- There are some locations where we need the raw IPv6 address instead of the
url-quoted version enclosed in brackets.
- Make nova-api-metadata service listen on IPv6 when we need that.
- Use SERVICE_HOST instead of HOST_IP for TLS_IP.
Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
Partial-Bug: 1656329
... | ... |
@@ -2049,6 +2049,11 @@ function is_ipv4_address { |
2049 | 2049 |
fi |
2050 | 2050 |
} |
2051 | 2051 |
|
2052 |
+# Remove "[]" around urlquoted IPv6 addresses |
|
2053 |
+function ipv6_unquote { |
|
2054 |
+ echo $1 | tr -d [] |
|
2055 |
+} |
|
2056 |
+ |
|
2052 | 2057 |
# Gracefully cp only if source file/dir exists |
2053 | 2058 |
# cp_it source destination |
2054 | 2059 |
function cp_it { |
... | ... |
@@ -67,7 +67,7 @@ CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} |
67 | 67 |
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} |
68 | 68 |
CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776} |
69 | 69 |
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} |
70 |
-CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
|
70 |
+CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} |
|
71 | 71 |
|
72 | 72 |
# What type of LVM device should Cinder use for LVM backend |
73 | 73 |
# Defaults to auto, which will do thin provisioning if it's a fresh |
... | ... |
@@ -93,7 +93,7 @@ function configure_database_mysql { |
93 | 93 |
|
94 | 94 |
# Change bind-address from localhost (127.0.0.1) to any (::) and |
95 | 95 |
# set default db type to InnoDB |
96 |
- iniset -sudo $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" |
|
96 |
+ iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)" |
|
97 | 97 |
iniset -sudo $my_conf mysqld sql_mode TRADITIONAL |
98 | 98 |
iniset -sudo $my_conf mysqld default-storage-engine InnoDB |
99 | 99 |
iniset -sudo $my_conf mysqld max_connections 1024 |
... | ... |
@@ -65,7 +65,7 @@ fi |
65 | 65 |
|
66 | 66 |
# Glance connection info. Note the port must be specified. |
67 | 67 |
GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST} |
68 |
-GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
|
68 |
+GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} |
|
69 | 69 |
GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292} |
70 | 70 |
GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292} |
71 | 71 |
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT} |
... | ... |
@@ -152,7 +152,7 @@ function configure_glance { |
152 | 152 |
|
153 | 153 |
# Store specific configs |
154 | 154 |
iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ |
155 |
- iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST |
|
155 |
+ iniset $GLANCE_API_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST) |
|
156 | 156 |
|
157 | 157 |
# CORS feature support - to allow calls from Horizon by default |
158 | 158 |
if [ -n "$GLANCE_CORS_ALLOWED_ORIGIN" ]; then |
... | ... |
@@ -228,7 +228,7 @@ function configure_glance { |
228 | 228 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance |
229 | 229 |
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password |
230 | 230 |
iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD |
231 |
- iniset $GLANCE_CACHE_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST |
|
231 |
+ iniset $GLANCE_CACHE_CONF DEFAULT registry_host $(ipv6_unquote $GLANCE_SERVICE_HOST) |
|
232 | 232 |
|
233 | 233 |
# Store specific confs |
234 | 234 |
iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ |
... | ... |
@@ -111,7 +111,7 @@ Q_HOST=${Q_HOST:-$SERVICE_HOST} |
111 | 111 |
# Default protocol |
112 | 112 |
Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL} |
113 | 113 |
# Default listen address |
114 |
-Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
|
114 |
+Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} |
|
115 | 115 |
# Default admin username |
116 | 116 |
Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron} |
117 | 117 |
# Default auth strategy |
... | ... |
@@ -121,7 +121,7 @@ Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False} |
121 | 121 |
Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True} |
122 | 122 |
Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON) |
123 | 123 |
# Meta data IP |
124 |
-Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST} |
|
124 |
+Q_META_DATA_IP=${Q_META_DATA_IP:-$(ipv6_unquote $SERVICE_HOST)} |
|
125 | 125 |
# Allow Overlapping IP among subnets |
126 | 126 |
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True} |
127 | 127 |
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True} |
... | ... |
@@ -92,7 +92,7 @@ NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774} |
92 | 92 |
NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774} |
93 | 93 |
NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} |
94 | 94 |
NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST} |
95 |
-NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
|
95 |
+NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} |
|
96 | 96 |
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775} |
97 | 97 |
|
98 | 98 |
# Option to enable/disable config drive |
... | ... |
@@ -507,7 +507,7 @@ function create_nova_conf { |
507 | 507 |
setup_logging $NOVA_CONF |
508 | 508 |
|
509 | 509 |
write_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI" "/compute" |
510 |
- write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" ":${METADATA_SERVICE_PORT}" |
|
510 |
+ write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" "$SERVICE_LISTEN_ADDRESS:${METADATA_SERVICE_PORT}" |
|
511 | 511 |
|
512 | 512 |
if is_service_enabled ceilometer; then |
513 | 513 |
iniset $NOVA_CONF DEFAULT instance_usage_audit "True" |
... | ... |
@@ -56,7 +56,7 @@ SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} |
56 | 56 |
SWIFT_DEFAULT_BIND_PORT=${SWIFT_DEFAULT_BIND_PORT:-8080} |
57 | 57 |
SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081} |
58 | 58 |
SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST} |
59 |
-SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS} |
|
59 |
+SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)} |
|
60 | 60 |
|
61 | 61 |
# TODO: add logging to different location. |
62 | 62 |
|
... | ... |
@@ -37,7 +37,7 @@ |
37 | 37 |
|
38 | 38 |
if is_service_enabled tls-proxy; then |
39 | 39 |
# TODO(dtroyer): revisit this below after the search for HOST_IP has been done |
40 |
- TLS_IP=${TLS_IP:-$SERVICE_IP} |
|
40 |
+ TLS_IP=${TLS_IP:-$(ipv6_unquote $SERVICE_HOST)} |
|
41 | 41 |
fi |
42 | 42 |
|
43 | 43 |
DEVSTACK_HOSTNAME=$(hostname -f) |
... | ... |
@@ -67,9 +67,9 @@ function configure_CA { |
67 | 67 |
# build common config file |
68 | 68 |
|
69 | 69 |
# Verify ``TLS_IP`` is good |
70 |
- if [[ -n "$HOST_IP" && "$HOST_IP" != "$TLS_IP" ]]; then |
|
70 |
+ if [[ -n "$SERVICE_HOST" && "$(ipv6_unquote $SERVICE_HOST)" != "$TLS_IP" ]]; then |
|
71 | 71 |
# auto-discover has changed the IP |
72 |
- TLS_IP=$HOST_IP |
|
72 |
+ TLS_IP=$(ipv6_unquote $SERVICE_HOST) |
|
73 | 73 |
fi |
74 | 74 |
} |
75 | 75 |
|
... | ... |
@@ -228,6 +228,7 @@ function init_cert { |
228 | 228 |
if [[ ! -r $DEVSTACK_CERT ]]; then |
229 | 229 |
if [[ -n "$TLS_IP" ]]; then |
230 | 230 |
# Lie to let incomplete match routines work |
231 |
+ # see https://bugs.python.org/issue23239 |
|
231 | 232 |
TLS_IP="DNS:$TLS_IP,IP:$TLS_IP" |
232 | 233 |
fi |
233 | 234 |
make_cert $INT_CA_DIR $DEVSTACK_CERT_NAME $DEVSTACK_HOSTNAME "$TLS_IP" |
... | ... |
@@ -246,11 +247,6 @@ function make_cert { |
246 | 246 |
local alt_names=$4 |
247 | 247 |
|
248 | 248 |
if [ "$common_name" != "$SERVICE_HOST" ]; then |
249 |
- if [[ -z "$alt_names" ]]; then |
|
250 |
- alt_names="DNS:$SERVICE_HOST" |
|
251 |
- else |
|
252 |
- alt_names="$alt_names,DNS:$SERVICE_HOST" |
|
253 |
- fi |
|
254 | 249 |
if is_ipv4_address "$SERVICE_HOST" ; then |
255 | 250 |
alt_names="$alt_names,IP:$SERVICE_HOST" |
256 | 251 |
fi |
... | ... |
@@ -894,10 +894,10 @@ if [[ "$SERVICE_IP_VERSION" == 6 ]]; then |
894 | 894 |
|
895 | 895 |
DEF_SERVICE_HOST=[$HOST_IPV6] |
896 | 896 |
DEF_SERVICE_LOCAL_HOST=::1 |
897 |
- DEF_SERVICE_LISTEN_ADDRESS=:: |
|
897 |
+ DEF_SERVICE_LISTEN_ADDRESS="[::]" |
|
898 | 898 |
fi |
899 | 899 |
|
900 |
-# This is either 0.0.0.0 for IPv4 or :: for IPv6 |
|
900 |
+# This is either 0.0.0.0 for IPv4 or [::] for IPv6 |
|
901 | 901 |
SERVICE_LISTEN_ADDRESS=${SERVICE_LISTEN_ADDRESS:-${DEF_SERVICE_LISTEN_ADDRESS}} |
902 | 902 |
|
903 | 903 |
# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for |