From 37ddd4c872a1962387971dbb69e38c6b3188887d Mon Sep 17 00:00:00 2001 From: Dmitry Burmistrov Date: Fri, 16 May 2014 12:39:48 +0400 Subject: [PATCH] Update specs to 2013.2.3 version Change-Id: I2176a84c52beab90c2085a14e109a3ddac9577d8 --- debian/changelog | 64 ++- debian/control | 1 + ...ure-various-clients-used-by-the-Heat.patch | 91 ++-- ...s_clients_used_in_Heat_Havana_stable.patch | 482 ------------------ .../revert-stable-havana-requirements.patch | 34 ++ debian/patches/series | 1 + ...ch => 0001-Switch-to-using-M2Crypto.patch} | 16 +- ... 0002-remove-pbr-runtime-dependency.patch} | 9 + ...-handle-parallel-installed-packages.patch} | 25 +- ...ure-various-clients-used-by-the-Heat.patch | 91 ++-- ...s_clients_used_in_Heat_Havana_stable.patch | 482 ------------------ rpm/SOURCES/openstack-heat-api-cfn.init | 4 +- .../openstack-heat-api-cloudwatch.init | 4 +- rpm/SOURCES/openstack-heat-api.init | 4 +- rpm/SOURCES/openstack-heat-engine.init | 4 +- rpm/SPECS/openstack-heat.spec | 37 +- 16 files changed, 280 insertions(+), 1069 deletions(-) delete mode 100644 debian/patches/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch create mode 100644 debian/patches/revert-stable-havana-requirements.patch rename rpm/SOURCES/{switch-to-using-m2crypto.patch => 0001-Switch-to-using-M2Crypto.patch} (85%) rename rpm/SOURCES/{remove-pbr-runtime-dependency.patch => 0002-remove-pbr-runtime-dependency.patch} (63%) rename rpm/SOURCES/{heat-newdeps.patch => 0003-Adjust-to-handle-parallel-installed-packages.patch} (70%) delete mode 100644 rpm/SOURCES/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch diff --git a/debian/changelog b/debian/changelog index 9fa63433..7091e1fe 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,68 @@ -heat (2013.2-0ubuntu1~cloud0) precise-havana; urgency=low +heat (2013.2.3-0ubuntu1~cloud0) precise-havana; urgency=medium * New upstream release for the Ubuntu Cloud Archive. - -- James Page Sun, 13 Oct 2013 11:08:42 +0100 + -- Openstack Ubuntu Testing Bot Mon, 14 Apr 2014 07:13:10 -0400 + +heat (2013.2.3-0ubuntu1) saucy-proposed; urgency=medium + + * Resynchronize with stable/havana (8bb7830) (LP: #1302575): + - [527009d] Don't delete trust on backup stack delete + - [defcf23] Raise the default max header to accommodate large tokens + - [a440ccb] Fix "members" property check + - [cfd6b02] Fix incompatibilities in tests with keystoneclient 0.6 + - [8bb7830] Don't raise MySQL 2013 'Lost connection' errors + + -- Corey Bryant Fri, 04 Apr 2014 10:49:12 -0400 + +heat (2013.2.2-0ubuntu1) saucy-proposed; urgency=low + + * Resynchronize with stable/havana (9279833) (LP: #1284643): + - [2beab02] Server create should never fail, even if resource name exceeds + 63 characters LP: 1250291 + - [4ca7941] the aws loadbalancer use Fedora 17 and needs to be upgraded to + f18 or f19 LP: 1234375 + - [e483b38] Fn::Select raises transient errors on mutable structures + LP: 1243958 + - [6fa3c8f] DependsOn only supports specifying a single value LP: 1235496 + - [ec4ed57] Failure after the update of a suspended stack LP: 1234242 + - [50dc14a] Please use "python -m coverage" instead of /usr/bin/coverage + LP: 1241330 + - [4d213f8] Stacks can get stuck DELETE_COMPLETE LP: 1247200 + - [ab5d961] Stacks can get stuck DELETE_COMPLETE LP: 1247200 + - [9279833] Stacks can get stuck DELETE_COMPLETE LP: 1247200 + * d/control: Add new BD on python-testscenarios. + + -- James Page Wed, 26 Feb 2014 09:02:56 +0000 + +heat (2013.2.1-0ubuntu1) saucy-proposed; urgency=low + + * Resynchronize with stable/havana (8283db7) (LP: #1262788): + - [e6979b0] Open stable/havana + - [f33297d] no autoscaling action occurs for percentage adjustment, + depending on initial size & adjustment step size LP: 1251007 + - [a8c0b11] potential autoscaling headroom remains unused LP: 1254796 + - [6ccbf6e] On restart of QPID broker, fanout no longer works LP: 1251757 + - [3fc572e] [messaging] QPID broadcast RPC requests to all servers for a + given topic LP: 1257293 + - [25de97c] Updated from global requirements + - [0b1458a] [OSSA 2013-034] Heat CFN policy rules not all enforced + (CVE-2013-6426) LP: 1256049 + - [8283db7] [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping + (CVE-2013-6428) LP: 1256983 + - [8283db7] [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping + (CVE-2013-6428) LP: 1256983 + * debian/patches/revert-stable-havana-requirements.patch: Revert + version bumps to dependencies in stable/havana back to what was + shipped with Saucy. + + -- Adam Gandelman Wed, 18 Dec 2013 10:30:32 -0800 + +heat (2013.2-0ubuntu1) saucy; urgency=low + + * New upstream release (LP: #1236462). + + -- Chuck Short Thu, 17 Oct 2013 09:30:24 -0400 heat (2013.2~rc2-0ubuntu1) saucy; urgency=low diff --git a/debian/control b/debian/control index b36544c1..365ce565 100644 --- a/debian/control +++ b/debian/control @@ -52,6 +52,7 @@ Build-Depends-Indep: python-sphinx, python-sqlalchemy (>= 0.7.8), python-swiftclient, + python-testscenarios, python-testrepository (>= 0.0.13), python-testtools (>= 0.9.29), python-webob (>= 1.2.3), diff --git a/debian/patches/Ability-to-configure-various-clients-used-by-the-Heat.patch b/debian/patches/Ability-to-configure-various-clients-used-by-the-Heat.patch index dad7d148..7bc1448b 100644 --- a/debian/patches/Ability-to-configure-various-clients-used-by-the-Heat.patch +++ b/debian/patches/Ability-to-configure-various-clients-used-by-the-Heat.patch @@ -1,6 +1,6 @@ -From ac190f0da6ce367cc833b92677266e7bbf7e2270 Mon Sep 17 00:00:00 2001 -From: Timur Sufiev -Date: Thu, 5 Dec 2013 19:46:28 +0400 +From d5cd4a1e6077d538f7b5ba61b0d98673ef610d9d Mon Sep 17 00:00:00 2001 +From: Igor Yozhikov +Date: Fri, 16 May 2014 14:09:05 +0400 Subject: [PATCH] Adds ability to configure various clients used by the Heat This commit adds config sections [clients_nova], [clients_swift], @@ -22,19 +22,20 @@ for each and every client separately Closes-Bug: #1213122 Implements: blueprint clients-ssl-options Ported from: icehouse. + --- etc/heat/heat.conf.sample | 182 ++++++++++++++++++++++++++++++++++--- heat/common/config.py | 28 +++++- heat/common/heat_keystoneclient.py | 17 ++++ heat/engine/clients.py | 30 +++++- - heat/tests/test_heatclient.py | 36 ++++++-- - 5 files changed, 268 insertions(+), 25 deletions(-) + heat/tests/test_heatclient.py | 50 +++++++--- + 5 files changed, 276 insertions(+), 31 deletions(-) diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample -index 1444f9b..20dadd3 100644 +index d464840..8fa413d 100644 --- a/etc/heat/heat.conf.sample +++ b/etc/heat/heat.conf.sample -@@ -473,6 +473,43 @@ +@@ -482,6 +482,43 @@ #matchmaker_heartbeat_ttl=600 @@ -78,7 +79,7 @@ index 1444f9b..20dadd3 100644 [ssl] # -@@ -568,6 +605,104 @@ +@@ -577,6 +614,104 @@ #api_paste_config=api-paste.ini @@ -183,8 +184,8 @@ index 1444f9b..20dadd3 100644 [rpc_notifier2] # -@@ -683,29 +818,26 @@ - #workers=0 +@@ -710,29 +845,26 @@ + #max_header_line=16384 -[auth_password] @@ -224,7 +225,7 @@ index 1444f9b..20dadd3 100644 [matchmaker_redis] -@@ -724,3 +856,25 @@ +@@ -751,3 +883,25 @@ #password= @@ -421,84 +422,106 @@ index 6deae5b..a749cd2 100644 if cfg.CONF.cloud_backend: cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend) diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py -index 7e195dc..712ffa5 100644 +index 0196324..d4003d0 100644 --- a/heat/tests/test_heatclient.py +++ b/heat/tests/test_heatclient.py -@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_client = heat_keystoneclient.kc.Client( +@@ -67,7 +67,11 @@ class KeystoneClientTest(HeatTestCase): + kc.Client( auth_url=mox.IgnoreArg(), tenant_name='test_tenant', -- token='abcd1234') +- token='abcd1234').AndReturn(self.mock_ks_client) + token='abcd1234', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_client) self.mock_ks_client.authenticate().AndReturn(auth_ok) elif method == 'password': - self.mock_ks_client = heat_keystoneclient.kc.Client( -@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase): + kc.Client( +@@ -75,14 +79,22 @@ class KeystoneClientTest(HeatTestCase): tenant_name='test_tenant', tenant_id='test_tenant_id', username='test_username', -- password='password') +- password='password').AndReturn(self.mock_ks_client) + password='password', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_client) self.mock_ks_client.authenticate().AndReturn(auth_ok) if method == 'trust': - self.mock_ks_client = heat_keystoneclient.kc.Client( + kc.Client( auth_url='http://server.test:5000/v2.0', password='verybadpass', tenant_name='service', -- username='heat') +- username='heat').AndReturn(self.mock_ks_client) + username='heat', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_client) self.mock_ks_client.authenticate(trust_id='atrust123', tenant_id='test_tenant_id' ).AndReturn(auth_ok) -@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( +@@ -95,8 +107,11 @@ class KeystoneClientTest(HeatTestCase): + kc_v3.Client( token='abcd1234', project_name='test_tenant', auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') +- endpoint='http://server.test:5000/v3').AndReturn( +- self.mock_ks_v3_client) + endpoint='http://server.test:5000/v3', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_v3_client) elif method == 'password': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( + kc_v3.Client( username='test_username', -@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase): +@@ -104,15 +119,21 @@ class KeystoneClientTest(HeatTestCase): project_name='test_tenant', project_id='test_tenant_id', auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') +- endpoint='http://server.test:5000/v3').AndReturn( +- self.mock_ks_v3_client) + endpoint='http://server.test:5000/v3', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_v3_client) elif method == 'trust': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( + kc_v3.Client( username='heat', password='verybadpass', project_name='service', -- auth_url='http://server.test:5000/v3') +- auth_url='http://server.test:5000/v3').AndReturn( +- self.mock_ks_v3_client) + auth_url='http://server.test:5000/v3', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_v3_client) self.mock_ks_v3_client.authenticate().AndReturn(auth_ok) def test_username_length(self): +@@ -242,10 +263,15 @@ class KeystoneClientTest(HeatTestCase): + class MockTrust(object): + id = 'atrust123' + +- self._stub_admin_client() +- ++ self.m.StubOutClassWithMocks(heat_keystoneclient.kc, "Client") ++ mock_admin_client = heat_keystoneclient.kc.Client( ++ auth_url=mox.IgnoreArg(), ++ username='heat', ++ password='verybadpass', ++ tenant_name='service') ++ mock_admin_client.auth_ref = self.m.CreateMockAnything() ++ mock_admin_client.auth_ref.user_id = '1234' + self._stubs_v3() +- + self.mock_ks_v3_client.auth_ref = self.m.CreateMockAnything() + self.mock_ks_v3_client.auth_ref.user_id = '5678' + self.mock_ks_v3_client.auth_ref.project_id = '42' -- 1.8.3.2 diff --git a/debian/patches/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch b/debian/patches/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch deleted file mode 100644 index d43d4260..00000000 --- a/debian/patches/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch +++ /dev/null @@ -1,482 +0,0 @@ -From 467adeb3dc9a89aa6b39780b83196501d5c31ea7 Mon Sep 17 00:00:00 2001 -From: Serg Melikyan -Date: Tue, 12 Nov 2013 14:33:17 +0400 -Subject: [PATCH] Adds ability to configure SSL params for clients used by the Heat - ---- - etc/heat/heat.conf.sample | 169 ++++++++++++++++++++++++++++++++++++ - heat/common/config.py | 32 ++++++- - heat/common/heat_keystoneclient.py | 18 ++++ - heat/engine/clients.py | 50 +++++++++-- - heat/tests/test_heatclient.py | 36 ++++++-- - 5 files changed, 291 insertions(+), 14 deletions(-) - -diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample -index 1444f9b..376c98e 100644 ---- a/etc/heat/heat.conf.sample -+++ b/etc/heat/heat.conf.sample -@@ -724,3 +724,172 @@ - #password= - - -+[clients_swift] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+ -+[clients_cinder] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients_nova] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients_ceilometer] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients_neutron] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+ -+[clients_keystone] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -diff --git a/heat/common/config.py b/heat/common/config.py -index 82b4ca5..155d4f4 100644 ---- a/heat/common/config.py -+++ b/heat/common/config.py -@@ -1,4 +1,3 @@ -- - # vim: tabstop=4 shiftwidth=4 softtabstop=4 - - # -@@ -18,6 +17,7 @@ - Routines for configuring Heat - """ - -+import copy - import logging as sys_logging - import os - -@@ -134,6 +134,35 @@ auth_password_opts = [ - 'multi_cloud is enabled. At least one endpoint needs ' - 'to be specified.'))] - -+clients_opts = [ -+ cfg.StrOpt('ca_file', -+ help=_('Optional CA cert file to use in SSL connections')), -+ cfg.StrOpt('cert_file', -+ help=_('Optional PEM-formatted certificate chain file')), -+ cfg.StrOpt('key_file', -+ help=_('Optional PEM-formatted file that contains the ' -+ 'private key')), -+ cfg.BoolOpt('insecure', -+ default=False, -+ help=_("If set then the server's certificate will not " -+ "be verified")), -+ cfg.StrOpt('endpoint_type', -+ default='publicURL', -+ help=_('Endpoint type'))] -+ -+ -+def register_clients_opts(): -+ cfg.CONF.register_opts(clients_opts, group='clients') -+ for client in ('nova', 'swift', 'neutron', 'cinder', -+ 'ceilometer', 'keystone'): -+ client_specific_group = 'clients_' + client -+ # register opts copy and put it to globals in order to -+ # generate_sample.sh to work -+ opts_copy = copy.deepcopy(clients_opts) -+ globals()[client_specific_group + '_opts'] = opts_copy -+ cfg.CONF.register_opts(opts_copy, group=client_specific_group) -+ -+ - cfg.CONF.register_opts(db_opts) - cfg.CONF.register_opts(engine_opts) - cfg.CONF.register_opts(service_opts) -@@ -142,6 +171,7 @@ cfg.CONF.register_group(paste_deploy_group) - cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group) - cfg.CONF.register_group(auth_password_group) - cfg.CONF.register_opts(auth_password_opts, group=auth_password_group) -+register_clients_opts() - - - def rpc_set_default(): -diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py -index 8fb13f7..8099ef2 100644 ---- a/heat/common/heat_keystoneclient.py -+++ b/heat/common/heat_keystoneclient.py -@@ -100,6 +100,10 @@ class KeystoneClient(object): - logger.error("Keystone v2 API connection failed, no password or " - "auth_token!") - raise exception.AuthorizationFailure() -+ kwargs['cacert'] = self._get_client_option('ca_file') -+ kwargs['insecure'] = self._get_client_option('insecure') -+ kwargs['cert'] = self._get_client_option('cert_file') -+ kwargs['key'] = self._get_client_option('key_file') - client_v2 = kc.Client(**kwargs) - - client_v2.authenticate(**auth_kwargs) -@@ -161,12 +165,26 @@ class KeystoneClient(object): - "auth_token!") - raise exception.AuthorizationFailure() - -+ kwargs['cacert'] = self._get_client_option('ca_file') -+ kwargs['insecure'] = self._get_client_option('insecure') -+ kwargs['cert'] = self._get_client_option('cert_file') -+ kwargs['key'] = self._get_client_option('key_file') -+ - client = kc_v3.Client(**kwargs) - # Have to explicitly authenticate() or client.auth_ref is None - client.authenticate() - - return client - -+ def _get_client_option(self, option): -+ try: -+ cfg.CONF.import_opt(option, 'heat.common.config', -+ group='clients_keystone') -+ return getattr(cfg.CONF.clients_keystone, option) -+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError): -+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients') -+ return getattr(cfg.CONF.clients, option) -+ - def create_trust_context(self): - """ - If cfg.CONF.deferred_auth_method is trusts, we create a -diff --git a/heat/engine/clients.py b/heat/engine/clients.py -index 6deae5b..a9475f7 100644 ---- a/heat/engine/clients.py -+++ b/heat/engine/clients.py -@@ -103,12 +103,16 @@ class OpenStackClients(object): - 'service_type': service_type, - 'username': None, - 'api_key': None, -- 'extensions': extensions -+ 'extensions': extensions, -+ 'cacert': self._get_client_option('nova', 'ca_file'), -+ 'insecure': self._get_client_option('nova', 'insecure') - } - - client = novaclient.Client(1.1, **args) - -- management_url = self.url_for(service_type=service_type) -+ management_url = self.url_for( -+ service_type=service_type, -+ endpoint_type=self._get_client_option('nova', 'endpoint_type')) - client.client.auth_token = self.auth_token - client.client.management_url = management_url - -@@ -133,7 +137,12 @@ class OpenStackClients(object): - 'key': None, - 'authurl': None, - 'preauthtoken': self.auth_token, -- 'preauthurl': self.url_for(service_type='object-store') -+ 'preauthurl': self.url_for( -+ service_type='object-store', -+ endpoint_type=self._get_client_option( -+ 'swift', 'endpoint_type')), -+ 'cacert': self._get_client_option('swift', 'ca_file'), -+ 'insecure': self._get_client_option('swift', 'insecure') - } - self._swift = swiftclient.Connection(**args) - return self._swift -@@ -153,7 +162,12 @@ class OpenStackClients(object): - 'auth_url': con.auth_url, - 'service_type': 'network', - 'token': self.auth_token, -- 'endpoint_url': self.url_for(service_type='network') -+ 'endpoint_url': self.url_for( -+ service_type='network', -+ endpoint_type=self._get_client_option( -+ 'neutron', 'endpoint_type')), -+ 'ca_cert': self._get_client_option('neutron', 'ca_file'), -+ 'insecure': self._get_client_option('neutron', 'insecure') - } - - self._neutron = neutronclient.Client(**args) -@@ -176,11 +190,16 @@ class OpenStackClients(object): - 'auth_url': con.auth_url, - 'project_id': con.tenant, - 'username': None, -- 'api_key': None -+ 'api_key': None, -+ 'cacert': self._get_client_option('cinder', 'ca_file'), -+ 'insecure': self._get_client_option('cinder', 'insecure') - } - - self._cinder = cinderclient.Client('1', **args) -- management_url = self.url_for(service_type='volume') -+ management_url = self.url_for( -+ service_type='volume', -+ endpoint_type=self._get_client_option( -+ 'cinder', 'endpoint_type')) - self._cinder.client.auth_token = self.auth_token - self._cinder.client.management_url = management_url - -@@ -201,7 +220,14 @@ class OpenStackClients(object): - 'service_type': 'metering', - 'project_id': con.tenant, - 'token': lambda: self.auth_token, -- 'endpoint': self.url_for(service_type='metering'), -+ 'endpoint': self.url_for( -+ service_type='metering', -+ endpoint_type=self._get_client_option( -+ 'ceilometer', 'endpoint_type')), -+ 'ca_file': self._get_client_option('ceilometer', 'ca_file'), -+ 'cert_file': self._get_client_option('ceilometer', 'cert_file'), -+ 'key_file': self._get_client_option('ceilometer', 'key_file'), -+ 'insecure': self._get_client_option('ceilometer', 'insecure') - } - - client = ceilometerclient.Client(**args) -@@ -209,6 +235,15 @@ class OpenStackClients(object): - self._ceilometer = client - return self._ceilometer - -+ def _get_client_option(self, client, option): -+ try: -+ group_name = 'clients_' + client -+ cfg.CONF.import_opt(option, 'heat.common.config', -+ group=group_name) -+ return getattr(getattr(cfg.CONF, group_name), option) -+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError): -+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients') -+ return getattr(cfg.CONF.clients, option) - - if cfg.CONF.cloud_backend: - cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend) -@@ -217,3 +252,4 @@ else: - Clients = OpenStackClients - - logger.debug('Using backend %s' % Clients) -+ -diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py -index 7e195dc..712ffa5 100644 ---- a/heat/tests/test_heatclient.py -+++ b/heat/tests/test_heatclient.py -@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_client = heat_keystoneclient.kc.Client( - auth_url=mox.IgnoreArg(), - tenant_name='test_tenant', -- token='abcd1234') -+ token='abcd1234', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_client.authenticate().AndReturn(auth_ok) - elif method == 'password': - self.mock_ks_client = heat_keystoneclient.kc.Client( -@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase): - tenant_name='test_tenant', - tenant_id='test_tenant_id', - username='test_username', -- password='password') -+ password='password', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_client.authenticate().AndReturn(auth_ok) - if method == 'trust': - self.mock_ks_client = heat_keystoneclient.kc.Client( - auth_url='http://server.test:5000/v2.0', - password='verybadpass', - tenant_name='service', -- username='heat') -+ username='heat', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_client.authenticate(trust_id='atrust123', - tenant_id='test_tenant_id' - ).AndReturn(auth_ok) -@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( - token='abcd1234', project_name='test_tenant', - auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') -+ endpoint='http://server.test:5000/v3', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - elif method == 'password': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( - username='test_username', -@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase): - project_name='test_tenant', - project_id='test_tenant_id', - auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') -+ endpoint='http://server.test:5000/v3', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - elif method == 'trust': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( - username='heat', - password='verybadpass', - project_name='service', -- auth_url='http://server.test:5000/v3') -+ auth_url='http://server.test:5000/v3', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_v3_client.authenticate().AndReturn(auth_ok) - - def test_username_length(self): --- -1.7.9.5 - diff --git a/debian/patches/revert-stable-havana-requirements.patch b/debian/patches/revert-stable-havana-requirements.patch new file mode 100644 index 00000000..57405dd4 --- /dev/null +++ b/debian/patches/revert-stable-havana-requirements.patch @@ -0,0 +1,34 @@ +Author: Adam Gandelman +Date: Wed Dec 18 10:06:25 PST 2013 +Subject: Reverts stable/havana version bumps to requirements.txt + +Reverts various version bumps to dependencies in stable/havana that +were updated in global requirements to fix gating issues and synced +across projects. + +Index: heat/requirements.txt +=================================================================== +--- heat.orig/requirements.txt 2013-12-18 10:28:05.383258337 -0800 ++++ heat/requirements.txt 2013-12-18 10:29:32.755257546 -0800 +@@ -3,12 +3,12 @@ + eventlet>=0.13.0 + greenlet>=0.3.2 + httplib2 +-iso8601>=0.1.8 ++iso8601>=0.1.4 + kombu>=2.4.8 + argparse + lxml>=2.3 + netaddr +-six>=1.4.1 ++six + sqlalchemy-migrate>=0.7.2 + python-novaclient>=2.15.0 + PasteDeploy>=1.5.0 +@@ -22,5 +22,5 @@ + python-cinderclient>=1.0.6 + PyYAML>=3.1.0 + paramiko>=1.8.0 +-Babel>=1.3 ++Babel>=0.9.6 + oslo.config>=1.2.0 diff --git a/debian/patches/series b/debian/patches/series index 7ac31d7d..83d2ac47 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ +revert-stable-havana-requirements.patch default-sqlite.patch Ability-to-configure-various-clients-used-by-the-Heat.patch Allow-Address-Pairs-feature.patch diff --git a/rpm/SOURCES/switch-to-using-m2crypto.patch b/rpm/SOURCES/0001-Switch-to-using-M2Crypto.patch similarity index 85% rename from rpm/SOURCES/switch-to-using-m2crypto.patch rename to rpm/SOURCES/0001-Switch-to-using-M2Crypto.patch index 797894b1..d309ff13 100644 --- a/rpm/SOURCES/switch-to-using-m2crypto.patch +++ b/rpm/SOURCES/0001-Switch-to-using-M2Crypto.patch @@ -1,14 +1,17 @@ -From 4510d7e7f427ac4b0770832108641a5048624332 Mon Sep 17 00:00:00 2001 +From a1fbe8742861d9ff50302b97570107ccef425fe5 Mon Sep 17 00:00:00 2001 From: Jeff Peeler Date: Wed, 8 May 2013 12:27:35 -0400 Subject: [PATCH] Switch to using M2Crypto This patch uses M2Crypto instead of PyCrypto to perform encryption and decryption of user authentication information. - --- + heat/common/crypt.py | 18 +++++++++++------- + requirements.txt | 2 +- + 2 files changed, 12 insertions(+), 8 deletions(-) + diff --git a/heat/common/crypt.py b/heat/common/crypt.py -index 81b4c92..01fa353 100644 +index 81b4c92..2619b31 100644 --- a/heat/common/crypt.py +++ b/heat/common/crypt.py @@ -14,7 +14,7 @@ @@ -48,8 +51,8 @@ index 81b4c92..01fa353 100644 + op=0) # 0 is decode + res = cipher.update(auth[16:]) + cipher.final() return res -diff --git a/tools/pip-requires b/tools/pip-requires -index 06795f9..091168c 100644 +diff --git a/requirements.txt b/requirements.txt +index 97cc244..65c5734 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ @@ -59,6 +62,3 @@ index 06795f9..091168c 100644 eventlet>=0.13.0 greenlet>=0.3.2 httplib2 --- -1.8.1.4 - diff --git a/rpm/SOURCES/remove-pbr-runtime-dependency.patch b/rpm/SOURCES/0002-remove-pbr-runtime-dependency.patch similarity index 63% rename from rpm/SOURCES/remove-pbr-runtime-dependency.patch rename to rpm/SOURCES/0002-remove-pbr-runtime-dependency.patch index 46cecd13..84b34e02 100644 --- a/rpm/SOURCES/remove-pbr-runtime-dependency.patch +++ b/rpm/SOURCES/0002-remove-pbr-runtime-dependency.patch @@ -1,3 +1,12 @@ +From 72be41f138c2515ea3eabcc7487daa569a6d83ec Mon Sep 17 00:00:00 2001 +From: Jeff Peeler +Date: Mon, 14 Oct 2013 14:30:34 -0400 +Subject: [PATCH] remove pbr runtime dependency + +--- + heat/version.py | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + diff --git a/heat/version.py b/heat/version.py index a717606..8ea213a 100644 --- a/heat/version.py diff --git a/rpm/SOURCES/heat-newdeps.patch b/rpm/SOURCES/0003-Adjust-to-handle-parallel-installed-packages.patch similarity index 70% rename from rpm/SOURCES/heat-newdeps.patch rename to rpm/SOURCES/0003-Adjust-to-handle-parallel-installed-packages.patch index b40a313a..2e17a52f 100644 --- a/rpm/SOURCES/heat-newdeps.patch +++ b/rpm/SOURCES/0003-Adjust-to-handle-parallel-installed-packages.patch @@ -1,11 +1,20 @@ -diff --git a/heat/common/__init__.py b/heat/common/__init__.py -index e8e4035..0db8b7e 100644 ---- a/heat/common/__init__.py -+++ b/heat/common/__init__.py -@@ -12,3 +12,36 @@ - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. +From cef08c6f737b5aac8d811080cdbd70a2c10e0896 Mon Sep 17 00:00:00 2001 +From: Jeff Peeler +Date: Tue, 2 Apr 2013 18:08:48 -0400 +Subject: [PATCH] Adjust to handle parallel installed packages + +--- + heat/__init__.py | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/heat/__init__.py b/heat/__init__.py +index 57e2d0f..d9df4ce 100644 +--- a/heat/__init__.py ++++ b/heat/__init__.py +@@ -19,3 +19,36 @@ from heat.openstack.common import gettextutils + + + gettextutils.install('heat') + +import sys +import pkg_resources diff --git a/rpm/SOURCES/Ability-to-configure-various-clients-used-by-the-Heat.patch b/rpm/SOURCES/Ability-to-configure-various-clients-used-by-the-Heat.patch index dad7d148..7bc1448b 100644 --- a/rpm/SOURCES/Ability-to-configure-various-clients-used-by-the-Heat.patch +++ b/rpm/SOURCES/Ability-to-configure-various-clients-used-by-the-Heat.patch @@ -1,6 +1,6 @@ -From ac190f0da6ce367cc833b92677266e7bbf7e2270 Mon Sep 17 00:00:00 2001 -From: Timur Sufiev -Date: Thu, 5 Dec 2013 19:46:28 +0400 +From d5cd4a1e6077d538f7b5ba61b0d98673ef610d9d Mon Sep 17 00:00:00 2001 +From: Igor Yozhikov +Date: Fri, 16 May 2014 14:09:05 +0400 Subject: [PATCH] Adds ability to configure various clients used by the Heat This commit adds config sections [clients_nova], [clients_swift], @@ -22,19 +22,20 @@ for each and every client separately Closes-Bug: #1213122 Implements: blueprint clients-ssl-options Ported from: icehouse. + --- etc/heat/heat.conf.sample | 182 ++++++++++++++++++++++++++++++++++--- heat/common/config.py | 28 +++++- heat/common/heat_keystoneclient.py | 17 ++++ heat/engine/clients.py | 30 +++++- - heat/tests/test_heatclient.py | 36 ++++++-- - 5 files changed, 268 insertions(+), 25 deletions(-) + heat/tests/test_heatclient.py | 50 +++++++--- + 5 files changed, 276 insertions(+), 31 deletions(-) diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample -index 1444f9b..20dadd3 100644 +index d464840..8fa413d 100644 --- a/etc/heat/heat.conf.sample +++ b/etc/heat/heat.conf.sample -@@ -473,6 +473,43 @@ +@@ -482,6 +482,43 @@ #matchmaker_heartbeat_ttl=600 @@ -78,7 +79,7 @@ index 1444f9b..20dadd3 100644 [ssl] # -@@ -568,6 +605,104 @@ +@@ -577,6 +614,104 @@ #api_paste_config=api-paste.ini @@ -183,8 +184,8 @@ index 1444f9b..20dadd3 100644 [rpc_notifier2] # -@@ -683,29 +818,26 @@ - #workers=0 +@@ -710,29 +845,26 @@ + #max_header_line=16384 -[auth_password] @@ -224,7 +225,7 @@ index 1444f9b..20dadd3 100644 [matchmaker_redis] -@@ -724,3 +856,25 @@ +@@ -751,3 +883,25 @@ #password= @@ -421,84 +422,106 @@ index 6deae5b..a749cd2 100644 if cfg.CONF.cloud_backend: cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend) diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py -index 7e195dc..712ffa5 100644 +index 0196324..d4003d0 100644 --- a/heat/tests/test_heatclient.py +++ b/heat/tests/test_heatclient.py -@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_client = heat_keystoneclient.kc.Client( +@@ -67,7 +67,11 @@ class KeystoneClientTest(HeatTestCase): + kc.Client( auth_url=mox.IgnoreArg(), tenant_name='test_tenant', -- token='abcd1234') +- token='abcd1234').AndReturn(self.mock_ks_client) + token='abcd1234', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_client) self.mock_ks_client.authenticate().AndReturn(auth_ok) elif method == 'password': - self.mock_ks_client = heat_keystoneclient.kc.Client( -@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase): + kc.Client( +@@ -75,14 +79,22 @@ class KeystoneClientTest(HeatTestCase): tenant_name='test_tenant', tenant_id='test_tenant_id', username='test_username', -- password='password') +- password='password').AndReturn(self.mock_ks_client) + password='password', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_client) self.mock_ks_client.authenticate().AndReturn(auth_ok) if method == 'trust': - self.mock_ks_client = heat_keystoneclient.kc.Client( + kc.Client( auth_url='http://server.test:5000/v2.0', password='verybadpass', tenant_name='service', -- username='heat') +- username='heat').AndReturn(self.mock_ks_client) + username='heat', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_client) self.mock_ks_client.authenticate(trust_id='atrust123', tenant_id='test_tenant_id' ).AndReturn(auth_ok) -@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( +@@ -95,8 +107,11 @@ class KeystoneClientTest(HeatTestCase): + kc_v3.Client( token='abcd1234', project_name='test_tenant', auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') +- endpoint='http://server.test:5000/v3').AndReturn( +- self.mock_ks_v3_client) + endpoint='http://server.test:5000/v3', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_v3_client) elif method == 'password': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( + kc_v3.Client( username='test_username', -@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase): +@@ -104,15 +119,21 @@ class KeystoneClientTest(HeatTestCase): project_name='test_tenant', project_id='test_tenant_id', auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') +- endpoint='http://server.test:5000/v3').AndReturn( +- self.mock_ks_v3_client) + endpoint='http://server.test:5000/v3', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_v3_client) elif method == 'trust': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( + kc_v3.Client( username='heat', password='verybadpass', project_name='service', -- auth_url='http://server.test:5000/v3') +- auth_url='http://server.test:5000/v3').AndReturn( +- self.mock_ks_v3_client) + auth_url='http://server.test:5000/v3', + cacert=None, + cert=None, + insecure=False, -+ key=None) ++ key=None).AndReturn(self.mock_ks_v3_client) self.mock_ks_v3_client.authenticate().AndReturn(auth_ok) def test_username_length(self): +@@ -242,10 +263,15 @@ class KeystoneClientTest(HeatTestCase): + class MockTrust(object): + id = 'atrust123' + +- self._stub_admin_client() +- ++ self.m.StubOutClassWithMocks(heat_keystoneclient.kc, "Client") ++ mock_admin_client = heat_keystoneclient.kc.Client( ++ auth_url=mox.IgnoreArg(), ++ username='heat', ++ password='verybadpass', ++ tenant_name='service') ++ mock_admin_client.auth_ref = self.m.CreateMockAnything() ++ mock_admin_client.auth_ref.user_id = '1234' + self._stubs_v3() +- + self.mock_ks_v3_client.auth_ref = self.m.CreateMockAnything() + self.mock_ks_v3_client.auth_ref.user_id = '5678' + self.mock_ks_v3_client.auth_ref.project_id = '42' -- 1.8.3.2 diff --git a/rpm/SOURCES/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch b/rpm/SOURCES/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch deleted file mode 100644 index d43d4260..00000000 --- a/rpm/SOURCES/SSL_parameters_for_various_clients_used_in_Heat_Havana_stable.patch +++ /dev/null @@ -1,482 +0,0 @@ -From 467adeb3dc9a89aa6b39780b83196501d5c31ea7 Mon Sep 17 00:00:00 2001 -From: Serg Melikyan -Date: Tue, 12 Nov 2013 14:33:17 +0400 -Subject: [PATCH] Adds ability to configure SSL params for clients used by the Heat - ---- - etc/heat/heat.conf.sample | 169 ++++++++++++++++++++++++++++++++++++ - heat/common/config.py | 32 ++++++- - heat/common/heat_keystoneclient.py | 18 ++++ - heat/engine/clients.py | 50 +++++++++-- - heat/tests/test_heatclient.py | 36 ++++++-- - 5 files changed, 291 insertions(+), 14 deletions(-) - -diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample -index 1444f9b..376c98e 100644 ---- a/etc/heat/heat.conf.sample -+++ b/etc/heat/heat.conf.sample -@@ -724,3 +724,172 @@ - #password= - - -+[clients_swift] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+ -+[clients_cinder] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients_nova] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients_ceilometer] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+[clients_neutron] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -+ -+ -+[clients_keystone] -+ -+# -+# Options defined in heat.common.config -+# -+ -+# Optional CA cert file to use in SSL connections (string -+# value) -+#ca_file= -+ -+# Optional PEM-formatted certificate chain file (string value) -+#cert_file= -+ -+# Optional PEM-formatted file that contains the private key -+# (string value) -+#key_file= -+ -+# If set then the server's certificate will not be verified -+# (boolean value) -+#insecure=false -+ -+# Endpoint type -+#endpoint_type=publicURL -diff --git a/heat/common/config.py b/heat/common/config.py -index 82b4ca5..155d4f4 100644 ---- a/heat/common/config.py -+++ b/heat/common/config.py -@@ -1,4 +1,3 @@ -- - # vim: tabstop=4 shiftwidth=4 softtabstop=4 - - # -@@ -18,6 +17,7 @@ - Routines for configuring Heat - """ - -+import copy - import logging as sys_logging - import os - -@@ -134,6 +134,35 @@ auth_password_opts = [ - 'multi_cloud is enabled. At least one endpoint needs ' - 'to be specified.'))] - -+clients_opts = [ -+ cfg.StrOpt('ca_file', -+ help=_('Optional CA cert file to use in SSL connections')), -+ cfg.StrOpt('cert_file', -+ help=_('Optional PEM-formatted certificate chain file')), -+ cfg.StrOpt('key_file', -+ help=_('Optional PEM-formatted file that contains the ' -+ 'private key')), -+ cfg.BoolOpt('insecure', -+ default=False, -+ help=_("If set then the server's certificate will not " -+ "be verified")), -+ cfg.StrOpt('endpoint_type', -+ default='publicURL', -+ help=_('Endpoint type'))] -+ -+ -+def register_clients_opts(): -+ cfg.CONF.register_opts(clients_opts, group='clients') -+ for client in ('nova', 'swift', 'neutron', 'cinder', -+ 'ceilometer', 'keystone'): -+ client_specific_group = 'clients_' + client -+ # register opts copy and put it to globals in order to -+ # generate_sample.sh to work -+ opts_copy = copy.deepcopy(clients_opts) -+ globals()[client_specific_group + '_opts'] = opts_copy -+ cfg.CONF.register_opts(opts_copy, group=client_specific_group) -+ -+ - cfg.CONF.register_opts(db_opts) - cfg.CONF.register_opts(engine_opts) - cfg.CONF.register_opts(service_opts) -@@ -142,6 +171,7 @@ cfg.CONF.register_group(paste_deploy_group) - cfg.CONF.register_opts(paste_deploy_opts, group=paste_deploy_group) - cfg.CONF.register_group(auth_password_group) - cfg.CONF.register_opts(auth_password_opts, group=auth_password_group) -+register_clients_opts() - - - def rpc_set_default(): -diff --git a/heat/common/heat_keystoneclient.py b/heat/common/heat_keystoneclient.py -index 8fb13f7..8099ef2 100644 ---- a/heat/common/heat_keystoneclient.py -+++ b/heat/common/heat_keystoneclient.py -@@ -100,6 +100,10 @@ class KeystoneClient(object): - logger.error("Keystone v2 API connection failed, no password or " - "auth_token!") - raise exception.AuthorizationFailure() -+ kwargs['cacert'] = self._get_client_option('ca_file') -+ kwargs['insecure'] = self._get_client_option('insecure') -+ kwargs['cert'] = self._get_client_option('cert_file') -+ kwargs['key'] = self._get_client_option('key_file') - client_v2 = kc.Client(**kwargs) - - client_v2.authenticate(**auth_kwargs) -@@ -161,12 +165,26 @@ class KeystoneClient(object): - "auth_token!") - raise exception.AuthorizationFailure() - -+ kwargs['cacert'] = self._get_client_option('ca_file') -+ kwargs['insecure'] = self._get_client_option('insecure') -+ kwargs['cert'] = self._get_client_option('cert_file') -+ kwargs['key'] = self._get_client_option('key_file') -+ - client = kc_v3.Client(**kwargs) - # Have to explicitly authenticate() or client.auth_ref is None - client.authenticate() - - return client - -+ def _get_client_option(self, option): -+ try: -+ cfg.CONF.import_opt(option, 'heat.common.config', -+ group='clients_keystone') -+ return getattr(cfg.CONF.clients_keystone, option) -+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError): -+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients') -+ return getattr(cfg.CONF.clients, option) -+ - def create_trust_context(self): - """ - If cfg.CONF.deferred_auth_method is trusts, we create a -diff --git a/heat/engine/clients.py b/heat/engine/clients.py -index 6deae5b..a9475f7 100644 ---- a/heat/engine/clients.py -+++ b/heat/engine/clients.py -@@ -103,12 +103,16 @@ class OpenStackClients(object): - 'service_type': service_type, - 'username': None, - 'api_key': None, -- 'extensions': extensions -+ 'extensions': extensions, -+ 'cacert': self._get_client_option('nova', 'ca_file'), -+ 'insecure': self._get_client_option('nova', 'insecure') - } - - client = novaclient.Client(1.1, **args) - -- management_url = self.url_for(service_type=service_type) -+ management_url = self.url_for( -+ service_type=service_type, -+ endpoint_type=self._get_client_option('nova', 'endpoint_type')) - client.client.auth_token = self.auth_token - client.client.management_url = management_url - -@@ -133,7 +137,12 @@ class OpenStackClients(object): - 'key': None, - 'authurl': None, - 'preauthtoken': self.auth_token, -- 'preauthurl': self.url_for(service_type='object-store') -+ 'preauthurl': self.url_for( -+ service_type='object-store', -+ endpoint_type=self._get_client_option( -+ 'swift', 'endpoint_type')), -+ 'cacert': self._get_client_option('swift', 'ca_file'), -+ 'insecure': self._get_client_option('swift', 'insecure') - } - self._swift = swiftclient.Connection(**args) - return self._swift -@@ -153,7 +162,12 @@ class OpenStackClients(object): - 'auth_url': con.auth_url, - 'service_type': 'network', - 'token': self.auth_token, -- 'endpoint_url': self.url_for(service_type='network') -+ 'endpoint_url': self.url_for( -+ service_type='network', -+ endpoint_type=self._get_client_option( -+ 'neutron', 'endpoint_type')), -+ 'ca_cert': self._get_client_option('neutron', 'ca_file'), -+ 'insecure': self._get_client_option('neutron', 'insecure') - } - - self._neutron = neutronclient.Client(**args) -@@ -176,11 +190,16 @@ class OpenStackClients(object): - 'auth_url': con.auth_url, - 'project_id': con.tenant, - 'username': None, -- 'api_key': None -+ 'api_key': None, -+ 'cacert': self._get_client_option('cinder', 'ca_file'), -+ 'insecure': self._get_client_option('cinder', 'insecure') - } - - self._cinder = cinderclient.Client('1', **args) -- management_url = self.url_for(service_type='volume') -+ management_url = self.url_for( -+ service_type='volume', -+ endpoint_type=self._get_client_option( -+ 'cinder', 'endpoint_type')) - self._cinder.client.auth_token = self.auth_token - self._cinder.client.management_url = management_url - -@@ -201,7 +220,14 @@ class OpenStackClients(object): - 'service_type': 'metering', - 'project_id': con.tenant, - 'token': lambda: self.auth_token, -- 'endpoint': self.url_for(service_type='metering'), -+ 'endpoint': self.url_for( -+ service_type='metering', -+ endpoint_type=self._get_client_option( -+ 'ceilometer', 'endpoint_type')), -+ 'ca_file': self._get_client_option('ceilometer', 'ca_file'), -+ 'cert_file': self._get_client_option('ceilometer', 'cert_file'), -+ 'key_file': self._get_client_option('ceilometer', 'key_file'), -+ 'insecure': self._get_client_option('ceilometer', 'insecure') - } - - client = ceilometerclient.Client(**args) -@@ -209,6 +235,15 @@ class OpenStackClients(object): - self._ceilometer = client - return self._ceilometer - -+ def _get_client_option(self, client, option): -+ try: -+ group_name = 'clients_' + client -+ cfg.CONF.import_opt(option, 'heat.common.config', -+ group=group_name) -+ return getattr(getattr(cfg.CONF, group_name), option) -+ except (cfg.NoSuchGroupError, cfg.NoSuchOptError): -+ cfg.CONF.import_opt(option, 'heat.common.config', group='clients') -+ return getattr(cfg.CONF.clients, option) - - if cfg.CONF.cloud_backend: - cloud_backend_module = importutils.import_module(cfg.CONF.cloud_backend) -@@ -217,3 +252,4 @@ else: - Clients = OpenStackClients - - logger.debug('Using backend %s' % Clients) -+ -diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py -index 7e195dc..712ffa5 100644 ---- a/heat/tests/test_heatclient.py -+++ b/heat/tests/test_heatclient.py -@@ -51,7 +51,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_client = heat_keystoneclient.kc.Client( - auth_url=mox.IgnoreArg(), - tenant_name='test_tenant', -- token='abcd1234') -+ token='abcd1234', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_client.authenticate().AndReturn(auth_ok) - elif method == 'password': - self.mock_ks_client = heat_keystoneclient.kc.Client( -@@ -59,14 +63,22 @@ class KeystoneClientTest(HeatTestCase): - tenant_name='test_tenant', - tenant_id='test_tenant_id', - username='test_username', -- password='password') -+ password='password', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_client.authenticate().AndReturn(auth_ok) - if method == 'trust': - self.mock_ks_client = heat_keystoneclient.kc.Client( - auth_url='http://server.test:5000/v2.0', - password='verybadpass', - tenant_name='service', -- username='heat') -+ username='heat', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_client.authenticate(trust_id='atrust123', - tenant_id='test_tenant_id' - ).AndReturn(auth_ok) -@@ -81,7 +93,11 @@ class KeystoneClientTest(HeatTestCase): - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( - token='abcd1234', project_name='test_tenant', - auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') -+ endpoint='http://server.test:5000/v3', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - elif method == 'password': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( - username='test_username', -@@ -89,13 +105,21 @@ class KeystoneClientTest(HeatTestCase): - project_name='test_tenant', - project_id='test_tenant_id', - auth_url='http://server.test:5000/v3', -- endpoint='http://server.test:5000/v3') -+ endpoint='http://server.test:5000/v3', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - elif method == 'trust': - self.mock_ks_v3_client = heat_keystoneclient.kc_v3.Client( - username='heat', - password='verybadpass', - project_name='service', -- auth_url='http://server.test:5000/v3') -+ auth_url='http://server.test:5000/v3', -+ cacert=None, -+ cert=None, -+ insecure=False, -+ key=None) - self.mock_ks_v3_client.authenticate().AndReturn(auth_ok) - - def test_username_length(self): --- -1.7.9.5 - diff --git a/rpm/SOURCES/openstack-heat-api-cfn.init b/rpm/SOURCES/openstack-heat-api-cfn.init index 87d845f3..acdf1c5e 100644 --- a/rpm/SOURCES/openstack-heat-api-cfn.init +++ b/rpm/SOURCES/openstack-heat-api-cfn.init @@ -20,8 +20,8 @@ . /etc/rc.d/init.d/functions -prog=heat-api-cfn -exec="/usr/bin/$prog" +prog=openstack-heat-api-cfn +exec="/usr/bin/heat-api-cfn" config="/etc/heat/heat.conf" pidfile="/var/run/heat/$prog.pid" diff --git a/rpm/SOURCES/openstack-heat-api-cloudwatch.init b/rpm/SOURCES/openstack-heat-api-cloudwatch.init index 7edbdf68..fd8f7703 100644 --- a/rpm/SOURCES/openstack-heat-api-cloudwatch.init +++ b/rpm/SOURCES/openstack-heat-api-cloudwatch.init @@ -18,8 +18,8 @@ . /etc/rc.d/init.d/functions -prog=heat-api-cloudwatch -exec="/usr/bin/$prog" +prog=openstack-heat-api-cloudwatch +exec="/usr/bin/heat-api-cloudwatch" config="/etc/heat/heat.conf" pidfile="/var/run/heat/$prog.pid" diff --git a/rpm/SOURCES/openstack-heat-api.init b/rpm/SOURCES/openstack-heat-api.init index 9747ce70..bfed9953 100644 --- a/rpm/SOURCES/openstack-heat-api.init +++ b/rpm/SOURCES/openstack-heat-api.init @@ -20,8 +20,8 @@ . /etc/rc.d/init.d/functions -prog=heat-api -exec="/usr/bin/$prog" +prog=openstack-heat-api +exec="/usr/bin/heat-api" config="/etc/heat/heat.conf" pidfile="/var/run/heat/$prog.pid" diff --git a/rpm/SOURCES/openstack-heat-engine.init b/rpm/SOURCES/openstack-heat-engine.init index 8422fd28..573937cf 100644 --- a/rpm/SOURCES/openstack-heat-engine.init +++ b/rpm/SOURCES/openstack-heat-engine.init @@ -18,8 +18,8 @@ . /etc/rc.d/init.d/functions -prog=heat-engine -exec="/usr/bin/$prog" +prog=openstack-heat-engine +exec="/usr/bin/heat-engine" config="/etc/heat/heat.conf" pidfile="/var/run/heat/$prog.pid" diff --git a/rpm/SPECS/openstack-heat.spec b/rpm/SPECS/openstack-heat.spec index c899f8b7..91685d62 100644 --- a/rpm/SPECS/openstack-heat.spec +++ b/rpm/SPECS/openstack-heat.spec @@ -7,8 +7,8 @@ Name: openstack-heat Summary: OpenStack Orchestration (heat) -Version: 2013.2 -Release: 1.0%{?dist} +Version: 2013.2.3 +Release: 1.1%{?dist} License: ASL 2.0 Group: System Environment/Base URL: http://www.openstack.org @@ -23,12 +23,15 @@ Source4: openstack-heat-engine.init Source5: openstack-heat-api-cloudwatch.init Source20: heat-dist.conf -Patch0: switch-to-using-m2crypto.patch -Patch1: remove-pbr-runtime-dependency.patch +# +# patches_base=2013.2.3 +# +Patch0001: 0001-Switch-to-using-M2Crypto.patch +Patch0002: 0002-remove-pbr-runtime-dependency.patch +Patch0003: 0003-Adjust-to-handle-parallel-installed-packages.patch # EPEL specific patch, not upstream -Patch100: heat-newdeps.patch Patch200: Ability-to-configure-various-clients-used-by-the-Heat.patch -Patch300: Allow-Address-Pairs-feature.patch +Patch300: Allow-Address-Pairs-feature.patch BuildArch: noarch BuildRequires: git @@ -76,12 +79,12 @@ Requires: %{name}-api-cloudwatch = %{version}-%{release} %prep %setup -q -n %{full_release} -%patch0 -p1 -%patch1 -p1 -%patch100 -p1 + +%patch0001 -p1 +%patch0002 -p1 +%patch0003 -p1 %patch200 -p1 %patch300 -p1 - sed -i s/REDHATHEATVERSION/%{version}/ heat/version.py sed -i s/REDHATHEATRELEASE/%{release}/ heat/version.py @@ -212,7 +215,7 @@ Requires: python-babel Requires: python-paste-deploy1.5 Requires: python-routes1.12 Requires: python-sqlalchemy0.7 -Requires: python-webob1.2 +Requires: python-webob Requires(pre): shadow-utils @@ -410,6 +413,18 @@ fi %changelog +* Mon Apr 7 2014 Jeff Peeler 2013.2.3-1.1 +- update to 2013.2.3 + +* Wed Feb 19 2014 Jeff Peeler 2013.2.2-1 +- update to 2013.2.2 + +* Fri Jan 03 2014 Pádraig Brady 2013.2.1-2 +- Fix heat-manage to work with parallel installed packages + +* Mon Dec 16 2013 Jeff Peeler 2013.2.1-1 +- update to 2013.2.1 + * Thu Oct 17 2013 Jeff Peeler 2013.2-1 - update to havana final -- 2.45.2