | ... |
@@ -93,7 +93,7 @@ function configure_database_mysql {
|
| 93 | 93 |
|
| 94 | 94 |
# Change bind-address from localhost (127.0.0.1) to any (::) and |
| 95 | 95 |
# set default db type to InnoDB |
| 96 |
- iniset -sudo $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" |
|
| 96 |
+ iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)" |
|
| 97 | 97 |
iniset -sudo $my_conf mysqld sql_mode TRADITIONAL |
| 98 | 98 |
iniset -sudo $my_conf mysqld default-storage-engine InnoDB |
| 99 | 99 |
iniset -sudo $my_conf mysqld max_connections 1024 |
| ... | ... |
@@ -65,7 +65,7 @@ fi |
| 65 | 65 |
|
| 66 | 66 |
# Glance connection info. Note the port must be specified. |
| 67 | 67 |
GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST}
|
| 68 |
-GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
|
|
| 68 |
+GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
|
|
| 69 | 69 |
GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292}
|
| 70 | 70 |
GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292}
|
| 71 | 71 |
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT}
|
| ... | ... |
@@ -152,7 +152,7 @@ function configure_glance {
|
| 152 | 152 |
|
| 153 | 153 |
# Store specific configs |
| 154 | 154 |
iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ |
| 155 |
- iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST |
|
| 155 |
+ iniset $GLANCE_API_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST) |
|
| 156 | 156 |
|
| 157 | 157 |
# CORS feature support - to allow calls from Horizon by default |
| 158 | 158 |
if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then |
| ... | ... |
@@ -228,7 +228,7 @@ function configure_glance {
|
| 228 | 228 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance |
| 229 | 229 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password |
| 230 | 230 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD |
| 231 |
- iniset $GLANCE_CACHE_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST |
|
| 231 |
+ iniset $GLANCE_CACHE_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST) |
|
| 232 | 232 |
|
| 233 | 233 |
# Store specific confs |
| 234 | 234 |
iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ |
| ... | ... |
@@ -111,7 +111,7 @@ Q_HOST=${Q_HOST:-$SERVICE_HOST}
|
| 111 | 111 |
# Default protocol |
| 112 | 112 |
Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}
|
| 113 | 113 |
# Default listen address |
| 114 |
-Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
|
|
| 114 |
+Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
|
|
| 115 | 115 |
# Default admin username |
| 116 | 116 |
Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
|
| 117 | 117 |
# Default auth strategy |
| ... | ... |
@@ -121,7 +121,7 @@ Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}
|
| 121 | 121 |
Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
|
| 122 | 122 |
Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON) |
| 123 | 123 |
# Meta data IP |
| 124 |
-Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
|
|
| 124 |
+Q_META_DATA_IP=${Q_META_DATA_IP:-$(ipv6_unquote $SERVICE_HOST)}
|
|
| 125 | 125 |
# Allow Overlapping IP among subnets |
| 126 | 126 |
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
|
| 127 | 127 |
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
|
| ... | ... |
@@ -92,7 +92,7 @@ NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}
|
| 92 | 92 |
NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}
|
| 93 | 93 |
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
| 94 | 94 |
NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
|
| 95 |
-NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
|
|
| 95 |
+NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
|
|
| 96 | 96 |
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}
|
| 97 | 97 |
|
| 98 | 98 |
# Option to enable/disable config drive |
| ... | ... |
@@ -507,7 +507,7 @@ function create_nova_conf {
|
| 507 | 507 |
setup_logging $NOVA_CONF |
| 508 | 508 |
|
| 509 | 509 |
write_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI" "/compute" |
| 510 |
- write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" ":${METADATA_SERVICE_PORT}"
|
|
| 510 |
+ write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" "$SERVICE_LISTEN_ADDRESS:${METADATA_SERVICE_PORT}"
|
|
| 511 | 511 |
|
| 512 | 512 |
if is_service_enabled ceilometer; then |
| 513 | 513 |
iniset $NOVA_CONF DEFAULT instance_usage_audit "True" |
| ... | ... |
@@ -56,7 +56,7 @@ SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
| 56 | 56 |
SWIFT_DEFAULT_BIND_PORT=${SWIFT_DEFAULT_BIND_PORT:-8080}
|
| 57 | 57 |
SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}
|
| 58 | 58 |
SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
|
| 59 |
-SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
|
|
| 59 |
+SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
|
|
| 60 | 60 |
|
| 61 | 61 |
# TODO: add logging to different location. |
| 62 | 62 |
|
| ... | ... |
@@ -37,7 +37,7 @@ |
| 37 | 37 |
|
| 38 | 38 |
if is_service_enabled tls-proxy; then |
| 39 | 39 |
# TODO(dtroyer): revisit this below after the search for HOST_IP has been done |
| 40 |
- TLS_IP=${TLS_IP:-$SERVICE_IP}
|
|
| 40 |
+ TLS_IP=${TLS_IP:-$(ipv6_unquote $SERVICE_HOST)}
|
|
| 41 | 41 |
fi |
| 42 | 42 |
|
| 43 | 43 |
DEVSTACK_HOSTNAME=$(hostname -f) |
| ... | ... |
@@ -67,9 +67,9 @@ function configure_CA {
|
| 67 | 67 |
# build common config file |
| 68 | 68 |
|
| 69 | 69 |
# Verify ``TLS_IP`` is good |
| 70 |
- if [[ -n "$HOST_IP" && "$HOST_IP" != "$TLS_IP" ]]; then |
|
| 70 |
+ if [[ -n "$SERVICE_HOST" && "$(ipv6_unquote $SERVICE_HOST)" != "$TLS_IP" ]]; then |
|
| 71 | 71 |
# auto-discover has changed the IP |
| 72 |
- TLS_IP=$HOST_IP |
|
| 72 |
+ TLS_IP=$(ipv6_unquote $SERVICE_HOST) |
|
| 73 | 73 |
fi |
| 74 | 74 |
} |
| 75 | 75 |
|
| ... | ... |
@@ -228,6 +228,7 @@ function init_cert {
|
| 228 | 228 |
if [[ ! -r $DEVSTACK_CERT ]]; then |
| 229 | 229 |
if [[ -n "$TLS_IP" ]]; then |
| 230 | 230 |
# Lie to let incomplete match routines work |
| 231 |
+ # see https://bugs.python.org/issue23239 |
|
| 231 | 232 |
TLS_IP="DNS:$TLS_IP,IP:$TLS_IP" |
| 232 | 233 |
fi |
| 233 | 234 |
make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP" |
| ... | ... |
@@ -246,11 +247,6 @@ function make_cert {
|
| 246 | 246 |
local alt_names=$4 |
| 247 | 247 |
|
| 248 | 248 |
if [ "$common_name" != "$SERVICE_HOST" ]; then |
| 249 |
- if [[ -z "$alt_names" ]]; then |
|
| 250 |
- alt_names="DNS:$SERVICE_HOST" |
|
| 251 |
- else |
|
| 252 |
- alt_names="$alt_names,DNS:$SERVICE_HOST" |
|
| 253 |
- fi |
|
| 254 | 249 |
if is_ipv4_address "$SERVICE_HOST" ; then |
| 255 | 250 |
alt_names="$alt_names,IP:$SERVICE_HOST" |
| 256 | 251 |
fi |
| ... | ... |
@@ -894,10 +894,10 @@ if [[ "$SERVICE_IP_VERSION" == 6 ]]; then |
| 894 | 894 |
|
| 895 | 895 |
DEF_SERVICE_HOST=[$HOST_IPV6] |
| 896 | 896 |
DEF_SERVICE_LOCAL_HOST=::1 |
| 897 |
- DEF_SERVICE_LISTEN_ADDRESS=:: |
|
| 897 |
+ DEF_SERVICE_LISTEN_ADDRESS="[::]" |
|
| 898 | 898 |
fi |
| 899 | 899 |
|
| 900 |
-# This is either 0.0.0.0 for IPv4 or :: for IPv6 |
|
| 900 |
+# This is either 0.0.0.0 for IPv4 or [::] for IPv6 |
|
| 901 | 901 |
SERVICE_LISTEN_ADDRESS=${SERVICE_LISTEN_ADDRESS:-${DEF_SERVICE_LISTEN_ADDRESS}}
|
| 902 | 902 |
|
| 903 | 903 |
# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for |