From 242c098498a12c5af60b97818d4c547ff90614d6 Mon Sep 17 00:00:00 2001 From: Fawad Khaliq Date: Tue, 15 Jul 2014 17:51:44 -0700 Subject: [PATCH 0001/3421] Enable security group extension in PLUMgrid plugin Implements: blueprint plumgrid-neutron-security-groups Change-Id: I30392adff5e3250a1c4f9f1f04fc7e0587007226 --- lib/neutron_plugins/plumgrid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/neutron_plugins/plumgrid b/lib/neutron_plugins/plumgrid index 178bca7dc2..00e2c95efb 100644 --- a/lib/neutron_plugins/plumgrid +++ b/lib/neutron_plugins/plumgrid @@ -46,8 +46,8 @@ function is_neutron_ovs_base_plugin { } function has_neutron_plugin_security_group { - # False - return 1 + # return 0 means enabled + return 0 } function neutron_plugin_check_adv_test_requirements { From 7df9d1be17162feabeaba35faa87baf09debe590 Mon Sep 17 00:00:00 2001 From: Angus Lees Date: Mon, 21 Jul 2014 15:35:34 +1000 Subject: [PATCH 0002/3421] Ensure sbin is in PATH. Some distros (Debian) don't have sbin in PATH for non-root users. Nova (and possibly other services) assumes that it can invoke "sysctl" without sudo. Change-Id: Iced21fc1378af309fb49688f9b63f2cd8383e304 Closes-Bug: #1300800 --- stack.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/stack.sh b/stack.sh index 94b90d18c0..5f12a8083a 100755 --- a/stack.sh +++ b/stack.sh @@ -34,6 +34,9 @@ export LC_ALL # Make sure umask is sane umask 022 +# Not all distros have sbin in PATH for regular users. +PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin + # Keep track of the devstack directory TOP_DIR=$(cd $(dirname "$0") && pwd) From 122a16fb95e480126319844d94196ea3327b71e8 Mon Sep 17 00:00:00 2001 From: Andrea Frittoli Date: Thu, 14 Aug 2014 08:18:40 +0100 Subject: [PATCH 0003/3421] Tempest allow_tenant_isolation in auth section Tempest change 107685 moves allow_tenant_isolation from compute group to auth group, making the old format deprecated. Switching to the new format. Change-Id: Iff79986c2564610efde4791b7e61df3db859e199 --- lib/tempest | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/tempest b/lib/tempest index d6d6020adf..4fc064c56d 100644 --- a/lib/tempest +++ b/lib/tempest @@ -272,8 +272,10 @@ function configure_tempest { iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE fi + # Auth + iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True} + # Compute - iniset $TEMPEST_CONFIG compute allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True} iniset $TEMPEST_CONFIG compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED iniset $TEMPEST_CONFIG compute network_for_ssh $PRIVATE_NETWORK_NAME iniset $TEMPEST_CONFIG compute ip_version_for_ssh 4 From b4495eb410e3ad348700f127dcf7c0562014c325 Mon Sep 17 00:00:00 2001 From: Noboru Iwamatsu Date: Wed, 2 Jul 2014 18:31:31 +0900 Subject: [PATCH 0004/3421] Use mod_version to clean-up apache version matching This change uses mod_version (shipped by default on everything we care about) to set-up version-specific config within apache rather than within devstack scripts. Clean up the horizon and keystone config file generation to use the internal apache matching. Since I6478db385fda2fa1c75ced12d3e886b2e1152852 the apache matching in 'functions' is actually duplicated. just leave get_apache_version in lib/apache as it is used for config-file name matching in there. Change-Id: I6478db385fda2fa1c75ced12d3e886b2e1152852 --- files/apache-horizon.template | 12 +++++++++--- files/apache-keystone.template | 8 ++++++-- functions | 12 ------------ lib/apache | 5 +++++ lib/horizon | 7 ------- lib/keystone | 7 ------- 6 files changed, 20 insertions(+), 31 deletions(-) diff --git a/files/apache-horizon.template b/files/apache-horizon.template index c1dd6934f3..bca1251bec 100644 --- a/files/apache-horizon.template +++ b/files/apache-horizon.template @@ -17,10 +17,16 @@ Options Indexes FollowSymLinks MultiViews - %HORIZON_REQUIRE% AllowOverride None - Order allow,deny - allow from all + # Apache 2.4 uses mod_authz_host for access control now (instead of + # "Allow") + + Order allow,deny + Allow from all + + = 2.4> + Require all granted + ErrorLog /var/log/%APACHE_NAME%/horizon_error.log diff --git a/files/apache-keystone.template b/files/apache-keystone.template index e7b215768c..b4bdb16f00 100644 --- a/files/apache-keystone.template +++ b/files/apache-keystone.template @@ -6,7 +6,9 @@ Listen %ADMINPORT% WSGIProcessGroup keystone-public WSGIScriptAlias / %PUBLICWSGI% WSGIApplicationGroup %{GLOBAL} - %ERRORLOGFORMAT% + = 2.4> + ErrorLogFormat "%{cu}t %M" + ErrorLog /var/log/%APACHE_NAME%/keystone.log CustomLog /var/log/%APACHE_NAME%/access.log combined @@ -16,7 +18,9 @@ Listen %ADMINPORT% WSGIProcessGroup keystone-admin WSGIScriptAlias / %ADMINWSGI% WSGIApplicationGroup %{GLOBAL} - %ERRORLOGFORMAT% + = 2.4> + ErrorLogFormat "%{cu}t %M" + ErrorLog /var/log/%APACHE_NAME%/keystone.log CustomLog /var/log/%APACHE_NAME%/access.log combined diff --git a/functions b/functions index 76f704792e..0194acf64e 100644 --- a/functions +++ b/functions @@ -21,18 +21,6 @@ function function_exists { declare -f -F $1 > /dev/null } -# Checks if installed Apache is <= given version -# $1 = x.y.z (version string of Apache) -function check_apache_version { - local cmd="apachectl" - if ! [[ -x $(which apachectl 2>/dev/null) ]]; then - cmd="/usr/sbin/apachectl" - fi - - local version=$($cmd -v | grep version | grep -Po 'Apache/\K[^ ]*') - expr "$version" '>=' $1 > /dev/null -} - # Cleanup anything from /tmp on unstack # clean_tmp diff --git a/lib/apache b/lib/apache index 6d22290c42..2c436816c3 100644 --- a/lib/apache +++ b/lib/apache @@ -59,6 +59,11 @@ function install_apache_wsgi { else exit_distro_not_supported "apache installation" fi + + # ensure mod_version enabled for . This is + # built-in statically on anything recent, but precise (2.2) + # doesn't have it enabled + sudo a2enmod version || true } # get_apache_version() - return the version of Apache installed diff --git a/lib/horizon b/lib/horizon index 614a0c86a8..19693efd96 100644 --- a/lib/horizon +++ b/lib/horizon @@ -120,12 +120,6 @@ function init_horizon { # Create an empty directory that apache uses as docroot sudo mkdir -p $HORIZON_DIR/.blackhole - # Apache 2.4 uses mod_authz_host for access control now (instead of "Allow") - local horizon_require='' - if check_apache_version "2.4" ; then - horizon_require='Require all granted' - fi - local horizon_conf=$(apache_site_config_for horizon) # Configure apache to run horizon @@ -135,7 +129,6 @@ function init_horizon { s,%HORIZON_DIR%,$HORIZON_DIR,g; s,%APACHE_NAME%,$APACHE_NAME,g; s,%DEST%,$DEST,g; - s,%HORIZON_REQUIRE%,$horizon_require,g; \" $FILES/apache-horizon.template >$horizon_conf" if is_ubuntu; then diff --git a/lib/keystone b/lib/keystone index c1b0b8786f..9e234b49d2 100644 --- a/lib/keystone +++ b/lib/keystone @@ -125,12 +125,6 @@ function _config_keystone_apache_wsgi { local keystone_apache_conf=$(apache_site_config_for keystone) local apache_version=$(get_apache_version) - if [[ ${apache_version#*\.} -ge 4 ]]; then - # Apache 2.4 supports custom error log formats - # this should mirror the original log formatting. - local errorlogformat='ErrorLogFormat "%{cu}t %M"' - fi - # copy proxy vhost and wsgi file sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin @@ -143,7 +137,6 @@ function _config_keystone_apache_wsgi { s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; s|%USER%|$STACK_USER|g - s|%ERRORLOGFORMAT%|$errorlogformat|g; " -i $keystone_apache_conf enable_apache_site keystone } From ffd17680d523bc0042a3c2eb8be8e29c307ce1b0 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Sat, 2 Aug 2014 16:07:03 -0500 Subject: [PATCH 0005/3421] Re-order stack.sh 3: logging and error traps Part 3 of a series Re-order the setup and check bits in the top portion of stack.sh to have a logical flow with similar things done together. No behaviour changes are intended aside from the order of execution. Any such changes are bugs. * Move logging and error configuration earlier to cover initial project setup. Change-Id: Ib16bbe20f224b1cf5e86c7a2fda0d9472c108873 --- lib/rpc_backend | 2 +- stack.sh | 352 ++++++++++++++++++++++++------------------------ 2 files changed, 177 insertions(+), 177 deletions(-) diff --git a/lib/rpc_backend b/lib/rpc_backend index 38da50c4f8..d527c6bded 100644 --- a/lib/rpc_backend +++ b/lib/rpc_backend @@ -43,7 +43,7 @@ function check_rpc_backend { local rpc_backend_cnt=0 for svc in qpid zeromq rabbit; do is_service_enabled $svc && - ((rpc_backend_cnt++)) + (( rpc_backend_cnt++ )) || true done if [ "$rpc_backend_cnt" -gt 1 ]; then echo "ERROR: only one rpc backend may be enabled," diff --git a/stack.sh b/stack.sh index 68eac7c04c..f42e50a071 100755 --- a/stack.sh +++ b/stack.sh @@ -177,9 +177,6 @@ if [[ ,${ENABLED_SERVICES}, =~ ,"swift", ]]; then exit 1 fi -# Set up logging level -VERBOSE=$(trueorfalse True $VERBOSE) - # Configure sudo # -------------- @@ -285,6 +282,182 @@ if [ -z "`grep ^127.0.0.1 /etc/hosts | grep $LOCAL_HOSTNAME`" ]; then fi +# Configure Logging +# ----------------- + +# Set up logging level +VERBOSE=$(trueorfalse True $VERBOSE) + +# Draw a spinner so the user knows something is happening +function spinner { + local delay=0.75 + local spinstr='/-\|' + printf "..." >&3 + while [ true ]; do + local temp=${spinstr#?} + printf "[%c]" "$spinstr" >&3 + local spinstr=$temp${spinstr%"$temp"} + sleep $delay + printf "\b\b\b" >&3 + done +} + +function kill_spinner { + if [ ! -z "$LAST_SPINNER_PID" ]; then + kill >/dev/null 2>&1 $LAST_SPINNER_PID + printf "\b\b\bdone\n" >&3 + fi +} + +# Echo text to the log file, summary log file and stdout +# echo_summary "something to say" +function echo_summary { + if [[ -t 3 && "$VERBOSE" != "True" ]]; then + kill_spinner + echo -n -e $@ >&6 + spinner & + LAST_SPINNER_PID=$! + else + echo -e $@ >&6 + fi +} + +# Echo text only to stdout, no log files +# echo_nolog "something not for the logs" +function echo_nolog { + echo $@ >&3 +} + +if [[ is_fedora && $DISTRO == "rhel6" ]]; then + # poor old python2.6 doesn't have argparse by default, which + # outfilter.py uses + is_package_installed python-argparse || install_package python-argparse +fi + +# Set up logging for ``stack.sh`` +# Set ``LOGFILE`` to turn on logging +# Append '.xxxxxxxx' to the given name to maintain history +# where 'xxxxxxxx' is a representation of the date the file was created +TIMESTAMP_FORMAT=${TIMESTAMP_FORMAT:-"%F-%H%M%S"} +if [[ -n "$LOGFILE" || -n "$SCREEN_LOGDIR" ]]; then + LOGDAYS=${LOGDAYS:-7} + CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT") +fi + +if [[ -n "$LOGFILE" ]]; then + # First clean up old log files. Use the user-specified ``LOGFILE`` + # as the template to search for, appending '.*' to match the date + # we added on earlier runs. + LOGDIR=$(dirname "$LOGFILE") + LOGFILENAME=$(basename "$LOGFILE") + mkdir -p $LOGDIR + find $LOGDIR -maxdepth 1 -name $LOGFILENAME.\* -mtime +$LOGDAYS -exec rm {} \; + LOGFILE=$LOGFILE.${CURRENT_LOG_TIME} + SUMFILE=$LOGFILE.${CURRENT_LOG_TIME}.summary + + # Redirect output according to config + + # Set fd 3 to a copy of stdout. So we can set fd 1 without losing + # stdout later. + exec 3>&1 + if [[ "$VERBOSE" == "True" ]]; then + # Set fd 1 and 2 to write the log file + exec 1> >( $TOP_DIR/tools/outfilter.py -v -o "${LOGFILE}" ) 2>&1 + # Set fd 6 to summary log file + exec 6> >( $TOP_DIR/tools/outfilter.py -o "${SUMFILE}" ) + else + # Set fd 1 and 2 to primary logfile + exec 1> >( $TOP_DIR/tools/outfilter.py -o "${LOGFILE}" ) 2>&1 + # Set fd 6 to summary logfile and stdout + exec 6> >( $TOP_DIR/tools/outfilter.py -v -o "${SUMFILE}" >&3 ) + fi + + echo_summary "stack.sh log $LOGFILE" + # Specified logfile name always links to the most recent log + ln -sf $LOGFILE $LOGDIR/$LOGFILENAME + ln -sf $SUMFILE $LOGDIR/$LOGFILENAME.summary +else + # Set up output redirection without log files + # Set fd 3 to a copy of stdout. So we can set fd 1 without losing + # stdout later. + exec 3>&1 + if [[ "$VERBOSE" != "True" ]]; then + # Throw away stdout and stderr + exec 1>/dev/null 2>&1 + fi + # Always send summary fd to original stdout + exec 6> >( $TOP_DIR/tools/outfilter.py -v >&3 ) +fi + +# Set up logging of screen windows +# Set ``SCREEN_LOGDIR`` to turn on logging of screen windows to the +# directory specified in ``SCREEN_LOGDIR``, we will log to the the file +# ``screen-$SERVICE_NAME-$TIMESTAMP.log`` in that dir and have a link +# ``screen-$SERVICE_NAME.log`` to the latest log file. +# Logs are kept for as long specified in ``LOGDAYS``. +if [[ -n "$SCREEN_LOGDIR" ]]; then + + # We make sure the directory is created. + if [[ -d "$SCREEN_LOGDIR" ]]; then + # We cleanup the old logs + find $SCREEN_LOGDIR -maxdepth 1 -name screen-\*.log -mtime +$LOGDAYS -exec rm {} \; + else + mkdir -p $SCREEN_LOGDIR + fi +fi + + +# Configure Error Traps +# --------------------- + +# Kill background processes on exit +trap exit_trap EXIT +function exit_trap { + local r=$? + jobs=$(jobs -p) + # Only do the kill when we're logging through a process substitution, + # which currently is only to verbose logfile + if [[ -n $jobs && -n "$LOGFILE" && "$VERBOSE" == "True" ]]; then + echo "exit_trap: cleaning up child processes" + kill 2>&1 $jobs + fi + + # Kill the last spinner process + kill_spinner + + if [[ $r -ne 0 ]]; then + echo "Error on exit" + if [[ -z $LOGDIR ]]; then + $TOP_DIR/tools/worlddump.py + else + $TOP_DIR/tools/worlddump.py -d $LOGDIR + fi + fi + + exit $r +} + +# Exit on any errors so that errors don't compound +trap err_trap ERR +function err_trap { + local r=$? + set +o xtrace + if [[ -n "$LOGFILE" ]]; then + echo "${0##*/} failed: full log in $LOGFILE" + else + echo "${0##*/} failed" + fi + exit $r +} + +# Begin trapping error exit codes +set -o errexit + +# Print the commands being run so that we can see the command that triggers +# an error. It is also useful for following along as the install occurs. +set -o xtrace + + # Common Configuration # -------------------- @@ -494,179 +667,6 @@ if is_service_enabled s-proxy; then fi -# Configure logging -# ----------------- - -# Draw a spinner so the user knows something is happening -function spinner { - local delay=0.75 - local spinstr='/-\|' - printf "..." >&3 - while [ true ]; do - local temp=${spinstr#?} - printf "[%c]" "$spinstr" >&3 - local spinstr=$temp${spinstr%"$temp"} - sleep $delay - printf "\b\b\b" >&3 - done -} - -function kill_spinner { - if [ ! -z "$LAST_SPINNER_PID" ]; then - kill >/dev/null 2>&1 $LAST_SPINNER_PID - printf "\b\b\bdone\n" >&3 - fi -} - -# Echo text to the log file, summary log file and stdout -# echo_summary "something to say" -function echo_summary { - if [[ -t 3 && "$VERBOSE" != "True" ]]; then - kill_spinner - echo -n -e $@ >&6 - spinner & - LAST_SPINNER_PID=$! - else - echo -e $@ >&6 - fi -} - -# Echo text only to stdout, no log files -# echo_nolog "something not for the logs" -function echo_nolog { - echo $@ >&3 -} - -if [[ is_fedora && $DISTRO == "rhel6" ]]; then - # poor old python2.6 doesn't have argparse by default, which - # outfilter.py uses - is_package_installed python-argparse || install_package python-argparse -fi - -# Set up logging for ``stack.sh`` -# Set ``LOGFILE`` to turn on logging -# Append '.xxxxxxxx' to the given name to maintain history -# where 'xxxxxxxx' is a representation of the date the file was created -TIMESTAMP_FORMAT=${TIMESTAMP_FORMAT:-"%F-%H%M%S"} -if [[ -n "$LOGFILE" || -n "$SCREEN_LOGDIR" ]]; then - LOGDAYS=${LOGDAYS:-7} - CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT") -fi - -if [[ -n "$LOGFILE" ]]; then - # First clean up old log files. Use the user-specified ``LOGFILE`` - # as the template to search for, appending '.*' to match the date - # we added on earlier runs. - LOGDIR=$(dirname "$LOGFILE") - LOGFILENAME=$(basename "$LOGFILE") - mkdir -p $LOGDIR - find $LOGDIR -maxdepth 1 -name $LOGFILENAME.\* -mtime +$LOGDAYS -exec rm {} \; - LOGFILE=$LOGFILE.${CURRENT_LOG_TIME} - SUMFILE=$LOGFILE.${CURRENT_LOG_TIME}.summary - - # Redirect output according to config - - # Set fd 3 to a copy of stdout. So we can set fd 1 without losing - # stdout later. - exec 3>&1 - if [[ "$VERBOSE" == "True" ]]; then - # Set fd 1 and 2 to write the log file - exec 1> >( $TOP_DIR/tools/outfilter.py -v -o "${LOGFILE}" ) 2>&1 - # Set fd 6 to summary log file - exec 6> >( $TOP_DIR/tools/outfilter.py -o "${SUMFILE}" ) - else - # Set fd 1 and 2 to primary logfile - exec 1> >( $TOP_DIR/tools/outfilter.py -o "${LOGFILE}" ) 2>&1 - # Set fd 6 to summary logfile and stdout - exec 6> >( $TOP_DIR/tools/outfilter.py -v -o "${SUMFILE}" >&3 ) - fi - - echo_summary "stack.sh log $LOGFILE" - # Specified logfile name always links to the most recent log - ln -sf $LOGFILE $LOGDIR/$LOGFILENAME - ln -sf $SUMFILE $LOGDIR/$LOGFILENAME.summary -else - # Set up output redirection without log files - # Set fd 3 to a copy of stdout. So we can set fd 1 without losing - # stdout later. - exec 3>&1 - if [[ "$VERBOSE" != "True" ]]; then - # Throw away stdout and stderr - exec 1>/dev/null 2>&1 - fi - # Always send summary fd to original stdout - exec 6> >( $TOP_DIR/tools/outfilter.py -v >&3 ) -fi - -# Set up logging of screen windows -# Set ``SCREEN_LOGDIR`` to turn on logging of screen windows to the -# directory specified in ``SCREEN_LOGDIR``, we will log to the the file -# ``screen-$SERVICE_NAME-$TIMESTAMP.log`` in that dir and have a link -# ``screen-$SERVICE_NAME.log`` to the latest log file. -# Logs are kept for as long specified in ``LOGDAYS``. -if [[ -n "$SCREEN_LOGDIR" ]]; then - - # We make sure the directory is created. - if [[ -d "$SCREEN_LOGDIR" ]]; then - # We cleanup the old logs - find $SCREEN_LOGDIR -maxdepth 1 -name screen-\*.log -mtime +$LOGDAYS -exec rm {} \; - else - mkdir -p $SCREEN_LOGDIR - fi -fi - - -# Set Up Script Execution -# ----------------------- - -# Kill background processes on exit -trap exit_trap EXIT -function exit_trap { - local r=$? - jobs=$(jobs -p) - # Only do the kill when we're logging through a process substitution, - # which currently is only to verbose logfile - if [[ -n $jobs && -n "$LOGFILE" && "$VERBOSE" == "True" ]]; then - echo "exit_trap: cleaning up child processes" - kill 2>&1 $jobs - fi - - # Kill the last spinner process - kill_spinner - - if [[ $r -ne 0 ]]; then - echo "Error on exit" - if [[ -z $LOGDIR ]]; then - $TOP_DIR/tools/worlddump.py - else - $TOP_DIR/tools/worlddump.py -d $LOGDIR - fi - fi - - exit $r -} - -# Exit on any errors so that errors don't compound -trap err_trap ERR -function err_trap { - local r=$? - set +o xtrace - if [[ -n "$LOGFILE" ]]; then - echo "${0##*/} failed: full log in $LOGFILE" - else - echo "${0##*/} failed" - fi - exit $r -} - - -set -o errexit - -# Print the commands being run so that we can see the command that triggers -# an error. It is also useful for following along as the install occurs. -set -o xtrace - - # Install Packages # ================ From 6a95b605bcf94ba8385660a6681ffbbe46f2e39d Mon Sep 17 00:00:00 2001 From: Bob Ball Date: Wed, 17 Sep 2014 12:39:50 +0100 Subject: [PATCH 0006/3421] XenAPI: Fix race condition waiting for VM to start Buildroot on Ubuntu Trusty is slow to populate the vnc-port. Wait for 20 seconds until the port is populated. Change-Id: I50e5b5a161207d46e8ce0e304d816e8e5b68dbe8 --- tools/xen/install_os_domU.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh index 12e861e18a..9bf8f73c92 100755 --- a/tools/xen/install_os_domU.sh +++ b/tools/xen/install_os_domU.sh @@ -171,6 +171,7 @@ function wait_for_VM_to_halt { echo "Waiting for the VM to halt. Progress in-VM can be checked with vncviewer:" mgmt_ip=$(echo $XENAPI_CONNECTION_URL | tr -d -c '1234567890.') domid=$(get_domid "$GUEST_NAME") + sleep 20 # Wait for the vnc-port to be written port=$(xenstore-read /local/domain/$domid/console/vnc-port) echo "vncviewer -via root@$mgmt_ip localhost:${port:2}" while true; do From 8732afe2f92545f2b9956c37bdfca4ee1bc07cae Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Mon, 22 Sep 2014 19:04:05 +0200 Subject: [PATCH 0007/3421] Use correct WSGI dir on SUSE distros The current default (/var/www) leads to: AH01797: client denied by server configuration: /var/www/keystone/admin For /var/www the needed permissions on SUSE are not set. For /srv/www/htdocs/ the permissions are correct on SUSE systems. Change-Id: I3f2df896daecdfe510d45ff121af2a8433a4d5be --- lib/keystone | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/keystone b/lib/keystone index b6a4e1097a..3998be9061 100644 --- a/lib/keystone +++ b/lib/keystone @@ -38,7 +38,11 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone} -KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone} +if is_suse; then + KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone} +else + KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone} +fi KEYSTONEMIDDLEWARE_DIR=$DEST/keystonemiddleware KEYSTONECLIENT_DIR=$DEST/python-keystoneclient From e389aed5bdb6d0a0c5b1fbc672f62628726a6544 Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Tue, 23 Sep 2014 17:10:39 +1200 Subject: [PATCH 0008/3421] Allow heat standalone to work devstack stack For functional testing of heat-standalone it is desirable for heat to orchestrate on the rest of the cloud which is brought up by devstack. This change makes the following changes to enable this when HEAT_STANDALONE=True: - Don't register the orchestration endpoint or create any dedicated heat accounts - Install and configure the heat keystone V2 auth plugin instead of the default v3 - set heat.conf [clients_heat] url so that heat can call its own API when no orchestration endpoint is registered - Modify create_userrc.sh to set the required heat client env variables to work with the standalone heat Change-Id: Idae33bf1a9d550e2575e6390d2d7c8d3b94c401d --- lib/heat | 13 ++++++++++--- stack.sh | 6 +++++- tools/create_userrc.sh | 9 ++++++++- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/lib/heat b/lib/heat index a74d7b51ac..dead3c2b51 100644 --- a/lib/heat +++ b/lib/heat @@ -40,6 +40,8 @@ HEAT_CONF=$HEAT_CONF_DIR/heat.conf HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN` +HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP} +HEAT_API_PORT=${HEAT_API_PORT:-8004} # other default options HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts} @@ -69,6 +71,9 @@ function cleanup_heat { # configure_heat() - Set config files, create data dirs, etc function configure_heat { setup_develop $HEAT_DIR + if [[ "$HEAT_STANDALONE" = "True" ]]; then + setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2 + fi if [[ ! -d $HEAT_CONF_DIR ]]; then sudo mkdir -p $HEAT_CONF_DIR @@ -83,8 +88,6 @@ function configure_heat { HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001} HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP} HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003} - HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP} - HEAT_API_PORT=${HEAT_API_PORT:-8004} HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json @@ -127,7 +130,11 @@ function configure_heat { iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 # paste_deploy - [[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone + if [[ "$HEAT_STANDALONE" = "True" ]]; then + iniset $HEAT_CONF paste_deploy flavor standalone + iniset $HEAT_CONF DEFAULT keystone_backend heat_keystoneclient_v2.client.KeystoneClientV2 + iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s" + fi # OpenStack API iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT diff --git a/stack.sh b/stack.sh index c20e61031d..0b09e5fb61 100755 --- a/stack.sh +++ b/stack.sh @@ -988,7 +988,7 @@ if is_service_enabled key; then create_swift_accounts fi - if is_service_enabled heat; then + if is_service_enabled heat && [[ "$HEAT_STANDALONE" != "True" ]]; then create_heat_accounts fi @@ -1289,6 +1289,10 @@ if is_service_enabled nova && is_service_enabled key; then USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE" fi + if [[ "$HEAT_STANDALONE" = "True" ]]; then + USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1" + fi + $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS fi diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh index 5b1111ae54..863fe0359e 100755 --- a/tools/create_userrc.sh +++ b/tools/create_userrc.sh @@ -37,6 +37,7 @@ Optional Arguments -C create user and tenant, the specifid tenant will be the user's tenant -r when combined with -C and the (-u) user exists it will be the user's tenant role in the (-C)tenant (default: Member) -p password for the user +--heat-url --os-username --os-password --os-tenant-name @@ -53,12 +54,13 @@ $0 -P -C mytenant -u myuser -p mypass EOF } -if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-name:,os-tenant-id:,os-auth-url:,target-dir:,skip-tenant:,os-cacert:,help,debug -- "$@"); then +if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-name:,os-tenant-id:,os-auth-url:,target-dir:,heat-url:,skip-tenant:,os-cacert:,help,debug -- "$@"); then display_help exit 1 fi eval set -- $options ADDPASS="" +HEAT_URL="" # The services users usually in the service tenant. # rc files for service users, is out of scope. @@ -79,6 +81,7 @@ while [ $# -gt 0 ]; do --os-auth-url) export OS_AUTH_URL=$2; shift ;; --os-cacert) export OS_CACERT=$2; shift ;; --target-dir) ACCOUNT_DIR=$2; shift ;; + --heat-url) HEAT_URL=$2; shift ;; --debug) set -o xtrace ;; -u) MODE=${MODE:-one}; USER_NAME=$2; shift ;; -p) USER_PASS=$2; shift ;; @@ -209,6 +212,10 @@ EOF if [ -n "$ADDPASS" ]; then echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile" fi + if [ -n "$HEAT_URL" ]; then + echo "export HEAT_URL=\"$HEAT_URL/$tenant_id\"" >>"$rcfile" + echo "export OS_NO_CLIENT_AUTH=True" >>"$rcfile" + fi } #admin users expected From 0be63f3979d081fb7bf039b753218915a9ec487f Mon Sep 17 00:00:00 2001 From: Bob Ball Date: Tue, 23 Sep 2014 11:22:41 +0100 Subject: [PATCH 0009/3421] XenAPI: stackrc now depends on nproc Install it automatically in the devstack DomU Change-Id: Ie282dd128ebc92377d85800585962bc8767483fe --- tools/xen/prepare_guest.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh index 2b5e418a6a..cd189db803 100755 --- a/tools/xen/prepare_guest.sh +++ b/tools/xen/prepare_guest.sh @@ -74,6 +74,7 @@ EOF apt-get update apt-get install -y cracklib-runtime curl wget ssh openssh-server tcpdump ethtool apt-get install -y curl wget ssh openssh-server python-pip git sudo python-netaddr +apt-get install -y coreutils pip install xenapi # Install XenServer guest utilities From 107278fa5b2b70669c46237da971e0a9ff84482a Mon Sep 17 00:00:00 2001 From: Pritesh Kothari Date: Mon, 15 Sep 2014 09:29:55 -0700 Subject: [PATCH 0010/3421] Remove the Cisco Nexus monolithic plugin support The Cisco Nexus monolithic plugin does not work without the Open vSwitch plugin. The Open vSwitch plugin is scheduled to be removed as per #1323729. This patch removes the Nexus Hardware switch related code from devstack. The N1KV virtual switch related code will still remain in the tree as it doesn't depend on Open vSwitch plugin. Closes-Bug: #1350387 Change-Id: I82ebb09c64589fc9b7bb790982541bc87c66e6e3 --- lib/neutron_plugins/cisco | 199 ++------------------------------------ 1 file changed, 6 insertions(+), 193 deletions(-) diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco index da90ee32ad..1406e3790c 100644 --- a/lib/neutron_plugins/cisco +++ b/lib/neutron_plugins/cisco @@ -20,38 +20,12 @@ Q_CISCO_PLUGIN_VXLAN_ID_RANGES=${Q_CISCO_PLUGIN_VXLAN_ID_RANGES:-5000:10000} # Specify the VLAN range Q_CISCO_PLUGIN_VLAN_RANGES=${Q_CISCO_PLUGIN_VLAN_RANGES:-vlan:1:4094} -# Specify ncclient package information -NCCLIENT_DIR=$DEST/ncclient -NCCLIENT_VERSION=${NCCLIENT_VERSION:-0.3.1} -NCCLIENT_REPO=${NCCLIENT_REPO:-git://github.com/CiscoSystems/ncclient.git} -NCCLIENT_BRANCH=${NCCLIENT_BRANCH:-master} - # This routine put a prefix on an existing function name function _prefix_function { declare -F $1 > /dev/null || die "$1 doesn't exist" eval "$(echo "${2}_${1}()"; declare -f ${1} | tail -n +2)" } -function _has_ovs_subplugin { - local subplugin - for subplugin in ${Q_CISCO_PLUGIN_SUBPLUGINS[@]}; do - if [[ "$subplugin" == "openvswitch" ]]; then - return 0 - fi - done - return 1 -} - -function _has_nexus_subplugin { - local subplugin - for subplugin in ${Q_CISCO_PLUGIN_SUBPLUGINS[@]}; do - if [[ "$subplugin" == "nexus" ]]; then - return 0 - fi - done - return 1 -} - function _has_n1kv_subplugin { local subplugin for subplugin in ${Q_CISCO_PLUGIN_SUBPLUGINS[@]}; do @@ -62,27 +36,6 @@ function _has_n1kv_subplugin { return 1 } -# This routine populates the cisco config file with the information for -# a particular nexus switch -function _config_switch { - local cisco_cfg_file=$1 - local switch_ip=$2 - local username=$3 - local password=$4 - local ssh_port=$5 - shift 5 - - local section="NEXUS_SWITCH:$switch_ip" - iniset $cisco_cfg_file $section username $username - iniset $cisco_cfg_file $section password $password - iniset $cisco_cfg_file $section ssh_port $ssh_port - - while [[ ${#@} != 0 ]]; do - iniset $cisco_cfg_file $section $1 $2 - shift 2 - done -} - # Prefix openvswitch plugin routines with "ovs" in order to differentiate from # cisco plugin routines. This means, ovs plugin routines will coexist with cisco # plugin routines in this script. @@ -98,73 +51,17 @@ _prefix_function neutron_plugin_configure_service ovs _prefix_function neutron_plugin_setup_interface_driver ovs _prefix_function has_neutron_plugin_security_group ovs -# Check the version of the installed ncclient package -function check_ncclient_version { -python << EOF -version = '$NCCLIENT_VERSION' -import sys -try: - import pkg_resources - import ncclient - module_version = pkg_resources.get_distribution('ncclient').version - if version != module_version: - sys.exit(1) -except: - sys.exit(1) -EOF -} - -# Install the ncclient package -function install_ncclient { - git_clone $NCCLIENT_REPO $NCCLIENT_DIR $NCCLIENT_BRANCH - (cd $NCCLIENT_DIR; sudo python setup.py install) -} - -# Check if the required version of ncclient has been installed -function is_ncclient_installed { - # Check if the Cisco ncclient repository exists - if [[ -d $NCCLIENT_DIR ]]; then - remotes=$(cd $NCCLIENT_DIR; git remote -v | grep fetch | awk '{ print $2}') - for remote in $remotes; do - if [[ $remote == $NCCLIENT_REPO ]]; then - break; - fi - done - if [[ $remote != $NCCLIENT_REPO ]]; then - return 1 - fi - else - return 1 - fi - - # Check if the ncclient is installed with the right version - if ! check_ncclient_version; then - return 1 - fi - return 0 -} - function has_neutron_plugin_security_group { - if _has_ovs_subplugin; then - ovs_has_neutron_plugin_security_group - else - return 1 - fi + return 1 } function is_neutron_ovs_base_plugin { - # Cisco uses OVS if openvswitch subplugin is deployed - _has_ovs_subplugin return } # populate required nova configuration parameters function neutron_plugin_create_nova_conf { - if _has_ovs_subplugin; then - ovs_neutron_plugin_create_nova_conf - else - _neutron_ovs_base_configure_nova_vif_driver - fi + _neutron_ovs_base_configure_nova_vif_driver } function neutron_plugin_install_agent_packages { @@ -177,32 +74,14 @@ function neutron_plugin_configure_common { # setup default subplugins if [ ! -v Q_CISCO_PLUGIN_SUBPLUGINS ]; then declare -ga Q_CISCO_PLUGIN_SUBPLUGINS - Q_CISCO_PLUGIN_SUBPLUGINS=(openvswitch nexus) - fi - if _has_ovs_subplugin; then - ovs_neutron_plugin_configure_common - Q_PLUGIN_EXTRA_CONF_PATH=etc/neutron/plugins/cisco - Q_PLUGIN_EXTRA_CONF_FILES=(cisco_plugins.ini) - # Copy extra config files to /etc so that they can be modified - # later according to Cisco-specific localrc settings. - mkdir -p /$Q_PLUGIN_EXTRA_CONF_PATH - local f - local extra_conf_file - for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do - extra_conf_file=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]} - cp $NEUTRON_DIR/$extra_conf_file /$extra_conf_file - done - else - Q_PLUGIN_CONF_PATH=etc/neutron/plugins/cisco - Q_PLUGIN_CONF_FILENAME=cisco_plugins.ini + Q_CISCO_PLUGIN_SUBPLUGINS=(n1kv) fi + Q_PLUGIN_CONF_PATH=etc/neutron/plugins/cisco + Q_PLUGIN_CONF_FILENAME=cisco_plugins.ini Q_PLUGIN_CLASS="neutron.plugins.cisco.network_plugin.PluginV2" } function neutron_plugin_configure_debug_command { - if _has_ovs_subplugin; then - ovs_neutron_plugin_configure_debug_command - fi } function neutron_plugin_configure_dhcp_agent { @@ -210,53 +89,6 @@ function neutron_plugin_configure_dhcp_agent { } function neutron_plugin_configure_l3_agent { - if _has_ovs_subplugin; then - ovs_neutron_plugin_configure_l3_agent - fi -} - -function _configure_nexus_subplugin { - local cisco_cfg_file=$1 - - # Install a known compatible ncclient from the Cisco repository if necessary - if ! is_ncclient_installed; then - # Preserve the two global variables - local offline=$OFFLINE - local reclone=$RECLONE - # Change their values to allow installation - OFFLINE=False - RECLONE=yes - install_ncclient - # Restore their values - OFFLINE=$offline - RECLONE=$reclone - fi - - # Setup default nexus switch information - if [ ! -v Q_CISCO_PLUGIN_SWITCH_INFO ]; then - declare -A Q_CISCO_PLUGIN_SWITCH_INFO - HOST_NAME=$(hostname) - Q_CISCO_PLUGIN_SWITCH_INFO=([1.1.1.1]=stack:stack:22:${HOST_NAME}:1/10) - else - iniset $cisco_cfg_file CISCO nexus_driver neutron.plugins.cisco.nexus.cisco_nexus_network_driver_v2.CiscoNEXUSDriver - fi - - # Setup the switch configurations - local nswitch - local sw_info - local segment - local sw_info_array - declare -i count=0 - for nswitch in ${!Q_CISCO_PLUGIN_SWITCH_INFO[@]}; do - sw_info=${Q_CISCO_PLUGIN_SWITCH_INFO[$nswitch]} - sw_info_array=${sw_info//:/ } - sw_info_array=( $sw_info_array ) - count=${#sw_info_array[@]} - if [[ $count < 5 || $(( ($count-3) % 2 )) != 0 ]]; then - die $LINENO "Incorrect switch configuration: ${Q_CISCO_PLUGIN_SWITCH_INFO[$nswitch]}" - fi - _config_switch $cisco_cfg_file $nswitch ${sw_info_array[@]} - done } # Configure n1kv plugin @@ -279,48 +111,29 @@ function _configure_n1kv_subplugin { } function neutron_plugin_configure_plugin_agent { - if _has_ovs_subplugin; then - ovs_neutron_plugin_configure_plugin_agent - fi } function neutron_plugin_configure_service { local subplugin local cisco_cfg_file - if _has_ovs_subplugin; then - ovs_neutron_plugin_configure_service - cisco_cfg_file=/${Q_PLUGIN_EXTRA_CONF_FILES[0]} - else - cisco_cfg_file=/$Q_PLUGIN_CONF_FILE - fi + cisco_cfg_file=/$Q_PLUGIN_CONF_FILE # Setup the [CISCO_PLUGINS] section if [[ ${#Q_CISCO_PLUGIN_SUBPLUGINS[@]} > 2 ]]; then die $LINENO "At most two subplugins are supported." fi - if _has_ovs_subplugin && _has_n1kv_subplugin; then - die $LINENO "OVS subplugin and n1kv subplugin cannot coexist" - fi - # Setup the subplugins - inicomment $cisco_cfg_file CISCO_PLUGINS nexus_plugin inicomment $cisco_cfg_file CISCO_PLUGINS vswitch_plugin inicomment $cisco_cfg_file CISCO_TEST host for subplugin in ${Q_CISCO_PLUGIN_SUBPLUGINS[@]}; do case $subplugin in - nexus) iniset $cisco_cfg_file CISCO_PLUGINS nexus_plugin neutron.plugins.cisco.nexus.cisco_nexus_plugin_v2.NexusPlugin;; - openvswitch) iniset $cisco_cfg_file CISCO_PLUGINS vswitch_plugin neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2;; n1kv) iniset $cisco_cfg_file CISCO_PLUGINS vswitch_plugin neutron.plugins.cisco.n1kv.n1kv_neutron_plugin.N1kvNeutronPluginV2;; *) die $LINENO "Unsupported cisco subplugin: $subplugin";; esac done - if _has_nexus_subplugin; then - _configure_nexus_subplugin $cisco_cfg_file - fi - if _has_n1kv_subplugin; then _configure_n1kv_subplugin $cisco_cfg_file fi From 0843f0ab05a7f477cfc83a70f7711f438e7e8cbd Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Wed, 24 Sep 2014 04:48:14 +0900 Subject: [PATCH 0011/3421] Update Horizon Neutron-related settings - Horizon no longer has "enable_security_group" setting so we need to remove it. - There is no need to set enable_lb/firewall/vpn to True when q-lbaas/q-fwaas/q-vpn is enabled because Horizon now checks if Neutron ext-list and enables corresponding dashboards accordingly. Change-Id: I37073d73e4cba0103ab1a3d935302f1cd0ef73c5 --- lib/horizon | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/lib/horizon b/lib/horizon index c0c3f821e4..07cf31b79f 100644 --- a/lib/horizon +++ b/lib/horizon @@ -92,24 +92,6 @@ function init_horizon { local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py cp $HORIZON_SETTINGS $local_settings - if is_service_enabled neutron; then - _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_security_group $Q_USE_SECGROUP - fi - # enable loadbalancer dashboard in case service is enabled - if is_service_enabled q-lbaas; then - _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_lb True - fi - - # enable firewall dashboard in case service is enabled - if is_service_enabled q-fwaas; then - _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_firewall True - fi - - # enable VPN dashboard in case service is enabled - if is_service_enabled q-vpn; then - _horizon_config_set $local_settings OPENSTACK_NEUTRON_NETWORK enable_vpn True - fi - _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\" _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\"" if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then From cbd892b4363716be3d900ba753c81c06639fa97d Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Wed, 24 Sep 2014 14:50:45 +0200 Subject: [PATCH 0012/3421] Install haproxy on SUSE distros haproxy package is available for SUSE distros, so install it. Change-Id: If363dbf439dbea9aafd265c2c665ff4c2b733738 --- lib/neutron_plugins/services/loadbalancer | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer index 78e7738345..f84b71076d 100644 --- a/lib/neutron_plugins/services/loadbalancer +++ b/lib/neutron_plugins/services/loadbalancer @@ -10,11 +10,8 @@ AGENT_LBAAS_BINARY="$NEUTRON_BIN_DIR/neutron-lbaas-agent" LBAAS_PLUGIN=neutron.services.loadbalancer.plugin.LoadBalancerPlugin function neutron_agent_lbaas_install_agent_packages { - if is_ubuntu || is_fedora; then + if is_ubuntu || is_fedora || is_suse; then install_package haproxy - elif is_suse; then - ### FIXME: Find out if package can be pushed to Factory - echo "HAProxy packages can be installed from server:http project in OBS" fi } From 18d4778cf7bffa60eb2e996a13c129c64f83575f Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 19 Mar 2014 17:47:42 -0400 Subject: [PATCH 0013/3421] Configure endpoints to use SSL natively or via proxy Configure nova, cinder, glance, swift and neutron to use SSL on the endpoints using either SSL natively or via a TLS proxy using stud. To enable SSL via proxy, in local.conf add ENABLED_SERVICES+=,tls-proxy This will create a new test root CA, a subordinate CA and an SSL server cert. It uses the value of hostname -f for the certificate subject. The CA certicates are also added to the system CA bundle. To enable SSL natively, in local.conf add: USE_SSL=True Native SSL by default will also use the devstack-generate root and subordinate CA. You can override this on a per-service basis by setting _SSL_CERT=/path/to/cert _SSL_KEY=/path/to/key _SSL_PATH=/path/to/ca You should also set SERVICE_HOST to the FQDN of the host. This value defaults to the host IP address. Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac Closes-Bug: 1328226 --- files/apache-keystone.template | 6 +++ files/rpms/keystone | 1 + functions | 20 +++++----- lib/cinder | 25 ++++++++++++- lib/glance | 55 ++++++++++++++++++++++++--- lib/heat | 14 ++++++- lib/keystone | 43 +++++++++++++++++---- lib/neutron | 49 +++++++++++++++++++++--- lib/nova | 51 ++++++++++++++++++++++--- lib/swift | 32 +++++++++++++--- lib/tempest | 2 +- lib/tls | 68 +++++++++++++++++++++++++++++----- stack.sh | 11 +++++- 13 files changed, 326 insertions(+), 51 deletions(-) diff --git a/files/apache-keystone.template b/files/apache-keystone.template index 0a286b929c..88492d3408 100644 --- a/files/apache-keystone.template +++ b/files/apache-keystone.template @@ -11,6 +11,9 @@ Listen %ADMINPORT% ErrorLog /var/log/%APACHE_NAME%/keystone.log CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined + %SSLENGINE% + %SSLCERTFILE% + %SSLKEYFILE% @@ -23,6 +26,9 @@ Listen %ADMINPORT% ErrorLog /var/log/%APACHE_NAME%/keystone.log CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined + %SSLENGINE% + %SSLCERTFILE% + %SSLKEYFILE% # Workaround for missing path on RHEL6, see diff --git a/files/rpms/keystone b/files/rpms/keystone index e1873b7564..ce41ee598b 100644 --- a/files/rpms/keystone +++ b/files/rpms/keystone @@ -9,5 +9,6 @@ python-routes python-sqlalchemy python-webob sqlite +mod_ssl # Deps installed via pip for RHEL diff --git a/functions b/functions index 0194acf64e..376aff05e3 100644 --- a/functions +++ b/functions @@ -73,7 +73,7 @@ function upload_image { # OpenVZ-format images are provided as .tar.gz, but not decompressed prior to loading if [[ "$image_url" =~ 'openvz' ]]; then image_name="${image_fname%.tar.gz}" - openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "$image_name" --public --container-format ami --disk-format ami < "${image}" + openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" --public --container-format ami --disk-format ami < "${image}" return fi @@ -184,7 +184,7 @@ function upload_image { vmdk_adapter_type="${props[1]:-$vmdk_adapter_type}" vmdk_net_adapter="${props[2]:-$vmdk_net_adapter}" - openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "$image_name" --public --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${image}" + openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" --public --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${image}" return fi @@ -202,7 +202,7 @@ function upload_image { fi openstack \ --os-token $token \ - --os-url http://$GLANCE_HOSTPORT \ + --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \ image create \ "$image_name" --public \ --container-format=ovf --disk-format=vhd \ @@ -217,7 +217,7 @@ function upload_image { image_name="${image_fname%.xen-raw.tgz}" openstack \ --os-token $token \ - --os-url http://$GLANCE_HOSTPORT \ + --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \ image create \ "$image_name" --public \ --container-format=tgz --disk-format=raw \ @@ -295,9 +295,9 @@ function upload_image { if [ "$container_format" = "bare" ]; then if [ "$unpack" = "zcat" ]; then - openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}") + openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}") else - openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < "${image}" + openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < "${image}" fi else # Use glance client to add the kernel the root filesystem. @@ -305,12 +305,12 @@ function upload_image { # kernel for use when uploading the root filesystem. local kernel_id="" ramdisk_id=""; if [ -n "$kernel" ]; then - kernel_id=$(openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "$image_name-kernel" $img_property --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2) + kernel_id=$(openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name-kernel" $img_property --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2) fi if [ -n "$ramdisk" ]; then - ramdisk_id=$(openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "$image_name-ramdisk" $img_property --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2) + ramdisk_id=$(openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name-ramdisk" $img_property --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2) fi - openstack --os-token $token --os-url http://$GLANCE_HOSTPORT image create "${image_name%.img}" $img_property --public --container-format ami --disk-format ami ${kernel_id:+--property kernel_id=$kernel_id} ${ramdisk_id:+--property ramdisk_id=$ramdisk_id} < "${image}" + openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "${image_name%.img}" $img_property --public --container-format ami --disk-format ami ${kernel_id:+--property kernel_id=$kernel_id} ${ramdisk_id:+--property ramdisk_id=$ramdisk_id} < "${image}" fi } @@ -339,7 +339,7 @@ function use_database { function wait_for_service { local timeout=$1 local url=$2 - timeout $timeout sh -c "while ! curl --noproxy '*' -s $url >/dev/null; do sleep 1; done" + timeout $timeout sh -c "while ! curl -k --noproxy '*' -s $url >/dev/null; do sleep 1; done" } diff --git a/lib/cinder b/lib/cinder index cbca9c0c1d..b30a036d16 100644 --- a/lib/cinder +++ b/lib/cinder @@ -46,6 +46,9 @@ CINDER_CONF=$CINDER_CONF_DIR/cinder.conf CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini # Public facing bits +if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then + CINDER_SERVICE_PROTOCOL="https" +fi CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776} @@ -299,6 +302,20 @@ function configure_cinder { fi iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS" + + iniset $CINDER_CONF DEFAULT glance_api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" + if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then + iniset $CINDER_CONF DEFAULT glance_protocol https + fi + + # Register SSL certificates if provided + if is_ssl_enabled_service cinder; then + ensure_certificates CINDER + + iniset $CINDER_CONF DEFAULT ssl_cert_file "$CINDER_SSL_CERT" + iniset $CINDER_CONF DEFAULT ssl_key_file "$CINDER_SSL_KEY" + fi + } # create_cinder_accounts() - Set up common required cinder accounts @@ -399,6 +416,12 @@ function _configure_tgt_for_config_d { # start_cinder() - Start running processes, including screen function start_cinder { + local service_port=$CINDER_SERVICE_PORT + local service_protocol=$CINDER_SERVICE_PROTOCOL + if is_service_enabled tls-proxy; then + service_port=$CINDER_SERVICE_PORT_INT + service_protocol="http" + fi if is_service_enabled c-vol; then # Delete any old stack.conf sudo rm -f /etc/tgt/conf.d/stack.conf @@ -425,7 +448,7 @@ function start_cinder { run_process c-api "$CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF" echo "Waiting for Cinder API to start..." - if ! wait_for_service $SERVICE_TIMEOUT $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT; then + if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$CINDER_SERVICE_HOST:$service_port; then die $LINENO "c-api did not start" fi diff --git a/lib/glance b/lib/glance index 6ca2fb5ca6..4194842407 100644 --- a/lib/glance +++ b/lib/glance @@ -51,8 +51,18 @@ else GLANCE_BIN_DIR=$(get_python_exec_prefix) fi +if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then + GLANCE_SERVICE_PROTOCOL="https" +fi + # Glance connection info. Note the port must be specified. -GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$SERVICE_HOST:9292} +GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST} +GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292} +GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292} +GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT} +GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} +GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191} +GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191} # Tell Tempest this project is present TEMPEST_SERVICES+=,glance @@ -148,6 +158,26 @@ function configure_glance { iniset $GLANCE_API_CONF glance_store stores "file, http, swift" fi + if is_service_enabled tls-proxy; then + iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT + iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT + fi + + # Register SSL certificates if provided + if is_ssl_enabled_service glance; then + ensure_certificates GLANCE + + iniset $GLANCE_API_CONF DEFAULT cert_file "$GLANCE_SSL_CERT" + iniset $GLANCE_API_CONF DEFAULT key_file "$GLANCE_SSL_KEY" + + iniset $GLANCE_REGISTRY_CONF DEFAULT cert_file "$GLANCE_SSL_CERT" + iniset $GLANCE_REGISTRY_CONF DEFAULT key_file "$GLANCE_SSL_KEY" + fi + + if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then + iniset $GLANCE_API_CONF DEFAULT registry_client_protocol https + fi + cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI cp -p $GLANCE_DIR/etc/glance-api-paste.ini $GLANCE_API_PASTE_INI @@ -176,6 +206,14 @@ function configure_glance { cp -p $GLANCE_DIR/etc/schema-image.json $GLANCE_SCHEMA_JSON cp -p $GLANCE_DIR/etc/metadefs/*.json $GLANCE_METADEF_DIR + + if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then + CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} + CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} + + iniset $GLANCE_API_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" + iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" + fi } # create_glance_accounts() - Set up common required glance accounts @@ -206,9 +244,9 @@ function create_glance_accounts { "image" "Glance Image Service") get_or_create_endpoint $glance_service \ "$REGION_NAME" \ - "http://$GLANCE_HOSTPORT" \ - "http://$GLANCE_HOSTPORT" \ - "http://$GLANCE_HOSTPORT" + "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \ + "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \ + "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" fi fi } @@ -265,10 +303,17 @@ function install_glance { # start_glance() - Start running processes, including screen function start_glance { + local service_protocol=$GLANCE_SERVICE_PROTOCOL + if is_service_enabled tls-proxy; then + start_tls_proxy '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT & + start_tls_proxy '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT & + fi + run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf" run_process g-api "$GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf" + echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..." - if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$GLANCE_HOSTPORT; do sleep 1; done"; then + if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then die $LINENO "g-api did not start" fi } diff --git a/lib/heat b/lib/heat index f64cc9041c..ff3b307e5b 100644 --- a/lib/heat +++ b/lib/heat @@ -113,7 +113,7 @@ function configure_heat { configure_auth_token_middleware $HEAT_CONF heat $HEAT_AUTH_CACHE_DIR if is_ssl_enabled_service "key"; then - iniset $HEAT_CONF clients_keystone ca_file $KEYSTONE_SSL_CA + iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE fi # ec2authtoken @@ -131,6 +131,18 @@ function configure_heat { # Cloudwatch API iniset $HEAT_CONF heat_api_cloudwatch bind_port $HEAT_API_CW_PORT + if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then + iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE + fi + + if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then + iniset $HEAT_CONF clients_nova ca_file $SSL_BUNDLE_FILE + fi + + if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then + iniset $HEAT_CONF clients_cinder ca_file $SSL_BUNDLE_FILE + fi + # heat environment sudo mkdir -p $HEAT_ENV_DIR sudo chown $STACK_USER $HEAT_ENV_DIR diff --git a/lib/keystone b/lib/keystone index 9eca80a3dd..a7742a9f2c 100644 --- a/lib/keystone +++ b/lib/keystone @@ -95,7 +95,7 @@ KEYSTONE_VALID_IDENTITY_BACKENDS=kvs,ldap,pam,sql KEYSTONE_VALID_ASSIGNMENT_BACKENDS=kvs,ldap,sql # if we are running with SSL use https protocols -if is_ssl_enabled_service "key"; then +if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then KEYSTONE_AUTH_PROTOCOL="https" KEYSTONE_SERVICE_PROTOCOL="https" fi @@ -123,7 +123,21 @@ function _config_keystone_apache_wsgi { sudo mkdir -p $KEYSTONE_WSGI_DIR local keystone_apache_conf=$(apache_site_config_for keystone) - local apache_version=$(get_apache_version) + local keystone_ssl="" + local keystone_certfile="" + local keystone_keyfile="" + local keystone_service_port=$KEYSTONE_SERVICE_PORT + local keystone_auth_port=$KEYSTONE_AUTH_PORT + + if is_ssl_enabled_service key; then + keystone_ssl="SSLEngine On" + keystone_certfile="SSLCertificateFile $KEYSTONE_SSL_CERT" + keystone_keyfile="SSLCertificateKeyFile $KEYSTONE_SSL_KEY" + fi + if is_service_enabled tls-proxy; then + keystone_service_port=$KEYSTONE_SERVICE_PORT_INT + keystone_auth_port=$KEYSTONE_AUTH_PORT_INT + fi # copy proxy vhost and wsgi file sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main @@ -131,11 +145,14 @@ function _config_keystone_apache_wsgi { sudo cp $FILES/apache-keystone.template $keystone_apache_conf sudo sed -e " - s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g; - s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g; + s|%PUBLICPORT%|$keystone_service_port|g; + s|%ADMINPORT%|$keystone_auth_port|g; s|%APACHE_NAME%|$APACHE_NAME|g; s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; + s|%SSLENGINE%|$keystone_ssl|g; + s|%SSLCERTFILE%|$keystone_certfile|g; + s|%SSLKEYFILE%|$keystone_keyfile|g; s|%USER%|$STACK_USER|g " -i $keystone_apache_conf } @@ -200,8 +217,13 @@ function configure_keystone { fi # Set the URL advertised in the ``versions`` structure returned by the '/' route - iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(public_port)s/" - iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(admin_port)s/" + if is_service_enabled tls-proxy; then + iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/" + iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/" + else + iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(public_port)s/" + iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(admin_port)s/" + fi iniset $KEYSTONE_CONF DEFAULT admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST" # Register SSL certificates if provided @@ -412,7 +434,7 @@ function configure_auth_token_middleware { iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT iniset $conf_file $section auth_protocol $KEYSTONE_AUTH_PROTOCOL iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI - iniset $conf_file $section cafile $KEYSTONE_SSL_CA + iniset $conf_file $section cafile $SSL_BUNDLE_FILE configure_API_version $conf_file $IDENTITY_API_VERSION $section iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME iniset $conf_file $section admin_user $admin_user @@ -489,6 +511,9 @@ function install_keystone { setup_develop $KEYSTONE_DIR if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then install_apache_wsgi + if is_ssl_enabled_service "key"; then + enable_mod_ssl + fi fi } @@ -496,8 +521,10 @@ function install_keystone { function start_keystone { # Get right service port for testing local service_port=$KEYSTONE_SERVICE_PORT + local auth_protocol=$KEYSTONE_AUTH_PROTOCOL if is_service_enabled tls-proxy; then service_port=$KEYSTONE_SERVICE_PORT_INT + auth_protocol="http" fi if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then @@ -514,7 +541,7 @@ function start_keystone { # Check that the keystone service is running. Even if the tls tunnel # should be enabled, make sure the internal port is checked using # unencryted traffic at this point. - if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy '*' -k -s http://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then + if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy '*' -k -s $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then die $LINENO "keystone did not start" fi diff --git a/lib/neutron b/lib/neutron index 96cd47bdb6..81f2697abb 100644 --- a/lib/neutron +++ b/lib/neutron @@ -69,6 +69,11 @@ PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1} PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"} PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"} +if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then + Q_PROTOCOL="https" +fi + + # Set up default directories NEUTRON_DIR=$DEST/neutron NEUTRONCLIENT_DIR=$DEST/python-neutronclient @@ -105,8 +110,12 @@ Q_DB_NAME=${Q_DB_NAME:-neutron} Q_PLUGIN=${Q_PLUGIN:-ml2} # Default Neutron Port Q_PORT=${Q_PORT:-9696} +# Default Neutron Internal Port when using TLS proxy +Q_PORT_INT=${Q_PORT_INT:-19696} # Default Neutron Host Q_HOST=${Q_HOST:-$SERVICE_HOST} +# Default protocol +Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL} # Default admin username Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron} # Default auth strategy @@ -409,7 +418,7 @@ function create_nova_conf_neutron { iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY" iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME" iniset $NOVA_CONF neutron region_name "$REGION_NAME" - iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT" + iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT" if [[ "$Q_USE_SECGROUP" == "True" ]]; then LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver @@ -462,9 +471,9 @@ function create_neutron_accounts { "network" "Neutron Service") get_or_create_endpoint $neutron_service \ "$REGION_NAME" \ - "http://$SERVICE_HOST:$Q_PORT/" \ - "http://$SERVICE_HOST:$Q_PORT/" \ - "http://$SERVICE_HOST:$Q_PORT/" + "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \ + "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \ + "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" fi fi } @@ -590,12 +599,25 @@ function install_neutron_agent_packages { # Start running processes, including screen function start_neutron_service_and_check { local cfg_file_options="$(determine_config_files neutron-server)" + local service_port=$Q_PORT + local service_protocol=$Q_PROTOCOL + if is_service_enabled tls-proxy; then + service_port=$Q_PORT_INT + service_protocol="http" + fi # Start the Neutron service run_process q-svc "python $NEUTRON_BIN_DIR/neutron-server $cfg_file_options" echo "Waiting for Neutron to start..." - if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$Q_HOST:$Q_PORT; do sleep 1; done"; then + if is_ssl_enabled_service "neutron"; then + ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}" + fi + if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port; do sleep 1; done"; then die $LINENO "Neutron did not start" fi + # Start proxy if enabled + if is_service_enabled tls-proxy; then + start_tls_proxy '*' $Q_PORT $Q_HOST $Q_PORT_INT & + fi } # Start running processes, including screen @@ -730,6 +752,23 @@ function _configure_neutron_common { setup_colorized_logging $NEUTRON_CONF DEFAULT project_id fi + if is_service_enabled tls-proxy; then + # Set the service port for a proxy to take the original + iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT" + fi + + if is_ssl_enabled_service "nova"; then + iniset $NEUTRON_CONF DEFAULT nova_ca_certificates_file "$SSL_BUNDLE_FILE" + fi + + if is_ssl_enabled_service "neutron"; then + ensure_certificates NEUTRON + + iniset $NEUTRON_CONF DEFAULT use_ssl True + iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT" + iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY" + fi + _neutron_setup_rootwrap } diff --git a/lib/nova b/lib/nova index 2a3aae1835..cfa6f7a8ec 100644 --- a/lib/nova +++ b/lib/nova @@ -44,11 +44,20 @@ NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell} NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini} +if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then + NOVA_SERVICE_PROTOCOL="https" + EC2_SERVICE_PROTOCOL="https" +else + EC2_SERVICE_PROTOCOL="http" +fi + # Public facing bits NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST} NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774} NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774} NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} +EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773} +EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773} # Support entry points installation of console scripts if [[ -d $NOVA_DIR/bin ]]; then @@ -375,9 +384,9 @@ create_nova_accounts() { "ec2" "EC2 Compatibility Layer") get_or_create_endpoint $ec2_service \ "$REGION_NAME" \ - "http://$SERVICE_HOST:8773/services/Cloud" \ - "http://$SERVICE_HOST:8773/services/Admin" \ - "http://$SERVICE_HOST:8773/services/Cloud" + "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud" \ + "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Admin" \ + "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud" fi fi @@ -441,6 +450,16 @@ function create_nova_conf { configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR fi + if is_service_enabled cinder; then + iniset $NOVA_CONF DEFAULT volume_api_class "nova.volume.cinder.API" + if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then + CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} + CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} + iniset $NOVA_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" + iniset $NOVA_CONF DEFAULT cinder_ca_certificates_file $SSL_BUNDLE_FILE + fi + fi + if [ -n "$NOVA_STATE_PATH" ]; then iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH" iniset $NOVA_CONF DEFAULT lock_path "$NOVA_STATE_PATH" @@ -508,12 +527,31 @@ function create_nova_conf { fi iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST" + iniset $NOVA_CONF DEFAULT keystone_ec2_url $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens iniset_rpc_backend nova $NOVA_CONF DEFAULT - iniset $NOVA_CONF glance api_servers "$GLANCE_HOSTPORT" + iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" iniset $NOVA_CONF DEFAULT osci_compute_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS" + + if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then + iniset $NOVA_CONF DEFAULT glance_protocol https + fi + + # Register SSL certificates if provided + if is_ssl_enabled_service nova; then + ensure_certificates NOVA + + iniset $NOVA_CONF DEFAULT ssl_cert_file "$NOVA_SSL_CERT" + iniset $NOVA_CONF DEFAULT ssl_key_file "$NOVA_SSL_KEY" + + iniset $NOVA_CONF DEFAULT enabled_ssl_apis "$NOVA_ENABLED_APIS" + fi + + if is_service_enabled tls-proxy; then + iniset $NOVA_CONF DEFAULT ec2_listen_port $EC2_SERVICE_PORT_INT + fi } function init_nova_cells { @@ -642,19 +680,22 @@ function install_nova { function start_nova_api { # Get right service port for testing local service_port=$NOVA_SERVICE_PORT + local service_protocol=$NOVA_SERVICE_PROTOCOL if is_service_enabled tls-proxy; then service_port=$NOVA_SERVICE_PORT_INT + service_protocol="http" fi run_process n-api "$NOVA_BIN_DIR/nova-api" echo "Waiting for nova-api to start..." - if ! wait_for_service $SERVICE_TIMEOUT http://$SERVICE_HOST:$service_port; then + if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then die $LINENO "nova-api did not start" fi # Start proxies if enabled if is_service_enabled tls-proxy; then start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT & + start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT & fi } diff --git a/lib/swift b/lib/swift index 3c31dd293a..813955226e 100644 --- a/lib/swift +++ b/lib/swift @@ -29,6 +29,10 @@ set +o xtrace # Defaults # -------- +if is_ssl_enabled_service "s-proxy" || is_service_enabled tls-proxy; then + SWIFT_SERVICE_PROTOCOL="https" +fi + # Set up default directories SWIFT_DIR=$DEST/swift SWIFTCLIENT_DIR=$DEST/python-swiftclient @@ -36,6 +40,9 @@ SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift} SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift} SWIFT3_DIR=$DEST/swift3 +SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} +SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081} + # TODO: add logging to different location. # Set ``SWIFT_DATA_DIR`` to the location of swift drives and objects. @@ -334,7 +341,18 @@ function configure_swift { iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level DEBUG iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port - iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080} + if is_service_enabled tls-proxy; then + iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT_INT} + else + iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080} + fi + + if is_ssl_enabled_service s-proxy; then + ensure_certificates SWIFT + + iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT cert_file "$SWIFT_SSL_CERT" + iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT key_file "$SWIFT_SSL_KEY" + fi # Devstack is commonly run in a small slow environment, so bump the # timeouts up. @@ -401,7 +419,7 @@ paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory auth_port = ${KEYSTONE_AUTH_PORT} auth_host = ${KEYSTONE_AUTH_HOST} auth_protocol = ${KEYSTONE_AUTH_PROTOCOL} -cafile = ${KEYSTONE_SSL_CA} +cafile = ${SSL_BUNDLE_FILE} auth_token = ${SERVICE_TOKEN} admin_token = ${SERVICE_TOKEN} @@ -560,9 +578,9 @@ function create_swift_accounts { "object-store" "Swift Service") get_or_create_endpoint $swift_service \ "$REGION_NAME" \ - "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \ - "http://$SERVICE_HOST:8080" \ - "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" + "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \ + "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080" \ + "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" fi local swift_tenant_test1=$(get_or_create_project swifttenanttest1) @@ -675,6 +693,10 @@ function start_swift { for type in proxy ${todo}; do swift-init --run-dir=${SWIFT_DATA_DIR}/run ${type} stop || true done + if is_service_enabled tls-proxy; then + local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080} + start_tls_proxy '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT & + fi run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v" if [[ ${SWIFT_REPLICAS} == 1 ]]; then for type in object container account; do diff --git a/lib/tempest b/lib/tempest index 906cb00f95..0e5f9c9496 100644 --- a/lib/tempest +++ b/lib/tempest @@ -317,7 +317,7 @@ function configure_tempest { iniset $TEMPEST_CONFIG network-feature-disabled api_extensions ${DISABLE_NETWORK_API_EXTENSIONS} # boto - iniset $TEMPEST_CONFIG boto ec2_url "http://$SERVICE_HOST:8773/services/Cloud" + iniset $TEMPEST_CONFIG boto ec2_url "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud" iniset $TEMPEST_CONFIG boto s3_url "http://$SERVICE_HOST:${S3_SERVICE_PORT:-3333}" iniset $TEMPEST_CONFIG boto s3_materials_path "$BOTO_MATERIALS_PATH" iniset $TEMPEST_CONFIG boto ari_manifest cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd.manifest.xml diff --git a/lib/tls b/lib/tls index 061c1cabbf..15e8692556 100644 --- a/lib/tls +++ b/lib/tls @@ -14,6 +14,7 @@ # # - configure_CA # - init_CA +# - cleanup_CA # - configure_proxy # - start_tls_proxy @@ -27,6 +28,7 @@ # - start_tls_proxy HOST_IP 5000 localhost 5000 # - ensure_certificates # - is_ssl_enabled_service +# - enable_mod_ssl # Defaults # -------- @@ -34,14 +36,9 @@ if is_service_enabled tls-proxy; then # TODO(dtroyer): revisit this below after the search for HOST_IP has been done TLS_IP=${TLS_IP:-$SERVICE_IP} - - # Set the default ``SERVICE_PROTOCOL`` for TLS - SERVICE_PROTOCOL=https fi -# Make up a hostname for cert purposes -# will be added to /etc/hosts? -DEVSTACK_HOSTNAME=secure.devstack.org +DEVSTACK_HOSTNAME=$(hostname -f) DEVSTACK_CERT_NAME=devstack-cert DEVSTACK_CERT=$DATA_DIR/$DEVSTACK_CERT_NAME.pem @@ -209,6 +206,29 @@ function init_CA { # Create the CA bundle cat $ROOT_CA_DIR/cacert.pem $INT_CA_DIR/cacert.pem >>$INT_CA_DIR/ca-chain.pem + cat $INT_CA_DIR/ca-chain.pem >> $SSL_BUNDLE_FILE + + if is_fedora; then + sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem + sudo update-ca-trust + elif is_ubuntu; then + sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt + sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt + sudo update-ca-certificates + fi +} + +# Clean up the CA files +# cleanup_CA +function cleanup_CA { + if is_fedora; then + sudo rm -f /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem + sudo update-ca-trust + elif is_ubuntu; then + sudo rm -f /usr/local/share/ca-certificates/devstack-int.crt + sudo rm -f /usr/local/share/ca-certificates/devstack-root.crt + sudo update-ca-certificates + fi } # Create an initial server cert @@ -331,6 +351,9 @@ function make_root_CA { function is_ssl_enabled_service { local services=$@ local service="" + if [ "$USE_SSL" == "False" ]; then + return 1 + fi for service in ${services}; do [[ ,${SSL_ENABLED_SERVICES}, =~ ,${service}, ]] && return 0 done @@ -345,8 +368,12 @@ function is_ssl_enabled_service { # The function expects to find a certificate, key and CA certificate in the # variables {service}_SSL_CERT, {service}_SSL_KEY and {service}_SSL_CA. For # example for keystone this would be KEYSTONE_SSL_CERT, KEYSTONE_SSL_KEY and -# KEYSTONE_SSL_CA. If it does not find these certificates the program will -# quit. +# KEYSTONE_SSL_CA. +# +# If it does not find these certificates then the devstack-issued server +# certificate, key and CA certificate will be associated with the service. +# +# If only some of the variables are provided then the function will quit. function ensure_certificates { local service=$1 @@ -358,7 +385,15 @@ function ensure_certificates { local key=${!key_var} local ca=${!ca_var} - if [[ -z "$cert" || -z "$key" || -z "$ca" ]]; then + if [[ -z "$cert" && -z "$key" && -z "$ca" ]]; then + local cert="$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt" + local key="$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key" + local ca="$INT_CA_DIR/ca-chain.pem" + eval ${service}_SSL_CERT=\$cert + eval ${service}_SSL_KEY=\$key + eval ${service}_SSL_CA=\$ca + return # the CA certificate is already in the bundle + elif [[ -z "$cert" || -z "$key" || -z "$ca" ]]; then die $LINENO "Missing either the ${cert_var} ${key_var} or ${ca_var}" \ "variable to enable SSL for ${service}" fi @@ -366,6 +401,21 @@ function ensure_certificates { cat $ca >> $SSL_BUNDLE_FILE } +# Enable the mod_ssl plugin in Apache +function enable_mod_ssl { + echo "Enabling mod_ssl" + + if is_ubuntu; then + sudo a2enmod ssl + elif is_fedora; then + # Fedora enables mod_ssl by default + : + fi + if ! sudo `which httpd || which apache2ctl` -M | grep -w -q ssl_module; then + die $LINENO "mod_ssl is not enabled in apache2/httpd, please check for it manually and run stack.sh again" + fi +} + # Proxy Functions # =============== diff --git a/stack.sh b/stack.sh index c20e61031d..12f18e20ec 100755 --- a/stack.sh +++ b/stack.sh @@ -340,6 +340,15 @@ source $TOP_DIR/lib/rpc_backend # and the specified rpc backend is available on your platform. check_rpc_backend +# Use native SSL for servers in SSL_ENABLED_SERVICES +USE_SSL=$(trueorfalse False $USE_SSL) + +# Service to enable with SSL if USE_SSL is True +SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron" + +if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then + die $LINENO "tls-proxy and SSL are mutually exclusive" +fi # Configure Projects # ================== @@ -822,7 +831,7 @@ if is_service_enabled heat; then configure_heat fi -if is_service_enabled tls-proxy; then +if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then configure_CA init_CA init_cert From fa4ece89f7928bc86b194b62f02304e805ae573b Mon Sep 17 00:00:00 2001 From: Ken'ichi Ohmichi Date: Thu, 25 Sep 2014 00:40:17 +0000 Subject: [PATCH 0014/3421] Remove Nova v3 API endpoint Nova v3 API has disappeared in Juno cycle, and we don't test the API now on the gate since If63dcdb2d05aa0fab0b6848a1248b6678f1ee9ad . This patch removes the endpoint of Nova v3 API. Change-Id: I85f87b37558a15d1eaaa781b02fec5b02bd2ab44 --- files/default_catalog.templates | 6 ------ lib/nova | 8 -------- lib/tempest | 3 --- 3 files changed, 17 deletions(-) diff --git a/files/default_catalog.templates b/files/default_catalog.templates index ff00e38e09..901635570b 100644 --- a/files/default_catalog.templates +++ b/files/default_catalog.templates @@ -12,12 +12,6 @@ catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_i catalog.RegionOne.compute.name = Compute Service -catalog.RegionOne.computev3.publicURL = http://%SERVICE_HOST%:8774/v3 -catalog.RegionOne.computev3.adminURL = http://%SERVICE_HOST%:8774/v3 -catalog.RegionOne.computev3.internalURL = http://%SERVICE_HOST%:8774/v3 -catalog.RegionOne.computev3.name = Compute Service V3 - - catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s diff --git a/lib/nova b/lib/nova index 2a3aae1835..88c1e29cea 100644 --- a/lib/nova +++ b/lib/nova @@ -349,14 +349,6 @@ create_nova_accounts() { "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" - - local nova_v3_service=$(get_or_create_service "novav3" \ - "computev3" "Nova Compute Service V3") - get_or_create_endpoint $nova_v3_service \ - "$REGION_NAME" \ - "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ - "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \ - "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" fi fi diff --git a/lib/tempest b/lib/tempest index 906cb00f95..0dfeb868df 100644 --- a/lib/tempest +++ b/lib/tempest @@ -290,15 +290,12 @@ function configure_tempest { iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method # Compute Features - iniset $TEMPEST_CONFIG compute-feature-enabled api_v3 ${TEMPEST_NOVA_API_V3:-False} iniset $TEMPEST_CONFIG compute-feature-enabled resize True iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False} iniset $TEMPEST_CONFIG compute-feature-enabled change_password False iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False} iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions ${COMPUTE_API_EXTENSIONS:-"all"} iniset $TEMPEST_CONFIG compute-feature-disabled api_extensions ${DISABLE_COMPUTE_API_EXTENSIONS} - iniset $TEMPEST_CONFIG compute-feature-enabled api_v3_extensions ${COMPUTE_API_V3_EXTENSIONS:-"all"} - iniset $TEMPEST_CONFIG compute-feature-disabled api_v3_extensions ${DISABLE_COMPUTE_API_V3_EXTENSIONS} # Compute admin iniset $TEMPEST_CONFIG "compute-admin" username $ADMIN_USERNAME From 3feaa383ce07c1cf0f5c8760e326aab96b55ddbf Mon Sep 17 00:00:00 2001 From: Ken'ichi Ohmichi Date: Thu, 25 Sep 2014 00:49:57 +0000 Subject: [PATCH 0015/3421] Add Nova v2.1 API endpoint In Juno cycle, we started to implement Nova v2.1 API and most part has been implemented now. For using/testing the API, this patch adds the endpoint setting to devstack. Change-Id: I25557cb2b0a1384ee11d3e1ae7d424828e766e50 --- files/default_catalog.templates | 6 ++++++ lib/nova | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/files/default_catalog.templates b/files/default_catalog.templates index 901635570b..a18d38f606 100644 --- a/files/default_catalog.templates +++ b/files/default_catalog.templates @@ -12,6 +12,12 @@ catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_i catalog.RegionOne.compute.name = Compute Service +catalog.RegionOne.computev21.publicURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s +catalog.RegionOne.computev21.adminURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s +catalog.RegionOne.computev21.internalURL = http://%SERVICE_HOST%:8774/v2.1/$(tenant_id)s +catalog.RegionOne.computev21.name = Compute Service V2.1 + + catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s diff --git a/lib/nova b/lib/nova index 88c1e29cea..00050905bf 100644 --- a/lib/nova +++ b/lib/nova @@ -349,6 +349,14 @@ create_nova_accounts() { "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" + + local nova_v21_service=$(get_or_create_service "novav21" \ + "computev21" "Nova Compute Service V2.1") + get_or_create_endpoint $nova_v21_service \ + "$REGION_NAME" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/\$(tenant_id)s" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/\$(tenant_id)s" \ + "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/\$(tenant_id)s" fi fi From 293869fbacea6939a63a8a83311063af8376cf9c Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Thu, 25 Sep 2014 07:55:15 +0200 Subject: [PATCH 0016/3421] Fix pkg name for mysql-connector-python on SUSE The correct package name on SUSE distros is python-mysql-connector-python. Change-Id: I5250356f782f149f87f3d0ffba3380911fa437be --- files/rpms-suse/keystone | 2 +- files/rpms-suse/neutron | 2 +- files/rpms-suse/nova | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone index a734cb9d09..4c37adef9b 100644 --- a/files/rpms-suse/keystone +++ b/files/rpms-suse/keystone @@ -10,6 +10,6 @@ python-devel python-greenlet python-lxml python-mysql -python-mysql.connector +python-mysql-connector-python python-pysqlite sqlite3 diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron index 8ad69b022f..41eae0576e 100644 --- a/files/rpms-suse/neutron +++ b/files/rpms-suse/neutron @@ -9,7 +9,7 @@ python-greenlet python-iso8601 python-kombu python-mysql -python-mysql.connector +python-mysql-connector-python python-Paste python-PasteDeploy python-pyudev diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova index 73c0604aaa..bea0451289 100644 --- a/files/rpms-suse/nova +++ b/files/rpms-suse/nova @@ -34,7 +34,7 @@ python-lockfile python-lxml # needed for glance which is needed for nova --- this shouldn't be here python-mox python-mysql -python-mysql.connector +python-mysql-connector-python python-numpy # needed by websockify for spice console python-paramiko python-sqlalchemy-migrate From a7bde1fdf7df38490b80871dd652401fb1721232 Mon Sep 17 00:00:00 2001 From: Joe Gordon Date: Fri, 26 Sep 2014 09:52:13 -0700 Subject: [PATCH 0017/3421] Cleanup nova-cinder nova.conf section Stop using deprecated conf names, don't override default values with default values. Change-Id: I2c7e0833a61926b9fc9b5de4e38fdd626501d78d --- lib/nova | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/nova b/lib/nova index cfa6f7a8ec..319d9302f7 100644 --- a/lib/nova +++ b/lib/nova @@ -451,12 +451,11 @@ function create_nova_conf { fi if is_service_enabled cinder; then - iniset $NOVA_CONF DEFAULT volume_api_class "nova.volume.cinder.API" if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} - iniset $NOVA_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" - iniset $NOVA_CONF DEFAULT cinder_ca_certificates_file $SSL_BUNDLE_FILE + iniset $NOVA_CONF cinder endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s" + iniset $NOVA_CONF cinder ca_certificates_file $SSL_BUNDLE_FILE fi fi From 1f79bad7ecc28d472b1e2c185fdba7a9dd61a524 Mon Sep 17 00:00:00 2001 From: Joe Gordon Date: Fri, 26 Sep 2014 09:59:47 -0700 Subject: [PATCH 0018/3421] Stop setting nova.conf settings that mean nothing * DEFAULT.fixed_range isn't a valid option in nova anymore * DEFAULT.osci_compute_workers was never a thing, it should be DEFAULT.osapi_compute_workers Change-Id: Ib08f3e20e4685b331385431276f890205fa76da6 --- lib/nova | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/nova b/lib/nova index cfa6f7a8ec..4d4aeae97d 100644 --- a/lib/nova +++ b/lib/nova @@ -421,7 +421,6 @@ function create_nova_conf { iniset $NOVA_CONF DEFAULT scheduler_driver "$SCHEDULER" iniset $NOVA_CONF DEFAULT dhcpbridge_flagfile "$NOVA_CONF" iniset $NOVA_CONF DEFAULT force_dhcp_release "True" - iniset $NOVA_CONF DEFAULT fixed_range "" iniset $NOVA_CONF DEFAULT default_floating_pool "$PUBLIC_NETWORK_NAME" iniset $NOVA_CONF DEFAULT s3_host "$SERVICE_HOST" iniset $NOVA_CONF DEFAULT s3_port "$S3_SERVICE_PORT" @@ -531,7 +530,7 @@ function create_nova_conf { iniset_rpc_backend nova $NOVA_CONF DEFAULT iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" - iniset $NOVA_CONF DEFAULT osci_compute_workers "$API_WORKERS" + iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS" From 3fcd2baf95332e814e56a7cddc1b85dd15ae6391 Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Mon, 22 Sep 2014 00:55:02 -0700 Subject: [PATCH 0019/3421] Ensure that keystone uses global debug setting When setting ENABLE_DEBUG_LOG_LEVEL the keystone screen would ignore this setting and always use the debug mode. Change-Id: I934443c2976e936198fc93da4cca717e6cb84e6f --- lib/keystone | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/keystone b/lib/keystone index b6a4e1097a..68e8f9fe79 100644 --- a/lib/keystone +++ b/lib/keystone @@ -283,7 +283,7 @@ function configure_keystone { fi if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then - iniset $KEYSTONE_CONF DEFAULT debug "True" + iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL # Eliminate the %(asctime)s.%(msecs)03d from the log format strings iniset $KEYSTONE_CONF DEFAULT logging_context_format_string "%(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s" iniset $KEYSTONE_CONF DEFAULT logging_default_format_string "%(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s" @@ -476,8 +476,12 @@ function start_keystone { tail_log key /var/log/$APACHE_NAME/keystone.log tail_log key-access /var/log/$APACHE_NAME/keystone_access.log else + local EXTRA_PARAMS="" + if [ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]; then + EXTRA_PARAMS="--debug" + fi # Start Keystone in a screen window - run_process key "$KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF --debug" + run_process key "$KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $EXTRA_PARAMS" fi echo "Waiting for keystone to start..." From 68e9f05f7c19b1bd9d4c7e8e7f88fbf93d18b9f9 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Thu, 28 Aug 2014 07:26:31 -0400 Subject: [PATCH 0020/3421] remove kombu from package lists This is a pure python library that we should probably let pip handle so that we don't accidentally only test whatever patched version is in trusty instead of the upstream versions. Change-Id: I93d2f9344b9f83d2397466b4bc29c97210919ed9 --- files/apts/horizon | 2 -- files/apts/neutron | 1 - files/apts/nova | 1 - files/rpms-suse/horizon | 1 - files/rpms-suse/neutron | 1 - files/rpms-suse/nova | 1 - files/rpms/horizon | 1 - files/rpms/neutron | 1 - files/rpms/nova | 1 - 9 files changed, 10 deletions(-) diff --git a/files/apts/horizon b/files/apts/horizon index 8969046355..03df3cba97 100644 --- a/files/apts/horizon +++ b/files/apts/horizon @@ -9,13 +9,11 @@ python-routes python-xattr python-sqlalchemy python-webob -python-kombu pylint python-eventlet python-nose python-sphinx python-mox -python-kombu python-coverage python-cherrypy3 # why? python-migrate diff --git a/files/apts/neutron b/files/apts/neutron index 381c75836d..a48a800527 100644 --- a/files/apts/neutron +++ b/files/apts/neutron @@ -11,7 +11,6 @@ python-routes python-suds python-pastedeploy python-greenlet -python-kombu python-eventlet python-sqlalchemy python-mysqldb diff --git a/files/apts/nova b/files/apts/nova index b1b969aab7..a3b0cb1521 100644 --- a/files/apts/nova +++ b/files/apts/nova @@ -42,7 +42,6 @@ python-sqlalchemy python-suds python-lockfile python-m2crypto -python-kombu python-feedparser python-iso8601 python-qpid # NOPRIME diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon index d3bde2690c..fa7e43964a 100644 --- a/files/rpms-suse/horizon +++ b/files/rpms-suse/horizon @@ -12,7 +12,6 @@ python-beautifulsoup python-coverage python-dateutil python-eventlet -python-kombu python-mox python-nose python-pylint diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron index 41eae0576e..8431bd1bd0 100644 --- a/files/rpms-suse/neutron +++ b/files/rpms-suse/neutron @@ -7,7 +7,6 @@ mariadb # NOPRIME python-eventlet python-greenlet python-iso8601 -python-kombu python-mysql python-mysql-connector-python python-Paste diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova index bea0451289..b1c4f6a8d0 100644 --- a/files/rpms-suse/nova +++ b/files/rpms-suse/nova @@ -28,7 +28,6 @@ python-eventlet python-feedparser python-greenlet python-iso8601 -python-kombu python-libxml2 python-lockfile python-lxml # needed for glance which is needed for nova --- this shouldn't be here diff --git a/files/rpms/horizon b/files/rpms/horizon index 8ecb030194..fe3a2f40c0 100644 --- a/files/rpms/horizon +++ b/files/rpms/horizon @@ -9,7 +9,6 @@ python-dateutil python-eventlet python-greenlet python-httplib2 -python-kombu python-migrate python-mox python-nose diff --git a/files/rpms/neutron b/files/rpms/neutron index 7020d33719..2c9dd3d5e8 100644 --- a/files/rpms/neutron +++ b/files/rpms/neutron @@ -11,7 +11,6 @@ openvswitch # NOPRIME python-eventlet python-greenlet python-iso8601 -python-kombu #rhel6 gets via pip python-paste # dist:f19,f20,rhel7 python-paste-deploy # dist:f19,f20,rhel7 diff --git a/files/rpms/nova b/files/rpms/nova index 695d814f7d..dc1944b1de 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -25,7 +25,6 @@ python-eventlet python-feedparser python-greenlet python-iso8601 -python-kombu python-lockfile python-migrate python-mox From ae6fb18ff2ee82b42b0c604fec4a02b756e54ed4 Mon Sep 17 00:00:00 2001 From: Chris Dent Date: Tue, 16 Sep 2014 15:17:13 +0100 Subject: [PATCH 0021/3421] Allow ceilometer-api to run under mod_wsgi If CEILOMETER_USE_MOD_WSGI is True then the API app will run under mod wsgi. The default is false (for now). The changes are modeled on keystone's use of apache. Note that these changes are dependent on https://review.openstack.org/#/c/121823/ in ceilometer. Using mod_wsgi allows the ceilometer api to handle "concurrent" requests. This is extremely useful when trying to benchmark various aspects of the service. Change-Id: I4c220c3b52804cd8d9123b47780a98e0346ca81e --- files/apache-ceilometer.template | 15 ++++++++++ lib/ceilometer | 49 +++++++++++++++++++++++++++++++- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 files/apache-ceilometer.template diff --git a/files/apache-ceilometer.template b/files/apache-ceilometer.template new file mode 100644 index 0000000000..1c57b328b8 --- /dev/null +++ b/files/apache-ceilometer.template @@ -0,0 +1,15 @@ +Listen %PORT% + + + WSGIDaemonProcess ceilometer-api processes=2 threads=10 user=%USER% display-name=%{GROUP} + WSGIProcessGroup ceilometer-api + WSGIScriptAlias / %WSGIAPP% + WSGIApplicationGroup %{GLOBAL} + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /var/log/%APACHE_NAME%/ceilometer.log + CustomLog /var/log/%APACHE_NAME%/ceilometer_access.log combined + + +WSGISocketPrefix /var/run/%APACHE_NAME% diff --git a/lib/ceilometer b/lib/ceilometer index 00fc0d3f68..9bb31218a0 100644 --- a/lib/ceilometer +++ b/lib/ceilometer @@ -41,6 +41,7 @@ CEILOMETER_CONF_DIR=/etc/ceilometer CEILOMETER_CONF=$CEILOMETER_CONF_DIR/ceilometer.conf CEILOMETER_API_LOG_DIR=/var/log/ceilometer-api CEILOMETER_AUTH_CACHE_DIR=${CEILOMETER_AUTH_CACHE_DIR:-/var/cache/ceilometer} +CEILOMETER_WSGI_DIR=${CEILOMETER_WSGI_DIR:-/var/www/ceilometer} # Support potential entry-points console scripts CEILOMETER_BIN_DIR=$(get_python_exec_prefix) @@ -52,6 +53,7 @@ CEILOMETER_BACKEND=${CEILOMETER_BACKEND:-mysql} CEILOMETER_SERVICE_PROTOCOL=http CEILOMETER_SERVICE_HOST=$SERVICE_HOST CEILOMETER_SERVICE_PORT=${CEILOMETER_SERVICE_PORT:-8777} +CEILOMETER_USE_MOD_WSGI=$(trueorfalse False $CEILOMETER_USE_MOD_WSGI) # To enable OSprofiler change value of this variable to "notifications,profiler" CEILOMETER_NOTIFICATION_TOPICS=${CEILOMETER_NOTIFICATION_TOPICS:-notifications} @@ -105,12 +107,39 @@ create_ceilometer_accounts() { } +# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file +function _cleanup_ceilometer_apache_wsgi { + sudo rm -f $CEILOMETER_WSGI_DIR/* + sudo rm -f $(apache_site_config_for ceilometer) +} + # cleanup_ceilometer() - Remove residual data files, anything left over from previous # runs that a clean run would need to clean up function cleanup_ceilometer { if [ "$CEILOMETER_BACKEND" != 'mysql' ] && [ "$CEILOMETER_BACKEND" != 'postgresql' ] ; then mongo ceilometer --eval "db.dropDatabase();" fi + if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then + _cleanup_ceilometer_apache_wsgi + fi +} + +function _config_ceilometer_apache_wsgi { + sudo mkdir -p $CEILOMETER_WSGI_DIR + + local ceilometer_apache_conf=$(apache_site_config_for ceilometer) + local apache_version=$(get_apache_version) + + # copy proxy vhost and wsgi file + sudo cp $CEILOMETER_DIR/ceilometer/api/app.wsgi $CEILOMETER_WSGI_DIR/app + + sudo cp $FILES/apache-ceilometer.template $ceilometer_apache_conf + sudo sed -e " + s|%PORT%|$CEILOMETER_SERVICE_PORT|g; + s|%APACHE_NAME%|$APACHE_NAME|g; + s|%WSGIAPP%|$CEILOMETER_WSGI_DIR/app|g; + s|%USER%|$STACK_USER|g + " -i $ceilometer_apache_conf } # configure_ceilometer() - Set config files, create data dirs, etc @@ -163,6 +192,11 @@ function configure_ceilometer { iniset $CEILOMETER_CONF vmware host_username "$VMWAREAPI_USER" iniset $CEILOMETER_CONF vmware host_password "$VMWAREAPI_PASSWORD" fi + + if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then + iniset $CEILOMETER_CONF api pecan_debug "False" + _config_ceilometer_apache_wsgi + fi } function configure_mongodb { @@ -223,7 +257,16 @@ function start_ceilometer { run_process ceilometer-acentral "ceilometer-agent-central --config-file $CEILOMETER_CONF" run_process ceilometer-anotification "ceilometer-agent-notification --config-file $CEILOMETER_CONF" run_process ceilometer-collector "ceilometer-collector --config-file $CEILOMETER_CONF" - run_process ceilometer-api "ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF" + + if [[ "$CEILOMETER_USE_MOD_WSGI" == "False" ]]; then + run_process ceilometer-api "ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF" + else + enable_apache_site ceilometer + restart_apache_server + tail_log ceilometer /var/log/$APACHE_NAME/ceilometer.log + tail_log ceilometer-api /var/log/$APACHE_NAME/ceilometer_access.log + fi + # Start the compute agent last to allow time for the collector to # fully wake up and connect to the message bus. See bug #1355809 @@ -248,6 +291,10 @@ function start_ceilometer { # stop_ceilometer() - Stop running processes function stop_ceilometer { + if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then + disable_apache_site ceilometer + restart_apache_server + fi # Kill the ceilometer screen windows for serv in ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do stop_process $serv From ac937bc06eb68cb1c94804995325b9fa8b850959 Mon Sep 17 00:00:00 2001 From: Julie Pichon Date: Mon, 29 Sep 2014 04:55:21 +0100 Subject: [PATCH 0022/3421] Install ldappool when LDAP is enabled Keystone expects ldappool to be installed when using the LDAP backend. Change-Id: I35e6585ec8416153ed6d0c6fa8c10c992bf0de6d Closes-Bug: #1373750 --- lib/ldap | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/ldap b/lib/ldap index 2bb8a4cc9c..a6fb82f6f2 100644 --- a/lib/ldap +++ b/lib/ldap @@ -139,6 +139,8 @@ function install_ldap { sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif fi + pip_install ldappool + rm -rf $tmp_ldap_dir } From 3cd1771408f5025177ff0ac7578527c5a9a64bfa Mon Sep 17 00:00:00 2001 From: Bob Ball Date: Mon, 29 Sep 2014 12:53:02 +0100 Subject: [PATCH 0023/3421] XenAPI: Upgrade built-VM to Trusty If you're not using an XVA then the built-VM was previously Saucy, which is not supported by openstack any more. Change-Id: I1040d9e43d517582e76f2e1df787986b5ffbc42c --- tools/xen/devstackubuntupreseed.cfg | 8 ++++---- tools/xen/xenrc | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tools/xen/devstackubuntupreseed.cfg b/tools/xen/devstackubuntupreseed.cfg index 6a1ae89fd9..94e6e96625 100644 --- a/tools/xen/devstackubuntupreseed.cfg +++ b/tools/xen/devstackubuntupreseed.cfg @@ -297,9 +297,9 @@ d-i user-setup/encrypt-home boolean false ### Apt setup # You can choose to install restricted and universe software, or to install # software from the backports repository. -#d-i apt-setup/restricted boolean true -#d-i apt-setup/universe boolean true -#d-i apt-setup/backports boolean true +d-i apt-setup/restricted boolean true +d-i apt-setup/universe boolean true +d-i apt-setup/backports boolean true # Uncomment this if you don't want to use a network mirror. #d-i apt-setup/use_mirror boolean false # Select which update services to use; define the mirrors to be used. @@ -366,7 +366,7 @@ d-i pkgsel/updatedb boolean false # With a few exceptions for unusual partitioning setups, GRUB 2 is now the # default. If you need GRUB Legacy for some particular reason, then # uncomment this: -#d-i grub-installer/grub2_instead_of_grub_legacy boolean false +d-i grub-installer/grub2_instead_of_grub_legacy boolean false # This is fairly safe to set, it makes grub install automatically to the MBR # if no other operating system is detected on the machine. diff --git a/tools/xen/xenrc b/tools/xen/xenrc index 278bb9b909..510c5f9c46 100644 --- a/tools/xen/xenrc +++ b/tools/xen/xenrc @@ -63,15 +63,15 @@ PUB_IP=${PUB_IP:-172.24.4.10} PUB_NETMASK=${PUB_NETMASK:-255.255.255.0} # Ubuntu install settings -UBUNTU_INST_RELEASE="saucy" -UBUNTU_INST_TEMPLATE_NAME="Ubuntu 13.10 (64-bit) for DevStack" +UBUNTU_INST_RELEASE="trusty" +UBUNTU_INST_TEMPLATE_NAME="Ubuntu 14.04 (64-bit) for DevStack" # For 12.04 use "precise" and update template name # However, for 12.04, you should be using # XenServer 6.1 and later or XCP 1.6 or later # 11.10 is only really supported with XenServer 6.0.2 and later UBUNTU_INST_ARCH="amd64" -UBUNTU_INST_HTTP_HOSTNAME="archive.ubuntu.net" -UBUNTU_INST_HTTP_DIRECTORY="/ubuntu" +UBUNTU_INST_HTTP_HOSTNAME="mirror.anl.gov" +UBUNTU_INST_HTTP_DIRECTORY="/pub/ubuntu" UBUNTU_INST_HTTP_PROXY="" UBUNTU_INST_LOCALE="en_US" UBUNTU_INST_KEYBOARD="us" From 44e16e01da9d3b7d647d379f8c9cab763fc7912a Mon Sep 17 00:00:00 2001 From: John Griffith Date: Fri, 19 Sep 2014 10:26:51 -0600 Subject: [PATCH 0024/3421] Relocate SERVICE_TIMEOUT to stackrc cinder_driver_cert.sh restarts volume services and needs the SERVICE_TIMEOUT variable set, but that was being declared in stack.sh. Rather than create another duplicate variable in the cert script, just move the SERVICE_TIMEOUT variable to stackrc so it can be shared like other common variables. Change-Id: I650697df015fed8f400101a13b6165ac39626877 Closes-Bug: 1350221 --- stack.sh | 3 --- stackrc | 5 +++++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/stack.sh b/stack.sh index c20e61031d..e795f375b8 100755 --- a/stack.sh +++ b/stack.sh @@ -325,9 +325,6 @@ SYSLOG_PORT=${SYSLOG_PORT:-516} # Use color for logging output (only available if syslog is not used) LOG_COLOR=`trueorfalse True $LOG_COLOR` -# Service startup timeout -SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60} - # Reset the bundle of CA certificates SSL_BUNDLE_FILE="$DATA_DIR/ca-bundle.pem" rm -f $SSL_BUNDLE_FILE diff --git a/stackrc b/stackrc index 936eb9c293..ac6efdd2cf 100644 --- a/stackrc +++ b/stackrc @@ -516,6 +516,11 @@ SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http} # (the default number of workers for many services is the number of CPUs) # API_WORKERS=4 +# Service startup timeout +SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60} + +# Following entries need to be last items in file + # Local variables: # mode: shell-script # End: From 08a5fcc7faae8cab558617b46b684009df595fdd Mon Sep 17 00:00:00 2001 From: Kevin Benton Date: Fri, 18 Jul 2014 16:06:12 -0700 Subject: [PATCH 0025/3421] Use service role for neutron instead of admin When creating the account for neutron to use in keystone, give it a service role instead of an admin role so it isn't overprivileged with the ability to create and delete tenants. Also set the Neutron policy.json file to allow the Neutron account to administer Neutron. Closes-Bug: #1344463 Change-Id: I86b15cfcffe549654c28f425c2bcf99403ac10bc --- lib/neutron | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/neutron b/lib/neutron index 81f2697abb..a48f519884 100644 --- a/lib/neutron +++ b/lib/neutron @@ -457,13 +457,13 @@ function create_neutron_cache_dir { function create_neutron_accounts { local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") + local service_role=$(openstack role list | awk "/ service / { print \$2 }") if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then local neutron_user=$(get_or_create_user "neutron" \ "$SERVICE_PASSWORD" $service_tenant) - get_or_add_user_role $admin_role $neutron_user $service_tenant + get_or_add_user_role $service_role $neutron_user $service_tenant if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then @@ -889,6 +889,9 @@ function _configure_neutron_service { cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE + # allow neutron user to administer neutron to match neutron account + sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE + # Update either configuration file with plugin iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS From 50495b0163e731f2fd5fe2d43aed10c8c2fe8e1e Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 30 Sep 2014 09:53:34 -0700 Subject: [PATCH 0026/3421] Install dib from pip diskimage-builder makes releases to PyPI and is not part of the integrated release. Since it's not, we don't need to consume its master branch - rather, we can consume its releases. Change-Id: If9297a28604612140c39dfe44e77107d1372f0bb --- lib/dib | 5 +---- stackrc | 4 ---- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/lib/dib b/lib/dib index 3a1167f833..d39d8016c5 100644 --- a/lib/dib +++ b/lib/dib @@ -32,10 +32,7 @@ OAC_DIR=$DEST/os-apply-config # install_dib() - Collect source and prepare function install_dib { - git_clone $DIB_REPO $DIB_DIR $DIB_BRANCH - pushd $DIB_DIR - pip_install ./ - popd + pip_install diskimage-builder git_clone $TIE_REPO $TIE_DIR $TIE_BRANCH git_clone $OCC_REPO $OCC_DIR $OCC_BRANCH diff --git a/stackrc b/stackrc index 580fabf9f7..10feabe4ba 100644 --- a/stackrc +++ b/stackrc @@ -136,10 +136,6 @@ CINDER_BRANCH=${CINDER_BRANCH:-master} CINDERCLIENT_REPO=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git} CINDERCLIENT_BRANCH=${CINDERCLIENT_BRANCH:-master} -# diskimage-builder -DIB_REPO=${DIB_REPO:-${GIT_BASE}/openstack/diskimage-builder.git} -DIB_BRANCH=${DIB_BRANCH:-master} - # image catalog service GLANCE_REPO=${GLANCE_REPO:-${GIT_BASE}/openstack/glance.git} GLANCE_BRANCH=${GLANCE_BRANCH:-master} From c53e83601a4ffc572ae99b3a4f330a940066cc1d Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Tue, 30 Sep 2014 22:37:52 -0400 Subject: [PATCH 0027/3421] remove deprecated pip option --build is a deprecated option in pip, remove it Change-Id: I8cb5f570431dcbd3389cd3b8d54d9ef40aa66dee --- functions-common | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/functions-common b/functions-common index 6b1f473004..4c61d6a8d2 100644 --- a/functions-common +++ b/functions-common @@ -1523,9 +1523,8 @@ function pip_install { http_proxy=$http_proxy \ https_proxy=$https_proxy \ no_proxy=$no_proxy \ - $cmd_pip install --build=${pip_build_tmp} \ - $pip_mirror_opt $@ \ - && $sudo_pip rm -rf ${pip_build_tmp} + $cmd_pip install \ + $pip_mirror_opt $@ if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then local test_req="$@/test-requirements.txt" @@ -1534,9 +1533,8 @@ function pip_install { http_proxy=$http_proxy \ https_proxy=$https_proxy \ no_proxy=$no_proxy \ - $cmd_pip install --build=${pip_build_tmp} \ - $pip_mirror_opt -r $test_req \ - && $sudo_pip rm -rf ${pip_build_tmp} + $cmd_pip install \ + $pip_mirror_opt -r $test_req fi fi } From 82d6e537522083749a664b99e1bdca2d8a33c6b9 Mon Sep 17 00:00:00 2001 From: Joe Gordon Date: Fri, 26 Sep 2014 10:17:57 -0700 Subject: [PATCH 0028/3421] don't set nova.conf auth_strategy keystone is the default value, so no need to override it. Change-Id: I8e00071612d79959531feffc7e7993fa8c536359 --- lib/nova | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/nova b/lib/nova index c24bc2fd8a..096d380e03 100644 --- a/lib/nova +++ b/lib/nova @@ -405,7 +405,6 @@ function create_nova_conf { rm -f $NOVA_CONF iniset $NOVA_CONF DEFAULT verbose "True" iniset $NOVA_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL" - iniset $NOVA_CONF DEFAULT auth_strategy "keystone" iniset $NOVA_CONF DEFAULT allow_resize_to_same_host "True" iniset $NOVA_CONF DEFAULT allow_migrate_to_same_host "True" iniset $NOVA_CONF DEFAULT api_paste_config "$NOVA_API_PASTE_INI" From 062a3c3e707e69778d2bb95e3e861e7bd65114b7 Mon Sep 17 00:00:00 2001 From: Kenneth Giusti Date: Tue, 30 Sep 2014 10:14:08 -0400 Subject: [PATCH 0029/3421] Configure an authorized user for the QPID broker If QPID_USERNAME is set, add the user to the QPID broker's authentication database. Use the value of QPID_PASSWORD as the password for the user, prompting for a password if QPID_PASSWORD is not set. This requires that all clients provide this username and password when connecting to the QPID broker, or the connection will be rejected. If QPID_USERNAME is not set (the default), disable QPID broker authentication. This allows any client to connect to the QPID broker without needing authentication. Change-Id: Ibd79873379740930ce5f598018c1ca1fffda7c31 Closes-Bug: 1272399 --- files/apts/qpid | 1 + files/rpms/qpid | 1 + lib/rpc_backend | 109 +++++++++++++++++++++++++++++++++++------------- 3 files changed, 82 insertions(+), 29 deletions(-) create mode 100644 files/apts/qpid diff --git a/files/apts/qpid b/files/apts/qpid new file mode 100644 index 0000000000..e3bbf0961c --- /dev/null +++ b/files/apts/qpid @@ -0,0 +1 @@ +sasl2-bin # NOPRIME diff --git a/files/rpms/qpid b/files/rpms/qpid index 62148ba231..9e3f10af13 100644 --- a/files/rpms/qpid +++ b/files/rpms/qpid @@ -1,3 +1,4 @@ qpid-proton-c-devel # NOPRIME python-qpid-proton # NOPRIME +cyrus-sasl-lib # NOPRIME diff --git a/lib/rpc_backend b/lib/rpc_backend index de82fe115e..14c78fbf7b 100644 --- a/lib/rpc_backend +++ b/lib/rpc_backend @@ -132,39 +132,14 @@ function install_rpc_backend { # Install rabbitmq-server install_package rabbitmq-server elif is_service_enabled qpid; then - local qpid_conf_file=/etc/qpid/qpidd.conf if is_fedora; then install_package qpid-cpp-server - if [[ $DISTRO =~ (rhel6) ]]; then - qpid_conf_file=/etc/qpidd.conf - # RHEL6 leaves "auth=yes" in /etc/qpidd.conf, it needs to - # be no or you get GSS authentication errors as it - # attempts to default to this. - sudo sed -i.bak 's/^auth=yes$/auth=no/' $qpid_conf_file - fi elif is_ubuntu; then install_package qpidd - sudo sed -i '/PLAIN/!s/mech_list: /mech_list: PLAIN /' /etc/sasl2/qpidd.conf - sudo chmod o+r /etc/qpid/qpidd.sasldb else exit_distro_not_supported "qpid installation" fi - # If AMQP 1.0 is specified, ensure that the version of the - # broker can support AMQP 1.0 and configure the queue and - # topic address patterns used by oslo.messaging. - if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then - QPIDD=$(type -p qpidd) - if ! $QPIDD --help | grep -q "queue-patterns"; then - exit_distro_not_supported "qpidd with AMQP 1.0 support" - fi - if ! grep -q "queue-patterns=exclusive" $qpid_conf_file; then - cat < Date: Wed, 1 Oct 2014 09:06:43 -0400 Subject: [PATCH 0030/3421] use released library versions by default This patch provides a new path for installing libraries in devstack so that it's possible to either test with upstream released libraries, or with git versions of individual libraries. Libraries are added by name to 3 associative arrays GITREPO, GITBRANCH, GITDIR. When we get to the library install phase we inspect LIBS_FROM_GIT and look for libraries by name (i.e. "oslo.config") and if they exist we'll clone and install those libraries from git. Otherwise we won't, and just let pip pull them as dependencies when it needs them. This patch provides the conversion of the oslo libraries, including pbr. Devstack-gate jobs for these libraries will need to change to support actually forward testing their content. Change-Id: I6161fa3194dbe8fbc25b6ee0e2fe3cc722a1cea4 --- functions-common | 37 ++++++++++++++++++ lib/infra | 10 +++-- lib/oslo | 97 +++++++++++++++++++----------------------------- stackrc | 64 ++++++++++++++++---------------- 4 files changed, 114 insertions(+), 94 deletions(-) diff --git a/functions-common b/functions-common index 6b1f473004..c5c2ec7d42 100644 --- a/functions-common +++ b/functions-common @@ -36,6 +36,11 @@ XTRACE=$(set +o | grep xtrace) set +o xtrace +# Global Config Variables +declare -A GITREPO +declare -A GITBRANCH +declare -A GITDIR + # Config Functions # ================ @@ -598,6 +603,18 @@ function git_clone { cd $orig_dir } +# A variation on git clone that lets us specify a project by it's +# actual name, like oslo.config. This is exceptionally useful in the +# library installation case +function git_clone_by_name { + local name=$1 + local repo=${GITREPO[$name]} + local dir=${GITDIR[$name]} + local branch=${GITBRANCH[$name]} + git_clone $repo $dir $branch +} + + # git can sometimes get itself infinitely stuck with transient network # errors or other issues with the remote end. This wraps git in a # timeout/retry loop and is intended to watch over non-local git @@ -1541,6 +1558,26 @@ function pip_install { fi } +# should we use this library from their git repo, or should we let it +# get pulled in via pip dependencies. +function use_library_from_git { + local name=$1 + local enabled=1 + [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0 + return $enabled +} + +# setup a library by name. If we are trying to use the library from +# git, we'll do a git based install, otherwise we'll punt and the +# library should be installed by a requirements pull from another +# project. +function setup_lib { + local name=$1 + local dir=${GITDIR[$name]} + setup_install $dir +} + + # this should be used if you want to install globally, all libraries should # use this, especially *oslo* ones function setup_install { diff --git a/lib/infra b/lib/infra index e18c66ed48..cd439e723a 100644 --- a/lib/infra +++ b/lib/infra @@ -19,7 +19,7 @@ set +o xtrace # Defaults # -------- -PBR_DIR=$DEST/pbr +GITDIR["pbr"]=$DEST/pbr REQUIREMENTS_DIR=$DEST/requirements # Entry Points @@ -31,8 +31,12 @@ function install_infra { git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH # Install pbr - git_clone $PBR_REPO $PBR_DIR $PBR_BRANCH - setup_install $PBR_DIR + if use_library_from_git "pbr"; then + git_clone_by_name "pbr" + setup_lib "pbr" + else + pip_install "pbr" + fi } # Restore xtrace diff --git a/lib/oslo b/lib/oslo index e5fa37e17f..c95a3a805f 100644 --- a/lib/oslo +++ b/lib/oslo @@ -20,21 +20,21 @@ set +o xtrace # Defaults # -------- -CLIFF_DIR=$DEST/cliff -OSLOCFG_DIR=$DEST/oslo.config -OSLOCON_DIR=$DEST/oslo.concurrency -OSLODB_DIR=$DEST/oslo.db -OSLOI18N_DIR=$DEST/oslo.i18n -OSLOLOG_DIR=$DEST/oslo.log -OSLOMID_DIR=$DEST/oslo.middleware -OSLOMSG_DIR=$DEST/oslo.messaging -OSLORWRAP_DIR=$DEST/oslo.rootwrap -OSLOSERIALIZATION_DIR=$DEST/oslo.serialization -OSLOUTILS_DIR=$DEST/oslo.utils -OSLOVMWARE_DIR=$DEST/oslo.vmware -PYCADF_DIR=$DEST/pycadf -STEVEDORE_DIR=$DEST/stevedore -TASKFLOW_DIR=$DEST/taskflow +GITDIR["cliff"]=$DEST/cliff +GITDIR["oslo.config"]=$DEST/oslo.config +GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency +GITDIR["oslo.db"]=$DEST/oslo.db +GITDIR["oslo.i18n"]=$DEST/oslo.i18n +GITDIR["oslo.log"]=$DEST/oslo.log +GITDIR["oslo.middleware"]=$DEST/oslo.middleware +GITDIR["oslo.messaging"]=$DEST/oslo.messaging +GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap +GITDIR["oslo.serialization"]=$DEST/oslo.serialization +GITDIR["oslo.utils"]=$DEST/oslo.utils +GITDIR["oslo.vmware"]=$DEST/oslo.vmware +GITDIR["pycadf"]=$DEST/pycadf +GITDIR["stevedore"]=$DEST/stevedore +GITDIR["taskflow"]=$DEST/taskflow # Support entry points installation of console scripts OSLO_BIN_DIR=$(get_python_exec_prefix) @@ -42,52 +42,31 @@ OSLO_BIN_DIR=$(get_python_exec_prefix) # Entry Points # ------------ +function _do_install_oslo_lib { + local name=$1 + if use_library_from_git "$name"; then + git_clone_by_name "$name" + setup_lib "$name" + fi +} + # install_oslo() - Collect source and prepare function install_oslo { - git_clone $CLIFF_REPO $CLIFF_DIR $CLIFF_BRANCH - setup_install $CLIFF_DIR - - git_clone $OSLOI18N_REPO $OSLOI18N_DIR $OSLOI18N_BRANCH - setup_install $OSLOI18N_DIR - - git_clone $OSLOUTILS_REPO $OSLOUTILS_DIR $OSLOUTILS_BRANCH - setup_install $OSLOUTILS_DIR - - git_clone $OSLOSERIALIZATION_REPO $OSLOSERIALIZATION_DIR $OSLOSERIALIZATION_BRANCH - setup_install $OSLOSERIALIZATION_DIR - - git_clone $OSLOCFG_REPO $OSLOCFG_DIR $OSLOCFG_BRANCH - setup_install $OSLOCFG_DIR - - git_clone $OSLOCON_REPO $OSLOCON_DIR $OSLOCON_BRANCH - setup_install $OSLOCON_DIR - - git_clone $OSLOLOG_REPO $OSLOLOG_DIR $OSLOLOG_BRANCH - setup_install $OSLOLOG_DIR - - git_clone $OSLOMID_REPO $OSLOMID_DIR $OSLOMID_BRANCH - setup_install $OSLOMID_DIR - - git_clone $OSLOMSG_REPO $OSLOMSG_DIR $OSLOMSG_BRANCH - setup_install $OSLOMSG_DIR - - git_clone $OSLORWRAP_REPO $OSLORWRAP_DIR $OSLORWRAP_BRANCH - setup_install $OSLORWRAP_DIR - - git_clone $OSLODB_REPO $OSLODB_DIR $OSLODB_BRANCH - setup_install $OSLODB_DIR - - git_clone $OSLOVMWARE_REPO $OSLOVMWARE_DIR $OSLOVMWARE_BRANCH - setup_install $OSLOVMWARE_DIR - - git_clone $PYCADF_REPO $PYCADF_DIR $PYCADF_BRANCH - setup_install $PYCADF_DIR - - git_clone $STEVEDORE_REPO $STEVEDORE_DIR $STEVEDORE_BRANCH - setup_install $STEVEDORE_DIR - - git_clone $TASKFLOW_REPO $TASKFLOW_DIR $TASKFLOW_BRANCH - setup_install $TASKFLOW_DIR + _do_install_oslo_lib "cliff" + _do_install_oslo_lib "oslo.i18n" + _do_install_oslo_lib "oslo.utils" + _do_install_oslo_lib "oslo.serialization" + _do_install_oslo_lib "oslo.config" + _do_install_oslo_lib "oslo.concurrency" + _do_install_oslo_lib "oslo.log" + _do_install_oslo_lib "oslo.middleware" + _do_install_oslo_lib "oslo.messaging" + _do_install_oslo_lib "oslo.rootwrap" + _do_install_oslo_lib "oslo.db" + _do_install_oslo_lib "olso.vmware" + _do_install_oslo_lib "pycadf" + _do_install_oslo_lib "stevedore" + _do_install_oslo_lib "taskflow" } # Restore xtrace diff --git a/stackrc b/stackrc index 580fabf9f7..96924732a5 100644 --- a/stackrc +++ b/stackrc @@ -222,68 +222,68 @@ ORC_REPO=${ORC_REPO:-${GIT_BASE}/openstack/os-refresh-config.git} ORC_BRANCH=${ORC_BRANCH:-master} # cliff command line framework -CLIFF_REPO=${CLIFF_REPO:-${GIT_BASE}/openstack/cliff.git} -CLIFF_BRANCH=${CLIFF_BRANCH:-master} +GITREPO["cliff"]=${CLIFF_REPO:-${GIT_BASE}/openstack/cliff.git} +GITBRANCH["cliff"]=${CLIFF_BRANCH:-master} # oslo.concurrency -OSLOCON_REPO=${OSLOCON_REPO:-${GIT_BASE}/openstack/oslo.concurrency.git} -OSLOCON_BRANCH=${OSLOCON_BRANCH:-master} +GITREPO["oslo.concurrency"]=${OSLOCON_REPO:-${GIT_BASE}/openstack/oslo.concurrency.git} +GITBRANCH["olso.concurrency"]=${OSLOCON_BRANCH:-master} # oslo.config -OSLOCFG_REPO=${OSLOCFG_REPO:-${GIT_BASE}/openstack/oslo.config.git} -OSLOCFG_BRANCH=${OSLOCFG_BRANCH:-master} +GITREPO["oslo.config"]=${OSLOCFG_REPO:-${GIT_BASE}/openstack/oslo.config.git} +GITBRANCH["oslo.config"]=${OSLOCFG_BRANCH:-master} # oslo.db -OSLODB_REPO=${OSLODB_REPO:-${GIT_BASE}/openstack/oslo.db.git} -OSLODB_BRANCH=${OSLODB_BRANCH:-master} +GITREPO["olso.db"]=${OSLODB_REPO:-${GIT_BASE}/openstack/oslo.db.git} +GITBRANCH["olso.db"]=${OSLODB_BRANCH:-master} # oslo.i18n -OSLOI18N_REPO=${OSLOI18N_REPO:-${GIT_BASE}/openstack/oslo.i18n.git} -OSLOI18N_BRANCH=${OSLOI18N_BRANCH:-master} +GITREPO["olso.i18n"]=${OSLOI18N_REPO:-${GIT_BASE}/openstack/oslo.i18n.git} +GITBRANCH["olso.i18n"]=${OSLOI18N_BRANCH:-master} # oslo.log -OSLOLOG_REPO=${OSLOLOG_REPO:-${GIT_BASE}/openstack/oslo.log.git} -OSLOLOG_BRANCH=${OSLOLOG_BRANCH:-master} +GITREPO["olso.log"]=${OSLOLOG_REPO:-${GIT_BASE}/openstack/oslo.log.git} +GITBRANCH["olso.log"]=${OSLOLOG_BRANCH:-master} # oslo.messaging -OSLOMSG_REPO=${OSLOMSG_REPO:-${GIT_BASE}/openstack/oslo.messaging.git} -OSLOMSG_BRANCH=${OSLOMSG_BRANCH:-master} +GITREPO["olso.messaging"]=${OSLOMSG_REPO:-${GIT_BASE}/openstack/oslo.messaging.git} +GITBRANCH["olso.messaging"]=${OSLOMSG_BRANCH:-master} # oslo.middleware -OSLOMID_REPO=${OSLOMID_REPO:-${GIT_BASE}/openstack/oslo.middleware.git} -OSLOMID_BRANCH=${OSLOMID_BRANCH:-master} +GITREPO["oslo.middleware"]=${OSLOMID_REPO:-${GIT_BASE}/openstack/oslo.middleware.git} +GITBRANCH["oslo.middleware"]=${OSLOMID_BRANCH:-master} # oslo.rootwrap -OSLORWRAP_REPO=${OSLORWRAP_REPO:-${GIT_BASE}/openstack/oslo.rootwrap.git} -OSLORWRAP_BRANCH=${OSLORWRAP_BRANCH:-master} +GITREPO["olso.rootwrap"]=${OSLORWRAP_REPO:-${GIT_BASE}/openstack/oslo.rootwrap.git} +GITBRANCH["olso.rootwrap"]=${OSLORWRAP_BRANCH:-master} # oslo.serialization -OSLOSERIALIZATION_REPO=${OSLOSERIALIZATION_REPO:-${GIT_BASE}/openstack/oslo.serialization.git} -OSLOSERIALIZATION_BRANCH=${OSLOSERIALIZATION_BRANCH:-master} +GITREPO["olso.serialization"]=${OSLOSERIALIZATION_REPO:-${GIT_BASE}/openstack/oslo.serialization.git} +GITBRANCH["olso.serialization"]=${OSLOSERIALIZATION_BRANCH:-master} # oslo.utils -OSLOUTILS_REPO=${OSLOUTILS_REPO:-${GIT_BASE}/openstack/oslo.utils.git} -OSLOUTILS_BRANCH=${OSLOUTILS_BRANCH:-master} +GITREPO["olso.utils"]=${OSLOUTILS_REPO:-${GIT_BASE}/openstack/oslo.utils.git} +GITBRANCH["olso.utils"]=${OSLOUTILS_BRANCH:-master} # oslo.vmware -OSLOVMWARE_REPO=${OSLOVMWARE_REPO:-${GIT_BASE}/openstack/oslo.vmware.git} -OSLOVMWARE_BRANCH=${OSLOVMWARE_BRANCH:-master} +GITREPO["olso.vmware"]=${OSLOVMWARE_REPO:-${GIT_BASE}/openstack/oslo.vmware.git} +GITBRANCH["olso.vmware"]=${OSLOVMWARE_BRANCH:-master} # pycadf auditing library -PYCADF_REPO=${PYCADF_REPO:-${GIT_BASE}/openstack/pycadf.git} -PYCADF_BRANCH=${PYCADF_BRANCH:-master} +GITREPO["pycadf"]=${PYCADF_REPO:-${GIT_BASE}/openstack/pycadf.git} +GITBRANCH["pycadf"]=${PYCADF_BRANCH:-master} # stevedore plugin manager -STEVEDORE_REPO=${STEVEDORE_REPO:-${GIT_BASE}/openstack/stevedore.git} -STEVEDORE_BRANCH=${STEVEDORE_BRANCH:-master} +GITREPO["stevedore"]=${STEVEDORE_REPO:-${GIT_BASE}/openstack/stevedore.git} +GITBRANCH["stevedore"]=${STEVEDORE_BRANCH:-master} # taskflow plugin manager -TASKFLOW_REPO=${TASKFLOW_REPO:-${GIT_BASE}/openstack/taskflow.git} -TASKFLOW_BRANCH=${TASKFLOW_BRANCH:-master} +GITREPO["taskflow"]=${TASKFLOW_REPO:-${GIT_BASE}/openstack/taskflow.git} +GITBRANCH["taskflow"]=${TASKFLOW_BRANCH:-master} # pbr drives the setuptools configs -PBR_REPO=${PBR_REPO:-${GIT_BASE}/openstack-dev/pbr.git} -PBR_BRANCH=${PBR_BRANCH:-master} +GITREPO["pbr"]=${PBR_REPO:-${GIT_BASE}/openstack-dev/pbr.git} +GITBRANCH["pbr"]=${PBR_BRANCH:-master} # neutron service NEUTRON_REPO=${NEUTRON_REPO:-${GIT_BASE}/openstack/neutron.git} From 944b28280b86bba7592b1c7a2032dbd0eaa39014 Mon Sep 17 00:00:00 2001 From: Joe Gordon Date: Wed, 1 Oct 2014 18:21:08 -0700 Subject: [PATCH 0031/3421] Drop workaround for pip < 1.4 Now that we are on pip 1.5.6 lets drop the workaround to make pip 1.4 work. As this is a development/testing tool requiring a newer pip shouldn't be an issue. Also stack.sh installs pip by default. Work around introduced in https://github.com/pypa/pip/issues/709 Change-Id: I0e7aad1d21f4fce4c020ce36685bb56893c66bdc --- functions | 11 ----------- functions-common | 9 --------- unstack.sh | 2 -- 3 files changed, 22 deletions(-) diff --git a/functions b/functions index 376aff05e3..bbde27d9f6 100644 --- a/functions +++ b/functions @@ -21,17 +21,6 @@ function function_exists { declare -f -F $1 > /dev/null } - -# Cleanup anything from /tmp on unstack -# clean_tmp -function cleanup_tmp { - local tmp_dir=${TMPDIR:-/tmp} - - # see comments in pip_install - sudo rm -rf ${tmp_dir}/pip-build.* -} - - # Retrieve an image from a URL and upload into Glance. # Uses the following variables: # diff --git a/functions-common b/functions-common index 4c61d6a8d2..6d1c6958dc 100644 --- a/functions-common +++ b/functions-common @@ -1509,15 +1509,6 @@ function pip_install { pip_mirror_opt="--use-mirrors" fi - # pip < 1.4 has a bug where it will use an already existing build - # directory unconditionally. Say an earlier component installs - # foo v1.1; pip will have built foo's source in - # /tmp/$USER-pip-build. Even if a later component specifies foo < - # 1.1, the existing extracted build will be used and cause - # confusing errors. By creating unique build directories we avoid - # this problem. See https://github.com/pypa/pip/issues/709 - local pip_build_tmp=$(mktemp --tmpdir -d pip-build.XXXXX) - $xtrace $sudo_pip PIP_DOWNLOAD_CACHE=${PIP_DOWNLOAD_CACHE:-/var/cache/pip} \ http_proxy=$http_proxy \ diff --git a/unstack.sh b/unstack.sh index adb6dc17ca..fee608e17b 100755 --- a/unstack.sh +++ b/unstack.sh @@ -173,5 +173,3 @@ if [[ -n "$SCREEN" ]]; then screen -X -S $SESSION quit fi fi - -cleanup_tmp From dec13c336dd24150d57be35b54a8d40618a5e29e Mon Sep 17 00:00:00 2001 From: Flavio Percoco Date: Mon, 8 Sep 2014 09:48:27 +0200 Subject: [PATCH 0032/3421] Specialize Zaqar's cleanup function Instead of having mongodb specific cleanup logic in `cleanup_zaqar`, specialize it to perform clean ups based on the driver that has been enabled. Change-Id: I5807a83443b87b2c8d184e0cd2d5563a649c6273 --- lib/zaqar | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/zaqar b/lib/zaqar index 93b727e63b..fe25e1f7d4 100644 --- a/lib/zaqar +++ b/lib/zaqar @@ -20,6 +20,7 @@ # start_zaqar # stop_zaqar # cleanup_zaqar +# cleanup_zaqar_mongodb # Save trace setting XTRACE=$(set +o | grep xtrace) @@ -72,9 +73,17 @@ function is_zaqar_enabled { return 1 } -# cleanup_zaqar() - Remove residual data files, anything left over from previous -# runs that a clean run would need to clean up +# cleanup_zaqar() - Cleans up general things from previous +# runs and storage specific left overs. function cleanup_zaqar { + if [ "$ZAQAR_BACKEND" = 'mongodb' ] ; then + cleanup_zaqar_mongodb + fi +} + +# cleanup_zaqar_mongodb() - Remove residual data files, anything left over from previous +# runs that a clean run would need to clean up +function cleanup_zaqar_mongodb { if ! timeout $SERVICE_TIMEOUT sh -c "while ! mongo zaqar --eval 'db.dropDatabase();'; do sleep 1; done"; then die $LINENO "Mongo DB did not start" else @@ -116,8 +125,9 @@ function configure_zaqar { iniset $ZAQAR_CONF drivers storage mongodb iniset $ZAQAR_CONF 'drivers:storage:mongodb' uri mongodb://localhost:27017/zaqar configure_mongodb - cleanup_zaqar fi + + cleanup_zaqar } function configure_mongodb { From e29a55ade1af386fda16217f4c07b90e6e95f47a Mon Sep 17 00:00:00 2001 From: Flavio Percoco Date: Fri, 5 Sep 2014 16:03:01 +0200 Subject: [PATCH 0033/3421] Add support for redis to Zaqar's lib A new redis driver has landed in Zaqar. This patch adds support for that driver to Zaqar's lib. Change-Id: I97629a303c55ee098e3bfbc534bfb05ccab94649 --- files/apts/zaqar-server | 2 ++ files/rpms/zaqar-server | 2 ++ lib/zaqar | 16 ++++++++++++++++ 3 files changed, 20 insertions(+) diff --git a/files/apts/zaqar-server b/files/apts/zaqar-server index bc7ef22445..32b10179b0 100644 --- a/files/apts/zaqar-server +++ b/files/apts/zaqar-server @@ -1,3 +1,5 @@ python-pymongo mongodb-server pkg-config +redis-server # NOPRIME +python-redis # NOPRIME \ No newline at end of file diff --git a/files/rpms/zaqar-server b/files/rpms/zaqar-server index d7b7ea89c1..69e8bfa80b 100644 --- a/files/rpms/zaqar-server +++ b/files/rpms/zaqar-server @@ -1,3 +1,5 @@ selinux-policy-targeted mongodb-server pymongo +redis # NOPRIME +python-redis # NOPRIME diff --git a/lib/zaqar b/lib/zaqar index fe25e1f7d4..b8570eb282 100644 --- a/lib/zaqar +++ b/lib/zaqar @@ -125,11 +125,27 @@ function configure_zaqar { iniset $ZAQAR_CONF drivers storage mongodb iniset $ZAQAR_CONF 'drivers:storage:mongodb' uri mongodb://localhost:27017/zaqar configure_mongodb + elif [ "$ZAQAR_BACKEND" = 'redis' ] ; then + iniset $ZAQAR_CONF drivers storage redis + iniset $ZAQAR_CONF 'drivers:storage:redis' uri redis://localhost:6379 + configure_redis fi cleanup_zaqar } +function configure_redis { + if is_ubuntu; then + install_package redis-server + elif is_fedora; then + install_package redis + else + exit_distro_not_supported "redis installation" + fi + + install_package python-redis +} + function configure_mongodb { # Set nssize to 2GB. This increases the number of namespaces supported # # per database. From 6566f21ddfb038c2eee402cdcb097f43f3480006 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Thu, 2 Oct 2014 11:25:03 -0700 Subject: [PATCH 0034/3421] Adds qemu packages to ironic's apts Nodepool images have recently migrated to being built with DIB, resulting in strange changes in how the package dependency chain works out. This explicitly adds required qemu packages to Ironic's apts to avoid some not being pulled in by package dependencies alone. Change-Id: I60373ee5ad7445cd54c8c013085b28d82bb0d085 Closes-bug: #1376863 --- files/apts/ironic | 3 +++ 1 file changed, 3 insertions(+) diff --git a/files/apts/ironic b/files/apts/ironic index 283d1b27f5..45fdeccbb4 100644 --- a/files/apts/ironic +++ b/files/apts/ironic @@ -9,6 +9,9 @@ openvswitch-switch openvswitch-datapath-dkms python-libguestfs python-libvirt +qemu +qemu-kvm +qemu-utils syslinux tftpd-hpa xinetd From 3324f19f5aeb3c8933447752dbc2c1b8c7f9b2de Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Thu, 18 Sep 2014 09:26:39 -0500 Subject: [PATCH 0035/3421] Fix docs build errors Fix shocco errors during docs generation Closes-Bug: 1362691 Change-Id: I2b7fb008c89f0b4e7280b2d0a054320765e83e47 --- functions | 8 ++++---- functions-common | 4 +++- lib/cinder_backends/xiv | 3 ++- lib/neutron | 7 ++++--- lib/neutron_plugins/oneconvergence | 3 ++- lib/nova | 2 +- lib/nova_plugins/functions-libvirt | 2 +- lib/opendaylight | 11 +++++------ lib/tls | 2 +- stackrc | 2 +- tools/create_userrc.sh | 5 ++--- 11 files changed, 26 insertions(+), 23 deletions(-) diff --git a/functions b/functions index 76f704792e..d343c570c9 100644 --- a/functions +++ b/functions @@ -71,10 +71,10 @@ function upload_image { fi image="$FILES/${image_fname}" else - # File based URL (RFC 1738): file://host/path + # File based URL (RFC 1738): ``file://host/path`` # Remote files are not considered here. - # *nix: file:///home/user/path/file - # windows: file:///C:/Documents%20and%20Settings/user/path/file + # unix: ``file:///home/user/path/file`` + # windows: ``file:///C:/Documents%20and%20Settings/user/path/file`` image=$(echo $image_url | sed "s/^file:\/\///g") if [[ ! -f $image || "$(stat -c "%s" $image)" == "0" ]]; then echo "Not found: $image_url" @@ -123,7 +123,7 @@ function upload_image { if [[ "$vmdk_create_type" = "monolithicSparse" ]]; then vmdk_disktype="sparse" elif [[ "$vmdk_create_type" = "monolithicFlat" || "$vmdk_create_type" = "vmfs" ]]; then - # Attempt to retrieve the *-flat.vmdk + # Attempt to retrieve the ``*-flat.vmdk`` local flat_fname="$(head -25 $image | { grep -G 'RW\|RDONLY [0-9]+ FLAT\|VMFS' $image || true; })" flat_fname="${flat_fname#*\"}" flat_fname="${flat_fname%?}" diff --git a/functions-common b/functions-common index 6b1f473004..0ada622e89 100644 --- a/functions-common +++ b/functions-common @@ -31,6 +31,7 @@ # - ``TRACK_DEPENDS`` # - ``UNDO_REQUIREMENTS`` # - ``http_proxy``, ``https_proxy``, ``no_proxy`` +# # Save trace setting XTRACE=$(set +o | grep xtrace) @@ -1253,7 +1254,8 @@ function screen_service { # - the pid of the background process is saved in the usual place # - the server process is brought back to the foreground # - if the server process exits prematurely the fg command errors - # and a message is written to stdout and the service failure file + # and a message is written to stdout and the service failure file + # # The pid saved can be used in stop_process() as a process group # id to kill off all child processes if [[ -n "$group" ]]; then diff --git a/lib/cinder_backends/xiv b/lib/cinder_backends/xiv index dbdb96c5a1..ee5da2d487 100644 --- a/lib/cinder_backends/xiv +++ b/lib/cinder_backends/xiv @@ -16,6 +16,7 @@ # # Authors: # Alon Marx +# # lib/cinder_plugins/xiv # Configure the xiv_ds8k driver for xiv testing @@ -61,7 +62,7 @@ function configure_cinder_backend_xiv { fi # For reference: - # XIV_DS8K_BACKEND='IBM-XIV_'${SAN_IP}'_'${SAN_CLUSTERNAME}'_'${CONNECTION_TYPE} + # ``XIV_DS8K_BACKEND='IBM-XIV_'${SAN_IP}'_'${SAN_CLUSTERNAME}'_'${CONNECTION_TYPE}`` iniset $CINDER_CONF DEFAULT xiv_ds8k_driver_version $XIV_DRIVER_VERSION iniset $CINDER_CONF $be_name san_ip $SAN_IP diff --git a/lib/neutron b/lib/neutron index ec42677f0f..bd3b6d6988 100644 --- a/lib/neutron +++ b/lib/neutron @@ -177,9 +177,10 @@ fi # Distributed Virtual Router (DVR) configuration # Can be: -# legacy - No DVR functionality -# dvr_snat - Controller or single node DVR -# dvr - Compute node in multi-node DVR +# - ``legacy`` - No DVR functionality +# - ``dvr_snat`` - Controller or single node DVR +# - ``dvr`` - Compute node in multi-node DVR +# Q_DVR_MODE=${Q_DVR_MODE:-legacy} if [[ "$Q_DVR_MODE" != "legacy" ]]; then Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population diff --git a/lib/neutron_plugins/oneconvergence b/lib/neutron_plugins/oneconvergence index e5f0d71200..4fd8c7c48f 100644 --- a/lib/neutron_plugins/oneconvergence +++ b/lib/neutron_plugins/oneconvergence @@ -1,5 +1,6 @@ # Neutron One Convergence plugin -# --------------------------- +# ------------------------------ + # Save trace setting OC_XTRACE=$(set +o | grep xtrace) set +o xtrace diff --git a/lib/nova b/lib/nova index 14d07b05bd..853b69730a 100644 --- a/lib/nova +++ b/lib/nova @@ -677,7 +677,7 @@ function start_nova_compute { if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then # The group **$LIBVIRT_GROUP** is added to the current user in this script. - # sg' will be used in run_process to execute nova-compute as a member of the + # ``sg`` is used in run_process to execute nova-compute as a member of the # **$LIBVIRT_GROUP** group. run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LIBVIRT_GROUP elif [[ "$VIRT_DRIVER" = 'fake' ]]; then diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index f722836693..3a367c2e63 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -10,7 +10,7 @@ LV_XTRACE=$(set +o | grep xtrace) set +o xtrace # Defaults -# ------- +# -------- # if we should turn on massive libvirt debugging DEBUG_LIBVIRT=$(trueorfalse False $DEBUG_LIBVIRT) diff --git a/lib/opendaylight b/lib/opendaylight index 1541ac1f09..cc29debd05 100644 --- a/lib/opendaylight +++ b/lib/opendaylight @@ -3,9 +3,9 @@ # Dependencies: # -# - ``functions`` file -# # ``DEST`` must be defined -# # ``STACK_USER`` must be defined +# ``functions`` file +# ``DEST`` must be defined +# ``STACK_USER`` must be defined # ``stack.sh`` calls the entry points in this order: # @@ -55,7 +55,7 @@ ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/opendayli # Default arguments for OpenDaylight. This is typically used to set # Java memory options. -# ODL_ARGS=Xmx1024m -XX:MaxPermSize=512m +# ``ODL_ARGS=Xmx1024m -XX:MaxPermSize=512m`` ODL_ARGS=${ODL_ARGS:-"-XX:MaxPermSize=384m"} # How long to pause after ODL starts to let it complete booting @@ -64,8 +64,6 @@ ODL_BOOT_WAIT=${ODL_BOOT_WAIT:-60} # The physical provider network to device mapping ODL_PROVIDER_MAPPINGS=${ODL_PROVIDER_MAPPINGS:-physnet1:eth1} -# Set up default directories - # Entry Points # ------------ @@ -139,6 +137,7 @@ function start_opendaylight { # The flags to ODL have the following meaning: # -of13: runs ODL using OpenFlow 1.3 protocol support. # -virt ovsdb: Runs ODL in "virtualization" mode with OVSDB support + # NOTE(chdent): Leaving this as screen_it instead of run_process until # the right thing for this service is determined. screen_it odl-server "cd $ODL_DIR/opendaylight && JAVA_HOME=$JHOME ./run.sh $ODL_ARGS -of13 -virt ovsdb" diff --git a/lib/tls b/lib/tls index 061c1cabbf..418313a17a 100644 --- a/lib/tls +++ b/lib/tls @@ -383,7 +383,7 @@ function start_tls_proxy { # Cleanup Functions -# =============== +# ================= # Stops all stud processes. This should be done only after all services diff --git a/stackrc b/stackrc index 53c857935a..9a530d8d98 100644 --- a/stackrc +++ b/stackrc @@ -117,7 +117,7 @@ GIT_TIMEOUT=${GIT_TIMEOUT:-0} # ------------ # Base GIT Repo URL -# Another option is http://review.openstack.org/p +# Another option is https://git.openstack.org GIT_BASE=${GIT_BASE:-git://git.openstack.org} # metering service diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh index 5b1111ae54..fa0f3009a5 100755 --- a/tools/create_userrc.sh +++ b/tools/create_userrc.sh @@ -238,7 +238,7 @@ function get_user_id { } if [ $MODE != "create" ]; then -# looks like I can't ask for all tenant related to a specified user + # looks like I can't ask for all tenant related to a specified user openstack project list --long --quote none -f csv | grep ',True' | grep -v "${SKIP_TENANT}" | while IFS=, read tenant_id tenant_name desc enabled; do openstack user list --project $tenant_id --long --quote none -f csv | grep ',True' | while IFS=, read user_id user_name project email enabled; do if [ $MODE = one -a "$user_name" != "$USER_NAME" ]; then @@ -246,8 +246,7 @@ if [ $MODE != "create" ]; then fi # Checks for a specific password defined for an user. - # Example for an username johndoe: - # JOHNDOE_PASSWORD=1234 + # Example for an username johndoe: JOHNDOE_PASSWORD=1234 eval SPECIFIC_UPASSWORD="\$${USER_NAME^^}_PASSWORD" if [ -n "$SPECIFIC_UPASSWORD" ]; then USER_PASS=$SPECIFIC_UPASSWORD From a08ba1c5e362fe294759339ffe3fdf3408149788 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Thu, 12 Jun 2014 18:45:42 -0500 Subject: [PATCH 0036/3421] Add NetApp Cinder backend support Supports both iSCSI and NFS, and now both 7mode and cluster mode Change-Id: If590a7a255268fcce4770c94956607251c36fdf5 --- lib/cinder_backends/netapp_iscsi | 64 +++++++++++++++++++++++++++ lib/cinder_backends/netapp_nfs | 75 ++++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100644 lib/cinder_backends/netapp_iscsi create mode 100644 lib/cinder_backends/netapp_nfs diff --git a/lib/cinder_backends/netapp_iscsi b/lib/cinder_backends/netapp_iscsi new file mode 100644 index 0000000000..7a67da7a26 --- /dev/null +++ b/lib/cinder_backends/netapp_iscsi @@ -0,0 +1,64 @@ +# lib/cinder_backends/netapp_iscsi +# Configure the NetApp iSCSI driver + +# Enable with: +# +# iSCSI: +# CINDER_ENABLED_BACKENDS+=,netapp_iscsi: + +# Dependencies: +# +# - ``functions`` file +# - ``cinder`` configurations + +# ``CINDER_CONF`` +# ``CINDER_CONF_DIR`` +# ``CINDER_ENABLED_BACKENDS`` + +# configure_cinder_backend_netapp_iscsi - configure iSCSI + +# Save trace setting +MY_XTRACE=$(set +o | grep xtrace) +set +o xtrace + + +# Entry Points +# ------------ + +# configure_cinder_backend_netapp_iscsi - Set config files, create data dirs, etc +function configure_cinder_backend_netapp_iscsi { + # To use NetApp, set the following in local.conf: + # CINDER_ENABLED_BACKENDS+=,netapp_iscsi: + # NETAPP_MODE=ontap_7mode|ontap_cluster + # NETAPP_IP= + # NETAPP_LOGIN= + # NETAPP_PASSWORD= + # NETAPP_ISCSI_VOLUME_LIST= + + # In ontap_cluster mode, the following also needs to be defined: + # NETAPP_ISCSI_VSERVER= + + local be_name=$1 + iniset $CINDER_CONF $be_name volume_backend_name $be_name + iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.netapp.common.NetAppDriver" + iniset $CINDER_CONF $be_name netapp_storage_family ${NETAPP_MODE:-ontap_7mode} + iniset $CINDER_CONF $be_name netapp_server_hostname $NETAPP_IP + iniset $CINDER_CONF $be_name netapp_login $NETAPP_LOGIN + iniset $CINDER_CONF $be_name netapp_password $NETAPP_PASSWORD + iniset $CINDER_CONF $be_name netapp_volume_list $NETAPP_ISCSI_VOLUME_LIST + + iniset $CINDER_CONF $be_name netapp_storage_protocol iscsi + iniset $CINDER_CONF $be_name netapp_transport_type https + + if [[ "$NETAPP_MODE" == "ontap_cluster" ]]; then + iniset $CINDER_CONF $be_name netapp_vserver $NETAPP_ISCSI_VSERVER + fi +} + + +# Restore xtrace +$MY_XTRACE + +# Local variables: +# mode: shell-script +# End: diff --git a/lib/cinder_backends/netapp_nfs b/lib/cinder_backends/netapp_nfs new file mode 100644 index 0000000000..d90b7f7d19 --- /dev/null +++ b/lib/cinder_backends/netapp_nfs @@ -0,0 +1,75 @@ +# lib/cinder_backends/netapp_nfs +# Configure the NetApp NFS driver + +# Enable with: +# +# NFS: +# CINDER_ENABLED_BACKENDS+=,netapp_nfs: + +# Dependencies: +# +# - ``functions`` file +# - ``cinder`` configurations + +# ``CINDER_CONF`` +# ``CINDER_CONF_DIR`` +# ``CINDER_ENABLED_BACKENDS`` + +# configure_cinder_backend_netapp_nfs - configure NFS + +# Save trace setting +MY_XTRACE=$(set +o | grep xtrace) +set +o xtrace + + +# Entry Points +# ------------ + +# configure_cinder_backend_netapp_nfs - Set config files, create data dirs, etc +function configure_cinder_backend_netapp_nfs { + # To use NetApp, set the following in local.conf: + # CINDER_ENABLED_BACKENDS+=,netapp_nfs: + # NETAPP_MODE=ontap_7mode|ontap_cluster + # NETAPP_IP= + # NETAPP_LOGIN= + # NETAPP_PASSWORD= + # NETAPP_NFS_VOLUME_LIST= + + # In ontap_cluster mode, the following also needs to be defined: + # NETAPP_NFS_VSERVER= + + local be_name=$1 + iniset $CINDER_CONF $be_name volume_backend_name $be_name + iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.netapp.common.NetAppDriver" + iniset $CINDER_CONF $be_name netapp_storage_family ${NETAPP_MODE:-ontap_7mode} + iniset $CINDER_CONF $be_name netapp_server_hostname $NETAPP_IP + iniset $CINDER_CONF $be_name netapp_login $NETAPP_LOGIN + iniset $CINDER_CONF $be_name netapp_password $NETAPP_PASSWORD + + iniset $CINDER_CONF $be_name netapp_storage_protocol nfs + iniset $CINDER_CONF $be_name netapp_transport_type https + iniset $CINDER_CONF $be_name nfs_shares_config $CINDER_CONF_DIR/netapp_shares.conf + + echo "$NETAPP_NFS_VOLUME_LIST" | tee "$CINDER_CONF_DIR/netapp_shares.conf" + + if [[ "$NETAPP_MODE" == "ontap_cluster" ]]; then + iniset $CINDER_CONF $be_name netapp_vserver $NETAPP_NFS_VSERVER + fi +} + +function cleanup_cinder_backend_netapp_nfs { + # Clean up remaining NFS mounts + # Be blunt and do them all + local m + for m in $CINDER_STATE_PATH/mnt/*; do + sudo umount $m + done +} + + +# Restore xtrace +$MY_XTRACE + +# Local variables: +# mode: shell-script +# End: From 3edd4540b936d1f03e990660312f2377354140a8 Mon Sep 17 00:00:00 2001 From: Mike Spreitzer Date: Fri, 29 Aug 2014 06:52:54 +0000 Subject: [PATCH 0037/3421] Added libvirt-dev[el] as a required system package Added libvirt-dev as a system package to install with apt-get and libvirt-devel as a system package to install with rpm. Early drafts qualified with "testonly" (meaning to install only if INSTALL_TESTONLY_PACKAGES is true). This is needed because installing libvirt-python version 1.2.5 on Ubuntu 14.04 was observed to fail in the building step if libvirt-dev is missing. Later drafts removed that qualification, because Sean Dague said he thinks libvirt-dev[el] is always required. Change-Id: Ie6a272f60059a1f363630f307416b32c450a1ebb Closes-Bug: 1362948 --- files/apts/nova | 1 + files/rpms/nova | 1 + 2 files changed, 2 insertions(+) diff --git a/files/apts/nova b/files/apts/nova index a3b0cb1521..66f29c4baf 100644 --- a/files/apts/nova +++ b/files/apts/nova @@ -18,6 +18,7 @@ sudo qemu-kvm # NOPRIME qemu # dist:wheezy,jessie NOPRIME libvirt-bin # NOPRIME +libvirt-dev # NOPRIME pm-utils libjs-jquery-tablesorter # Needed for coverage html reports vlan diff --git a/files/rpms/nova b/files/rpms/nova index dc1944b1de..f3261c6ae0 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -11,6 +11,7 @@ iputils kpartx kvm # NOPRIME libvirt-bin # NOPRIME +libvirt-devel # NOPRIME libvirt-python # NOPRIME libxml2-python numpy # needed by websockify for spice console From b7cda389376ed6996f84122fb7b021cf8c6b5007 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Fri, 3 Oct 2014 08:00:52 -0400 Subject: [PATCH 0038/3421] fix olso != oslo typos Apparently oslo is the hardest word in the world for me to understand that I didn't spell correctly. Change-Id: Id1b52529001319eaf41321118ab560711c752003 --- lib/oslo | 2 +- stackrc | 34 +++++++++++++++++----------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/oslo b/lib/oslo index c95a3a805f..a20aa1450f 100644 --- a/lib/oslo +++ b/lib/oslo @@ -63,7 +63,7 @@ function install_oslo { _do_install_oslo_lib "oslo.messaging" _do_install_oslo_lib "oslo.rootwrap" _do_install_oslo_lib "oslo.db" - _do_install_oslo_lib "olso.vmware" + _do_install_oslo_lib "oslo.vmware" _do_install_oslo_lib "pycadf" _do_install_oslo_lib "stevedore" _do_install_oslo_lib "taskflow" diff --git a/stackrc b/stackrc index eab8c9d7e9..15f7f82511 100644 --- a/stackrc +++ b/stackrc @@ -223,47 +223,47 @@ GITBRANCH["cliff"]=${CLIFF_BRANCH:-master} # oslo.concurrency GITREPO["oslo.concurrency"]=${OSLOCON_REPO:-${GIT_BASE}/openstack/oslo.concurrency.git} -GITBRANCH["olso.concurrency"]=${OSLOCON_BRANCH:-master} +GITBRANCH["oslo.concurrency"]=${OSLOCON_BRANCH:-master} # oslo.config GITREPO["oslo.config"]=${OSLOCFG_REPO:-${GIT_BASE}/openstack/oslo.config.git} GITBRANCH["oslo.config"]=${OSLOCFG_BRANCH:-master} # oslo.db -GITREPO["olso.db"]=${OSLODB_REPO:-${GIT_BASE}/openstack/oslo.db.git} -GITBRANCH["olso.db"]=${OSLODB_BRANCH:-master} +GITREPO["oslo.db"]=${OSLODB_REPO:-${GIT_BASE}/openstack/oslo.db.git} +GITBRANCH["oslo.db"]=${OSLODB_BRANCH:-master} # oslo.i18n -GITREPO["olso.i18n"]=${OSLOI18N_REPO:-${GIT_BASE}/openstack/oslo.i18n.git} -GITBRANCH["olso.i18n"]=${OSLOI18N_BRANCH:-master} +GITREPO["oslo.i18n"]=${OSLOI18N_REPO:-${GIT_BASE}/openstack/oslo.i18n.git} +GITBRANCH["oslo.i18n"]=${OSLOI18N_BRANCH:-master} # oslo.log -GITREPO["olso.log"]=${OSLOLOG_REPO:-${GIT_BASE}/openstack/oslo.log.git} -GITBRANCH["olso.log"]=${OSLOLOG_BRANCH:-master} +GITREPO["oslo.log"]=${OSLOLOG_REPO:-${GIT_BASE}/openstack/oslo.log.git} +GITBRANCH["oslo.log"]=${OSLOLOG_BRANCH:-master} # oslo.messaging -GITREPO["olso.messaging"]=${OSLOMSG_REPO:-${GIT_BASE}/openstack/oslo.messaging.git} -GITBRANCH["olso.messaging"]=${OSLOMSG_BRANCH:-master} +GITREPO["oslo.messaging"]=${OSLOMSG_REPO:-${GIT_BASE}/openstack/oslo.messaging.git} +GITBRANCH["oslo.messaging"]=${OSLOMSG_BRANCH:-master} # oslo.middleware GITREPO["oslo.middleware"]=${OSLOMID_REPO:-${GIT_BASE}/openstack/oslo.middleware.git} GITBRANCH["oslo.middleware"]=${OSLOMID_BRANCH:-master} # oslo.rootwrap -GITREPO["olso.rootwrap"]=${OSLORWRAP_REPO:-${GIT_BASE}/openstack/oslo.rootwrap.git} -GITBRANCH["olso.rootwrap"]=${OSLORWRAP_BRANCH:-master} +GITREPO["oslo.rootwrap"]=${OSLORWRAP_REPO:-${GIT_BASE}/openstack/oslo.rootwrap.git} +GITBRANCH["oslo.rootwrap"]=${OSLORWRAP_BRANCH:-master} # oslo.serialization -GITREPO["olso.serialization"]=${OSLOSERIALIZATION_REPO:-${GIT_BASE}/openstack/oslo.serialization.git} -GITBRANCH["olso.serialization"]=${OSLOSERIALIZATION_BRANCH:-master} +GITREPO["oslo.serialization"]=${OSLOSERIALIZATION_REPO:-${GIT_BASE}/openstack/oslo.serialization.git} +GITBRANCH["oslo.serialization"]=${OSLOSERIALIZATION_BRANCH:-master} # oslo.utils -GITREPO["olso.utils"]=${OSLOUTILS_REPO:-${GIT_BASE}/openstack/oslo.utils.git} -GITBRANCH["olso.utils"]=${OSLOUTILS_BRANCH:-master} +GITREPO["oslo.utils"]=${OSLOUTILS_REPO:-${GIT_BASE}/openstack/oslo.utils.git} +GITBRANCH["oslo.utils"]=${OSLOUTILS_BRANCH:-master} # oslo.vmware -GITREPO["olso.vmware"]=${OSLOVMWARE_REPO:-${GIT_BASE}/openstack/oslo.vmware.git} -GITBRANCH["olso.vmware"]=${OSLOVMWARE_BRANCH:-master} +GITREPO["oslo.vmware"]=${OSLOVMWARE_REPO:-${GIT_BASE}/openstack/oslo.vmware.git} +GITBRANCH["oslo.vmware"]=${OSLOVMWARE_BRANCH:-master} # pycadf auditing library GITREPO["pycadf"]=${PYCADF_REPO:-${GIT_BASE}/openstack/pycadf.git} From 24516d04fb6d0b3a5213e9d962fdf307e6a38d55 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Thu, 2 Oct 2014 12:29:08 -0400 Subject: [PATCH 0039/3421] restructure stackrc into groupings in order to support installing from stable libraries we first need to actually sort out all the categories our giant list of git repos fit into. This will make it much easier to not lose one in the process. Change-Id: I708c65428fdc7442e1661037f425e466048166d3 --- stackrc | 248 +++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 156 insertions(+), 92 deletions(-) diff --git a/stackrc b/stackrc index 15f7f82511..69915d6d76 100644 --- a/stackrc +++ b/stackrc @@ -120,102 +120,130 @@ GIT_TIMEOUT=${GIT_TIMEOUT:-0} # Another option is http://review.openstack.org/p GIT_BASE=${GIT_BASE:-git://git.openstack.org} +############## +# +# OpenStack Server Components +# +############## + # metering service CEILOMETER_REPO=${CEILOMETER_REPO:-${GIT_BASE}/openstack/ceilometer.git} CEILOMETER_BRANCH=${CEILOMETER_BRANCH:-master} -# ceilometer client library -CEILOMETERCLIENT_REPO=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git} -CEILOMETERCLIENT_BRANCH=${CEILOMETERCLIENT_BRANCH:-master} - # volume service CINDER_REPO=${CINDER_REPO:-${GIT_BASE}/openstack/cinder.git} CINDER_BRANCH=${CINDER_BRANCH:-master} -# volume client -CINDERCLIENT_REPO=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git} -CINDERCLIENT_BRANCH=${CINDERCLIENT_BRANCH:-master} - # image catalog service GLANCE_REPO=${GLANCE_REPO:-${GIT_BASE}/openstack/glance.git} GLANCE_BRANCH=${GLANCE_BRANCH:-master} -GLANCE_STORE_REPO=${GLANCE_STORE_REPO:-${GIT_BASE}/openstack/glance_store.git} -GLANCE_STORE_BRANCH=${GLANCE_STORE_BRANCH:-master} - -# python glance client library -GLANCECLIENT_REPO=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git} -GLANCECLIENT_BRANCH=${GLANCECLIENT_BRANCH:-master} - # heat service HEAT_REPO=${HEAT_REPO:-${GIT_BASE}/openstack/heat.git} HEAT_BRANCH=${HEAT_BRANCH:-master} -# python heat client library -HEATCLIENT_REPO=${HEATCLIENT_REPO:-${GIT_BASE}/openstack/python-heatclient.git} -HEATCLIENT_BRANCH=${HEATCLIENT_BRANCH:-master} - -# heat-cfntools server agent -HEAT_CFNTOOLS_REPO=${HEAT_CFNTOOLS_REPO:-${GIT_BASE}/openstack/heat-cfntools.git} -HEAT_CFNTOOLS_BRANCH=${HEAT_CFNTOOLS_BRANCH:-master} - -# heat example templates and elements -HEAT_TEMPLATES_REPO=${HEAT_TEMPLATES_REPO:-${GIT_BASE}/openstack/heat-templates.git} -HEAT_TEMPLATES_BRANCH=${HEAT_TEMPLATES_BRANCH:-master} - # django powered web control panel for openstack HORIZON_REPO=${HORIZON_REPO:-${GIT_BASE}/openstack/horizon.git} HORIZON_BRANCH=${HORIZON_BRANCH:-master} -# django openstack_auth library -HORIZONAUTH_REPO=${HORIZONAUTH_REPO:-${GIT_BASE}/openstack/django_openstack_auth.git} -HORIZONAUTH_BRANCH=${HORIZONAUTH_BRANCH:-master} - # baremetal provisioning service IRONIC_REPO=${IRONIC_REPO:-${GIT_BASE}/openstack/ironic.git} IRONIC_BRANCH=${IRONIC_BRANCH:-master} -IRONIC_PYTHON_AGENT_REPO=${IRONIC_PYTHON_AGENT_REPO:-${GIT_BASE}/openstack/ironic-python-agent.git} -IRONIC_PYTHON_AGENT_BRANCH=${IRONIC_PYTHON_AGENT_BRANCH:-master} - -# ironic client -IRONICCLIENT_REPO=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git} -IRONICCLIENT_BRANCH=${IRONICCLIENT_BRANCH:-master} # unified auth system (manages accounts/tokens) KEYSTONE_REPO=${KEYSTONE_REPO:-${GIT_BASE}/openstack/keystone.git} KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master} -# python keystone client library to nova that horizon uses -KEYSTONECLIENT_REPO=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git} -KEYSTONECLIENT_BRANCH=${KEYSTONECLIENT_BRANCH:-master} - -# keystone middleware -KEYSTONEMIDDLEWARE_REPO=${KEYSTONEMIDDLEWARE_REPO:-${GIT_BASE}/openstack/keystonemiddleware.git} -KEYSTONEMIDDLEWARE_BRANCH=${KEYSTONEMIDDLEWARE_BRANCH:-master} +# neutron service +NEUTRON_REPO=${NEUTRON_REPO:-${GIT_BASE}/openstack/neutron.git} +NEUTRON_BRANCH=${NEUTRON_BRANCH:-master} # compute service NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git} NOVA_BRANCH=${NOVA_BRANCH:-master} +# storage service +SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git} +SWIFT_BRANCH=${SWIFT_BRANCH:-master} + +# trove service +TROVE_REPO=${TROVE_REPO:-${GIT_BASE}/openstack/trove.git} +TROVE_BRANCH=${TROVE_BRANCH:-master} + +############## +# +# Testing Components +# +############## + +# consolidated openstack requirements +REQUIREMENTS_REPO=${REQUIREMENTS_REPO:-${GIT_BASE}/openstack/requirements.git} +REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-master} + +# Tempest test suite +TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git} +TEMPEST_BRANCH=${TEMPEST_BRANCH:-master} + +# TODO(sdague): this should end up as a library component like below +TEMPEST_LIB_REPO=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git} +TEMPEST_LIB_BRANCH=${TEMPEST_LIB_BRANCH:-master} + + +############## +# +# OpenStack Client Library Componets +# +############## + +# ceilometer client library +CEILOMETERCLIENT_REPO=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git} +CEILOMETERCLIENT_BRANCH=${CEILOMETERCLIENT_BRANCH:-master} + +# volume client +CINDERCLIENT_REPO=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git} +CINDERCLIENT_BRANCH=${CINDERCLIENT_BRANCH:-master} + +# python glance client library +GLANCECLIENT_REPO=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git} +GLANCECLIENT_BRANCH=${GLANCECLIENT_BRANCH:-master} + +# python heat client library +HEATCLIENT_REPO=${HEATCLIENT_REPO:-${GIT_BASE}/openstack/python-heatclient.git} +HEATCLIENT_BRANCH=${HEATCLIENT_BRANCH:-master} + +# ironic client +IRONICCLIENT_REPO=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git} +IRONICCLIENT_BRANCH=${IRONICCLIENT_BRANCH:-master} + +# python keystone client library to nova that horizon uses +KEYSTONECLIENT_REPO=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git} +KEYSTONECLIENT_BRANCH=${KEYSTONECLIENT_BRANCH:-master} + +# neutron client +NEUTRONCLIENT_REPO=${NEUTRONCLIENT_REPO:-${GIT_BASE}/openstack/python-neutronclient.git} +NEUTRONCLIENT_BRANCH=${NEUTRONCLIENT_BRANCH:-master} + # python client library to nova that horizon (and others) use NOVACLIENT_REPO=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git} NOVACLIENT_BRANCH=${NOVACLIENT_BRANCH:-master} -# os-apply-config configuration template tool -OAC_REPO=${OAC_REPO:-${GIT_BASE}/openstack/os-apply-config.git} -OAC_BRANCH=${OAC_BRANCH:-master} +# python swift client library +SWIFTCLIENT_REPO=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git} +SWIFTCLIENT_BRANCH=${SWIFTCLIENT_BRANCH:-master} -# os-collect-config configuration agent -OCC_REPO=${OCC_REPO:-${GIT_BASE}/openstack/os-collect-config.git} -OCC_BRANCH=${OCC_BRANCH:-master} +# trove client library test +TROVECLIENT_REPO=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git} +TROVECLIENT_BRANCH=${TROVECLIENT_BRANCH:-master} # consolidated openstack python client OPENSTACKCLIENT_REPO=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git} OPENSTACKCLIENT_BRANCH=${OPENSTACKCLIENT_BRANCH:-master} -# os-refresh-config configuration run-parts tool -ORC_REPO=${ORC_REPO:-${GIT_BASE}/openstack/os-refresh-config.git} -ORC_BRANCH=${ORC_BRANCH:-master} +################### +# +# Oslo Libraries +# +################### # cliff command line framework GITREPO["cliff"]=${CLIFF_REPO:-${GIT_BASE}/openstack/cliff.git} @@ -281,58 +309,68 @@ GITBRANCH["taskflow"]=${TASKFLOW_BRANCH:-master} GITREPO["pbr"]=${PBR_REPO:-${GIT_BASE}/openstack-dev/pbr.git} GITBRANCH["pbr"]=${PBR_BRANCH:-master} -# neutron service -NEUTRON_REPO=${NEUTRON_REPO:-${GIT_BASE}/openstack/neutron.git} -NEUTRON_BRANCH=${NEUTRON_BRANCH:-master} +################## +# +# Libraries managed by OpenStack programs (non oslo) +# +################## -# neutron client -NEUTRONCLIENT_REPO=${NEUTRONCLIENT_REPO:-${GIT_BASE}/openstack/python-neutronclient.git} -NEUTRONCLIENT_BRANCH=${NEUTRONCLIENT_BRANCH:-master} +# glance store library +GLANCE_STORE_REPO=${GLANCE_STORE_REPO:-${GIT_BASE}/openstack/glance_store.git} +GLANCE_STORE_BRANCH=${GLANCE_STORE_BRANCH:-master} -# consolidated openstack requirements -REQUIREMENTS_REPO=${REQUIREMENTS_REPO:-${GIT_BASE}/openstack/requirements.git} -REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-master} +# heat-cfntools server agent +HEAT_CFNTOOLS_REPO=${HEAT_CFNTOOLS_REPO:-${GIT_BASE}/openstack/heat-cfntools.git} +HEAT_CFNTOOLS_BRANCH=${HEAT_CFNTOOLS_BRANCH:-master} -# storage service -SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git} -SWIFT_BRANCH=${SWIFT_BRANCH:-master} +# heat example templates and elements +HEAT_TEMPLATES_REPO=${HEAT_TEMPLATES_REPO:-${GIT_BASE}/openstack/heat-templates.git} +HEAT_TEMPLATES_BRANCH=${HEAT_TEMPLATES_BRANCH:-master} + +# django openstack_auth library +HORIZONAUTH_REPO=${HORIZONAUTH_REPO:-${GIT_BASE}/openstack/django_openstack_auth.git} +HORIZONAUTH_BRANCH=${HORIZONAUTH_BRANCH:-master} + +# keystone middleware +KEYSTONEMIDDLEWARE_REPO=${KEYSTONEMIDDLEWARE_REPO:-${GIT_BASE}/openstack/keystonemiddleware.git} +KEYSTONEMIDDLEWARE_BRANCH=${KEYSTONEMIDDLEWARE_BRANCH:-master} + +# s3 support for swift SWIFT3_REPO=${SWIFT3_REPO:-${GIT_BASE}/stackforge/swift3.git} SWIFT3_BRANCH=${SWIFT3_BRANCH:-master} -# python swift client library -SWIFTCLIENT_REPO=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git} -SWIFTCLIENT_BRANCH=${SWIFTCLIENT_BRANCH:-master} -# Tempest test suite -TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git} -TEMPEST_BRANCH=${TEMPEST_BRANCH:-master} - -TEMPEST_LIB_REPO=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git} -TEMPEST_LIB_BRANCH=${TEMPEST_LIB_BRANCH:-master} +################## +# +# TripleO Components +# +################## -# Tripleo elements for diskimage-builder images -TIE_REPO=${TIE_REPO:-${GIT_BASE}/openstack/tripleo-image-elements.git} -TIE_BRANCH=${TIE_BRANCH:-master} +# diskimage-builder +DIB_REPO=${DIB_REPO:-${GIT_BASE}/openstack/diskimage-builder.git} +DIB_BRANCH=${DIB_BRANCH:-master} -# a websockets/html5 or flash powered VNC console for vm instances -NOVNC_REPO=${NOVNC_REPO:-https://github.com/kanaka/noVNC.git} -NOVNC_BRANCH=${NOVNC_BRANCH:-master} +# os-apply-config configuration template tool +OAC_REPO=${OAC_REPO:-${GIT_BASE}/openstack/os-apply-config.git} +OAC_BRANCH=${OAC_BRANCH:-master} -# ryu service -RYU_REPO=${RYU_REPO:-https://github.com/osrg/ryu.git} -RYU_BRANCH=${RYU_BRANCH:-master} +# os-collect-config configuration agent +OCC_REPO=${OCC_REPO:-${GIT_BASE}/openstack/os-collect-config.git} +OCC_BRANCH=${OCC_BRANCH:-master} -# a websockets/html5 or flash powered SPICE console for vm instances -SPICE_REPO=${SPICE_REPO:-http://anongit.freedesktop.org/git/spice/spice-html5.git} -SPICE_BRANCH=${SPICE_BRANCH:-master} +# os-refresh-config configuration run-parts tool +ORC_REPO=${ORC_REPO:-${GIT_BASE}/openstack/os-refresh-config.git} +ORC_BRANCH=${ORC_BRANCH:-master} -# trove service -TROVE_REPO=${TROVE_REPO:-${GIT_BASE}/openstack/trove.git} -TROVE_BRANCH=${TROVE_BRANCH:-master} +# Tripleo elements for diskimage-builder images +TIE_REPO=${TIE_REPO:-${GIT_BASE}/openstack/tripleo-image-elements.git} +TIE_BRANCH=${TIE_BRANCH:-master} -# trove client library test -TROVECLIENT_REPO=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git} -TROVECLIENT_BRANCH=${TROVECLIENT_BRANCH:-master} +################# +# +# Additional Libraries +# +################# # stackforge libraries that are used by OpenStack core services # wsme @@ -348,6 +386,32 @@ SQLALCHEMY_MIGRATE_REPO=${SQLALCHEMY_MIGRATE_REPO:-${GIT_BASE}/stackforge/sqlalc SQLALCHEMY_MIGRATE_BRANCH=${SQLALCHEMY_MIGRATE_BRANCH:-master} +################# +# +# 3rd Party Components (non pip installable) +# +# NOTE(sdague): these should be converted to release version installs or removed +# +################# + +# ironic python agent +IRONIC_PYTHON_AGENT_REPO=${IRONIC_PYTHON_AGENT_REPO:-${GIT_BASE}/openstack/ironic-python-agent.git} +IRONIC_PYTHON_AGENT_BRANCH=${IRONIC_PYTHON_AGENT_BRANCH:-master} + +# a websockets/html5 or flash powered VNC console for vm instances +NOVNC_REPO=${NOVNC_REPO:-https://github.com/kanaka/noVNC.git} +NOVNC_BRANCH=${NOVNC_BRANCH:-master} + +# ryu service +RYU_REPO=${RYU_REPO:-https://github.com/osrg/ryu.git} +RYU_BRANCH=${RYU_BRANCH:-master} + +# a websockets/html5 or flash powered SPICE console for vm instances +SPICE_REPO=${SPICE_REPO:-http://anongit.freedesktop.org/git/spice/spice-html5.git} +SPICE_BRANCH=${SPICE_BRANCH:-master} + + + # Nova hypervisor configuration. We default to libvirt with **kvm** but will # drop back to **qemu** if we are unable to load the kvm module. ``stack.sh`` can # also install an **LXC**, **OpenVZ** or **XenAPI** based system. If xenserver-core From 608f884edb2faff59100bb5aa84e8d59e5d3e6d8 Mon Sep 17 00:00:00 2001 From: Kirill Shileev Date: Fri, 3 Oct 2014 22:48:58 +0400 Subject: [PATCH 0040/3421] Use ALT_INSTANCE_USER for image_alt_ssh_user Change-Id: Ib9cfb6e989575d62c493cbe92fdefd8c90256bcd Closes-Bug: 1377914 --- lib/tempest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tempest b/lib/tempest index d677c7e33c..3e55d792ff 100644 --- a/lib/tempest +++ b/lib/tempest @@ -284,7 +284,7 @@ function configure_tempest { iniset $TEMPEST_CONFIG compute image_ref $image_uuid iniset $TEMPEST_CONFIG compute image_ssh_user ${DEFAULT_INSTANCE_USER:-cirros} iniset $TEMPEST_CONFIG compute image_ref_alt $image_uuid_alt - iniset $TEMPEST_CONFIG compute image_alt_ssh_user ${DEFAULT_INSTANCE_USER:-cirros} + iniset $TEMPEST_CONFIG compute image_alt_ssh_user ${ALT_INSTANCE_USER:-cirros} iniset $TEMPEST_CONFIG compute flavor_ref $flavor_ref iniset $TEMPEST_CONFIG compute flavor_ref_alt $flavor_ref_alt iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method From 0e4cd038287bcf36ff31c4e7b22266051198b44c Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Fri, 3 Oct 2014 13:27:17 -0700 Subject: [PATCH 0041/3421] Source functions from stackrc stackrc now requires GITREPO, GITBRANCH, GITDIR and has been dependent on functions for a while (is_package_installed). Ensure we source the required functions file when stackrc is loaded. Avoids unexpected issues in grenade where they may or may not have been loaded depending on the configuration. Closes-bug: #1377274 Change-Id: I5027cfad07af0de7ff39f424601d6f7ec5dcadae --- stackrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/stackrc b/stackrc index 15f7f82511..13b2e22675 100644 --- a/stackrc +++ b/stackrc @@ -3,6 +3,9 @@ # Find the other rc files RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd) +# Source required devstack functions and globals +source $RC_DIR/functions + # Destination path for installation DEST=/opt/stack From 6c585d739d918ae563a6291a8661fd82b872a93a Mon Sep 17 00:00:00 2001 From: Chmouel Boudjnah Date: Sat, 4 Oct 2014 08:14:30 +0200 Subject: [PATCH 0042/3421] Refactor swift config services Make the sed the command to change the recon_cache_path into the renamed generate_swift_config_services Change-Id: I6092c26836320fab607eb9cd07f63189a9ba1ddd --- lib/swift | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/lib/swift b/lib/swift index 813955226e..21ed920149 100644 --- a/lib/swift +++ b/lib/swift @@ -251,7 +251,7 @@ function _config_swift_apache_wsgi { # This function generates an object/container/account configuration # emulating 4 nodes on different ports -function generate_swift_config { +function generate_swift_config_services { local swift_node_config=$1 local node_id=$2 local bind_port=$3 @@ -286,6 +286,10 @@ function generate_swift_config { iniuncomment ${swift_node_config} ${server_type}-replicator vm_test_mode iniset ${swift_node_config} ${server_type}-replicator vm_test_mode yes + + # Using a sed and not iniset/iniuncomment because we want to a global + # modification and make sure it works for new sections. + sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config} } @@ -436,23 +440,18 @@ EOF for node_number in ${SWIFT_REPLICAS_SEQ}; do local swift_node_config=${SWIFT_CONF_DIR}/object-server/${node_number}.conf cp ${SWIFT_DIR}/etc/object-server.conf-sample ${swift_node_config} - generate_swift_config ${swift_node_config} ${node_number} $(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) object + generate_swift_config_services ${swift_node_config} ${node_number} $(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) object iniset ${swift_node_config} filter:recon recon_cache_path ${SWIFT_DATA_DIR}/cache - # Using a sed and not iniset/iniuncomment because we want to a global - # modification and make sure it works for new sections. - sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config} swift_node_config=${SWIFT_CONF_DIR}/container-server/${node_number}.conf cp ${SWIFT_DIR}/etc/container-server.conf-sample ${swift_node_config} - generate_swift_config ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container + generate_swift_config_services ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container iniuncomment ${swift_node_config} app:container-server allow_versions iniset ${swift_node_config} app:container-server allow_versions "true" - sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config} swift_node_config=${SWIFT_CONF_DIR}/account-server/${node_number}.conf cp ${SWIFT_DIR}/etc/account-server.conf-sample ${swift_node_config} - generate_swift_config ${swift_node_config} ${node_number} $(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) account - sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config} + generate_swift_config_services ${swift_node_config} ${node_number} $(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) account done # Set new accounts in tempauth to match keystone tenant/user (to make testing easier) From 690e3c25742f47fd2a42d6407ffa30bc99288dc0 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Sun, 5 Oct 2014 20:06:33 -0400 Subject: [PATCH 0043/3421] Fix Typos found with misspell git ls-files | grep -v locale | misspellings -f - Change-Id: I0dc56ba64ae4bdc681ccf4a1d2d23238f541650d --- docs/source/configuration.html | 2 +- docs/source/guides/multinode-lab.html | 8 ++++---- docs/source/guides/single-machine.html | 6 +++--- docs/source/openrc.html | 2 +- tools/build_docs.sh | 2 +- tools/xen/install_os_domU.sh | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/source/configuration.html b/docs/source/configuration.html index fbcead7ab4..044bafc70d 100644 --- a/docs/source/configuration.html +++ b/docs/source/configuration.html @@ -146,7 +146,7 @@

Common Configuration Variables

One syslog to bind them all
Default: SYSLOG=False SYSLOG_HOST=$HOST_IP SYSLOG_PORT=516
- Logging all services to a single syslog can be convenient. Enable syslogging by seting SYSLOG to True. If the destination log host is not localhost SYSLOG_HOST and SYSLOG_PORT can be used to direct the message stream to the log host. + Logging all services to a single syslog can be convenient. Enable syslogging by setting SYSLOG to True. If the destination log host is not localhost SYSLOG_HOST and SYSLOG_PORT can be used to direct the message stream to the log host. 
SYSLOG=True
 SYSLOG_HOST=$HOST_IP
 SYSLOG_PORT=516
diff --git a/docs/source/guides/multinode-lab.html b/docs/source/guides/multinode-lab.html index a286954e7d..db8be08e87 100644 --- a/docs/source/guides/multinode-lab.html +++ b/docs/source/guides/multinode-lab.html @@ -114,11 +114,11 @@

Add the DevStack User

OpenStack runs as a non-root user that has sudo access to root. There is nothing special about the name, we'll use stack here. Every node must use the same name and preferably uid. If you created a user during the OS install you can use it and give it - sudo priviledges below. Otherwise create the stack user:

+ sudo privileges below. Otherwise create the stack user:

groupadd stack
 useradd -g stack -s /bin/bash -d /opt/stack -m stack

This user will be making many changes to your system during installation and operation - so it needs to have sudo priviledges to root without a password:

+ so it needs to have sudo privileges to root without a password:

echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

From here on use the stack user. Logout and login as the stack user.

@@ -221,7 +221,7 @@

Options pimp your stack

Additional Users

-

DevStack creates two OpenStack users (admin and demo) and two tenants (also admin and demo). admin is exactly what it sounds like, a priveleged administrative account that is a member of both the admin and demo tenants. demo is a normal user account that is only a member of the demo tenant. Creating additional OpenStack users can be done through the dashboard, sometimes it is easier to do them in bulk from a script, especially since they get blown away every time +

DevStack creates two OpenStack users (admin and demo) and two tenants (also admin and demo). admin is exactly what it sounds like, a privileged administrative account that is a member of both the admin and demo tenants. demo is a normal user account that is only a member of the demo tenant. Creating additional OpenStack users can be done through the dashboard, sometimes it is easier to do them in bulk from a script, especially since they get blown away every time stack.sh runs. The following steps are ripe for scripting:

# Get admin creds
 . openrc admin admin
@@ -275,7 +275,7 @@ 
Volumes

 vgcreate stack-volumes /dev/sdc

Syslog

-

DevStack is capable of using rsyslog to agregate logging across the cluster. +

DevStack is capable of using rsyslog to aggregate logging across the cluster. It is off by default; to turn it on set SYSLOG=True in local.conf. SYSLOG_HOST defaults to HOST_IP; on the compute nodes it must be set to the IP of the cluster controller to send syslog output there. In the example diff --git a/docs/source/guides/single-machine.html b/docs/source/guides/single-machine.html index ca9cafac4e..9471972382 100644 --- a/docs/source/guides/single-machine.html +++ b/docs/source/guides/single-machine.html @@ -69,9 +69,9 @@

Installation shake and bake

Add your user

-

We need to add a user to install DevStack. (if you created a user during install you can skip this step and just give the user sudo priviledges below)

+

We need to add a user to install DevStack. (if you created a user during install you can skip this step and just give the user sudo privileges below)

adduser stack
-

Since this user will be making many changes to your system, it will need to have sudo priviledges:

+

Since this user will be making many changes to your system, it will need to have sudo privileges:

apt-get install sudo -y || yum install -y sudo
 echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

From here on you should use the user you created. Logout and login as that user.

@@ -113,7 +113,7 @@

Run DevStack

Using OpenStack

At this point you should be able to access the dashboard from other computers on the local network. In this example that would be http://192.168.1.201/ for the dashboard (aka Horizon). - Launch VMs and if you give them floating IPs and security group access those VMs will be accessable from other machines on your network.

+ Launch VMs and if you give them floating IPs and security group access those VMs will be accessible from other machines on your network.

Some examples of using the OpenStack command-line clients nova and glance are in the shakedown scripts in devstack/exercises. exercise.sh diff --git a/docs/source/openrc.html b/docs/source/openrc.html index b84d26839b..da6697fb92 100644 --- a/docs/source/openrc.html +++ b/docs/source/openrc.html @@ -60,7 +60,7 @@

openrc User authentication settings

The introduction of Keystone to the OpenStack ecosystem has standardized the term tenant as the entity that owns resources. In some places references still exist to the original Nova term project for this use. Also, - tenant_name is prefered to tenant_id. + tenant_name is preferred to tenant_id. 
OS_TENANT_NAME=demo
OS_USERNAME
diff --git a/tools/build_docs.sh b/tools/build_docs.sh index e999eff751..96bd8924d6 100755 --- a/tools/build_docs.sh +++ b/tools/build_docs.sh @@ -17,7 +17,7 @@ ## prevent stray files in the workspace being added tot he docs) ## -o Write the static HTML output to ## (Note that will be deleted and re-created to ensure it is clean) -## -g Update the old gh-pages repo (set PUSH=1 to actualy push up to RCB) +## -g Update the old gh-pages repo (set PUSH=1 to actually push up to RCB) # Defaults # -------- diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh index 9bf8f73c92..75d56a8465 100755 --- a/tools/xen/install_os_domU.sh +++ b/tools/xen/install_os_domU.sh @@ -394,7 +394,7 @@ if [ "$WAIT_TILL_LAUNCH" = "1" ] && [ -e ~/.ssh/id_rsa.pub ] && [ "$COPYENV" = # Watch devstack's output (which doesn't start until stack.sh is running, # but wait for run.sh (which starts stack.sh) to exit as that is what - # hopefully writes the succeded cookie. + # hopefully writes the succeeded cookie. pid=`ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS pgrep run.sh` ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "tail --pid $pid -n +1 -f /tmp/devstack/log/stack.log" From d29ca35e79fab38a48399a305074fd72663f998a Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Mon, 6 Oct 2014 14:33:59 -0700 Subject: [PATCH 0044/3421] Stop n-cpu by correct process name /w fake When VIRT_DRIVER=fake, n-cpu processes are numbered (ie, n-cpu-1) in start_nova. However, this scheme is not taken into account when stopping nova, resulting in leftover n-cpu processes that fail grenade's stop-base if USE_SCREEN=False. This special cases for the fake driver in stop_nova_compute and ensures n-cpu(s) is shutdown correctly. Change-Id: Icebece9eadc4e10bb12fe4fdd2fa37d5f3983f66 Close-bug: #1378112 --- lib/nova | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/nova b/lib/nova index 096d380e03..10bf4726ac 100644 --- a/lib/nova +++ b/lib/nova @@ -755,7 +755,14 @@ function start_nova { } function stop_nova_compute { - stop_process n-cpu + if [ "$VIRT_DRIVER" == "fake" ]; then + local i + for i in `seq 1 $NUMBER_FAKE_NOVA_COMPUTE`; do + stop_process n-cpu-${i} + done + else + stop_process n-cpu + fi if is_service_enabled n-cpu && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; then stop_nova_hypervisor fi From e2c9fee8ed846aba124a2fc1bba245790ed7ba90 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Fri, 26 Sep 2014 09:42:11 +1000 Subject: [PATCH 0045/3421] Single quote iniset argument in merge_config_file If we don't single quote the extracted argument to iniset we drop any quotes from the source. Add a simple test-case for this. Partial-bug: #1374118 Change-Id: If2f47b64b11015e727a011c7e5f6e8ad378b90eb --- lib/config | 4 +++- tests/test_config.sh | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/config b/lib/config index 0baa4cc3c2..a0b9b0a6f6 100644 --- a/lib/config +++ b/lib/config @@ -82,6 +82,8 @@ function merge_config_file { local matchgroup=$2 local configfile=$3 + # note in the awk below, \x27 is ascii for ' -- this avoids + # having to do nasty quoting games get_meta_section $file $matchgroup $configfile | \ $CONFIG_AWK_CMD -v configfile=$configfile ' BEGIN { section = "" } @@ -95,7 +97,7 @@ function merge_config_file { } /^[^ \t]+/ { split($0, d, " *= *") - print "iniset " configfile " " section " " d[1] " \"" d[2] "\"" + print "iniset " configfile " " section " " d[1] " \x27" d[2] "\x27 " } ' | while read a; do eval "$a"; done diff --git a/tests/test_config.sh b/tests/test_config.sh index 2634ce0654..7cf75d0c4f 100755 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -91,6 +91,10 @@ attribute=value [[test4|\$TEST4_DIR/\$TEST4_FILE]] [fff] type=new + +[[test-quote|test-quote.conf]] +[foo] +foo="foo bar" "baz" EOF echo -n "get_meta_section_files: test0 doesn't exist: " @@ -206,6 +210,15 @@ EXPECT_VAL=" attribute = value" check_result "$VAL" "$EXPECT_VAL" +echo -n "merge_config_file test-quote: " +rm -f test-quote.conf +merge_config_file test.conf test-quote test-quote.conf +VAL=$(cat test-quote.conf) +EXPECT_VAL=' +[foo] +foo = "foo bar" "baz"' +check_result "$VAL" "$EXPECT_VAL" + echo -n "merge_config_group test4 variable filename: " setup_test4 merge_config_group test.conf test4 @@ -225,5 +238,5 @@ EXPECT_VAL=" type = new" check_result "$VAL" "$EXPECT_VAL" -rm -f test.conf test1c.conf test2a.conf test-space.conf +rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf rm -rf test-etc From e321e305f3b571b1b3ae26f169b71786537d400a Mon Sep 17 00:00:00 2001 From: Steve Martinelli Date: Mon, 6 Oct 2014 02:23:28 -0400 Subject: [PATCH 0046/3421] Correct swift service name in docs The docs incorrectly show an example of: enable_service swift This does not work, it must be enabled on a per swift service basis, like: enable_service s-proxy s-object s-container s-account Change-Id: Ib4ed8b43f777d308f5464d45dc87735e843c0daf --- docs/source/guides/multinode-lab.html | 2 +- docs/source/stackrc.html | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/guides/multinode-lab.html b/docs/source/guides/multinode-lab.html index a286954e7d..4ad29b13a0 100644 --- a/docs/source/guides/multinode-lab.html +++ b/docs/source/guides/multinode-lab.html @@ -247,7 +247,7 @@

Swift

The support in DevStack is geared toward a minimal installation but can be used for testing. To implement a true multi-node test of Swift required more than DevStack provides. Enabling it is as simple as enabling the swift service in local.conf: - 
enable_service swift
+ 
enable_service s-proxy s-object s-container s-account

Swift will put its data files in SWIFT_DATA_DIR (default /opt/stack/data/swift). The size of the data 'partition' created (really a loop-mounted file) is set by diff --git a/docs/source/stackrc.html b/docs/source/stackrc.html index 23a48c51d7..d83fbc164c 100644 --- a/docs/source/stackrc.html +++ b/docs/source/stackrc.html @@ -66,8 +66,8 @@

stackrc DevStack settings

Certificate Authentication), Cinder (Scheduler, API, Volume), Horizon, MySQL, RabbitMQ, Tempest. 
ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
Other services that are not enabled by default can be enabled in - localrc. For example, to add Swift: - 
enable_service swift
+ localrc. For example, to add Swift, use the following service names: + 
enable_service s-proxy s-object s-container s-account
A service can similarly be disabled: 
disable_service horizon
From 67bc8e8ab9cb0a80ff82ea1c4b2bc84e2e802034 Mon Sep 17 00:00:00 2001 From: Chris Dent Date: Wed, 8 Oct 2014 12:07:46 +0100 Subject: [PATCH 0047/3421] Cleanup create_accounts functions lib/nova and lib/ceilometer had function calls not in the desired form. Change-Id: I6b848e51654a48fe2df6084efdb0f67fd5e180f0 --- lib/ceilometer | 5 ++--- lib/nova | 6 ++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/lib/ceilometer b/lib/ceilometer index 9bb31218a0..c997de77e1 100644 --- a/lib/ceilometer +++ b/lib/ceilometer @@ -73,13 +73,12 @@ function is_ceilometer_enabled { } # create_ceilometer_accounts() - Set up common required ceilometer accounts - +# # Project User Roles # ------------------------------------------------------------------ # SERVICE_TENANT_NAME ceilometer admin # SERVICE_TENANT_NAME ceilometer ResellerAdmin (if Swift is enabled) - -create_ceilometer_accounts() { +function create_ceilometer_accounts { local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") diff --git a/lib/nova b/lib/nova index fa57432187..cd9544ba66 100644 --- a/lib/nova +++ b/lib/nova @@ -330,14 +330,12 @@ function configure_nova { } # create_nova_accounts() - Set up common required nova accounts - +# # Project User Roles # ------------------------------------------------------------------ # SERVICE_TENANT_NAME nova admin # SERVICE_TENANT_NAME nova ResellerAdmin (if Swift is enabled) - -# Migrated from keystone_data.sh -create_nova_accounts() { +function create_nova_accounts { local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") From 9a706107d6603c9a13c8ec128b6f0ca397492f02 Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Wed, 8 Oct 2014 10:39:46 -0400 Subject: [PATCH 0048/3421] Set Glance default_store to rbd in [glance_store] Glance is moving from [DEFAULT] to [glance_store] for this option. Since lib/glance sets both, let's also set it in both places for now. Failing to do this causes g-api to fail to start with error: "Store for scheme swift not found" Change-Id: I9e33ababf7c51f5c750f90b8b366b9892bb4c8cd --- lib/ceph | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/ceph b/lib/ceph index 30ca903a8d..2e68ce588d 100644 --- a/lib/ceph +++ b/lib/ceph @@ -197,8 +197,12 @@ function configure_ceph_glance { fi sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring + + # NOTE(eharney): When Glance has fully migrated to Glance store, + # default_store can be removed from [DEFAULT]. (See lib/glance.) iniset $GLANCE_API_CONF DEFAULT default_store rbd iniset $GLANCE_API_CONF DEFAULT show_image_direct_url True + iniset $GLANCE_API_CONF glance_store default_store rbd iniset $GLANCE_API_CONF glance_store stores "file, http, rbd" iniset $GLANCE_API_CONF glance_store rbd_store_ceph_conf $CEPH_CONF_FILE iniset $GLANCE_API_CONF glance_store rbd_store_user $GLANCE_CEPH_USER From 0f72625fba22783bf78ffdc809da7fd42d0c4310 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Wed, 1 Oct 2014 17:06:19 -0700 Subject: [PATCH 0049/3421] Enable DIB service to build with minimal net access Adds two new options to lib/dib that will help devstack slaves use cached content and content local to cloud provides: * DIB_BUILD_OFFLINE: This will enable DIB to rely entirely on cached images without making any additional calls to cloud-images.ubuntu.com to validate hashes/freshness. * DIB_APT_SOURCES: Used to specify alternatve sources.list for image builds. Setting this enables the addition of the apt-sources element during image builds and is only supported for ubuntu/debian builds. Change-Id: I9b9ca72ec551565d454610aacb86c585f0384f13 Partial-bug: #1375488 --- lib/dib | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/dib b/lib/dib index d39d8016c5..30b31ec0ee 100644 --- a/lib/dib +++ b/lib/dib @@ -20,13 +20,28 @@ set +o xtrace # set up default directories DIB_DIR=$DEST/diskimage-builder TIE_DIR=$DEST/tripleo-image-elements + +# NOTE: Setting DIB_APT_SOURCES assumes you will be building +# Debian/Ubuntu based images. Leave unset for other flavors. +DIB_APT_SOURCES=${DIB_APT_SOURCES:-""} +DIB_BUILD_OFFLINE=$(trueorfalse False $DIB_BUILD_OFFLINE) DIB_IMAGE_CACHE=$DATA_DIR/diskimage-builder/image-create DIB_PIP_REPO=$DATA_DIR/diskimage-builder/pip-repo DIB_PIP_REPO_PORT=${DIB_PIP_REPO_PORT:-8899} + OCC_DIR=$DEST/os-collect-config ORC_DIR=$DEST/os-refresh-config OAC_DIR=$DEST/os-apply-config +# Include the apt-sources element in builds if we have an +# alternative sources.list specified. +if [ -n "$DIB_APT_SOURCES" ]; then + if [ ! -e "$DIB_APT_SOURCES" ]; then + die $LINENO "DIB_APT_SOURCES set but not found at $DIB_APT_SOURCES" + fi + EXTRA_ELEMENTS="apt-sources" +fi + # Functions # --------- @@ -106,9 +121,11 @@ function disk_image_create_upload { # The disk-image-create command to run ELEMENTS_PATH=$elements_path \ + DIB_APT_SOURCES=$DIB_APT_SOURCES \ + DIB_OFFLINE=$DIB_BUILD_OFFLINE \ PYPI_MIRROR_URL=$pypi_mirror_url \ PYPI_MIRROR_URL_1=$pypi_mirror_url_1 \ - disk-image-create -a amd64 $image_elements \ + disk-image-create -a amd64 $image_elements $EXTRA_ELEMENTS \ --image-cache $DIB_IMAGE_CACHE \ -o $image_path From 3682b6de55ee88109147516be0a2634aeeb951ab Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 8 Oct 2014 15:37:23 +1100 Subject: [PATCH 0050/3421] Install latest EPEL release Use a little trick cribbed from [1] to install the latest EPEL release, rather than hard-coding versions [1] http://stackoverflow.com/questions/14016286/how-to-programmatically-install-the-latest-epel-release-rpm-without-knowing-its Closes-bug: #1376321 Change-Id: Ib89d73d669efe2e2d61fc0b12b46395fce113386 --- stack.sh | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/stack.sh b/stack.sh index 0cec623a54..3b5fb7459b 100755 --- a/stack.sh +++ b/stack.sh @@ -234,15 +234,35 @@ fi if [[ is_fedora && ( $DISTRO == "rhel6" || $DISTRO == "rhel7" ) ]]; then # RHEL requires EPEL for many Open Stack dependencies - if [[ $DISTRO == "rhel7" ]]; then - EPEL_RPM=${RHEL7_EPEL_RPM:-"http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-1.noarch.rpm"} - elif [[ $DISTRO == "rhel6" ]]; then - EPEL_RPM=${RHEL6_EPEL_RPM:-"http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"} - fi if ! sudo yum repolist enabled epel | grep -q 'epel'; then echo "EPEL not detected; installing" - yum_install ${EPEL_RPM} || \ + # This trick installs the latest epel-release from a bootstrap + # repo, then removes itself (as epel-release installed the + # "real" repo). + # + # you would think that rather than this, you could use + # $releasever directly in .repo file we create below. However + # RHEL gives a $releasever of "6Server" which breaks the path; + # see https://bugzilla.redhat.com/show_bug.cgi?id=1150759 + if [[ $DISTRO == "rhel7" ]]; then + epel_ver="7" + elif [[ $DISTRO == "rhel6" ]]; then + epel_ver="6" + fi + + cat < Date: Wed, 8 Oct 2014 06:52:21 +0000 Subject: [PATCH 0051/3421] Enable Swift's newer feature of container-sync Newer version of container-sync feature is introduced in Swift ver. 1.12.0. The spec: http://docs.openstack.org/developer/swift/overview_container_sync.html Before this commit, Devstack does not configure any realm used in container-sync, therefore this feature does not work. To test this feature in CI system, moreover to show the sample configuration of realms, Devstack now edits realms configuration file. Change-Id: I9f1e3224403e08e725a989162729470357fe90b0 Closes-Bug: 1378646 --- lib/swift | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/swift b/lib/swift index 21ed920149..d8c790a201 100644 --- a/lib/swift +++ b/lib/swift @@ -330,7 +330,12 @@ function configure_swift { SWIFT_CONFIG_PROXY_SERVER=${SWIFT_CONF_DIR}/proxy-server.conf cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER} - cp ${SWIFT_DIR}/etc/container-sync-realms.conf-sample ${SWIFT_CONF_DIR}/container-sync-realms.conf + # To run container sync feature introduced in Swift ver 1.12.0, + # container sync "realm" is added in container-sync-realms.conf + local csyncfile=${SWIFT_CONF_DIR}/container-sync-realms.conf + cp ${SWIFT_DIR}/etc/container-sync-realms.conf-sample ${csyncfile} + iniset ${csyncfile} realm1 key realm1key + iniset ${csyncfile} realm1 cluster_name1 "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/" iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER} From bf1b8ed4707e6ee3588c5b5237317325fe2d57c4 Mon Sep 17 00:00:00 2001 From: Steve Martinelli Date: Mon, 6 Oct 2014 03:36:20 -0400 Subject: [PATCH 0052/3421] Move swift CLI commands to OSC commands Only a few instances in exercises/swift.sh Change-Id: I0a39b11f660453a378d44e4f9f28a4a57352f4a8 --- exercises/swift.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/exercises/swift.sh b/exercises/swift.sh index 25ea6719c1..afcede81cd 100755 --- a/exercises/swift.sh +++ b/exercises/swift.sh @@ -45,16 +45,16 @@ CONTAINER=ex-swift # ============= # Check if we have to swift via keystone -swift stat || die $LINENO "Failure geting status" +swift stat || die $LINENO "Failure getting status" # We start by creating a test container -swift post $CONTAINER || die $LINENO "Failure creating container $CONTAINER" +openstack container create $CONTAINER || die $LINENO "Failure creating container $CONTAINER" # add some files into it. -swift upload $CONTAINER /etc/issue || die $LINENO "Failure uploading file to container $CONTAINER" +openstack object create $CONTAINER /etc/issue || die $LINENO "Failure uploading file to container $CONTAINER" # list them -swift list $CONTAINER || die $LINENO "Failure listing contents of container $CONTAINER" +openstack object list $CONTAINER || die $LINENO "Failure listing contents of container $CONTAINER" # And we may want to delete them now that we have tested that # everything works. From 7c6d005eedbff90811d0ded26508f716227dc5f8 Mon Sep 17 00:00:00 2001 From: JordanP Date: Mon, 6 Oct 2014 23:08:50 +0200 Subject: [PATCH 0053/3421] Fix account rc files creation for Swift users Id02ebdfa5cb3f6c763293876c6bb031184ebd663 introduced a small regression which makes the command x509-create-cert fail with 'ERROR (CommandError): Invalid OpenStack Nova credentials.' for Swift users. The handling of specific password for Swift users was introduced in Ifb57a43aad439ffe041e98465719a8a8eceae544 Change-Id: I3f328b1358bad0bdf7056796eabfe846dd5bae3a --- lib/swift | 8 +++++--- tools/create_userrc.sh | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/swift b/lib/swift index 21ed920149..15bd2a9471 100644 --- a/lib/swift +++ b/lib/swift @@ -557,9 +557,11 @@ function create_swift_disk { function create_swift_accounts { # Defines specific passwords used by tools/create_userrc.sh - local swiftusertest1_password=testing - local swiftusertest2_password=testing2 - local swiftusertest3_password=testing3 + # As these variables are used by create_userrc.sh, they must be exported + # The _password suffix is expected by create_userrc.sh + export swiftusertest1_password=testing + export swiftusertest2_password=testing2 + export swiftusertest3_password=testing3 KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql} diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh index 6a07be49f0..b43fd883a3 100755 --- a/tools/create_userrc.sh +++ b/tools/create_userrc.sh @@ -254,7 +254,8 @@ if [ $MODE != "create" ]; then # Checks for a specific password defined for an user. # Example for an username johndoe: JOHNDOE_PASSWORD=1234 - eval SPECIFIC_UPASSWORD="\$${USER_NAME^^}_PASSWORD" + # This mechanism is used by lib/swift + eval SPECIFIC_UPASSWORD="\$${user_name}_password" if [ -n "$SPECIFIC_UPASSWORD" ]; then USER_PASS=$SPECIFIC_UPASSWORD fi From 2f92c8d723f6e244faf410c5121de4c462c08a35 Mon Sep 17 00:00:00 2001 From: Sirushti Murugesan Date: Thu, 9 Oct 2014 14:35:38 +0530 Subject: [PATCH 0054/3421] Replace deprecated conf option for heat Change-Id: I0419b188ecc2bd946c1c1f565875c6a04f4afd9b Closes-Bug: #1379234 --- lib/heat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/heat b/lib/heat index 737598d50d..53eca25450 100644 --- a/lib/heat +++ b/lib/heat @@ -276,7 +276,7 @@ function create_heat_accounts { --os-identity-api-version=3 domain create heat \ --description "Owns users and projects created by heat" \ | grep ' id ' | get_field 2) - iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID} + iniset $HEAT_CONF DEFAULT stack_user_domain_id ${D_ID} openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \ --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \ From fa16ae92cd7339a830851dea17ce263205b78865 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Han?= Date: Mon, 6 Oct 2014 00:15:33 +0200 Subject: [PATCH 0055/3421] Add the ability to activate Nova ceph without Cinder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prior to this patch, if we wanted to boot a VM in Ceph using libvirt_image_type we must had Cinder enabled. This patch allows you to use libvirt_image_type without having Cinder enabled. Change-Id: Ia61e6effc5a4ccba69f4fa48f6e9984f15bb8979 Signed-off-by: Sébastien Han --- extras.d/60-ceph.sh | 5 +++-- lib/ceph | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/extras.d/60-ceph.sh b/extras.d/60-ceph.sh index 5fb34ea89b..50bdfaee3b 100644 --- a/extras.d/60-ceph.sh +++ b/extras.d/60-ceph.sh @@ -26,8 +26,9 @@ if is_service_enabled ceph; then if is_service_enabled cinder; then echo_summary "Configuring Cinder for Ceph" configure_ceph_cinder - # NOTE (leseb): the part below is a requirement from Cinder in order to attach volumes - # so we should run the following within the if statement. + fi + if is_service_enabled cinder || is_service_enabled nova; then + # NOTE (leseb): the part below is a requirement to attach Ceph block devices echo_summary "Configuring libvirt secret" import_libvirt_secret_ceph fi diff --git a/lib/ceph b/lib/ceph index 30ca903a8d..55e110bead 100644 --- a/lib/ceph +++ b/lib/ceph @@ -221,6 +221,11 @@ function configure_ceph_nova { iniset $NOVA_CONF libvirt images_type rbd iniset $NOVA_CONF libvirt images_rbd_pool ${NOVA_CEPH_POOL} iniset $NOVA_CONF libvirt images_rbd_ceph_conf ${CEPH_CONF_FILE} + + if ! is_service_enabled cinder; then + sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring > /dev/null + sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring + fi } # configure_ceph_cinder() - Cinder config needs to come after Cinder is set up From cc87c2871dc436b2134f60e9fa4663723a094ebd Mon Sep 17 00:00:00 2001 From: Fergal Mc Carthy Date: Thu, 9 Oct 2014 16:16:42 -0400 Subject: [PATCH 0056/3421] local.conf processing doesn't handle '=' in values When attempting to add a libvirt section with a volume_drivers entry to $NOVA_CONF, via a post-config block in the local.conf file, I encountered problems; the value for this attribute takes the form driver=python.import.path.to.driver but the value actually populated in the $NOVA_CONF was truncated at the equals. Taking the iscsi driver setting specified in the official nova.conf documentation as an example, if I have the following in my local.conf file: [[post-config|$NOVA_CONF]] [libvirt] volume_drivers = iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver I will see that the generated $NOVA_CONF has the following: [libvirt] volume_driver = iscsi This occurs because the existing handling for a post-config setion, as implemented in merge_config_file(), splits the line on the equals sign, and then uses the first and seconds elements of the resulting array as attribute name and value respectively. However when an equals occurs as part of the value this results in the value being truncated at the first equals in the value. The fix I've implemented, based upon review feedback, extracts the contents of $0 before the first equals as the attr name, and extracts the remainder after the equals as the value. Then it strips the leading and trailing whitespaces from both as appropriate. I've also added test5 to tests/test_config.sh to test for, and verify, correct operation when this scenario is encountered. Similarly I've added test6 to ensure that trailing spaces in values are stripped correctly. Change-Id: Id0cb1e6e1cece21bc5dbf427c4d756af86fbd927 Closes-Bug: #1374482 --- lib/config | 13 +++++++++++-- tests/test_config.sh | 31 ++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/lib/config b/lib/config index a0b9b0a6f6..b44e79aa3d 100644 --- a/lib/config +++ b/lib/config @@ -96,8 +96,17 @@ function merge_config_file { next } /^[^ \t]+/ { - split($0, d, " *= *") - print "iniset " configfile " " section " " d[1] " \x27" d[2] "\x27 " + # get offset of first '=' in $0 + eq_idx = index($0, "=") + # extract attr & value from $0 + attr = substr($0, 1, eq_idx - 1) + value = substr($0, eq_idx + 1) + # only need to strip trailing whitespace from attr + sub(/[ \t]*$/, "", attr) + # need to strip leading & trailing whitespace from value + sub(/^[ \t]*/, "", value) + sub(/[ \t]*$/, "", value) + print "iniset " configfile " " section " " attr " \x27" value "\x27" } ' | while read a; do eval "$a"; done diff --git a/tests/test_config.sh b/tests/test_config.sh index 7cf75d0c4f..6fff29c396 100755 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -95,6 +95,15 @@ type=new [[test-quote|test-quote.conf]] [foo] foo="foo bar" "baz" + +[[test5|test-equals.conf]] +[DEFAULT] +drivers = driver=python.import.path.Driver + +[[test6|test-strip.conf]] +[DEFAULT] +# next line has trailing space +attr = strip_trailing_space EOF echo -n "get_meta_section_files: test0 doesn't exist: " @@ -238,5 +247,25 @@ EXPECT_VAL=" type = new" check_result "$VAL" "$EXPECT_VAL" -rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf +echo -n "merge_config_file test5 equals in value: " +rm -f test-equals.conf +merge_config_file test.conf test5 test-equals.conf +VAL=$(cat test-equals.conf) +# iniset adds a blank line if it creates the file... +EXPECT_VAL=" +[DEFAULT] +drivers = driver=python.import.path.Driver" +check_result "$VAL" "$EXPECT_VAL" + +echo -n "merge_config_file test6 value stripped: " +rm -f test-strip.conf +merge_config_file test.conf test6 test-strip.conf +VAL=$(cat test-strip.conf) +# iniset adds a blank line if it creates the file... +EXPECT_VAL=" +[DEFAULT] +attr = strip_trailing_space" +check_result "$VAL" "$EXPECT_VAL" + +rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf rm -rf test-etc From 6ff21acf4c4d4ef08bbef419ba582cade4da8da7 Mon Sep 17 00:00:00 2001 From: Robert Li Date: Fri, 10 Oct 2014 12:43:05 -0400 Subject: [PATCH 0057/3421] Allow multi-line config items in meta-section of local.conf It would behave such as the contents from each meta-section in local.conf is copied to the destination files. One exception is the multiline options not grouped together. In that case, the contents will be grouped together in its destination config file. Check tests/test_config.sh for examples. Change-Id: I8c046b558eeb98ed221f6f1a59182d4179956ced Partial-Bug: #1374118 --- functions-common | 27 ++++++++++++++++++++ lib/config | 48 +++++++++++++++++++++++++++++++--- tests/test_config.sh | 61 +++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 129 insertions(+), 7 deletions(-) diff --git a/functions-common b/functions-common index 5b29fd3bf4..1f90da76b0 100644 --- a/functions-common +++ b/functions-common @@ -119,6 +119,33 @@ function ini_has_option { [ -n "$line" ] } +# Add another config line for a multi-line option. +# It's normally called after iniset of the same option and assumes +# that the section already exists. +# +# Note that iniset_multiline requires all the 'lines' to be supplied +# in the argument list. Doing that will cause incorrect configuration +# if spaces are used in the config values. +# +# iniadd_literal config-file section option value +function iniadd_literal { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local file=$1 + local section=$2 + local option=$3 + local value=$4 + + [[ -z $section || -z $option ]] && return + + # Add it + sed -i -e "/^\[$section\]/ a\\ +$option = $value +" "$file" + + $xtrace +} + # Set an option in an INI file # iniset config-file section option value function iniset { diff --git a/lib/config b/lib/config index b44e79aa3d..6e8219cbeb 100644 --- a/lib/config +++ b/lib/config @@ -86,7 +86,11 @@ function merge_config_file { # having to do nasty quoting games get_meta_section $file $matchgroup $configfile | \ $CONFIG_AWK_CMD -v configfile=$configfile ' - BEGIN { section = "" } + BEGIN { + section = "" + last_section = "" + section_count = 0 + } /^\[.+\]/ { gsub("[][]", "", $1); section=$1 @@ -106,10 +110,48 @@ function merge_config_file { # need to strip leading & trailing whitespace from value sub(/^[ \t]*/, "", value) sub(/[ \t]*$/, "", value) - print "iniset " configfile " " section " " attr " \x27" value "\x27" + + # cfg_attr_count: number of config lines per [section, attr] + # cfg_attr: two dimensional array to keep all the config lines per [section, attr] + # cfg_section: keep the section names in the same order as they appear in local.conf + # cfg_sec_attr_name: keep the attr names in the same order as they appear in local.conf + if (! (section, attr) in cfg_attr_count) { + if (section != last_section) { + cfg_section[section_count++] = section + last_section = section + } + attr_count = cfg_sec_attr_count[section_count - 1]++ + cfg_sec_attr_name[section_count - 1][attr_count] = attr + + cfg_attr[section, attr][0] = value + cfg_attr_count[section, attr] = 1 + } else { + lno = cfg_attr_count[section, attr]++ + cfg_attr[section, attr][lno] = value + } + } + END { + # Process each section in order + for (sno = 0; sno < section_count; sno++) { + section = cfg_section[sno] + # The ini routines simply append a config item immediately + # after the section header. To keep the same order as defined + # in local.conf, invoke the ini routines in the reverse order + for (attr_no = cfg_sec_attr_count[sno] - 1; attr_no >=0; attr_no--) { + attr = cfg_sec_attr_name[sno][attr_no] + if (cfg_attr_count[section, attr] == 1) + print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr][0] "\x27" + else { + # For multiline, invoke the ini routines in the reverse order + count = cfg_attr_count[section, attr] + print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr][count - 1] "\x27" + for (l = count -2; l >= 0; l--) + print "iniadd_literal " configfile " " section " " attr " \x27" cfg_attr[section, attr][l] "\x27" + } + } + } } ' | while read a; do eval "$a"; done - } diff --git a/tests/test_config.sh b/tests/test_config.sh index 6fff29c396..696e57f909 100755 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -104,6 +104,27 @@ drivers = driver=python.import.path.Driver [DEFAULT] # next line has trailing space attr = strip_trailing_space + +[[test-multi-sections|test-multi-sections.conf]] +[sec-1] +cfg_item1 = abcd +cfg_item2 = efgh + +[sec-2] +cfg_item1 = abcd +cfg_item3 = /1/2/3/4:5 +cfg_item4 = end + +[sec-3] +cfg_item5 = 5555 +cfg_item6 = 6666 +cfg_item5 = 5555another + +[[test-multiline|test-multiline.conf]] +[multi] +cfg_item1 = "ab":"cd", "ef": "gh" +cfg_item1 = abcd +cfg_item2 = efgh EOF echo -n "get_meta_section_files: test0 doesn't exist: " @@ -185,8 +206,39 @@ VAL=$(cat test2a.conf) # iniset adds a blank line if it creates the file... EXPECT_VAL=" [ddd] -additional = true -type = new" +type = new +additional = true" +check_result "$VAL" "$EXPECT_VAL" + +echo -n "merge_config_file test-multi-sections: " +rm -f test-multi-sections.conf +merge_config_file test.conf test-multi-sections test-multi-sections.conf +VAL=$(cat test-multi-sections.conf) +EXPECT_VAL=' +[sec-1] +cfg_item1 = abcd +cfg_item2 = efgh + +[sec-2] +cfg_item1 = abcd +cfg_item3 = /1/2/3/4:5 +cfg_item4 = end + +[sec-3] +cfg_item5 = 5555 +cfg_item5 = 5555another +cfg_item6 = 6666' +check_result "$VAL" "$EXPECT_VAL" + +echo -n "merge_config_file test-multiline: " +rm -f test-multiline.conf +merge_config_file test.conf test-multiline test-multiline.conf +VAL=$(cat test-multiline.conf) +EXPECT_VAL=' +[multi] +cfg_item1 = "ab":"cd", "ef": "gh" +cfg_item1 = abcd +cfg_item2 = efgh' check_result "$VAL" "$EXPECT_VAL" echo -n "merge_config_group test2: " @@ -196,8 +248,8 @@ VAL=$(cat test2a.conf) # iniset adds a blank line if it creates the file... EXPECT_VAL=" [ddd] -additional = true -type = new" +type = new +additional = true" check_result "$VAL" "$EXPECT_VAL" echo -n "merge_config_group test2 no conf file: " @@ -268,4 +320,5 @@ attr = strip_trailing_space" check_result "$VAL" "$EXPECT_VAL" rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf +rm -f test-multiline.conf test-multi-sections.conf rm -rf test-etc From a7eb07a3e22eb0362b28cec4bd289201a9adf699 Mon Sep 17 00:00:00 2001 From: Kevin Benton Date: Tue, 14 Oct 2014 04:35:59 -0700 Subject: [PATCH 0058/3421] Revert "Allow multi-line config items in meta-section of local.conf" This reverts commit 6ff21acf4c4d4ef08bbef419ba582cade4da8da7. This commit has broken config options with colons in them. The following is a sample configuration that no longer works: [[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]] [restproxy] server_ssl=False servers=10.211.1.9:80 server_ssl=False With the above config and the code present that this reverts, the 'servers' option will come out blank. Change-Id: I328852d2d941605051a1bf5eaf0f7674191f8c48 --- functions-common | 27 -------------------- lib/config | 48 +++------------------------------- tests/test_config.sh | 61 +++----------------------------------------- 3 files changed, 7 insertions(+), 129 deletions(-) diff --git a/functions-common b/functions-common index 1f90da76b0..5b29fd3bf4 100644 --- a/functions-common +++ b/functions-common @@ -119,33 +119,6 @@ function ini_has_option { [ -n "$line" ] } -# Add another config line for a multi-line option. -# It's normally called after iniset of the same option and assumes -# that the section already exists. -# -# Note that iniset_multiline requires all the 'lines' to be supplied -# in the argument list. Doing that will cause incorrect configuration -# if spaces are used in the config values. -# -# iniadd_literal config-file section option value -function iniadd_literal { - local xtrace=$(set +o | grep xtrace) - set +o xtrace - local file=$1 - local section=$2 - local option=$3 - local value=$4 - - [[ -z $section || -z $option ]] && return - - # Add it - sed -i -e "/^\[$section\]/ a\\ -$option = $value -" "$file" - - $xtrace -} - # Set an option in an INI file # iniset config-file section option value function iniset { diff --git a/lib/config b/lib/config index 6e8219cbeb..b44e79aa3d 100644 --- a/lib/config +++ b/lib/config @@ -86,11 +86,7 @@ function merge_config_file { # having to do nasty quoting games get_meta_section $file $matchgroup $configfile | \ $CONFIG_AWK_CMD -v configfile=$configfile ' - BEGIN { - section = "" - last_section = "" - section_count = 0 - } + BEGIN { section = "" } /^\[.+\]/ { gsub("[][]", "", $1); section=$1 @@ -110,48 +106,10 @@ function merge_config_file { # need to strip leading & trailing whitespace from value sub(/^[ \t]*/, "", value) sub(/[ \t]*$/, "", value) - - # cfg_attr_count: number of config lines per [section, attr] - # cfg_attr: two dimensional array to keep all the config lines per [section, attr] - # cfg_section: keep the section names in the same order as they appear in local.conf - # cfg_sec_attr_name: keep the attr names in the same order as they appear in local.conf - if (! (section, attr) in cfg_attr_count) { - if (section != last_section) { - cfg_section[section_count++] = section - last_section = section - } - attr_count = cfg_sec_attr_count[section_count - 1]++ - cfg_sec_attr_name[section_count - 1][attr_count] = attr - - cfg_attr[section, attr][0] = value - cfg_attr_count[section, attr] = 1 - } else { - lno = cfg_attr_count[section, attr]++ - cfg_attr[section, attr][lno] = value - } - } - END { - # Process each section in order - for (sno = 0; sno < section_count; sno++) { - section = cfg_section[sno] - # The ini routines simply append a config item immediately - # after the section header. To keep the same order as defined - # in local.conf, invoke the ini routines in the reverse order - for (attr_no = cfg_sec_attr_count[sno] - 1; attr_no >=0; attr_no--) { - attr = cfg_sec_attr_name[sno][attr_no] - if (cfg_attr_count[section, attr] == 1) - print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr][0] "\x27" - else { - # For multiline, invoke the ini routines in the reverse order - count = cfg_attr_count[section, attr] - print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr][count - 1] "\x27" - for (l = count -2; l >= 0; l--) - print "iniadd_literal " configfile " " section " " attr " \x27" cfg_attr[section, attr][l] "\x27" - } - } - } + print "iniset " configfile " " section " " attr " \x27" value "\x27" } ' | while read a; do eval "$a"; done + } diff --git a/tests/test_config.sh b/tests/test_config.sh index 696e57f909..6fff29c396 100755 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -104,27 +104,6 @@ drivers = driver=python.import.path.Driver [DEFAULT] # next line has trailing space attr = strip_trailing_space - -[[test-multi-sections|test-multi-sections.conf]] -[sec-1] -cfg_item1 = abcd -cfg_item2 = efgh - -[sec-2] -cfg_item1 = abcd -cfg_item3 = /1/2/3/4:5 -cfg_item4 = end - -[sec-3] -cfg_item5 = 5555 -cfg_item6 = 6666 -cfg_item5 = 5555another - -[[test-multiline|test-multiline.conf]] -[multi] -cfg_item1 = "ab":"cd", "ef": "gh" -cfg_item1 = abcd -cfg_item2 = efgh EOF echo -n "get_meta_section_files: test0 doesn't exist: " @@ -206,39 +185,8 @@ VAL=$(cat test2a.conf) # iniset adds a blank line if it creates the file... EXPECT_VAL=" [ddd] -type = new -additional = true" -check_result "$VAL" "$EXPECT_VAL" - -echo -n "merge_config_file test-multi-sections: " -rm -f test-multi-sections.conf -merge_config_file test.conf test-multi-sections test-multi-sections.conf -VAL=$(cat test-multi-sections.conf) -EXPECT_VAL=' -[sec-1] -cfg_item1 = abcd -cfg_item2 = efgh - -[sec-2] -cfg_item1 = abcd -cfg_item3 = /1/2/3/4:5 -cfg_item4 = end - -[sec-3] -cfg_item5 = 5555 -cfg_item5 = 5555another -cfg_item6 = 6666' -check_result "$VAL" "$EXPECT_VAL" - -echo -n "merge_config_file test-multiline: " -rm -f test-multiline.conf -merge_config_file test.conf test-multiline test-multiline.conf -VAL=$(cat test-multiline.conf) -EXPECT_VAL=' -[multi] -cfg_item1 = "ab":"cd", "ef": "gh" -cfg_item1 = abcd -cfg_item2 = efgh' +additional = true +type = new" check_result "$VAL" "$EXPECT_VAL" echo -n "merge_config_group test2: " @@ -248,8 +196,8 @@ VAL=$(cat test2a.conf) # iniset adds a blank line if it creates the file... EXPECT_VAL=" [ddd] -type = new -additional = true" +additional = true +type = new" check_result "$VAL" "$EXPECT_VAL" echo -n "merge_config_group test2 no conf file: " @@ -320,5 +268,4 @@ attr = strip_trailing_space" check_result "$VAL" "$EXPECT_VAL" rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf -rm -f test-multiline.conf test-multi-sections.conf rm -rf test-etc From e0d6a46b8afaeacc070a84f58ecf8e03ffe8275c Mon Sep 17 00:00:00 2001 From: Kevin Benton Date: Tue, 14 Oct 2014 04:54:42 -0700 Subject: [PATCH 0059/3421] Add test case for colon in value Adds a test case for a colon in a value Change-Id: Ica56b8af5fa59a008cfe96424b1d3e17fd6cf7d6 --- tests/test_config.sh | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tests/test_config.sh b/tests/test_config.sh index 6fff29c396..50e8d7b2e6 100755 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -103,7 +103,11 @@ drivers = driver=python.import.path.Driver [[test6|test-strip.conf]] [DEFAULT] # next line has trailing space -attr = strip_trailing_space +attr = strip_trailing_space + +[[test7|test-colon.conf]] +[DEFAULT] +servers=10.11.12.13:80 EOF echo -n "get_meta_section_files: test0 doesn't exist: " @@ -267,5 +271,14 @@ EXPECT_VAL=" attr = strip_trailing_space" check_result "$VAL" "$EXPECT_VAL" -rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf +echo -n "merge_config_file test7 colon in value: " +rm -f test-colon.conf +merge_config_file test.conf test7 test-colon.conf +VAL=$(cat test-colon.conf) +EXPECT_VAL=" +[DEFAULT] +servers = 10.11.12.13:80" +check_result "$VAL" "$EXPECT_VAL" + +rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf test-colon.conf rm -rf test-etc From ebb983d3f218e276bbcda5875d513b8d4dae9d3c Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 7 Oct 2014 13:13:28 -0700 Subject: [PATCH 0060/3421] Make the tox docs env build the docs The tools/build_docs script builds the docs for devstack. Use it. Change-Id: I530ff6c8090f2c58160cb11bee35534b79db52ed --- tox.ini | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 325adae288..3677631c5e 100644 --- a/tox.ini +++ b/tox.ini @@ -13,4 +13,11 @@ whitelist_externals = bash commands = bash -c "find {toxinidir} -not -wholename \*.tox/\* -and \( -name \*.sh -or -name \*rc -or -name functions\* -or \( -wholename lib/\* -and -not -name \*.md \) \) -print0 | xargs -0 bashate -v" [testenv:docs] -commands = python setup.py build_sphinx +deps = + Pygments + docutils +whitelist_externals = bash +setenv = + TOP_DIR={toxinidir} + INSTALL_SHOCCO=true +commands = bash tools/build_docs.sh From 0cbddea50d9651342647884bf9b8733354238884 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 7 Oct 2014 13:25:01 -0700 Subject: [PATCH 0061/3421] Move the doc paths to match other repos In order to build in the Infra system, we'd like to be able to reuse the existing doc build macros. To support that, move docs/source to doc/source and docs/html to doc/build/html. Change-Id: Ibd8e8e82e54c69b182120df67e6ec6908fed2908 --- .gitignore | 4 ++-- {docs => doc}/source/assets/css/bootstrap.css | 0 {docs => doc}/source/assets/css/local.css | 0 {docs => doc}/source/assets/images/devstack.png | Bin {docs => doc}/source/assets/images/header_bg.png | Bin {docs => doc}/source/assets/images/logo.png | Bin {docs => doc}/source/assets/images/quickstart.png | Bin {docs => doc}/source/assets/images/small_logo.png | Bin {docs => doc}/source/assets/js/bootstrap.js | 0 {docs => doc}/source/assets/js/bootstrap.min.js | 0 {docs => doc}/source/assets/js/jquery-1.7.1.min.js | 0 {docs => doc}/source/changes.html | 0 {docs => doc}/source/configuration.html | 0 {docs => doc}/source/contributing.html | 0 {docs => doc}/source/eucarc.html | 0 {docs => doc}/source/exerciserc.html | 0 {docs => doc}/source/faq.html | 0 {docs => doc}/source/guides/multinode-lab.html | 0 {docs => doc}/source/guides/pxe-boot.html | 0 {docs => doc}/source/guides/ramdisk.html | 0 {docs => doc}/source/guides/single-machine.html | 0 {docs => doc}/source/guides/single-vm.html | 0 {docs => doc}/source/guides/usb-boot.html | 0 {docs => doc}/source/index.html | 0 {docs => doc}/source/local.conf.html | 0 {docs => doc}/source/localrc.html | 0 {docs => doc}/source/openrc.html | 0 {docs => doc}/source/overview.html | 0 {docs => doc}/source/plugins.html | 0 {docs => doc}/source/stackrc.html | 0 tools/build_docs.sh | 8 ++++---- 31 files changed, 6 insertions(+), 6 deletions(-) rename {docs => doc}/source/assets/css/bootstrap.css (100%) rename {docs => doc}/source/assets/css/local.css (100%) rename {docs => doc}/source/assets/images/devstack.png (100%) rename {docs => doc}/source/assets/images/header_bg.png (100%) rename {docs => doc}/source/assets/images/logo.png (100%) rename {docs => doc}/source/assets/images/quickstart.png (100%) rename {docs => doc}/source/assets/images/small_logo.png (100%) rename {docs => doc}/source/assets/js/bootstrap.js (100%) rename {docs => doc}/source/assets/js/bootstrap.min.js (100%) rename {docs => doc}/source/assets/js/jquery-1.7.1.min.js (100%) rename {docs => doc}/source/changes.html (100%) rename {docs => doc}/source/configuration.html (100%) rename {docs => doc}/source/contributing.html (100%) rename {docs => doc}/source/eucarc.html (100%) rename {docs => doc}/source/exerciserc.html (100%) rename {docs => doc}/source/faq.html (100%) rename {docs => doc}/source/guides/multinode-lab.html (100%) rename {docs => doc}/source/guides/pxe-boot.html (100%) rename {docs => doc}/source/guides/ramdisk.html (100%) rename {docs => doc}/source/guides/single-machine.html (100%) rename {docs => doc}/source/guides/single-vm.html (100%) rename {docs => doc}/source/guides/usb-boot.html (100%) rename {docs => doc}/source/index.html (100%) rename {docs => doc}/source/local.conf.html (100%) rename {docs => doc}/source/localrc.html (100%) rename {docs => doc}/source/openrc.html (100%) rename {docs => doc}/source/overview.html (100%) rename {docs => doc}/source/plugins.html (100%) rename {docs => doc}/source/stackrc.html (100%) diff --git a/.gitignore b/.gitignore index b0a65f59cd..67ab722190 100644 --- a/.gitignore +++ b/.gitignore @@ -8,8 +8,8 @@ .tox .stackenv accrc -docs/files -docs/html +doc/files +doc/build files/*.gz files/*.qcow2 files/images diff --git a/docs/source/assets/css/bootstrap.css b/doc/source/assets/css/bootstrap.css similarity index 100% rename from docs/source/assets/css/bootstrap.css rename to doc/source/assets/css/bootstrap.css diff --git a/docs/source/assets/css/local.css b/doc/source/assets/css/local.css similarity index 100% rename from docs/source/assets/css/local.css rename to doc/source/assets/css/local.css diff --git a/docs/source/assets/images/devstack.png b/doc/source/assets/images/devstack.png similarity index 100% rename from docs/source/assets/images/devstack.png rename to doc/source/assets/images/devstack.png diff --git a/docs/source/assets/images/header_bg.png b/doc/source/assets/images/header_bg.png similarity index 100% rename from docs/source/assets/images/header_bg.png rename to doc/source/assets/images/header_bg.png diff --git a/docs/source/assets/images/logo.png b/doc/source/assets/images/logo.png similarity index 100% rename from docs/source/assets/images/logo.png rename to doc/source/assets/images/logo.png diff --git a/docs/source/assets/images/quickstart.png b/doc/source/assets/images/quickstart.png similarity index 100% rename from docs/source/assets/images/quickstart.png rename to doc/source/assets/images/quickstart.png diff --git a/docs/source/assets/images/small_logo.png b/doc/source/assets/images/small_logo.png similarity index 100% rename from docs/source/assets/images/small_logo.png rename to doc/source/assets/images/small_logo.png diff --git a/docs/source/assets/js/bootstrap.js b/doc/source/assets/js/bootstrap.js similarity index 100% rename from docs/source/assets/js/bootstrap.js rename to doc/source/assets/js/bootstrap.js diff --git a/docs/source/assets/js/bootstrap.min.js b/doc/source/assets/js/bootstrap.min.js similarity index 100% rename from docs/source/assets/js/bootstrap.min.js rename to doc/source/assets/js/bootstrap.min.js diff --git a/docs/source/assets/js/jquery-1.7.1.min.js b/doc/source/assets/js/jquery-1.7.1.min.js similarity index 100% rename from docs/source/assets/js/jquery-1.7.1.min.js rename to doc/source/assets/js/jquery-1.7.1.min.js diff --git a/docs/source/changes.html b/doc/source/changes.html similarity index 100% rename from docs/source/changes.html rename to doc/source/changes.html diff --git a/docs/source/configuration.html b/doc/source/configuration.html similarity index 100% rename from docs/source/configuration.html rename to doc/source/configuration.html diff --git a/docs/source/contributing.html b/doc/source/contributing.html similarity index 100% rename from docs/source/contributing.html rename to doc/source/contributing.html diff --git a/docs/source/eucarc.html b/doc/source/eucarc.html similarity index 100% rename from docs/source/eucarc.html rename to doc/source/eucarc.html diff --git a/docs/source/exerciserc.html b/doc/source/exerciserc.html similarity index 100% rename from docs/source/exerciserc.html rename to doc/source/exerciserc.html diff --git a/docs/source/faq.html b/doc/source/faq.html similarity index 100% rename from docs/source/faq.html rename to doc/source/faq.html diff --git a/docs/source/guides/multinode-lab.html b/doc/source/guides/multinode-lab.html similarity index 100% rename from docs/source/guides/multinode-lab.html rename to doc/source/guides/multinode-lab.html diff --git a/docs/source/guides/pxe-boot.html b/doc/source/guides/pxe-boot.html similarity index 100% rename from docs/source/guides/pxe-boot.html rename to doc/source/guides/pxe-boot.html diff --git a/docs/source/guides/ramdisk.html b/doc/source/guides/ramdisk.html similarity index 100% rename from docs/source/guides/ramdisk.html rename to doc/source/guides/ramdisk.html diff --git a/docs/source/guides/single-machine.html b/doc/source/guides/single-machine.html similarity index 100% rename from docs/source/guides/single-machine.html rename to doc/source/guides/single-machine.html diff --git a/docs/source/guides/single-vm.html b/doc/source/guides/single-vm.html similarity index 100% rename from docs/source/guides/single-vm.html rename to doc/source/guides/single-vm.html diff --git a/docs/source/guides/usb-boot.html b/doc/source/guides/usb-boot.html similarity index 100% rename from docs/source/guides/usb-boot.html rename to doc/source/guides/usb-boot.html diff --git a/docs/source/index.html b/doc/source/index.html similarity index 100% rename from docs/source/index.html rename to doc/source/index.html diff --git a/docs/source/local.conf.html b/doc/source/local.conf.html similarity index 100% rename from docs/source/local.conf.html rename to doc/source/local.conf.html diff --git a/docs/source/localrc.html b/doc/source/localrc.html similarity index 100% rename from docs/source/localrc.html rename to doc/source/localrc.html diff --git a/docs/source/openrc.html b/doc/source/openrc.html similarity index 100% rename from docs/source/openrc.html rename to doc/source/openrc.html diff --git a/docs/source/overview.html b/doc/source/overview.html similarity index 100% rename from docs/source/overview.html rename to doc/source/overview.html diff --git a/docs/source/plugins.html b/doc/source/plugins.html similarity index 100% rename from docs/source/plugins.html rename to doc/source/plugins.html diff --git a/docs/source/stackrc.html b/doc/source/stackrc.html similarity index 100% rename from docs/source/stackrc.html rename to doc/source/stackrc.html diff --git a/tools/build_docs.sh b/tools/build_docs.sh index 96bd8924d6..f52b179b7e 100755 --- a/tools/build_docs.sh +++ b/tools/build_docs.sh @@ -4,7 +4,7 @@ # # - Install shocco if not found on PATH and INSTALL_SHOCCO is set # - Clone MASTER_REPO branch MASTER_BRANCH -# - Re-creates ``docs/html`` directory from existing repo + new generated script docs +# - Re-creates ``doc/build/html`` directory from existing repo + new generated script docs # Usage: ## build_docs.sh [-o ] [-g] [master| []] @@ -29,8 +29,8 @@ MASTER_BRANCH=${MASTER_BRANCH:-master} # http://devstack.org is a GitHub gh-pages site in the https://github.com/cloudbuilders/devtack.git repo GH_PAGES_REPO=git@github.com:cloudbuilders/devstack.git -DOCS_SOURCE=docs/source -HTML_BUILD=docs/html +DOCS_SOURCE=doc/source +HTML_BUILD=doc/build/html # Keep track of the devstack directory TOP_DIR=$(cd $(dirname "$0")/.. && pwd) @@ -136,7 +136,7 @@ for f in $(find functions functions-common lib samples -type f -name \*); do mkdir -p $FQ_HTML_BUILD/`dirname $f`; $SHOCCO $f > $FQ_HTML_BUILD/$f.html done -echo "$FILES" >docs/files +echo "$FILES" >doc/files if [[ -n $GH_UPDATE ]]; then GH_ROOT=$(mktemp -d work-gh-XXXX) From efdaafc0f973acdb3fc878434acb3b982e35ccaf Mon Sep 17 00:00:00 2001 From: Chris Dent Date: Tue, 14 Oct 2014 21:08:32 +0100 Subject: [PATCH 0062/3421] Use $() instead of `` There are other instances of this in other files, just tidying ceilometer at the moment. Change-Id: I136a20d7ac50fdf02cbd1102613e324e313b7b0a --- lib/ceilometer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ceilometer b/lib/ceilometer index 9bb31218a0..26c698cf5c 100644 --- a/lib/ceilometer +++ b/lib/ceilometer @@ -178,7 +178,7 @@ function configure_ceilometer { configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then - iniset $CEILOMETER_CONF database connection `database_connection_url ceilometer` + iniset $CEILOMETER_CONF database connection $(database_connection_url ceilometer) iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS else iniset $CEILOMETER_CONF database connection mongodb://localhost:27017/ceilometer From 8f38572588af308d433a3bd7fbd93163348d98d3 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Tue, 14 Oct 2014 15:50:18 -0700 Subject: [PATCH 0063/3421] support proposed/* branches Provide support for named proposed branches for selection logic This syncs the get_release_name_from_branch() function from grenade. Change-Id: I1adabf07cdc3ea6863cd30d8b6454fb40fc20288 --- functions-common | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/functions-common b/functions-common index 1f90da76b0..333f31da02 100644 --- a/functions-common +++ b/functions-common @@ -549,8 +549,7 @@ function is_ubuntu { # ``get_release_name_from_branch branch-name`` function get_release_name_from_branch { local branch=$1 - - if [[ $branch =~ "stable/" ]]; then + if [[ $branch =~ "stable/" || $branch =~ "proposed/" ]]; then echo ${branch#*/} else echo "master" From 014564873e98f521338f8bf3ac97e1a7e96ecc9c Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Tue, 14 Oct 2014 18:53:53 -0400 Subject: [PATCH 0064/3421] Set Tempest storage protocol and vendor w/o setting driver Set TEMPEST_STORAGE_PROTOCOL and TEMPEST_VOLUME_VENDOR if they are changed from their defaults, or if TEMPEST_VOLUME_DRIVER is changed. This maintains the current behavior of setting these options if TEMPEST_VOLUME_DRIVER is set to something other than "default". Change-Id: I1fb7f5db0446f97de48b97a6f451882cc51c51a4 --- lib/tempest | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/tempest b/lib/tempest index d677c7e33c..3c37918018 100644 --- a/lib/tempest +++ b/lib/tempest @@ -64,8 +64,10 @@ BOTO_MATERIALS_PATH="$FILES/images/s3-materials/cirros-${CIRROS_VERSION}" # Cinder/Volume variables TEMPEST_VOLUME_DRIVER=${TEMPEST_VOLUME_DRIVER:-default} -TEMPEST_VOLUME_VENDOR=${TEMPEST_VOLUME_VENDOR:-"Open Source"} -TEMPEST_STORAGE_PROTOCOL=${TEMPEST_STORAGE_PROTOCOL:-iSCSI} +TEMPEST_DEFAULT_VOLUME_VENDOR="Open Source" +TEMPEST_VOLUME_VENDOR=${TEMPEST_VOLUME_VENDOR:-$TEMPEST_DEFAULT_VOLUME_VENDOR} +TEMPEST_DEFAULT_STORAGE_PROTOCOL="iSCSI" +TEMPEST_STORAGE_PROTOCOL=${TEMPEST_STORAGE_PROTOCOL:-$TEMPEST_DEFAULT_STORAGE_PROTOCOL} # Neutron/Network variables IPV6_ENABLED=$(trueorfalse True $IPV6_ENABLED) @@ -369,8 +371,12 @@ function configure_tempest { iniset $TEMPEST_CONFIG volume backend2_name "LVM_iSCSI_2" fi - if [ $TEMPEST_VOLUME_DRIVER != "default" ]; then + if [ $TEMPEST_VOLUME_DRIVER != "default" -o \ + $TEMPEST_VOLUME_VENDOR != $TEMPEST_DEFAULT_VOLUME_VENDOR ]; then iniset $TEMPEST_CONFIG volume vendor_name "$TEMPEST_VOLUME_VENDOR" + fi + if [ $TEMPEST_VOLUME_DRIVER != "default" -o \ + $TEMPEST_STORAGE_PROTOCOL != $TEMPEST_DEFAULT_STORAGE_PROTOCOL ]; then iniset $TEMPEST_CONFIG volume storage_protocol $TEMPEST_STORAGE_PROTOCOL fi From 2a324dd2ec51be4485eafe10a31c75bcc238144d Mon Sep 17 00:00:00 2001 From: Mate Lakat Date: Wed, 15 Oct 2014 17:40:41 +0200 Subject: [PATCH 0065/3421] XenAPI: Add exit point after JEOS installation If the user only want to run the installation of Ubuntu - to export the template as an xva, it just needs to specify a non-empty value for: EXIT_AFTER_JEOS_INSTALLATION And the script will exit after the jeos template has been created. Change-Id: I558e2f2b18ee23c15c7e46e2f7e74543cf26b750 --- tools/xen/install_os_domU.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh index 75d56a8465..439db68120 100755 --- a/tools/xen/install_os_domU.sh +++ b/tools/xen/install_os_domU.sh @@ -244,6 +244,11 @@ else vm_uuid=$(xe vm-install template="$TNAME" new-name-label="$GUEST_NAME") fi +if [ -n "${EXIT_AFTER_JEOS_INSTALLATION:-}" ]; then + echo "User requested to quit after JEOS instalation" + exit 0 +fi + # # Prepare VM for DevStack # From a1707c7ef0a580bb8f5323ea3d060d0e82d831d7 Mon Sep 17 00:00:00 2001 From: Mate Lakat Date: Wed, 15 Oct 2014 16:56:23 +0200 Subject: [PATCH 0066/3421] XenAPI: Fix vimrc DevStack installs a default minimal .vimrc file for the stack user. Unfortunately the `syntax on` config line is not recognised by the vim installed in DomU. It results in an annoying message being displayed whenever the user is using vi. To avoid this issue, removing the `syntax on` line. Change-Id: I224465cc3cdba3464ea0a9a751f250ecb6ddc9f3 --- tools/xen/prepare_guest.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh index cd189db803..7383c91e37 100755 --- a/tools/xen/prepare_guest.sh +++ b/tools/xen/prepare_guest.sh @@ -114,7 +114,6 @@ function setup_vimrc { if [ ! -e $1 ]; then # Simple but usable vimrc cat > $1 < Date: Wed, 15 Oct 2014 16:42:40 +0200 Subject: [PATCH 0067/3421] XenAPI: Always update apt sources If an appliance is used as a base OS, the user might want to use that in a different region. With this change we always update the used mirrors in the template. Change-Id: I7a119664efac1124e54064311c243c63c2a7944b --- tools/xen/prepare_guest_template.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tools/xen/prepare_guest_template.sh b/tools/xen/prepare_guest_template.sh index e6a7e025b0..2d3b89821f 100755 --- a/tools/xen/prepare_guest_template.sh +++ b/tools/xen/prepare_guest_template.sh @@ -93,3 +93,28 @@ EOF # Need to set barrier=0 to avoid a Xen bug # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/824089 sed -i -e 's/errors=/barrier=0,errors=/' $STAGING_DIR/etc/fstab + +# Update ubuntu repositories +cat > $STAGING_DIR/etc/apt/sources.list << EOF +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} main restricted +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} main restricted +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-updates main restricted +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-updates main restricted +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} universe +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} universe +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-updates universe +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-updates universe +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} multiverse +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} multiverse +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-updates multiverse +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-updates multiverse +deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-backports main restricted universe multiverse +deb-src http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE}-backports main restricted universe multiverse + +deb http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security main restricted +deb-src http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security main restricted +deb http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security universe +deb-src http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security universe +deb http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security multiverse +deb-src http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security multiverse +EOF From 751ad1aadf8447c2b6945b6ae4ab73bf71a244ca Mon Sep 17 00:00:00 2001 From: Robert Li Date: Wed, 15 Oct 2014 21:40:53 -0400 Subject: [PATCH 0068/3421] Allow multi-line config items in meta-section of local.conf It would behave such as the contents from each meta-section in local.conf is copied to the destination files. One exception is the multiline options not grouped together. In that case, the contents will be grouped together in its destination config file. Check tests/test_config.sh for examples. This was originally committed in https://review.openstack.org/128805. But the original change used AWK syntax that is not supported in AWK 3.1.8, and caused syntax error on servers with that AWK version. This patch makes the necessary change so that it's compatible with AWK 3.1.8. Change-Id: Id1e1fe01f05bd0f19ea6e89c4f4c0f8be695dfce Partial-Bug: #1374118 --- functions-common | 27 ++++++++++++++++++++ lib/config | 48 +++++++++++++++++++++++++++++++--- tests/test_config.sh | 61 +++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 129 insertions(+), 7 deletions(-) diff --git a/functions-common b/functions-common index 9f4acfec1e..333f31da02 100644 --- a/functions-common +++ b/functions-common @@ -119,6 +119,33 @@ function ini_has_option { [ -n "$line" ] } +# Add another config line for a multi-line option. +# It's normally called after iniset of the same option and assumes +# that the section already exists. +# +# Note that iniset_multiline requires all the 'lines' to be supplied +# in the argument list. Doing that will cause incorrect configuration +# if spaces are used in the config values. +# +# iniadd_literal config-file section option value +function iniadd_literal { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local file=$1 + local section=$2 + local option=$3 + local value=$4 + + [[ -z $section || -z $option ]] && return + + # Add it + sed -i -e "/^\[$section\]/ a\\ +$option = $value +" "$file" + + $xtrace +} + # Set an option in an INI file # iniset config-file section option value function iniset { diff --git a/lib/config b/lib/config index b44e79aa3d..a4d59a31c9 100644 --- a/lib/config +++ b/lib/config @@ -86,7 +86,11 @@ function merge_config_file { # having to do nasty quoting games get_meta_section $file $matchgroup $configfile | \ $CONFIG_AWK_CMD -v configfile=$configfile ' - BEGIN { section = "" } + BEGIN { + section = "" + last_section = "" + section_count = 0 + } /^\[.+\]/ { gsub("[][]", "", $1); section=$1 @@ -106,10 +110,48 @@ function merge_config_file { # need to strip leading & trailing whitespace from value sub(/^[ \t]*/, "", value) sub(/[ \t]*$/, "", value) - print "iniset " configfile " " section " " attr " \x27" value "\x27" + + # cfg_attr_count: number of config lines per [section, attr] + # cfg_attr: three dimensional array to keep all the config lines per [section, attr] + # cfg_section: keep the section names in the same order as they appear in local.conf + # cfg_sec_attr_name: keep the attr names in the same order as they appear in local.conf + if (! (section, attr) in cfg_attr_count) { + if (section != last_section) { + cfg_section[section_count++] = section + last_section = section + } + attr_count = cfg_sec_attr_count[section_count - 1]++ + cfg_sec_attr_name[section_count - 1, attr_count] = attr + + cfg_attr[section, attr, 0] = value + cfg_attr_count[section, attr] = 1 + } else { + lno = cfg_attr_count[section, attr]++ + cfg_attr[section, attr, lno] = value + } + } + END { + # Process each section in order + for (sno = 0; sno < section_count; sno++) { + section = cfg_section[sno] + # The ini routines simply append a config item immediately + # after the section header. To keep the same order as defined + # in local.conf, invoke the ini routines in the reverse order + for (attr_no = cfg_sec_attr_count[sno] - 1; attr_no >=0; attr_no--) { + attr = cfg_sec_attr_name[sno, attr_no] + if (cfg_attr_count[section, attr] == 1) + print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr, 0] "\x27" + else { + # For multiline, invoke the ini routines in the reverse order + count = cfg_attr_count[section, attr] + print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr, count - 1] "\x27" + for (l = count -2; l >= 0; l--) + print "iniadd_literal " configfile " " section " " attr " \x27" cfg_attr[section, attr, l] "\x27" + } + } + } } ' | while read a; do eval "$a"; done - } diff --git a/tests/test_config.sh b/tests/test_config.sh index 50e8d7b2e6..cd74cee6f0 100755 --- a/tests/test_config.sh +++ b/tests/test_config.sh @@ -108,6 +108,27 @@ attr = strip_trailing_space [[test7|test-colon.conf]] [DEFAULT] servers=10.11.12.13:80 + +[[test-multi-sections|test-multi-sections.conf]] +[sec-1] +cfg_item1 = abcd +cfg_item2 = efgh + +[sec-2] +cfg_item1 = abcd +cfg_item3 = /1/2/3/4:5 +cfg_item4 = end + +[sec-3] +cfg_item5 = 5555 +cfg_item6 = 6666 +cfg_item5 = 5555another + +[[test-multiline|test-multiline.conf]] +[multi] +cfg_item1 = "ab":"cd", "ef": "gh" +cfg_item1 = abcd +cfg_item2 = efgh EOF echo -n "get_meta_section_files: test0 doesn't exist: " @@ -189,8 +210,39 @@ VAL=$(cat test2a.conf) # iniset adds a blank line if it creates the file... EXPECT_VAL=" [ddd] -additional = true -type = new" +type = new +additional = true" +check_result "$VAL" "$EXPECT_VAL" + +echo -n "merge_config_file test-multi-sections: " +rm -f test-multi-sections.conf +merge_config_file test.conf test-multi-sections test-multi-sections.conf +VAL=$(cat test-multi-sections.conf) +EXPECT_VAL=' +[sec-1] +cfg_item1 = abcd +cfg_item2 = efgh + +[sec-2] +cfg_item1 = abcd +cfg_item3 = /1/2/3/4:5 +cfg_item4 = end + +[sec-3] +cfg_item5 = 5555 +cfg_item5 = 5555another +cfg_item6 = 6666' +check_result "$VAL" "$EXPECT_VAL" + +echo -n "merge_config_file test-multiline: " +rm -f test-multiline.conf +merge_config_file test.conf test-multiline test-multiline.conf +VAL=$(cat test-multiline.conf) +EXPECT_VAL=' +[multi] +cfg_item1 = "ab":"cd", "ef": "gh" +cfg_item1 = abcd +cfg_item2 = efgh' check_result "$VAL" "$EXPECT_VAL" echo -n "merge_config_group test2: " @@ -200,8 +252,8 @@ VAL=$(cat test2a.conf) # iniset adds a blank line if it creates the file... EXPECT_VAL=" [ddd] -additional = true -type = new" +type = new +additional = true" check_result "$VAL" "$EXPECT_VAL" echo -n "merge_config_group test2 no conf file: " @@ -281,4 +333,5 @@ servers = 10.11.12.13:80" check_result "$VAL" "$EXPECT_VAL" rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf test-colon.conf +rm -f test-multiline.conf test-multi-sections.conf rm -rf test-etc From 09fb7baff50cfa2d7ca4b5678d3a535842f019c5 Mon Sep 17 00:00:00 2001 From: Swapnil Kulkarni Date: Thu, 16 Oct 2014 06:30:28 +0000 Subject: [PATCH 0069/3421] Update multiple backend configuration in tempest script Currently when we configure the tempest with multiple LVM backends the backend names are created as LVM_iSCSI and LVM_iSCSI_2 which fails since the backends created by cinder are lvmdriver-1 and lvmdriver-2. This patch updates the backend names. Added support for CINDER_ENABLED_BACKENDS and added todo to remove CINDER_MULTI_LVM_BACKEND once its formally removed Closes-Bug:#1369946 Closes-Bug:#1369942 Change-Id: If44f5eb206616afb0fbaf333f3fa6a296d4650cd --- lib/tempest | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/tempest b/lib/tempest index d677c7e33c..40d223bd91 100644 --- a/lib/tempest +++ b/lib/tempest @@ -28,6 +28,7 @@ # - ``DEFAULT_INSTANCE_TYPE`` # - ``DEFAULT_INSTANCE_USER`` # - ``CINDER_MULTI_LVM_BACKEND`` +# - ``CINDER_ENABLED_BACKENDS`` # # ``stack.sh`` calls the entry points in this order: # @@ -362,11 +363,17 @@ function configure_tempest { if ! is_service_enabled c-bak; then iniset $TEMPEST_CONFIG volume-feature-enabled backup False fi - CINDER_MULTI_LVM_BACKEND=$(trueorfalse False $CINDER_MULTI_LVM_BACKEND) - if [ $CINDER_MULTI_LVM_BACKEND == "True" ]; then + + # Using CINDER_ENABLED_BACKENDS + if [[ -n "$CINDER_ENABLED_BACKENDS" ]] && [[ $CINDER_ENABLED_BACKENDS =~ .*,.* ]]; then iniset $TEMPEST_CONFIG volume-feature-enabled multi_backend "True" - iniset $TEMPEST_CONFIG volume backend1_name "LVM_iSCSI" - iniset $TEMPEST_CONFIG volume backend2_name "LVM_iSCSI_2" + local i=1 + local be + for be in ${CINDER_ENABLED_BACKENDS//,/ }; do + local be_name=${be##*:} + iniset $TEMPEST_CONFIG volume "backend${i}_name" "$be_name" + i=$(( i + 1 )) + done fi if [ $TEMPEST_VOLUME_DRIVER != "default" ]; then From 3d6d89935f13635d3fe982ccf870c017155ea903 Mon Sep 17 00:00:00 2001 From: Kyle Mestery Date: Wed, 15 Oct 2014 16:30:15 +0000 Subject: [PATCH 0070/3421] Update the OpenDaylight support to the Helium release The OpenDaylight project recently released their latest release, codenamed Helium. This commit updates the devstack support for OpenDaylight to this new version, which includes changes to configuration files as well as the startup of OpenDaylight itself. Also update my email address in MAINTAINERS.rst. Change-Id: I124b5e7e8ef7feb6c90de907916a9530409c4ad4 --- MAINTAINERS.rst | 2 +- lib/opendaylight | 36 ++++++++++++++++++++++++++---------- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst index d754c08e74..d55135de64 100644 --- a/MAINTAINERS.rst +++ b/MAINTAINERS.rst @@ -48,7 +48,7 @@ Neutron OpenDaylight ~~~~~~~~~~~~ -* Kyle Mestery +* Kyle Mestery OpenFlow Agent (ofagent) ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/opendaylight b/lib/opendaylight index cc29debd05..374de953c6 100644 --- a/lib/opendaylight +++ b/lib/opendaylight @@ -48,10 +48,10 @@ ODL_PASSWORD=${ODL_PASSWORD:-admin} ODL_DIR=$DEST/opendaylight # The OpenDaylight Package, currently using 'Hydrogen' release -ODL_PKG=${ODL_PKG:-distributions-virtualization-0.1.1-osgipackage.zip} +ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.0-Helium.zip} # The OpenDaylight URL -ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/opendaylight.release/org/opendaylight/integration/distributions-virtualization/0.1.1} +ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.2.0-Helium} # Default arguments for OpenDaylight. This is typically used to set # Java memory options. @@ -59,11 +59,14 @@ ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/opendayli ODL_ARGS=${ODL_ARGS:-"-XX:MaxPermSize=384m"} # How long to pause after ODL starts to let it complete booting -ODL_BOOT_WAIT=${ODL_BOOT_WAIT:-60} +ODL_BOOT_WAIT=${ODL_BOOT_WAIT:-20} # The physical provider network to device mapping ODL_PROVIDER_MAPPINGS=${ODL_PROVIDER_MAPPINGS:-physnet1:eth1} +# Enable OpenDaylight l3 forwarding +ODL_L3=${ODL_L3:-False} + # Entry Points # ------------ @@ -83,11 +86,26 @@ function cleanup_opendaylight { # configure_opendaylight() - Set config files, create data dirs, etc function configure_opendaylight { - # Remove simple forwarder - rm -f $ODL_DIR/opendaylight/plugins/org.opendaylight.controller.samples.simpleforwarding* + # Add odl-ovsdb-openstack if it's not already there + local ODLOVSDB=$(cat $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/org.apache.karaf.features.cfg | grep featuresBoot= | grep odl) + if [ "$ODLOVSDB" == "" ]; then + sed -i '/^featuresBoot=/ s/$/,odl-ovsdb-openstack/' $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/org.apache.karaf.features.cfg + fi - # Configure OpenFlow 1.3 - echo "ovsdb.of.version=1.3" >> $ODL_DIR/opendaylight/configuration/config.ini + # Configure OpenFlow 1.3 if it's not there + local OFLOW13=$(cat $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties | grep ^of.version) + if [ "$OFLOW13" == "" ]; then + echo "ovsdb.of.version=1.3" >> $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties + fi + + # Configure L3 if the user wants it + if [ "${ODL_L3}" == "True" ]; then + # Configure L3 FWD if it's not there + local L3FWD=$(cat $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties | grep ^ovsdb.l3.fwd.enabled) + if [ "$L3FWD" == "" ]; then + echo "ovsdb.l3.fwd.enabled=yes" >> $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties + fi + fi } function configure_ml2_odl { @@ -138,9 +156,7 @@ function start_opendaylight { # -of13: runs ODL using OpenFlow 1.3 protocol support. # -virt ovsdb: Runs ODL in "virtualization" mode with OVSDB support - # NOTE(chdent): Leaving this as screen_it instead of run_process until - # the right thing for this service is determined. - screen_it odl-server "cd $ODL_DIR/opendaylight && JAVA_HOME=$JHOME ./run.sh $ODL_ARGS -of13 -virt ovsdb" + run_process odl-server "cd $ODL_DIR/distribution-karaf-0.2.0-Helium && JAVA_HOME=$JHOME bin/karaf" # Sleep a bit to let OpenDaylight finish starting up sleep $ODL_BOOT_WAIT From 0f18c23de880a38c15aa4bb5d3a8f114f48dfe20 Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Fri, 12 Sep 2014 23:44:58 +0900 Subject: [PATCH 0071/3421] ofagent: Support physical_interface_mappings Also, add a knob to create a veth pair instead of a bridge to provide host connectivity for l3-agent. (Q_USE_PUBLIC_VETH) Related: blueprint ofagent-physical-interface-mappings Change-Id: I4c2538f0fd3fb05bfdb69e7e4c3a8462af42ba10 --- lib/neutron | 39 ++++++++++++++++++++++++------- lib/neutron_plugins/ofagent_agent | 4 ++++ lib/neutron_plugins/ovs_base | 19 +++++++++++---- 3 files changed, 49 insertions(+), 13 deletions(-) diff --git a/lib/neutron b/lib/neutron index 2253eda772..ca9b16cd8c 100644 --- a/lib/neutron +++ b/lib/neutron @@ -148,16 +148,31 @@ PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"} # If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network # for external interface of neutron l3-agent. In that case, # PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value -# used for the network. In case of openvswitch agent, you should -# add the corresponding entry to your OVS_BRIDGE_MAPPINGS. +# used for the network. In case of ofagent, you should add the +# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS. +# For openvswitch agent, you should add the corresponding entry to +# your OVS_BRIDGE_MAPPINGS. # -# eg. +# eg. (ofagent) +# Q_USE_PROVIDERNET_FOR_PUBLIC=True +# Q_USE_PUBLIC_VETH=True +# PUBLIC_PHYSICAL_NETWORK=public +# OFAGENT_PHYSICAL_INTERFACE_MAPPINGS=public:veth-pub-int +# +# eg. (openvswitch agent) # Q_USE_PROVIDERNET_FOR_PUBLIC=True # PUBLIC_PHYSICAL_NETWORK=public # OVS_BRIDGE_MAPPINGS=public:br-ex Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-False} PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public} +# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of +# PUBLIC_BRIDGE. This is intended to be used with +# Q_USE_PROVIDERNET_FOR_PUBLIC=True. +Q_USE_PUBLIC_VETH=${Q_USE_PUBLIC_VETH:-False} +Q_PUBLIC_VETH_EX=${Q_PUBLIC_VETH_EX:-veth-pub-ex} +Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int} + # The next two variables are configured by plugin # e.g. _configure_neutron_l3_agent or lib/neutron_plugins/* # @@ -543,12 +558,20 @@ function create_neutron_initial_network { if is_service_enabled q-l3; then # logic is specific to using the l3-agent for l3 if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then - # Disable in-band as we are going to use local port - # to communicate with VMs - sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE other_config:disable-in-band=true + local ext_gw_interface + + if [[ "$Q_USE_PUBLIC_VETH" = "True" ]]; then + ext_gw_interface=$Q_PUBLIC_VETH_EX + else + # Disable in-band as we are going to use local port + # to communicate with VMs + sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \ + other_config:disable-in-band=true + ext_gw_interface=$PUBLIC_BRIDGE + fi CIDR_LEN=${FLOATING_RANGE#*/} - sudo ip addr add $EXT_GW_IP/$CIDR_LEN dev $PUBLIC_BRIDGE - sudo ip link set $PUBLIC_BRIDGE up + sudo ip addr add $EXT_GW_IP/$CIDR_LEN dev $ext_gw_interface + sudo ip link set $ext_gw_interface up ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' '{ print $8; }'` die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP" sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent index a5a58f4c27..1c04f2f64e 100644 --- a/lib/neutron_plugins/ofagent_agent +++ b/lib/neutron_plugins/ofagent_agent @@ -77,6 +77,10 @@ function neutron_plugin_configure_plugin_agent { if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings $OVS_BRIDGE_MAPPINGS fi + if [[ "$OFAGENT_PHYSICAL_INTERFACE_MAPPINGS" != "" ]]; then + iniset /$Q_PLUGIN_CONF_FILE agent physical_interface_mappings \ + $OFAGENT_PHYSICAL_INTERFACE_MAPPINGS + fi AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-ofagent-agent" iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base index d913f7c3cc..f0ef194569 100644 --- a/lib/neutron_plugins/ovs_base +++ b/lib/neutron_plugins/ovs_base @@ -79,11 +79,20 @@ function _neutron_ovs_base_configure_l3_agent { fi neutron-ovs-cleanup - # --no-wait causes a race condition if $PUBLIC_BRIDGE is not up when ip addr flush is called - sudo ovs-vsctl -- --may-exist add-br $PUBLIC_BRIDGE - sudo ovs-vsctl br-set-external-id $PUBLIC_BRIDGE bridge-id $PUBLIC_BRIDGE - # ensure no IP is configured on the public bridge - sudo ip addr flush dev $PUBLIC_BRIDGE + if [[ "$Q_USE_PUBLIC_VETH" = "True" ]]; then + ip link show $Q_PUBLIC_VETH_INT > /dev/null 2>&1 || + sudo ip link add $Q_PUBLIC_VETH_INT type veth \ + peer name $Q_PUBLIC_VETH_EX + sudo ip link set $Q_PUBLIC_VETH_INT up + sudo ip link set $Q_PUBLIC_VETH_EX up + sudo ip addr flush dev $Q_PUBLIC_VETH_EX + else + # --no-wait causes a race condition if $PUBLIC_BRIDGE is not up when ip addr flush is called + sudo ovs-vsctl -- --may-exist add-br $PUBLIC_BRIDGE + sudo ovs-vsctl br-set-external-id $PUBLIC_BRIDGE bridge-id $PUBLIC_BRIDGE + # ensure no IP is configured on the public bridge + sudo ip addr flush dev $PUBLIC_BRIDGE + fi } function _neutron_ovs_base_configure_nova_vif_driver { From e35785d910995c05a3e43af51080c6c6c5631ec7 Mon Sep 17 00:00:00 2001 From: Mate Lakat Date: Thu, 16 Oct 2014 15:40:03 +0200 Subject: [PATCH 0072/3421] XenAPI: Always update proxy settings If a user wants to re-use an xva just with different proxy settings, he can now do it, as this change will always update /etc/apt/apt.conf to reflect the settings in the user's localrc. Change-Id: I8a6e9c88304bc887ea8269d946e89a5ba258b126 --- tools/xen/prepare_guest_template.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/xen/prepare_guest_template.sh b/tools/xen/prepare_guest_template.sh index 2d3b89821f..50f2b6a825 100755 --- a/tools/xen/prepare_guest_template.sh +++ b/tools/xen/prepare_guest_template.sh @@ -118,3 +118,10 @@ deb-src http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security univer deb http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security multiverse deb-src http://security.ubuntu.com/ubuntu ${UBUNTU_INST_RELEASE}-security multiverse EOF + +rm -f $STAGING_DIR/etc/apt/apt.conf +if [ -n "$UBUNTU_INST_HTTP_PROXY" ]; then + cat > $STAGING_DIR/etc/apt/apt.conf << EOF +Acquire::http::Proxy "$UBUNTU_INST_HTTP_PROXY"; +EOF +fi From 6518c0b88ea52e93513fa34dd63eeb4596875212 Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Wed, 15 Oct 2014 17:26:59 +0900 Subject: [PATCH 0073/3421] Compile Horizon message catalogs during stack.sh Recently compiled message catalogs (mo files) were removed in Horizon and django_openstack_auth repositories. We need to compile message catalogs to make translations available for Horizon users. It is useful for developers too. Change-Id: I0831e8308205c116d8e3bb8b43be7f0dd6fa0c0a --- files/apts/general | 1 + files/rpms/general | 1 + lib/horizon | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/files/apts/general b/files/apts/general index c308c466e3..3fe7863de2 100644 --- a/files/apts/general +++ b/files/apts/general @@ -27,3 +27,4 @@ bc libyaml-dev libffi-dev libssl-dev # for pyOpenSSL +gettext # used for compiling message catalogs diff --git a/files/rpms/general b/files/rpms/general index 7a35961bc2..d4a9fcba55 100644 --- a/files/rpms/general +++ b/files/rpms/general @@ -26,6 +26,7 @@ wget which bc libyaml-devel +gettext # used for compiling message catalogs # [1] : some of installed tools have unversioned dependencies on this, # but others have versioned (<=0.7). So if a later version (0.7.1) diff --git a/lib/horizon b/lib/horizon index 755be18f3c..0213948633 100644 --- a/lib/horizon +++ b/lib/horizon @@ -84,6 +84,14 @@ function cleanup_horizon { # configure_horizon() - Set config files, create data dirs, etc function configure_horizon { setup_develop $HORIZON_DIR + + # Compile message catalogs. + # Horizon is installed as develop mode, so we can compile here. + # Message catalog compilation is handled by Django admin script, + # so compiling them after the installation avoids Django installation twice. + cd $HORIZON_DIR + ./run_tests.sh -N --compilemessages + cd - } # init_horizon() - Initialize databases, etc. @@ -138,6 +146,13 @@ function init_horizon { # install_django_openstack_auth() - Collect source and prepare function install_django_openstack_auth { git_clone $HORIZONAUTH_REPO $HORIZONAUTH_DIR $HORIZONAUTH_BRANCH + + # Compile message catalogs before installation + _prepare_message_catalog_compilation + cd $HORIZONAUTH_DIR + python setup.py compile_catalog + cd - + setup_install $HORIZONAUTH_DIR } @@ -160,6 +175,13 @@ function stop_horizon { stop_apache_server } +# NOTE: It can be moved to common functions, but it is only used by compilation +# of django_openstack_auth catalogs at the moment. +function _prepare_message_catalog_compilation { + local babel_package=$(grep ^Babel $REQUIREMENTS_DIR/global-requirements.txt) + pip_install "$babel_package" +} + # Restore xtrace $XTRACE From 8abd8598b3ba7dce126db7553dfc704e5a343966 Mon Sep 17 00:00:00 2001 From: Chris Dent Date: Wed, 8 Oct 2014 15:24:25 +0100 Subject: [PATCH 0074/3421] Allow use of ceilometer agent coordination Juno brings tooz-based coordination of ceilometer central, compute and alarm agents. If CEILOMETER_COORDINATION_URL is set it will be used as the value for a tooz coordination backend. If memcached is chosen, its package will be installed. Other backends, such as zookeeper can be configured, but installation is left as an exercise for the devstacker. In the default devstack setup having coordination will do little as there are only one of each agent, but this makes it a bit easier for multi-node or multi-agent setups. Change-Id: Ib85ccd435de3bc0ae56b5fe8c2fce6c2af9ff8d0 --- lib/ceilometer | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/ceilometer b/lib/ceilometer index db0c457262..9046b9d3d9 100644 --- a/lib/ceilometer +++ b/lib/ceilometer @@ -155,6 +155,11 @@ function configure_ceilometer { iniset $CEILOMETER_CONF DEFAULT verbose True iniset $CEILOMETER_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL" + if [[ -n "$CEILOMETER_COORDINATION_URL" ]]; then + iniset $CEILOMETER_CONF coordination backend_url $CEILOMETER_COORDINATION_URL + iniset $CEILOMETER_CONF compute workload_partitioning True + fi + # Install the policy file for the API server cp $CEILOMETER_DIR/etc/ceilometer/policy.json $CEILOMETER_CONF_DIR iniset $CEILOMETER_CONF DEFAULT policy_file $CEILOMETER_CONF_DIR/policy.json @@ -242,6 +247,9 @@ function install_ceilometer { git_clone $CEILOMETER_REPO $CEILOMETER_DIR $CEILOMETER_BRANCH setup_develop $CEILOMETER_DIR + if echo $CEILOMETER_COORDINATION_URL | grep -q '^memcached:'; then + install_package memcached + fi } # install_ceilometerclient() - Collect source and prepare From 2a6215dd11400b74b7e5d6db96b44e6a74cfe291 Mon Sep 17 00:00:00 2001 From: Rob Date: Mon, 20 Oct 2014 13:28:47 +0100 Subject: [PATCH 0075/3421] Fix empty functions causing stack failure This patch adds a return value to several empty functions that are causing stack.sh to fail when the Cisco Neutron plugin is enabled. Change-Id: I43987d9cc5edc53de41c27354c3a737643d1cd43 Closes-bug: 1383273 --- lib/neutron_plugins/cisco | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco index 1406e3790c..95e0ab3368 100644 --- a/lib/neutron_plugins/cisco +++ b/lib/neutron_plugins/cisco @@ -82,6 +82,7 @@ function neutron_plugin_configure_common { } function neutron_plugin_configure_debug_command { + : } function neutron_plugin_configure_dhcp_agent { @@ -89,6 +90,7 @@ function neutron_plugin_configure_dhcp_agent { } function neutron_plugin_configure_l3_agent { + : } # Configure n1kv plugin @@ -111,6 +113,7 @@ function _configure_n1kv_subplugin { } function neutron_plugin_configure_plugin_agent { + : } function neutron_plugin_configure_service { From 22ec45e63a45bb38f63ca995446338859dacb207 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Thu, 16 Oct 2014 17:41:22 -0700 Subject: [PATCH 0076/3421] Move generation of baremetal VM names to lib/ironic The create-nodes script currently receives a total # of VMs to create and creates them all, generating their names on the fly. This moves that name generation to lib/ironic and makes the script create only single VMs as directed. This centralizes the naming of things to lib/ironic and will make it easier to reference these things elsewhere. Change-Id: I98e61f7188e027e690303e32aff7cd2347f6d2c2 --- lib/ironic | 27 ++++++-- tools/ironic/scripts/cleanup-node | 25 ++++++++ tools/ironic/scripts/cleanup-nodes | 28 --------- .../scripts/{create-nodes => create-node} | 63 +++++++++---------- 4 files changed, 76 insertions(+), 67 deletions(-) create mode 100755 tools/ironic/scripts/cleanup-node delete mode 100755 tools/ironic/scripts/cleanup-nodes rename tools/ironic/scripts/{create-nodes => create-node} (52%) diff --git a/lib/ironic b/lib/ironic index 5f3ebcd354..1541dcfb33 100644 --- a/lib/ironic +++ b/lib/ironic @@ -354,6 +354,15 @@ function init_ironic { create_ironic_cache_dir } +# _ironic_bm_vm_names() - Generates list of names for baremetal VMs. +function _ironic_bm_vm_names { + local idx + local num_vms=$(($IRONIC_VM_COUNT - 1)) + for idx in $(seq 0 $num_vms); do + echo "baremetal${IRONIC_VM_NETWORK_BRIDGE}_${idx}" + done +} + # start_ironic() - Start running processes, including screen function start_ironic { # Start Ironic API server, if enabled. @@ -449,10 +458,13 @@ function create_bridge_and_vms { else local log_arg="" fi - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-nodes \ - $IRONIC_VM_SPECS_CPU $IRONIC_VM_SPECS_RAM $IRONIC_VM_SPECS_DISK \ - amd64 $IRONIC_VM_COUNT $IRONIC_VM_NETWORK_BRIDGE $IRONIC_VM_EMULATOR \ - $log_arg" >> $IRONIC_VM_MACS_CSV_FILE + local vm_name + for vm_name in $(_ironic_bm_vm_names); do + sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-node $vm_name \ + $IRONIC_VM_SPECS_CPU $IRONIC_VM_SPECS_RAM $IRONIC_VM_SPECS_DISK \ + amd64 $IRONIC_VM_NETWORK_BRIDGE $IRONIC_VM_EMULATOR \ + $log_arg" >> $IRONIC_VM_MACS_CSV_FILE + done create_ovs_taps } @@ -655,7 +667,12 @@ function cleanup_baremetal_basic_ops { chmod 0600 $IRONIC_AUTHORIZED_KEYS_FILE fi sudo rm -rf $IRONIC_DATA_DIR $IRONIC_STATE_PATH - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-nodes $IRONIC_VM_COUNT $IRONIC_VM_NETWORK_BRIDGE" + + local vm_name + for vm_name in $(_ironic_bm_vm_names); do + sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-node $vm_name $IRONIC_VM_NETWORK_BRIDGE" + done + sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override restart_service xinetd sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true diff --git a/tools/ironic/scripts/cleanup-node b/tools/ironic/scripts/cleanup-node new file mode 100755 index 0000000000..c4e4e706f4 --- /dev/null +++ b/tools/ironic/scripts/cleanup-node @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +# **cleanup-nodes** + +# Cleans up baremetal poseur nodes and volumes created during ironic setup +# Assumes calling user has proper libvirt group membership and access. + +set -exu + +LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} +LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} + +NAME=$1 +NETWORK_BRIDGE=$2 + +export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI + +VOL_NAME="$NAME.qcow2" +virsh list | grep -q $NAME && virsh destroy $NAME +virsh list --inactive | grep -q $NAME && virsh undefine $NAME + +if virsh pool-list | grep -q $LIBVIRT_STORAGE_POOL ; then + virsh vol-list $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && + virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL +fi diff --git a/tools/ironic/scripts/cleanup-nodes b/tools/ironic/scripts/cleanup-nodes deleted file mode 100755 index adeca5cd9e..0000000000 --- a/tools/ironic/scripts/cleanup-nodes +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -# **cleanup-nodes** - -# Cleans up baremetal poseur nodes and volumes created during ironic setup -# Assumes calling user has proper libvirt group membership and access. - -set -exu - -LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -VM_COUNT=$1 -NETWORK_BRIDGE=$2 - -export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI - -for (( idx=0; idx<$VM_COUNT; idx++ )); do - NAME="baremetal${NETWORK_BRIDGE}_${idx}" - VOL_NAME="baremetal${NETWORK_BRIDGE}-${idx}.qcow2" - virsh list | grep -q $NAME && virsh destroy $NAME - virsh list --inactive | grep -q $NAME && virsh undefine $NAME - - if virsh pool-list | grep -q $LIBVIRT_STORAGE_POOL ; then - virsh vol-list $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && - virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL - fi -done diff --git a/tools/ironic/scripts/create-nodes b/tools/ironic/scripts/create-node similarity index 52% rename from tools/ironic/scripts/create-nodes rename to tools/ironic/scripts/create-node index 140bffe46f..25b53d47f3 100755 --- a/tools/ironic/scripts/create-nodes +++ b/tools/ironic/scripts/create-node @@ -9,19 +9,19 @@ set -ex # Keep track of the devstack directory TOP_DIR=$(cd $(dirname "$0")/.. && pwd) -CPU=$1 -MEM=$(( 1024 * $2 )) +NAME=$1 +CPU=$2 +MEM=$(( 1024 * $3 )) # extra G to allow fuzz for partition table : flavor size and registered size # need to be different to actual size. -DISK=$(( $3 + 1)) +DISK=$(( $4 + 1)) -case $4 in +case $5 in i386) ARCH='i686' ;; amd64) ARCH='x86_64' ;; *) echo "Unsupported arch $4!" ; exit 1 ;; esac -TOTAL=$(($5 - 1)) BRIDGE=$6 EMULATOR=$7 LOGDIR=$8 @@ -53,32 +53,27 @@ if [ -f /etc/debian_version ]; then PREALLOC="--prealloc-metadata" fi -DOMS="" -for idx in $(seq 0 $TOTAL) ; do - NAME="baremetal${BRIDGE}_${idx}" - if [ -n "$LOGDIR" ] ; then - VM_LOGGING="--console-log $LOGDIR/${NAME}_console.log" - else - VM_LOGGING="" - fi - DOMS="$DOMS $NAME" - VOL_NAME="baremetal${BRIDGE}-${idx}.qcow2" - (virsh list --all | grep -q $NAME) && continue - - virsh vol-list --pool $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && - virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL >&2 - virsh vol-create-as $LIBVIRT_STORAGE_POOL ${VOL_NAME} ${DISK}G --format qcow2 $PREALLOC >&2 - volume_path=$(virsh vol-path --pool $LIBVIRT_STORAGE_POOL $VOL_NAME) - # Pre-touch the VM to set +C, as it can only be set on empty files. - sudo touch "$volume_path" - sudo chattr +C "$volume_path" || true - $TOP_DIR/scripts/configure-vm \ - --bootdev network --name $NAME --image "$volume_path" \ - --arch $ARCH --cpus $CPU --memory $MEM --libvirt-nic-driver $LIBVIRT_NIC_DRIVER \ - --emulator $EMULATOR --network $BRIDGE $VM_LOGGING >&2 -done - -for dom in $DOMS ; do - # echo mac - virsh dumpxml $dom | grep "mac address" | head -1 | cut -d\' -f2 -done +if [ -n "$LOGDIR" ] ; then + VM_LOGGING="--console-log $LOGDIR/${NAME}_console.log" +else + VM_LOGGING="" +fi +VOL_NAME="${NAME}.qcow2" + +if ! virsh list --all | grep -q $NAME; then + virsh vol-list --pool $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && + virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL >&2 + virsh vol-create-as $LIBVIRT_STORAGE_POOL ${VOL_NAME} ${DISK}G --format qcow2 $PREALLOC >&2 + volume_path=$(virsh vol-path --pool $LIBVIRT_STORAGE_POOL $VOL_NAME) + # Pre-touch the VM to set +C, as it can only be set on empty files. + sudo touch "$volume_path" + sudo chattr +C "$volume_path" || true + $TOP_DIR/scripts/configure-vm \ + --bootdev network --name $NAME --image "$volume_path" \ + --arch $ARCH --cpus $CPU --memory $MEM --libvirt-nic-driver $LIBVIRT_NIC_DRIVER \ + --emulator $EMULATOR --network $BRIDGE $VM_LOGGING >&2 + +fi + +# echo mac +virsh dumpxml $NAME | grep "mac address" | head -1 | cut -d\' -f2 From 8543a0f763c1f4fcc3ca7e13efece54a0ff7fbb6 Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Thu, 16 Oct 2014 17:42:33 -0700 Subject: [PATCH 0077/3421] Make screen_service() useful for more than services screen_service() can currently only be used to launch things that pass the 'is_service_enabled' check, even though its calling functions will have already done this. This removes such check, renames it to screen_process() and updates its usage elsewhere. Change-Id: I480a4560a45b131a95c1b2d2d2379aeba542a9bc --- functions-common | 72 +++++++++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 37 deletions(-) diff --git a/functions-common b/functions-common index 333f31da02..e6f425f4a1 100644 --- a/functions-common +++ b/functions-common @@ -1251,7 +1251,7 @@ function run_process { if is_service_enabled $service; then if [[ "$USE_SCREEN" = "True" ]]; then - screen_service "$service" "$command" "$group" + screen_process "$service" "$command" "$group" else # Spawn directly without screen _run_process "$service" "$command" "$group" & @@ -1259,14 +1259,14 @@ function run_process { fi } -# Helper to launch a service in a named screen +# Helper to launch a process in a named screen # Uses globals ``CURRENT_LOG_TIME``, ``SCREEN_NAME``, ``SCREEN_LOGDIR``, # ``SERVICE_DIR``, ``USE_SCREEN`` -# screen_service service "command-line" [group] +# screen_process name "command-line" [group] # Run a command in a shell in a screen window, if an optional group # is provided, use sg to set the group of the command. -function screen_service { - local service=$1 +function screen_process { + local name=$1 local command="$2" local group=$3 @@ -1274,38 +1274,36 @@ function screen_service { SERVICE_DIR=${SERVICE_DIR:-${DEST}/status} USE_SCREEN=$(trueorfalse True $USE_SCREEN) - if is_service_enabled $service; then - # Append the service to the screen rc file - screen_rc "$service" "$command" - - screen -S $SCREEN_NAME -X screen -t $service - - if [[ -n ${SCREEN_LOGDIR} ]]; then - screen -S $SCREEN_NAME -p $service -X logfile ${SCREEN_LOGDIR}/screen-${service}.${CURRENT_LOG_TIME}.log - screen -S $SCREEN_NAME -p $service -X log on - ln -sf ${SCREEN_LOGDIR}/screen-${service}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${service}.log - fi + # Append the process to the screen rc file + screen_rc "$name" "$command" - # sleep to allow bash to be ready to be send the command - we are - # creating a new window in screen and then sends characters, so if - # bash isn't running by the time we send the command, nothing happens - sleep 3 + screen -S $SCREEN_NAME -X screen -t $name - NL=`echo -ne '\015'` - # This fun command does the following: - # - the passed server command is backgrounded - # - the pid of the background process is saved in the usual place - # - the server process is brought back to the foreground - # - if the server process exits prematurely the fg command errors - # and a message is written to stdout and the service failure file - # - # The pid saved can be used in stop_process() as a process group - # id to kill off all child processes - if [[ -n "$group" ]]; then - command="sg $group '$command'" - fi - screen -S $SCREEN_NAME -p $service -X stuff "$command & echo \$! >$SERVICE_DIR/$SCREEN_NAME/${service}.pid; fg || echo \"$service failed to start\" | tee \"$SERVICE_DIR/$SCREEN_NAME/${service}.failure\"$NL" + if [[ -n ${SCREEN_LOGDIR} ]]; then + screen -S $SCREEN_NAME -p $name -X logfile ${SCREEN_LOGDIR}/screen-${name}.${CURRENT_LOG_TIME}.log + screen -S $SCREEN_NAME -p $name -X log on + ln -sf ${SCREEN_LOGDIR}/screen-${name}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${name}.log + fi + + # sleep to allow bash to be ready to be send the command - we are + # creating a new window in screen and then sends characters, so if + # bash isn't running by the time we send the command, nothing happens + sleep 3 + + NL=`echo -ne '\015'` + # This fun command does the following: + # - the passed server command is backgrounded + # - the pid of the background process is saved in the usual place + # - the server process is brought back to the foreground + # - if the server process exits prematurely the fg command errors + # and a message is written to stdout and the process failure file + # + # The pid saved can be used in stop_process() as a process group + # id to kill off all child processes + if [[ -n "$group" ]]; then + command="sg $group '$command'" fi + screen -S $SCREEN_NAME -p $name -X stuff "$command & echo \$! >$SERVICE_DIR/$SCREEN_NAME/${name}.pid; fg || echo \"$name failed to start\" | tee \"$SERVICE_DIR/$SCREEN_NAME/${name}.failure\"$NL" } # Screen rc file builder @@ -1412,12 +1410,12 @@ function service_check { # Tail a log file in a screen if USE_SCREEN is true. function tail_log { - local service=$1 + local name=$1 local logfile=$2 USE_SCREEN=$(trueorfalse True $USE_SCREEN) if [[ "$USE_SCREEN" = "True" ]]; then - screen_service "$service" "sudo tail -f $logfile" + screen_process "$name" "sudo tail -f $logfile" fi } @@ -1476,7 +1474,7 @@ function screen_it { screen_rc "$1" "$2" if [[ "$USE_SCREEN" = "True" ]]; then - screen_service "$1" "$2" + screen_process "$1" "$2" else # Spawn directly without screen old_run_process "$1" "$2" >$SERVICE_DIR/$SCREEN_NAME/$1.pid From 761c456a4e89802d2f78a8dbdc5f20d71716f7dd Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Tue, 21 Oct 2014 11:41:37 +1100 Subject: [PATCH 0078/3421] Remove usage of $[ for arithmetic, take 2 I did a similar change in I8ba180be036836f37ebdbb6da36ff0be486c043e but I guess somehow missed these ... maybe I forgot to add them to the change. As described originally, this causes TOT bashate to fail, so fix this up before it gets released. Change-Id: I5580cb46f1c8bd71c631549aab78428d95a6dc51 --- lib/swift | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/swift b/lib/swift index 15bd2a9471..0b9b89369e 100644 --- a/lib/swift +++ b/lib/swift @@ -196,9 +196,9 @@ function _config_swift_apache_wsgi { # copy apache vhost file and set name and port local node_number for node_number in ${SWIFT_REPLICAS_SEQ}; do - local object_port=$[OBJECT_PORT_BASE + 10 * ($node_number - 1)] - local container_port=$[CONTAINER_PORT_BASE + 10 * ($node_number - 1)] - local account_port=$[ACCOUNT_PORT_BASE + 10 * ($node_number - 1)] + local object_port=$(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) + local container_port=$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) + local account_port=$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template $(apache_site_config_for object-server-${node_number}) sudo sed -e " @@ -257,7 +257,7 @@ function generate_swift_config_services { local bind_port=$3 local server_type=$4 - log_facility=$[ node_id - 1 ] + log_facility=$(( node_id - 1 )) local node_path=${SWIFT_DATA_DIR}/${node_number} iniuncomment ${swift_node_config} DEFAULT user From eaff3e1b8c7133e4a5ea8a783e23536871be409a Mon Sep 17 00:00:00 2001 From: Adrien Cunin Date: Tue, 21 Oct 2014 13:46:54 +0200 Subject: [PATCH 0079/3421] Reference git.o.o DevStack repo rather than GitHub In docs, use git.o.o URLs rather than GitHub URLs for the DevStack repo, and don't mention GitHub when git.o.o is more appropriate. Also, replaced GitHub logo with Git logo in quickstart.png. Change-Id: Iab0006144f008963b8cb5be2d10ce0f360c0e6ca --- HACKING.rst | 4 ++-- doc/source/assets/css/local.css | 4 ++-- doc/source/assets/images/quickstart.png | Bin 12375 -> 9491 bytes doc/source/changes.html | 2 +- doc/source/configuration.html | 2 +- doc/source/contributing.html | 4 ++-- doc/source/eucarc.html | 2 +- doc/source/exerciserc.html | 2 +- doc/source/faq.html | 4 ++-- doc/source/guides/multinode-lab.html | 6 +++--- doc/source/guides/pxe-boot.html | 2 +- doc/source/guides/ramdisk.html | 4 ++-- doc/source/guides/single-machine.html | 4 ++-- doc/source/guides/single-vm.html | 4 ++-- doc/source/guides/usb-boot.html | 2 +- doc/source/index.html | 10 +++++----- doc/source/local.conf.html | 2 +- doc/source/localrc.html | 2 +- doc/source/openrc.html | 2 +- doc/source/overview.html | 2 +- doc/source/plugins.html | 2 +- doc/source/stackrc.html | 2 +- 22 files changed, 34 insertions(+), 34 deletions(-) diff --git a/HACKING.rst b/HACKING.rst index d69bb49286..3b86529ec0 100644 --- a/HACKING.rst +++ b/HACKING.rst @@ -10,8 +10,8 @@ and so is limited to Bash (version 3 and up) and compatible shells. Shell script was chosen because it best illustrates the steps used to set up and interact with OpenStack components. -DevStack's official repository is located on GitHub at -https://github.com/openstack-dev/devstack.git. Besides the master branch that +DevStack's official repository is located on git.openstack.org at +https://git.openstack.org/openstack-dev/devstack. Besides the master branch that tracks the OpenStack trunk branches a separate branch is maintained for all OpenStack releases starting with Diablo (stable/diablo). diff --git a/doc/source/assets/css/local.css b/doc/source/assets/css/local.css index 5c703af3e4..c8667c45ff 100644 --- a/doc/source/assets/css/local.css +++ b/doc/source/assets/css/local.css @@ -71,7 +71,7 @@ li#ubuntu { margin-bottom: 14px; } -li#github { +li#git { background-position: left -70px !important; height: 61px; padding: ; @@ -119,4 +119,4 @@ footer { .wat { margin-top: 33px; -} \ No newline at end of file +} diff --git a/doc/source/assets/images/quickstart.png b/doc/source/assets/images/quickstart.png index 5400a6f4df111ce1f9bc92bf285cae540840fb9f..735617b8cd4845e1afa9b85524c96d9015fbc410 100644 GIT binary patch literal 9491 zcmXY11yCGK6WzltcyM=!AVCjz3-0a~oWu2k1PyXPfN;1&&>+D{fP)0r1b5fq65zkD z>aX42shZm9s+sA2ue)brHPscL;ZWfK0Psv%NlqKt$|Ge23j_H*cI$*A8w_hzMLFQ< zzbC)5EEU;Sx#ElfBwiU zz+ZP}DReA{^_~w~nE~ww6(P?{>^P?U7~Ht>>8&b5SLMFG+NRkOy{c-T+HW&sNyP&7 zzarxD#TqJJ#xbP#qp=c7C9`4^Dk%-}DYKzhq@LOxA%Mpu`!zbgC?=o< zWCEF>$VoDp6$s!9R0GDlQ}{hw&nSHH0c#9G3`!fLo4f8Set3MI%V zgQi0#bXj}H3{~)ox#|rZ@LN~i{WOBaz)ZzSvyb*gj2Ey8&eRdM-k-Gh8gP_x1wn+K zQR5l=J@uG10gBLnuQiKiA$=xfLM&Aa`_kvpr0ioGWaHXS@)KRP8=JD{;Lfp+CQB`2 zZd)DETbLzVt1dZUprHO<6$^mYwZ1_lOlwnClM%g(%L>}cRHfry^oQToI7uXQqD9Kk zlE0p2d2mmbB3ARQ{?YjvBxhTCNxd~Dj(1Eh3TGKsx?VecuF1lKhGqXV>chA_n@7U+ zQl>~aq$Xx#jDP;~CzqG6n5A4Ac>ya%Hk)F}Yhn^Q>j|vWKzVI62FA@-On}@+3c{5g z#80Op#p1psrI?Sq88q}F<5SplU9QB3_zuoyMb&42_7D-O-ShV&A957;sj^Lu9v78D zAP1Bpzm9k{`SD8M7cxbpij6CCTqIdD#vL|i(Kfa$ksQH7ZT@nuVeK1)2%>f4M znc0Z4<5ss|d9S>3P*#&*|{`tEwY>hpJi|GWS0ZzIzkfJz1Fca^UIR z;zfZnk;S2yHfj$I-MePH;>#f{ga9UM|5a7FoABf1@tID#z-+G*>N-hbuWVrx(|kYm zRY#|X{DdIj0Py1~Pv9&YCWClM7(Bb-5`iwW!=8Q!g%4M*Zmy!K4`=)6n29rj0M^59 zZFi<*xx0%oPmQZPWIoThF<`E(uy+f%@gaY95Tv)gngU0S`*D-beP_ ziY)dvIcBa%NKU>nDKq0)BWN*&I}1|D^o1^5(XL!92uWCgdII)#)24+&gGM60!?c64 zr@CrxPMgb?mpVR9%TQ>tQ|i5df?+TPl>R+zQdvS!EZVptE+L?#97ET*ik+zV4)j}U;yH2tt#}d$@xGI1P9?!$k&DJZp(lSM5MudcVV0g7dh!KZ zM-|`TLDOtykqJGlW^;HBtMX0>l$8azL4U8-AeZ0XUlTX>A9!f~XzxefkXGQ{3}ZZCD(lhN}vN|BmZhUwiBM+pW|@0|(p zN%w7G)oa=uzL~rrZV}TapXG2pbf7ZEzoAuCRZ5Um1k%h@rM8UvCQQUy>YuRqz~_Vy z<1DJ1v17h8T&zXE-xj)*jM>M6Nwd}N8bOW~u8ji0%^TzIAD#;Yu_r324^5Xlt=Q|FfsGmq-#Hpu(V|Het z2G%ZeVd4Wdb5|Q@?2ivK4#i{of!d?%|6C00CREh3x9ij8UuYRM!q^=~w~61J5DGfp zetNk7z+&=N_Ri?T{$PQO4soF?bvL)D4DlZ})%Z#DBofd5Z`0qA_GEKO)9!WfUgPoZ zxO9v)ae6IY@Atd@+c_B+yjVpayi=jLa(9+W&-G5_0`BncuBS@wZcSYn9d?gJ#dDT> zFfcX==@BX!5R~lPJ!k^db>!x7@<%MB7QZw4I5P`;LG=hcKF=eCm)C!~2TSk`(>z?% zmYGTCN22h=94_xNUuGQPXIzMQ_d#zYBJL1(Zy%hgjVq7CAV&khyU3;!E{5YC+f7p8 zLE+yZp3V;MgL`g!jj(YSzRXTqNhjSWPGEK-g7~WXYccXK9x5>5hnES-cxBz_s$^c* zGkaNq2?vvE_xf6On{Re@Wk`spQ1Y!H%C||PVPdT_zok93tYW7I2viCrvLXQvx(3sf zs{zzqSrf4dAO-lLP;y1NaZt$q?#mW>UZ}xK@mN9k1Or0dpXzR%Yc1}b)~8hKyZw4{gIZ9WR6k*nhL+i2zf&RZYUB3xtObm#6O#18tX43*y7uKlb3`t@GkaR0N(3u& z+b;VmWCJ%X^lwT9v6CAx&W12T3wswJaS&$&DNXqIQIx@YadX*-q=7z9Gyn(a4eS1U z>lKu(lPWCXy*>`Jj2_zbY9(bVg|iiXrz5g%$N}4kzlCkVq_t3Jjx7OGpV_?dvzeNPDPjikXDXsR zs)C>NH8sfyy-HFjORH6CW0<(dAhKnJGOUD0M<} z^ZQL5iTcjE)nH6Zs!WQU!^fb}XC#wn21jCSpxz(~JZ9*)&`G!NcAf3e7Jk{#>bm8s zX^2vSXVDK+g@|?Gz{Q$X^IO*VS05fGif16gifEzGqm3g>*649_RHl82 z{p<8R3GhbBb*`aBu&uJZPj6Rh(`>_k61V>$Nxyn$7(hVrhX+WRLX?_sA3)^SqDK zACM9Gel zG*!3KDE)J>8jQy}fDLnn6AM(%swN-gl6NHBsD>#`bJm{CZZ0eKHWDj0{8@rRf5g`B z-wB-)zde1Uzh0KGn)qP}YT}=Z6A3c)OtgJ-{fU^2IJZx%j*G`pz3^RARV;g(^Tuwo zX3OFv!&&AK>HjsBEU|9WiY(A?8QT^js!3@y;zlibbfIN|=~6KVzGNW_%NrI4A`A|* zkqgn6EqIaO&lLQz6P5m%Z|rRE>})Vh3wCahAkjiaYqxil)nSo8E`8*5Yq30cQNrCN z<6jtcJ=P)liuH9m6r23JHbak+X+vznJ3Ocak~FmGyId!OE${&#w7i^i?j~eTD;90T zjBS z@nXN?hSjMPedQwD9Hlxb%s)|DUjZfa%f+LlJ#1LaLG?fX^RAAl7x8|-7OT_Jzyf^E zt$Yg{%1WfbP(+J*+uqZMnKc+X1X~5SN|zq>>Vo5E;dN#Sj<_Omkoj&A@NYL zJ8z@)wY(b=cpsQ#M(Qupo@wv2lFI!QOE7hHg0Zl8IX0B6tQ_b1#!K2!&XNW7u4K5F zscTOb%BN%K`e+(867!eh0vzJTu4-y=R=qmw!Ji`Oh4sH46#RQe4RCzrR-?WduTHHI z_g;Ui>J#!cvxP(@&w7|Md|FM{7@?s?pLw;JqvO`Eua=izVZ3r|6 z3XL1fCu=rYtl=e;Jz3oyU!9KX9zA8JwAT><@wmDE_f^j?c$gp#4x21}kpxB;yB}L< z#f|({H?vBAnMJG9iur$O-mfyVn~~8j{ivp?U-#q5IxBaHgod58t zvg+yL@rCyrtAoeTfr$4Kp4GER2)>!Sk~NY1W7zg&=o697(u19U)LlbC+iq*)#95Ir z_V>_I*EIf*Jf4Ta(%(h)Tg;^2q3kCY6Wbv#9O-*W{LFowctD)UfbFS<+~6_j`((BJ zKqWQR;-FUH`*r9ar~&H9F<9Nr zUuyc_)Ec`WTV&Yx0wlaWO7X_=iq(mHN=ddo(rqayc*tU9sWBI}2==c?z@y@z>WPH? z#tPb7{{p~6?dF=-kM0xcQOCU(8nq_&WQo}^4?d4|w%7>( z_g~Ln=WSNuF!2fopCS{r+vm!jnL=aK(?&E@7ZK&bE-2%T-c!pB$njx@E7QhvGtM)D zjk?e2%fHZMQqb~+{9`baA~Jb#m}byD=V0L zw6V?1%1Tg)S@zOsbzRiEnnRonB`$}I{Lv!$a7|lvEu1a$$*~#EH%~GmbdhIVE@DM;x%=0p<=dvJd9~#Zv=qMYxIqr zs~cNHs-s_w(S)3*77~Lsl#EqOVUpMUJdA-@U^cz0Wfz@_d_-d6+Ap@0AsS(Qosd<- z5hB1sRmjC-!vjw2I-xM2Kux-hclB`fXFNi;kzHlvXqTdaUx~7gX%4)NKxr#R8^!A} z46Q5(UdMXa(+KeCwUX8jVwwmFZfM>_$pPT77tz!V#?pmwk#>N;_GVk^=d%oa_ZjNz z;Li3ArFBhH2XqbzVJowUe`v+1P*-=O%L@1FJVVidVdz{};sT`jF8f;Wkkf~~vVDg2 znkPB@h1<=;Q_X!ba)ZMQ1)oOeDQGw8m{-x3U|1ZM$ThdWD|l(O+e$ec14v zSexLT+^6u-U-&t~y5+px-Da<)X9h{H#S(N_gI7HQbh5SHXN&(gI{}D zm=r31;ht^6!L4w6Y@Kj)^zmLN5R~i*;Ox%(evGy)TfuQ$fl!l<-m(JbWx&w3v^M1f z8UCsdczaQYezcXcM;8b~NmfcJsddJs)_Jx{iTG0rQPU;{E#fkuzl)`qy6yR#uRaw7 zhe&LgqLz^Lh-%{EFz0v6z_b*yfmN%~+nJrT>$P`k|M-D1scI(2zvp-M+QK^-Apb<&trcL|I$>^4 z2))N2c#^@~!I5Mw1@)vR)W4F%)fC<#NA-WkwQ$U2zL5tkW31XHcxsn;q8Z*Nyp;T$ z65b`rgJ{m1$@dr?(6MAw1&T5^o&)ie2NbYXxC0^2Yj1P@)B`jHQ1S@H{qYyHC`c~; zs<>B?aZUr^Pt_Cc)P7vTF09E|?O$6mz zDQ(XY3-7Wq?$+Bi5J2*5bwUcl$_hx)Ffhwa>7)8*@isG-!+wb5Da4vu69PoO z{W4l^pV~Xu;nAuVA+q%&SpX|r3T)6x8Z~OShkb9enL%O7nkqhMITe*5p2@6!ML*7U zAEl00uo9!RZlyb z@teTVV5Rbz;I=#&L?#9OJep-9X)iy@ASw?=&OmY_)airqv#uCOXbU@Pt$%WIKTP6k zmZMNdyCmSp4IhFgp`HryhZAA=+~!LZ@0Bya3fB9nVA(Y$k~CQ*QCnbx6Xs5S8N)Yq z3%ov?H$iOgVPT>36uSEzptB10C^fZzE_b()fQL)I=U{H<*Wl)O+@==CRv>L1qD};r=f7lNn}I+3RHYAJP(z(i;&^Xbl0S?aR3&jpFZTW_ILo@ zJ8+9bH&Nl8f=zj{JtgVLNPw%>q(;=A`6+}PtnhSeln*8Y+yVbsNbaZz{dW<1tW`f? zRyA*#c@l9m{tF_iUjiW2tb_pX%Wi z-<&?Ikd$dXds5nTE8rdv_>27ltgm~`%4jtmJy5P;HUy)zF)7ea(t}B0R5^{zYlgo} zDeyiS)3gZhEz@LbhN`>aPmUlRK(&70rV#ErSob zN&OJo4OqGp7Ej7u-&IO}F_F?@@XSpDVh&Jn$uWH7-064Vtx05FqnN3-_)?a*A)gCi z%eW{Nc7ILY?lE!8&@u^NaIgk}(k5=dAp{bE8%5}(b#YJ-@A!Hy)cyl6qH7i2g5r<; znDh_{_(${39@=zQ0(74_CU&)tRC+KzzP^hFI^?OLMsSEl?TQOtPtyxcXZ>dHnbiW^ z9+zkp%DXpn^B_y&4xIvC&1eDRf5RUeBDDIZ?0zd2{eu)F{<oXqRQ+=DcWmEfOo3(=?^W`8J#&OC#=(G5yeOx6^QsUjXqAG7D{?FeX6wVSrUc z{!x~bqopW430?F(Ty4HgbkbA>6MKBp2;bKlP2ZO_hk|kTTvyGLhkZ0T`>MqQ^2F8U zbV3GY3eg)ePFpV)LIQ$XF4m=KrL2eq`z<{+F1^llCtkkP^f9F(~=>IQc)7vJBjdzBrRF z)b9zMW#a4x`q;w8_@z=-8W|kb>V3G(B)eJWZhgCQ+@DT5H2{pyPX6qFYx-D#h=Ma7 z=J>OQzHEyR6QRnQ10Mm)FnhPP@b!O(OK?a;+3i@aaZ9!0kca_=O-%wkoX{IDG`l>) z+E|4JDxF3<@O;azWL%=Ryw?hVJ#_LzapTS!%tz32?Gr-On3ES5z6316*1cLY3pq^p zIfjN`k-D#wrK0{Qp+V0- ztk$S8@*RiT(%YB>-fbKTQY|YvYjNUtdRlydjh4ASeT9we#9w^BPI*D52ldfFt=gVJ1foYG;%2sV+K3EY}} zqH`t>yLGwjoGxe?;GLw;(2A$6It!z8ehZkk^;d!t0@BeBb zSz5*3tw1^296})FA=zp2>U|hh59j_g_P!+vw5T!f`Nc0R6dSA~XSDH*&;!}rSG4=W zsURtD)Lk7FGBqpZhyt#IgKm~WeWjdem>gL{{9a=lG! z?tcVpDCl=NMGRzEm z+Nw;nbvf5SN{%f8MJ&AP+uzN4F%sTk;yM3$3lBP5L^97K&Els2)sjTE@Ae?s490%Mxt!1LkQNmuUSmL%^bx zT)L|4yqI!mOv?irs{IAbj*cm|{#$%y5tAR{O|7KRM#wCzO+JrRH zk&%-L(=EQTbYT>@dk&4zG`J(?^7}A-Bs?v! zaRvGVFr@PeE-vgAa%WE}X!PQ&G6TO0Z5oQ!`~73DzecM7du)jh7rC$3!`y*7y8XiL zAWqI_?3z@ZkecYW(5DL|SnwhKIBBr!dCQfMYjJhc^^hX|c#O8H;(S;v8_oh;FzXU8 z$d`bamq)Jy0U?wd7~ZwqFT}?_-uPircscIzQ0Yxv{Sh#UbuAQt@^au8-72YZe$&i>QV-py)b4h?4qjy$Xoa@Zz|i=A6)IQ%?t+an)f()y z%yvK?E;RKCylLUdy-DQ||Ctq?*zDw!Hd?DhfI#cXOwsA#^z$0`(J4p8hMx<=VBX-9 z{L(YC;DmY6Xe6c%Vrp!#y?<~;qaVt+|Y-A~K##>hF zB4lNF@dp-=f?S`U(<#D*Y?;%ogd2Qk8vuZo_TOCq6{(y?$5PW>hx}E()UJCtB=i{+ z%VQbmlGd&oelCbGBvDpo_T-#FDxe84`h4lW>_v}sYym8;)F-;>>m$<_d$kQlPqxjp3s;3B)N&%p2LGl}5c4YcZ~)825>15FjI&?K21E+<`PD{- zU%liU9h2D8((X7-54Y=%N|;vxzE1pY(3dZKPP!j{FLleo&9%eiYo?TsOZ7aJw8)X@ z5QPGBTDuVyps_r}k3(QeRm;{VTj>LRWLtK$W5cf&pDTTGky8}V!kV_5lVo$}$CNbN zE2Na7p1yR+7TFObUU;-6UyR3!%61*A6c8qE)qRVRr21|X#c~xM-_nFv9KAcj$=@^N zb=D;nn|8+V25ONUGKZC3QVUqxBp4wzc)wJmP|)^;Cbq78#Pn6pJI3o&)z*k$iB*W5 znut>t_7RNJ9j{4gT~LlXTDImcB9P&n{AjA3UxVI`xi9DZruBzMd4$#)i(Vm{E74w) z?4&d5ZZ$SCn%FH)d3gAgN?6w?X4t{Nj3%I z&(HRcqa!LERmCz07x zBY)*1OOE}Wq{5j3#!oXpYT63_6sBY4fv76Bh(#<*b}$ZlZ+TJ5biMFh0xLF8p-l&Z zz9CjNDEW1HzHo7QQu~{|v~2$d^z|Vgpmo>ZDrFAyMXkVsZtkCaJ;%ZDoW?-06zZ&^ zszJj9-gfyGbz)Cu@EFZ=TwhTZ*_Xc;`C{!zBK9%7x^sx-Ia4m8M{PqRWL!z6>uKMB zGeQH`MHiQf?{|x&y=uK2KEhfw`B{occ8y8j|J$nqpib5pGCufR1-; zAMwq0)lPu_+nn&*j+3KW&>vSHpAX}I49hH*qrFHdDF}J+k!3NmIR+5p@0wPA@Cl5` z6m?5JuH~Tp!55{+7^sRr|7yk3bq zxnjVQQh?mV?vR^SRYCHy!uuQ|sb@PKR8Xh&5cj--6}aYszRG{9%(Bq7@ZVM!t4x6! zc@S@jJ^NxGVDEX9F7l+~xyBtwE_9zG3|~#lNMS;MApt=DuAPV$J<64oBF?A2AI?xB zEV;1v-5f*AY?OpY#=2(ONfk}rBfNY>Uz3*rIz@64)DAnAkG!rXU5F796d*hm1Wd<% z5KMcP;i34o89F;xjiD4u&5n?N)wDtS{P724)=ikqt&S!xFjOw9?)}ByC0(vHx664d z@H5!(;cB#1BZQfq$V2>X#uwzho%gGzk(GZOBWfo#S`xXIt@Dq+goBY4sh))=&@N52 V6fLn*CGz?bpe(O0S0iH?{y%IZ@nHY} literal 12375 zcmWk#bzBr(6rH6@I;A@$m2T-y=|(_6x^t0`?rx+Tq*F>tTDrTXJHPq&OJ3kR4=noB;q8=l=r&q-PR> zZz8(LDoP@*B9h?oGNt$5`T+n1AS)rJ;j#G7*V9L1X5saAEPaS3!TjebDrL|+7UT>W zQ3*H+xUyy~8x`5|Y3rkLHJeKNe|jmcnr}3JB!BxUizQ)>g~pJ9EKh-qtasy^r9fA= zwnpx(w7b1K79R`TT>A*$a_O98d7s`2?&);y@r`es8BI-TRcs8#knmY;4F!Cg`QvHd z8S%&l352D9P*8tQe6pkejt7nMxybI?ctHi?fLK@+;EeKn{8JX9F@iD7gre{$aC`#& z|3g(k1u_9lEQ?qw9FElAg}G&?H~>a71?6{tT2G^aeP9APHv+naol4HdfQxAah&gk` zO9?i(Tu_^c9l~w27)Z$vh`8hWoE^OUPzQ7&`^fA+KFU5&Cu1`bF$Mhp<(K=swDR}X zpF`*GQPQR@7xz;SP+IC=?phWR0Q?_j$FBEFkC|+3(eIGp@Zn%ksi_v5141?O94P-1sp}$ zd@PoYHMwWkGfzxfBh#(u8&7xDYsxk$QJKLAbsQ#3zZ6c2$^P_D)`ob%G!bK5{=+3& zSX@AFSkTa*^L!OD0~#SN9K4x$(zXhwgZZy^YBRX;OKdM+z2aJ%-hdw{FrjfIBtViH z>*djS9o!vLpae;~4HY9UCT%UgHSj`h8u;-fHJj5*Lg6fQLe$k!d+a`}n`m0wf3uPA>^mJa&q$x*><2bZ7)E}Mp#Y{4p z4z2&@`1<+%neQ9GSMnK>ru=Jo;EUY@D-EM^%Inm*F$s@T_Cx&1Ovu2jb}{Pc7oT^K zM-#r*6cv#;o4R8Ai0H*Zo7*W-N9WSAFyXD*U|~1``EWZH^vZwM_qK4sn#;4*Vx^Od z950Dy1}Dqh6+YZ077~Zuv4KIs{*F;_x3}2-j}kF{)yr<*4nBZlL>|l`M9b;Rev*bs zMyLZu7oSVf&%7#0e@0qvUX88t=}^!5qnoVf{b#m|7#J&9s>ljXxu#mQzb>sYqHwr7M@3|3TOuUI0UP%;#rV!MPiZ%-l zH-lNFAP^~(9E!;y3Q*8#Bses-mzI>t&Vd8{8zYOR{yXH$CL%0usRor|7;^M4%bWfB zp;Fbn+Pt?p8CY@Zx#;Bml{3 zCcR9L)4j?eA$@Il_b@CuZtp_?b=1~SS#MoqGo+2wvCa@EcR_I0v$1p+7=Q?3SUqb7 zyfu=H<-zaQw3#D5%DEeuv(GHIWu(XcD;W~&TO$^S!;F)Nolkl*^s0CDgIUz-@hYP( zr=xaf-ULX#^%wF#>D$1%9M^2jT=qPE!pOLkW5vM^m8uoQK^=nJJ-IDRU!C_-^%wQS z7hm6|EnW48==n9hj01;54xFKHs83M7N1=#fLI+9N)}HkXW*emCGPMI*&%4KFjO-x2;$DfS)gAfk4_j7BKJ*954zJ=%HZhCi$2oKgH*G#FsR$11d>_)$ThgAl@B@ICJSJ%vIrb0__lhmqic3(Ec4zZbl02z4)H2nRc}7g{mw;A0E*_0?INIA?NwggtoH7nFUQNd|ncUzc z{2@GTl554SEgW^zZv&pr|8A&1FTGqM*RjLR#aUt2g^{{GmM z^r->Y>ryD~i(}Ko*+&`PH#9eS?{nAkn-sP8N8!Imlwow%-%Qv6qkZ}BAvIS7n3TNc z%{qhZwuloxuSQLkrC%qtyjoY43n$vI&PFnj7=(d>_pK?ONY6SQyHU@cA4`$SSb4mYsvLeMF9fJi zL4Jwf(K|*E!X3;Hp-h~3VpAzk3ObxSAD#blwyRcUT*$d$S`L|wIKoHCDewR*-95vo z^sLk5=Pq%xMtI!b;^JtY^n7?gSOh~#$a6O!K8U4Y1&9D;s^^quf-Cinl144N6e_(%~)3s{J zeV2+OXPCRAR)|hx>n6mrn7NZWJT{z81Ws)V7R}`03sAz$P%gmzHPL&Im4k{sjrQkX zketn7Ob5wDC(0g+)?AJXOyp;TFMu0VvW~Cf1FgQ6-2Tm%+xJH8t!B3buXQY}{Cy%) z@0}VJ75vwHu6PglE-~K_*ILka5pwS(k=($^nb#NzeoU8#XzvT6?kESoq`Us@DdbY~ zr-Ta{%Mk2z*u2oZRnCEkK9sw6u7X%45w;c4@b$BVxWb8c6(yn6d;NW3ZEc;xQ|=?d z^UkIM`jFbcOxUxh+AZc&1uaCfe*{;24x&m?2^5r~OYNo(FbK4Aum$#f6pti-Xpf#W zM^GjwS3S&Dp=K+QW#E!^_3L1Va9nnL5$_?fKYf^}{K5s97jah5z5Q}sX%MAQZ}Usn ziharyA(tn;@;bXpHXIGjxKO8GB3HOJFFkH`)kj-nf*sHo(=jL?Gd`TYn*9x?C3;W$&Db{<48bXEmLG^XD>pcpJO^|or#ayRS6cfb!RSm zLGUzWTv8`E9Ea)JLZuJy7qKP}7WpfnrKekRex^QL$UzC|ls!=bb-)FII8TletV>77 z_1&0T$7Ft^-Ha>G%kFarA|SJ;NR~|LrsU%xiss2qL>z$biZjAqLS64i7WgS*h85?5 zQIJF0KypWMM)}3;_UHs!YBQrH{Lnw94Rsb$Dz?T8-KTJ` zynK)HueRE^(iilVnBP30wsRs1u+}gEfrSH&Jw7iPpDrW;_RM#;sx(1R&ezhN`eU+y z0w;2T=*y(!_rIre$7?9-%ta}c+a$=qwHYe?*lnNIavGo01DMniLAgbI6;GNfHB5jX z*TCvJ5Q&Hi^A>{QE71#8UMg;P%4=AwHQ*d47tKjfR&N&@ow;{jI5{cBj410$Au<> zxc+U;zI22Qx~Fq@crebXQZ#yapc%L01dSBSmdQcnbUpDv-|F`0HTj9)J#FTf1EDyd zU!s%**FigMKJiU!I7VXcCLfvisujW}`*DnYO6%TZ8WXbWC?#40(Aa{(+`Bc_jE7Wu zSO6&0d>4$Uq?yP?L+DSdP9kVl>Vk;MeCy>L_bDI6+kL0KSZ(W@S!k;IKr}Vm0Tu;9 zBw1@9l*G$&ckn94uj!1)-jZp~$JGgut8F3zj(8tVK+{?b_~F*>b9>t17>_ikcYEI* zpLyFvkZIhaN5{|*CNXPk(HI$r=?{o0uYI`g7qBc?J%|bdL^ldU@?+X>b`bl190I8e zvNr)<>F*yGfZVU3eAM&nn07TpS%R4!mT8EgioN=o=;@j5_(Pj4WVA7n3wx7?g^A%} z9AmV-PUH*GgI(Q8(i`bUY{mopd^yBKSCy1sq~=NlfQrUyK@0}QddPs4P*G5dW>co0 z#dW7IKoemn6Xp%Z;w9^BqbrXq;eIPA`GxFW=Cpb9q{5$dPj=8VK;|3b4>h39M!rojpmf`HAuOvU#gM zgiio#1r6gXwH5819TlCG|3nS#eooRnL^+l`kM;26}u zF{6fwFM}!`O`tx+&tI@sV>Azs1=cWu`2_zjf6JC(+qA2f@$!TT7viw#R*_&ZZw|=u zMOfjAKu+epef52CzhEyDs$Ram67|-vI6x~JGZ1f_D1N7C* zRrXso-779;bIuTAr45&ANuk#-d}i4Ait=gV7H_?1u4EiX-Tfc5Rt>SY8+#QkwsQlh zU?MSU-^$pw9vI#$)Pvvoh`SGgVJa96_`8$2$PMl35n@H7&$ zzMkYft}-&&Gtqasv`sMvHW~*Y(|98>1EV12)~{>JDt>@geddz>G8NxbgfS~*Wca$0 z0*v^3n$Kz|>tLD$bcX$3kOfMFYo4&2=2mTD=8;?Nnh`*&6g_|A4aiw@ySbztR$UoZ zwx0BV``Oys%pT=*69iWc1@k=J<292bpO8D&`L`E_7Y@z8S{&0Skm4$|+ltS;v$}n{ zl?&ImIm4!wT$CG0c@1ihx=O<@zT1)VSZ|(%I<6Yhr^qTAkqP;SppnZPyxa(TeU?G~ z%x@^WiZrTN2h08y1SVUsG!+Mg89BPe>gfCEqlxi_mo4@R&o>}pP-^(BEuikVMTO1G zT-rPC=fc*;3-_iSg7{O_qCTtM$4dprymT5~0!_oVnIZ-8D59~0Vb-^Q5;dFNCuuh6 zBRGV58ka(QYdPwJgZ0bf-tjb!5#u()paUk-91_Q|2q5?QwjKClh zu}e~dln42X2KNE0YWyNznBNS64Hw-6LRWvP6B2;sjJ+_pfZlcXd*f%%l0Bi_#q23q z5_0Bjs2tD1Gm!C`RMXuf$9@9(H^YlU$j4?*vW4l~;);*P4DI;a{ni$!C{=|D==yv{jC5 zTxM2(6m<<|xx4U9|5!uRzYr;9tc%>%`?()sG~(sR9ECLgO&pmRt~B1fI$F7dXIplH z`Rt_xD?{2G5B{x-6_&pj{6F7Q5_B`@xdoYp5D2x)*>$G#QH!1?vW2blc@XS28SM-r zZ_Pem0oTyVNJBzS zXvjCu{BrRmhgpM5NN)RH(PWsTN%~n(XqQ!?{vk1bLG-%k9+v}&he1kdNB*Db*<}+e z#xkq2d5_#?lCj{Vm637WlI-oBZkX@H671Xi9a1t`*!gcfjmPG%CXw^Zr~;oi5#_{Y z8xEPlx(@f0-*2PuC1FQ1((^Ow;v1{`mE3?HC?(!Rj34lRe3k3#aN_j-5Ew;_fkLZ# z0&T=GxHCSl2QPI4^5wd3*Y#WFZGPyVW2XnOcH^-I&HzXr2ODX1Tz@xr?@Dpg^BOTN z%12!e#d{~4n#f*T>&t@2kdM-uExOct-(X@kzBlO#U!u2Q$%<>8SBDu_38<@HzZfGB z9(qI=`|ODzwRWXv-RuV=o>cNyv@3LeJrz_ljV{YIXG5!qjOl~wyV|Ecvq718kvfPR#xyz%CBdwl5&GxQA56GsxDwbbje)p)KA#*&n?iVQQHM&gu5R@b#>w@L)p}!kV`~5d zHK$~zL|iD~CFf(Ip5c-U4aOJ@=gKpD$PqooTcCSk1U_k%9BX?^I?AZ4YB3af}hgF{w#!2?S?XxX4AcGH(AgxqpQ^FWCQ@Wp^?} zCnATD8I;Eu&ulW5yHInFueDoScxThe?}FVoE@|kDgEN&at&h+qwVqmq;)XU{Y;2dc1+{&O7g%V z{@eXrC$+-n=4aW|a`|sOrh4hd_X|fRUlR+3n|{D4MTv?6se}jsk&O$8vwwCvVf&$9 z;q|WEPRMud&#TUx+<-|AySevr1~s}@5FdyYXl{Ji*znvUiOv(6oV= zZLTQ^-_Tm{xoI4ooVvF(BaSLrZGCwH(N;W`A5;@TL}q5iG!k${YC=;JtJlMeLcxW= z$hdE_zx0Vc0Yd1#;;&Zftqss8Y5;Yf5I?K$@3-SSnM9Z6FqltwJz;W#m$MzRddov2wgRHT^uM8b15Yk9(0Fs;miwN}1I>oUNj;1IPXp z&@Qan?hTxHYE!nEhQAt4{!VZJQaT4W>wSmOxL#ZuK97L*7I8PaS&M@8vg7s>(eN)j z5q&pdu6M%RG+j+|E@k4Znsn0eUmD3-nJrlIDp~#828MrYq?AD5mfbH2Cxe$>=Wlu! zQ9pcj!K25ZFrIC`n>5{v*F4p6rlT_)VXhG5^3(QE2%2RRq!Gp2ogM#jQek(>>9*hY zE*UhXh)#nx3= zdM*5Jxk}SG==3^tA(TTd=pNz`X<%OAtQ*DDmjzFRkM}-ul>LG?7;BS!Yxqaa=q|%9 zv&nA2G3YL8k{=7UY_xdWd#HK51Ue6}E+lFx5HO`u#8WbE%O2d#m>2yX#rjJFzWfGQY$9Rd^Dby^9sd>%f|35sk1J${ItOv8SZrG0`v1(P zEz;*9XIW4J@|ZhHZgyKE@wYyR2fGz%015*lFPFV`weWa6(P3F~E-5jowQ)#^RoGCk z!;*dC-==98?%9Gv{Gzs)TKcQg9`D#WQY-LznRjHmr}-Gl?JAf2%buWT>EL31siUXq z`=+zTfFP$Fe|C(FTx%M48cqGVXHn8Nica#QcgnRcG@gVsvDxDx)SNeETb77i_H}CU zqo*mJ`>wLm*clv3)H{t!dU|DCu5Pe6(Ft9>R`D8fmy6^!--#b`Uw_+Rd75?;@qge< z*HZfz&B_?*ulneEj5eE?;A~X*PuQ%~OVqRu(|=&~NR(mlOO$9kw)Gu%@IJIuw?n=$ z_6_;TXs)(Xoubs4bjK}+gr9dhcG|Y8dQ^=fA2w-CbgYOv(ygqS0wDH#=YUytK>`SR*w@Kv1ahlO;rk0bK!Uk)nW1mcDBAKx#swX(}s-_<; zoehU*A>>mZ1%=oxj|;kovpdzk{LhPMSFFlX^m9>rHoEe`b2LGS{XJ=U6jQ2BAp?1#C^yH(29;9TlHF*COz(=)cgNmt+}E0kQa$d5)Pj4C%V8+)R}vZ`!<(tE*}= zSu9CS1>G{;V14U2Sz5QYtQ5l0Pc6T#=N3J^bE1;@Nxk3b1hXP0f$RJyc(Ji8ZOiMF zh*MBEgPo4?{loE25tnjD(;iwT^RI5!6zBH~!3_VsY5zqgM|_)H$Rq6@rMC z>3j`>Z-I>*!M2j|9tX9UA*Mv!GOMou3*QoI_-{L}3m@OD^lGI~-Dxul7_fPCOGXd3 zdE<*${WhjyH(AY3w53L(rE0J^GfNPMb1aB2O-p-TNBG9~WAOyrd^Y{L#isU$dQ}ct z7+`^|wpUfLWDq^xEAPXnzNpF(ukrNHC(yr7(e1b)w!-(@@t|ThZEpNA;IPE!Q$F6b-s;(R2xh z&FKDb&A~!BvJyVW&d%gzTp-cgu;bL-ef;f*=iRWdNwDjs_jai*5>No`4*dsn_l>+% z_9!vRgkhLxpKplr?jZj%FW&er+!Qcx*(5rcqu6Od{mc#Q8TS~jA6~JQAj0m zs4uvgSp6nnT!LTM)L99Ty_tqxPe>end2&f1MbnSx0T)E9jMo7qN=G}cAGt_)nviW$jKJ%hdqH- zg=>&m2%3D2bWzS%3|K}SEO4TpPSS*Q6XBLzpTq-1PeYX)uN=}rqp0&pe*NyZu-8%$ zauA{>(Dk$@tmnJywABP)mVA;DdC&7NFV2yYayySjqF@QAf3Z>CC>5y|@|a)KI=JpB zrw}36RR5m$Zzf6_-Ttw&9;&Z|xNm%VHkY-_CeX_m{yS#q%@!bwkEA6{g78!3R=!jUku9#@{ zA4{DN>!l94wj5;1;Im$=DWOm~2;}-a0vBH;nSA#%OsW%r$=2sQ_*5&~(E*>*8O-%> zLjk`rO3D;MR5wwll8L-CD zI^}i5wreCkRTYN&$}hWe-$U<-*!Q!zI687npP%}AWcK483gN+&zk8$gDTpm?PZ}tS zrsnH|u=av?-!Eq>Kd;b5a15@|v%gm%#R6rZ+6EcF`U1O|ZRWo9RbOZqA!Um~2E-T- z9sn>7|KAIsofZ#zJ;!EEip|o;Z7&^rBmNXJw664w#-XdM0BOz%+ak@)Z{`#QFLpkD z2K?xIZAM@VG;h}4Mkc!f6L(C{&zdN&+ahPjn;ZzR;Nwa zCvyIj=`Gr%3kZ0V4T~9F$(~^W;_ksHo*UgGZNHuDl#Oh8I~l8+Ly7#d<%5x!UR-_7 zcEZSq%k-2Y95YU=8whP6EX7wLN7-MM5`xY>1HMaUT! z^*Im-dfpn+J9WeJ@3@tGp$DaHgZX~yhK1NiauvAblDhh`!rf;!6k&XC*-9zAhnL}d zWg1C@-?6JdQ$97kU%gDJHYgVMaMycTj67a;2Z`e_Yuf(Qu*`1C z^|~lT(mPJG#HCvT2|5UlM1-kG8?yc;1>> z+0ECiRKtm=9}=<;V2ooOGUrA_1nP|IF4cGm%n-5F$*)HY)a`XZU#nancFO6YGv)OX zLIPjLzrv^$lN$=;BTig^0dCX=69N~_)#SIBUVW)TBWBnd~a7Z&S?0_8&}Myj|s;h`gfum zr%6I~9XglG-laWQ%?~vGKk%aVy!@dRubdL&U-RCUF`e!k^&6-We==B~RdnY@`0cY0 z)Y+a*_wEhHe;jdMYZqT74kl*#chK_-%8+g|hLc5J3md{)7L+lxK^N6DR;Rt5^uMY) zX~fcrAMH5}$QA0BMIz5gC@4i8He3hBh|{4WpIt+sb_p|HrHzU_j31a3j$b)TB@T<# zN|uGq$~!NrkA4|-ykykf?;DUiS$zs=Im7VN{m1|_qFkx}Z-*PokQ3+#cR>Guq=koz z#a^H=vSa;B!OQ_QR=u48z7va6%v1JQ;30pHp8p{y;58Rs@ZFaI_el9)@s0Xp>9bYk zI6x|r=la8wV*|hri^xgONsx5+lcn1W?&V-c2KG3AIvX)-cRZnuU#dkPk@EuWy;lB zg_OPa?a&pu@D;l~8f@9>3sItl780B#U~I^Z@qPh?BKu0$-A`$jkoWfLt(1Z_Z+m&L z{9dldRb>>#m2=Sj9X5~*CfYCj3d0v#+4x=FXkw3N-0VHR=&gNQKPIU5l+Dkl%nHoi z-yz+6wg0w0+pGQRor(AfeN!LHzH&1cAD8tg*L}ESRD&&OEK7N9n6kZR{yZCzCza-3 zo8mNAPS|yZ`M5CC<_O$@*U>`##J1Msb|>m8Ck5V>^R^}RR#BT5UkejElDWjA#Z!}*NtZFn(?xp9*zC7MglI3;Rm#I}DuLIPei zA33b*{189`4qhL;8$nQ}{-O=u^OTixt6Gk59Bl)>off<1r-hF?B%=I;DGBD9tj^3V zwk(mRhSE4yp^3uX8zI%&esLI~lY>}YIRDfT99PbQYae&ik7E9EE~V`8S3h7@%rF_z zAzem-07~^EvwR~px~8`Uwi-{AkmPSZMe+!OF`ViRiRzupu4-?pyIc0c=f{m_>Ei_G z>kjW2yM|vlDQK_$23WD;s_;|Q`Sts;9Wf}`$lxfV+X)q6w>I?k6l5LI$0X;UXS9wn z8!+9evZ4GXxf3bJKusX>ky$8`bZpL-YBfZqv1Ki$b!`OefMp%^Jj!+6XxQ<~#=JAD zgD4nad9MdeTogMDooiLcBY2Cq>enrKXtB^X*bAfmBV0ed(>odXt^18HgA~nY88M=g zyIX{SJ;>0^0;HE%HV%oQuY9RWY>3J}q{OzQziKXiGZxzqz~(ns?3algje70I_;!MI zYe9=GjS!QM$k!clX$W*-aLZs9$t0{ z)7uFl=5kXDXpJ{NV#COx9;8|TK49Qn_7N>T)_?|t0aAk@DmdWSyE4k^HN}WOMeGIW z0VC9LWd_@C4cU*;6xhGNU=BRjXS?;huA&>WL1SbcbQKHQL(q6Ws7|B-7RA-t>fMg| zb>(bH9vewYba_vP02i3pW0&n&jv+yecuv5;y0(b6>=-eVvZ6Tj9O8foeU@-krkZSy zbQpPmaYH)|e=1w-aZx)8s39#PLR=h3cpx23xj!@@88JpWHC~=6^hz$6`tHa?hHgOJ z5Ty%hiRYfsxdbPhkVGq^&U>gH#FoBeQo>F}QoDwg_b2W%lJNq#O{4;JdTnb0Obj4W zx(5>tdG@Sm0&9JqUOM)vu5yG+gX~^}T_PLv5s5`nA+h7<4%<7-kP+bQKr`CJ+)f{D zOiywqhwk%JzyjeyGO@B^(YtO)3K>m07B=j1_1*C~gNl4Xsgwvor%df#LpRFv4o1qDIU} zNft(hc>MBZKWm?!c8s=iWH)Vi5M^Pl@(z>LSZMV8DBAwv zN@0UU#x%ex?di0l)f-)+SVPM|>U>5nYJsL2H?O>EQ!*uh&7>t05Rsx zbn(9rCMPs025ypJQdfT;fK>F>mEbtBZ1snP z)dM=ATP}bZUXWeSRCREo?lD-FNH&opGdfkdCn4pU{^JA-c1y+(CU@IqhdCJ%tq7!r z2EtCzr32((<@SVH(Zws%X7YWp+0fUuH|vxib|e|U6g1F3P~;XRZSkj`B*4FDVvXLa za41M+gs@ngP& zEA&Mbo`N`F_t3{XoeNK znpN(%`E#OvgBeRYRWtSTh7VVuSRm(5IO1U_*y-kI%7+g6`JQ-XA-@D=G}L-i)Menx zOuE}BE1|h?ghQXN5&==s`djZi%(+%R*gKp5#f;$iIL)6iniCa#*`fCM&n$srB-iP8 zd!B|$Ea`b`xtJp2;?R3NKP7w&X(t6X}; z=)(Le>oqc3{q>)R*!duM1UN#FV>myVBO)VlyN|M7T)6f3CdD_)Y@WP)d!2!qf3yAv zWT}6{nJjh`bZPKKw6J$ZR2)1Ic4v}e%zShSvI*9DCc*I~zVEz0gP#_NB-7|SBy~|8 z52E^N6ChR_o}I{0pD8vG>%h8Me-7x6|4*j%6G;w9ftf4O0(O6wS7{7WTF~T|Hbnv2 zGd*5DibQ(ARawwh^CwO zmX8Zr^Kix9<#8)g3<(11^v@Uh{1+_K9XwcTA=GRo)Lq0IpF3zTHo5WPRxS1v=n@9t zsO*67m@4r%BjZC}NYN~m0$am8U2%Z6nBkz5zBk#}p)NNJI)+-dCs5%x{s%dw6N{Q- z-6xg#orWYI0l&t+8}3=+1EYs(m;kvILtU<)wMaui(<_Fw@7;O$&AT!1PXU0eq>@CH Ixbe6D0Bn)wGXMYp diff --git a/doc/source/changes.html b/doc/source/changes.html index 966b0c97b2..028e1cf9e5 100644 --- a/doc/source/changes.html +++ b/doc/source/changes.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • diff --git a/doc/source/configuration.html b/doc/source/configuration.html index 044bafc70d..88d7476bec 100644 --- a/doc/source/configuration.html +++ b/doc/source/configuration.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • diff --git a/doc/source/contributing.html b/doc/source/contributing.html index f3d4b5a4dc..9826fc7f4c 100644 --- a/doc/source/contributing.html +++ b/doc/source/contributing.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • @@ -52,7 +52,7 @@

    Contributing Help us help you

    Things To Know


    Where Things Are -

    The official DevStack repository is located at git://github.com/openstack-dev/devstack.git and git://git.openstack.org/openstack-dev/devstack.git, both mirrors of the official repo maintained by Gerrit.

    +

    The official DevStack repository is located at git://git.openstack.org/openstack-dev/devstack.git, replicated from the repo maintained by Gerrit. GitHub also has a mirror at git://github.com/openstack-dev/devstack.git.

    The blueprint and bug trackers are on Launchpad. It should be noted that DevStack generally does not use these as strongly as other projects, but we're trying to change that.

    The Gerrit review queue is, however, used for all commits except for the text of this website. That should also change in the near future.

    diff --git a/doc/source/eucarc.html b/doc/source/eucarc.html index df5297294a..1dd80968d2 100644 --- a/doc/source/eucarc.html +++ b/doc/source/eucarc.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • diff --git a/doc/source/exerciserc.html b/doc/source/exerciserc.html index 7e4dd54f42..313b0a1daf 100644 --- a/doc/source/exerciserc.html +++ b/doc/source/exerciserc.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • diff --git a/doc/source/faq.html b/doc/source/faq.html index 2c74a66a46..7cbb9d2fc5 100644 --- a/doc/source/faq.html +++ b/doc/source/faq.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • @@ -73,7 +73,7 @@

    General Questions

    A: DevStack is optimized for documentation & developers. As some of us use Crowbar for production deployments, we hope developers documenting how they setup systems for new features supports projects like Crowbar.
    Q: I'd like to help!
    -
    A: That isn't a question, but please do! The source for DevStack is github and bug reports go to LaunchPad. Contributions follow the usual process as described in the OpenStack wiki even though DevStack is not an official OpenStack project. This site is housed in the CloudBuilder's github in the gh-pages branch.
    +
    A: That isn't a question, but please do! The source for DevStack is at git.openstack.org and bug reports go to LaunchPad. Contributions follow the usual process as described in the OpenStack wiki even though DevStack is not an official OpenStack project. This site is housed in the CloudBuilder's github in the gh-pages branch.
    Q: Why not use packages?
    A: Unlike packages, DevStack leaves your cloud ready to develop - checkouts of the code and services running in screen. However, many people are doing the hard work of packaging and recipes for production deployments. We hope this script serves as a way to communicate configuration changes between developers and packagers.
    diff --git a/doc/source/guides/multinode-lab.html b/doc/source/guides/multinode-lab.html index 62232efcd2..6a5f98c11d 100644 --- a/doc/source/guides/multinode-lab.html +++ b/doc/source/guides/multinode-lab.html @@ -34,7 +34,7 @@
  • Overview
  • Changes
  • FAQ
    • -
  • GitHub
    • +
  • git.openstack.org
  • Gerrit
    • @@ -129,8 +129,8 @@

    Set Up Ssh

    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyYjfgyPazTvGpd8OaAvtU2utL8W6gWC4JdRS1J95GhNNfQd657yO6s1AH5KYQWktcE6FO/xNUC2reEXSGC7ezy+sGO1kj9Limv5vrvNHvF1+wts0Cmyx61D2nQw35/Qz8BvpdJANL7VwP/cFI/p3yhvx2lsnjFE3hN8xRB2LtLUopUSVdBwACOVUmH2G+2BWMJDjVINd2DPqRIA4Zhy09KJ3O1Joabr0XpQL0yt/I9x8BVHdAx6l9U0tMg9dj5+tAjZvMAFfye3PJcYwwsfJoFxC8w/SLtqlFX7Ehw++8RtvomvuipLdmWCy+T9hIkl+gHYE4cS3OIqXH7f49jdJf jesse@spacey.local" > ~/.ssh/authorized_keys

    Download DevStack

    -

    Grab the latest version of DevStack from github:

    - 
    git clone https://github.com/openstack-dev/devstack.git
+        
    Grab the latest version of DevStack:
    
+        
    git clone https://git.openstack.org/openstack-dev/devstack
 cd devstack
    
 
         
    Up to this point all of the steps apply to each node in the cluster.  From here on
diff --git a/doc/source/guides/pxe-boot.html b/doc/source/guides/pxe-boot.html
index 4dc61a344c..d52b25f276 100644
--- a/doc/source/guides/pxe-boot.html
+++ b/doc/source/guides/pxe-boot.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
diff --git a/doc/source/guides/ramdisk.html b/doc/source/guides/ramdisk.html
index eaef16edaa..23239e2b60 100644
--- a/doc/source/guides/ramdisk.html
+++ b/doc/source/guides/ramdisk.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
@@ -74,7 +74,7 @@ 
    Installation bit blasting
    
         
    Install DevStack
    
         
    Grab the latest version of DevStack via https:
    
 		
    sudo apt-get install git -y
-git clone https://github.com/openstack-dev/devstack.git
+git clone https://git.openstack.org/openstack-dev/devstack
 cd devstack
    
 
         
    Prepare the Boot RAMdisk
    
diff --git a/doc/source/guides/single-machine.html b/doc/source/guides/single-machine.html
index 9471972382..06cc981275 100644
--- a/doc/source/guides/single-machine.html
+++ b/doc/source/guides/single-machine.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
@@ -79,7 +79,7 @@ 
    Add your user
    
         
    Download DevStack
    
         
    We'll grab the latest version of DevStack via https:
    
         
    sudo apt-get install git -y || yum install -y git
-git clone https://github.com/openstack-dev/devstack.git
+git clone https://git.openstack.org/openstack-dev/devstack
 cd devstack
    
 
         
    Run DevStack
    
diff --git a/doc/source/guides/single-vm.html b/doc/source/guides/single-vm.html
index 2f1990a943..d189319623 100644
--- a/doc/source/guides/single-vm.html
+++ b/doc/source/guides/single-vm.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
@@ -96,7 +96,7 @@ 
    Launching With Cloud-Init
    
         DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git
         sudo chown stack:stack /home/stack
         cd /home/stack
-        git clone https://github.com/openstack-dev/devstack.git
+        git clone https://git.openstack.org/openstack-dev/devstack
         cd devstack
         echo '[[local|localrc]]' > local.conf
         echo ADMIN_PASSWORD=password >> local.conf
diff --git a/doc/source/guides/usb-boot.html b/doc/source/guides/usb-boot.html
index 75adc6f865..2a05f89d89 100644
--- a/doc/source/guides/usb-boot.html
+++ b/doc/source/guides/usb-boot.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
diff --git a/doc/source/index.html b/doc/source/index.html
index dada57dd53..5f1efd77fb 100644
--- a/doc/source/index.html
+++ b/doc/source/index.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
@@ -55,9 +55,9 @@ 
    DevStack - an OpenStack Community Production
    
         
    
           
      
             
    1. Setup a fresh supported Linux installation.
      2. 
-            
    2. 
-              Clone devstack from devstack.
-              
      git clone https://github.com/openstack-dev/devstack.git
      
+            
    3. 
+              Clone devstack from git.openstack.org.
+              
      git clone https://git.openstack.org/openstack-dev/devstack
      
             
      4. 
             
    4. 
               Deploy your OpenStack Cloud
@@ -84,7 +84,7 @@ 
      Install Selected OS
      
             
      5. 
             
    5. 
               
      Download DevStack
      
-              
      git clone https://github.com/openstack-dev/devstack.git
      
+              
      git clone https://git.openstack.org/openstack-dev/devstack
      
               
      The devstack repo contains a script that installs OpenStack and templates for configuration files
      
             
      6. 
             
    6. 
diff --git a/doc/source/local.conf.html b/doc/source/local.conf.html
index ed53adfdb0..2635ac6694 100644
--- a/doc/source/local.conf.html
+++ b/doc/source/local.conf.html
@@ -34,7 +34,7 @@
             
    7. Overview
      8. 
             
    8. Changes
      9. 
             
    9. FAQ
      10. 
-            
    10. GitHub
      11. 
+            
    11. git.openstack.org
      12. 
             
    12. Gerrit
      13. 
           
         
    
diff --git a/doc/source/localrc.html b/doc/source/localrc.html
index 0f669bd679..40a20043a2 100644
--- a/doc/source/localrc.html
+++ b/doc/source/localrc.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
diff --git a/doc/source/openrc.html b/doc/source/openrc.html
index da6697fb92..94b253dfe1 100644
--- a/doc/source/openrc.html
+++ b/doc/source/openrc.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
diff --git a/doc/source/overview.html b/doc/source/overview.html
index baee400806..9cee052129 100644
--- a/doc/source/overview.html
+++ b/doc/source/overview.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
diff --git a/doc/source/plugins.html b/doc/source/plugins.html
index 3327128dff..700a209ac9 100644
--- a/doc/source/plugins.html
+++ b/doc/source/plugins.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         
diff --git a/doc/source/stackrc.html b/doc/source/stackrc.html
index d83fbc164c..2df9d385f7 100644
--- a/doc/source/stackrc.html
+++ b/doc/source/stackrc.html
@@ -34,7 +34,7 @@
             
  • Overview
    • 
             
  • Changes
    • 
             
  • FAQ
    • 
-            
  • GitHub
    • 
+            
  • git.openstack.org
    • 
             
  • Gerrit
    • 
           
         

From 50e9b9e25b94b6a088680d93b8873c0368a974b4 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Fri, 17 Oct 2014 11:04:48 -0500
Subject: [PATCH 0080/3421] Remove internal bash8

We use the one installed from pypi in the tox venv, so dump
the original.  Fix up run_tests.sh.

Change-Id: I6b0aa1da9bfa4d742a7210e6ff800d72492a2178
---
 run_tests.sh   |   2 +-
 tools/bash8.py | 215 -------------------------------------------------
 2 files changed, 1 insertion(+), 216 deletions(-)
 delete mode 100755 tools/bash8.py

diff --git a/run_tests.sh b/run_tests.sh
index b1aef4f81f..bf90332698 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -43,7 +43,7 @@ fi
 
 echo "Running bash8..."
 
-./tools/bash8.py -v $FILES
+tox -ebashate
 pass_fail $? 0 bash8
 
 
diff --git a/tools/bash8.py b/tools/bash8.py
deleted file mode 100755
index 3abf87b484..0000000000
--- a/tools/bash8.py
+++ /dev/null
@@ -1,215 +0,0 @@
-#!/usr/bin/env python
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# bash8 - a pep8 equivalent for bash scripts
-#
-# this program attempts to be an automated style checker for bash scripts
-# to fill the same part of code review that pep8 does in most OpenStack
-# projects. It starts from humble beginnings, and will evolve over time.
-#
-# Currently Supported checks
-#
-# Errors
-# Basic white space errors, for consistent indenting
-# - E001: check that lines do not end with trailing whitespace
-# - E002: ensure that indents are only spaces, and not hard tabs
-# - E003: ensure all indents are a multiple of 4 spaces
-# - E004: file did not end with a newline
-#
-# Structure errors
-#
-# A set of rules that help keep things consistent in control blocks.
-# These are ignored on long lines that have a continuation, because
-# unrolling that is kind of "interesting"
-#
-# - E010: *do* not on the same line as *for*
-# - E011: *then* not on the same line as *if*
-# - E012: heredoc didn't end before EOF
-
-import argparse
-import fileinput
-import re
-import sys
-
-ERRORS = 0
-IGNORE = None
-
-
-def register_ignores(ignores):
-    global IGNORE
-    if ignores:
-        IGNORE = '^(' + '|'.join(ignores.split(',')) + ')'
-
-
-def should_ignore(error):
-    return IGNORE and re.search(IGNORE, error)
-
-
-def print_error(error, line,
-                filename=None, filelineno=None):
-    if not filename:
-        filename = fileinput.filename()
-    if not filelineno:
-        filelineno = fileinput.filelineno()
-    global ERRORS
-    ERRORS = ERRORS + 1
-    print("%s: '%s'" % (error, line.rstrip('\n')))
-    print(" - %s: L%s" % (filename, filelineno))
-
-
-def not_continuation(line):
-    return not re.search('\\\\$', line)
-
-
-def check_for_do(line):
-    if not_continuation(line):
-        match = re.match('^\s*(for|while|until)\s', line)
-        if match:
-            operator = match.group(1).strip()
-            if not re.search(';\s*do(\b|$)', line):
-                print_error('E010: Do not on same line as %s' % operator,
-                            line)
-
-
-def check_if_then(line):
-    if not_continuation(line):
-        if re.search('^\s*if \[', line):
-            if not re.search(';\s*then(\b|$)', line):
-                print_error('E011: Then non on same line as if', line)
-
-
-def check_no_trailing_whitespace(line):
-    if re.search('[ \t]+$', line):
-        print_error('E001: Trailing Whitespace', line)
-
-
-def check_indents(line):
-    m = re.search('^(?P[ \t]+)', line)
-    if m:
-        if re.search('\t', m.group('indent')):
-            print_error('E002: Tab indents', line)
-        if (len(m.group('indent')) % 4) != 0:
-            print_error('E003: Indent not multiple of 4', line)
-
-def check_function_decl(line):
-    failed = False
-    if line.startswith("function"):
-        if not re.search('^function [\w-]* \{$', line):
-            failed = True
-    else:
-        # catch the case without "function", e.g.
-        # things like '^foo() {'
-        if re.search('^\s*?\(\)\s*?\{', line):
-            failed = True
-
-    if failed:
-        print_error('E020: Function declaration not in format '
-                    ' "^function name {$"', line)
-
-
-def starts_multiline(line):
-    m = re.search("[^<]<<\s*(?P\w+)", line)
-    if m:
-        return m.group('token')
-    else:
-        return False
-
-
-def end_of_multiline(line, token):
-    if token:
-        return re.search("^%s\s*$" % token, line) is not None
-    return False
-
-
-def check_files(files, verbose):
-    in_multiline = False
-    multiline_start = 0
-    multiline_line = ""
-    logical_line = ""
-    token = False
-    prev_file = None
-    prev_line = ""
-    prev_lineno = 0
-
-    for line in fileinput.input(files):
-        if fileinput.isfirstline():
-            # if in_multiline when the new file starts then we didn't
-            # find the end of a heredoc in the last file.
-            if in_multiline:
-                print_error('E012: heredoc did not end before EOF',
-                            multiline_line,
-                            filename=prev_file, filelineno=multiline_start)
-                in_multiline = False
-
-            # last line of a previous file should always end with a
-            # newline
-            if prev_file and not prev_line.endswith('\n'):
-                print_error('E004: file did not end with a newline',
-                            prev_line,
-                            filename=prev_file, filelineno=prev_lineno)
-
-            prev_file = fileinput.filename()
-
-            if verbose:
-                print "Running bash8 on %s" % fileinput.filename()
-
-        # NOTE(sdague): multiline processing of heredocs is interesting
-        if not in_multiline:
-            logical_line = line
-            token = starts_multiline(line)
-            if token:
-                in_multiline = True
-                multiline_start = fileinput.filelineno()
-                multiline_line = line
-                continue
-        else:
-            logical_line = logical_line + line
-            if not end_of_multiline(line, token):
-                continue
-            else:
-                in_multiline = False
-
-        check_no_trailing_whitespace(logical_line)
-        check_indents(logical_line)
-        check_for_do(logical_line)
-        check_if_then(logical_line)
-        check_function_decl(logical_line)
-
-        prev_line = logical_line
-        prev_lineno = fileinput.filelineno()
-
-def get_options():
-    parser = argparse.ArgumentParser(
-        description='A bash script style checker')
-    parser.add_argument('files', metavar='file', nargs='+',
-                        help='files to scan for errors')
-    parser.add_argument('-i', '--ignore', help='Rules to ignore')
-    parser.add_argument('-v', '--verbose', action='store_true', default=False)
-    return parser.parse_args()
-
-
-def main():
-    opts = get_options()
-    register_ignores(opts.ignore)
-    check_files(opts.files, opts.verbose)
-
-    if ERRORS > 0:
-        print("%d bash8 error(s) found" % ERRORS)
-        return 1
-    else:
-        return 0
-
-
-if __name__ == "__main__":
-    sys.exit(main())

From 24779f65a675f2e78c09b2520ebefcd52b4f0be0 Mon Sep 17 00:00:00 2001
From: Alistair Coles 
Date: Wed, 15 Oct 2014 18:57:59 +0100
Subject: [PATCH 0081/3421] Add swift user and project in non-default domain

Swift has functional tests that check access controls
between users and projects in differing domains. Those tests
are currently skipped by default since swift tests are
configured to use keystone v2 API. In order for those
tests to pass when using keystone v3 API, a user and
project must be setup in a non-default domain.

This patch creates a domain, and a user and project in
that domain, in support of swift functional tests moving
to using keystone v3 API.

Changes:
lib/swift
    - create a new domain, project and user for
      swift testing
    - add new project and user credentials to swift
      test config file
    - set correct identity service url in swift test
      config file according to kesytone API version

functions-common
    - add function get_or_create_domain
    - modify get_or_create_user and get_or_create_project
      functions to optionally specify a domain

Change-Id: I557de01bf196075f2f3adcdf4dd1b43756d8a0ae
---
 functions-common | 44 ++++++++++++++++++++++++++++++++++++++------
 lib/swift        | 33 +++++++++++++++++++++++++++------
 2 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/functions-common b/functions-common
index 333f31da02..4b41bedbbd 100644
--- a/functions-common
+++ b/functions-common
@@ -790,38 +790,70 @@ function policy_add {
     mv ${tmpfile} ${policy_file}
 }
 
+# Gets or creates a domain
+# Usage: get_or_create_domain  
+function get_or_create_domain {
+    local os_url="$KEYSTONE_SERVICE_URI/v3"
+    # Gets domain id
+    local domain_id=$(
+        # Gets domain id
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 domain show $1 \
+            -f value -c id 2>/dev/null ||
+        # Creates new domain
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 domain create $1 \
+            --description "$2" \
+            -f value -c id
+    )
+    echo $domain_id
+}
+
 # Gets or creates user
-# Usage: get_or_create_user    []
+# Usage: get_or_create_user    [ []]
 function get_or_create_user {
     if [[ ! -z "$4" ]]; then
         local email="--email=$4"
     else
         local email=""
     fi
+    local os_cmd="openstack"
+    local domain=""
+    if [[ ! -z "$5" ]]; then
+        domain="--domain=$5"
+        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
+    fi
     # Gets user id
     local user_id=$(
         # Gets user id
-        openstack user show $1 -f value -c id 2>/dev/null ||
+        $os_cmd user show $1 $domain -f value -c id 2>/dev/null ||
         # Creates new user
-        openstack user create \
+        $os_cmd user create \
             $1 \
             --password "$2" \
             --project $3 \
             $email \
+            $domain \
             -f value -c id
     )
     echo $user_id
 }
 
 # Gets or creates project
-# Usage: get_or_create_project 
+# Usage: get_or_create_project  []
 function get_or_create_project {
     # Gets project id
+    local os_cmd="openstack"
+    local domain=""
+    if [[ ! -z "$2" ]]; then
+        domain="--domain=$2"
+        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
+    fi
     local project_id=$(
         # Gets project id
-        openstack project show $1 -f value -c id 2>/dev/null ||
+        $os_cmd project show $1 $domain -f value -c id 2>/dev/null ||
         # Creates new project if not exists
-        openstack project create $1 -f value -c id
+        $os_cmd project create $1 $domain -f value -c id
     )
     echo $project_id
 }
diff --git a/lib/swift b/lib/swift
index 15bd2a9471..c8780ba322 100644
--- a/lib/swift
+++ b/lib/swift
@@ -468,12 +468,21 @@ EOF
     iniset ${testfile} func_test username3 swiftusertest3
     iniset ${testfile} func_test account2 swifttenanttest2
     iniset ${testfile} func_test username2 swiftusertest2
+    iniset ${testfile} func_test account4 swifttenanttest4
+    iniset ${testfile} func_test username4 swiftusertest4
+    iniset ${testfile} func_test password4 testing4
+    iniset ${testfile} func_test domain4 swift_test
 
     if is_service_enabled key;then
         iniuncomment ${testfile} func_test auth_version
+        local auth_vers=$(iniget ${testfile} func_test auth_version)
         iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
         iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
-        iniset ${testfile} func_test auth_prefix /v2.0/
+        if [[ $auth_vers == "3" ]]; then
+            iniset ${testfile} func_test auth_prefix /v3/
+        else
+            iniset ${testfile} func_test auth_prefix /v2.0/
+        fi
     fi
 
     local swift_log_dir=${SWIFT_DATA_DIR}/logs
@@ -548,12 +557,13 @@ function create_swift_disk {
 # since we want to make it compatible with tempauth which use
 # underscores for separators.
 
-# Tenant               User       Roles
+# Tenant             User               Roles          Domain
 # ------------------------------------------------------------------
-# service            swift              service
-# swifttenanttest1   swiftusertest1     admin
-# swifttenanttest1   swiftusertest3     anotherrole
-# swifttenanttest2   swiftusertest2     admin
+# service            swift              service        default
+# swifttenanttest1   swiftusertest1     admin          default
+# swifttenanttest1   swiftusertest3     anotherrole    default
+# swifttenanttest2   swiftusertest2     admin          default
+# swifttenanttest4   swiftusertest4     admin          swift_test
 
 function create_swift_accounts {
     # Defines specific passwords used by tools/create_userrc.sh
@@ -562,6 +572,7 @@ function create_swift_accounts {
     export swiftusertest1_password=testing
     export swiftusertest2_password=testing2
     export swiftusertest3_password=testing3
+    export swiftusertest4_password=testing4
 
     KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 
@@ -603,6 +614,16 @@ function create_swift_accounts {
         "$swift_tenant_test2" "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
     get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
+
+    local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
+    die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
+
+    local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
+    die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
+    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
+        $swift_tenant_test4 "test4@example.com" $swift_domain)
+    die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
+    get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
 }
 
 # init_swift() - Initialize rings

From 4b109297d5b3dcdcdc2c7e4df1a1571cc674ee9f Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Tue, 21 Oct 2014 18:17:48 -0400
Subject: [PATCH 0082/3421] Configure glance CA certificate path in cinder

A new configuration option is available in cinder for setting
the CA path. Configure this option in devstack when native SSL
or TLS proxy is configured.

Change-Id: I2cf9a3b8ba8e4896bd98efe0fb6f7d62fb279d90
Closes-Bug: 1384267
---
 lib/cinder | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/cinder b/lib/cinder
index b30a036d16..29cda42eb2 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -306,6 +306,7 @@ function configure_cinder {
     iniset $CINDER_CONF DEFAULT glance_api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
     if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
         iniset $CINDER_CONF DEFAULT glance_protocol https
+        iniset $CINDER_CONF DEFAULT glance_ca_certificates_file $SSL_BUNDLE_FILE
     fi
 
     # Register SSL certificates if provided

From ed077b2846af2b412247208316e6881bed65e6bb Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 22 Oct 2014 11:35:29 +1100
Subject: [PATCH 0083/3421] Always install latest EPEL

Having issues with the centos7 job, that seem to be because they use
an old snapshot that hasn't updated to the latest EPEL.  Thus we
re-install it to ensure we're getting the latest.

Change-Id: I7930f3e05ee953dab80b06142c17d6aa70f2c2d1
---
 stack.sh | 51 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/stack.sh b/stack.sh
index 3b5fb7459b..ec13338948 100755
--- a/stack.sh
+++ b/stack.sh
@@ -234,36 +234,41 @@ fi
 
 if [[ is_fedora && ( $DISTRO == "rhel6" || $DISTRO == "rhel7" ) ]]; then
     # RHEL requires EPEL for many Open Stack dependencies
-    if ! sudo yum repolist enabled epel | grep -q 'epel'; then
-        echo "EPEL not detected; installing"
-        # This trick installs the latest epel-release from a bootstrap
-        # repo, then removes itself (as epel-release installed the
-        # "real" repo).
-        #
-        # you would think that rather than this, you could use
-        # $releasever directly in .repo file we create below.  However
-        # RHEL gives a $releasever of "6Server" which breaks the path;
-        # see https://bugzilla.redhat.com/show_bug.cgi?id=1150759
-        if [[ $DISTRO == "rhel7" ]]; then
-            epel_ver="7"
-        elif [[ $DISTRO == "rhel6" ]]; then
-            epel_ver="6"
-        fi
 
-        cat <
Date: Tue, 21 Oct 2014 11:40:08 -0400
Subject: [PATCH 0084/3421] Convert all HTML doc to RST

The motivation for this conversion is to have DevStack's docs be
generated using a more familair workflow for OpenStack projects, using
Sphinx.

Changing from raw HTML to RST will also make it easier to contribute
more documentation, as well as making edits less of a hassle.

The majority of the work was done by using Pandoc to convert from HTML
to RST, with minor edits to the output to remove errors in Sphinx.

Change-Id: I9636017965aeade37b950ddf5bdb0c22ab9004bd
---
 doc/source/changes.html               |  70 ----
 doc/source/changes.rst                |  18 +
 doc/source/conf.py                    | 263 ++++++++++++
 doc/source/configuration.html         | 237 -----------
 doc/source/configuration.rst          | 360 +++++++++++++++++
 doc/source/contributing.html          |  88 ----
 doc/source/contributing.rst           | 105 +++++
 doc/source/eucarc.html                |  94 -----
 doc/source/eucarc.rst                 |  57 +++
 doc/source/exerciserc.html            |  88 ----
 doc/source/exerciserc.rst             |  54 +++
 doc/source/faq.html                   | 169 --------
 doc/source/faq.rst                    | 184 +++++++++
 doc/source/guides/multinode-lab.html  | 336 ---------------
 doc/source/guides/multinode-lab.rst   | 382 +++++++++++++++++
 doc/source/guides/pxe-boot.html       | 147 -------
 doc/source/guides/pxe-boot.rst        | 143 +++++++
 doc/source/guides/ramdisk.html        | 119 ------
 doc/source/guides/ramdisk.rst         |  89 ++++
 doc/source/guides/single-machine.html | 131 ------
 doc/source/guides/single-machine.rst  | 145 +++++++
 doc/source/guides/single-vm.html      | 137 -------
 doc/source/guides/single-vm.rst       | 110 +++++
 doc/source/guides/usb-boot.html       |  99 -----
 doc/source/guides/usb-boot.rst        |  60 +++
 doc/source/index.html                 | 562 --------------------------
 doc/source/index.rst                  | 383 ++++++++++++++++++
 doc/source/local.conf.html            |  64 ---
 doc/source/local.conf.rst             |  20 +
 doc/source/localrc.html               |  60 ---
 doc/source/localrc.rst                |  20 +
 doc/source/openrc.html                | 115 ------
 doc/source/openrc.rst                 |  88 ++++
 doc/source/overview.html              | 118 ------
 doc/source/overview.rst               | 103 +++++
 doc/source/plugins.html               | 142 -------
 doc/source/plugins.rst                | 124 ++++++
 doc/source/stackrc.html               | 101 -----
 doc/source/stackrc.rst                |  77 ++++
 setup.cfg                             |  23 ++
 setup.py                              |  22 +
 tox.ini                               |   7 +-
 42 files changed, 2836 insertions(+), 2878 deletions(-)
 delete mode 100644 doc/source/changes.html
 create mode 100644 doc/source/changes.rst
 create mode 100644 doc/source/conf.py
 delete mode 100644 doc/source/configuration.html
 create mode 100644 doc/source/configuration.rst
 delete mode 100644 doc/source/contributing.html
 create mode 100644 doc/source/contributing.rst
 delete mode 100644 doc/source/eucarc.html
 create mode 100644 doc/source/eucarc.rst
 delete mode 100644 doc/source/exerciserc.html
 create mode 100644 doc/source/exerciserc.rst
 delete mode 100644 doc/source/faq.html
 create mode 100644 doc/source/faq.rst
 delete mode 100644 doc/source/guides/multinode-lab.html
 create mode 100644 doc/source/guides/multinode-lab.rst
 delete mode 100644 doc/source/guides/pxe-boot.html
 create mode 100644 doc/source/guides/pxe-boot.rst
 delete mode 100644 doc/source/guides/ramdisk.html
 create mode 100644 doc/source/guides/ramdisk.rst
 delete mode 100644 doc/source/guides/single-machine.html
 create mode 100644 doc/source/guides/single-machine.rst
 delete mode 100644 doc/source/guides/single-vm.html
 create mode 100644 doc/source/guides/single-vm.rst
 delete mode 100644 doc/source/guides/usb-boot.html
 create mode 100644 doc/source/guides/usb-boot.rst
 delete mode 100644 doc/source/index.html
 create mode 100644 doc/source/index.rst
 delete mode 100644 doc/source/local.conf.html
 create mode 100644 doc/source/local.conf.rst
 delete mode 100644 doc/source/localrc.html
 create mode 100644 doc/source/localrc.rst
 delete mode 100644 doc/source/openrc.html
 create mode 100644 doc/source/openrc.rst
 delete mode 100644 doc/source/overview.html
 create mode 100644 doc/source/overview.rst
 delete mode 100644 doc/source/plugins.html
 create mode 100644 doc/source/plugins.rst
 delete mode 100644 doc/source/stackrc.html
 create mode 100644 doc/source/stackrc.rst
 create mode 100644 setup.cfg
 create mode 100755 setup.py

diff --git a/doc/source/changes.html b/doc/source/changes.html
deleted file mode 100644
index 028e1cf9e5..0000000000
--- a/doc/source/changes.html
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-  
-    
-    DevStack - Recent Changes
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
-      
    
-
-        
    
-          
    Recent Changes What's been happening?
    
-          
    These are the commits to DevStack for the last six months.  For the complete list see the DevStack project in Gerrit.
    
-
-          
      
-            
-            
-            
-          
    
-        
            
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/changes.rst b/doc/source/changes.rst
new file mode 100644
index 0000000000..7ce629faa9
--- /dev/null
+++ b/doc/source/changes.rst
@@ -0,0 +1,18 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Recent Changes What's been happening?
+-------------------------------------
+
+These are the commits to DevStack for the last six months. For the
+complete list see `the DevStack project in
+Gerrit `__.
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/conf.py b/doc/source/conf.py
new file mode 100644
index 0000000000..3e9aa45911
--- /dev/null
+++ b/doc/source/conf.py
@@ -0,0 +1,263 @@
+# -*- coding: utf-8 -*-
+#
+# Tempest documentation build configuration file, created by
+# sphinx-quickstart on Tue May 21 17:43:32 2013.
+#
+# This file is execfile()d with the current directory set to its containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import sys
+import os
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#sys.path.insert(0, os.path.abspath('.'))
+
+# -- General configuration -----------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be extensions
+# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+extensions = [ 'oslosphinx' ]
+
+todo_include_todos = True
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+#source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'DevStack'
+copyright = u'2014, OpenStack Foundation'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#language = None
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+#today = ''
+# Else, today_fmt is used as the format for a strftime call.
+#today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['_build']
+
+# The reST default role (used for this markup: `text`) to use for all documents.
+#default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+#add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+add_module_names = False
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+modindex_common_prefix = ['DevStack-doc.']
+
+# -- Options for man page output ----------------------------------------------
+man_pages = []
+
+# -- Options for HTML output ---------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+html_theme = 'nature'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+#html_theme_path = []
+
+# The name for this set of Sphinx documents.  If None, it defaults to
+# " v documentation".
+#html_title = None
+
+# A shorter title for the navigation bar.  Default is the same as html_title.
+#html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+#html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+#html_favicon = None
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+git_cmd = "git log --pretty=format:'%ad, commit %h' --date=local -n1"
+html_last_updated_fmt = os.popen(git_cmd).read()
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+#html_use_smartypants = True
+
+# Custom sidebar templates, maps document names to template names.
+#html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+#html_additional_pages = {}
+
+# If false, no module index is generated.
+html_domain_indices = False
+
+# If false, no index is generated.
+html_use_index = False
+
+# If true, the index is split into individual pages for each letter.
+#html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+#html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+#html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+#html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a  tag referring to it.  The value of this option must be the
+# base URL from which the finished HTML is served.
+#html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+#html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'DevStack-doc'
+
+
+# -- Options for LaTeX output --------------------------------------------------
+
+latex_elements = {
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
+
+# The font size ('10pt', '11pt' or '12pt').
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title, author, documentclass [howto/manual]).
+latex_documents = [
+  ('index', 'DevStack-doc.tex', u'DevStack Docs',
+   u'OpenStack DevStack Team', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+#latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+#latex_use_parts = False
+
+# If true, show page references after internal links.
+#latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+#latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+#latex_appendices = []
+
+# If false, no module index is generated.
+#latex_domain_indices = True
+
+# -- Options for Texinfo output ------------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+  ('index', 'DevStack-doc', u'DevStack Docs',
+   u'OpenStack DevStack Team', 'DevStack-doc', 'DevStack documentation',
+   'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+#texinfo_appendices = []
+
+# If false, no module index is generated.
+#texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#texinfo_show_urls = 'footnote'
+
+
+# -- Options for Epub output ---------------------------------------------------
+
+# Bibliographic Dublin Core info.
+epub_title = u'DevStack Documentation'
+epub_author = u'OpenStack DevStack Team'
+epub_publisher = u'OpenStack DevStack Team'
+epub_copyright = u'2014, OpenStack DevStack Team'
+
+# The language of the text. It defaults to the language option
+# or en if the language is not set.
+#epub_language = ''
+
+# The scheme of the identifier. Typical schemes are ISBN or URL.
+#epub_scheme = ''
+
+# The unique identifier of the text. This can be a ISBN number
+# or the project homepage.
+#epub_identifier = ''
+
+# A unique identification for the text.
+#epub_uid = ''
+
+# A tuple containing the cover image and cover page html template filenames.
+#epub_cover = ()
+
+# HTML files that should be inserted before the pages created by sphinx.
+# The format is a list of tuples containing the path and title.
+#epub_pre_files = []
+
+# HTML files shat should be inserted after the pages created by sphinx.
+# The format is a list of tuples containing the path and title.
+#epub_post_files = []
+
+# A list of files that should not be packed into the epub file.
+#epub_exclude_files = []
+
+# The depth of the table of contents in toc.ncx.
+#epub_tocdepth = 3
+
+# Allow duplicate toc entries.
+#epub_tocdup = True
diff --git a/doc/source/configuration.html b/doc/source/configuration.html
deleted file mode 100644
index 88d7476bec..0000000000
--- a/doc/source/configuration.html
+++ /dev/null
@@ -1,237 +0,0 @@
-
-
-  
-    
-    DevStack - Overview
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-
-        
    
-          
    Configuration Making it go my way
    
-          
    DevStack has always tried to be mostly-functional with a minimal amount of configuration.  The number of options has ballooned as projects add features, new projects added and more combinations need to be tested.  Historically DevStack obtained all local configuration and customizations from a localrc file.  The number of configuration variables that are simply passed-through to the individual project configuration files is also increasing.  The old mechanism for this (EXTRAS_OPTS and friends) required specific code for each file and did not scale well.
    
-          
    In Oct 2013 a new configuration method was introduced (in review 46768) to hopefully simplify this process and meet the following goals:
    
-          
      
-            
    • contain all non-default local configuration in a single file
      • 
-            
    • be backward-compatible with localrc to smooth the transition process
      • 
-            
    • allow settings in arbitrary configuration files to be changed
      • 
-          
    
-
-          
    local.conf
    
-          
    The new configuration file is local.conf and resides in the root DevStack directory like the old localrc file.  It is a modified INI format file that introduces a meta-section header to carry additional information regarding the configuration files to be changed.
    
-
-          
    The new header is similar to a normal INI section header but with double brackets ([[ ... ]]) and two internal fields separated by a pipe (|):
    
-
    [[ <phase> | <config-file-name> ]]
-
    
-
-          
    where <phase> is one of a set of phase names defined by stack.sh and <config-file-name> is the configuration filename.  The filename is eval'ed in the stack.sh context so all environment variables are available and may be used.  Using the project config file variables in the header is strongly suggested (see the NOVA_CONF example below).  If the path of the config file does not exist it is skipped.
    
-
-          
    The defined phases are:
    
-          
      
-            
    • local - extracts localrc from local.conf before stackrc is sourced
      • 
-            
    • pre-install - runs after the system packages are installed but before any of the source repositories are installed
      • 
-            
    • install - runs immediately after the repo installations are complete
      • 
-            
    • post-config - runs after the layer 2 services are configured and before they are started
      • 
-            
    • extra - runs after services are started and before any files in extra.d are executed
-          
    
-
-          
    The file is processed strictly in sequence; meta-sections may be specified more than once but if any settings are duplicated the last to appear in the file will be used.
    
-
    [[post-config|$NOVA_CONF]]
-[DEFAULT]
-use_syslog = True
-
-[osapi_v3]
-enabled = False
-
    
-
-          
    A specific meta-section local|localrc is used to
-          provide a default localrc file (actually
-          .localrc.auto).  This allows all custom settings
-          for DevStack to be contained in a single file.  If localrc
-          exists it will be used instead to preserve backward-compatibility.  More
-          details on the contents of localrc are available.
    
-
    [[local|localrc]]
-FIXED_RANGE=10.254.1.0/24
-ADMIN_PASSWORD=speciale
-LOGFILE=$DEST/logs/stack.sh.log
-
    
-
-          
    Note that Q_PLUGIN_CONF_FILE is unique in that it is assumed to NOT start with a / (slash) character.  A slash will need to be added:
    
-
    [[post-config|/$Q_PLUGIN_CONF_FILE]]
-
    
-
-          
    Also note that the localrc section is sourced as a shell script fragment amd MUST conform to the shell requirements, specifically no whitespace around = (equals).
    
-
-          
-          
    Minimal Configuration
    
-          
    While stack.sh is happy to run without a localrc section in local.conf, devlife is better when there are a few minimal variables set. This is an example of a minimal configuration that touches the values that most often need to be set.
    
-          
      
-            
    • no logging
      • 
-            
    • pre-set the passwords to prevent interactive prompts
      • 
-            
    • move network ranges away from the local network (FIXED_RANGE and FLOATING_RANGE, commented out below)
      • 
-            
    • set the host IP if detection is unreliable (HOST_IP, commented out below)
      • 
-          
    
-          
    [[local|localrc]]
-ADMIN_PASSWORD=secrete
-DATABASE_PASSWORD=$ADMIN_PASSWORD
-RABBIT_PASSWORD=$ADMIN_PASSWORD
-SERVICE_PASSWORD=$ADMIN_PASSWORD
-SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
-#FIXED_RANGE=172.31.1.0/24
-#FLOATING_RANGE=192.168.20.0/25
-#HOST_IP=10.3.4.5
    
-          
    If the *_PASSWORD variables are not set here you will be prompted to enter values for them by stack.sh.
    
-          
    The network ranges must not overlap with any networks in use on the host.  Overlap is not uncommon as RFC-1918 'private' ranges are commonly used for both the local networking and Nova's fixed and floating ranges.
    
-          
    HOST_IP is normally detected on the first run of stack.sh but often is indeterminate on later runs due to the IP being moved from an Ethernet integace to a bridge on the host.  Setting it here also makes it available for openrc to set OS_AUTH_URL.  HOST_IP is not set by default.
    
-
-          
    Common Configuration Variables
    
-          
    
-            
    Set DevStack install directory
    
-            
    Default: DEST=/opt/stack
    
-            The DevStack install directory is set by the DEST variable. By setting it early in the localrc section you can reference it in later variables.  It can be useful to set it even though it is not changed from the default value.
-            
    DEST=/opt/stack
    
-
-            
    stack.sh logging
    
-            
    Defaults: LOGFILE="" LOGDAYS=7 LOG_COLOR=True
    
-            By default stack.sh output is only written to the console where is runs.  It can be sent to a file in addition to the console by setting LOGFILE to the fully-qualified name of the destination log file.  A timestamp will be appended to the given filename for each run of stack.sh.
-            
    LOGFILE=$DEST/logs/stack.sh.log
    
-            Old log files are cleaned automatically if LOGDAYS is set to the number of days of old log files to keep.
-            
    LOGDAYS=1
    
-            The some of the project logs (Nova, Cinder, etc) will be colorized by default (if SYSLOG is not set below); this can be turned off by setting LOG_COLOR False.
-            
    LOG_COLOR=False
    
-
-            
    Screen logging
    
-            
    Default: SCREEN_LOGDIR=""
    
-            By default DevStack runs the OpenStack services using screen which is useful for watching log and debug output.  However, in automated testing the interactive screen sessions may not be available after the fact; setting SCREEN_LOGDIR enables logging of the screen sessions in the specified diretory.  There will be one file per screen session named for the session name and a timestamp.  
-            
    SCREEN_LOGDIR=$DEST/logs/screen
    
-            Note the use of DEST to locate the main install directory; this is why we suggest setting it in local.conf.

    
-
-            
    One syslog to bind them all
    
-            
    Default: SYSLOG=False SYSLOG_HOST=$HOST_IP SYSLOG_PORT=516
    
-            Logging all services to a single syslog can be convenient.  Enable syslogging by setting SYSLOG to True. If the destination log host is not localhost SYSLOG_HOST and SYSLOG_PORT can be used to direct the message stream to the log host.
-            
    SYSLOG=True
-SYSLOG_HOST=$HOST_IP
-SYSLOG_PORT=516
    
-
-            
    A clean install every time
    
-            
    Default: RECLONE=""
    
-            By default stack.sh only clones the project repos if they do not exist in $DEST.  stack.sh will freshen each repo on each run if RECLONE is set to yes. This avoids having to manually remove repos in order to get the current branch from $GIT_BASE.
-            
    RECLONE=yes
    
-
-            
    Swift
    
-            
    Default: SWIFT_HASH="" SWIFT_REPLICAS=1 SWIFT_DATA_DIR=$DEST/data/swift
    
-            Swift is now used as the back-end for the S3-like object store.  When enabled Nova's objectstore (n-obj in ENABLED_SERVICES) is automatically disabled. Enable Swift by adding it services to ENABLED_SERVICES:
-            
    enable_service s-proxy s-object s-container s-account
    
-            Setting Swift's hash value is required and you will be prompted for it if Swift is enabled so just set it to something already:
-            
    SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
    
-            For development purposes the default number of replicas is set to 1 to reduce the overhead required.  To better simulate a production deployment set this to 3 or more.
-            
    SWIFT_REPLICAS=3
    
-            The data for Swift is stored in the source tree by default
-            (in $DEST/swift/data) and can be moved by setting
-            SWIFT_DATA_DIR.  The specified directory will be created if it does not exist.
-            
    SWIFT_DATA_DIR=$DEST/data/swift
    
-            Note: Previously just enabling swift was sufficient to start the Swift services.  That does not provide proper service granularity, particularly in multi-host configurations, and is considered deprecated.  Some service combination tests now check for specific Swift services and the old blanket acceptance will longer work correctly.
-            
    
-
-            
    Service Catalog Backend
    
-            
    Default: KEYSTONE_CATALOG_BACKEND=sql
    
-            DevStack uses Keystone's sql service catalog backend.  An alternate template backend is also available.  However, it does not support the service-* and endpoint-* commands of the keystone CLI.  To
-            do so requires the sql backend be enabled:
-            
    KEYSTONE_CATALOG_BACKEND=template
    
-            DevStack's default configuration in sql mode is set in
-            files/keystone_data.sh
    
-
-            
    Cinder
    
-            
    Default: VOLUME_GROUP="stack-volumes" VOLUME_NAME_PREFIX="volume-" VOLUME_BACKING_FILE_SIZE=10250M
    
-            The logical volume group used to hold the Cinder-managed volumes is set by VOLUME_GROUP, the logical volume name prefix is set with VOLUME_NAME_PREFIX and the size of the volume backing file is set with VOLUME_BACKING_FILE_SIZE.
-            
    VOLUME_GROUP="stack-volumes"
-VOLUME_NAME_PREFIX="volume-"
-VOLUME_BACKING_FILE_SIZE=10250M
    
-
-            
    Multi-host DevStack
    
-            
    Default: MULTI_HOST=False
    
-            Running DevStack with multiple hosts requires a custom local.conf section for each host.  The master is the same as a single host installation with MULTI_HOST=True.  The slaves have fewer services enabled and a couple of host variables pointing to the master.  
-            

    
-            Master
-            
    MULTI_HOST=True
    
-
-            Slave
-            
    MYSQL_HOST=w.x.y.z
-RABBIT_HOST=w.x.y.z
-GLANCE_HOSTPORT=w.x.y.z:9292
-ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
    
-
-            
    API rate limits
    
-            
    Default: API_RATE_LIMIT=True
    
-            Integration tests such as Tempest will likely run afoul of the default rate limits configured for Nova.  Turn off rate limiting during testing by setting API_RATE_LIMIT=False.
-            
    API_RATE_LIMIT=False
    
-          
    
-
-          
    Examples
    
-          
      
-            
    • Eliminate a Cinder pass-through (CINDER_PERIODIC_INTERVAL):
-
      [[post-config|$CINDER_CONF]]
-[DEFAULT]
-periodic_interval = 60
-
      • 
-            
    • Sample local.conf with screen logging enabled:
-
      [[local|localrc]]
-FIXED_RANGE=10.254.1.0/24
-NETWORK_GATEWAY=10.254.1.1
-LOGDAYS=1
-LOGFILE=$DEST/logs/stack.sh.log
-SCREEN_LOGDIR=$DEST/logs/screen
-ADMIN_PASSWORD=quiet
-DATABASE_PASSWORD=$ADMIN_PASSWORD
-RABBIT_PASSWORD=$ADMIN_PASSWORD
-SERVICE_PASSWORD=$ADMIN_PASSWORD
-SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
      • 
-          
    
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
new file mode 100644
index 0000000000..694ad62844
--- /dev/null
+++ b/doc/source/configuration.rst
@@ -0,0 +1,360 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Configuration Making it go my way
+---------------------------------
+
+DevStack has always tried to be mostly-functional with a minimal amount
+of configuration. The number of options has ballooned as projects add
+features, new projects added and more combinations need to be tested.
+Historically DevStack obtained all local configuration and
+customizations from a ``localrc`` file. The number of configuration
+variables that are simply passed-through to the individual project
+configuration files is also increasing. The old mechanism for this
+(``EXTRAS_OPTS`` and friends) required specific code for each file and
+did not scale well.
+
+In Oct 2013 a new configuration method was introduced (in `review
+46768 `__) to hopefully
+simplify this process and meet the following goals:
+
+-  contain all non-default local configuration in a single file
+-  be backward-compatible with ``localrc`` to smooth the transition
+   process
+-  allow settings in arbitrary configuration files to be changed
+
+local.conf
+~~~~~~~~~~
+
+The new configuration file is ``local.conf`` and resides in the root
+DevStack directory like the old ``localrc`` file. It is a modified INI
+format file that introduces a meta-section header to carry additional
+information regarding the configuration files to be changed.
+
+The new header is similar to a normal INI section header but with double
+brackets (``[[ ... ]]``) and two internal fields separated by a pipe
+(``|``):
+
+::
+
+    [[  |  ]]
+
+where ```` is one of a set of phase names defined by ``stack.sh``
+and ```` is the configuration filename. The filename
+is eval'ed in the ``stack.sh`` context so all environment variables are
+available and may be used. Using the project config file variables in
+the header is strongly suggested (see the ``NOVA_CONF`` example below).
+If the path of the config file does not exist it is skipped.
+
+The defined phases are:
+
+-  **local** - extracts ``localrc`` from ``local.conf`` before
+   ``stackrc`` is sourced
+-  **pre-install** - runs after the system packages are installed but
+   before any of the source repositories are installed
+-  **install** - runs immediately after the repo installations are
+   complete
+-  **post-config** - runs after the layer 2 services are configured and
+   before they are started
+-  **extra** - runs after services are started and before any files in
+   ``extra.d`` are executed
+
+The file is processed strictly in sequence; meta-sections may be
+specified more than once but if any settings are duplicated the last to
+appear in the file will be used.
+
+::
+
+    [[post-config|$NOVA_CONF]]
+    [DEFAULT]
+    use_syslog = True
+
+    [osapi_v3]
+    enabled = False
+
+A specific meta-section ``local|localrc`` is used to provide a default
+``localrc`` file (actually ``.localrc.auto``). This allows all custom
+settings for DevStack to be contained in a single file. If ``localrc``
+exists it will be used instead to preserve backward-compatibility. More
+details on the `contents of localrc `__ are available.
+
+::
+
+    [[local|localrc]]
+    FIXED_RANGE=10.254.1.0/24
+    ADMIN_PASSWORD=speciale
+    LOGFILE=$DEST/logs/stack.sh.log
+
+Note that ``Q_PLUGIN_CONF_FILE`` is unique in that it is assumed to
+*NOT* start with a ``/`` (slash) character. A slash will need to be
+added:
+
+::
+
+    [[post-config|/$Q_PLUGIN_CONF_FILE]]
+
+Also note that the ``localrc`` section is sourced as a shell script
+fragment amd MUST conform to the shell requirements, specifically no
+whitespace around ``=`` (equals).
+
+Minimal Configuration
+~~~~~~~~~~~~~~~~~~~~~
+
+While ``stack.sh`` is happy to run without a ``localrc`` section in
+``local.conf``, devlife is better when there are a few minimal variables
+set. This is an example of a minimal configuration that touches the
+values that most often need to be set.
+
+-  no logging
+-  pre-set the passwords to prevent interactive prompts
+-  move network ranges away from the local network (``FIXED_RANGE`` and
+   ``FLOATING_RANGE``, commented out below)
+-  set the host IP if detection is unreliable (``HOST_IP``, commented
+   out below)
+
+::
+
+    [[local|localrc]]
+    ADMIN_PASSWORD=secrete
+    DATABASE_PASSWORD=$ADMIN_PASSWORD
+    RABBIT_PASSWORD=$ADMIN_PASSWORD
+    SERVICE_PASSWORD=$ADMIN_PASSWORD
+    SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
+    #FIXED_RANGE=172.31.1.0/24
+    #FLOATING_RANGE=192.168.20.0/25
+    #HOST_IP=10.3.4.5
+
+If the ``*_PASSWORD`` variables are not set here you will be prompted to
+enter values for them by ``stack.sh``.
+
+The network ranges must not overlap with any networks in use on the
+host. Overlap is not uncommon as RFC-1918 'private' ranges are commonly
+used for both the local networking and Nova's fixed and floating ranges.
+
+``HOST_IP`` is normally detected on the first run of ``stack.sh`` but
+often is indeterminate on later runs due to the IP being moved from an
+Ethernet integace to a bridge on the host. Setting it here also makes it
+available for ``openrc`` to set ``OS_AUTH_URL``. ``HOST_IP`` is not set
+by default.
+
+Common Configuration Variables
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Set DevStack install directory
+    | *Default: ``DEST=/opt/stack``*
+    |  The DevStack install directory is set by the ``DEST`` variable.
+    |  By setting it early in the ``localrc`` section you can reference it
+       in later variables. It can be useful to set it even though it is not
+       changed from the default value.
+    |
+
+    ::
+
+        DEST=/opt/stack
+
+stack.sh logging
+    | *Defaults: ``LOGFILE="" LOGDAYS=7 LOG_COLOR=True``*
+    |  By default ``stack.sh`` output is only written to the console
+       where is runs. It can be sent to a file in addition to the console
+       by setting ``LOGFILE`` to the fully-qualified name of the
+       destination log file. A timestamp will be appended to the given
+       filename for each run of ``stack.sh``.
+    |
+
+    ::
+
+        LOGFILE=$DEST/logs/stack.sh.log
+
+    Old log files are cleaned automatically if ``LOGDAYS`` is set to the
+    number of days of old log files to keep.
+
+    ::
+
+        LOGDAYS=1
+
+    The some of the project logs (Nova, Cinder, etc) will be colorized
+    by default (if ``SYSLOG`` is not set below); this can be turned off
+    by setting ``LOG_COLOR`` False.
+
+    ::
+
+        LOG_COLOR=False
+
+Screen logging
+    | *Default: ``SCREEN_LOGDIR=""``*
+    |  By default DevStack runs the OpenStack services using ``screen``
+       which is useful for watching log and debug output. However, in
+       automated testing the interactive ``screen`` sessions may not be
+       available after the fact; setting ``SCREEN_LOGDIR`` enables logging
+       of the ``screen`` sessions in the specified diretory. There will be
+       one file per ``screen`` session named for the session name and a
+       timestamp.
+    |
+
+    ::
+
+        SCREEN_LOGDIR=$DEST/logs/screen
+
+    *Note the use of ``DEST`` to locate the main install directory; this
+    is why we suggest setting it in ``local.conf``.*
+
+One syslog to bind them all
+    | *Default: ``SYSLOG=False SYSLOG_HOST=$HOST_IP SYSLOG_PORT=516``*
+    |  Logging all services to a single syslog can be convenient. Enable
+       syslogging by setting ``SYSLOG`` to ``True``. If the destination log
+       host is not localhost ``SYSLOG_HOST`` and ``SYSLOG_PORT`` can be
+       used to direct the message stream to the log host.
+    |
+
+    ::
+
+        SYSLOG=True
+        SYSLOG_HOST=$HOST_IP
+        SYSLOG_PORT=516
+
+A clean install every time
+    | *Default: ``RECLONE=""``*
+    |  By default ``stack.sh`` only clones the project repos if they do
+       not exist in ``$DEST``. ``stack.sh`` will freshen each repo on each
+       run if ``RECLONE`` is set to ``yes``. This avoids having to manually
+       remove repos in order to get the current branch from ``$GIT_BASE``.
+    |
+
+    ::
+
+        RECLONE=yes
+
+                    Swift
+                    Default: SWIFT_HASH="" SWIFT_REPLICAS=1 SWIFT_DATA_DIR=$DEST/data/swift
+                    Swift is now used as the back-end for the S3-like object store.  When enabled Nova's objectstore (n-obj in ENABLED_SERVICES) is automatically disabled. Enable Swift by adding it services to ENABLED_SERVICES:
+                    enable_service s-proxy s-object s-container s-account
+
+    Setting Swift's hash value is required and you will be prompted for
+    it if Swift is enabled so just set it to something already:
+
+    ::
+
+        SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
+
+    For development purposes the default number of replicas is set to
+    ``1`` to reduce the overhead required. To better simulate a
+    production deployment set this to ``3`` or more.
+
+    ::
+
+        SWIFT_REPLICAS=3
+
+    The data for Swift is stored in the source tree by default (in
+    ``$DEST/swift/data``) and can be moved by setting
+    ``SWIFT_DATA_DIR``. The specified directory will be created if it
+    does not exist.
+
+    ::
+
+        SWIFT_DATA_DIR=$DEST/data/swift
+
+    *Note: Previously just enabling ``swift`` was sufficient to start
+    the Swift services. That does not provide proper service
+    granularity, particularly in multi-host configurations, and is
+    considered deprecated. Some service combination tests now check for
+    specific Swift services and the old blanket acceptance will longer
+    work correctly.*
+
+Service Catalog Backend
+    | *Default: ``KEYSTONE_CATALOG_BACKEND=sql``*
+    |  DevStack uses Keystone's ``sql`` service catalog backend. An
+       alternate ``template`` backend is also available. However, it does
+       not support the ``service-*`` and ``endpoint-*`` commands of the
+       ``keystone`` CLI. To do so requires the ``sql`` backend be enabled:
+    |
+
+    ::
+
+        KEYSTONE_CATALOG_BACKEND=template
+
+    DevStack's default configuration in ``sql`` mode is set in
+    ``files/keystone_data.sh``
+
+Cinder
+    | Default:
+    | VOLUME_GROUP="stack-volumes" VOLUME_NAME_PREFIX="volume-" VOLUME_BACKING_FILE_SIZE=10250M
+    |  The logical volume group used to hold the Cinder-managed volumes
+       is set by ``VOLUME_GROUP``, the logical volume name prefix is set
+       with ``VOLUME_NAME_PREFIX`` and the size of the volume backing file
+       is set with ``VOLUME_BACKING_FILE_SIZE``.
+    |
+
+    ::
+
+        VOLUME_GROUP="stack-volumes"
+        VOLUME_NAME_PREFIX="volume-"
+        VOLUME_BACKING_FILE_SIZE=10250M
+
+Multi-host DevStack
+    | *Default: ``MULTI_HOST=False``*
+    |  Running DevStack with multiple hosts requires a custom
+       ``local.conf`` section for each host. The master is the same as a
+       single host installation with ``MULTI_HOST=True``. The slaves have
+       fewer services enabled and a couple of host variables pointing to
+       the master.
+    |  **Master**
+
+    ::
+
+        MULTI_HOST=True
+
+    **Slave**
+
+    ::
+
+        MYSQL_HOST=w.x.y.z
+        RABBIT_HOST=w.x.y.z
+        GLANCE_HOSTPORT=w.x.y.z:9292
+        ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
+
+API rate limits
+    | Default: ``API_RATE_LIMIT=True``
+    | Integration tests such as Tempest will likely run afoul of the
+      default rate limits configured for Nova. Turn off rate limiting
+      during testing by setting ``API_RATE_LIMIT=False``.*
+    |
+
+    ::
+
+        API_RATE_LIMIT=False
+
+Examples
+~~~~~~~~
+
+-  Eliminate a Cinder pass-through (``CINDER_PERIODIC_INTERVAL``):
+
+   ::
+
+       [[post-config|$CINDER_CONF]]
+       [DEFAULT]
+       periodic_interval = 60
+
+-  Sample ``local.conf`` with screen logging enabled:
+
+   ::
+
+       [[local|localrc]]
+       FIXED_RANGE=10.254.1.0/24
+       NETWORK_GATEWAY=10.254.1.1
+       LOGDAYS=1
+       LOGFILE=$DEST/logs/stack.sh.log
+       SCREEN_LOGDIR=$DEST/logs/screen
+       ADMIN_PASSWORD=quiet
+       DATABASE_PASSWORD=$ADMIN_PASSWORD
+       RABBIT_PASSWORD=$ADMIN_PASSWORD
+       SERVICE_PASSWORD=$ADMIN_PASSWORD
+       SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/contributing.html b/doc/source/contributing.html
deleted file mode 100644
index 9826fc7f4c..0000000000
--- a/doc/source/contributing.html
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-  
-    
-    DevStack - Overview
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-
-        
    
-          
    Contributing Help us help you
    
-          
    DevStack uses the standard OpenStack contribution process as outlined in the OpenStack wiki 'How To Contribute'.  This means that you will need to meet the requirements of the Contribututors License Agreement (CLA).  If you have already done that for another OpenStack project you are good to go.
    
-
-          
    Things To Know
    
-
-          
    Where Things Are
-          
    The official DevStack repository is located at git://git.openstack.org/openstack-dev/devstack.git, replicated from the repo maintained by Gerrit. GitHub also has a mirror at git://github.com/openstack-dev/devstack.git.
    
-          
    The blueprint and bug trackers are on Launchpad.  It should be noted that DevStack generally does not use these as strongly as other projects, but we're trying to change that.
    
-          
    The Gerrit review queue is, however, used for all commits except for the text of this website.  That should also change in the near future.
    
-
-          
    HACKING.rst
-          
    Like most OpenStack projects, DevStack includes a HACKING.rst file that describes the layout, style and conventions of the project.  Because HACKING.rst is in the main DevStack repo it is considered authoritative.  Much of the content on this page is taken from there.
    
-
-          
    bashate Formatting
-          
    Around the time of the OpenStack Havana release we added a tool to do style checking in DevStack similar to what pep8/flake8 do for Python projects.  It is still _very_ simplistic, focusing mostly on stray whitespace to help prevent -1 on reviews that are otherwise acceptable.  Oddly enough it is called bashate.  It will be expanded to enforce some of the documentation rules in comments that are used in formatting the script pages for devstack.org and possibly even simple code formatting.  Run it on the entire project with ./run_tests.sh.
    
-
-          
    Code
    
-
-          
    Repo Layout
-          
    The DevStack repo generally keeps all of the primary scripts at the root level.
    
-          
    docs - Contains the source for this website.  It is built using tools/build_docs.sh.
    
-          
    exercises - Contains the test scripts used to validate and demonstrate some OpenStack functions.  These scripts know how to exit early or skip services that are not enabled.
    
-          
    extras.d - Contains the dispatch scripts called by the hooks in stack.sh, unstack.sh and clean.sh.  See the plugins docs for more information.
    
-          
    files - Contains a variety of otherwise lost files used in configuring and operating DevStack.  This includes templates for configuration files and the system dependency information.  This is also where image files are downloaded and expanded if necessary.
    
-          
    lib - Contains the sub-scripts specific to each project.  This is where the work of managing a project's services is located.  Each top-level project (Keystone, Nova, etc) has a file here.  Additionally there are some for system services and project plugins.
    
-          
    samples - Contains a sample of the local files not included in the DevStack repo.
    
-          
    tests - the DevStack test suite is rather sparse, mostly consisting of test of specific fragile functions in the functions file.
    
-          
    tools - Contains a collection of stand-alone scripts, some of which have aged a bit (does anyone still do ramdisk installs?).  While these may reference the top-level DevStack configuration they can generally be run alone.  There are also some sub-directories to support specific environments such as XenServer.
    
-          
-
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
new file mode 100644
index 0000000000..e37c06b6a9
--- /dev/null
+++ b/doc/source/contributing.rst
@@ -0,0 +1,105 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Contributing Help us help you
+-----------------------------
+
+DevStack uses the standard OpenStack contribution process as outlined in
+`the OpenStack wiki 'How To
+Contribute' `__. This
+means that you will need to meet the requirements of the Contribututors
+License Agreement (CLA). If you have already done that for another
+OpenStack project you are good to go.
+
+Things To Know
+~~~~~~~~~~~~~~
+
+| 
+| **Where Things Are**
+
+The official DevStack repository is located at
+``git://git.openstack.org/openstack-dev/devstack.git``, replicated from
+the repo maintained by Gerrit. GitHub also has a mirror at
+``git://github.com/openstack-dev/devstack.git``.
+
+The `blueprint `__ and `bug
+trackers `__ are on Launchpad. It
+should be noted that DevStack generally does not use these as strongly
+as other projects, but we're trying to change that.
+
+The `Gerrit review
+queue `__
+is, however, used for all commits except for the text of this website.
+That should also change in the near future.
+
+| 
+| **HACKING.rst**
+
+Like most OpenStack projects, DevStack includes a ``HACKING.rst`` file
+that describes the layout, style and conventions of the project. Because
+``HACKING.rst`` is in the main DevStack repo it is considered
+authoritative. Much of the content on this page is taken from there.
+
+| 
+| **bashate Formatting**
+
+Around the time of the OpenStack Havana release we added a tool to do
+style checking in DevStack similar to what pep8/flake8 do for Python
+projects. It is still \_very\_ simplistic, focusing mostly on stray
+whitespace to help prevent -1 on reviews that are otherwise acceptable.
+Oddly enough it is called ``bashate``. It will be expanded to enforce
+some of the documentation rules in comments that are used in formatting
+the script pages for devstack.org and possibly even simple code
+formatting. Run it on the entire project with ``./run_tests.sh``.
+
+Code
+~~~~
+
+| 
+| **Repo Layout**
+
+The DevStack repo generally keeps all of the primary scripts at the root
+level.
+
+``docs`` - Contains the source for this website. It is built using
+``tools/build_docs.sh``.
+
+``exercises`` - Contains the test scripts used to validate and
+demonstrate some OpenStack functions. These scripts know how to exit
+early or skip services that are not enabled.
+
+``extras.d`` - Contains the dispatch scripts called by the hooks in
+``stack.sh``, ``unstack.sh`` and ``clean.sh``. See `the plugins
+docs `__ for more information.
+
+``files`` - Contains a variety of otherwise lost files used in
+configuring and operating DevStack. This includes templates for
+configuration files and the system dependency information. This is also
+where image files are downloaded and expanded if necessary.
+
+``lib`` - Contains the sub-scripts specific to each project. This is
+where the work of managing a project's services is located. Each
+top-level project (Keystone, Nova, etc) has a file here. Additionally
+there are some for system services and project plugins.
+
+``samples`` - Contains a sample of the local files not included in the
+DevStack repo.
+
+``tests`` - the DevStack test suite is rather sparse, mostly consisting
+of test of specific fragile functions in the ``functions`` file.
+
+``tools`` - Contains a collection of stand-alone scripts, some of which
+have aged a bit (does anyone still do ramdisk installs?). While these
+may reference the top-level DevStack configuration they can generally be
+run alone. There are also some sub-directories to support specific
+environments such as XenServer.
+
+© Openstack Foundation 2011-2013 — An `OpenStack
+program `__ created by
+`Rackspace Cloud
+Builders `__
diff --git a/doc/source/eucarc.html b/doc/source/eucarc.html
deleted file mode 100644
index 1dd80968d2..0000000000
--- a/doc/source/eucarc.html
+++ /dev/null
@@ -1,94 +0,0 @@
-
-
-  
-    
-    DevStack - eucarc
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    eucarc EC2 settings
    
-          
    eucarc creates EC2 credentials for the current user as
-            defined by OS_TENANT_NAME:OS_USERNAME.
-            eucarc sources openrc at the beginning
-            (which in turn sources stackrc and localrc)
-            in order to set credentials to create EC2 credentials in Keystone.
-        
    
-        
    
-
-          
    EC2_URL
    
-          
    Set the EC2 url for euca2ools.  The endpoint is extracted from the
-            service catalog for OS_TENANT_NAME:OS_USERNAME.
-            
    EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
    
-
-          
    S3_URL
    
-          
    Set the S3 endpoint for euca2ools.  The endpoint is extracted from the
-            service catalog for OS_TENANT_NAME:OS_USERNAME.
-            
    export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
    
-
-          
    EC2_ACCESS_KEY, EC2_SECRET_KEY
    
-          
    Create EC2 credentials for the current tenant:user in Keystone.
-            
    CREDS=$(keystone ec2-credentials-create)
-export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
-export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
    
-
-          
    Certificates for Bundling
    
-          
    Euca2ools requires certificate files to enable bundle uploading.
-            The exercise script exercises/bundle.sh demonstrated
-            retrieving certificates using the Nova CLI.
-            
    EC2_PRIVATE_KEY=pk.pem
-EC2_CERT=cert.pem
-NOVA_CERT=cacert.pem
-EUCALYPTUS_CERT=${NOVA_CERT}
    
-
-        
    
-      
    
-        
    © Openstack Foundation 2011-2013 — An
-        OpenStack program
-        created by Rackspace Cloud Builders
    
-      
-
-    
     
-
-  
-
diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
new file mode 100644
index 0000000000..c1065e6f61
--- /dev/null
+++ b/doc/source/eucarc.rst
@@ -0,0 +1,57 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+eucarc EC2 settings
+-------------------
+
+``eucarc`` creates EC2 credentials for the current user as defined by
+``OS_TENANT_NAME:OS_USERNAME``. ``eucarc`` sources ``openrc`` at the
+beginning (which in turn sources ``stackrc`` and ``localrc``) in order
+to set credentials to create EC2 credentials in Keystone.
+
+EC2\_URL
+    Set the EC2 url for euca2ools. The endpoint is extracted from the
+    service catalog for ``OS_TENANT_NAME:OS_USERNAME``.
+
+    ::
+
+        EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+
+S3\_URL
+    Set the S3 endpoint for euca2ools. The endpoint is extracted from
+    the service catalog for ``OS_TENANT_NAME:OS_USERNAME``.
+
+    ::
+
+        export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+
+EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
+    Create EC2 credentials for the current tenant:user in Keystone.
+
+    ::
+
+        CREDS=$(keystone ec2-credentials-create)
+        export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
+        export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
+
+Certificates for Bundling
+    Euca2ools requires certificate files to enable bundle uploading. The
+    exercise script ``exercises/bundle.sh`` demonstrated retrieving
+    certificates using the Nova CLI.
+
+    ::
+
+        EC2_PRIVATE_KEY=pk.pem
+        EC2_CERT=cert.pem
+        NOVA_CERT=cacert.pem
+        EUCALYPTUS_CERT=${NOVA_CERT}
+
+© Openstack Foundation 2011-2013 — An `OpenStack
+program `__ created by
+`Rackspace Cloud
+Builders `__
diff --git a/doc/source/exerciserc.html b/doc/source/exerciserc.html
deleted file mode 100644
index 313b0a1daf..0000000000
--- a/doc/source/exerciserc.html
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-  
-    
-    DevStack - exerciserc
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    exerciserc Exercise settings
    
-          
    exerciserc is used to configure settings for the
-          exercise scripts.  The values shown below are the default values.
-          Thse can all be overridden by setting them in the localrc
-          section.
    
-        
    
-        
    
-
-          
    ACTIVE_TIMEOUT
    
-          
    Max time to wait while vm goes from build to active state
-            
    ACTIVE_TIMEOUT==30
    
-
-          
    ASSOCIATE_TIMEOUT
    
-          
    Max time to wait for proper IP association and dis-association.
-            
    ASSOCIATE_TIMEOUT=15
    
-
-          
    BOOT_TIMEOUT
    
-          
    Max time till the vm is bootable
-            
    BOOT_TIMEOUT=30
    
-
-          
    RUNNING_TIMEOUT
    
-          
    Max time from run instance command until it is running
-            
    RUNNING_TIMEOUT=$(($BOOT_TIMEOUT + $ACTIVE_TIMEOUT))
    
-
-          
    TERMINATE_TIMEOUT
    
-          
    Max time to wait for a vm to terminate
-            
    TERMINATE_TIMEOUT=30
    
-
-        
    
-      
    
-        
    © Openstack Foundation 2011-2013 — An
-        OpenStack program
-        created by Rackspace Cloud Builders
    
-      
-
-    
     
-
-  
-
diff --git a/doc/source/exerciserc.rst b/doc/source/exerciserc.rst
new file mode 100644
index 0000000000..22aff9a9e2
--- /dev/null
+++ b/doc/source/exerciserc.rst
@@ -0,0 +1,54 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+exerciserc Exercise settings
+----------------------------
+
+``exerciserc`` is used to configure settings for the exercise scripts.
+The values shown below are the default values. Thse can all be
+overridden by setting them in the ``localrc`` section.
+
+ACTIVE\_TIMEOUT
+    Max time to wait while vm goes from build to active state
+
+    ::
+
+        ACTIVE_TIMEOUT==30
+
+ASSOCIATE\_TIMEOUT
+    Max time to wait for proper IP association and dis-association.
+
+    ::
+
+        ASSOCIATE_TIMEOUT=15
+
+BOOT\_TIMEOUT
+    Max time till the vm is bootable
+
+    ::
+
+        BOOT_TIMEOUT=30
+
+RUNNING\_TIMEOUT
+    Max time from run instance command until it is running
+
+    ::
+
+        RUNNING_TIMEOUT=$(($BOOT_TIMEOUT + $ACTIVE_TIMEOUT))
+
+TERMINATE\_TIMEOUT
+    Max time to wait for a vm to terminate
+
+    ::
+
+        TERMINATE_TIMEOUT=30
+
+© Openstack Foundation 2011-2013 — An `OpenStack
+program `__ created by
+`Rackspace Cloud
+Builders `__
diff --git a/doc/source/faq.html b/doc/source/faq.html
deleted file mode 100644
index 7cbb9d2fc5..0000000000
--- a/doc/source/faq.html
+++ /dev/null
@@ -1,169 +0,0 @@
-
-
-  
-    
-    DevStack - Frequently Asked Questions
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-
-        
    
-          
    FAQ: Using DevStack Making to behave
    
-
-          
-
-          
    General Questions
    
-
-          
    
-            
    Q: Can I use DevStack for production?
    
-            
    A: No.  We mean it.  Really.  DevStack makes some implementation choices that are not appropriate for production deployments.  We warned you!
    
-
-            
    Q: Then why selinux in enforcing mode?
    
-            
    A: That is the default on current Fedora and RHEL releases.  DevStack has (rightly so) a bad reputation for its security practices; it has always been meant as a development tool first and system integration later.  This is changing as the security issues around OpenStack's use of root (for example) have been tightened and developers need to be better equipped to work in these environments.  stack.sh's use of root is primarily to support the activities that would be handled by packaging in "real" deployments.  To remove additional protections that will be desired/required in production would be a step backward.
    
-
-            
    Q: But selinux is disabled in RHEL 6!
    
-            
    A: Today it is, yes.  That is a specific exception that certain DevStack contributors fought strongly against.  The primary reason it was allowed was to support using RHEL6 as the Python 2.6 test platform and that took priority time-wise.  This will not be the case with RHEL 7.
    
-
-            
    Q: Why a shell script, why not chef/puppet/...
    
-            
    A: The script is meant to be read by humans (as well as ran by computers); it is the primary documentation after all.  Using a recipe system requires everyone to agree and understand chef or puppet.
    
-
-            
    Q: Why not use Crowbar?
    
-            
    A: DevStack is optimized for documentation & developers.  As some of us use Crowbar for production deployments, we hope developers documenting how they setup systems for new features supports projects like Crowbar.
    
-
-            
    Q: I'd like to help!
    
-            
    A: That isn't a question, but please do!  The source for DevStack is at git.openstack.org and bug reports go to LaunchPad.  Contributions follow the usual process as described in the OpenStack wiki even though DevStack is not an official OpenStack project.  This site is housed in the CloudBuilder's github in the gh-pages branch.
    
-
-            
    Q: Why not use packages?
    
-            
    A: Unlike packages, DevStack leaves your cloud ready to develop - checkouts of the code and services running in screen. However, many people are doing the hard work of packaging and recipes for production deployments.  We hope this script serves as a way to communicate configuration changes between developers and packagers.
    
-
-            
    Q: Why isn't $MY_FAVORITE_DISTRO supported?
    
-            
    A: DevStack is meant for developers and those who want to see how OpenStack really works.  DevStack is known to run on the distro/release combinations listed in README.md.  DevStack is only supported on releases other than those documented in README.md on a best-effort basis.
    
-
-            
    Q: What about Fedora/RHEL/CentOS?
    
-            
    A: Fedora and CentOS/RHEL are supported via rpm dependency files and specific checks in stack.sh.  Support will follow the pattern set with the Ubuntu testing, i.e. only a single release of the distro will receive regular testing, others will be handled on a best-effort basis.
    
-
-            
    Q: Are there any differences between Ubuntu and Fedora support?
    
-            
    A: Neutron is not fully supported prior to Fedora 18 due lack of OpenVSwitch packages.
    
-
-            
    Q: How about RHEL 6?
    
-            
    A: RHEL 6 has Python 2.6 and many old modules packaged and is a challenge to support.  There are a number of specific RHEL6 work-arounds in stack.sh to handle this.  But the testing on py26 is valuable so we do it...
    
-          
    
-
-          
    Operation and Configuration
    
-
-          
    
-            
    Q: Can DevStack handle a multi-node installation?
    
-            
    A: Indirectly, yes.  You run DevStack on each node with the appropriate configuration in local.conf.  The primary considerations are turning off the services not required on the secondary nodes, making sure the passwords match and setting the various API URLs to the right place.
    
-
-            
    Q: How can I document the environment that DevStack is using?
    
-            
    A: DevStack includes a script (tools/info.sh) that gathers the versions of the relevant installed apt packages, pip packages and git repos.  This is a good way to verify what Python modules are installed.
    
-
-            
    Q: How do I turn off a service that is enabled by default?
    
-            
    A: Services can be turned off by adding disable_service xxx to local.conf (using n-vol in this example):
-              
    disable_service n-vol
    
-            
    
-
-            
    Q: Is enabling a service that defaults to off done with the reverse of the above?
    
-            
    A: Of course!
-              
    enable_service qpid
    
-            
    
-
-            
    Q: How do I run a specific OpenStack milestone?
    
-            
    A: OpenStack milestones have tags set in the git repo.  Set the appropriate tag in the *_BRANCH variables in local.conf.  Swift is on its own release schedule so pick a tag in the Swift repo that is just before the milestone release.  For example:
-              
    [[local|localrc]]
-GLANCE_BRANCH=stable/grizzly
-HORIZON_BRANCH=stable/grizzly
-KEYSTONE_BRANCH=stable/grizzly
-NOVA_BRANCH=stable/grizzly
-GLANCE_BRANCH=stable/grizzly
-NEUTRON_BRANCH=stable/grizzly
-SWIFT_BRANCH=1.10.0
    
-            
    
-
-            
    Q: Why not use tools/pip-requiresrequirements.txt to grab project dependencies?
    
-            
    The majority of deployments will use packages to install OpenStack that will have distro-based packages as dependencies.  DevStack installs as many of these Python packages as possible to mimic the expected production environemnt. Certain Linux distributions have a 'lack of workaround' in their Python configurations that installs vendor packaged Python modules and pip-installed modules to the SAME DIRECTORY TREE.  This is causing heartache and moving us in the direction of installing more modules from PyPI than vendor packages.  However, that is only being done as necessary as the packaging needs to catch up to the development cycle anyway so this is kept to a minimum.
    
-
-            
    Q: What can I do about RabbitMQ not wanting to start on my fresh new VM?
    
-            
    A: This is often caused by erlang not being happy with the hostname resolving to a reachable IP address.  Make sure your hostname resolves to a working IP address; setting it to 127.0.0.1 in /etc/hosts is often good enough for a single-node installation.  And in an extreme case, use clean.sh to eradicate it and try again.
    
-
-            
    Q: How can I set up Heat in stand-alone configuration?
    
-            
    A: Configure local.conf thusly:
-              
    [[local|localrc]]
-HEAT_STANDALONE=True
-ENABLED_SERVICES=rabbit,mysql,heat,h-api,h-api-cfn,h-api-cw,h-eng
-KEYSTONE_SERVICE_HOST=<keystone-host>
-KEYSTONE_AUTH_HOST=<keystone-host>
    
-            
    
-
-            
    Q: Why are my configuration changes ignored?
    
-            
    A: You may have run into the package prerequisite installation timeout.  tools/install_prereqs.sh has a timer that skips the package installation checks if it was run within the last PREREQ_RERUN_HOURS hours (default is 2).  To override this, set FORCE_PREREQ=1 and the package checks will never be skipped.
-            
    
-          
    
-
-          
    Miscellaneous
    
-
-          
    
-            
    Q: tools/fixup_stuff.sh is broken and shouldn't 'fix' just one version of packages.
    
-            
    A: [Another not-a-question]  No it isn't.  Stuff in there is to correct problems in an environment that need to be fixed elsewhere or may/will be fixed in a future release.  In the case of httplib2 and prettytable specific problems with specific versions are being worked around.  If later releases have those problems than we'll add them to the script.  Knowing about the broken future releases is valuable rather than polling to see if it has been fixed.
    
-          
    
-        
    
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
new file mode 100644
index 0000000000..9adc58ed1c
--- /dev/null
+++ b/doc/source/faq.rst
@@ -0,0 +1,184 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+FAQ: Using DevStack Making to behave
+------------------------------------
+
+-  `General Questions <#general>`__
+-  `Operation and Configuration <#ops_conf>`__
+-  `Miscellaneous <#misc>`__
+
+General Questions
+~~~~~~~~~~~~~~~~~
+
+Q: Can I use DevStack for production?
+    A: No. We mean it. Really. DevStack makes some implementation
+    choices that are not appropriate for production deployments. We
+    warned you!
+Q: Then why selinux in enforcing mode?
+    A: That is the default on current Fedora and RHEL releases. DevStack
+    has (rightly so) a bad reputation for its security practices; it has
+    always been meant as a development tool first and system integration
+    later. This is changing as the security issues around OpenStack's
+    use of root (for example) have been tightened and developers need to
+    be better equipped to work in these environments. ``stack.sh``'s use
+    of root is primarily to support the activities that would be handled
+    by packaging in "real" deployments. To remove additional protections
+    that will be desired/required in production would be a step
+    backward.
+Q: But selinux is disabled in RHEL 6!
+    A: Today it is, yes. That is a specific exception that certain
+    DevStack contributors fought strongly against. The primary reason it
+    was allowed was to support using RHEL6 as the Python 2.6 test
+    platform and that took priority time-wise. This will not be the case
+    with RHEL 7.
+Q: Why a shell script, why not chef/puppet/...
+    A: The script is meant to be read by humans (as well as ran by
+    computers); it is the primary documentation after all. Using a
+    recipe system requires everyone to agree and understand chef or
+    puppet.
+Q: Why not use Crowbar?
+    A: DevStack is optimized for documentation & developers. As some of
+    us use `Crowbar `__ for
+    production deployments, we hope developers documenting how they
+    setup systems for new features supports projects like Crowbar.
+Q: I'd like to help!
+    A: That isn't a question, but please do! The source for DevStack is
+    at
+    `git.openstack.org `__
+    and bug reports go to
+    `LaunchPad `__. Contributions
+    follow the usual process as described in the `OpenStack
+    wiki `__ even though
+    DevStack is not an official OpenStack project. This site is housed
+    in the CloudBuilder's
+    `github `__ in the
+    gh-pages branch.
+Q: Why not use packages?
+    A: Unlike packages, DevStack leaves your cloud ready to develop -
+    checkouts of the code and services running in screen. However, many
+    people are doing the hard work of packaging and recipes for
+    production deployments. We hope this script serves as a way to
+    communicate configuration changes between developers and packagers.
+Q: Why isn't $MY\_FAVORITE\_DISTRO supported?
+    A: DevStack is meant for developers and those who want to see how
+    OpenStack really works. DevStack is known to run on the
+    distro/release combinations listed in ``README.md``. DevStack is
+    only supported on releases other than those documented in
+    ``README.md`` on a best-effort basis.
+Q: What about Fedora/RHEL/CentOS?
+    A: Fedora and CentOS/RHEL are supported via rpm dependency files and
+    specific checks in ``stack.sh``. Support will follow the pattern set
+    with the Ubuntu testing, i.e. only a single release of the distro
+    will receive regular testing, others will be handled on a
+    best-effort basis.
+Q: Are there any differences between Ubuntu and Fedora support?
+    A: Neutron is not fully supported prior to Fedora 18 due lack of
+    OpenVSwitch packages.
+Q: How about RHEL 6?
+    A: RHEL 6 has Python 2.6 and many old modules packaged and is a
+    challenge to support. There are a number of specific RHEL6
+    work-arounds in ``stack.sh`` to handle this. But the testing on py26
+    is valuable so we do it...
+
+Operation and Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Q: Can DevStack handle a multi-node installation?
+    A: Indirectly, yes. You run DevStack on each node with the
+    appropriate configuration in ``local.conf``. The primary
+    considerations are turning off the services not required on the
+    secondary nodes, making sure the passwords match and setting the
+    various API URLs to the right place.
+Q: How can I document the environment that DevStack is using?
+    A: DevStack includes a script (``tools/info.sh``) that gathers the
+    versions of the relevant installed apt packages, pip packages and
+    git repos. This is a good way to verify what Python modules are
+    installed.
+Q: How do I turn off a service that is enabled by default?
+    A: Services can be turned off by adding ``disable_service xxx`` to
+    ``local.conf`` (using ``n-vol`` in this example):
+
+    ::
+
+        disable_service n-vol
+
+Q: Is enabling a service that defaults to off done with the reverse of the above?
+    A: Of course!
+
+    ::
+
+        enable_service qpid
+
+Q: How do I run a specific OpenStack milestone?
+    A: OpenStack milestones have tags set in the git repo. Set the appropriate tag in the ``*_BRANCH`` variables in ``local.conf``.  Swift is on its own release schedule so pick a tag in the Swift repo that is just before the milestone release. For example:
+
+    ::
+
+        [[local|localrc]]
+        GLANCE_BRANCH=stable/grizzly
+        HORIZON_BRANCH=stable/grizzly
+        KEYSTONE_BRANCH=stable/grizzly
+        NOVA_BRANCH=stable/grizzly
+        GLANCE_BRANCH=stable/grizzly
+        NEUTRON_BRANCH=stable/grizzly
+        SWIFT_BRANCH=1.10.0
+
+Q: Why not use [STRIKEOUT:``tools/pip-requires``]\ ``requirements.txt`` to grab project dependencies?
+    [STRIKEOUT:The majority of deployments will use packages to install
+    OpenStack that will have distro-based packages as dependencies.
+    DevStack installs as many of these Python packages as possible to
+    mimic the expected production environemnt.] Certain Linux
+    distributions have a 'lack of workaround' in their Python
+    configurations that installs vendor packaged Python modules and
+    pip-installed modules to the SAME DIRECTORY TREE. This is causing
+    heartache and moving us in the direction of installing more modules
+    from PyPI than vendor packages. However, that is only being done as
+    necessary as the packaging needs to catch up to the development
+    cycle anyway so this is kept to a minimum.
+Q: What can I do about RabbitMQ not wanting to start on my fresh new VM?
+    A: This is often caused by ``erlang`` not being happy with the
+    hostname resolving to a reachable IP address. Make sure your
+    hostname resolves to a working IP address; setting it to 127.0.0.1
+    in ``/etc/hosts`` is often good enough for a single-node
+    installation. And in an extreme case, use ``clean.sh`` to eradicate
+    it and try again.
+Q: How can I set up Heat in stand-alone configuration?
+    A: Configure ``local.conf`` thusly:
+
+    ::
+
+        [[local|localrc]]
+        HEAT_STANDALONE=True
+        ENABLED_SERVICES=rabbit,mysql,heat,h-api,h-api-cfn,h-api-cw,h-eng
+        KEYSTONE_SERVICE_HOST=
+        KEYSTONE_AUTH_HOST=
+
+Q: Why are my configuration changes ignored?
+    A: You may have run into the package prerequisite installation
+    timeout. ``tools/install_prereqs.sh`` has a timer that skips the
+    package installation checks if it was run within the last
+    ``PREREQ_RERUN_HOURS`` hours (default is 2). To override this, set
+    ``FORCE_PREREQ=1`` and the package checks will never be skipped.
+
+Miscellaneous
+~~~~~~~~~~~~~
+
+Q: ``tools/fixup_stuff.sh`` is broken and shouldn't 'fix' just one version of packages.
+    A: [Another not-a-question] No it isn't. Stuff in there is to
+    correct problems in an environment that need to be fixed elsewhere
+    or may/will be fixed in a future release. In the case of
+    ``httplib2`` and ``prettytable`` specific problems with specific
+    versions are being worked around. If later releases have those
+    problems than we'll add them to the script. Knowing about the broken
+    future releases is valuable rather than polling to see if it has
+    been fixed.
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/guides/multinode-lab.html b/doc/source/guides/multinode-lab.html
deleted file mode 100644
index 6a5f98c11d..0000000000
--- a/doc/source/guides/multinode-lab.html
+++ /dev/null
@@ -1,336 +0,0 @@
-
-
-  
-    
-    Multi-Node Lab Server Guide - DevStack
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    Multi-Node Lab: Serious Stuff
    
-        
    Here is OpenStack in a realistic test configuration with multiple physical servers.
    
-      
    
-
-      
    
-        
    
-          
    Prerequisites Linux & Network
    
-        
    
-        
-        
    Minimal Install
    
-        
    You need to have a system with a fresh install of Linux.  You can download the Minimal CD for Ubuntu releases since DevStack will download & install all the additional dependencies.  The netinstall ISO is available for Fedora and CentOS/RHEL.
    
-
-        
    Install a couple of packages to bootstrap configuration:
    
-        
    apt-get install -y git sudo || yum install -y git sudo
    
-
-        
    Network Configuration
    
-        
    The first iteration of the lab uses OpenStack's FlatDHCP network controller so
-        only a single network will be required.  It should be on its own subnet without DHCP;
-        the host IPs and floating IP pool(s) will come out of this block. This example 
-        uses the following:
    
-        
      
-          
    • Gateway: 192.168.42.1
      • 
-          
    • Physical nodes: 192.168.42.11-192.168.42.99
      • 
-          
    • Floating IPs: 192.168.42.128-192.168.42.254
      • 
-        
    
-        
    Configure each node with a static IP.
-        For Ubuntu edit /etc/network/interfaces:
    
-
-        
    auto eth0
-iface eth0 inet static
-    address 192.168.42.11
-    netmask 255.255.255.0
-    gateway 192.168.42.1
-
    
-        
    For Fedora and CentOS/RHEL edit
-        /etc/sysconfig/network-scripts/ifcfg-eth0:
    
-
-        
    BOOTPROTO=static
-IPADDR=192.168.42.11
-NETMASK=255.255.255.0
-GATEWAY=192.168.42.1
-
    
-
-
-
-      
    
-
-      
    
-        
    
-          
    Installation shake and bake
    
-        
    
-
-        
    Add the DevStack User
    
-        
    OpenStack runs as a non-root user that has sudo access to root.  There is nothing special
-        about the name, we'll use stack here. Every node must use the same name and
-        preferably uid. If you created a user during the OS install you can use it and give it
-        sudo privileges below.  Otherwise create the stack user:
    
-        
    groupadd stack
-useradd -g stack -s /bin/bash -d /opt/stack -m stack
    
-        
    This user will be making many changes to your system during installation and operation
-        so it needs to have sudo privileges to root without a password:
    
-        
    echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
    
-        
    From here on use the stack user.  Logout and login as the 
-        stack user.
    
-
-        
    Set Up Ssh
    
-        
    Set up the stack user on each node with an ssh key for access:
    
-        
    mkdir ~/.ssh; chmod 700 ~/.ssh
-echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyYjfgyPazTvGpd8OaAvtU2utL8W6gWC4JdRS1J95GhNNfQd657yO6s1AH5KYQWktcE6FO/xNUC2reEXSGC7ezy+sGO1kj9Limv5vrvNHvF1+wts0Cmyx61D2nQw35/Qz8BvpdJANL7VwP/cFI/p3yhvx2lsnjFE3hN8xRB2LtLUopUSVdBwACOVUmH2G+2BWMJDjVINd2DPqRIA4Zhy09KJ3O1Joabr0XpQL0yt/I9x8BVHdAx6l9U0tMg9dj5+tAjZvMAFfye3PJcYwwsfJoFxC8w/SLtqlFX7Ehw++8RtvomvuipLdmWCy+T9hIkl+gHYE4cS3OIqXH7f49jdJf jesse@spacey.local" > ~/.ssh/authorized_keys
    
-
-        
    Download DevStack
    
-        
    Grab the latest version of DevStack:
    
-        
    git clone https://git.openstack.org/openstack-dev/devstack
-cd devstack
    
-
-        
    Up to this point all of the steps apply to each node in the cluster.  From here on
-        there are some differences between the cluster controller (aka 'head node') and the
-        compute nodes.
    
-
-        
    Configure Cluster Controller
    
-        
    The cluster controller runs all OpenStack services.  Configure the cluster controller's DevStack in local.conf:
    
-        
    [[local|localrc]]
-HOST_IP=192.168.42.11
-FLAT_INTERFACE=eth0
-FIXED_RANGE=10.4.128.0/20
-FIXED_NETWORK_SIZE=4096
-FLOATING_RANGE=192.168.42.128/25
-MULTI_HOST=1
-LOGFILE=/opt/stack/logs/stack.sh.log
-ADMIN_PASSWORD=labstack
-MYSQL_PASSWORD=supersecret
-RABBIT_PASSWORD=supersecrete
-SERVICE_PASSWORD=supersecrete
-SERVICE_TOKEN=xyzpdqlazydog
    
-
-
-        
    In the multi-node configuration the first 10 or so IPs in the private subnet are usually reserved.  Add this to local.sh to have it run after every stack.sh run:
    
-        
    for i in `seq 2 10`; do /opt/stack/nova/bin/nova-manage fixed reserve 10.4.128.$i; done
    
-
-        
    Fire up OpenStack:
    
-        
    ./stack.sh
    
-        
    A stream of activity ensues.  When complete you will see a summary of
-        stack.sh's work, including the relevant URLs, accounts and passwords to poke at your
-        shiny new OpenStack.  The most recent log file is available in stack.sh.log.
    
-
-        
    Configure Compute Nodes
    
-        
    The compute nodes only run the OpenStack worker services.  For additional machines, create a local.conf with:
    
-        
    HOST_IP=192.168.42.12 # change this per compute node
-FLAT_INTERFACE=eth0
-FIXED_RANGE=10.4.128.0/20
-FIXED_NETWORK_SIZE=4096
-FLOATING_RANGE=192.168.42.128/25
-MULTI_HOST=1
-LOGFILE=/opt/stack/logs/stack.sh.log
-ADMIN_PASSWORD=labstack
-MYSQL_PASSWORD=supersecret
-RABBIT_PASSWORD=supersecrete
-SERVICE_PASSWORD=supersecrete
-SERVICE_TOKEN=xyzpdqlazydog
-DATABASE_TYPE=mysql
-SERVICE_HOST=192.168.42.11
-MYSQL_HOST=192.168.42.11
-RABBIT_HOST=192.168.42.11
-GLANCE_HOSTPORT=192.168.42.11:9292
-ENABLED_SERVICES=n-cpu,n-net,n-api,c-sch,c-api,c-vol
-NOVA_VNC_ENABLED=True
-NOVNCPROXY_URL="http://192.168.42.11:6080/vnc_auto.html"
-VNCSERVER_LISTEN=$HOST_IP
-VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN
-
    
-
-
-
-        
    Fire up OpenStack:
    
-        
    ./stack.sh
    
-        
    A stream of activity ensues.  When complete you will see a summary of
-        stack.sh's work, including the relevant URLs, accounts and passwords to poke at your
-        shiny new OpenStack.  The most recent log file is available in stack.sh.log.
    
-
-        
    Cleaning Up After DevStack
    
-        
    Shutting down OpenStack is now as simple as running the included unstack.sh script:
    
-        
    ./unstack.sh
    
-
-        
    A more aggressive cleanup can be performed using clean.sh.  It removes certain troublesome packages and attempts to leave the system in a state where changing the database or queue manager can be reliably performed.
-        
    ./clean.sh
    
-
-        
    Sometimes running instances are not cleaned up.  DevStack attempts to do this when it
-        runs but there are times it needs to still be done by hand:
    
-        
    sudo rm -rf /etc/libvirt/qemu/inst*
-sudo virsh list | grep inst | awk '{print $1}' | xargs -n1 virsh destroy
    
-
-      
    
-
-      
    
-        
    
-          
    Options pimp your stack
    
-        
    
-
-        
    Additional Users
    
-        
    DevStack creates two OpenStack users (admin and demo) and two tenants (also admin and demo).  admin is exactly what it sounds like, a privileged administrative account that is a member of both the admin and demo tenants.  demo is a normal user account that is only a member of the demo tenant.  Creating additional OpenStack users can be done through the dashboard, sometimes it is easier to do them in bulk from a script, especially since they get blown away every time
-        stack.sh runs.  The following steps are ripe for scripting:
    
-        
    # Get admin creds
-. openrc admin admin
-        
-# List existing tenants
-keystone tenant-list
-
-# List existing users
-keystone user-list
-
-# Add a user and tenant
-NAME=bob
-PASSWORD=BigSecrete
-TENANT=$NAME
-keystone tenant-create --name=$NAME
-keystone user-create --name=$NAME --pass=$PASSWORD
-keystone user-role-add --user-id=<bob-user-id> --tenant-id=<bob-tenant-id> --role-id=<member-role-id>
-# member-role-id comes from the existing member role created by stack.sh
-# keystone role-list
    
-
-        
    Swift
    
-        
    Swift requires a significant amount of resources and is disabled by default in DevStack.
-        The support in DevStack is geared toward a minimal installation but can be used for
-        testing.  To implement a true multi-node test of Swift required more than DevStack provides.  
-        Enabling it is as simple as enabling the swift service in local.conf:
-        
    enable_service s-proxy s-object s-container s-account
    
-
-        
    Swift will put its data files in SWIFT_DATA_DIR (default /opt/stack/data/swift).
-        The size of the data 'partition' created (really a loop-mounted file) is set by
-        SWIFT_LOOPBACK_DISK_SIZE.  The Swift config files are located in 
-        SWIFT_CONFIG_DIR (default /etc/swift).  All of these settings can be overridden in
-        (wait for it...) local.conf.
    
-
-        
    Volumes
    
-        
    DevStack will automatically use an existing LVM volume group named stack-volumes 
-        to store cloud-created volumes. If stack-volumes doesn't exist, DevStack 
-        will set up a 5Gb loop-mounted file to contain it.  This obviously limits the
-        number and size of volumes that can be created inside OpenStack.  The size can be
-        overridden by setting VOLUME_BACKING_FILE_SIZE in local.conf.
    
-
-        
    stack-volumes can be pre-created on any physical volume supported by
-        Linux's LVM.  The name of the volume group can be changed by setting VOLUME_GROUP
-        in localrc. stack.sh deletes
-        all logical volumes in VOLUME_GROUP that begin with 
-        VOLUME_NAME_PREFIX as part of cleaning up from previous runs.
-        It is recommended to not use the root volume group as VOLUME_GROUP.
    
-
-        
    The details of creating the volume group depends on the server hardware involved 
-        but looks something like this:
    
-        
    pvcreate /dev/sdc
-vgcreate stack-volumes /dev/sdc
    
-
-        
    Syslog
    
-        
    DevStack is capable of using rsyslog to aggregate logging across the cluster.
-        It is off by default; to turn it on set SYSLOG=True in local.conf.
-        SYSLOG_HOST defaults to HOST_IP; on the compute nodes it 
-        must be set to the IP of the cluster controller to send syslog output there.  In the example
-        above, add this to the compute node local.conf:
    
-        
    SYSLOG_HOST=192.168.42.11
    
-
-        
    Using Alternate Repositories/Branches
    
-        
    The git repositories for all of the OpenStack services are defined in stackrc.
-        Since this file is a part of the DevStack package changes to it will probably be overwritten
-        as updates are applied.  Every setting in stackrc can be redefined in
-        local.conf.
    
-
-        
    To change the repository or branch that a particular OpenStack service is created from,
-        simply change the value of *_REPO or *_BRANCH corresponding to
-        that service.
    
-
-        
    After making changes to the repository or branch, if RECLONE is not set
-        in localrc it may be necessary to remove the corresponding directory from
-        /opt/stack to force git to re-clone the repository.
    
-
-        
    For example, to pull Nova from a proposed release candidate in the primary Nova 
-        repository:
    
-        
    NOVA_BRANCH=rc-proposed
    
-
-        
    To pull Glance from an experimental fork:
    
-        
    GLANCE_BRANCH=try-something-big
-GLANCE_REPO=https://github.com/mcuser/glance.git
    
-
-      
    
-
-      
    
-        
    
-          
    Notes stuff you might need to know
    
-        
    
-
-        
    Reset the Bridge
    
-        
    How to reset the bridge configuration:
    
-        
    sudo brctl delif br100 eth0.926
-sudo ip link set dev br100 down
-sudo brctl delbr br100
    
-
-
-        
    Set MySQL Password
    
-        
    If you forgot to set the root password you can do this:
    
-        
    mysqladmin -u root -pnova password 'supersecret'
    
-
-      
    
-
-      
-
-    
     
-
-  
-
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
new file mode 100644
index 0000000000..c7901a21fb
--- /dev/null
+++ b/doc/source/guides/multinode-lab.rst
@@ -0,0 +1,382 @@
+`DevStack `__
+
+-  `Overview <../overview.html>`__
+-  `Changes <../changes.html>`__
+-  `FAQ <../faq.html>`__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Multi-Node Lab: Serious Stuff
+=============================
+
+Here is OpenStack in a realistic test configuration with multiple
+physical servers.
+
+Prerequisites Linux & Network
+-----------------------------
+
+Minimal Install
+~~~~~~~~~~~~~~~
+
+You need to have a system with a fresh install of Linux. You can
+download the `Minimal
+CD `__ for
+Ubuntu releases since DevStack will download & install all the
+additional dependencies. The netinstall ISO is available for
+`Fedora `__
+and
+`CentOS/RHEL `__.
+
+Install a couple of packages to bootstrap configuration:
+
+::
+
+    apt-get install -y git sudo || yum install -y git sudo
+
+Network Configuration
+~~~~~~~~~~~~~~~~~~~~~
+
+The first iteration of the lab uses OpenStack's FlatDHCP network
+controller so only a single network will be required. It should be on
+its own subnet without DHCP; the host IPs and floating IP pool(s) will
+come out of this block. This example uses the following:
+
+-  Gateway: 192.168.42.1
+-  Physical nodes: 192.168.42.11-192.168.42.99
+-  Floating IPs: 192.168.42.128-192.168.42.254
+
+Configure each node with a static IP. For Ubuntu edit
+``/etc/network/interfaces``:
+
+::
+
+    auto eth0
+    iface eth0 inet static
+        address 192.168.42.11
+        netmask 255.255.255.0
+        gateway 192.168.42.1
+
+For Fedora and CentOS/RHEL edit
+``/etc/sysconfig/network-scripts/ifcfg-eth0``:
+
+::
+
+    BOOTPROTO=static
+    IPADDR=192.168.42.11
+    NETMASK=255.255.255.0
+    GATEWAY=192.168.42.1
+
+Installation shake and bake
+---------------------------
+
+Add the DevStack User
+~~~~~~~~~~~~~~~~~~~~~
+
+OpenStack runs as a non-root user that has sudo access to root. There is
+nothing special about the name, we'll use ``stack`` here. Every node
+must use the same name and preferably uid. If you created a user during
+the OS install you can use it and give it sudo privileges below.
+Otherwise create the stack user:
+
+::
+
+    groupadd stack
+    useradd -g stack -s /bin/bash -d /opt/stack -m stack
+
+This user will be making many changes to your system during installation
+and operation so it needs to have sudo privileges to root without a
+password:
+
+::
+
+    echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+From here on use the ``stack`` user. **Logout** and **login** as the
+``stack`` user.
+
+Set Up Ssh
+~~~~~~~~~~
+
+Set up the stack user on each node with an ssh key for access:
+
+::
+
+    mkdir ~/.ssh; chmod 700 ~/.ssh
+    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyYjfgyPazTvGpd8OaAvtU2utL8W6gWC4JdRS1J95GhNNfQd657yO6s1AH5KYQWktcE6FO/xNUC2reEXSGC7ezy+sGO1kj9Limv5vrvNHvF1+wts0Cmyx61D2nQw35/Qz8BvpdJANL7VwP/cFI/p3yhvx2lsnjFE3hN8xRB2LtLUopUSVdBwACOVUmH2G+2BWMJDjVINd2DPqRIA4Zhy09KJ3O1Joabr0XpQL0yt/I9x8BVHdAx6l9U0tMg9dj5+tAjZvMAFfye3PJcYwwsfJoFxC8w/SLtqlFX7Ehw++8RtvomvuipLdmWCy+T9hIkl+gHYE4cS3OIqXH7f49jdJf jesse@spacey.local" > ~/.ssh/authorized_keys
+
+Download DevStack
+~~~~~~~~~~~~~~~~~
+
+Grab the latest version of DevStack:
+
+::
+
+    git clone https://git.openstack.org/openstack-dev/devstack
+    cd devstack
+
+Up to this point all of the steps apply to each node in the cluster.
+From here on there are some differences between the cluster controller
+(aka 'head node') and the compute nodes.
+
+Configure Cluster Controller
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The cluster controller runs all OpenStack services. Configure the
+cluster controller's DevStack in ``local.conf``:
+
+::
+
+    [[local|localrc]]
+    HOST_IP=192.168.42.11
+    FLAT_INTERFACE=eth0
+    FIXED_RANGE=10.4.128.0/20
+    FIXED_NETWORK_SIZE=4096
+    FLOATING_RANGE=192.168.42.128/25
+    MULTI_HOST=1
+    LOGFILE=/opt/stack/logs/stack.sh.log
+    ADMIN_PASSWORD=labstack
+    MYSQL_PASSWORD=supersecret
+    RABBIT_PASSWORD=supersecrete
+    SERVICE_PASSWORD=supersecrete
+    SERVICE_TOKEN=xyzpdqlazydog
+
+In the multi-node configuration the first 10 or so IPs in the private
+subnet are usually reserved. Add this to ``local.sh`` to have it run
+after every ``stack.sh`` run:
+
+::
+
+    for i in `seq 2 10`; do /opt/stack/nova/bin/nova-manage fixed reserve 10.4.128.$i; done
+
+Fire up OpenStack:
+
+::
+
+    ./stack.sh
+
+A stream of activity ensues. When complete you will see a summary of
+``stack.sh``'s work, including the relevant URLs, accounts and passwords
+to poke at your shiny new OpenStack. The most recent log file is
+available in ``stack.sh.log``.
+
+Configure Compute Nodes
+~~~~~~~~~~~~~~~~~~~~~~~
+
+The compute nodes only run the OpenStack worker services. For additional
+machines, create a ``local.conf`` with:
+
+::
+
+    HOST_IP=192.168.42.12 # change this per compute node
+    FLAT_INTERFACE=eth0
+    FIXED_RANGE=10.4.128.0/20
+    FIXED_NETWORK_SIZE=4096
+    FLOATING_RANGE=192.168.42.128/25
+    MULTI_HOST=1
+    LOGFILE=/opt/stack/logs/stack.sh.log
+    ADMIN_PASSWORD=labstack
+    MYSQL_PASSWORD=supersecret
+    RABBIT_PASSWORD=supersecrete
+    SERVICE_PASSWORD=supersecrete
+    SERVICE_TOKEN=xyzpdqlazydog
+    DATABASE_TYPE=mysql
+    SERVICE_HOST=192.168.42.11
+    MYSQL_HOST=192.168.42.11
+    RABBIT_HOST=192.168.42.11
+    GLANCE_HOSTPORT=192.168.42.11:9292
+    ENABLED_SERVICES=n-cpu,n-net,n-api,c-sch,c-api,c-vol
+    NOVA_VNC_ENABLED=True
+    NOVNCPROXY_URL="http://192.168.42.11:6080/vnc_auto.html"
+    VNCSERVER_LISTEN=$HOST_IP
+    VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN
+
+Fire up OpenStack:
+
+::
+
+    ./stack.sh
+
+A stream of activity ensues. When complete you will see a summary of
+``stack.sh``'s work, including the relevant URLs, accounts and passwords
+to poke at your shiny new OpenStack. The most recent log file is
+available in ``stack.sh.log``.
+
+Cleaning Up After DevStack
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Shutting down OpenStack is now as simple as running the included
+``unstack.sh`` script:
+
+::
+
+    ./unstack.sh
+
+A more aggressive cleanup can be performed using ``clean.sh``. It
+removes certain troublesome packages and attempts to leave the system in
+a state where changing the database or queue manager can be reliably
+performed.
+
+::
+
+    ./clean.sh
+
+Sometimes running instances are not cleaned up. DevStack attempts to do
+this when it runs but there are times it needs to still be done by hand:
+
+::
+
+    sudo rm -rf /etc/libvirt/qemu/inst*
+    sudo virsh list | grep inst | awk '{print $1}' | xargs -n1 virsh destroy
+
+Options pimp your stack
+-----------------------
+
+Additional Users
+~~~~~~~~~~~~~~~~
+
+DevStack creates two OpenStack users (``admin`` and ``demo``) and two
+tenants (also ``admin`` and ``demo``). ``admin`` is exactly what it
+sounds like, a privileged administrative account that is a member of
+both the ``admin`` and ``demo`` tenants. ``demo`` is a normal user
+account that is only a member of the ``demo`` tenant. Creating
+additional OpenStack users can be done through the dashboard, sometimes
+it is easier to do them in bulk from a script, especially since they get
+blown away every time ``stack.sh`` runs. The following steps are ripe
+for scripting:
+
+::
+
+    # Get admin creds
+    . openrc admin admin
+            
+    # List existing tenants
+    keystone tenant-list
+
+    # List existing users
+    keystone user-list
+
+    # Add a user and tenant
+    NAME=bob
+    PASSWORD=BigSecrete
+    TENANT=$NAME
+    keystone tenant-create --name=$NAME
+    keystone user-create --name=$NAME --pass=$PASSWORD
+    keystone user-role-add --user-id= --tenant-id= --role-id=
+    # member-role-id comes from the existing member role created by stack.sh
+    # keystone role-list
+
+Swift
+~~~~~
+
+Swift requires a significant amount of resources and is disabled by
+default in DevStack. The support in DevStack is geared toward a minimal
+installation but can be used for testing. To implement a true multi-node
+test of Swift required more than DevStack provides. Enabling it is as
+simple as enabling the ``swift`` service in ``local.conf``:
+
+::
+
+    enable_service s-proxy s-object s-container s-account
+
+Swift will put its data files in ``SWIFT_DATA_DIR`` (default
+``/opt/stack/data/swift``). The size of the data 'partition' created
+(really a loop-mounted file) is set by ``SWIFT_LOOPBACK_DISK_SIZE``. The
+Swift config files are located in ``SWIFT_CONFIG_DIR`` (default
+``/etc/swift``). All of these settings can be overridden in (wait for
+it...) ``local.conf``.
+
+Volumes
+~~~~~~~
+
+DevStack will automatically use an existing LVM volume group named
+``stack-volumes`` to store cloud-created volumes. If ``stack-volumes``
+doesn't exist, DevStack will set up a 5Gb loop-mounted file to contain
+it. This obviously limits the number and size of volumes that can be
+created inside OpenStack. The size can be overridden by setting
+``VOLUME_BACKING_FILE_SIZE`` in ``local.conf``.
+
+``stack-volumes`` can be pre-created on any physical volume supported by
+Linux's LVM. The name of the volume group can be changed by setting
+``VOLUME_GROUP`` in ``localrc``. ``stack.sh`` deletes all logical
+volumes in ``VOLUME_GROUP`` that begin with ``VOLUME_NAME_PREFIX`` as
+part of cleaning up from previous runs. It is recommended to not use the
+root volume group as ``VOLUME_GROUP``.
+
+The details of creating the volume group depends on the server hardware
+involved but looks something like this:
+
+::
+
+    pvcreate /dev/sdc
+    vgcreate stack-volumes /dev/sdc
+
+Syslog
+~~~~~~
+
+DevStack is capable of using ``rsyslog`` to aggregate logging across the
+cluster. It is off by default; to turn it on set ``SYSLOG=True`` in
+``local.conf``. ``SYSLOG_HOST`` defaults to ``HOST_IP``; on the compute
+nodes it must be set to the IP of the cluster controller to send syslog
+output there. In the example above, add this to the compute node
+``local.conf``:
+
+::
+
+    SYSLOG_HOST=192.168.42.11
+
+Using Alternate Repositories/Branches
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The git repositories for all of the OpenStack services are defined in
+``stackrc``. Since this file is a part of the DevStack package changes
+to it will probably be overwritten as updates are applied. Every setting
+in ``stackrc`` can be redefined in ``local.conf``.
+
+To change the repository or branch that a particular OpenStack service
+is created from, simply change the value of ``*_REPO`` or ``*_BRANCH``
+corresponding to that service.
+
+After making changes to the repository or branch, if ``RECLONE`` is not
+set in ``localrc`` it may be necessary to remove the corresponding
+directory from ``/opt/stack`` to force git to re-clone the repository.
+
+For example, to pull Nova from a proposed release candidate in the
+primary Nova repository:
+
+::
+
+    NOVA_BRANCH=rc-proposed
+
+To pull Glance from an experimental fork:
+
+::
+
+    GLANCE_BRANCH=try-something-big
+    GLANCE_REPO=https://github.com/mcuser/glance.git
+
+Notes stuff you might need to know
+----------------------------------
+
+Reset the Bridge
+~~~~~~~~~~~~~~~~
+
+How to reset the bridge configuration:
+
+::
+
+    sudo brctl delif br100 eth0.926
+    sudo ip link set dev br100 down
+    sudo brctl delbr br100
+
+Set MySQL Password
+~~~~~~~~~~~~~~~~~~
+
+If you forgot to set the root password you can do this:
+
+::
+
+    mysqladmin -u root -pnova password 'supersecret'
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/guides/pxe-boot.html b/doc/source/guides/pxe-boot.html
deleted file mode 100644
index d52b25f276..0000000000
--- a/doc/source/guides/pxe-boot.html
+++ /dev/null
@@ -1,147 +0,0 @@
-
-
-  
-    
-    PXE Boot Server Guide - DevStack
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
    
-        
    PXE Boot Server Guide: Magic Dust for Network Boot
    
-        
    Boot DevStack from a PXE server to a RAM disk.
    
-      
    
-
-      
    
-        
    
-          
    Prerequisites Hardware & OpenWRT
    
-        
    
-        
-        
    Hardware
    
-        
    The whole point of this exercise is to have a highly portable boot server, so using a small router with a USB port is the desired platform.  This guide uses a Buffalo WZR-HP-G300NH as an example, but it is easily generalized for other supported platforms. See openwrt.org for more.
    
-        
-        
    OpenWRT
    
-        
    Any recent 'Backfire' build of OpenWRT will work for the boot server project.  We build from trunk and have made the images available at http://openwrt.xr7.org/openwrt.
    
-      
    
-
-      
    
-        
    
-          
    Installation bit blasting
    
-        
    
-
-        
    Install the Image
    
-        
    This process follows the OpenWRT doc OEM Install to tftp the new image onto the router.  You need a computer to set up the router, we assume it is a recent Linux or OS/X installation.
    
-        
      
-          
    • Get openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
-            
      wget http://openwrt.xr7.org/openwrt/ar71xx/openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
      
-          
      • 
-          
    • Connect computer to LAN port 4 (closest to WAN port)
      • 
-          
    • Set computer interface to IP address in the 192.168.11.2
      • 
-          
    • Add static arp entry for router
-            
      arp -s 192.168.11.1 <mac-address>
      
-          
      • 
-          
    • Start TFTP transfer attempt
-            
      tftp 192.168.11.1
-binary
-rexmt 1
-timeout 60
-put openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
      
-          
      • 
-          
    • Power on router. Router will reboot and initialize on 192.168.1.1.
      • 
-          
    • Delete static arp entry for router
-            
      arp -d 192.168.11.1
      
-          
      • 
-          
    • Set computer to DHCP, connect and telnet to router and set root password.
      • 
-        
    
-
-        
    Configure the Router
    
-        
      
-          
    • Update /etc/opkg.conf to point to our repo:
-            
      src/gz packages http://192.168.5.13/openwrt/build/ar71xx/packages
      
-          
      • 
-          
    • Configure anon mounts:
-            
      uci delete fstab.@mount[0]
-uci commit fstab
-/etc/init.d/fstab restart
      
-          
      • 
-          
    • Reset the DHCP address range.  DevStack will claim the upper 
-            /25 of the router's LAN address space for floating IPs so the
-            default DHCP address range needs to be moved:
-            
      uci set dhcp.lan.start=65
-uci set dhcp.lan.limit=60
-uci commit dhcp
      
-          
      • 
-          
    • Enable TFTP:
-            
      uci set dhcp.@dnsmasq[0].enable_tftp=1
-uci set dhcp.@dnsmasq[0].tftp_root=/mnt/sda1/tftpboot
-uci set dhcp.@dnsmasq[0].dhcp_boot=pxelinux.0
-uci commit dhcp
-/etc/init.d/dnsmasq restart
      
-          
      • 
-        
    
-
-        
    Set Up tftpboot
    
-        
      
-          
    • Create the /tmp/tftpboot structure and populate it:
-            
      cd ~/devstack
-tools/build_pxe_boot.sh /tmp
      
-            This calls tools/build_ramdisk.sh to create a 2GB ramdisk 
-            containing a complete development Oneiric OS plus the 
-            OpenStack code checkouts.
-          
      • 
-          
    • Copy tftpboot to a USB drive:
-            
      mount /dev/sdb1 /mnt/tmp
-rsync -a /tmp/tftpboot/ /mnt/tmp/tftpboot/
-umount /mnt/tmp
      
-          
      • 
-          
    • Plug USB drive into router.  It will be automounted and is ready to serve content.
      • 
-        
    
-
-        
    Now return to the RAM disk Guide to kick
-           off your DevStack experience.
    
-
-      
    
-
-      
    
-        
    © Openstack Foundation 2011-2013 — this is not an official OpenStack project...
    
-      
    
-
-    
     
-
-  
-
diff --git a/doc/source/guides/pxe-boot.rst b/doc/source/guides/pxe-boot.rst
new file mode 100644
index 0000000000..584e5581fd
--- /dev/null
+++ b/doc/source/guides/pxe-boot.rst
@@ -0,0 +1,143 @@
+`DevStack `__
+
+-  `Overview <../overview.html>`__
+-  `Changes <../changes.html>`__
+-  `FAQ <../faq.html>`__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+PXE Boot Server Guide: Magic Dust for Network Boot
+==================================================
+
+Boot DevStack from a PXE server to a RAM disk.
+
+Prerequisites Hardware & OpenWRT
+--------------------------------
+
+Hardware
+~~~~~~~~
+
+The whole point of this exercise is to have a highly portable boot
+server, so using a small router with a USB port is the desired platform.
+This guide uses a Buffalo WZR-HP-G300NH as an example, but it is easily
+generalized for other supported platforms. See openwrt.org for more.
+
+OpenWRT
+~~~~~~~
+
+Any recent 'Backfire' build of OpenWRT will work for the boot server
+project. We build from trunk and have made the images available at
+`http://openwrt.xr7.org/openwrt `__.
+
+Installation bit blasting
+-------------------------
+
+Install the Image
+~~~~~~~~~~~~~~~~~
+
+This process follows `the OpenWRT doc OEM
+Install `__ to tftp
+the new image onto the router. You need a computer to set up the router,
+we assume it is a recent Linux or OS/X installation.
+
+-  Get openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
+
+   ::
+
+       wget http://openwrt.xr7.org/openwrt/ar71xx/openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
+
+-  Connect computer to LAN port 4 (closest to WAN port)
+-  Set computer interface to IP address in the 192.168.11.2
+-  Add static arp entry for router
+
+   ::
+
+       arp -s 192.168.11.1 
+
+-  Start TFTP transfer attempt
+
+   ::
+
+       tftp 192.168.11.1
+       binary
+       rexmt 1
+       timeout 60
+       put openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
+
+-  Power on router. Router will reboot and initialize on 192.168.1.1.
+-  Delete static arp entry for router
+
+   ::
+
+       arp -d 192.168.11.1
+
+-  Set computer to DHCP, connect and telnet to router and set root
+   password.
+
+Configure the Router
+~~~~~~~~~~~~~~~~~~~~
+
+-  Update ``/etc/opkg.conf`` to point to our repo:
+
+   ::
+
+       src/gz packages http://192.168.5.13/openwrt/build/ar71xx/packages
+
+-  Configure anon mounts:
+
+   ::
+
+       uci delete fstab.@mount[0]
+       uci commit fstab
+       /etc/init.d/fstab restart
+
+-  Reset the DHCP address range. DevStack will claim the upper /25 of
+   the router's LAN address space for floating IPs so the default DHCP
+   address range needs to be moved:
+
+   ::
+
+       uci set dhcp.lan.start=65
+       uci set dhcp.lan.limit=60
+       uci commit dhcp
+
+-  Enable TFTP:
+
+   ::
+
+       uci set dhcp.@dnsmasq[0].enable_tftp=1
+       uci set dhcp.@dnsmasq[0].tftp_root=/mnt/sda1/tftpboot
+       uci set dhcp.@dnsmasq[0].dhcp_boot=pxelinux.0
+       uci commit dhcp
+       /etc/init.d/dnsmasq restart
+
+Set Up tftpboot
+~~~~~~~~~~~~~~~
+
+-  Create the ``/tmp/tftpboot`` structure and populate it:
+
+   ::
+
+       cd ~/devstack
+       tools/build_pxe_boot.sh /tmp
+
+   This calls ``tools/build_ramdisk.sh`` to create a 2GB ramdisk
+   containing a complete development Oneiric OS plus the OpenStack code
+   checkouts.
+
+-  Copy ``tftpboot`` to a USB drive:
+
+   ::
+
+       mount /dev/sdb1 /mnt/tmp
+       rsync -a /tmp/tftpboot/ /mnt/tmp/tftpboot/
+       umount /mnt/tmp
+
+-  Plug USB drive into router. It will be automounted and is ready to
+   serve content.
+
+Now `return `__ to the RAM disk Guide to kick off your
+DevStack experience.
+
+© Openstack Foundation 2011-2013 — this is not an official OpenStack
+project...
diff --git a/doc/source/guides/ramdisk.html b/doc/source/guides/ramdisk.html
deleted file mode 100644
index 23239e2b60..0000000000
--- a/doc/source/guides/ramdisk.html
+++ /dev/null
@@ -1,119 +0,0 @@
-
-
-  
-    
-    RAMdisk Boot Guide - DevStack
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
    
-        
    Stack-in-a-Box: Try before you mkfs
    
-        
    Run DevStack from a RAM disk to give it a whirl before making the 
-           commitment to install it.  We'll cover booting from a USB drive or 
-           over the network via PXE.  We'll even thow in configuring a home
-           router to handle the PXE boot.  You will need a minimum of 3GB 
-           for both of these configurations as the RAM disk itself is 2GB.
    
-      
    
-
-      
    
-        
    
-          
    Prerequisites Hardware
    
-        
    
-        
-        
    USB Boot
    
-        
    This guide covers the creation of a bootable USB drive.  Your 
-        computer BIOS must support booting from USB.
    
-        
-        
    PXE Boot
    
-        
    This guide covers the installation of OpenWRT on a home router
-        and configuring it as a PXE server, plus the creation of the
-        boot images and PXE support files.
-      
    
-
-      
    
-        
    
-          
    Installation bit blasting
    
-        
    
-
-        
    Install DevStack
    
-        
    Grab the latest version of DevStack via https:
    
-		
    sudo apt-get install git -y
-git clone https://git.openstack.org/openstack-dev/devstack
-cd devstack
    
-
-        
    Prepare the Boot RAMdisk
    
-        
    Pick your boot method and follow the guide to prepare to build
-           the RAM disk and set up the boot process:
    
-        
-
-        
    Fire It Up
    
-        
      
-          
    • Boot the computer into the RAM disk.  The details will vary from
-              machine to machine but most BIOSes have a method to select the
-              boot device, often by pressing F12 during POST.
      • 
-          
    • Select 'DevStack' from the Boot Menu.
      • 
-          
    • Log in with the 'stack' user and 'pass' password.
      • 
-          
    • Create devstack/localrc if you wish to change any 
-              of the configuration variables.  You will probably want to at 
-              least set the admin login password to something memorable rather 
-              than the default 20 random characters:
-            
      ADMIN_PASSWORD=openstack
      
-          
      • 
-          
    • Fire up OpenStack!
-            
      ./run.sh
      
-          
      • 
-          
    • See the processes running in screen:
-            
      screen -x
      
-          
      • 
-          
    • Connect to the dashboard at http://<ip-address>/
      • 
-        
    
-
-      
    
-
-      
    
-        
    © Openstack Foundation 2011-2013 — this is not an official OpenStack project...
    
-      
    
-
-    
     
-
-  
-
diff --git a/doc/source/guides/ramdisk.rst b/doc/source/guides/ramdisk.rst
new file mode 100644
index 0000000000..82147a8c1b
--- /dev/null
+++ b/doc/source/guides/ramdisk.rst
@@ -0,0 +1,89 @@
+`DevStack `__
+
+-  `Overview <../overview.html>`__
+-  `Changes <../changes.html>`__
+-  `FAQ <../faq.html>`__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Stack-in-a-Box: Try before you mkfs
+===================================
+
+Run DevStack from a RAM disk to give it a whirl before making the
+commitment to install it. We'll cover booting from a USB drive or over
+the network via PXE. We'll even thow in configuring a home router to
+handle the PXE boot. You will need a minimum of 3GB for both of these
+configurations as the RAM disk itself is 2GB.
+
+Prerequisites Hardware
+----------------------
+
+USB Boot
+~~~~~~~~
+
+`This guide `__ covers the creation of a bootable USB
+drive. Your computer BIOS must support booting from USB.
+
+PXE Boot
+~~~~~~~~
+
+`This guide `__ covers the installation of OpenWRT on a
+home router and configuring it as a PXE server, plus the creation of the
+boot images and PXE support files.
+
+Installation bit blasting
+-------------------------
+
+Install DevStack
+~~~~~~~~~~~~~~~~
+
+Grab the latest version of DevStack via https:
+
+::
+
+    sudo apt-get install git -y
+    git clone https://git.openstack.org/openstack-dev/devstack
+    cd devstack
+
+Prepare the Boot RAMdisk
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Pick your boot method and follow the guide to prepare to build the RAM
+disk and set up the boot process:
+
+-  `USB boot `__
+-  `PXE boot `__
+
+Fire It Up
+~~~~~~~~~~
+
+-  Boot the computer into the RAM disk. The details will vary from
+   machine to machine but most BIOSes have a method to select the boot
+   device, often by pressing F12 during POST.
+-  Select 'DevStack' from the Boot Menu.
+-  Log in with the 'stack' user and 'pass' password.
+-  Create ``devstack/localrc`` if you wish to change any of the
+   configuration variables. You will probably want to at least set the
+   admin login password to something memorable rather than the default
+   20 random characters:
+
+   ::
+
+       ADMIN_PASSWORD=openstack
+
+-  Fire up OpenStack!
+
+   ::
+
+       ./run.sh
+
+-  See the processes running in screen:
+
+   ::
+
+       screen -x
+
+-  Connect to the dashboard at ``http:///``
+
+© Openstack Foundation 2011-2013 — this is not an official OpenStack
+project...
diff --git a/doc/source/guides/single-machine.html b/doc/source/guides/single-machine.html
deleted file mode 100644
index 06cc981275..0000000000
--- a/doc/source/guides/single-machine.html
+++ /dev/null
@@ -1,131 +0,0 @@
-
-
-  
-    
-    Single Machine Guide - DevStack
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
    
-        
    All-In-One: Dedicated Hardware
    
-        
    Things are about to get real!  Using OpenStack in containers or VMs is nice for kicking the tires, but doesn't compare to the feeling you get with hardware.
    
-      
    
-
-      
    
-        
    
-          
    Prerequisites Linux & Network
    
-        
    
-        
-        
    Minimal Install
    
-        
    You need to have a system with a fresh install of Linux.  You can download the Minimal CD for Ubuntu releases since DevStack will download & install all the additional dependencies.  The netinstall ISO is available for Fedora and CentOS/RHEL.  You may be tempted to use a desktop distro on a laptop, it will probably work but you may need to tell Network Manager to keep its fingers off the interface(s) that OpenStack uses for bridging.
    
-        
-        
    Network Configuration
    
-        
    Determine the network configuration on the interface used to integrate your 
-        OpenStack cloud with your existing network. For example, if the IPs given out on your network 
-        by DHCP are 192.168.1.X - where X is between 100 and 200 you will be able to use IPs 
-        201-254 for floating ips.
    
-        
    To make things easier later change your host to use a static IP instead of DHCP (i.e. 192.168.1.201).
    
-      
    
-
-      
    
-        
    
-          
    Installation shake and bake
    
-        
    
-
-        
    Add your user
    
-        
    We need to add a user to install DevStack.  (if you created a user during install you can skip this step and just give the user sudo privileges below)
    
-        
    adduser stack
    
-        
    Since this user will be making many changes to your system, it will need to have sudo privileges:
    
-        
    apt-get install sudo -y || yum install -y sudo
-echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
    
-        
    From here on you should use the user you created.  Logout and login as that user.
    
-
-        
    Download DevStack
    
-        
    We'll grab the latest version of DevStack via https:
    
-        
    sudo apt-get install git -y || yum install -y git
-git clone https://git.openstack.org/openstack-dev/devstack
-cd devstack
    
-
-        
    Run DevStack
    
-        
    Now to configure stack.sh.  DevStack includes a sample in devstack/samples/local.conf.  Create local.conf as shown below to do the following:
    
-        
      
-          
    • Set FLOATING_RANGE to a range not used on the local network, i.e. 192.168.1.224/27.  This configures IP addresses ending in 225-254 to be used as floating IPs.
      • 
-          
    • Set FIXED_RANGE and FIXED_NETWORK_SIZE to configure the internal address space used by the instances.
      • 
-          
    • Set FLAT_INTERFACE to the Ethernet interface that connects the host to your local network.  This is the interface that should be configured with the static IP address mentioned above.
      • 
-          
    • Set the administrative password.  This password is used for the admin and demo accounts set up as OpenStack users.
      • 
-          
    • Set the MySQL administrative password.  The default here is a random hex string which is inconvenient if you need to look at the database directly for anything.
      • 
-          
    • Set the RabbitMQ password.
      • 
-          
    • Set the service password.  This is used by the OpenStack services (Nova, Glance, etc) to authenticate with Keystone.
      • 
-        
    
-        
    local.conf should look something like this:
    
-        
    [[local|localrc]]
-FLOATING_RANGE=192.168.1.224/27
-FIXED_RANGE=10.11.12.0/24
-FIXED_NETWORK_SIZE=256
-FLAT_INTERFACE=eth0
-ADMIN_PASSWORD=supersecret
-MYSQL_PASSWORD=iheartdatabases
-RABBIT_PASSWORD=flopsymopsy
-SERVICE_PASSWORD=iheartksl
    
-
-        
    Run DevStack:
    
-        
    ./stack.sh
    
-        
    A seemingly endless stream of activity ensues.  When complete you will see a summary of
-        stack.sh's work, including the relevant URLs, accounts and passwords to poke at your
-        shiny new OpenStack.
    
-
-        
    Using OpenStack
    
-        
    At this point you should be able to access the dashboard from other computers on the 
-        local network.  In this example that would be http://192.168.1.201/ for the dashboard (aka Horizon).
-        Launch VMs and if you give them floating IPs and security group access those VMs will be accessible from other machines on your network.
    
-
-        
    Some examples of using the OpenStack command-line clients nova and glance
-        are in the shakedown scripts in devstack/exercises.  exercise.sh
-        will run all of those scripts and report on the results.
    
-
-      
    
-
-      
-
-    
     
-
-  
-
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
new file mode 100644
index 0000000000..0db0466281
--- /dev/null
+++ b/doc/source/guides/single-machine.rst
@@ -0,0 +1,145 @@
+`DevStack `__
+
+-  `Overview <../overview.html>`__
+-  `Changes <../changes.html>`__
+-  `FAQ <../faq.html>`__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+All-In-One: Dedicated Hardware
+==============================
+
+Things are about to get real! Using OpenStack in containers or VMs is
+nice for kicking the tires, but doesn't compare to the feeling you get
+with hardware.
+
+Prerequisites Linux & Network
+-----------------------------
+
+Minimal Install
+~~~~~~~~~~~~~~~
+
+You need to have a system with a fresh install of Linux. You can
+download the `Minimal
+CD `__ for
+Ubuntu releases since DevStack will download & install all the
+additional dependencies. The netinstall ISO is available for
+`Fedora `__
+and
+`CentOS/RHEL `__.
+You may be tempted to use a desktop distro on a laptop, it will probably
+work but you may need to tell Network Manager to keep its fingers off
+the interface(s) that OpenStack uses for bridging.
+
+Network Configuration
+~~~~~~~~~~~~~~~~~~~~~
+
+Determine the network configuration on the interface used to integrate
+your OpenStack cloud with your existing network. For example, if the IPs
+given out on your network by DHCP are 192.168.1.X - where X is between
+100 and 200 you will be able to use IPs 201-254 for **floating ips**.
+
+To make things easier later change your host to use a static IP instead
+of DHCP (i.e. 192.168.1.201).
+
+Installation shake and bake
+---------------------------
+
+Add your user
+~~~~~~~~~~~~~
+
+We need to add a user to install DevStack. (if you created a user during
+install you can skip this step and just give the user sudo privileges
+below)
+
+::
+
+    adduser stack
+
+Since this user will be making many changes to your system, it will need
+to have sudo privileges:
+
+::
+
+    apt-get install sudo -y || yum install -y sudo
+    echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+From here on you should use the user you created. **Logout** and
+**login** as that user.
+
+Download DevStack
+~~~~~~~~~~~~~~~~~
+
+We'll grab the latest version of DevStack via https:
+
+::
+
+    sudo apt-get install git -y || yum install -y git
+    git clone https://git.openstack.org/openstack-dev/devstack
+    cd devstack
+
+Run DevStack
+~~~~~~~~~~~~
+
+Now to configure ``stack.sh``. DevStack includes a sample in
+``devstack/samples/local.conf``. Create ``local.conf`` as shown below to
+do the following:
+
+-  Set ``FLOATING_RANGE`` to a range not used on the local network, i.e.
+   192.168.1.224/27. This configures IP addresses ending in 225-254 to
+   be used as floating IPs.
+-  Set ``FIXED_RANGE`` and ``FIXED_NETWORK_SIZE`` to configure the
+   internal address space used by the instances.
+-  Set ``FLAT_INTERFACE`` to the Ethernet interface that connects the
+   host to your local network. This is the interface that should be
+   configured with the static IP address mentioned above.
+-  Set the administrative password. This password is used for the
+   **admin** and **demo** accounts set up as OpenStack users.
+-  Set the MySQL administrative password. The default here is a random
+   hex string which is inconvenient if you need to look at the database
+   directly for anything.
+-  Set the RabbitMQ password.
+-  Set the service password. This is used by the OpenStack services
+   (Nova, Glance, etc) to authenticate with Keystone.
+
+``local.conf`` should look something like this:
+
+::
+
+    [[local|localrc]]
+    FLOATING_RANGE=192.168.1.224/27
+    FIXED_RANGE=10.11.12.0/24
+    FIXED_NETWORK_SIZE=256
+    FLAT_INTERFACE=eth0
+    ADMIN_PASSWORD=supersecret
+    MYSQL_PASSWORD=iheartdatabases
+    RABBIT_PASSWORD=flopsymopsy
+    SERVICE_PASSWORD=iheartksl
+
+Run DevStack:
+
+::
+
+    ./stack.sh
+
+A seemingly endless stream of activity ensues. When complete you will
+see a summary of ``stack.sh``'s work, including the relevant URLs,
+accounts and passwords to poke at your shiny new OpenStack.
+
+Using OpenStack
+~~~~~~~~~~~~~~~
+
+At this point you should be able to access the dashboard from other
+computers on the local network. In this example that would be
+http://192.168.1.201/ for the dashboard (aka Horizon). Launch VMs and if
+you give them floating IPs and security group access those VMs will be
+accessible from other machines on your network.
+
+Some examples of using the OpenStack command-line clients ``nova`` and
+``glance`` are in the shakedown scripts in ``devstack/exercises``.
+``exercise.sh`` will run all of those scripts and report on the results.
+
+© Openstack Foundation 2011-2013 — An `OpenStack
+program `__ created by
+`Rackspace Cloud
+Builders `__
diff --git a/doc/source/guides/single-vm.html b/doc/source/guides/single-vm.html
deleted file mode 100644
index d189319623..0000000000
--- a/doc/source/guides/single-vm.html
+++ /dev/null
@@ -1,137 +0,0 @@
-
-
-  
-    
-    Single Machine Guide - DevStack
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
    
-        
    Running a Cloud in a VM
    
-        
    Use the cloud to build the cloud! Use your cloud to launch new versions of OpenStack 
-        in about 5 minutes.  When you break it, start over!  The VMs launched in the cloud will 
-        be slow as they are running in QEMU (emulation), but their primary use is testing
-        OpenStack development and operation.  Speed not required.
    
-      
    
-
-      
    
-        
    
-          
    Prerequisites Cloud & Image
    
-        
    
-
-        
    Virtual Machine
    
-        
    DevStack should run in any virtual machine running a supported Linux release.  It will perform best with 2Gb or more of RAM.
    
-
-        
    OpenStack Deployment & cloud-init
    
-        
    If the cloud service has an image with cloud-init pre-installed, use it.  You can
-        get one from Ubuntu's Daily Build
-        site if necessary.  This will enable you to launch VMs with userdata that installs 
-        everything at boot time.  The userdata script below will install and run
-        DevStack with a minimal configuration.  The use of cloud-init
-        is outside the scope of this document, refer to the
-        cloud-init docs for more information.
    
-
-        
    If you are directly using a hypervisor like Xen, kvm or VirtualBox you can manually kick off
-        the script below as a non-root user in a bare-bones server installation.
    
-      
    
-
-      
    
-        
    
-          
    Installation shake and bake
    
-        
    
-
-        
    Launching With Cloud-Init
    
-        
    This cloud config grabs the latest version of DevStack via git, creates a minimal 
-        local.conf file and kicks off stack.sh.  It should
-        be passed as the user-data file when booting the VM.
    
-        
    #cloud-config
-
-users:
-  - default
-  - name: stack
-    lock_passwd: False
-    sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
-    shell: /bin/bash
-
-write_files:
-  - content: |
-        #!/bin/sh
-        DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy
-        DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git
-        sudo chown stack:stack /home/stack
-        cd /home/stack
-        git clone https://git.openstack.org/openstack-dev/devstack
-        cd devstack
-        echo '[[local|localrc]]' > local.conf
-        echo ADMIN_PASSWORD=password >> local.conf
-        echo MYSQL_PASSWORD=password >> local.conf
-        echo RABBIT_PASSWORD=password >> local.conf
-        echo SERVICE_PASSWORD=password >> local.conf
-        echo SERVICE_TOKEN=tokentoken >> local.conf
-        ./stack.sh
-    path: /home/stack/start.sh
-    permissions: 0755
-
-runcmd:
-  - su -l stack ./start.sh
    
-        
    As DevStack will refuse to run as root, this configures cloud-init
-        to create a non-root user and run the start.sh script as that user.
    
-
-        
    Launching By Hand
    
-        
    Using a hypervisor directly, launch the VM and either manually perform the steps in the 
-        embedded shell script above or copy it into the VM.
    
-
-        
    Using OpenStack
    
-        
    At this point you should be able to access the dashboard.  Launch VMs and if you give them floating IPs access those VMs from other machines on your network.
    
-
-        
    One interesting use case is for developers working on a VM on their laptop.  Once
-        stack.sh has completed once, all of the pre-requisite packages are installed
-        in the VM and the source trees checked out.  Setting OFFLINE=True in
-        local.conf enables stack.sh to run multiple times without an Internet
-        connection.  DevStack, making hacking at the lake possible since 2012!
    
-      
    
-
-      
-
-    
     
-
-  
-
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
new file mode 100644
index 0000000000..0e2d1573aa
--- /dev/null
+++ b/doc/source/guides/single-vm.rst
@@ -0,0 +1,110 @@
+`DevStack `__
+
+-  `Overview <../overview.html>`__
+-  `Changes <../changes.html>`__
+-  `FAQ <../faq.html>`__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Running a Cloud in a VM
+=======================
+
+Use the cloud to build the cloud! Use your cloud to launch new versions
+of OpenStack in about 5 minutes. When you break it, start over! The VMs
+launched in the cloud will be slow as they are running in QEMU
+(emulation), but their primary use is testing OpenStack development and
+operation. Speed not required.
+
+Prerequisites Cloud & Image
+---------------------------
+
+Virtual Machine
+~~~~~~~~~~~~~~~
+
+DevStack should run in any virtual machine running a supported Linux
+release. It will perform best with 2Gb or more of RAM.
+
+OpenStack Deployment & cloud-init
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If the cloud service has an image with ``cloud-init`` pre-installed, use
+it. You can get one from `Ubuntu's Daily
+Build `__ site if necessary. This will
+enable you to launch VMs with userdata that installs everything at boot
+time. The userdata script below will install and run DevStack with a
+minimal configuration. The use of ``cloud-init`` is outside the scope of
+this document, refer to the ``cloud-init`` docs for more information.
+
+If you are directly using a hypervisor like Xen, kvm or VirtualBox you
+can manually kick off the script below as a non-root user in a
+bare-bones server installation.
+
+Installation shake and bake
+---------------------------
+
+Launching With Cloud-Init
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This cloud config grabs the latest version of DevStack via git, creates
+a minimal ``local.conf`` file and kicks off ``stack.sh``. It should be
+passed as the user-data file when booting the VM.
+
+::
+
+    #cloud-config
+
+    users:
+      - default
+      - name: stack
+        lock_passwd: False
+        sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
+        shell: /bin/bash
+
+    write_files:
+      - content: |
+            #!/bin/sh
+            DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy
+            DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git
+            sudo chown stack:stack /home/stack
+            cd /home/stack
+            git clone https://git.openstack.org/openstack-dev/devstack
+            cd devstack
+            echo '[[local|localrc]]' > local.conf
+            echo ADMIN_PASSWORD=password >> local.conf
+            echo MYSQL_PASSWORD=password >> local.conf
+            echo RABBIT_PASSWORD=password >> local.conf
+            echo SERVICE_PASSWORD=password >> local.conf
+            echo SERVICE_TOKEN=tokentoken >> local.conf
+            ./stack.sh
+        path: /home/stack/start.sh
+        permissions: 0755
+
+    runcmd:
+      - su -l stack ./start.sh
+
+As DevStack will refuse to run as root, this configures ``cloud-init``
+to create a non-root user and run the ``start.sh`` script as that user.
+
+Launching By Hand
+~~~~~~~~~~~~~~~~~
+
+Using a hypervisor directly, launch the VM and either manually perform
+the steps in the embedded shell script above or copy it into the VM.
+
+Using OpenStack
+~~~~~~~~~~~~~~~
+
+At this point you should be able to access the dashboard. Launch VMs and
+if you give them floating IPs access those VMs from other machines on
+your network.
+
+One interesting use case is for developers working on a VM on their
+laptop. Once ``stack.sh`` has completed once, all of the pre-requisite
+packages are installed in the VM and the source trees checked out.
+Setting ``OFFLINE=True`` in ``local.conf`` enables ``stack.sh`` to run
+multiple times without an Internet connection. DevStack, making hacking
+at the lake possible since 2012!
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/guides/usb-boot.html b/doc/source/guides/usb-boot.html
deleted file mode 100644
index 2a05f89d89..0000000000
--- a/doc/source/guides/usb-boot.html
+++ /dev/null
@@ -1,99 +0,0 @@
-
-
-  
-    
-    USB Boot Server Guide - DevStack
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
    
-        
    USB Boot: Undoable Stack Boot
    
-        
    Boot DevStack from a USB disk into a RAM disk.
    
-      
    
-
-      
    
-        
    
-          
    Prerequisites
    
-        
    
-        
-        
    Hardware
    
-        
    This guide covers the creation of a bootable USB drive.  Your 
-           computer BIOS must support booting from USB and You will want at least 3GB of 
-           RAM.  You also will need a USB drive of at least 2GB.
    
-
-        
    Software
    
-        
    Ubuntu 11.10 (Oneiric Ocelot) is required on host to create images.
    
-      
    
-
-      
    
-        
    
-          
    Installation bit blasting
    
-        
    
-
-        
    Set Up USB Drive
    
-        
      
-          
    • Insert the USB drive into the computer.  Make a note of the device name, such as 
-          sdb. Do not mount the device.
      • 
-          
    • Install the boot system:
-            
      tools/build_usb_boot.sh /dev/sdb1
      
-            
      This calls tools/build_ramdisk.sh to create a 2GB ramdisk 
-               containing a complete development Oneiric OS plus the 
-               OpenStack code checkouts.  It then writes a syslinux boot sector
-               to the specified device and creates /syslinux.
      
-          
      • 
-          
    • If desired, you may now mount the device:
-            
      mount /dev/sdb1 /mnt/tmp
-# foo
-umount /mnt/tmp
      
-          
      • 
-        
    
-
-        
    Now return to the RAM disk Guide to kick
-           off your DevStack experience.
    
-
-      
    
-
-      
    
-        
    © Openstack Foundation 2011-2013 — this is not an official OpenStack project...
    
-      
    
-
-    
     
-
-  
-
diff --git a/doc/source/guides/usb-boot.rst b/doc/source/guides/usb-boot.rst
new file mode 100644
index 0000000000..888e14feb3
--- /dev/null
+++ b/doc/source/guides/usb-boot.rst
@@ -0,0 +1,60 @@
+`DevStack `__
+
+-  `Overview <../overview.html>`__
+-  `Changes <../changes.html>`__
+-  `FAQ <../faq.html>`__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+USB Boot: Undoable Stack Boot
+=============================
+
+Boot DevStack from a USB disk into a RAM disk.
+
+Prerequisites
+-------------
+
+Hardware
+~~~~~~~~
+
+This guide covers the creation of a bootable USB drive. Your computer
+BIOS must support booting from USB and You will want at least 3GB of
+RAM. You also will need a USB drive of at least 2GB.
+
+Software
+~~~~~~~~
+
+Ubuntu 11.10 (Oneiric Ocelot) is required on host to create images.
+
+Installation bit blasting
+-------------------------
+
+Set Up USB Drive
+~~~~~~~~~~~~~~~~
+
+-  Insert the USB drive into the computer. Make a note of the device
+   name, such as ``sdb``. Do not mount the device.
+-  Install the boot system:
+
+   ::
+
+       tools/build_usb_boot.sh /dev/sdb1
+
+   This calls tools/build\_ramdisk.sh to create a 2GB ramdisk containing
+   a complete development Oneiric OS plus the OpenStack code checkouts.
+   It then writes a syslinux boot sector to the specified device and
+   creates ``/syslinux``.
+
+-  If desired, you may now mount the device:
+
+   ::
+
+       mount /dev/sdb1 /mnt/tmp
+       # foo
+       umount /mnt/tmp
+
+Now `return `__ to the RAM disk Guide to kick off your
+DevStack experience.
+
+© Openstack Foundation 2011-2013 — this is not an official OpenStack
+project...
diff --git a/doc/source/index.html b/doc/source/index.html
deleted file mode 100644
index 5f1efd77fb..0000000000
--- a/doc/source/index.html
+++ /dev/null
@@ -1,562 +0,0 @@
-
-
-  
-    
-    DevStack - Deploying OpenStack for Developers
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    DevStack - an OpenStack Community Production
    
-          
    
-            
    
-            
    A documented shell script to build complete OpenStack development environments. 

    
-              An OpenStack program maintained by the developer community.
    
-          
    
-        
    
-        
    
-          
      
-            
    1. Setup a fresh supported Linux installation.
      2. 
-            
    2. 
-              Clone devstack from git.openstack.org.
-              
      git clone https://git.openstack.org/openstack-dev/devstack
      
-            
      3. 
-            
    3. 
-              Deploy your OpenStack Cloud
-              
      cd devstack && ./stack.sh
      
-            
      4. 
-          
    
-        
    
-        
     
    
-      
    
-
-
-      
    
-        
    
-          
    Quick Start This ain't your first rodeo
    
-        
    
-        
      
-            
    1. 
-              
      Select a Linux Distribution
      
-              
      Only Ubuntu 14.04 (Trusty), Fedora 20 and CentOS/RHEL 6.5 are documented here.  OpenStack also runs and is packaged on other flavors of Linux such as OpenSUSE and Debian.
      
-            
      2. 
-            
    2. 
-              
      Install Selected OS
      
-              
      In order to correctly install all the dependencies, we assume a specific minimal version of the supported distributions to make it as easy as possible.  We recommend using a minimal install of Ubuntu or Fedora server in a VM if this is your first time.
      
-            
      3. 
-            
    3. 
-              
      Download DevStack
      
-              
      git clone https://git.openstack.org/openstack-dev/devstack
      
-              
      The devstack repo contains a script that installs OpenStack and templates for configuration files
      
-            
      4. 
-            
    4. 
-              
      Configure
      
-              
      We recommend at least a minimal configuration be set up.
      
-            
      5. 
-            
    5. 
-              
      Start the install
      
-              
      cd devstack; ./stack.sh
      
-              
      It takes a few minutes, we recommend reading the script while it is building.
      
-            
      6. 
-        
    
-      
    
-
-      
    
-        
    
-          
    Guides Walk through various setups used by stackers
    
-        
    
-
-        
    
-          
    OpenStack on VMs
    
-          
-            
-              
-                
-                
-                
-              
-            
-            
-              
-                
-                
-                
-              
-
-
-            
-            
-              
-            
-          
    TitleDescriptionLink
    Virtual MachineRun OpenStack in a VM.  The VMs launched in your cloud will be slow as they are running in QEMU (emulation), but it is useful if you don't have spare hardware laying around.Read »
    1 Guide
    
-        
    
-        
    
-          
    What is this?
    
-          
    These guides tell you how to virtualize your OpenStack cloud in virtual machines. This means that you can get started without having to purchase any hardware.
    
-        
    
-
-        
    
-          
    OpenStack on Hardware
    
-          
-            
-              
-                
-                
-                
-              
-            
-            
-              
-                
-                
-                
-              
-
-              
-                
-                
-                
-              
-
-
-            
-            
-              
-            
-          
    TitleDescriptionLink
    All-In-OneRun OpenStack on dedicated hardware to get real performance in your VMs.  This can include a server-class machine or a laptop at home.Read »
    Multi-Node + VLANsSetup a multi-node cluster with dedicated VLANs for VMs & Management.Read »
    2 Guides
    
-        
    
-        
    
-          
    What is this?
    
-          
    These guides tell you how to deploy a development environment on real hardware. Guides range from running OpenStack on a single laptop to running a multi-node deployment on datacenter hardware.
    
-        
    
-
-      
    
-
-      
    
-        
    
-          
    Documentation Help yourself to stack
    
-        
    
-
-        
    
-          
    Overview
    
-          
    An overview of DevStack goals and priorities
    
-          
    Configuration
    
-          
    Configuring and customizing the stack
    
-          
    Plugins
    
-          
    Extending DevStack with new features
    
-        
    
-
-        
    
-          
    Recent Changes
    
-          
    An incomplete summary of recent changes
    
-          
    FAQ
    
-          
    The DevStack FAQ
    
-          
    Contributing
    
-          
    Pitching in to make DevStack a better place
    
-        
    
-
-      
    
-
-      
    
-        
    
-          
    Code A look at the bits that make it all go
    
-        
    
-
-        
    
-          
    Scripts Generated documentation of DevStack scripts.
    
-          
-            
-              
-                
-                
-              
-            
-            
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-            
-          
    FilenameLink
    stack.shRead »
    functionsRead »
    functions-commonRead »
    lib/apacheRead »
    lib/baremetalRead »
    lib/ceilometerRead »
    lib/cinderRead »
    lib/configRead »
    lib/databaseRead »
    lib/glanceRead »
    lib/heatRead »
    lib/horizonRead »
    lib/infraRead »
    lib/ironicRead »
    lib/keystoneRead »
    lib/ldapRead »
    lib/zaqarRead »
    lib/neutronRead »
    lib/novaRead »
    lib/osloRead »
    lib/rpc_backendRead »
    lib/saharaRead »
    lib/savannaRead »
    lib/stackforgeRead »
    lib/swiftRead »
    lib/tempestRead »
    lib/tlsRead »
    lib/troveRead »
    unstack.shRead »
    clean.shRead »
    run_tests.shRead »
    extras.d/50-ironic.shRead »
    extras.d/70-zaqar.shRead »
    extras.d/70-sahara.shRead »
    extras.d/70-savanna.shRead »
    extras.d/70-trove.shRead »
    extras.d/80-opendaylight.shRead »
    extras.d/80-tempest.shRead »
    
-        
    
-
-        
    
-          
    Configuration Setting the table
    
-          
-            
-              
-                
-                
-              
-            
-            
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-            
-          
    FilenameLink
    local.confRead »
    stackrcRead »
    openrcRead »
    exercisercRead »
    eucarcRead »
    
-
-          
    Tools Support scripts
    
-          
-            
-              
-                
-                
-              
-            
-            
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-            
-          
    FilenameLink
    tools/info.shRead »
    tools/build_docs.shRead »
    tools/create_userrc.shRead »
    tools/fixup_stuff.shRead »
    tools/install_prereqs.shRead »
    tools/install_pip.shRead »
    tools/upload_image.shRead »
    
-
-          
    Samples Generated documentation of DevStack sample files.
    
-          
-            
-              
-                
-                
-              
-            
-            
-              
-                
-                
-              
-              
-                
-                
-              
-            
-          
    FilenameLink
    local.shRead »
    localrcRead »
    
-
-        
    
-          
    Exercises Generated documentation of DevStack scripts.
    
-          
-            
-              
-                
-                
-              
-            
-            
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-                
-                
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-                
-                
-              
-              
-                
-                
-              
-              
-                
-                
-              
-            
-          
    FilenameLink
    exercise.shRead »
    exercises/aggregates.shRead »
    exercises/boot_from_volume.shRead »
    exercises/bundle.shRead »
    exercises/client-args.shRead »
    exercises/client-env.shRead »
    exercises/euca.shRead »
    exercises/floating_ips.shRead »
    exercises/horizon.shRead »
    exercises/neutron-adv-test.shRead »
    exercises/sahara.shRead »
    exercises/savanna.shRead »
    exercises/sec_groups.shRead »
    exercises/swift.shRead »
    exercises/trove.shRead »
    exercises/volumes.shRead »
    exercises/zaqar.shRead »
    
-
-        
    
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/index.rst b/doc/source/index.rst
new file mode 100644
index 0000000000..6e5105dcff
--- /dev/null
+++ b/doc/source/index.rst
@@ -0,0 +1,383 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+.. toctree::
+   :glob:
+   :maxdepth: 2
+
+   *
+   guides/*
+   
+
+
+DevStack - an OpenStack Community Production
+============================================
+
+| A documented shell script to build complete OpenStack development environments.
+|  An OpenStack program maintained by the developer community.
+
+#. Setup a fresh supported Linux installation.
+#. Clone devstack from git.openstack.org.
+
+   ::
+
+       git clone https://git.openstack.org/openstack-dev/devstack
+
+#. Deploy your OpenStack Cloud
+
+   ::
+
+       cd devstack && ./stack.sh
+
+ 
+
+Quick Start This ain't your first rodeo
+---------------------------------------
+
+#. Select a Linux Distribution
+
+   Only Ubuntu 14.04 (Trusty), Fedora 20 and CentOS/RHEL 6.5 are
+   documented here. OpenStack also runs and is packaged on other flavors
+   of Linux such as OpenSUSE and Debian.
+
+#. Install Selected OS
+
+   In order to correctly install all the dependencies, we assume a
+   specific minimal version of the supported distributions to make it as
+   easy as possible. We recommend using a minimal install of Ubuntu or
+   Fedora server in a VM if this is your first time.
+
+#. Download DevStack
+
+   ::
+
+       git clone https://git.openstack.org/openstack-dev/devstack
+
+   The ``devstack`` repo contains a script that installs OpenStack and
+   templates for configuration files
+
+#. Configure
+
+   We recommend at least a `minimal
+   configuration `__ be set up.
+
+#. Start the install
+
+   ::
+
+       cd devstack; ./stack.sh
+
+   It takes a few minutes, we recommend `reading the
+   script `__ while it is building.
+
+Guides Walk through various setups used by stackers
+---------------------------------------------------
+
+OpenStack on VMs
+----------------
+
+Title
+
+Description
+
+Link
+
+Virtual Machine
+
+Run OpenStack in a VM. The VMs launched in your cloud will be slow as
+they are running in QEMU (emulation), but it is useful if you don't have
+spare hardware laying around.
+
+`Read » `__
+
+1 Guide
+
+What is this?
+^^^^^^^^^^^^^
+
+These guides tell you how to virtualize your OpenStack cloud in virtual
+machines. This means that you can get started without having to purchase
+any hardware.
+
+OpenStack on Hardware
+---------------------
+
+Title
+
+Description
+
+Link
+
+All-In-One
+
+Run OpenStack on dedicated hardware to get real performance in your VMs.
+This can include a server-class machine or a laptop at home.
+
+`Read » `__
+
+Multi-Node + VLANs
+
+Setup a multi-node cluster with dedicated VLANs for VMs & Management.
+
+`Read » `__
+
+2 Guides
+
+What is this?
+^^^^^^^^^^^^^
+
+These guides tell you how to deploy a development environment on real
+hardware. Guides range from running OpenStack on a single laptop to
+running a multi-node deployment on datacenter hardware.
+
+Documentation Help yourself to stack
+------------------------------------
+
+Overview
+--------
+
+`An overview of DevStack goals and priorities `__
+
+Configuration
+-------------
+
+`Configuring and customizing the stack `__
+
+Plugins
+-------
+
+`Extending DevStack with new features `__
+
+Recent Changes
+--------------
+
+`An incomplete summary of recent changes `__
+
+FAQ
+---
+
+`The DevStack FAQ `__
+
+Contributing
+------------
+
+`Pitching in to make DevStack a better place `__
+
+Code A look at the bits that make it all go
+-------------------------------------------
+
+Scripts Generated documentation of DevStack scripts.
+----------------------------------------------------
+
++-------------------------------+----------------------------------------------+
+| Filename                      | Link                                         |
++===============================+==============================================+
+| stack.sh                      | `Read » `__                   |
++-------------------------------+----------------------------------------------+
+| functions                     | `Read » `__                  |
++-------------------------------+----------------------------------------------+
+| functions-common              | `Read » `__           |
++-------------------------------+----------------------------------------------+
+| lib/apache                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| lib/baremetal                 | `Read » `__              |
++-------------------------------+----------------------------------------------+
+| lib/ceilometer                | `Read » `__             |
++-------------------------------+----------------------------------------------+
+| lib/cinder                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| lib/config                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| lib/database                  | `Read » `__               |
++-------------------------------+----------------------------------------------+
+| lib/glance                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| lib/heat                      | `Read » `__                   |
++-------------------------------+----------------------------------------------+
+| lib/horizon                   | `Read » `__                |
++-------------------------------+----------------------------------------------+
+| lib/infra                     | `Read » `__                  |
++-------------------------------+----------------------------------------------+
+| lib/ironic                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| lib/keystone                  | `Read » `__               |
++-------------------------------+----------------------------------------------+
+| lib/ldap                      | `Read » `__                   |
++-------------------------------+----------------------------------------------+
+| lib/zaqar                     | `Read » `__                  |
++-------------------------------+----------------------------------------------+
+| lib/neutron                   | `Read » `__                |
++-------------------------------+----------------------------------------------+
+| lib/nova                      | `Read » `__                   |
++-------------------------------+----------------------------------------------+
+| lib/oslo                      | `Read » `__                   |
++-------------------------------+----------------------------------------------+
+| lib/rpc\_backend              | `Read » `__            |
++-------------------------------+----------------------------------------------+
+| lib/sahara                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| lib/savanna                   | `Read » `__                |
++-------------------------------+----------------------------------------------+
+| lib/stackforge                | `Read » `__             |
++-------------------------------+----------------------------------------------+
+| lib/swift                     | `Read » `__                  |
++-------------------------------+----------------------------------------------+
+| lib/tempest                   | `Read » `__                |
++-------------------------------+----------------------------------------------+
+| lib/tls                       | `Read » `__                    |
++-------------------------------+----------------------------------------------+
+| lib/trove                     | `Read » `__                  |
++-------------------------------+----------------------------------------------+
+| unstack.sh                    | `Read » `__                 |
++-------------------------------+----------------------------------------------+
+| clean.sh                      | `Read » `__                   |
++-------------------------------+----------------------------------------------+
+| run\_tests.sh                 | `Read » `__               |
++-------------------------------+----------------------------------------------+
+| extras.d/50-ironic.sh         | `Read » `__         |
++-------------------------------+----------------------------------------------+
+| extras.d/70-zaqar.sh          | `Read » `__          |
++-------------------------------+----------------------------------------------+
+| extras.d/70-sahara.sh         | `Read » `__         |
++-------------------------------+----------------------------------------------+
+| extras.d/70-savanna.sh        | `Read » `__        |
++-------------------------------+----------------------------------------------+
+| extras.d/70-trove.sh          | `Read » `__          |
++-------------------------------+----------------------------------------------+
+| extras.d/80-opendaylight.sh   | `Read » `__   |
++-------------------------------+----------------------------------------------+
+| extras.d/80-tempest.sh        | `Read » `__        |
++-------------------------------+----------------------------------------------+
+
+Configuration Setting the table
+-------------------------------
+
++--------------+--------------------------------+
+| Filename     | Link                           |
++==============+================================+
+| local.conf   | `Read » `__   |
++--------------+--------------------------------+
+| stackrc      | `Read » `__      |
++--------------+--------------------------------+
+| openrc       | `Read » `__       |
++--------------+--------------------------------+
+| exerciserc   | `Read » `__   |
++--------------+--------------------------------+
+| eucarc       | `Read » `__       |
++--------------+--------------------------------+
+
+Tools Support scripts
+---------------------
+
++-----------------------------+----------------------------------------------+
+| Filename                    | Link                                         |
++=============================+==============================================+
+| tools/info.sh               | `Read » `__              |
++-----------------------------+----------------------------------------------+
+| tools/build\_docs.sh        | `Read » `__        |
++-----------------------------+----------------------------------------------+
+| tools/create\_userrc.sh     | `Read » `__     |
++-----------------------------+----------------------------------------------+
+| tools/fixup\_stuff.sh       | `Read » `__       |
++-----------------------------+----------------------------------------------+
+| tools/install\_prereqs.sh   | `Read » `__   |
++-----------------------------+----------------------------------------------+
+| tools/install\_pip.sh       | `Read » `__       |
++-----------------------------+----------------------------------------------+
+| tools/upload\_image.sh      | `Read » `__      |
++-----------------------------+----------------------------------------------+
+
+Samples Generated documentation of DevStack sample files.
+---------------------------------------------------------
+
++------------+--------------------------------------+
+| Filename   | Link                                 |
++============+======================================+
+| local.sh   | `Read » `__   |
++------------+--------------------------------------+
+| localrc    | `Read » `__    |
++------------+--------------------------------------+
+
+Exercises Generated documentation of DevStack scripts.
+------------------------------------------------------
+
+Filename
+
+Link
+
+exercise.sh
+
+`Read » `__
+
+exercises/aggregates.sh
+
+`Read » `__
+
+exercises/boot\_from\_volume.sh
+
+`Read » `__
+
+exercises/bundle.sh
+
+`Read » `__
+
+exercises/client-args.sh
+
+`Read » `__
+
+exercises/client-env.sh
+
+`Read » `__
+
+exercises/euca.sh
+
+`Read » `__
+
+exercises/floating\_ips.sh
+
+`Read » `__
+
+exercises/horizon.sh
+
+`Read » `__
+
+exercises/neutron-adv-test.sh
+
+`Read » `__
+
+exercises/sahara.sh
+
+`Read » `__
+
+exercises/savanna.sh
+
+`Read » `__
+
+exercises/sec\_groups.sh
+
+`Read » `__
+
+exercises/swift.sh
+
+`Read » `__
+
+exercises/trove.sh
+
+`Read » `__
+
+exercises/volumes.sh
+
+`Read » `__
+
+exercises/zaqar.sh
+
+`Read » `__
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/local.conf.html b/doc/source/local.conf.html
deleted file mode 100644
index 2635ac6694..0000000000
--- a/doc/source/local.conf.html
+++ /dev/null
@@ -1,64 +0,0 @@
-
-
-  
-    
-    DevStack - local.conf
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    local.conf User settings
    
-          
    local.conf is a user-maintained setings file that is
-          sourced in stackrc.  It contains a section that replaces
-          the historical localrc file.  See
-          the description of local.conf for
-          more details about the mechanics of the file.
    
-        
    
-      
    
-        
    © Openstack Foundation 2011-2014 — An OpenStack program
    
-      
-
-    
     
-
-  
-
diff --git a/doc/source/local.conf.rst b/doc/source/local.conf.rst
new file mode 100644
index 0000000000..40d0e0f57a
--- /dev/null
+++ b/doc/source/local.conf.rst
@@ -0,0 +1,20 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+local.conf User settings
+------------------------
+
+``local.conf`` is a user-maintained setings file that is sourced in
+``stackrc``. It contains a section that replaces the historical
+``localrc`` file. See `the description of
+local.conf `__ for more details about the mechanics
+of the file.
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/localrc.html b/doc/source/localrc.html
deleted file mode 100644
index 40a20043a2..0000000000
--- a/doc/source/localrc.html
+++ /dev/null
@@ -1,60 +0,0 @@
-
-
-  
-    
-    DevStack - localrc
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    localrc User settings
    
-          
    localrc is the old file used to configure DevStack.  It is deprecated and has been replaced by local.conf.  DevStack will continue to use localrc if it is present and ignore the localrc section in local.conf..   Remove localrc to switch to using the new file.
    
-        
    
-      
    
-        
    © Openstack Foundation 2011-2014 — An OpenStack program
    
-      
-
-    
     
-
-  
-
diff --git a/doc/source/localrc.rst b/doc/source/localrc.rst
new file mode 100644
index 0000000000..910e274209
--- /dev/null
+++ b/doc/source/localrc.rst
@@ -0,0 +1,20 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+localrc User settings
+---------------------
+
+``localrc`` is the old file used to configure DevStack. It is deprecated
+and has been replaced by ```local.conf`` `__. DevStack
+will continue to use ``localrc`` if it is present and ignore the
+``localrc`` section in ``local.conf.``. Remove ``localrc`` to switch to
+using the new file.
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/openrc.html b/doc/source/openrc.html
deleted file mode 100644
index 94b253dfe1..0000000000
--- a/doc/source/openrc.html
+++ /dev/null
@@ -1,115 +0,0 @@
-
-
-  
-    
-    DevStack - openrc
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    openrc User authentication settings
    
-          
    openrc configures login credentials suitable for use
-          with the OpenStack command-line tools.  openrc sources
-          stackrc at the beginning (which in turn sources
-          the localrc setion of local.conf) in
-          order to pick up HOST_IP
-          and/or SERVICE_HOST to use in the endpoints.
-          The values shown below are the default values.
    
-        
    
-        
    
-
-          
    OS_TENANT_NAME
    
-          
    The introduction of Keystone to the OpenStack ecosystem has standardized the
-            term tenant as the entity that owns resources.  In some places references
-            still exist to the original Nova term project for this use.  Also,
-            tenant_name is preferred to tenant_id.
-            
    OS_TENANT_NAME=demo
    
-
-          
    OS_USERNAME
    
-          
    In addition to the owning entity (tenant), Nova stores the entity performing
-            the action as the user.
-            
    OS_USERNAME=demo
    
-
-          
    OS_PASSWORD
    
-          
    With Keystone you pass the keystone password instead of an api key.
-            Recent versions of novaclient use OS_PASSWORD instead of NOVA_API_KEYs
-            or NOVA_PASSWORD.
-            
    OS_PASSWORD=secrete
    
-
-          
    HOST_IP, SERVICE_HOST
    
-          
    Set API endpoint host using HOST_IP.  SERVICE_HOST
-            may also be used to specify the endpoint, which is convenient for
-            some localrc configurations.  Typically, HOST_IP
-            is set in the localrc section.
-            
    HOST_IP=127.0.0.1
-SERVICE_HOST=$HOST_IP
    
-
-          
    OS_AUTH_URL
    
-          
    Authenticating against an OpenStack cloud using Keystone returns a Token
-            and Service Catalog.  The catalog contains the endpoints for all services
-            the user/tenant has access to - including Nova, Glance, Keystone and Swift.
-            
    OS_AUTH_URL=http://$SERVICE_HOST:5000/v2.0
    
-
-          
    GLANCE_HOST
    
-          
    Some exercises call Glance directly.  On a single-node installation, Glance
-            should be listening on HOST_IP.  If its running elsewhere
-            it can be set here.
-            
    GLANCE_HOST=$HOST_IP
    
-
-          
    KEYSTONECLIENT_DEBUG, NOVACLIENT_DEBUG
    
-          
    Set command-line client log level to DEBUG.  These are
-            commented out by default.
-            
    # export KEYSTONECLIENT_DEBUG=1
-# export NOVACLIENT_DEBUG=1
    
-
-        
    
-      
    
-        
    © Openstack Foundation 2011-2013 — An
-        OpenStack program
-        created by Rackspace Cloud Builders
    
-      
-
-    
     
-
-  
-
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
new file mode 100644
index 0000000000..b8759ecb49
--- /dev/null
+++ b/doc/source/openrc.rst
@@ -0,0 +1,88 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+openrc User authentication settings
+-----------------------------------
+
+``openrc`` configures login credentials suitable for use with the
+OpenStack command-line tools. ``openrc`` sources ``stackrc`` at the
+beginning (which in turn sources the ``localrc`` setion of
+``local.conf``) in order to pick up ``HOST_IP`` and/or ``SERVICE_HOST``
+to use in the endpoints. The values shown below are the default values.
+
+OS\_TENANT\_NAME
+    The introduction of Keystone to the OpenStack ecosystem has
+    standardized the term *tenant* as the entity that owns resources. In
+    some places references still exist to the original Nova term
+    *project* for this use. Also, *tenant\_name* is preferred to
+    *tenant\_id*.
+
+    ::
+
+        OS_TENANT_NAME=demo
+
+OS\_USERNAME
+    In addition to the owning entity (tenant), Nova stores the entity
+    performing the action as the *user*.
+
+    ::
+
+        OS_USERNAME=demo
+
+OS\_PASSWORD
+    With Keystone you pass the keystone password instead of an api key.
+    Recent versions of novaclient use OS\_PASSWORD instead of
+    NOVA\_API\_KEYs or NOVA\_PASSWORD.
+
+    ::
+
+        OS_PASSWORD=secrete
+
+HOST\_IP, SERVICE\_HOST
+    Set API endpoint host using ``HOST_IP``. ``SERVICE_HOST`` may also
+    be used to specify the endpoint, which is convenient for some
+    ``localrc`` configurations. Typically, ``HOST_IP`` is set in the
+    ``localrc`` section.
+
+    ::
+
+        HOST_IP=127.0.0.1
+        SERVICE_HOST=$HOST_IP
+
+OS\_AUTH\_URL
+    Authenticating against an OpenStack cloud using Keystone returns a
+    *Token* and *Service Catalog*. The catalog contains the endpoints
+    for all services the user/tenant has access to - including Nova,
+    Glance, Keystone and Swift.
+
+    ::
+
+        OS_AUTH_URL=http://$SERVICE_HOST:5000/v2.0
+
+GLANCE\_HOST
+    Some exercises call Glance directly. On a single-node installation,
+    Glance should be listening on ``HOST_IP``. If its running elsewhere
+    it can be set here.
+
+    ::
+
+        GLANCE_HOST=$HOST_IP
+
+KEYSTONECLIENT\_DEBUG, NOVACLIENT\_DEBUG
+    Set command-line client log level to ``DEBUG``. These are commented
+    out by default.
+
+    ::
+
+        # export KEYSTONECLIENT_DEBUG=1
+        # export NOVACLIENT_DEBUG=1
+
+© Openstack Foundation 2011-2013 — An `OpenStack
+program `__ created by
+`Rackspace Cloud
+Builders `__
diff --git a/doc/source/overview.html b/doc/source/overview.html
deleted file mode 100644
index 9cee052129..0000000000
--- a/doc/source/overview.html
+++ /dev/null
@@ -1,118 +0,0 @@
-
-
-  
-    
-    DevStack - Overview
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
-      
    
-
-        
    
-          
    Overview DevStack from a cloud-height view
    
-          
    DevStack has evolved to support a large number of configuration options and alternative platforms and support services.  That evolution has grown well beyond what was originally intended and the majority of configuration combinations are rarely, if ever, tested.  DevStack is not a general OpenStack installer and was never meant to be everything to everyone..
    
-          
    Below is a list of what is specifically is supported (read that as "tested") going forward.
    
-
-          
    Supported Components
    
-
-          
    Base OS
    
-          
    The OpenStack Technical Committee (TC) has defined the current CI strategy to include the latest Ubuntu release and the latest RHEL release (for Python 2.6 testing).
    
-          
      
-            
    • Ubuntu: current LTS release plus current development release
      • 
-            
    • Fedora: current release plus previous release
      • 
-            
    • RHEL: current major release
      • 
-            
    • Other OS platforms may continue to be included but the maintenance of those platforms shall not be assumed simply due to their presence.  Having a listed point-of-contact for each additional OS will greatly increase its chance of being well-maintained.
      • 
-            
    • Patches for Ubuntu and/or Fedora will not be held up due to side-effects on other OS platforms.
      • 
-          
    
-
-          
    Databases
    
-          
    As packaged by the host OS
    
-          
      
-            
    • MySQL
      • 
-            
    • PostgreSQL
      • 
-          
    
-
-          
    Queues
    
-          
    As packaged by the host OS
    
-          
      
-            
    • Rabbit
      • 
-            
    • Qpid
      • 
-
-          
    
-
-          
    Web Server
    
-          
    As packaged by the host OS
    
-          
      
-            
    • Apache
      • 
-          
    
-
-          
    OpenStack Network
    
-          
    Default to Nova Network, optionally use Neutron
    
-          
      
-            
    • Nova Network: FlatDHCP
      • 
-            
    • Neutron: A basic configuration approximating the original FlatDHCP mode using linuxbridge or OpenVSwitch.
      • 
-          
    
-
-          
    Services
    
-          
    The default services configured by DevStack are Identity (Keystone), Object Storage (Swift), Image Storage (Glance), Block Storage (Cinder), Compute (Nova), Network (Nova), Dashboard (Horizon), Orchestration (Heat)
    
-          
    Additional services not included directly in DevStack can be tied in to stack.sh using the plugin mechanism to call scripts that perform the configuration and startup of the service.
    
-
-          
    Node Configurations
    
-          
      
-            
    • single node
      • 
-            
    • multi-node is not tested regularly by the core team, and even then only minimal configurations are reviewed
      • 
-          
    
-
-          
    Exercises
    
-          
    The DevStack exercise scripts are no longer used as integration and gate testing as that job has transitioned to Tempest.  They are still maintained as a demonstrations of using OpenStack from the command line and for quick operational testing.
    
-
-        
            
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
new file mode 100644
index 0000000000..953938baaf
--- /dev/null
+++ b/doc/source/overview.rst
@@ -0,0 +1,103 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Overview DevStack from a cloud-height view
+------------------------------------------
+
+DevStack has evolved to support a large number of configuration options
+and alternative platforms and support services. That evolution has grown
+well beyond what was originally intended and the majority of
+configuration combinations are rarely, if ever, tested. DevStack is not
+a general OpenStack installer and was never meant to be everything to
+everyone..
+
+Below is a list of what is specifically is supported (read that as
+"tested") going forward.
+
+Supported Components
+--------------------
+
+Base OS
+~~~~~~~
+
+*The OpenStack Technical Committee (TC) has defined the current CI
+strategy to include the latest Ubuntu release and the latest RHEL
+release (for Python 2.6 testing).*
+
+-  Ubuntu: current LTS release plus current development release
+-  Fedora: current release plus previous release
+-  RHEL: current major release
+-  Other OS platforms may continue to be included but the maintenance of
+   those platforms shall not be assumed simply due to their presence.
+   Having a listed point-of-contact for each additional OS will greatly
+   increase its chance of being well-maintained.
+-  Patches for Ubuntu and/or Fedora will not be held up due to
+   side-effects on other OS platforms.
+
+Databases
+~~~~~~~~~
+
+*As packaged by the host OS*
+
+-  MySQL
+-  PostgreSQL
+
+Queues
+~~~~~~
+
+*As packaged by the host OS*
+
+-  Rabbit
+-  Qpid
+
+Web Server
+~~~~~~~~~~
+
+*As packaged by the host OS*
+
+-  Apache
+
+OpenStack Network
+~~~~~~~~~~~~~~~~~
+
+*Default to Nova Network, optionally use Neutron*
+
+-  Nova Network: FlatDHCP
+-  Neutron: A basic configuration approximating the original FlatDHCP
+   mode using linuxbridge or OpenVSwitch.
+
+Services
+~~~~~~~~
+
+The default services configured by DevStack are Identity (Keystone),
+Object Storage (Swift), Image Storage (Glance), Block Storage (Cinder),
+Compute (Nova), Network (Nova), Dashboard (Horizon), Orchestration
+(Heat)
+
+Additional services not included directly in DevStack can be tied in to
+``stack.sh`` using the `plugin mechanism `__ to call
+scripts that perform the configuration and startup of the service.
+
+Node Configurations
+~~~~~~~~~~~~~~~~~~~
+
+-  single node
+-  multi-node is not tested regularly by the core team, and even then
+   only minimal configurations are reviewed
+
+Exercises
+~~~~~~~~~
+
+The DevStack exercise scripts are no longer used as integration and gate
+testing as that job has transitioned to Tempest. They are still
+maintained as a demonstrations of using OpenStack from the command line
+and for quick operational testing.
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/doc/source/plugins.html b/doc/source/plugins.html
deleted file mode 100644
index 700a209ac9..0000000000
--- a/doc/source/plugins.html
+++ /dev/null
@@ -1,142 +0,0 @@
-
-
-  
-    
-    DevStack - Plugins
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-      
-      
    
-
-        
    
-          
    Plugins Add stuff
    
-          
    DevStack has a couple of plugin mechanisms to allow easily adding support for additional projects and features.
    
-
-          
    Extras.d Hooks
    
-          
    These relatively new hooks are an extension of the existing calls from stack.sh at the end of its run, plus unstack.sh and clean.sh.  A number of the higher-layer projects are implemented in DevStack using this mechanism.
    
-
-          
    The script in extras.d is expected to be mostly a dispatcher to functions in a lib/* script.  The scripts are named with a zero-padded two digits sequence number prefix to control the order that the scripts are called, and with a suffix of .sh.  DevSack reserves for itself the sequence numbers 00 through 09 and 90 through 99.
    
-
-          
    Below is a template that shows handlers for the possible command-line arguments:
    
-
-
    -# template.sh - DevStack extras.d dispatch script template
-
-# check for service enabled
-if is_service_enabled template; then
-
-    if [[ "$1" == "source" ]]; then
-        # Initial source of lib script
-        source $TOP_DIR/lib/template
-    fi
-
-    if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
-        # Set up system services
-        echo_summary "Configuring system services Template"
-        install_package cowsay
-
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        # Perform installation of service source
-        echo_summary "Installing Template"
-        install_template
-
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        # Configure after the other layer 1 and 2 services have been configured
-        echo_summary "Configuring Template"
-        configure_template
-
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        # Initialize and start the template service
-        echo_summary "Initializing Template"
-        ##init_template
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        # Shut down template services
-        # no-op
-        :
-    fi
-
-    if [[ "$1" == "clean" ]]; then
-        # Remove state and transient data
-        # Remember clean.sh first calls unstack.sh
-        # no-op
-        :
-    fi
-fi
-
    
-
-          
    The arguments are:
-          
      
-            
    • source - Called by each script that utilizes extras.d hooks; this replaces directly sourcing the lib/* script.
      • 
-            
    • stack - Called by stack.sh three times for different phases of its run:
-              
        
-                
      • pre-install - Called after system (OS) setup is complete and before project source is installed.
        • 
-                
      • install - Called after the layer 1 and 2 projects source and their dependencies have been installed.
        • 
-                
      • post-config - Called after the layer 1 and 2 services have been configured.  All configuration files for enabled services should exist at this point.
        • 
-                
      • extra - Called near the end after layer 1 and 2 services have been started.  This is the existing hook and has not otherwise changed.
        • 
-              
      • 
-            
    • unstack - Called by unstack.sh before other services are shut down.
      • 
-            
    • clean - Called by clean.sh before other services are cleaned, but after unstack.sh has been called.
-          
    
-
-
-          
    Hypervisor
    
-          
    Hypervisor plugins are fairly new and condense most hypervisor configuration into one place.
    
-
-          
    The initial plugin implemented was for Docker support and is a useful template for the required support.  Plugins are placed in lib/nova_plugins and named hypervisor-<name> where <name> is the value of VIRT_DRIVER.  Plugins must define the following functions:
    
-            
      
-              
    • install_nova_hypervisor - install any external requirements
      • 
-              
    • configure_nova_hypervisor - make configuration changes, including those to other services
      • 
-              
    • start_nova_hypervisor - start any external services
      • 
-              
    • stop_nova_hypervisor - stop any external services
      • 
-              
    • cleanup_nova_hypervisor - remove transient data and cache
      • 
-            
    
-        
            
-
-      
    
-
-      
-
-    
     
-  
-
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
new file mode 100644
index 0000000000..db695d3e84
--- /dev/null
+++ b/doc/source/plugins.rst
@@ -0,0 +1,124 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+Plugins Add stuff
+-----------------
+
+DevStack has a couple of plugin mechanisms to allow easily adding
+support for additional projects and features.
+
+Extras.d Hooks
+~~~~~~~~~~~~~~
+
+These relatively new hooks are an extension of the existing calls from
+``stack.sh`` at the end of its run, plus ``unstack.sh`` and
+``clean.sh``. A number of the higher-layer projects are implemented in
+DevStack using this mechanism.
+
+The script in ``extras.d`` is expected to be mostly a dispatcher to
+functions in a ``lib/*`` script. The scripts are named with a
+zero-padded two digits sequence number prefix to control the order that
+the scripts are called, and with a suffix of ``.sh``. DevSack reserves
+for itself the sequence numbers 00 through 09 and 90 through 99.
+
+Below is a template that shows handlers for the possible command-line
+arguments:
+
+::
+
+    # template.sh - DevStack extras.d dispatch script template
+
+    # check for service enabled
+    if is_service_enabled template; then
+
+        if [[ "$1" == "source" ]]; then
+            # Initial source of lib script
+            source $TOP_DIR/lib/template
+        fi
+
+        if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
+            # Set up system services
+            echo_summary "Configuring system services Template"
+            install_package cowsay
+
+        elif [[ "$1" == "stack" && "$2" == "install" ]]; then
+            # Perform installation of service source
+            echo_summary "Installing Template"
+            install_template
+
+        elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
+            # Configure after the other layer 1 and 2 services have been configured
+            echo_summary "Configuring Template"
+            configure_template
+
+        elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+            # Initialize and start the template service
+            echo_summary "Initializing Template"
+            ##init_template
+        fi
+
+        if [[ "$1" == "unstack" ]]; then
+            # Shut down template services
+            # no-op
+            :
+        fi
+
+        if [[ "$1" == "clean" ]]; then
+            # Remove state and transient data
+            # Remember clean.sh first calls unstack.sh
+            # no-op
+            :
+        fi
+    fi
+
+The arguments are:
+
+-  **source** - Called by each script that utilizes ``extras.d`` hooks;
+   this replaces directly sourcing the ``lib/*`` script.
+-  **stack** - Called by ``stack.sh`` three times for different phases
+   of its run:
+
+   -  **pre-install** - Called after system (OS) setup is complete and
+      before project source is installed.
+   -  **install** - Called after the layer 1 and 2 projects source and
+      their dependencies have been installed.
+   -  **post-config** - Called after the layer 1 and 2 services have
+      been configured. All configuration files for enabled services
+      should exist at this point.
+   -  **extra** - Called near the end after layer 1 and 2 services have
+      been started. This is the existing hook and has not otherwise
+      changed.
+
+-  **unstack** - Called by ``unstack.sh`` before other services are shut
+   down.
+-  **clean** - Called by ``clean.sh`` before other services are cleaned,
+   but after ``unstack.sh`` has been called.
+
+Hypervisor
+~~~~~~~~~~
+
+Hypervisor plugins are fairly new and condense most hypervisor
+configuration into one place.
+
+The initial plugin implemented was for Docker support and is a useful
+template for the required support. Plugins are placed in
+``lib/nova_plugins`` and named ``hypervisor-`` where ```` is
+the value of ``VIRT_DRIVER``. Plugins must define the following
+functions:
+
+-  ``install_nova_hypervisor`` - install any external requirements
+-  ``configure_nova_hypervisor`` - make configuration changes, including
+   those to other services
+-  ``start_nova_hypervisor`` - start any external services
+-  ``stop_nova_hypervisor`` - stop any external services
+-  ``cleanup_nova_hypervisor`` - remove transient data and cache
+
+© Openstack Foundation 2011-2013 — An `OpenStack
+program `__ created by
+`Rackspace Cloud
+Builders `__
diff --git a/doc/source/stackrc.html b/doc/source/stackrc.html
deleted file mode 100644
index 2df9d385f7..0000000000
--- a/doc/source/stackrc.html
+++ /dev/null
@@ -1,101 +0,0 @@
-
-
-  
-    
-    DevStack - stackrc
-    
-    
-
-    
-    
-
-    
-    
-    
-    
-    
-    
-    
-    
-  
-
-  
-
-    
    
-      
    
-        
    
-          DevStack
-          
-        
    
-      
    
-    
    
-
-    
    
-
-      
    
-        
    
-          
    stackrc DevStack settings
    
-          
    stackrc is the primary configuration file for DevStack.
-          It contains all of the settings that control the services started
-          and the repositories used to download the source for those services.
-          stackrc sources the localrc section of
-          local.conf to perform the default overrides.
    
-        
    
-        
    
-
-          
    DATABASE_TYPE
    
-          
    Select the database backend to use.  The default is mysql,
-          postgresql is also available.
    
-
-          
    ENABLED_SERVICES
    
-          
    Specify which services to launch.  These generally correspond to
-            screen tabs. 
-            The default includes: Glance (API and Registry), Keystone, Nova (API,
-            Certificate, Object Store, Compute, Network, Scheduler, VNC proxies,
-            Certificate Authentication), Cinder (Scheduler, API, Volume), Horizon, MySQL, RabbitMQ, Tempest.
-            
    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
    
-            Other services that are not enabled by default can be enabled in
-            localrc. For example, to add Swift, use the following service names:
-            
    enable_service s-proxy s-object s-container s-account
    
-            A service can similarly be disabled:
-            
    disable_service horizon
    
-
-          
    Service Repos
    
-          
    The Git repositories used to check out the source for each service
-            are controlled by a pair of variables set for each service.  
-            *_REPO points to the repository and *_BRANCH
-            selects which branch to check out.  These may be overridden in
-            local.conf to pull source from a different repo for testing,
-            such as a Gerrit branch proposal.  GIT_BASE points to the primary repository server.
-            
    NOVA_REPO=$GIT_BASE/openstack/nova.git
-NOVA_BRANCH=master
    
-            To pull a branch directly from Gerrit, get the repo and branch from the 
-            Gerrit review page:
-            
    git fetch https://review.openstack.org/p/openstack/nova refs/changes/50/5050/1 && git checkout FETCH_HEAD
    
-            The repo is the stanza following fetch and the branch
-            is the stanza following that:
-            
    NOVA_REPO=https://review.openstack.org/p/openstack/nova
-NOVA_BRANCH=refs/changes/50/5050/1
    
-
-        
    
-      
    
-        
    © Openstack Foundation 2011-2014 — An OpenStack program
    
-      
-
-    
     
-
-  
-
diff --git a/doc/source/stackrc.rst b/doc/source/stackrc.rst
new file mode 100644
index 0000000000..b2766cb971
--- /dev/null
+++ b/doc/source/stackrc.rst
@@ -0,0 +1,77 @@
+`DevStack `__
+
+-  `Overview `__
+-  `Changes `__
+-  `FAQ `__
+-  `git.openstack.org `__
+-  `Gerrit `__
+
+stackrc DevStack settings
+-------------------------
+
+``stackrc`` is the primary configuration file for DevStack. It contains
+all of the settings that control the services started and the
+repositories used to download the source for those services. ``stackrc``
+sources the ``localrc`` section of ``local.conf`` to perform the default
+overrides.
+
+DATABASE\_TYPE
+    Select the database backend to use. The default is ``mysql``,
+    ``postgresql`` is also available.
+ENABLED\_SERVICES
+    Specify which services to launch. These generally correspond to
+    screen tabs. The default includes: Glance (API and Registry),
+    Keystone, Nova (API, Certificate, Object Store, Compute, Network,
+    Scheduler, VNC proxies, Certificate Authentication), Cinder
+    (Scheduler, API, Volume), Horizon, MySQL, RabbitMQ, Tempest.
+
+    ::
+
+        ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
+
+    Other services that are not enabled by default can be enabled in
+    ``localrc``. For example, to add Swift, use the following service
+    names:
+
+    ::
+
+        enable_service s-proxy s-object s-container s-account
+
+    A service can similarly be disabled:
+
+    ::
+
+        disable_service horizon
+
+Service Repos
+    The Git repositories used to check out the source for each service
+    are controlled by a pair of variables set for each service.
+    ``*_REPO`` points to the repository and ``*_BRANCH`` selects which
+    branch to check out. These may be overridden in ``local.conf`` to
+    pull source from a different repo for testing, such as a Gerrit
+    branch proposal. ``GIT_BASE`` points to the primary repository
+    server.
+
+    ::
+
+        NOVA_REPO=$GIT_BASE/openstack/nova.git
+        NOVA_BRANCH=master
+
+    To pull a branch directly from Gerrit, get the repo and branch from
+    the Gerrit review page:
+
+    ::
+
+        git fetch https://review.openstack.org/p/openstack/nova refs/changes/50/5050/1 && git checkout FETCH_HEAD
+
+    The repo is the stanza following ``fetch`` and the branch is the
+    stanza following that:
+
+    ::
+
+        NOVA_REPO=https://review.openstack.org/p/openstack/nova
+        NOVA_BRANCH=refs/changes/50/5050/1
+
+© Openstack Foundation 2011-2014 — An
+`OpenStack `__
+`program `__
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000000..58871344aa
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,23 @@
+[metadata]
+name = DevStack
+summary = OpenStack DevStack
+description-file =
+    README.md
+author = OpenStack
+author-email = openstack-dev@lists.openstack.org
+home-page = http://devstack.org
+classifier =
+    Intended Audience :: Developers
+    License :: OSI Approved :: Apache Software License
+    Operating System :: POSIX :: Linux
+
+[build_sphinx]
+all_files = 1
+build-dir = doc/build
+source-dir = doc/source
+
+[pbr]
+warnerrors = True
+
+[wheel]
+universal = 1
diff --git a/setup.py b/setup.py
new file mode 100755
index 0000000000..70c2b3f32b
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
+import setuptools
+
+setuptools.setup(
+    setup_requires=['pbr'],
+    pbr=True)
diff --git a/tox.ini b/tox.ini
index 3677631c5e..b6f2d9655e 100644
--- a/tox.ini
+++ b/tox.ini
@@ -16,8 +16,13 @@ commands = bash -c "find {toxinidir} -not -wholename \*.tox/\* -and \( -name \*.
 deps =
    Pygments
    docutils
+   sphinx>=1.1.2,<1.2
+   pbr>=0.6,!=0.7,<1.0
+   oslosphinx
 whitelist_externals = bash
 setenv =
   TOP_DIR={toxinidir}
   INSTALL_SHOCCO=true
-commands = bash tools/build_docs.sh
+commands = 
+	bash tools/build_docs.sh
+	python setup.py build_sphinx

From ab50c702a770fa9d7fd0ff533566fc7a1775dde5 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Wed, 22 Oct 2014 13:21:22 -0700
Subject: [PATCH 0085/3421] Use service tenant id for Ironic agent swift auth

Config of ironic conductor currently references a non-existent variable.
This corrects it by obtaining and using the correct tenant id.

Change-Id: I4340f75b2b22a8fd3fd8dd5cb30d7e91bce4f654
---
 lib/ironic | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 1541dcfb33..0a84e47ebc 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -281,7 +281,8 @@ function configure_ironic_conductor {
         fi
         iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:8080
         iniset $IRONIC_CONF_FILE glance swift_api_version v1
-        iniset $IRONIC_CONF_FILE glance swift_account AUTH_${SERVICE_TENANT}
+        local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME)
+        iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
         iniset $IRONIC_CONF_FILE glance swift_container glance
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
         iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30

From 1c0628f83ce2dbf27dc0c916a53d915b20233890 Mon Sep 17 00:00:00 2001
From: Patrick East 
Date: Wed, 22 Oct 2014 16:22:47 -0700
Subject: [PATCH 0086/3421] Fix an issue with setting tempest volume
 vendor_name with spaces
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If the volume vendor has spaces in it, for example “Open Source”, we
need to have quotes around the uses of the variables or the behavior
will not be as expected.

Change-Id: Ie1e99b6d6de2313e5b5b5a5d3057c136c9b34601
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 3c37918018..350d08c331 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -372,7 +372,7 @@ function configure_tempest {
     fi
 
     if [ $TEMPEST_VOLUME_DRIVER != "default" -o \
-        $TEMPEST_VOLUME_VENDOR != $TEMPEST_DEFAULT_VOLUME_VENDOR ]; then
+        "$TEMPEST_VOLUME_VENDOR" != "$TEMPEST_DEFAULT_VOLUME_VENDOR" ]; then
         iniset $TEMPEST_CONFIG volume vendor_name "$TEMPEST_VOLUME_VENDOR"
     fi
     if [ $TEMPEST_VOLUME_DRIVER != "default" -o \

From cac1317676dcb0efa489dd667793cf4f6b366170 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Thu, 23 Oct 2014 10:52:40 -0700
Subject: [PATCH 0087/3421] Move to download.fedoraproject.org

download.fedoraproject.org is the mirror system, while
dl.fedoraproject.org is just one system. We have seen performance issues
with dl.fedoraproject.org and using download.fedoraproject.org was a
recommended as a solution by the folks at #fedora-admin.

Local testing on a rackspace server with dl.fedoraproject.org got about
70K/s while download.fedoraproject.org got over 1M/s

Move over to https as well.

Related-Bug: #1383928
Change-Id: I318d8844cfcfbc42c1e552e443c6b793d20f321f
---
 stackrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index 389952508d..6cec8e85fb 100644
--- a/stackrc
+++ b/stackrc
@@ -514,7 +514,7 @@ esac
 if [[ "$ENABLED_SERVICES" =~ 'h-api' ]]; then
     case "$VIRT_DRIVER" in
         libvirt|baremetal|ironic)
-            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"http://dl.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"}
+            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"}
             IMAGE_URLS+=",$HEAT_CFN_IMAGE_URL"
             ;;
         *)
@@ -539,7 +539,7 @@ fi
 PRECACHE_IMAGES=$(trueorfalse False $PRECACHE_IMAGES)
 if [[ "$PRECACHE_IMAGES" == "True" ]]; then
     # staging in update for nodepool
-    IMAGE_URL="http://dl.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"
+    IMAGE_URL="https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"
     if ! [[ "$IMAGE_URLS"  =~ "$IMAGE_URL" ]]; then
         IMAGE_URLS+=",$IMAGE_URL"
     fi

From 51f0de5c5d5aa779db0ed647804d7d9488a9122b Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Mon, 20 Oct 2014 16:32:34 +0200
Subject: [PATCH 0088/3421] Allow depth limiting git clones

Depending on how you are using devstack you probably don't need the
entire history of a project so we should allow people to specify a clone
depth to speed up the devstack process.

Change-Id: I804a5abcc80f6a81e915c0bb4dceae72486441a7
Blueprint: git-depth
---
 functions-common | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/functions-common b/functions-common
index e6f425f4a1..bf25c25052 100644
--- a/functions-common
+++ b/functions-common
@@ -19,6 +19,7 @@
 #
 # The following variables are assumed to be defined by certain functions:
 #
+# - ``GIT_DEPTH``
 # - ``ENABLED_SERVICES``
 # - ``ERROR_ON_CLONE``
 # - ``FILES``
@@ -562,16 +563,22 @@ function get_release_name_from_branch {
 # Set global ``RECLONE=yes`` to simulate a clone when dest-dir exists
 # Set global ``ERROR_ON_CLONE=True`` to abort execution with an error if the git repo
 # does not exist (default is False, meaning the repo will be cloned).
-# Uses globals ``ERROR_ON_CLONE``, ``OFFLINE``, ``RECLONE``
+# Set global ``GIT_DEPTH=`` to limit the history depth of the git clone
+# Uses globals ``ERROR_ON_CLONE``, ``OFFLINE``, ``RECLONE``, ``GIT_DEPTH``
 # git_clone remote dest-dir branch
 function git_clone {
     local git_remote=$1
     local git_dest=$2
     local git_ref=$3
     local orig_dir=$(pwd)
+    local git_clone_flags=""
 
     RECLONE=$(trueorfalse False $RECLONE)
 
+    if [[ "$GIT_DEPTH" ]]; then
+        git_clone_flags="$git_clone_flags --depth $GIT_DEPTH"
+    fi
+
     if [[ "$OFFLINE" = "True" ]]; then
         echo "Running in offline mode, clones already exist"
         # print out the results so we know what change was used in the logs
@@ -586,7 +593,7 @@ function git_clone {
         if [[ ! -d $git_dest ]]; then
             [[ "$ERROR_ON_CLONE" = "True" ]] && \
                 die $LINENO "Cloning not allowed in this configuration"
-            git_timed clone $git_remote $git_dest
+            git_timed clone $git_clone_flags $git_remote $git_dest
         fi
         cd $git_dest
         git_timed fetch $git_remote $git_ref && git checkout FETCH_HEAD
@@ -595,7 +602,7 @@ function git_clone {
         if [[ ! -d $git_dest ]]; then
             [[ "$ERROR_ON_CLONE" = "True" ]] && \
                 die $LINENO "Cloning not allowed in this configuration"
-            git_timed clone $git_remote $git_dest
+            git_timed clone $git_clone_flags $git_remote $git_dest
             cd $git_dest
             # This checkout syntax works for both branches and tags
             git checkout $git_ref

From 0f3bafc74edce5fbc091b3cacf27f916ebf04fc7 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 24 Oct 2014 10:48:46 -0400
Subject: [PATCH 0089/3421] Remove copyright footer from RST docs

Change-Id: I2fe6aac7caec21af26983636d6ec827b3525ee15
---
 doc/source/changes.rst               | 4 ----
 doc/source/configuration.rst         | 4 ----
 doc/source/contributing.rst          | 5 -----
 doc/source/eucarc.rst                | 5 -----
 doc/source/exerciserc.rst            | 5 -----
 doc/source/faq.rst                   | 4 ----
 doc/source/guides/multinode-lab.rst  | 4 ----
 doc/source/guides/pxe-boot.rst       | 3 ---
 doc/source/guides/ramdisk.rst        | 3 ---
 doc/source/guides/single-machine.rst | 5 -----
 doc/source/guides/single-vm.rst      | 4 ----
 doc/source/guides/usb-boot.rst       | 3 ---
 doc/source/index.rst                 | 4 ----
 doc/source/local.conf.rst            | 4 ----
 doc/source/localrc.rst               | 4 ----
 doc/source/openrc.rst                | 5 -----
 doc/source/overview.rst              | 4 ----
 doc/source/plugins.rst               | 5 -----
 doc/source/stackrc.rst               | 4 ----
 19 files changed, 79 deletions(-)

diff --git a/doc/source/changes.rst b/doc/source/changes.rst
index 7ce629faa9..ccd96e8a7e 100644
--- a/doc/source/changes.rst
+++ b/doc/source/changes.rst
@@ -12,7 +12,3 @@ Recent Changes What's been happening?
 These are the commits to DevStack for the last six months. For the
 complete list see `the DevStack project in
 Gerrit `__.
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 694ad62844..9befc908ea 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -354,7 +354,3 @@ Examples
        RABBIT_PASSWORD=$ADMIN_PASSWORD
        SERVICE_PASSWORD=$ADMIN_PASSWORD
        SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index e37c06b6a9..73069e788b 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -98,8 +98,3 @@ have aged a bit (does anyone still do ramdisk installs?). While these
 may reference the top-level DevStack configuration they can generally be
 run alone. There are also some sub-directories to support specific
 environments such as XenServer.
-
-© Openstack Foundation 2011-2013 — An `OpenStack
-program `__ created by
-`Rackspace Cloud
-Builders `__
diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
index c1065e6f61..c91d3417de 100644
--- a/doc/source/eucarc.rst
+++ b/doc/source/eucarc.rst
@@ -50,8 +50,3 @@ Certificates for Bundling
         EC2_CERT=cert.pem
         NOVA_CERT=cacert.pem
         EUCALYPTUS_CERT=${NOVA_CERT}
-
-© Openstack Foundation 2011-2013 — An `OpenStack
-program `__ created by
-`Rackspace Cloud
-Builders `__
diff --git a/doc/source/exerciserc.rst b/doc/source/exerciserc.rst
index 22aff9a9e2..ed3f2e87b6 100644
--- a/doc/source/exerciserc.rst
+++ b/doc/source/exerciserc.rst
@@ -47,8 +47,3 @@ TERMINATE\_TIMEOUT
     ::
 
         TERMINATE_TIMEOUT=30
-
-© Openstack Foundation 2011-2013 — An `OpenStack
-program `__ created by
-`Rackspace Cloud
-Builders `__
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 9adc58ed1c..36b25b3039 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -178,7 +178,3 @@ Q: ``tools/fixup_stuff.sh`` is broken and shouldn't 'fix' just one version of pa
     problems than we'll add them to the script. Knowing about the broken
     future releases is valuable rather than polling to see if it has
     been fixed.
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index c7901a21fb..a63260fe6f 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -376,7 +376,3 @@ If you forgot to set the root password you can do this:
 ::
 
     mysqladmin -u root -pnova password 'supersecret'
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/guides/pxe-boot.rst b/doc/source/guides/pxe-boot.rst
index 584e5581fd..f745abb7e4 100644
--- a/doc/source/guides/pxe-boot.rst
+++ b/doc/source/guides/pxe-boot.rst
@@ -138,6 +138,3 @@ Set Up tftpboot
 
 Now `return `__ to the RAM disk Guide to kick off your
 DevStack experience.
-
-© Openstack Foundation 2011-2013 — this is not an official OpenStack
-project...
diff --git a/doc/source/guides/ramdisk.rst b/doc/source/guides/ramdisk.rst
index 82147a8c1b..1ba74f2322 100644
--- a/doc/source/guides/ramdisk.rst
+++ b/doc/source/guides/ramdisk.rst
@@ -84,6 +84,3 @@ Fire It Up
        screen -x
 
 -  Connect to the dashboard at ``http:///``
-
-© Openstack Foundation 2011-2013 — this is not an official OpenStack
-project...
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 0db0466281..3e0a39cad5 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -138,8 +138,3 @@ accessible from other machines on your network.
 Some examples of using the OpenStack command-line clients ``nova`` and
 ``glance`` are in the shakedown scripts in ``devstack/exercises``.
 ``exercise.sh`` will run all of those scripts and report on the results.
-
-© Openstack Foundation 2011-2013 — An `OpenStack
-program `__ created by
-`Rackspace Cloud
-Builders `__
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index 0e2d1573aa..35efb14939 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -104,7 +104,3 @@ packages are installed in the VM and the source trees checked out.
 Setting ``OFFLINE=True`` in ``local.conf`` enables ``stack.sh`` to run
 multiple times without an Internet connection. DevStack, making hacking
 at the lake possible since 2012!
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/guides/usb-boot.rst b/doc/source/guides/usb-boot.rst
index 888e14feb3..4f7a49425b 100644
--- a/doc/source/guides/usb-boot.rst
+++ b/doc/source/guides/usb-boot.rst
@@ -55,6 +55,3 @@ Set Up USB Drive
 
 Now `return `__ to the RAM disk Guide to kick off your
 DevStack experience.
-
-© Openstack Foundation 2011-2013 — this is not an official OpenStack
-project...
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 6e5105dcff..6f7cab65a3 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -377,7 +377,3 @@ exercises/volumes.sh
 exercises/zaqar.sh
 
 `Read » `__
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/local.conf.rst b/doc/source/local.conf.rst
index 40d0e0f57a..e1de44c2c7 100644
--- a/doc/source/local.conf.rst
+++ b/doc/source/local.conf.rst
@@ -14,7 +14,3 @@ local.conf User settings
 ``localrc`` file. See `the description of
 local.conf `__ for more details about the mechanics
 of the file.
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/localrc.rst b/doc/source/localrc.rst
index 910e274209..487280bae5 100644
--- a/doc/source/localrc.rst
+++ b/doc/source/localrc.rst
@@ -14,7 +14,3 @@ and has been replaced by ```local.conf`` `__. DevStack
 will continue to use ``localrc`` if it is present and ignore the
 ``localrc`` section in ``local.conf.``. Remove ``localrc`` to switch to
 using the new file.
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index b8759ecb49..ce5765aa60 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -81,8 +81,3 @@ KEYSTONECLIENT\_DEBUG, NOVACLIENT\_DEBUG
 
         # export KEYSTONECLIENT_DEBUG=1
         # export NOVACLIENT_DEBUG=1
-
-© Openstack Foundation 2011-2013 — An `OpenStack
-program `__ created by
-`Rackspace Cloud
-Builders `__
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index 953938baaf..cedf941bcd 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -97,7 +97,3 @@ The DevStack exercise scripts are no longer used as integration and gate
 testing as that job has transitioned to Tempest. They are still
 maintained as a demonstrations of using OpenStack from the command line
 and for quick operational testing.
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index db695d3e84..0747b59f3c 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -117,8 +117,3 @@ functions:
 -  ``start_nova_hypervisor`` - start any external services
 -  ``stop_nova_hypervisor`` - stop any external services
 -  ``cleanup_nova_hypervisor`` - remove transient data and cache
-
-© Openstack Foundation 2011-2013 — An `OpenStack
-program `__ created by
-`Rackspace Cloud
-Builders `__
diff --git a/doc/source/stackrc.rst b/doc/source/stackrc.rst
index b2766cb971..5d9d2218c6 100644
--- a/doc/source/stackrc.rst
+++ b/doc/source/stackrc.rst
@@ -71,7 +71,3 @@ Service Repos
 
         NOVA_REPO=https://review.openstack.org/p/openstack/nova
         NOVA_BRANCH=refs/changes/50/5050/1
-
-© Openstack Foundation 2011-2014 — An
-`OpenStack `__
-`program `__

From f5cb1ce4c6f1733c3a5276dcf58f99c2984adafb Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Tue, 21 Oct 2014 11:16:58 -0500
Subject: [PATCH 0090/3421] Update docs section for new build

The devstack.org build process was recently changed to run as a CI post
job, publishing the site after every commit.

Change-Id: I05ddb353fae524178a25f28f2437d4fc635167f9
---
 HACKING.rst | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/HACKING.rst b/HACKING.rst
index d69bb49286..cbba310ee3 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -126,14 +126,9 @@ and can stay in the project file.
 Documentation
 -------------
 
-The official DevStack repo on GitHub does not include a gh-pages branch that
-GitHub uses to create static web sites.  That branch is maintained in the
-`CloudBuilders DevStack repo`__ mirror that supports the
-http://devstack.org site.  This is the primary DevStack
-documentation along with the DevStack scripts themselves.
-
-__ repo_
-.. _repo: https://github.com/cloudbuilders/devstack
+The DevStack repo now contains all of the static pages of devstack.org in
+the ``doc/source`` directory. The OpenStack CI system rebuilds the docs after every
+commit and updates devstack.org (now a redirect to docs.openstack.org/developer/devstack).
 
 All of the scripts are processed with shocco_ to render them with the comments
 as text describing the script below.  For this reason we tend to be a little
@@ -144,6 +139,8 @@ uses Markdown headers to divide the script into logical sections.
 .. _shocco: https://github.com/dtroyer/shocco/tree/rst_support
 
 The script used to drive shocco is tools/build_docs.sh.
+The complete docs build is also handled with tox -edocs per the
+OpenStack project standard.
 
 
 Exercises
@@ -235,8 +232,12 @@ DevStack defines a bash set of best practices for maintaining large
 collections of bash scripts. These should be considered as part of the
 review process.
 
-We have a preliminary enforcing script for this called bash8 (only a
-small number of these rules are enforced).
+DevStack uses the bashate_ style checker
+to enforce basic guidelines, similar to pep8 and flake8 tools for Python. The
+list below is not complete for what bashate checks, nor is it all checked
+by bashate.  So many lines of code, so little time.
+
+.. _bashate: https://pypi.python.org/pypi/bashate
 
 Whitespace Rules
 ----------------

From 0d6e992d90b84bcafe16468b0a2aec903e3b7aa0 Mon Sep 17 00:00:00 2001
From: yunhong jiang 
Date: Fri, 10 Oct 2014 06:12:47 -0700
Subject: [PATCH 0091/3421] Fix a minor comments

A minor mismatch in lib/neutron since now unstack.sh invokes
three functions and also start_neutron_agents() is called before
create_neutron_initial_network().

Change-Id: Ibbe68501cce4c062a9ac610cbc44188dc9bab6c8
---
 lib/neutron | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index ca9b16cd8c..d05dcc806f 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -20,13 +20,15 @@
 # - create_neutron_cache_dir
 # - create_nova_conf_neutron
 # - start_neutron_service_and_check
+# - start_neutron_agents
 # - create_neutron_initial_network
 # - setup_neutron_debug
-# - start_neutron_agents
 #
 # ``unstack.sh`` calls the entry points in this order:
 #
 # - stop_neutron
+# - stop_neutron_third_party
+# - cleanup_neutron
 
 # Functions in lib/neutron are classified into the following categories:
 #

From f76ed01665d8718641a1c5e421571bd165486d24 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 27 Oct 2014 11:36:41 -0400
Subject: [PATCH 0092/3421] Docs: Fix exercise table in index.rst

Change-Id: I305414a5a38c6837a765110e726771ba2f94fe45
---
 doc/source/index.rst | 108 +++++++++++++++----------------------------
 1 file changed, 37 insertions(+), 71 deletions(-)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 6f7cab65a3..37b365d11a 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -306,74 +306,40 @@ Samples Generated documentation of DevStack sample files.
 Exercises Generated documentation of DevStack scripts.
 ------------------------------------------------------
 
-Filename
-
-Link
-
-exercise.sh
-
-`Read » `__
-
-exercises/aggregates.sh
-
-`Read » `__
-
-exercises/boot\_from\_volume.sh
-
-`Read » `__
-
-exercises/bundle.sh
-
-`Read » `__
-
-exercises/client-args.sh
-
-`Read » `__
-
-exercises/client-env.sh
-
-`Read » `__
-
-exercises/euca.sh
-
-`Read » `__
-
-exercises/floating\_ips.sh
-
-`Read » `__
-
-exercises/horizon.sh
-
-`Read » `__
-
-exercises/neutron-adv-test.sh
-
-`Read » `__
-
-exercises/sahara.sh
-
-`Read » `__
-
-exercises/savanna.sh
-
-`Read » `__
-
-exercises/sec\_groups.sh
-
-`Read » `__
-
-exercises/swift.sh
-
-`Read » `__
-
-exercises/trove.sh
-
-`Read » `__
-
-exercises/volumes.sh
-
-`Read » `__
-
-exercises/zaqar.sh
-
-`Read » `__
++---------------------------------+-------------------------------------------------+
+| Filename                        | Link                                            |
++=================================+=================================================+
+| exercise.sh                     | `Read » `__                   |
++---------------------------------+-------------------------------------------------+
+| exercises/aggregates.sh         | `Read » `__       |
++---------------------------------+-------------------------------------------------+
+| exercises/boot\_from\_volume.sh | `Read » `__ |
++---------------------------------+-------------------------------------------------+
+| exercises/bundle.sh             | `Read » `__           |
++---------------------------------+-------------------------------------------------+
+| exercises/client-args.sh        | `Read » `__      |
++---------------------------------+-------------------------------------------------+
+| exercises/client-env.sh         | `Read » `__       |
++---------------------------------+-------------------------------------------------+
+| exercises/euca.sh               | `Read » `__             |
++---------------------------------+-------------------------------------------------+
+| exercises/floating\_ips.sh      | `Read » `__     |
++---------------------------------+-------------------------------------------------+
+| exercises/horizon.sh            | `Read » `__          |
++---------------------------------+-------------------------------------------------+
+| exercises/neutron-adv-test.sh   | `Read » `__ |
++---------------------------------+-------------------------------------------------+
+| exercises/sahara.sh             | `Read » `__           |
++---------------------------------+-------------------------------------------------+
+| exercises/savanna.sh            | `Read » `__          |
++---------------------------------+-------------------------------------------------+
+| exercises/sec\_groups.sh        | `Read » `__       |
++---------------------------------+-------------------------------------------------+
+| exercises/swift.sh              | `Read » `__            |
++---------------------------------+-------------------------------------------------+
+| exercises/trove.sh              | `Read » `__            |
++---------------------------------+-------------------------------------------------+
+| exercises/volumes.sh            | `Read » `__          |
++---------------------------------+-------------------------------------------------+
+| exercises/zaqar.sh              | `Read » `__            |
++---------------------------------+-------------------------------------------------+

From def1534ce06409c4c70d6569ea6314a82897e28b Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 27 Oct 2014 12:26:04 -0400
Subject: [PATCH 0093/3421] allow for soft updating of global-requirements

This creates a devstack REQUIREMENTS_MODE which is how we handle
syncing of global requirements. The default is 'strict', which is
current behavior. There is a new 'soft' mode which does a
--soft-update for projects *not* found in projects.txt, which lets
them specify additional requirements.

Change-Id: I4aa606514131b5dde67d87f5c8db5a3f3e50fc03
Depends-On: I1f195ef9ff1509659848e14ec9936ff6f66a6496
---
 functions-common | 25 +++++++++++++++++++++++--
 stackrc          | 11 +++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index e6f425f4a1..9041439dee 100644
--- a/functions-common
+++ b/functions-common
@@ -1606,6 +1606,16 @@ function setup_develop {
     setup_package_with_req_sync $project_dir -e
 }
 
+# determine if a project as specified by directory is in
+# projects.txt. This will not be an exact match because we throw away
+# the namespacing when we clone, but it should be good enough in all
+# practical ways.
+function is_in_projects_txt {
+    local project_dir=$1
+    local project_name=$(basename $project_dir)
+    return grep "/$project_name\$" $REQUIREMENTS_DIR/projects.txt >/dev/null
+}
+
 # ``pip install -e`` the package, which processes the dependencies
 # using pip before running `setup.py develop`
 #
@@ -1624,8 +1634,19 @@ function setup_package_with_req_sync {
     local update_requirements=$(cd $project_dir && git diff --exit-code >/dev/null || echo "changed")
 
     if [[ $update_requirements != "changed" ]]; then
-        (cd $REQUIREMENTS_DIR; \
-            python update.py $project_dir)
+        if [[ "$REQUIREMENTS_MODE" == "soft" ]]; then
+            if is_in_projects_txt $project_dir; then
+                (cd $REQUIREMENTS_DIR; \
+                    python update.py $project_dir)
+            else
+                # soft update projects not found in requirements project.txt
+                (cd $REQUIREMENTS_DIR; \
+                    python update.py -s $project_dir)
+            fi
+        else
+            (cd $REQUIREMENTS_DIR; \
+                python update.py $project_dir)
+        fi
     fi
 
     setup_package $project_dir $flags
diff --git a/stackrc b/stackrc
index 6cec8e85fb..d97dba826a 100644
--- a/stackrc
+++ b/stackrc
@@ -116,6 +116,17 @@ DATABASE_QUERY_LOGGING=$(trueorfalse True $DATABASE_QUERY_LOGGING)
 # Zero disables timeouts
 GIT_TIMEOUT=${GIT_TIMEOUT:-0}
 
+# Requirements enforcing mode
+#
+# - strict (default) : ensure all project requirements files match
+#   what's in global requirements.
+#
+# - soft : enforce requirements on everything in
+#   requirements/projects.txt, but do soft updates on all other
+#   repositories (i.e. sync versions for requirements that are in g-r,
+#   but pass through any extras)
+REQUIREMENTS_MODE=${REQUIREMENTS_MODE:-strict}
+
 # Repositories
 # ------------
 

From e7f071b49fa0a4cb695220a2d159214779803cd8 Mon Sep 17 00:00:00 2001
From: taturiello 
Date: Wed, 15 Oct 2014 05:09:45 -0700
Subject: [PATCH 0094/3421] Remove no_wait ovs flag from vmw_nsx 3rd party lib

The no_wait flag can trigger a race conditon with ip addr flush
if the public bridge is not yet up. Due to this race condition
the local route for the external subnet might not be added.

The patch also renames br-ex to $PUBLIC_BRIDGE in some places

Change-Id: I11335c99dba580e7ca26b0b15b0df8dead367fdc
---
 lib/neutron_thirdparty/vmware_nsx | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/neutron_thirdparty/vmware_nsx b/lib/neutron_thirdparty/vmware_nsx
index 7a76570775..7a20c64afb 100644
--- a/lib/neutron_thirdparty/vmware_nsx
+++ b/lib/neutron_thirdparty/vmware_nsx
@@ -8,7 +8,7 @@
 # * enable_service vmware_nsx        --> to execute this third-party addition
 # * PUBLIC_BRIDGE                    --> bridge used for external connectivity, typically br-ex
 # * NSX_GATEWAY_NETWORK_INTERFACE    --> interface used to communicate with the NSX Gateway
-# * NSX_GATEWAY_NETWORK_CIDR         --> CIDR to configure br-ex, e.g. 172.24.4.211/24
+# * NSX_GATEWAY_NETWORK_CIDR         --> CIDR to configure $PUBLIC_BRIDGE, e.g. 172.24.4.211/24
 
 # Save trace setting
 NSX3_XTRACE=$(set +o | grep xtrace)
@@ -29,7 +29,7 @@ function configure_vmware_nsx {
 function init_vmware_nsx {
     if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
         NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
-        echo "The IP address to set on br-ex was not specified. "
+        echo "The IP address to set on $PUBLIC_BRIDGE was not specified. "
         echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
     fi
     # Make sure the interface is up, but not configured
@@ -42,14 +42,15 @@ function init_vmware_nsx {
     # only with mac learning enabled, portsecurity and security profiles disabled
     # The public bridge might not exist for the NSX plugin if Q_USE_DEBUG_COMMAND is off
     # Try to create it anyway
-    sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE
-    sudo ovs-vsctl -- --may-exist add-port $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_INTERFACE
+    sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE
+    sudo ovs-vsctl --may-exist add-port $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_INTERFACE
     nsx_gw_net_if_mac=$(ip link show $NSX_GATEWAY_NETWORK_INTERFACE | awk '/ether/ {print $2}')
     sudo ip link set address $nsx_gw_net_if_mac dev $PUBLIC_BRIDGE
     for address in $addresses; do
         sudo ip addr add dev $PUBLIC_BRIDGE $address
     done
     sudo ip addr add dev $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_CIDR
+    sudo ip link set $PUBLIC_BRIDGE up
 }
 
 function install_vmware_nsx {
@@ -63,7 +64,7 @@ function start_vmware_nsx {
 function stop_vmware_nsx {
     if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
         NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
-        echo "The IP address expected on br-ex was not specified. "
+        echo "The IP address expected on $PUBLIC_BRIDGE was not specified. "
         echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
     fi
     sudo ip addr del $NSX_GATEWAY_NETWORK_CIDR dev $PUBLIC_BRIDGE

From 15130cd5fd1688b8984d78136b97bb8de7c32b64 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Tue, 28 Oct 2014 11:49:58 +0900
Subject: [PATCH 0095/3421] Desupport neutron openvswitch and linuxbridge
 monolithic plugins

These plugins were removed in Juno.
Note: this doesn't affect the corresponding ML2 mechanism drivers.

Partial-Bug: #1323729
Change-Id: Ia8da1e20a03fef5657ba1584bf83ddd224b5d5f2
---
 lib/neutron                           | 29 ++++------
 lib/neutron_plugins/linuxbridge       | 55 -------------------
 lib/neutron_plugins/linuxbridge_agent | 77 ---------------------------
 lib/neutron_plugins/openvswitch       |  7 ++-
 4 files changed, 14 insertions(+), 154 deletions(-)
 delete mode 100644 lib/neutron_plugins/linuxbridge
 delete mode 100644 lib/neutron_plugins/linuxbridge_agent

diff --git a/lib/neutron b/lib/neutron
index ca9b16cd8c..5b3ac9f42e 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -43,21 +43,11 @@
 # to run Neutron on this host, make sure that q-svc is also in
 # ``ENABLED_SERVICES``.
 #
-# If you're planning to use the Neutron openvswitch plugin, set
-# ``Q_PLUGIN`` to "openvswitch" and make sure the q-agt service is enabled
-# in ``ENABLED_SERVICES``.  If you're planning to use the Neutron
-# linuxbridge plugin, set ``Q_PLUGIN`` to "linuxbridge" and make sure the
-# q-agt service is enabled in ``ENABLED_SERVICES``.
-#
 # See "Neutron Network Configuration" below for additional variables
 # that must be set in localrc for connectivity across hosts with
 # Neutron.
 #
 # With Neutron networking the NETWORK_MANAGER variable is ignored.
-#
-# To enable specific configuration options for either the Open vSwitch or
-# LinuxBridge plugin, please see the top level README file under the
-# Neutron section.
 
 
 # Neutron Network Configuration
@@ -213,12 +203,11 @@ fi
 # Provider Network Configurations
 # --------------------------------
 
-# The following variables control the Neutron openvswitch and
-# linuxbridge plugins' allocation of tenant networks and
-# availability of provider networks. If these are not configured
-# in ``localrc``, tenant networks will be local to the host (with no
-# remote connectivity), and no physical resources will be
-# available for the allocation of provider networks.
+# The following variables control the Neutron ML2 plugins' allocation
+# of tenant networks and availability of provider networks. If these
+# are not configured in ``localrc``, tenant networks will be local to
+# the host (with no remote connectivity), and no physical resources
+# will be available for the allocation of provider networks.
 
 # To disable tunnels (GRE or VXLAN) for tenant networks,
 # set to False in ``local.conf``.
@@ -231,8 +220,8 @@ ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True}
 TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
 
 # To use VLANs for tenant networks, set to True in localrc. VLANs
-# are supported by the openvswitch and linuxbridge plugins, each
-# requiring additional configuration described below.
+# are supported by the ML2 plugins, requiring additional configuration
+# described below.
 ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False}
 
 # If using VLANs for tenant networks, set in ``localrc`` to specify
@@ -252,7 +241,7 @@ TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-}
 # Example: ``PHYSICAL_NETWORK=default``
 PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}
 
-# With the openvswitch plugin, if using VLANs for tenant networks,
+# With the openvswitch agent, if using VLANs for tenant networks,
 # or if using flat or VLAN provider networks, set in ``localrc`` to
 # the name of the OVS bridge to use for the physical network. The
 # bridge will be created if it does not already exist, but a
@@ -262,7 +251,7 @@ PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}
 # Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
 OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}
 
-# With the linuxbridge plugin, if using VLANs for tenant networks,
+# With the linuxbridge agent, if using VLANs for tenant networks,
 # or if using flat or VLAN provider networks, set in ``localrc`` to
 # the name of the network interface to use for the physical
 # network.
diff --git a/lib/neutron_plugins/linuxbridge b/lib/neutron_plugins/linuxbridge
deleted file mode 100644
index 5f989ae0ad..0000000000
--- a/lib/neutron_plugins/linuxbridge
+++ /dev/null
@@ -1,55 +0,0 @@
-# Neutron Linux Bridge plugin
-# ---------------------------
-
-# Save trace setting
-LBRIDGE_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/linuxbridge_agent
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/linuxbridge
-    Q_PLUGIN_CONF_FILENAME=linuxbridge_conf.ini
-    Q_PLUGIN_CLASS="neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2"
-}
-
-function neutron_plugin_configure_service {
-    if [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE vlans tenant_network_type vlan
-    else
-        echo "WARNING - The linuxbridge plugin is using local tenant networks, with no connectivity between hosts."
-    fi
-
-    # Override ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc``
-    # for more complex physical network configurations.
-    if [[ "$LB_VLAN_RANGES" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]]; then
-        LB_VLAN_RANGES=$PHYSICAL_NETWORK
-        if [[ "$TENANT_VLAN_RANGE" != "" ]]; then
-            LB_VLAN_RANGES=$LB_VLAN_RANGES:$TENANT_VLAN_RANGE
-        fi
-    fi
-    if [[ "$LB_VLAN_RANGES" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE vlans network_vlan_ranges $LB_VLAN_RANGES
-    fi
-    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-    else
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
-    fi
-
-    # Define extra "LINUX_BRIDGE" configuration options when q-svc is configured by defining
-    # the array ``Q_SRV_EXTRA_OPTS``.
-    # For Example: ``Q_SRV_EXTRA_OPTS=(foo=true bar=2)``
-    for I in "${Q_SRV_EXTRA_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE linux_bridge ${I/=/ }
-    done
-}
-
-function has_neutron_plugin_security_group {
-    # 0 means True here
-    return 0
-}
-
-# Restore xtrace
-$LBRIDGE_XTRACE
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
deleted file mode 100644
index 2638dd3725..0000000000
--- a/lib/neutron_plugins/linuxbridge_agent
+++ /dev/null
@@ -1,77 +0,0 @@
-# Neutron Linux Bridge L2 agent
-# -----------------------------
-
-# Save trace setting
-PLUGIN_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-function is_neutron_ovs_base_plugin {
-    # linuxbridge doesn't use OVS
-    return 1
-}
-
-function neutron_plugin_create_nova_conf {
-    :
-}
-
-function neutron_plugin_install_agent_packages {
-    install_package bridge-utils
-}
-
-function neutron_plugin_configure_debug_command {
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
-}
-
-function neutron_plugin_configure_l3_agent {
-    iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge
-    iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
-}
-
-function neutron_plugin_configure_plugin_agent {
-    # Setup physical network interface mappings.  Override
-    # ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc`` for more
-    # complex physical network configurations.
-    if [[ "$LB_INTERFACE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then
-        LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE
-    fi
-    if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE linux_bridge physical_interface_mappings $LB_INTERFACE_MAPPINGS
-    fi
-    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-    else
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
-    fi
-    AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-linuxbridge-agent"
-    iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
-    # Define extra "AGENT" configuration options when q-agt is configured by defining
-    # the array ``Q_AGENT_EXTRA_AGENT_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_AGENT_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_AGENT_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE agent ${I/=/ }
-    done
-    # Define extra "LINUX_BRIDGE" configuration options when q-agt is configured by defining
-    # the array ``Q_AGENT_EXTRA_SRV_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_SRV_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_SRV_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE linux_bridge ${I/=/ }
-    done
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
-}
-
-function neutron_plugin_check_adv_test_requirements {
-    is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
-}
-
-# Restore xtrace
-$PLUGIN_XTRACE
diff --git a/lib/neutron_plugins/openvswitch b/lib/neutron_plugins/openvswitch
index c468132bbb..e9bc5f9a78 100644
--- a/lib/neutron_plugins/openvswitch
+++ b/lib/neutron_plugins/openvswitch
@@ -1,5 +1,8 @@
-# Neutron Open vSwitch plugin
-# ---------------------------
+# Common code used by cisco and embrane plugins
+# ---------------------------------------------
+
+# This module used to be for Open vSwitch monolithic plugin,
+# which has been removed in Juno.
 
 # Save trace setting
 OVS_XTRACE=$(set +o | grep xtrace)

From 3ec8a9032724a5ad86d80b3ac3ef7143c6c68890 Mon Sep 17 00:00:00 2001
From: Nikhil Manchanda 
Date: Sun, 26 Oct 2014 15:41:15 -0700
Subject: [PATCH 0096/3421] Use updated trove mysql image location

Use the updated trove mysql image at:
tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2
instead of the older deprecated image at:
tarballs.openstack.org/trove/images/ubuntu_mysql.qcow2/ubuntu_mysql.qcow2

Change-Id: If76f25dfe0f975faf1883f0a6d993c21b26e1b29
---
 stackrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index 6cec8e85fb..fd84598c5f 100644
--- a/stackrc
+++ b/stackrc
@@ -522,11 +522,11 @@ if [[ "$ENABLED_SERVICES" =~ 'h-api' ]]; then
     esac
 fi
 
-# Trove needs a custom image for it's work
+# Trove needs a custom image for its work
 if [[ "$ENABLED_SERVICES" =~ 'tr-api' ]]; then
     case "$VIRT_DRIVER" in
         libvirt|baremetal|ironic|xenapi)
-            TROVE_GUEST_IMAGE_URL=${TROVE_GUEST_IMAGE_URL:-"http://tarballs.openstack.org/trove/images/ubuntu_mysql.qcow2/ubuntu_mysql.qcow2"}
+            TROVE_GUEST_IMAGE_URL=${TROVE_GUEST_IMAGE_URL:-"http://tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2"}
             IMAGE_URLS+=",${TROVE_GUEST_IMAGE_URL}"
             ;;
         *)

From 7fb5082c5c7abff95eb46dd9a92c5fd8fc63ddd2 Mon Sep 17 00:00:00 2001
From: wanghong 
Date: Tue, 28 Oct 2014 19:09:04 +0800
Subject: [PATCH 0097/3421] correct templated catalog driver class

Now the templated catalog driver class "TemplatedCatalog" is removed
in this patch https://review.openstack.org/#/c/125708/2 use
"keystone.catalog.backends.templated.Catalog" instead.

Change-Id: Ib9c8ea557e7171ff0c78a1e10d752ed564aff9e7
Closes-Bug: #1386562
---
 lib/keystone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index 1c67835a12..276e9718a6 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -287,7 +287,7 @@ function configure_keystone {
         " -i $KEYSTONE_CATALOG
 
         # Configure ``keystone.conf`` to use templates
-        iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
+        iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.Catalog"
         iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
     fi
 

From 2112743b10fb522e86380fad5bf5a9e72b73721f Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Tue, 21 Oct 2014 20:19:23 +0100
Subject: [PATCH 0098/3421] Allow ceilometer to use redis for coordination

If redis is desired by local.conf via CEILOMETER_COORDINATION_URL
then make sure redis is installed and restarted.

Change-Id: Idfb7b902478049fbc240bf416db6c7d6acd67a51
---
 lib/ceilometer | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/ceilometer b/lib/ceilometer
index 9046b9d3d9..483cd277c8 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -242,6 +242,18 @@ function init_ceilometer {
     fi
 }
 
+# install_redis() - Install the redis server.
+function install_redis {
+    if is_ubuntu; then
+        install_package redis-server
+    else
+        # This will fail (correctly) where a redis package is unavailable
+        install_package redis
+    fi
+
+    restart_service redis
+}
+
 # install_ceilometer() - Collect source and prepare
 function install_ceilometer {
     git_clone $CEILOMETER_REPO $CEILOMETER_DIR $CEILOMETER_BRANCH
@@ -249,6 +261,8 @@ function install_ceilometer {
 
     if echo $CEILOMETER_COORDINATION_URL | grep -q '^memcached:'; then
         install_package memcached
+    elif echo $CEILOMETER_COORDINATION_URL | grep -q '^redis:'; then
+        install_redis
     fi
 }
 

From d16197b689e9087d6c22e0488c0aa671578a927d Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Tue, 28 Oct 2014 12:21:38 +0900
Subject: [PATCH 0099/3421] Stop setting deprecated OVS.enable_tunneling option

The option has been deprecated in IceHouse and now being removed.

Related-Bug: #1195374
Change-Id: I38d962551173892144c369df71e0524b43e1fc89
---
 lib/neutron_plugins/ofagent_agent     | 1 -
 lib/neutron_plugins/openvswitch       | 5 -----
 lib/neutron_plugins/openvswitch_agent | 1 -
 3 files changed, 7 deletions(-)

diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index 1c04f2f64e..55f3f72056 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -61,7 +61,6 @@ function neutron_plugin_configure_plugin_agent {
         if [ `vercmp_numbers "$OVS_VERSION" "1.4"` -lt "0" ]; then
             die $LINENO "You are running OVS version $OVS_VERSION. OVS 1.4+ is required for tunneling between multiple hosts."
         fi
-        iniset /$Q_PLUGIN_CONF_FILE ovs enable_tunneling True
         iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
     fi
 
diff --git a/lib/neutron_plugins/openvswitch b/lib/neutron_plugins/openvswitch
index e9bc5f9a78..3b6567cd0a 100644
--- a/lib/neutron_plugins/openvswitch
+++ b/lib/neutron_plugins/openvswitch
@@ -38,11 +38,6 @@ function neutron_plugin_configure_service {
         iniset /$Q_PLUGIN_CONF_FILE ovs network_vlan_ranges $OVS_VLAN_RANGES
     fi
 
-    # Enable tunnel networks if selected
-    if [[ $OVS_ENABLE_TUNNELING == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE ovs enable_tunneling True
-    fi
-
     _neutron_ovs_base_configure_firewall_driver
 
     # Define extra "OVS" configuration options when q-svc is configured by defining
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 835f645b8c..e1a6f4a47f 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -47,7 +47,6 @@ function neutron_plugin_configure_plugin_agent {
         if [ `vercmp_numbers "$OVS_VERSION" "1.4"` -lt "0" ] && ! is_service_enabled q-svc ; then
             die $LINENO "You are running OVS version $OVS_VERSION. OVS 1.4+ is required for tunneling between multiple hosts."
         fi
-        iniset /$Q_PLUGIN_CONF_FILE ovs enable_tunneling True
         iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
     fi
 

From f3bf8b6cc0dc94684a3bbecc4cc1e2169506f804 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 29 Oct 2014 21:53:56 +1100
Subject: [PATCH 0100/3421] Revert "Single quote iniset argument in
 merge_config_file"

This reverts commit e2c9fee8ed846aba124a2fc1bba245790ed7ba90.

We have decided that we don't want to support the json-style argument
as described by bug#1374118 (see thread at [1]).

This restores the old behavior of sending the argument in
double-quotes so environment variables get expanded.  As a bonus,
tests for this are added.

[1] http://lists.openstack.org/pipermail/openstack-dev/2014-October/049341.html

Change-Id: I9fc99f3716cc53366907878adb00ae6cf3898f14
Closes-Bug:#1386413
---
 lib/config           |  8 +++-----
 tests/test_config.sh | 33 +++++++++++++++++++++------------
 2 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/lib/config b/lib/config
index a4d59a31c9..a4d032864b 100644
--- a/lib/config
+++ b/lib/config
@@ -82,8 +82,6 @@ function merge_config_file {
     local matchgroup=$2
     local configfile=$3
 
-    # note in the awk below, \x27 is ascii for ' -- this avoids
-    # having to do nasty quoting games
     get_meta_section $file $matchgroup $configfile | \
     $CONFIG_AWK_CMD -v configfile=$configfile '
         BEGIN {
@@ -140,13 +138,13 @@ function merge_config_file {
                 for (attr_no = cfg_sec_attr_count[sno] - 1; attr_no >=0; attr_no--) {
                     attr = cfg_sec_attr_name[sno, attr_no]
                     if (cfg_attr_count[section, attr] == 1)
-                        print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr, 0] "\x27"
+                        print "iniset " configfile " " section " " attr " \"" cfg_attr[section, attr, 0] "\""
                     else {
                         # For multiline, invoke the ini routines in the reverse order
                         count = cfg_attr_count[section, attr]
-                        print "iniset " configfile " " section " " attr " \x27" cfg_attr[section, attr, count - 1] "\x27"
+                        print "iniset " configfile " " section " " attr " \"" cfg_attr[section, attr, count - 1] "\""
                         for (l = count -2; l >= 0; l--)
-                            print "iniadd_literal " configfile " " section " " attr " \x27" cfg_attr[section, attr, l] "\x27"
+                            print "iniadd_literal " configfile " " section " " attr " \"" cfg_attr[section, attr, l] "\""
                     }
                 }
             }
diff --git a/tests/test_config.sh b/tests/test_config.sh
index cd74cee6f0..3252104bf1 100755
--- a/tests/test_config.sh
+++ b/tests/test_config.sh
@@ -92,9 +92,9 @@ attribute=value
 [fff]
 type=new
 
-[[test-quote|test-quote.conf]]
+[[test-env|test-env.conf]]
 [foo]
-foo="foo bar" "baz"
+foo=\${FOO_BAR_BAZ}
 
 [[test5|test-equals.conf]]
 [DEFAULT]
@@ -126,9 +126,11 @@ cfg_item5 = 5555another
 
 [[test-multiline|test-multiline.conf]]
 [multi]
-cfg_item1 = "ab":"cd", "ef":   "gh"
+cfg_item1 = ab:cd:ef:gh
 cfg_item1 = abcd
 cfg_item2 = efgh
+cfg_item2 = \${FOO_BAR_BAZ}
+
 EOF
 
 echo -n "get_meta_section_files: test0 doesn't exist: "
@@ -236,14 +238,17 @@ check_result "$VAL" "$EXPECT_VAL"
 
 echo -n "merge_config_file test-multiline: "
 rm -f test-multiline.conf
+FOO_BAR_BAZ="foo bar baz"
 merge_config_file test.conf test-multiline test-multiline.conf
 VAL=$(cat test-multiline.conf)
 EXPECT_VAL='
 [multi]
-cfg_item1 = "ab":"cd", "ef":   "gh"
+cfg_item1 = ab:cd:ef:gh
 cfg_item1 = abcd
-cfg_item2 = efgh'
+cfg_item2 = efgh
+cfg_item2 = foo bar baz'
 check_result "$VAL" "$EXPECT_VAL"
+unset FOO_BAR_BAZ
 
 echo -n "merge_config_group test2: "
 rm test2a.conf
@@ -275,14 +280,16 @@ EXPECT_VAL="
 attribute = value"
 check_result "$VAL" "$EXPECT_VAL"
 
-echo -n "merge_config_file test-quote: "
-rm -f test-quote.conf
-merge_config_file test.conf test-quote test-quote.conf
-VAL=$(cat test-quote.conf)
+echo -n "merge_config_file test-env: "
+rm -f test-env.conf
+FOO_BAR_BAZ="foo bar baz"
+merge_config_file test.conf test-env test-env.conf
+VAL=$(cat test-env.conf)
 EXPECT_VAL='
 [foo]
-foo = "foo bar" "baz"'
+foo = foo bar baz'
 check_result "$VAL" "$EXPECT_VAL"
+unset FOO_BAR_BAZ
 
 echo -n "merge_config_group test4 variable filename: "
 setup_test4
@@ -332,6 +339,8 @@ EXPECT_VAL="
 servers = 10.11.12.13:80"
 check_result "$VAL" "$EXPECT_VAL"
 
-rm -f test.conf test1c.conf test2a.conf test-quote.conf test-space.conf test-equals.conf test-strip.conf test-colon.conf
-rm -f test-multiline.conf test-multi-sections.conf
+rm -f test.conf test1c.conf test2a.conf \
+    test-space.conf test-equals.conf test-strip.conf \
+    test-colon.conf test-env.conf test-multiline.conf \
+    test-multi-sections.conf
 rm -rf test-etc

From 46b0be31372e2f1aa9c2e55f3112b65a76167f8e Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 16 Oct 2014 13:15:51 +1100
Subject: [PATCH 0101/3421] Fix up file-matching in bashate tox test

The current test does not match file files in /lib/* because the
-wholename command is missing the preceeding \*.  The whole command is
a little difficult to understand.

This re-lays the find command, using -prune to skip dot directories
and keeping a hopefully clearer flow of what is being matched.

Change-Id: Idd856e897ff97095fb116294a9187ff4b198fa26
---
 tox.ini | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index b6f2d9655e..c8d3909805 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,7 +10,19 @@ install_command = pip install {opts} {packages}
 [testenv:bashate]
 deps = bashate
 whitelist_externals = bash
-commands = bash -c "find {toxinidir} -not -wholename \*.tox/\* -and \( -name \*.sh -or -name \*rc -or -name functions\* -or \( -wholename lib/\* -and -not -name \*.md \) \) -print0 | xargs -0 bashate -v"
+commands = bash -c "find {toxinidir}          \
+         -not \( -type d -name .?\* -prune \) \ # prune all 'dot' dirs
+         -not \( -type d -name doc -prune \)  \ # skip documentation
+         -type f                              \ # only files
+         -not -name \*~                       \ # skip editors, readme, etc
+         -not -name \*.md                     \
+         \(                                   \
+          -name \*.sh -or                     \
+          -name \*rc -or                      \
+          -name functions\* -or               \
+          -wholename \*/lib/\*                \ # /lib files are shell, but
+         \)                                   \ #   have no extension
+         -print0 | xargs -0 bashate -v"
 
 [testenv:docs]
 deps =

From 6df648920c0d15c1b79f8592bb99b98282005794 Mon Sep 17 00:00:00 2001
From: Mate Lakat 
Date: Fri, 17 Oct 2014 13:09:49 +0200
Subject: [PATCH 0102/3421] XenAPI: move Neutron plugin install to domU

Use the same mechanism as used for nova plugin installation, thus
avoiding the need for variables in dom0. This change will also help to
move XenServer CI to neutron in the future, as the dom0 part of the
script is not executed there.

With this change, the neutron related network will always be created and
attached even if the user wants to use nova-network.

Change-Id: I8669c94e9f0aacce2990469dbabde1ff702a2769
---
 lib/neutron                  | 18 ++++++++++++++++++
 tools/xen/install_os_domU.sh | 26 ++++++--------------------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index ca9b16cd8c..43167d8206 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -595,6 +595,24 @@ function init_neutron {
 function install_neutron {
     git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
     setup_develop $NEUTRON_DIR
+
+    if [ "$VIRT_DRIVER" == 'xenserver' ]; then
+        local dom0_ip
+        dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)
+
+        local ssh_dom0
+        ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
+
+        # Find where the plugins should go in dom0
+        local xen_functions
+        xen_functions=$(cat $TOP_DIR/tools/xen/functions)
+        local plugin_dir
+        plugin_dir=$($ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location")
+
+        # install neutron plugins to dom0
+        tar -czf - -C $NEUTRON_DIR/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
+            $ssh_dom0 "tar -xzf - -C $plugin_dir && chmod a+x $plugin_dir/*"
+    fi
 }
 
 # install_neutronclient() - Collect source and prepare
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 439db68120..ff7e6fbc88 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -65,16 +65,6 @@ EOF
     exit 1
 fi
 
-# Install plugins
-
-## Install the netwrap xapi plugin to support agent control of dom0 networking
-if [[ "$ENABLED_SERVICES" =~ "q-agt" && "$Q_PLUGIN" = "openvswitch" ]]; then
-    NEUTRON_ZIPBALL_URL=${NEUTRON_ZIPBALL_URL:-$(zip_snapshot_location $NEUTRON_REPO $NEUTRON_BRANCH)}
-    EXTRACTED_NEUTRON=$(extract_remote_zipball "$NEUTRON_ZIPBALL_URL")
-    install_xapi_plugins_from "$EXTRACTED_NEUTRON"
-    rm -rf "$EXTRACTED_NEUTRON"
-fi
-
 #
 # Configure Networking
 #
@@ -88,9 +78,7 @@ setup_network "$PUB_BRIDGE_OR_NET_NAME"
 
 # With neutron, one more network is required, which is internal to the
 # hypervisor, and used by the VMs
-if is_service_enabled neutron; then
-    setup_network "$XEN_INT_BRIDGE_OR_NET_NAME"
-fi
+setup_network "$XEN_INT_BRIDGE_OR_NET_NAME"
 
 if parameter_is_specified "FLAT_NETWORK_BRIDGE"; then
     if [ "$(bridge_for "$VM_BRIDGE_OR_NET_NAME")" != "$(bridge_for "$FLAT_NETWORK_BRIDGE")" ]; then
@@ -292,14 +280,12 @@ $THIS_DIR/build_xva.sh "$GUEST_NAME"
 # Attach a network interface for the integration network (so that the bridge
 # is created by XenServer). This is required for Neutron. Also pass that as a
 # kernel parameter for DomU
-if is_service_enabled neutron; then
-    attach_network "$XEN_INT_BRIDGE_OR_NET_NAME"
+attach_network "$XEN_INT_BRIDGE_OR_NET_NAME"
 
-    XEN_INTEGRATION_BRIDGE=$(bridge_for "$XEN_INT_BRIDGE_OR_NET_NAME")
-    append_kernel_cmdline \
-        "$GUEST_NAME" \
-        "xen_integration_bridge=${XEN_INTEGRATION_BRIDGE}"
-fi
+XEN_INTEGRATION_BRIDGE=$(bridge_for "$XEN_INT_BRIDGE_OR_NET_NAME")
+append_kernel_cmdline \
+    "$GUEST_NAME" \
+    "xen_integration_bridge=${XEN_INTEGRATION_BRIDGE}"
 
 FLAT_NETWORK_BRIDGE="${FLAT_NETWORK_BRIDGE:-$(bridge_for "$VM_BRIDGE_OR_NET_NAME")}"
 append_kernel_cmdline "$GUEST_NAME" "flat_network_bridge=${FLAT_NETWORK_BRIDGE}"

From dec5ca0f201eaaa996b929aa36f2db5d9fb91aac Mon Sep 17 00:00:00 2001
From: Mate Lakat 
Date: Fri, 17 Oct 2014 13:13:35 +0200
Subject: [PATCH 0103/3421] XenAPI: Remove non-used functions

Remove the no-longer used functions that were used to download plugins
to dom0.

Change-Id: I8dfd476781b683a8378efdae45d3cb1b46e7063c
---
 tools/xen/functions         | 40 ----------------------------------
 tools/xen/test_functions.sh | 43 -------------------------------------
 2 files changed, 83 deletions(-)

diff --git a/tools/xen/functions b/tools/xen/functions
index 4317796e39..c8efd57d88 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -19,10 +19,6 @@ function xapi_plugin_location {
     return 1
 }
 
-function zip_snapshot_location {
-    echo $1 | sed "s,^git://,http://,g;s:\.git$::;s:$:/zipball/$2:g"
-}
-
 function create_directory_for_kernels {
     if [ -d "/boot/guest" ]; then
         echo "INFO: /boot/guest directory already exists, using that" >&2
@@ -43,42 +39,6 @@ function create_directory_for_images {
     fi
 }
 
-function extract_remote_zipball {
-    local ZIPBALL_URL=$1
-
-    local LOCAL_ZIPBALL=$(mktemp)
-    local EXTRACTED_FILES=$(mktemp -d)
-
-    {
-        if ! wget -nv $ZIPBALL_URL -O $LOCAL_ZIPBALL --no-check-certificate; then
-            die_with_error "Failed to download [$ZIPBALL_URL]"
-        fi
-        unzip -q -o $LOCAL_ZIPBALL -d $EXTRACTED_FILES
-        rm -f $LOCAL_ZIPBALL
-    } >&2
-
-    echo "$EXTRACTED_FILES"
-}
-
-function find_xapi_plugins_dir {
-    find $1 -path '*/xapi.d/plugins' -type d -print
-}
-
-function install_xapi_plugins_from {
-    local XAPI_PLUGIN_DIR
-    local EXTRACTED_FILES
-    local EXTRACTED_PLUGINS_DIR
-
-    EXTRACTED_FILES="$1"
-
-    XAPI_PLUGIN_DIR=$(xapi_plugin_location)
-
-    EXTRACTED_PLUGINS_DIR=$(find_xapi_plugins_dir $EXTRACTED_FILES)
-
-    cp -pr $EXTRACTED_PLUGINS_DIR/* $XAPI_PLUGIN_DIR
-    chmod a+x ${XAPI_PLUGIN_DIR}*
-}
-
 function get_local_sr {
     xe pool-list params=default-SR minimal=true
 }
diff --git a/tools/xen/test_functions.sh b/tools/xen/test_functions.sh
index 838f86a525..924e773c00 100755
--- a/tools/xen/test_functions.sh
+++ b/tools/xen/test_functions.sh
@@ -116,18 +116,6 @@ function test_no_plugin_directory_found {
     grep "[ -d /usr/lib/xcp/plugins/ ]" $LIST_OF_ACTIONS
 }
 
-function test_zip_snapshot_location_http {
-    diff \
-    <(zip_snapshot_location "http://github.com/openstack/nova.git" "master") \
-    <(echo "http://github.com/openstack/nova/zipball/master")
-}
-
-function test_zip_snapsot_location_git {
-    diff \
-    <(zip_snapshot_location "git://github.com/openstack/nova.git" "master") \
-    <(echo "http://github.com/openstack/nova/zipball/master")
-}
-
 function test_create_directory_for_kernels {
     (
         . mocks
@@ -174,37 +162,6 @@ function test_create_directory_for_images_existing_dir {
 EOF
 }
 
-function test_extract_remote_zipball {
-    local RESULT=$(. mocks && extract_remote_zipball "someurl")
-
-    diff <(cat $LIST_OF_ACTIONS) - << EOF
-wget -nv someurl -O tempfile --no-check-certificate
-unzip -q -o tempfile -d tempdir
-rm -f tempfile
-EOF
-
-    [ "$RESULT" = "tempdir" ]
-}
-
-function test_extract_remote_zipball_wget_fail {
-    set +e
-
-    local IGNORE
-    IGNORE=$(. mocks && extract_remote_zipball "failurl")
-
-    assert_died_with "Failed to download [failurl]"
-}
-
-function test_find_nova_plugins {
-    local tmpdir=$(mktemp -d)
-
-    mkdir -p "$tmpdir/blah/blah/u/xapi.d/plugins"
-
-    [ "$tmpdir/blah/blah/u/xapi.d/plugins" = $(find_xapi_plugins_dir $tmpdir) ]
-
-    rm -rf $tmpdir
-}
-
 function test_get_local_sr {
     setup_xe_response "uuid123"
 

From 518fb760d3cfa47c94400ef664f0daa14b99c003 Mon Sep 17 00:00:00 2001
From: Mate Lakat 
Date: Fri, 17 Oct 2014 13:14:49 +0200
Subject: [PATCH 0104/3421] XenAPI: workaround for unsupp. associative arrays

Dom0's bash does not support associative arrays, however we source
`functions` and therefore our scripts fail. This change breaks the
dependency of dom0 tools on domU functions.

Fixes bug: 1379804

Change-Id: I229e2d5f07070a9236ec612d4032c94c4361a9f6
---
 tools/xen/build_xva.sh                       |  7 -------
 tools/xen/install_os_domU.sh                 |  7 -------
 tools/xen/prepare_guest_template.sh          |  7 -------
 tools/xen/scripts/install_ubuntu_template.sh |  3 ---
 tools/xen/xenrc                              | 21 ++++++++++++++++++--
 5 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/tools/xen/build_xva.sh b/tools/xen/build_xva.sh
index cc3cbe18d1..7c8e620f44 100755
--- a/tools/xen/build_xva.sh
+++ b/tools/xen/build_xva.sh
@@ -21,19 +21,12 @@ set -o xtrace
 # This directory
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 
-# Source lower level functions
-. $TOP_DIR/../../functions
-
 # Include onexit commands
 . $TOP_DIR/scripts/on_exit.sh
 
 # xapi functions
 . $TOP_DIR/functions
 
-# Determine what system we are running on.
-# Might not be XenServer if we're using xenserver-core
-GetDistro
-
 # Source params - override xenrc params in your localrc to suite your taste
 source xenrc
 
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index ff7e6fbc88..3a63473d40 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -22,19 +22,12 @@ fi
 # This directory
 THIS_DIR=$(cd $(dirname "$0") && pwd)
 
-# Source lower level functions
-. $THIS_DIR/../../functions
-
 # Include onexit commands
 . $THIS_DIR/scripts/on_exit.sh
 
 # xapi functions
 . $THIS_DIR/functions
 
-# Determine what system we are running on.
-# Might not be XenServer if we're using xenserver-core
-GetDistro
-
 #
 # Get Settings
 #
diff --git a/tools/xen/prepare_guest_template.sh b/tools/xen/prepare_guest_template.sh
index 2d3b89821f..a7a60ca5e6 100755
--- a/tools/xen/prepare_guest_template.sh
+++ b/tools/xen/prepare_guest_template.sh
@@ -22,19 +22,12 @@ set -o xtrace
 # This directory
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 
-# Source lower level functions
-. $TOP_DIR/../../functions
-
 # Include onexit commands
 . $TOP_DIR/scripts/on_exit.sh
 
 # xapi functions
 . $TOP_DIR/functions
 
-# Determine what system we are running on.
-# Might not be XenServer if we're using xenserver-core
-GetDistro
-
 # Source params - override xenrc params in your localrc to suite your taste
 source xenrc
 
diff --git a/tools/xen/scripts/install_ubuntu_template.sh b/tools/xen/scripts/install_ubuntu_template.sh
index d4d6567a40..d80ed095e8 100755
--- a/tools/xen/scripts/install_ubuntu_template.sh
+++ b/tools/xen/scripts/install_ubuntu_template.sh
@@ -14,9 +14,6 @@ set -o xtrace
 # This directory
 BASE_DIR=$(cd $(dirname "$0") && pwd)
 
-# Source the top level functions
-source $BASE_DIR/../../../functions
-
 # For default setings see xenrc
 source $BASE_DIR/../xenrc
 
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index 510c5f9c46..0cbf86118d 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -91,7 +91,24 @@ UBUNTU_INST_GATEWAY=""
 # Set the size to 0 to avoid creation of additional disk.
 XEN_XVDB_SIZE_GB=0
 
-restore_nounset=`set +o | grep nounset`
+STACK_USER=stack
+DOMZERO_USER=domzero
+
+RC_DIR="../.."
+
+restore_nounset=$(set +o | grep nounset)
 set +u
-source ../../stackrc
+
+## Note that the lines below are coming from stackrc to support
+## new-style config files
+
+# allow local overrides of env variables, including repo config
+if [[ -f $RC_DIR/localrc ]]; then
+    # Old-style user-supplied config
+    source $RC_DIR/localrc
+elif [[ -f $RC_DIR/.localrc.auto ]]; then
+    # New-style user-supplied config extracted from local.conf
+    source $RC_DIR/.localrc.auto
+fi
+
 $restore_nounset

From 20522e3b0e69c1f37ebeb7b4a66d9ced9e2a4236 Mon Sep 17 00:00:00 2001
From: Akihiro Motoki 
Date: Wed, 15 Oct 2014 19:53:11 +0900
Subject: [PATCH 0105/3421] Add pcre devel package for Horizon

pyScss python module uses pcre if available for performance
and it is better to be installed.
This commit adds it for files/{apts,rpms}/horizon.

Change-Id: If711fa222d3f395efd670334c8a84f35d195dc25
---
 files/apts/horizon | 1 +
 files/rpms/horizon | 1 +
 2 files changed, 2 insertions(+)

diff --git a/files/apts/horizon b/files/apts/horizon
index 03df3cba97..5d06928c7b 100644
--- a/files/apts/horizon
+++ b/files/apts/horizon
@@ -17,3 +17,4 @@ python-mox
 python-coverage
 python-cherrypy3 # why?
 python-migrate
+libpcre3-dev  # pyScss
diff --git a/files/rpms/horizon b/files/rpms/horizon
index fe3a2f40c0..7add23a549 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -19,3 +19,4 @@ python-sphinx
 python-sqlalchemy
 python-webob
 pyxattr
+pcre-devel  # pyScss

From 18d6298ea1eb0ff9697258dc323f1aba2b9b3d46 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Tue, 28 Oct 2014 13:37:15 -0700
Subject: [PATCH 0106/3421] Make allow_{resize|migrate}_to_same_host
 configurable

In preparation for supporting 2 node devstack jobs, where the first node
is an all in one and the second is a compute node. Make nova config
options allow_resize_to_same_host and allow_migrate_to_same_host
configurable so we can turn them off when we have two compute nodes.

Change-Id: If6989200b56c4597d6e8506d0dda2cc75d0881f1
---
 lib/nova | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/nova b/lib/nova
index f47dc9798c..0f838072c1 100644
--- a/lib/nova
+++ b/lib/nova
@@ -137,6 +137,10 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
 # running the VM - removing a SPOF and bandwidth bottleneck.
 MULTI_HOST=`trueorfalse False $MULTI_HOST`
 
+# ``NOVA_ALLOW_MOVE_TO_SAME_HOST` can be set to False in multi node devstack,
+# where there are at least two nova-computes.
+NOVA_ALLOW_MOVE_TO_SAME_HOST=`trueorfalse True $NOVA_ALLOW_MOVE_TO_SAME_HOST`
+
 # Test floating pool and range are used for testing.  They are defined
 # here until the admin APIs can replace nova-manage
 TEST_FLOATING_POOL=${TEST_FLOATING_POOL:-test}
@@ -411,8 +415,10 @@ function create_nova_conf {
     rm -f $NOVA_CONF
     iniset $NOVA_CONF DEFAULT verbose "True"
     iniset $NOVA_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
-    iniset $NOVA_CONF DEFAULT allow_resize_to_same_host "True"
-    iniset $NOVA_CONF DEFAULT allow_migrate_to_same_host "True"
+    if [ "$NOVA_ALLOW_MOVE_TO_SAME_HOST" == "True" ]; then
+        iniset $NOVA_CONF DEFAULT allow_resize_to_same_host "True"
+        iniset $NOVA_CONF DEFAULT allow_migrate_to_same_host "True"
+    fi
     iniset $NOVA_CONF DEFAULT api_paste_config "$NOVA_API_PASTE_INI"
     iniset $NOVA_CONF DEFAULT rootwrap_config "$NOVA_CONF_DIR/rootwrap.conf"
     iniset $NOVA_CONF DEFAULT scheduler_driver "$SCHEDULER"

From 627ca74b51d68651a6cd042d83a0386713f15b39 Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Wed, 29 Oct 2014 17:01:15 -0700
Subject: [PATCH 0107/3421] [Sahara] Copy policy.json if it exists

To enable policy check in Sahara we need gate tests passed.
Tests will not pass until Sahara has default policy.json (
e.g. http://logs.openstack.org/09/131609/1/check/check-tempest-dsvm-full/536d5e7/console.html).
New code will copy of policy.json if it exists.

So, for now this code will do nothing.
Once policy.json appears in etc/sahara, the code will start coping
it to sahara conf dir. This will allow to merge auth support with
gate tests passed.

Related blueprint: auth-policy

Change-Id: I98e108ff02aacb91570f97e457d67dd02779ae3d
---
 lib/sahara | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/sahara b/lib/sahara
index 5c7c2534e2..7f59cc1f2e 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -98,6 +98,10 @@ function configure_sahara {
     fi
     sudo chown $STACK_USER $SAHARA_CONF_DIR
 
+    if [[ -f $SAHARA_DIR/etc/sahara/policy.json ]]; then
+        cp -p $SAHARA_DIR/etc/sahara/policy.json $SAHARA_CONF_DIR
+    fi
+
     # Copy over sahara configuration file and configure common parameters.
     cp $SAHARA_DIR/etc/sahara/sahara.conf.sample $SAHARA_CONF_FILE
 

From 17314d242e1fea5a5ebc602c2a72fc28fb5473b4 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 29 Oct 2014 22:11:05 -0500
Subject: [PATCH 0108/3421] Remove old guides

Change-Id: I2f8cd36aef1e0018ed4d5619c934dc9772823656
---
 doc/source/guides/pxe-boot.rst | 140 ---------------------------------
 doc/source/guides/ramdisk.rst  |  86 --------------------
 doc/source/guides/usb-boot.rst |  57 --------------
 3 files changed, 283 deletions(-)
 delete mode 100644 doc/source/guides/pxe-boot.rst
 delete mode 100644 doc/source/guides/ramdisk.rst
 delete mode 100644 doc/source/guides/usb-boot.rst

diff --git a/doc/source/guides/pxe-boot.rst b/doc/source/guides/pxe-boot.rst
deleted file mode 100644
index f745abb7e4..0000000000
--- a/doc/source/guides/pxe-boot.rst
+++ /dev/null
@@ -1,140 +0,0 @@
-`DevStack `__
-
--  `Overview <../overview.html>`__
--  `Changes <../changes.html>`__
--  `FAQ <../faq.html>`__
--  `git.openstack.org `__
--  `Gerrit `__
-
-PXE Boot Server Guide: Magic Dust for Network Boot
-==================================================
-
-Boot DevStack from a PXE server to a RAM disk.
-
-Prerequisites Hardware & OpenWRT
---------------------------------
-
-Hardware
-~~~~~~~~
-
-The whole point of this exercise is to have a highly portable boot
-server, so using a small router with a USB port is the desired platform.
-This guide uses a Buffalo WZR-HP-G300NH as an example, but it is easily
-generalized for other supported platforms. See openwrt.org for more.
-
-OpenWRT
-~~~~~~~
-
-Any recent 'Backfire' build of OpenWRT will work for the boot server
-project. We build from trunk and have made the images available at
-`http://openwrt.xr7.org/openwrt `__.
-
-Installation bit blasting
--------------------------
-
-Install the Image
-~~~~~~~~~~~~~~~~~
-
-This process follows `the OpenWRT doc OEM
-Install `__ to tftp
-the new image onto the router. You need a computer to set up the router,
-we assume it is a recent Linux or OS/X installation.
-
--  Get openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
-
-   ::
-
-       wget http://openwrt.xr7.org/openwrt/ar71xx/openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
-
--  Connect computer to LAN port 4 (closest to WAN port)
--  Set computer interface to IP address in the 192.168.11.2
--  Add static arp entry for router
-
-   ::
-
-       arp -s 192.168.11.1 
-
--  Start TFTP transfer attempt
-
-   ::
-
-       tftp 192.168.11.1
-       binary
-       rexmt 1
-       timeout 60
-       put openwrt-ar71xx-wzr-hp-g300nh-squashfs-tftp.bin
-
--  Power on router. Router will reboot and initialize on 192.168.1.1.
--  Delete static arp entry for router
-
-   ::
-
-       arp -d 192.168.11.1
-
--  Set computer to DHCP, connect and telnet to router and set root
-   password.
-
-Configure the Router
-~~~~~~~~~~~~~~~~~~~~
-
--  Update ``/etc/opkg.conf`` to point to our repo:
-
-   ::
-
-       src/gz packages http://192.168.5.13/openwrt/build/ar71xx/packages
-
--  Configure anon mounts:
-
-   ::
-
-       uci delete fstab.@mount[0]
-       uci commit fstab
-       /etc/init.d/fstab restart
-
--  Reset the DHCP address range. DevStack will claim the upper /25 of
-   the router's LAN address space for floating IPs so the default DHCP
-   address range needs to be moved:
-
-   ::
-
-       uci set dhcp.lan.start=65
-       uci set dhcp.lan.limit=60
-       uci commit dhcp
-
--  Enable TFTP:
-
-   ::
-
-       uci set dhcp.@dnsmasq[0].enable_tftp=1
-       uci set dhcp.@dnsmasq[0].tftp_root=/mnt/sda1/tftpboot
-       uci set dhcp.@dnsmasq[0].dhcp_boot=pxelinux.0
-       uci commit dhcp
-       /etc/init.d/dnsmasq restart
-
-Set Up tftpboot
-~~~~~~~~~~~~~~~
-
--  Create the ``/tmp/tftpboot`` structure and populate it:
-
-   ::
-
-       cd ~/devstack
-       tools/build_pxe_boot.sh /tmp
-
-   This calls ``tools/build_ramdisk.sh`` to create a 2GB ramdisk
-   containing a complete development Oneiric OS plus the OpenStack code
-   checkouts.
-
--  Copy ``tftpboot`` to a USB drive:
-
-   ::
-
-       mount /dev/sdb1 /mnt/tmp
-       rsync -a /tmp/tftpboot/ /mnt/tmp/tftpboot/
-       umount /mnt/tmp
-
--  Plug USB drive into router. It will be automounted and is ready to
-   serve content.
-
-Now `return `__ to the RAM disk Guide to kick off your
-DevStack experience.
diff --git a/doc/source/guides/ramdisk.rst b/doc/source/guides/ramdisk.rst
deleted file mode 100644
index 1ba74f2322..0000000000
--- a/doc/source/guides/ramdisk.rst
+++ /dev/null
@@ -1,86 +0,0 @@
-`DevStack `__
-
--  `Overview <../overview.html>`__
--  `Changes <../changes.html>`__
--  `FAQ <../faq.html>`__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Stack-in-a-Box: Try before you mkfs
-===================================
-
-Run DevStack from a RAM disk to give it a whirl before making the
-commitment to install it. We'll cover booting from a USB drive or over
-the network via PXE. We'll even thow in configuring a home router to
-handle the PXE boot. You will need a minimum of 3GB for both of these
-configurations as the RAM disk itself is 2GB.
-
-Prerequisites Hardware
-----------------------
-
-USB Boot
-~~~~~~~~
-
-`This guide `__ covers the creation of a bootable USB
-drive. Your computer BIOS must support booting from USB.
-
-PXE Boot
-~~~~~~~~
-
-`This guide `__ covers the installation of OpenWRT on a
-home router and configuring it as a PXE server, plus the creation of the
-boot images and PXE support files.
-
-Installation bit blasting
--------------------------
-
-Install DevStack
-~~~~~~~~~~~~~~~~
-
-Grab the latest version of DevStack via https:
-
-::
-
-    sudo apt-get install git -y
-    git clone https://git.openstack.org/openstack-dev/devstack
-    cd devstack
-
-Prepare the Boot RAMdisk
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-Pick your boot method and follow the guide to prepare to build the RAM
-disk and set up the boot process:
-
--  `USB boot `__
--  `PXE boot `__
-
-Fire It Up
-~~~~~~~~~~
-
--  Boot the computer into the RAM disk. The details will vary from
-   machine to machine but most BIOSes have a method to select the boot
-   device, often by pressing F12 during POST.
--  Select 'DevStack' from the Boot Menu.
--  Log in with the 'stack' user and 'pass' password.
--  Create ``devstack/localrc`` if you wish to change any of the
-   configuration variables. You will probably want to at least set the
-   admin login password to something memorable rather than the default
-   20 random characters:
-
-   ::
-
-       ADMIN_PASSWORD=openstack
-
--  Fire up OpenStack!
-
-   ::
-
-       ./run.sh
-
--  See the processes running in screen:
-
-   ::
-
-       screen -x
-
--  Connect to the dashboard at ``http:///``
diff --git a/doc/source/guides/usb-boot.rst b/doc/source/guides/usb-boot.rst
deleted file mode 100644
index 4f7a49425b..0000000000
--- a/doc/source/guides/usb-boot.rst
+++ /dev/null
@@ -1,57 +0,0 @@
-`DevStack `__
-
--  `Overview <../overview.html>`__
--  `Changes <../changes.html>`__
--  `FAQ <../faq.html>`__
--  `git.openstack.org `__
--  `Gerrit `__
-
-USB Boot: Undoable Stack Boot
-=============================
-
-Boot DevStack from a USB disk into a RAM disk.
-
-Prerequisites
--------------
-
-Hardware
-~~~~~~~~
-
-This guide covers the creation of a bootable USB drive. Your computer
-BIOS must support booting from USB and You will want at least 3GB of
-RAM. You also will need a USB drive of at least 2GB.
-
-Software
-~~~~~~~~
-
-Ubuntu 11.10 (Oneiric Ocelot) is required on host to create images.
-
-Installation bit blasting
--------------------------
-
-Set Up USB Drive
-~~~~~~~~~~~~~~~~
-
--  Insert the USB drive into the computer. Make a note of the device
-   name, such as ``sdb``. Do not mount the device.
--  Install the boot system:
-
-   ::
-
-       tools/build_usb_boot.sh /dev/sdb1
-
-   This calls tools/build\_ramdisk.sh to create a 2GB ramdisk containing
-   a complete development Oneiric OS plus the OpenStack code checkouts.
-   It then writes a syslinux boot sector to the specified device and
-   creates ``/syslinux``.
-
--  If desired, you may now mount the device:
-
-   ::
-
-       mount /dev/sdb1 /mnt/tmp
-       # foo
-       umount /mnt/tmp
-
-Now `return `__ to the RAM disk Guide to kick off your
-DevStack experience.

From 28d4392d56c6a493dd71c4a5a5f64f6dee36dd01 Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Wed, 29 Oct 2014 17:25:12 -0700
Subject: [PATCH 0109/3421] Set permissions on sahara cache

Signing certificate directory should have 700 mode.
Before the change it was created with 755.

As a visual impact this CR removes warning from
keystonemiddleware.

Change-Id: I8483e73447348b9a9e33dfd382543978a70a9d43
Closes-Bug: #1387416
---
 lib/sahara | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/sahara b/lib/sahara
index 5c7c2534e2..42e8e016d8 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -104,6 +104,7 @@ function configure_sahara {
     # Create auth cache dir
     sudo mkdir -p $SAHARA_AUTH_CACHE_DIR
     sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR
+    sudo chmod 700 $SAHARA_AUTH_CACHE_DIR
     rm -rf $SAHARA_AUTH_CACHE_DIR/*
 
     configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR

From 74b28bc43b9570496f2b67688e0c4c04aa273733 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen 
Date: Wed, 29 Oct 2014 14:15:22 -0700
Subject: [PATCH 0110/3421] Add iptables rule for Ironic VMs -> Swift

The agent ramdisk gets instance images from swift, set firewall
rules to allow this.

Also configure Ironic API port using the correct variable, and
use SWIFT_DEFAULT_BIND_PORT for Swift ports everywhere.

Change-Id: Ieec8cc64e504b04a21daa49e90e2d4925f4838ee
---
 lib/ironic | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 0a84e47ebc..cf005a74d6 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -279,7 +279,7 @@ function configure_ironic_conductor {
         else
             die $LINENO "SWIFT_ENABLE_TEMPURLS must be True to use agent_ssh driver in Ironic."
         fi
-        iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:8080
+        iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
         iniset $IRONIC_CONF_FILE glance swift_api_version v1
         local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME)
         iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
@@ -523,7 +523,11 @@ function configure_iptables {
     sudo modprobe nf_nat_tftp
     # nodes boot from TFTP and callback to the API server listening on $HOST_IP
     sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
-    sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true
+    sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HOSTPORT -j ACCEPT || true
+    if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
+        # agent ramdisk gets instance image from swift
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
+    fi
 }
 
 function configure_tftpd {
@@ -678,6 +682,10 @@ function cleanup_baremetal_basic_ops {
     restart_service xinetd
     sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
     sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true
+    if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
+        # agent ramdisk gets instance image from swift
+        sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
+    fi
     sudo rmmod nf_conntrack_tftp || true
     sudo rmmod nf_nat_tftp || true
 }

From 292b2a7ee61f9b034230e8c99d2e5c7154dcf79b Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Fri, 31 Oct 2014 13:48:58 +0900
Subject: [PATCH 0111/3421] Workaround openrc failure on zsh

The recent GIT_DEPTH change introduced a [[ ]] construct
which doesn't work for zsh 5.0.2.  Workaround it by tweaking the test.

The following is a demonstration to show how zsh behaves:

    % if [[ "" ]];then echo hoge;fi
    zsh: parse error near `]]'
    % if [[ "x" ]];then echo hoge;fi
    zsh: parse error near `]]'
    % if [[ -n "" ]];then echo hoge;fi
    % if [[ -n "x" ]];then echo hoge;fi
    hoge
    %

Closes-Bug: #1387943
Change-Id: Ia88de876dacb3664a7c3d8f5a035e8e50fddb678
---
 functions-common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index 48edba8da6..818e165df7 100644
--- a/functions-common
+++ b/functions-common
@@ -575,7 +575,7 @@ function git_clone {
 
     RECLONE=$(trueorfalse False $RECLONE)
 
-    if [[ "$GIT_DEPTH" ]]; then
+    if [[ -n "${GIT_DEPTH}" ]]; then
         git_clone_flags="$git_clone_flags --depth $GIT_DEPTH"
     fi
 

From cd1c3c7adb45e6fda75df48d0313aad8836a7453 Mon Sep 17 00:00:00 2001
From: Kashyap Kopparam 
Date: Fri, 31 Oct 2014 17:32:57 +0530
Subject: [PATCH 0112/3421] added the localrc section to the local.conf

Change-Id: Iffcc61ca886df96e1dc7c0df3c02125cb2b4a7dc
---
 doc/source/guides/multinode-lab.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index a63260fe6f..0b1ebb931b 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -167,6 +167,7 @@ machines, create a ``local.conf`` with:
 
 ::
 
+    [[local|localrc]]
     HOST_IP=192.168.42.12 # change this per compute node
     FLAT_INTERFACE=eth0
     FIXED_RANGE=10.4.128.0/20

From 8fceb49820cb299ad2957b280724e10bb8f1196d Mon Sep 17 00:00:00 2001
From: Chmouel Boudjnah 
Date: Thu, 2 Oct 2014 20:58:20 +0200
Subject: [PATCH 0113/3421] Only sysctl reserverd ports when available.

Only set the keystone reserved ports when available, on some system
(like when running under containers) where this sysfs interface is not
exposed we are almost pretty sure these ports would be exclusive for our
devstack.

Change-Id: I06d7d227ae94d564c91c16119e4bbbcc6564a280
---
 tools/fixup_stuff.sh | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 1732eccdbe..b8beb01583 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -50,17 +50,24 @@ fi
 # exception into the Kernel for the Keystone AUTH ports.
 keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
 
-# Get any currently reserved ports, strip off leading whitespace
-reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
-
-if [[ -z "${reserved_ports}" ]]; then
-    # If there are no currently reserved ports, reserve the keystone ports
-    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+# only do the reserved ports when available, on some system (like containers)
+# where it's not exposed we are almost pretty sure these ports would be
+# exclusive for our devstack.
+if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
+    # Get any currently reserved ports, strip off leading whitespace
+    reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
+
+    if [[ -z "${reserved_ports}" ]]; then
+        # If there are no currently reserved ports, reserve the keystone ports
+        sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+    else
+        # If there are currently reserved ports, keep those and also reserve the
+        # keystone specific ports. Duplicate reservations are merged into a single
+        # reservation (or range) automatically by the kernel.
+        sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+    fi
 else
-    # If there are currently reserved ports, keep those and also reserve the
-    # keystone specific ports. Duplicate reservations are merged into a single
-    # reservation (or range) automatically by the kernel.
-    sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+    echo_summary "WARNING: unable to reserve keystone ports"
 fi
 
 

From 5a91c3548370d3de856e5522f2d11775278115cf Mon Sep 17 00:00:00 2001
From: Flavio Percoco 
Date: Fri, 31 Oct 2014 18:48:00 +0100
Subject: [PATCH 0114/3421] USe `trueorfalse` for INSTALL_TESTONLY_PACKAGES

INSTALL_TESTONLY_PACKAGES is assumed to be set to `True` or `False`.
However, in devstack-gate this variable is set to 0 or 1. The patch uses
the already existing `trueorfalse` function to evaluate
INSTALL_TESTONLY_PACKAGES and normalize its value.

Change-Id: I0e4a31e422bad2a31d919d9f871e24833a0faa99
---
 functions-common | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/functions-common b/functions-common
index 48edba8da6..b9eaae5db3 100644
--- a/functions-common
+++ b/functions-common
@@ -993,6 +993,8 @@ function get_packages {
     local file_to_parse
     local service
 
+    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False $INSTALL_TESTONLY_PACKAGES)
+
     if [[ -z "$package_dir" ]]; then
         echo "No package directory supplied"
         return 1
@@ -1599,6 +1601,7 @@ function pip_install {
         $cmd_pip install \
         $pip_mirror_opt $@
 
+    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False $INSTALL_TESTONLY_PACKAGES)
     if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
         local test_req="$@/test-requirements.txt"
         if [[ -e "$test_req" ]]; then

From 213f13a28399657955be263c936db0a87310b5b1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Thu, 30 Oct 2014 19:49:20 -0400
Subject: [PATCH 0115/3421] Don't hardcode glance protocol when finding trove
 guest image

This allows configuration of trove when devstack is configured
for SSL or tls-proxy.

Change-Id: I680effda94926951f9068e2df1e354c708aa4495
---
 lib/trove | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/trove b/lib/trove
index 1d1b5f406b..4ac7293fbd 100644
--- a/lib/trove
+++ b/lib/trove
@@ -207,7 +207,7 @@ function init_trove {
     # The image is uploaded by stack.sh -- see $IMAGE_URLS handling
     GUEST_IMAGE_NAME=$(basename "$TROVE_GUEST_IMAGE_URL")
     GUEST_IMAGE_NAME=${GUEST_IMAGE_NAME%.*}
-    TROVE_GUEST_IMAGE_ID=$(openstack --os-token $TOKEN --os-url http://$GLANCE_HOSTPORT image list | grep "${GUEST_IMAGE_NAME}" | get_field 1)
+    TROVE_GUEST_IMAGE_ID=$(openstack --os-token $TOKEN --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image list | grep "${GUEST_IMAGE_NAME}" | get_field 1)
     if [ -z "$TROVE_GUEST_IMAGE_ID" ]; then
         # If no glance id is found, skip remaining setup
         echo "Datastore ${TROVE_DATASTORE_TYPE} will not be created: guest image ${GUEST_IMAGE_NAME} not found."

From 27a196e26064aba615b0177435071d569b82389b Mon Sep 17 00:00:00 2001
From: Tan Lin 
Date: Fri, 31 Oct 2014 15:44:34 +0800
Subject: [PATCH 0116/3421] Add options to enable using DHCP agent
 Metadata-proxy

Add options to support DHCP agent providing metadata-proxy.
In some cases, users have to disable L3 Agent. But people still
need metadata services.

Change-Id: I4664fc3a4937c3b7b5c27e74f509b683ffbedd09
---
 lib/neutron | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index 98636b4b41..573fd6fbb0 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -229,6 +229,14 @@ TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-$HOST_IP}
 # Example: ``OVS_ENABLE_TUNNELING=True``
 OVS_ENABLE_TUNNELING=${OVS_ENABLE_TUNNELING:-$ENABLE_TENANT_TUNNELS}
 
+# Use DHCP agent for providing metadata service in the case of
+# without L3 agent (No Route Agent), set to True in localrc.
+ENABLE_ISOLATED_METADATA=${ENABLE_ISOLATED_METADATA:-False}
+
+# Add a static route as dhcp option, so the request to 169.254.169.254
+# will be able to reach through a route(DHCP agent)
+# This option require ENABLE_ISOLATED_METADATA = True
+ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
 # Neutron plugin specific functions
 # ---------------------------------
 
@@ -687,6 +695,17 @@ function _configure_neutron_dhcp_agent {
     iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
 
+    if ! is_service_enabled q-l3; then
+        if [[ "$ENABLE_ISOLATED_METADATA" = "True" ]]; then
+            iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata $ENABLE_ISOLATED_METADATA
+            iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network $ENABLE_METADATA_NETWORK
+        else
+            if [[ "$ENABLE_METADATA_NETWORK" = "True" ]]; then
+                die "$LINENO" "Enable isolated metadata is a must for metadata network"
+            fi
+        fi
+    fi
+
     _neutron_setup_interface_driver $Q_DHCP_CONF_FILE
 
     neutron_plugin_configure_dhcp_agent

From 5cb190697c1bce5dcd2ad843922813b0cc74bd24 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Sat, 1 Nov 2014 01:37:45 +0100
Subject: [PATCH 0117/3421] support installing clients at released versions

expand the devstack support for libraries from released versions to
support python-* clients and tempest_lib.

Depends-On: I81b0d228e7769758c61e5b0323ecfce8c8886d39

Change-Id: I26fac0ccf8fd4818e24618d56bf04b32306f88f6
---
 extras.d/70-trove.sh |  1 -
 functions-common     |  1 +
 lib/ceilometer       | 11 ++++++----
 lib/cinder           | 11 ++++++----
 lib/glance           |  9 ++++++---
 lib/heat             | 11 ++++++----
 lib/ironic           | 14 +++++++++----
 lib/keystone         | 11 ++++++----
 lib/neutron          | 12 +++++++----
 lib/nova             | 12 +++++++----
 lib/swift            | 10 ++++++---
 lib/tempest          |  9 ++++++---
 lib/trove            | 12 +++++------
 stack.sh             | 12 ++++++++---
 stackrc              | 48 ++++++++++++++++++++++----------------------
 15 files changed, 113 insertions(+), 71 deletions(-)

diff --git a/extras.d/70-trove.sh b/extras.d/70-trove.sh
index a4dc7fbc5b..f284354e1f 100644
--- a/extras.d/70-trove.sh
+++ b/extras.d/70-trove.sh
@@ -11,7 +11,6 @@ if is_service_enabled trove; then
         cleanup_trove
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         echo_summary "Configuring Trove"
-        configure_troveclient
         configure_trove
 
         if is_service_enabled key; then
diff --git a/functions-common b/functions-common
index 48edba8da6..4e6ad14437 100644
--- a/functions-common
+++ b/functions-common
@@ -1621,6 +1621,7 @@ function use_library_from_git {
     return $enabled
 }
 
+
 # setup a library by name. If we are trying to use the library from
 # git, we'll do a git based install, otherwise we'll punt and the
 # library should be installed by a requirements pull from another
diff --git a/lib/ceilometer b/lib/ceilometer
index 9046b9d3d9..b1ff8b4157 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -35,8 +35,9 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["ceilometerclient"]=$DEST/python-ceilometerclient
+
 CEILOMETER_DIR=$DEST/ceilometer
-CEILOMETERCLIENT_DIR=$DEST/python-ceilometerclient
 CEILOMETER_CONF_DIR=/etc/ceilometer
 CEILOMETER_CONF=$CEILOMETER_CONF_DIR/ceilometer.conf
 CEILOMETER_API_LOG_DIR=/var/log/ceilometer-api
@@ -254,9 +255,11 @@ function install_ceilometer {
 
 # install_ceilometerclient() - Collect source and prepare
 function install_ceilometerclient {
-    git_clone $CEILOMETERCLIENT_REPO $CEILOMETERCLIENT_DIR $CEILOMETERCLIENT_BRANCH
-    setup_develop $CEILOMETERCLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$CEILOMETERCLIENT_DIR/tools/,/etc/bash_completion.d/}ceilometer.bash_completion
+    if use_library_from_git "ceilometerclient"; then
+        git_clone_by_name "ceilometerclient"
+        setup_develop "ceilometerclient"
+        sudo install -D -m 0644 -o $STACK_USER {$CEILOMETERCLIENT_DIR/tools/,/etc/bash_completion.d/}ceilometer.bash_completion
+    fi
 }
 
 # start_ceilometer() - Start running processes, including screen
diff --git a/lib/cinder b/lib/cinder
index 29cda42eb2..56878642e3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -36,8 +36,9 @@ if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
 fi
 
 # set up default directories
+GITDIR["cinderclient"]=$DEST/python-cinderclient
+
 CINDER_DIR=$DEST/cinder
-CINDERCLIENT_DIR=$DEST/python-cinderclient
 CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
 CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
 
@@ -402,9 +403,11 @@ function install_cinder {
 
 # install_cinderclient() - Collect source and prepare
 function install_cinderclient {
-    git_clone $CINDERCLIENT_REPO $CINDERCLIENT_DIR $CINDERCLIENT_BRANCH
-    setup_develop $CINDERCLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$CINDERCLIENT_DIR/tools/,/etc/bash_completion.d/}cinder.bash_completion
+    if use_library_from_git "cinderclient"; then
+        git_clone_by_name "cinderclient"
+        setup_develop "cinderclient"
+        sudo install -D -m 0644 -o $STACK_USER {$CINDERCLIENT_DIR/tools/,/etc/bash_completion.d/}cinder.bash_completion
+    fi
 }
 
 # apply config.d approach for cinder volumes directory
diff --git a/lib/glance b/lib/glance
index 4194842407..8cd48b13f9 100644
--- a/lib/glance
+++ b/lib/glance
@@ -27,9 +27,10 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["glanceclient"]=$DEST/python-glanceclient
+
 GLANCE_DIR=$DEST/glance
 GLANCE_STORE_DIR=$DEST/glance_store
-GLANCECLIENT_DIR=$DEST/python-glanceclient
 GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
 GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
 GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
@@ -286,8 +287,10 @@ function init_glance {
 
 # install_glanceclient() - Collect source and prepare
 function install_glanceclient {
-    git_clone $GLANCECLIENT_REPO $GLANCECLIENT_DIR $GLANCECLIENT_BRANCH
-    setup_develop $GLANCECLIENT_DIR
+    if use_library_from_git "glanceclient"; then
+        git_clone_by_name "glanceclient"
+        setup_develop "glanceclient"
+    fi
 }
 
 # install_glance() - Collect source and prepare
diff --git a/lib/heat b/lib/heat
index 53eca25450..ed5181b2b8 100644
--- a/lib/heat
+++ b/lib/heat
@@ -29,8 +29,9 @@ set +o xtrace
 # --------
 
 # set up default directories
+GITDIR["heatclient"]=$DEST/python-heatclient
+
 HEAT_DIR=$DEST/heat
-HEATCLIENT_DIR=$DEST/python-heatclient
 HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
 HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
 HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
@@ -183,9 +184,11 @@ function create_heat_cache_dir {
 
 # install_heatclient() - Collect source and prepare
 function install_heatclient {
-    git_clone $HEATCLIENT_REPO $HEATCLIENT_DIR $HEATCLIENT_BRANCH
-    setup_develop $HEATCLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$HEATCLIENT_DIR/tools/,/etc/bash_completion.d/}heat.bash_completion
+    if use_library_from_git "heatclient"; then
+        git_clone_by_name "heatclient"
+        setup_develop "heatclient"
+        sudo install -D -m 0644 -o $STACK_USER {$HEATCLIENT_DIR/tools/,/etc/bash_completion.d/}heat.bash_completion
+    fi
 }
 
 # install_heat() - Collect source and prepare
diff --git a/lib/ironic b/lib/ironic
index 0a84e47ebc..0fadb8d0a1 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -28,11 +28,12 @@ set +o pipefail
 # --------
 
 # Set up default directories
+GITDIR["ironicclient"]=$DEST/python-ironicclient
+
 IRONIC_DIR=$DEST/ironic
 IRONIC_PYTHON_AGENT_DIR=$DEST/ironic-python-agent
 IRONIC_DATA_DIR=$DATA_DIR/ironic
 IRONIC_STATE_PATH=/var/lib/ironic
-IRONICCLIENT_DIR=$DEST/python-ironicclient
 IRONIC_AUTH_CACHE_DIR=${IRONIC_AUTH_CACHE_DIR:-/var/cache/ironic}
 IRONIC_CONF_DIR=${IRONIC_CONF_DIR:-/etc/ironic}
 IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf
@@ -150,9 +151,14 @@ function install_ironic {
 
 # install_ironicclient() - Collect sources and prepare
 function install_ironicclient {
-    git_clone $IRONICCLIENT_REPO $IRONICCLIENT_DIR $IRONICCLIENT_BRANCH
-    setup_develop $IRONICCLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$IRONICCLIENT_DIR/tools/,/etc/bash_completion.d/}ironic.bash_completion
+    if use_library_from_git "ironicclient"; then
+        git_clone_by_name "ironicclient"
+        setup_develop "ironicclient"
+        sudo install -D -m 0644 -o $STACK_USER {$IRONICCLIENT_DIR/tools/,/etc/bash_completion.d/}ironic.bash_completion
+    else
+        # nothing actually "requires" ironicclient, so force instally from pypi
+        pip_install python-ironicclient
+    fi
 }
 
 # _cleanup_ironic_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
diff --git a/lib/keystone b/lib/keystone
index 276e9718a6..6341ce2eea 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -33,6 +33,8 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["keystoneclient"]=$DEST/python-keystoneclient
+
 KEYSTONE_DIR=$DEST/keystone
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
@@ -45,7 +47,6 @@ else
 fi
 
 KEYSTONEMIDDLEWARE_DIR=$DEST/keystonemiddleware
-KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
 
 # Set up additional extensions, such as oauth1, federation
 # Example of KEYSTONE_EXTENSIONS=oauth1,federation
@@ -479,9 +480,11 @@ function init_keystone {
 
 # install_keystoneclient() - Collect source and prepare
 function install_keystoneclient {
-    git_clone $KEYSTONECLIENT_REPO $KEYSTONECLIENT_DIR $KEYSTONECLIENT_BRANCH
-    setup_develop $KEYSTONECLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$KEYSTONECLIENT_DIR/tools/,/etc/bash_completion.d/}keystone.bash_completion
+    if use_library_from_git "keystoneclient"; then
+        git_clone_by_name "keystoneclient"
+        setup_develop "keystoneclient"
+        sudo install -D -m 0644 -o $STACK_USER {$KEYSTONECLIENT_DIR/tools/,/etc/bash_completion.d/}keystone.bash_completion
+    fi
 }
 
 # install_keystonemiddleware() - Collect source and prepare
diff --git a/lib/neutron b/lib/neutron
index d05dcc806f..faca3e0da2 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -77,8 +77,10 @@ fi
 
 
 # Set up default directories
+GITDIR["neutronclient"]=$DEST/python-neutronclient
+
+
 NEUTRON_DIR=$DEST/neutron
-NEUTRONCLIENT_DIR=$DEST/python-neutronclient
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 
 # Support entry points installation of console scripts
@@ -601,9 +603,11 @@ function install_neutron {
 
 # install_neutronclient() - Collect source and prepare
 function install_neutronclient {
-    git_clone $NEUTRONCLIENT_REPO $NEUTRONCLIENT_DIR $NEUTRONCLIENT_BRANCH
-    setup_develop $NEUTRONCLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$NEUTRONCLIENT_DIR/tools/,/etc/bash_completion.d/}neutron.bash_completion
+    if use_library_from_git "neutronclient"; then
+        git_clone_by_name "neutronclient"
+        setup_develop "neutronclient"
+        sudo install -D -m 0644 -o $STACK_USER {$NEUTRONCLIENT_DIR/tools/,/etc/bash_completion.d/}neutron.bash_completion
+    fi
 }
 
 # install_neutron_agent_packages() - Collect source and prepare
diff --git a/lib/nova b/lib/nova
index 0f838072c1..d5f11928e5 100644
--- a/lib/nova
+++ b/lib/nova
@@ -29,8 +29,10 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["novaclient"]=$DEST/python-novaclient
+
+
 NOVA_DIR=$DEST/nova
-NOVACLIENT_DIR=$DEST/python-novaclient
 NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
 # INSTANCES_PATH is the previous name for this
 NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
@@ -637,9 +639,11 @@ function init_nova {
 
 # install_novaclient() - Collect source and prepare
 function install_novaclient {
-    git_clone $NOVACLIENT_REPO $NOVACLIENT_DIR $NOVACLIENT_BRANCH
-    setup_develop $NOVACLIENT_DIR
-    sudo install -D -m 0644 -o $STACK_USER {$NOVACLIENT_DIR/tools/,/etc/bash_completion.d/}nova.bash_completion
+    if use_library_from_git "novaclient"; then
+        git_clone_by_name "novaclient"
+        setup_develop "novaclient"
+        sudo install -D -m 0644 -o $STACK_USER {$NOVACLIENT_DIR/tools/,/etc/bash_completion.d/}nova.bash_completion
+    fi
 }
 
 # install_nova() - Collect source and prepare
diff --git a/lib/swift b/lib/swift
index 7ef44969b6..801628241a 100644
--- a/lib/swift
+++ b/lib/swift
@@ -34,8 +34,10 @@ if is_ssl_enabled_service "s-proxy" || is_service_enabled tls-proxy; then
 fi
 
 # Set up default directories
+GITDIR["swiftclient"]=$DEST/python-swiftclient
+
+
 SWIFT_DIR=$DEST/swift
-SWIFTCLIENT_DIR=$DEST/python-swiftclient
 SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
 SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
 SWIFT3_DIR=$DEST/swift3
@@ -675,8 +677,10 @@ function install_swift {
 }
 
 function install_swiftclient {
-    git_clone $SWIFTCLIENT_REPO $SWIFTCLIENT_DIR $SWIFTCLIENT_BRANCH
-    setup_develop $SWIFTCLIENT_DIR
+    if use_library_from_git "swiftclient"; then
+        git_clone_by_name "swiftclient"
+        setup_develop "swiftclient"
+    fi
 }
 
 # start_swift() - Start running processes, including screen
diff --git a/lib/tempest b/lib/tempest
index 66f1a788f1..25dc171fe2 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -45,11 +45,12 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["tempest_lib"]=$DEST/tempest-lib
+
 TEMPEST_DIR=$DEST/tempest
 TEMPEST_CONFIG_DIR=${TEMPEST_CONFIG_DIR:-$TEMPEST_DIR/etc}
 TEMPEST_CONFIG=$TEMPEST_CONFIG_DIR/tempest.conf
 TEMPEST_STATE_PATH=${TEMPEST_STATE_PATH:=$DATA_DIR/tempest}
-TEMPEST_LIB_DIR=$DEST/tempest-lib
 
 NOVA_SOURCE_DIR=$DEST/nova
 
@@ -441,8 +442,10 @@ function create_tempest_accounts {
 
 # install_tempest_lib() - Collect source, prepare, and install tempest-lib
 function install_tempest_lib {
-    git_clone $TEMPEST_LIB_REPO $TEMPEST_LIB_DIR $TEMPEST_LIB_BRANCH
-    setup_develop $TEMPEST_LIB_DIR
+    if use_library_from_git "tempest_lib"; then
+        git_clone_by_name "tempest_lib"
+        setup_develop "tempest_lib"
+    fi
 }
 
 # install_tempest() - Collect source and prepare
diff --git a/lib/trove b/lib/trove
index 1d1b5f406b..2f8b696924 100644
--- a/lib/trove
+++ b/lib/trove
@@ -28,8 +28,9 @@ else
 fi
 
 # Set up default configuration
+GITDIR["troveclient"]=$DEST/python-troveclient
+
 TROVE_DIR=$DEST/trove
-TROVECLIENT_DIR=$DEST/python-troveclient
 TROVE_CONF_DIR=/etc/trove
 TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
 TROVE_AUTH_CACHE_DIR=${TROVE_AUTH_CACHE_DIR:-/var/cache/trove}
@@ -109,10 +110,6 @@ function cleanup_trove {
     rm -fr $TROVE_CONF_DIR/*
 }
 
-# configure_troveclient() - Set config files, create data dirs, etc
-function configure_troveclient {
-    setup_develop $TROVECLIENT_DIR
-}
 
 # configure_trove() - Set config files, create data dirs, etc
 function configure_trove {
@@ -184,7 +181,10 @@ function configure_trove {
 
 # install_troveclient() - Collect source and prepare
 function install_troveclient {
-    git_clone $TROVECLIENT_REPO $TROVECLIENT_DIR $TROVECLIENT_BRANCH
+    if use_library_from_git "troveclient"; then
+        git_clone_by_name "troveclient"
+        setup_develop "troveclient"
+    fi
 }
 
 # install_trove() - Collect source and prepare
diff --git a/stack.sh b/stack.sh
index ec13338948..5f87a904c3 100755
--- a/stack.sh
+++ b/stack.sh
@@ -585,7 +585,7 @@ if [[ -d $TOP_DIR/extras.d ]]; then
 fi
 
 # Set the destination directories for other OpenStack projects
-OPENSTACKCLIENT_DIR=$DEST/python-openstackclient
+GITDIR["openstackclient"]=$DEST/python-openstackclient
 
 # Interactive Configuration
 # -------------------------
@@ -788,8 +788,14 @@ fi
 # Install middleware
 install_keystonemiddleware
 
-git_clone $OPENSTACKCLIENT_REPO $OPENSTACKCLIENT_DIR $OPENSTACKCLIENT_BRANCH
-setup_develop $OPENSTACKCLIENT_DIR
+# install the OpenStack client, needed for most setup commands
+if use_library_from_git "openstackclient"; then
+    git_clone_by_name "openstackclient"
+    setup_develop "openstackclient"
+else
+    pip_install python-openstackclient
+fi
+
 
 if is_service_enabled key; then
     if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
diff --git a/stackrc b/stackrc
index 15b0951a1a..2f08c730be 100644
--- a/stackrc
+++ b/stackrc
@@ -199,8 +199,8 @@ TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git}
 TEMPEST_BRANCH=${TEMPEST_BRANCH:-master}
 
 # TODO(sdague): this should end up as a library component like below
-TEMPEST_LIB_REPO=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git}
-TEMPEST_LIB_BRANCH=${TEMPEST_LIB_BRANCH:-master}
+GITREPO["tempest_lib"]=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git}
+GITBRANCH["tempest_lib"]=${TEMPEST_LIB_BRANCH:-master}
 
 
 ##############
@@ -210,48 +210,48 @@ TEMPEST_LIB_BRANCH=${TEMPEST_LIB_BRANCH:-master}
 ##############
 
 # ceilometer client library
-CEILOMETERCLIENT_REPO=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git}
-CEILOMETERCLIENT_BRANCH=${CEILOMETERCLIENT_BRANCH:-master}
+GITREPO["ceilometerclient"]=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git}
+GITBRANCH["ceilometerclient"]=${CEILOMETERCLIENT_BRANCH:-master}
 
 # volume client
-CINDERCLIENT_REPO=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
-CINDERCLIENT_BRANCH=${CINDERCLIENT_BRANCH:-master}
+GITREPO["cinderclient"]=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
+GITBRACH["cinderclient"]=${CINDERCLIENT_BRANCH:-master}
 
 # python glance client library
-GLANCECLIENT_REPO=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git}
-GLANCECLIENT_BRANCH=${GLANCECLIENT_BRANCH:-master}
+GITREPO["glanceclient"]=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git}
+GITBRANCH["glanceclient"]=${GLANCECLIENT_BRANCH:-master}
 
 # python heat client library
-HEATCLIENT_REPO=${HEATCLIENT_REPO:-${GIT_BASE}/openstack/python-heatclient.git}
-HEATCLIENT_BRANCH=${HEATCLIENT_BRANCH:-master}
+GITREPO["heatclient"]=${HEATCLIENT_REPO:-${GIT_BASE}/openstack/python-heatclient.git}
+GITBRANCH["heatclient"]=${HEATCLIENT_BRANCH:-master}
 
 # ironic client
-IRONICCLIENT_REPO=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git}
-IRONICCLIENT_BRANCH=${IRONICCLIENT_BRANCH:-master}
+GITREPO["ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git}
+GITBRANCH["ironicclient"]=${IRONICCLIENT_BRANCH:-master}
 
 # python keystone client library to nova that horizon uses
-KEYSTONECLIENT_REPO=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git}
-KEYSTONECLIENT_BRANCH=${KEYSTONECLIENT_BRANCH:-master}
+GITREPO["keystoneclient"]=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git}
+GITBRANCH["keystoneclient"]=${KEYSTONECLIENT_BRANCH:-master}
 
 # neutron client
-NEUTRONCLIENT_REPO=${NEUTRONCLIENT_REPO:-${GIT_BASE}/openstack/python-neutronclient.git}
-NEUTRONCLIENT_BRANCH=${NEUTRONCLIENT_BRANCH:-master}
+GITREPO["neutronclient"]=${NEUTRONCLIENT_REPO:-${GIT_BASE}/openstack/python-neutronclient.git}
+GITBRANCH["neutronclient"]=${NEUTRONCLIENT_BRANCH:-master}
 
 # python client library to nova that horizon (and others) use
-NOVACLIENT_REPO=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git}
-NOVACLIENT_BRANCH=${NOVACLIENT_BRANCH:-master}
+GITREPO["novaclient"]=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git}
+GITBRANCH["novaclient"]=${NOVACLIENT_BRANCH:-master}
 
 # python swift client library
-SWIFTCLIENT_REPO=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
-SWIFTCLIENT_BRANCH=${SWIFTCLIENT_BRANCH:-master}
+GITREPO["swiftclient"]=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
+GITBRANCH["swiftclient"]=${SWIFTCLIENT_BRANCH:-master}
 
 # trove client library test
-TROVECLIENT_REPO=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git}
-TROVECLIENT_BRANCH=${TROVECLIENT_BRANCH:-master}
+GITREPO["troveclient"]=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git}
+GITBRANCH["troveclient"]=${TROVECLIENT_BRANCH:-master}
 
 # consolidated openstack python client
-OPENSTACKCLIENT_REPO=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git}
-OPENSTACKCLIENT_BRANCH=${OPENSTACKCLIENT_BRANCH:-master}
+GITREPO["openstackclient"]=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git}
+GITBRANCH["openstackclient"]=${OPENSTACKCLIENT_BRANCH:-master}
 
 ###################
 #

From c973e6c96ce0d37bc22877f3af65135989c469e4 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 5 Nov 2014 09:52:27 +1100
Subject: [PATCH 0118/3421] Move platform check after localrc

This got moved around with some of the recent cleanups I think.  My CI
was putting FORCE=yes into localrc which used to work.  Noticed doing
some bring-up on F21

Change-Id: I7c0ea6b67b42b768278de0fd41d0c0bfbb572387
---
 stack.sh | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/stack.sh b/stack.sh
index ec13338948..38ecceb717 100755
--- a/stack.sh
+++ b/stack.sh
@@ -90,16 +90,6 @@ source $TOP_DIR/lib/config
 # and ``DISTRO``
 GetDistro
 
-# Warn users who aren't on an explicitly supported distro, but allow them to
-# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f19|f20|rhel6|rhel7) ]]; then
-    echo "WARNING: this script has not been tested on $DISTRO"
-    if [[ "$FORCE" != "yes" ]]; then
-        die $LINENO "If you wish to run this script anyway run with FORCE=yes"
-    fi
-fi
-
-
 # Global Settings
 # ---------------
 
@@ -151,6 +141,15 @@ if [[ ! -r $TOP_DIR/stackrc ]]; then
 fi
 source $TOP_DIR/stackrc
 
+# Warn users who aren't on an explicitly supported distro, but allow them to
+# override check and attempt installation with ``FORCE=yes ./stack``
+if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f19|f20|rhel6|rhel7) ]]; then
+    echo "WARNING: this script has not been tested on $DISTRO"
+    if [[ "$FORCE" != "yes" ]]; then
+        die $LINENO "If you wish to run this script anyway run with FORCE=yes"
+    fi
+fi
+
 # Check to see if we are already running DevStack
 # Note that this may fail if USE_SCREEN=False
 if type -p screen > /dev/null && screen -ls | egrep -q "[0-9]\.$SCREEN_NAME"; then

From 73d32161df5bc0255d32b1ce1eefb4068d09596b Mon Sep 17 00:00:00 2001
From: yunhong jiang 
Date: Mon, 6 Oct 2014 09:34:35 -0700
Subject: [PATCH 0119/3421] Passing config for flat type network

Add support to passing the flat_network configuration. User can
either passing the physical network name, or use the physical
network definition

Change-Id: Ie42679f207eb14620883778314f74abf378b5cbc
---
 lib/neutron_plugins/ml2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 44b947f380..f9a9774e98 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -84,6 +84,11 @@ function neutron_plugin_configure_service {
         fi
     fi
 
+
+    # Allow for setup the flat type network
+    if [[ -z "$Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS" && -n "$PHYSICAL_NETWORK" ]]; then
+            Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS="flat_networks=$Q_ML2_FLAT_PHYSNET_OPTIONS"
+    fi
     # REVISIT(rkukura): Setting firewall_driver here for
     # neutron.agent.securitygroups_rpc.is_firewall_enabled() which is
     # used in the server, in case no L2 agent is configured on the
@@ -110,6 +115,8 @@ function neutron_plugin_configure_service {
 
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_vxlan $Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS
 
+    populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_flat $Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS
+
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_vlan $Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS
 
     if [[ "$Q_DVR_MODE" != "legacy" ]]; then

From 7bce8fa3171801db9bf2261b65b1f5b8978bb46e Mon Sep 17 00:00:00 2001
From: Edgar Magana 
Date: Tue, 4 Nov 2014 17:32:54 +0100
Subject: [PATCH 0120/3421] Includes a validation to disable creating initial
 networks for Neutron

Neutron external and internal networks are created by default
This commit let developers by configuration to decide if those
networks needs to be created. This is needed to test Neutron DVR
in a distributed Multi-node environment

Change-Id: I17d891d072f189925676b4557094cde1c7a71579
Closes-Bug: 1389288
---
 lib/neutron | 2 ++
 stack.sh    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index eb07f402d0..a3f9192869 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -131,6 +131,8 @@ Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
 Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
 VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
 VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
+# Specify if the initial private and external networks should be created
+NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
 
 ## Provider Network Information
 PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
diff --git a/stack.sh b/stack.sh
index ec13338948..ed6a4e3936 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1275,7 +1275,7 @@ if is_service_enabled neutron; then
     start_neutron_agents
 fi
 # Once neutron agents are started setup initial network elements
-if is_service_enabled q-svc; then
+if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then
     echo_summary "Creating initial neutron network elements"
     create_neutron_initial_network
     setup_neutron_debug

From 63baba2711552e0f818ad2482281d93dc11e7212 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 29 Oct 2014 21:57:31 -0500
Subject: [PATCH 0121/3421] Clean up index page

There were a lot of artifacts left from the HTML translation.

The toctree at the end is to suppress the errors until the remaining
docs are cleaned up.

Change-Id: I4a8f29f0be524d0a15c7c6f590ffc3ceed6ff811
---
 doc/source/index.rst | 140 +++++++++++++++++--------------------------
 1 file changed, 54 insertions(+), 86 deletions(-)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 37b365d11a..6c38216d26 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -1,40 +1,19 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-.. toctree::
-   :glob:
-   :maxdepth: 2
-
-   *
-   guides/*
-   
-
-
 DevStack - an OpenStack Community Production
 ============================================
 
-| A documented shell script to build complete OpenStack development environments.
-|  An OpenStack program maintained by the developer community.
-
-#. Setup a fresh supported Linux installation.
-#. Clone devstack from git.openstack.org.
-
-   ::
-
-       git clone https://git.openstack.org/openstack-dev/devstack
-
-#. Deploy your OpenStack Cloud
+.. toctree::
+   :glob:
+   :maxdepth: 1
 
-   ::
+   overview
+   configuration
+   plugins
+   faq
+   changes
+   contributing
 
-       cd devstack && ./stack.sh
+   guides/*
 
- 
 
 Quick Start This ain't your first rodeo
 ---------------------------------------
@@ -75,68 +54,45 @@ Quick Start This ain't your first rodeo
    It takes a few minutes, we recommend `reading the
    script `__ while it is building.
 
-Guides Walk through various setups used by stackers
----------------------------------------------------
+Guides
+======
+
+Walk through various setups used by stackers
 
 OpenStack on VMs
 ----------------
 
-Title
-
-Description
-
-Link
+These guides tell you how to virtualize your OpenStack cloud in virtual
+machines. This means that you can get started without having to purchase
+any hardware.
 
 Virtual Machine
+~~~~~~~~~~~~~~~
 
-Run OpenStack in a VM. The VMs launched in your cloud will be slow as
+`Run OpenStack in a VM `__. The VMs launched in your cloud will be slow as
 they are running in QEMU (emulation), but it is useful if you don't have
-spare hardware laying around.
-
-`Read » `__
-
-1 Guide
-
-What is this?
-^^^^^^^^^^^^^
-
-These guides tell you how to virtualize your OpenStack cloud in virtual
-machines. This means that you can get started without having to purchase
-any hardware.
+spare hardware laying around. `[Read] `__
 
 OpenStack on Hardware
 ---------------------
 
-Title
-
-Description
-
-Link
+These guides tell you how to deploy a development environment on real
+hardware. Guides range from running OpenStack on a single laptop to
+running a multi-node deployment on datacenter hardware.
 
 All-In-One
+~~~~~~~~~~
 
-Run OpenStack on dedicated hardware to get real performance in your VMs.
-This can include a server-class machine or a laptop at home.
-
-`Read » `__
+`Run OpenStack on dedicated hardware `__ to get real performance in your VMs.
+This can include a server-class machine or a laptop at home. `[Read] `__
 
 Multi-Node + VLANs
+~~~~~~~~~~~~~~~~~~
 
-Setup a multi-node cluster with dedicated VLANs for VMs & Management.
-
-`Read » `__
-
-2 Guides
-
-What is this?
-^^^^^^^^^^^^^
+`Setup a multi-node cluster `__ with dedicated VLANs for VMs & Management. `[Read] `__
 
-These guides tell you how to deploy a development environment on real
-hardware. Guides range from running OpenStack on a single laptop to
-running a multi-node deployment on datacenter hardware.
-
-Documentation Help yourself to stack
-------------------------------------
+Documentation
+=============
 
 Overview
 --------
@@ -168,11 +124,15 @@ Contributing
 
 `Pitching in to make DevStack a better place `__
 
-Code A look at the bits that make it all go
--------------------------------------------
+Code
+====
+
+A look at the bits that make it all go
+
+Scripts
+-------
 
-Scripts Generated documentation of DevStack scripts.
-----------------------------------------------------
+Generated documentation of DevStack scripts.
 
 +-------------------------------+----------------------------------------------+
 | Filename                      | Link                                         |
@@ -254,8 +214,8 @@ Scripts Generated documentation of DevStack scripts.
 | extras.d/80-tempest.sh        | `Read » `__        |
 +-------------------------------+----------------------------------------------+
 
-Configuration Setting the table
--------------------------------
+Configuration
+-------------
 
 +--------------+--------------------------------+
 | Filename     | Link                           |
@@ -271,8 +231,8 @@ Configuration Setting the table
 | eucarc       | `Read » `__       |
 +--------------+--------------------------------+
 
-Tools Support scripts
----------------------
+Tools
+-----
 
 +-----------------------------+----------------------------------------------+
 | Filename                    | Link                                         |
@@ -292,8 +252,10 @@ Tools Support scripts
 | tools/upload\_image.sh      | `Read » `__      |
 +-----------------------------+----------------------------------------------+
 
-Samples Generated documentation of DevStack sample files.
----------------------------------------------------------
+Samples
+-------
+
+Generated documentation of DevStack sample files.
 
 +------------+--------------------------------------+
 | Filename   | Link                                 |
@@ -303,8 +265,8 @@ Samples Generated documentation of DevStack sample files.
 | localrc    | `Read » `__    |
 +------------+--------------------------------------+
 
-Exercises Generated documentation of DevStack scripts.
-------------------------------------------------------
+Exercises
+---------
 
 +---------------------------------+-------------------------------------------------+
 | Filename                        | Link                                            |
@@ -343,3 +305,9 @@ Exercises Generated documentation of DevStack scripts.
 +---------------------------------+-------------------------------------------------+
 | exercises/zaqar.sh              | `Read » `__            |
 +---------------------------------+-------------------------------------------------+
+
+.. toctree::
+   :glob:
+   :maxdepth: 1
+
+   *

From 0986a7b760e34741d4df6f97851f6d98fec4f99c Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 29 Oct 2014 22:08:13 -0500
Subject: [PATCH 0122/3421] Remove old HTML headers

Change-Id: I39107df88aeb89d3364ad479d8c313b7a79b9440
---
 doc/source/changes.rst               | 10 +++-------
 doc/source/configuration.rst         | 13 +++----------
 doc/source/contributing.rst          | 13 +++----------
 doc/source/eucarc.rst                | 13 +++----------
 doc/source/exerciserc.rst            | 13 +++----------
 doc/source/faq.rst                   | 13 +++----------
 doc/source/guides/multinode-lab.rst  | 13 +++----------
 doc/source/guides/single-machine.rst | 13 +++----------
 doc/source/guides/single-vm.rst      | 13 +++----------
 doc/source/local.conf.rst            | 13 +++----------
 doc/source/localrc.rst               | 13 +++----------
 doc/source/openrc.rst                | 13 +++----------
 doc/source/overview.rst              | 13 +++----------
 doc/source/plugins.rst               | 13 +++----------
 doc/source/stackrc.rst               | 13 +++----------
 15 files changed, 45 insertions(+), 147 deletions(-)

diff --git a/doc/source/changes.rst b/doc/source/changes.rst
index ccd96e8a7e..f4a326d60e 100644
--- a/doc/source/changes.rst
+++ b/doc/source/changes.rst
@@ -1,10 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
+=======
+Changes
+=======
 
 Recent Changes What's been happening?
 -------------------------------------
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 9befc908ea..eba295622b 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Configuration Making it go my way
----------------------------------
+=============
+Configuration
+=============
 
 DevStack has always tried to be mostly-functional with a minimal amount
 of configuration. The number of options has ballooned as projects add
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index 73069e788b..b4f9f37902 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Contributing Help us help you
------------------------------
+============
+Contributing
+============
 
 DevStack uses the standard OpenStack contribution process as outlined in
 `the OpenStack wiki 'How To
diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
index c91d3417de..1284b8883b 100644
--- a/doc/source/eucarc.rst
+++ b/doc/source/eucarc.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-eucarc EC2 settings
--------------------
+=====================
+eucarc - EC2 Settings
+=====================
 
 ``eucarc`` creates EC2 credentials for the current user as defined by
 ``OS_TENANT_NAME:OS_USERNAME``. ``eucarc`` sources ``openrc`` at the
diff --git a/doc/source/exerciserc.rst b/doc/source/exerciserc.rst
index ed3f2e87b6..f3780c34c5 100644
--- a/doc/source/exerciserc.rst
+++ b/doc/source/exerciserc.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-exerciserc Exercise settings
-----------------------------
+==============================
+exerciserc - Exercise Settings
+==============================
 
 ``exerciserc`` is used to configure settings for the exercise scripts.
 The values shown below are the default values. Thse can all be
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 36b25b3039..7b33b41741 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-FAQ: Using DevStack Making to behave
-------------------------------------
+===
+FAQ
+===
 
 -  `General Questions <#general>`__
 -  `Operation and Configuration <#ops_conf>`__
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 0b1ebb931b..1c53227835 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview <../overview.html>`__
--  `Changes <../changes.html>`__
--  `FAQ <../faq.html>`__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Multi-Node Lab: Serious Stuff
-=============================
+==============
+Multi-Node Lab
+==============
 
 Here is OpenStack in a realistic test configuration with multiple
 physical servers.
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 3e0a39cad5..60595118ee 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview <../overview.html>`__
--  `Changes <../changes.html>`__
--  `FAQ <../faq.html>`__
--  `git.openstack.org `__
--  `Gerrit `__
-
-All-In-One: Dedicated Hardware
-==============================
+==========
+All-In-One
+==========
 
 Things are about to get real! Using OpenStack in containers or VMs is
 nice for kicking the tires, but doesn't compare to the feeling you get
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index 35efb14939..d296db6298 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview <../overview.html>`__
--  `Changes <../changes.html>`__
--  `FAQ <../faq.html>`__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Running a Cloud in a VM
-=======================
+=============
+Cloud in a VM
+=============
 
 Use the cloud to build the cloud! Use your cloud to launch new versions
 of OpenStack in about 5 minutes. When you break it, start over! The VMs
diff --git a/doc/source/local.conf.rst b/doc/source/local.conf.rst
index e1de44c2c7..a9dfcb0ac7 100644
--- a/doc/source/local.conf.rst
+++ b/doc/source/local.conf.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-local.conf User settings
-------------------------
+==========================
+local.conf - User Settings
+==========================
 
 ``local.conf`` is a user-maintained setings file that is sourced in
 ``stackrc``. It contains a section that replaces the historical
diff --git a/doc/source/localrc.rst b/doc/source/localrc.rst
index 487280bae5..98f308302f 100644
--- a/doc/source/localrc.rst
+++ b/doc/source/localrc.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-localrc User settings
----------------------
+=====================
+localrc - The Old Way
+=====================
 
 ``localrc`` is the old file used to configure DevStack. It is deprecated
 and has been replaced by ```local.conf`` `__. DevStack
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index ce5765aa60..dc12f76b84 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-openrc User authentication settings
------------------------------------
+=====================================
+openrc - User Authentication Settings
+=====================================
 
 ``openrc`` configures login credentials suitable for use with the
 OpenStack command-line tools. ``openrc`` sources ``stackrc`` at the
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index cedf941bcd..e3cf75dd29 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Overview DevStack from a cloud-height view
-------------------------------------------
+========
+Overview
+========
 
 DevStack has evolved to support a large number of configuration options
 and alternative platforms and support services. That evolution has grown
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 0747b59f3c..282c1a4a3b 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-Plugins Add stuff
------------------
+=======
+Plugins
+=======
 
 DevStack has a couple of plugin mechanisms to allow easily adding
 support for additional projects and features.
diff --git a/doc/source/stackrc.rst b/doc/source/stackrc.rst
index 5d9d2218c6..0faab45c2f 100644
--- a/doc/source/stackrc.rst
+++ b/doc/source/stackrc.rst
@@ -1,13 +1,6 @@
-`DevStack `__
-
--  `Overview `__
--  `Changes `__
--  `FAQ `__
--  `git.openstack.org `__
--  `Gerrit `__
-
-stackrc DevStack settings
--------------------------
+===========================
+stackrc - DevStack Settings
+===========================
 
 ``stackrc`` is the primary configuration file for DevStack. It contains
 all of the settings that control the services started and the

From 6a709ab25a294d03009936322d753ce13ead1204 Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Thu, 6 Nov 2014 08:36:09 +0000
Subject: [PATCH 0123/3421] Add ODL_NAME variable for OpenDaylight
 configuration

This makes the name of the unzipped package configurable so you can run
with releases other than the default specified in lib/opendaylight.

Change-Id: Iad879c558d742da03375cb61b0c2ef141573ffec
---
 lib/opendaylight | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/lib/opendaylight b/lib/opendaylight
index 374de953c6..bdebe5846d 100644
--- a/lib/opendaylight
+++ b/lib/opendaylight
@@ -44,6 +44,9 @@ ODL_USERNAME=${ODL_USERNAME:-admin}
 # The ODL password
 ODL_PASSWORD=${ODL_PASSWORD:-admin}
 
+# Short name of ODL package
+ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.0-Helium}
+
 # 
 ODL_DIR=$DEST/opendaylight
 
@@ -87,23 +90,23 @@ function cleanup_opendaylight {
 # configure_opendaylight() - Set config files, create data dirs, etc
 function configure_opendaylight {
     # Add odl-ovsdb-openstack if it's not already there
-    local ODLOVSDB=$(cat $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/org.apache.karaf.features.cfg | grep featuresBoot= | grep odl)
+    local ODLOVSDB=$(cat $ODL_DIR/$ODL_NAME/etc/org.apache.karaf.features.cfg | grep featuresBoot= | grep odl)
     if [ "$ODLOVSDB" == "" ]; then
-        sed -i '/^featuresBoot=/ s/$/,odl-ovsdb-openstack/' $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/org.apache.karaf.features.cfg
+        sed -i '/^featuresBoot=/ s/$/,odl-ovsdb-openstack/' $ODL_DIR/$ODL_NAME/etc/org.apache.karaf.features.cfg
     fi
 
     # Configure OpenFlow 1.3 if it's not there
-    local OFLOW13=$(cat $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties | grep ^of.version)
+    local OFLOW13=$(cat $ODL_DIR/$ODL_NAME/etc/custom.properties | grep ^of.version)
     if [ "$OFLOW13" == "" ]; then
-        echo "ovsdb.of.version=1.3" >> $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties
+        echo "ovsdb.of.version=1.3" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
     fi
 
     # Configure L3 if the user wants it
     if [ "${ODL_L3}" == "True" ]; then
         # Configure L3 FWD if it's not there
-        local L3FWD=$(cat $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties | grep ^ovsdb.l3.fwd.enabled)
+        local L3FWD=$(cat $ODL_DIR/$ODL_NAME/etc/custom.properties | grep ^ovsdb.l3.fwd.enabled)
         if [ "$L3FWD" == "" ]; then
-            echo "ovsdb.l3.fwd.enabled=yes" >> $ODL_DIR/distribution-karaf-0.2.0-Helium/etc/custom.properties
+            echo "ovsdb.l3.fwd.enabled=yes" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
         fi
     fi
 }
@@ -156,7 +159,7 @@ function start_opendaylight {
     #   -of13: runs ODL using OpenFlow 1.3 protocol support.
     #   -virt ovsdb: Runs ODL in "virtualization" mode with OVSDB support
 
-    run_process odl-server "cd $ODL_DIR/distribution-karaf-0.2.0-Helium && JAVA_HOME=$JHOME bin/karaf"
+    run_process odl-server "cd $ODL_DIR/$ODL_NAME && JAVA_HOME=$JHOME bin/karaf"
 
     # Sleep a bit to let OpenDaylight finish starting up
     sleep $ODL_BOOT_WAIT

From d224ae1086c7641726a961208cab8af350a81b51 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 6 Nov 2014 09:33:02 -0600
Subject: [PATCH 0124/3421] Update index page doc links

This updates the form of the links to other documents in the tree;
the generated HTML links must remain in the original form.

Change-Id: I6c2179e3b7cb5b8e2589ede84ab7d02340812e80
---
 doc/source/index.rst | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 6c38216d26..2128620ffd 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -42,8 +42,8 @@ Quick Start This ain't your first rodeo
 
 #. Configure
 
-   We recommend at least a `minimal
-   configuration `__ be set up.
+   We recommend at least a :doc:`minimal
+   configuration ` be set up.
 
 #. Start the install
 
@@ -69,9 +69,9 @@ any hardware.
 Virtual Machine
 ~~~~~~~~~~~~~~~
 
-`Run OpenStack in a VM `__. The VMs launched in your cloud will be slow as
+:doc:`Run OpenStack in a VM `. The VMs launched in your cloud will be slow as
 they are running in QEMU (emulation), but it is useful if you don't have
-spare hardware laying around. `[Read] `__
+spare hardware laying around. :doc:`[Read] `
 
 OpenStack on Hardware
 ---------------------
@@ -83,13 +83,13 @@ running a multi-node deployment on datacenter hardware.
 All-In-One
 ~~~~~~~~~~
 
-`Run OpenStack on dedicated hardware `__ to get real performance in your VMs.
-This can include a server-class machine or a laptop at home. `[Read] `__
+:doc:`Run OpenStack on dedicated hardware ` to get real performance in your VMs.
+This can include a server-class machine or a laptop at home. :doc:`[Read] `
 
 Multi-Node + VLANs
 ~~~~~~~~~~~~~~~~~~
 
-`Setup a multi-node cluster `__ with dedicated VLANs for VMs & Management. `[Read] `__
+:doc:`Setup a multi-node cluster ` with dedicated VLANs for VMs & Management. :doc:`[Read] `
 
 Documentation
 =============
@@ -97,32 +97,32 @@ Documentation
 Overview
 --------
 
-`An overview of DevStack goals and priorities `__
+:doc:`An overview of DevStack goals and priorities `
 
 Configuration
 -------------
 
-`Configuring and customizing the stack `__
+:doc:`Configuring and customizing the stack `
 
 Plugins
 -------
 
-`Extending DevStack with new features `__
+:doc:`Extending DevStack with new features `
 
 Recent Changes
 --------------
 
-`An incomplete summary of recent changes `__
+:doc:`An incomplete summary of recent changes `
 
 FAQ
 ---
 
-`The DevStack FAQ `__
+:doc:`The DevStack FAQ `
 
 Contributing
 ------------
 
-`Pitching in to make DevStack a better place `__
+:doc:`Pitching in to make DevStack a better place `
 
 Code
 ====

From a12dee433c12c336d804ebe36a6a36f7d3c85f65 Mon Sep 17 00:00:00 2001
From: sailajay 
Date: Thu, 6 Nov 2014 16:14:32 -0800
Subject: [PATCH 0125/3421] Devstack Nuage Plugin correct the ovs_bridge
 parameter

This commit fixes the name of ovs_bridge parameter and the section it is set in nova.conf by the nuage plugin

Closes-Bug: 1390256

Change-Id: I63c929e827db10d0cf5450907a273d880fc757f6
---
 lib/neutron_plugins/nuage | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/nuage b/lib/neutron_plugins/nuage
index 52d85a26cc..70de8fad01 100644
--- a/lib/neutron_plugins/nuage
+++ b/lib/neutron_plugins/nuage
@@ -7,7 +7,7 @@ set +o xtrace
 
 function neutron_plugin_create_nova_conf {
     NOVA_OVS_BRIDGE=${NOVA_OVS_BRIDGE:-"br-int"}
-    iniset $NOVA_CONF DEFAULT neutron_ovs_bridge $NOVA_OVS_BRIDGE
+    iniset $NOVA_CONF neutron ovs_bridge $NOVA_OVS_BRIDGE
     NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
     LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
     iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER

From 26dd21be8cbf789a8774c9a1941b364a497c4643 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 6 Nov 2014 09:33:02 -0600
Subject: [PATCH 0126/3421] One last format and content cleanup for the index
 page

Update the form of the links to other documents in the tree;
the generated HTML links must remain in the original form.
The layout is changed from the previous tables to a more Sphinx-y
TOC-like list.

Also editorial changes to the index page and guide titles

Change-Id: I52df0cc542754c386fb3c99d9efdf2524c11bf48
---
 doc/source/guides/single-machine.rst |   6 +-
 doc/source/guides/single-vm.rst      |   6 +-
 doc/source/index.rst                 | 294 +++++++++------------------
 doc/source/localrc.rst               |   9 -
 4 files changed, 107 insertions(+), 208 deletions(-)
 delete mode 100644 doc/source/localrc.rst

diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 60595118ee..9eaa38a49a 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -1,6 +1,6 @@
-==========
-All-In-One
-==========
+=========================
+All-In-One Single Machine
+=========================
 
 Things are about to get real! Using OpenStack in containers or VMs is
 nice for kicking the tires, but doesn't compare to the feeling you get
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index d296db6298..ef59953eb6 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -1,6 +1,6 @@
-=============
-Cloud in a VM
-=============
+====================
+All-In-One Single VM
+====================
 
 Use the cloud to build the cloud! Use your cloud to launch new versions
 of OpenStack in about 5 minutes. When you break it, start over! The VMs
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 2128620ffd..dbefdec144 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -12,11 +12,8 @@ DevStack - an OpenStack Community Production
    changes
    contributing
 
-   guides/*
-
-
-Quick Start This ain't your first rodeo
----------------------------------------
+Quick Start
+-----------
 
 #. Select a Linux Distribution
 
@@ -59,40 +56,36 @@ Guides
 
 Walk through various setups used by stackers
 
-OpenStack on VMs
-----------------
+.. toctree::
+   :glob:
+   :maxdepth: 1
 
-These guides tell you how to virtualize your OpenStack cloud in virtual
-machines. This means that you can get started without having to purchase
-any hardware.
+   guides/single-vm
+   guides/single-machine
+   guides/multinode-lab
 
-Virtual Machine
-~~~~~~~~~~~~~~~
+All-In-One Single VM
+--------------------
 
-:doc:`Run OpenStack in a VM `. The VMs launched in your cloud will be slow as
+Run :doc:`OpenStack in a VM `. The VMs launched in your cloud will be slow as
 they are running in QEMU (emulation), but it is useful if you don't have
 spare hardware laying around. :doc:`[Read] `
 
-OpenStack on Hardware
----------------------
+All-In-One Single Machine
+-------------------------
 
-These guides tell you how to deploy a development environment on real
-hardware. Guides range from running OpenStack on a single laptop to
-running a multi-node deployment on datacenter hardware.
+Run :doc:`OpenStack on dedicated hardware `  This can include a
+server-class machine or a laptop at home.
+:doc:`[Read] `
 
-All-In-One
-~~~~~~~~~~
-
-:doc:`Run OpenStack on dedicated hardware ` to get real performance in your VMs.
-This can include a server-class machine or a laptop at home. :doc:`[Read] `
-
-Multi-Node + VLANs
-~~~~~~~~~~~~~~~~~~
+Multi-Node Lab
+--------------
 
-:doc:`Setup a multi-node cluster ` with dedicated VLANs for VMs & Management. :doc:`[Read] `
+Setup a :doc:`multi-node cluster ` with dedicated VLANs for VMs & Management.
+:doc:`[Read] `
 
-Documentation
-=============
+DevStack Documentation
+======================
 
 Overview
 --------
@@ -127,187 +120,102 @@ Contributing
 Code
 ====
 
-A look at the bits that make it all go
+*A look at the bits that make it all go*
 
 Scripts
 -------
 
-Generated documentation of DevStack scripts.
-
-+-------------------------------+----------------------------------------------+
-| Filename                      | Link                                         |
-+===============================+==============================================+
-| stack.sh                      | `Read » `__                   |
-+-------------------------------+----------------------------------------------+
-| functions                     | `Read » `__                  |
-+-------------------------------+----------------------------------------------+
-| functions-common              | `Read » `__           |
-+-------------------------------+----------------------------------------------+
-| lib/apache                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| lib/baremetal                 | `Read » `__              |
-+-------------------------------+----------------------------------------------+
-| lib/ceilometer                | `Read » `__             |
-+-------------------------------+----------------------------------------------+
-| lib/cinder                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| lib/config                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| lib/database                  | `Read » `__               |
-+-------------------------------+----------------------------------------------+
-| lib/glance                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| lib/heat                      | `Read » `__                   |
-+-------------------------------+----------------------------------------------+
-| lib/horizon                   | `Read » `__                |
-+-------------------------------+----------------------------------------------+
-| lib/infra                     | `Read » `__                  |
-+-------------------------------+----------------------------------------------+
-| lib/ironic                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| lib/keystone                  | `Read » `__               |
-+-------------------------------+----------------------------------------------+
-| lib/ldap                      | `Read » `__                   |
-+-------------------------------+----------------------------------------------+
-| lib/zaqar                     | `Read » `__                  |
-+-------------------------------+----------------------------------------------+
-| lib/neutron                   | `Read » `__                |
-+-------------------------------+----------------------------------------------+
-| lib/nova                      | `Read » `__                   |
-+-------------------------------+----------------------------------------------+
-| lib/oslo                      | `Read » `__                   |
-+-------------------------------+----------------------------------------------+
-| lib/rpc\_backend              | `Read » `__            |
-+-------------------------------+----------------------------------------------+
-| lib/sahara                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| lib/savanna                   | `Read » `__                |
-+-------------------------------+----------------------------------------------+
-| lib/stackforge                | `Read » `__             |
-+-------------------------------+----------------------------------------------+
-| lib/swift                     | `Read » `__                  |
-+-------------------------------+----------------------------------------------+
-| lib/tempest                   | `Read » `__                |
-+-------------------------------+----------------------------------------------+
-| lib/tls                       | `Read » `__                    |
-+-------------------------------+----------------------------------------------+
-| lib/trove                     | `Read » `__                  |
-+-------------------------------+----------------------------------------------+
-| unstack.sh                    | `Read » `__                 |
-+-------------------------------+----------------------------------------------+
-| clean.sh                      | `Read » `__                   |
-+-------------------------------+----------------------------------------------+
-| run\_tests.sh                 | `Read » `__               |
-+-------------------------------+----------------------------------------------+
-| extras.d/50-ironic.sh         | `Read » `__         |
-+-------------------------------+----------------------------------------------+
-| extras.d/70-zaqar.sh          | `Read » `__          |
-+-------------------------------+----------------------------------------------+
-| extras.d/70-sahara.sh         | `Read » `__         |
-+-------------------------------+----------------------------------------------+
-| extras.d/70-savanna.sh        | `Read » `__        |
-+-------------------------------+----------------------------------------------+
-| extras.d/70-trove.sh          | `Read » `__          |
-+-------------------------------+----------------------------------------------+
-| extras.d/80-opendaylight.sh   | `Read » `__   |
-+-------------------------------+----------------------------------------------+
-| extras.d/80-tempest.sh        | `Read » `__        |
-+-------------------------------+----------------------------------------------+
+* `stack.sh `__ - The main script
+* `functions `__ - DevStack-specific functions
+* `functions-common `__ - Functions shared with other projects
+* `lib/apache `__
+* `lib/baremetal `__
+* `lib/ceilometer `__
+* `lib/ceph `__
+* `lib/cinder `__
+* `lib/config `__
+* `lib/database `__
+* `lib/dib `__
+* `lib/dstat `__
+* `lib/glance `__
+* `lib/heat `__
+* `lib/horizon `__
+* `lib/infra `__
+* `lib/ironic `__
+* `lib/keystone `__
+* `lib/ldap `__
+* `lib/neutron `__
+* `lib/nova `__
+* `lib/opendaylight `__
+* `lib/oslo `__
+* `lib/rpc\_backend `__
+* `lib/sahara `__
+* `lib/stackforge `__
+* `lib/swift `__
+* `lib/tempest `__
+* `lib/tls `__
+* `lib/trove `__
+* `lib/zaqar `__
+* `unstack.sh `__
+* `clean.sh `__
+* `run\_tests.sh `__
+
+* `extras.d/40-dib.sh `__
+* `extras.d/50-ironic.sh `__
+* `extras.d/60-ceph.sh `__
+* `extras.d/70-sahara.sh `__
+* `extras.d/70-trove.sh `__
+* `extras.d/70-zaqar.sh `__
+* `extras.d/80-opendaylight.sh `__
+* `extras.d/80-tempest.sh `__
 
 Configuration
 -------------
 
-+--------------+--------------------------------+
-| Filename     | Link                           |
-+==============+================================+
-| local.conf   | `Read » `__   |
-+--------------+--------------------------------+
-| stackrc      | `Read » `__      |
-+--------------+--------------------------------+
-| openrc       | `Read » `__       |
-+--------------+--------------------------------+
-| exerciserc   | `Read » `__   |
-+--------------+--------------------------------+
-| eucarc       | `Read » `__       |
-+--------------+--------------------------------+
+.. toctree::
+   :glob:
+   :maxdepth: 1
+
+   local.conf
+   stackrc
+   openrc
+   exerciserc
+   eucarc
 
 Tools
 -----
 
-+-----------------------------+----------------------------------------------+
-| Filename                    | Link                                         |
-+=============================+==============================================+
-| tools/info.sh               | `Read » `__              |
-+-----------------------------+----------------------------------------------+
-| tools/build\_docs.sh        | `Read » `__        |
-+-----------------------------+----------------------------------------------+
-| tools/create\_userrc.sh     | `Read » `__     |
-+-----------------------------+----------------------------------------------+
-| tools/fixup\_stuff.sh       | `Read » `__       |
-+-----------------------------+----------------------------------------------+
-| tools/install\_prereqs.sh   | `Read » `__   |
-+-----------------------------+----------------------------------------------+
-| tools/install\_pip.sh       | `Read » `__       |
-+-----------------------------+----------------------------------------------+
-| tools/upload\_image.sh      | `Read » `__      |
-+-----------------------------+----------------------------------------------+
+* `tools/build\_docs.sh `__
+* `tools/create-stack-user.sh `__
+* `tools/create\_userrc.sh `__
+* `tools/fixup\_stuff.sh `__
+* `tools/info.sh `__
+* `tools/install\_pip.sh `__
+* `tools/install\_prereqs.sh `__
+* `tools/make\_cert.sh `__
+* `tools/upload\_image.sh `__
 
 Samples
 -------
 
-Generated documentation of DevStack sample files.
-
-+------------+--------------------------------------+
-| Filename   | Link                                 |
-+============+======================================+
-| local.sh   | `Read » `__   |
-+------------+--------------------------------------+
-| localrc    | `Read » `__    |
-+------------+--------------------------------------+
+* `local.sh `__
 
 Exercises
 ---------
 
-+---------------------------------+-------------------------------------------------+
-| Filename                        | Link                                            |
-+=================================+=================================================+
-| exercise.sh                     | `Read » `__                   |
-+---------------------------------+-------------------------------------------------+
-| exercises/aggregates.sh         | `Read » `__       |
-+---------------------------------+-------------------------------------------------+
-| exercises/boot\_from\_volume.sh | `Read » `__ |
-+---------------------------------+-------------------------------------------------+
-| exercises/bundle.sh             | `Read » `__           |
-+---------------------------------+-------------------------------------------------+
-| exercises/client-args.sh        | `Read » `__      |
-+---------------------------------+-------------------------------------------------+
-| exercises/client-env.sh         | `Read » `__       |
-+---------------------------------+-------------------------------------------------+
-| exercises/euca.sh               | `Read » `__             |
-+---------------------------------+-------------------------------------------------+
-| exercises/floating\_ips.sh      | `Read » `__     |
-+---------------------------------+-------------------------------------------------+
-| exercises/horizon.sh            | `Read » `__          |
-+---------------------------------+-------------------------------------------------+
-| exercises/neutron-adv-test.sh   | `Read » `__ |
-+---------------------------------+-------------------------------------------------+
-| exercises/sahara.sh             | `Read » `__           |
-+---------------------------------+-------------------------------------------------+
-| exercises/savanna.sh            | `Read » `__          |
-+---------------------------------+-------------------------------------------------+
-| exercises/sec\_groups.sh        | `Read » `__       |
-+---------------------------------+-------------------------------------------------+
-| exercises/swift.sh              | `Read » `__            |
-+---------------------------------+-------------------------------------------------+
-| exercises/trove.sh              | `Read » `__            |
-+---------------------------------+-------------------------------------------------+
-| exercises/volumes.sh            | `Read » `__          |
-+---------------------------------+-------------------------------------------------+
-| exercises/zaqar.sh              | `Read » `__            |
-+---------------------------------+-------------------------------------------------+
-
-.. toctree::
-   :glob:
-   :maxdepth: 1
-
-   *
+* `exercise.sh `__
+* `exercises/aggregates.sh `__
+* `exercises/boot\_from\_volume.sh `__
+* `exercises/bundle.sh `__
+* `exercises/client-args.sh `__
+* `exercises/client-env.sh `__
+* `exercises/euca.sh `__
+* `exercises/floating\_ips.sh `__
+* `exercises/horizon.sh `__
+* `exercises/neutron-adv-test.sh `__
+* `exercises/sahara.sh `__
+* `exercises/sec\_groups.sh `__
+* `exercises/swift.sh `__
+* `exercises/trove.sh `__
+* `exercises/volumes.sh `__
+* `exercises/zaqar.sh `__
diff --git a/doc/source/localrc.rst b/doc/source/localrc.rst
deleted file mode 100644
index 98f308302f..0000000000
--- a/doc/source/localrc.rst
+++ /dev/null
@@ -1,9 +0,0 @@
-=====================
-localrc - The Old Way
-=====================
-
-``localrc`` is the old file used to configure DevStack. It is deprecated
-and has been replaced by ```local.conf`` `__. DevStack
-will continue to use ``localrc`` if it is present and ignore the
-``localrc`` section in ``local.conf.``. Remove ``localrc`` to switch to
-using the new file.

From ea3cdfad1fe6f63c8a6acdd4df4b5c4db85fabb5 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Sat, 8 Nov 2014 08:29:16 -0600
Subject: [PATCH 0127/3421] Pass through the rest of the docs

Do the link cleanups and update a handful of things that were
out of date.

Change-Id: I758027bf3577c66cfb13df963516823a5c247080
---
 doc/source/configuration.rst         |  2 +-
 doc/source/contributing.rst          | 17 ++++++-------
 doc/source/faq.rst                   |  7 ++----
 doc/source/guides/multinode-lab.rst  |  6 ++---
 doc/source/guides/single-machine.rst |  4 ++--
 doc/source/local.conf.rst            |  4 ++--
 doc/source/openrc.rst                | 36 +++++++++++-----------------
 doc/source/overview.rst              |  2 +-
 doc/source/plugins.rst               |  4 ++--
 doc/source/stackrc.rst               |  4 ++--
 10 files changed, 38 insertions(+), 48 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index eba295622b..a4d940d762 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -74,7 +74,7 @@ A specific meta-section ``local|localrc`` is used to provide a default
 ``localrc`` file (actually ``.localrc.auto``). This allows all custom
 settings for DevStack to be contained in a single file. If ``localrc``
 exists it will be used instead to preserve backward-compatibility. More
-details on the `contents of localrc `__ are available.
+details on the :doc:`contents of local.conf ` are available.
 
 ::
 
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index b4f9f37902..7ca3d64afd 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -59,16 +59,17 @@ Code
 The DevStack repo generally keeps all of the primary scripts at the root
 level.
 
-``docs`` - Contains the source for this website. It is built using
-``tools/build_docs.sh``.
+``doc`` - Contains the Sphinx source for the documentation.
+``tools/build_docs.sh`` is used to generate the HTML versions of the
+DevStack scripts.  A complete doc build can be run with ``tox -edocs``.
 
-``exercises`` - Contains the test scripts used to validate and
+``exercises`` - Contains the test scripts used to sanity-check and
 demonstrate some OpenStack functions. These scripts know how to exit
 early or skip services that are not enabled.
 
 ``extras.d`` - Contains the dispatch scripts called by the hooks in
-``stack.sh``, ``unstack.sh`` and ``clean.sh``. See `the plugins
-docs `__ for more information.
+``stack.sh``, ``unstack.sh`` and ``clean.sh``. See :doc:`the plugins
+docs ` for more information.
 
 ``files`` - Contains a variety of otherwise lost files used in
 configuring and operating DevStack. This includes templates for
@@ -84,10 +85,10 @@ there are some for system services and project plugins.
 DevStack repo.
 
 ``tests`` - the DevStack test suite is rather sparse, mostly consisting
-of test of specific fragile functions in the ``functions`` file.
+of test of specific fragile functions in the ``functions`` and
+``functions-common`` files.
 
-``tools`` - Contains a collection of stand-alone scripts, some of which
-have aged a bit (does anyone still do ramdisk installs?). While these
+``tools`` - Contains a collection of stand-alone scripts. While these
 may reference the top-level DevStack configuration they can generally be
 run alone. There are also some sub-directories to support specific
 environments such as XenServer.
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 7b33b41741..b7943ba130 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -47,11 +47,8 @@ Q: I'd like to help!
     and bug reports go to
     `LaunchPad `__. Contributions
     follow the usual process as described in the `OpenStack
-    wiki `__ even though
-    DevStack is not an official OpenStack project. This site is housed
-    in the CloudBuilder's
-    `github `__ in the
-    gh-pages branch.
+    wiki `__. This Sphinx
+    documentation is housed in the doc directory.
 Q: Why not use packages?
     A: Unlike packages, DevStack leaves your cloud ready to develop -
     checkouts of the code and services running in screen. However, many
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 1c53227835..4c60b6a745 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -16,9 +16,9 @@ download the `Minimal
 CD `__ for
 Ubuntu releases since DevStack will download & install all the
 additional dependencies. The netinstall ISO is available for
-`Fedora `__
+`Fedora `__
 and
-`CentOS/RHEL `__.
+`CentOS/RHEL `__.
 
 Install a couple of packages to bootstrap configuration:
 
@@ -284,7 +284,7 @@ Volumes
 
 DevStack will automatically use an existing LVM volume group named
 ``stack-volumes`` to store cloud-created volumes. If ``stack-volumes``
-doesn't exist, DevStack will set up a 5Gb loop-mounted file to contain
+doesn't exist, DevStack will set up a 10Gb loop-mounted file to contain
 it. This obviously limits the number and size of volumes that can be
 created inside OpenStack. The size can be overridden by setting
 ``VOLUME_BACKING_FILE_SIZE`` in ``local.conf``.
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 9eaa38a49a..a7a1099bc7 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -17,9 +17,9 @@ download the `Minimal
 CD `__ for
 Ubuntu releases since DevStack will download & install all the
 additional dependencies. The netinstall ISO is available for
-`Fedora `__
+`Fedora `__
 and
-`CentOS/RHEL `__.
+`CentOS/RHEL `__.
 You may be tempted to use a desktop distro on a laptop, it will probably
 work but you may need to tell Network Manager to keep its fingers off
 the interface(s) that OpenStack uses for bridging.
diff --git a/doc/source/local.conf.rst b/doc/source/local.conf.rst
index a9dfcb0ac7..b2f7557e6d 100644
--- a/doc/source/local.conf.rst
+++ b/doc/source/local.conf.rst
@@ -4,6 +4,6 @@ local.conf - User Settings
 
 ``local.conf`` is a user-maintained setings file that is sourced in
 ``stackrc``. It contains a section that replaces the historical
-``localrc`` file. See `the description of
-local.conf `__ for more details about the mechanics
+``localrc`` file. See the description of
+:doc:`local.conf ` for more details about the mechanics
 of the file.
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index dc12f76b84..56ff5c2edb 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -8,29 +8,30 @@ beginning (which in turn sources the ``localrc`` setion of
 ``local.conf``) in order to pick up ``HOST_IP`` and/or ``SERVICE_HOST``
 to use in the endpoints. The values shown below are the default values.
 
-OS\_TENANT\_NAME
-    The introduction of Keystone to the OpenStack ecosystem has
-    standardized the term *tenant* as the entity that owns resources. In
-    some places references still exist to the original Nova term
-    *project* for this use. Also, *tenant\_name* is preferred to
-    *tenant\_id*.
+OS\_PROJECT\_NAME (OS\_TENANT\_NAME)
+    Keystone has
+    standardized the term *project* as the entity that owns resources. In
+    some places references still exist to the previous term
+    *tenant* for this use. Also, *project\_name* is preferred to
+    *project\_id*.  OS\_TENANT\_NAME remains supported for compatibility
+    with older tools.
 
     ::
 
-        OS_TENANT_NAME=demo
+        OS_PROJECT_NAME=demo
 
 OS\_USERNAME
-    In addition to the owning entity (tenant), Nova stores the entity
-    performing the action as the *user*.
+    In addition to the owning entity (project), OpenStack calls the entity
+    performing the action *user*.
 
     ::
 
         OS_USERNAME=demo
 
 OS\_PASSWORD
-    With Keystone you pass the keystone password instead of an api key.
-    Recent versions of novaclient use OS\_PASSWORD instead of
-    NOVA\_API\_KEYs or NOVA\_PASSWORD.
+    Keystone's default authentication requires a password be provided.
+    The usual cautions about putting passwords in environment variables
+    apply, for most DevStack uses this may be an acceptable tradeoff.
 
     ::
 
@@ -39,7 +40,7 @@ OS\_PASSWORD
 HOST\_IP, SERVICE\_HOST
     Set API endpoint host using ``HOST_IP``. ``SERVICE_HOST`` may also
     be used to specify the endpoint, which is convenient for some
-    ``localrc`` configurations. Typically, ``HOST_IP`` is set in the
+    ``local.conf`` configurations. Typically, ``HOST_IP`` is set in the
     ``localrc`` section.
 
     ::
@@ -57,15 +58,6 @@ OS\_AUTH\_URL
 
         OS_AUTH_URL=http://$SERVICE_HOST:5000/v2.0
 
-GLANCE\_HOST
-    Some exercises call Glance directly. On a single-node installation,
-    Glance should be listening on ``HOST_IP``. If its running elsewhere
-    it can be set here.
-
-    ::
-
-        GLANCE_HOST=$HOST_IP
-
 KEYSTONECLIENT\_DEBUG, NOVACLIENT\_DEBUG
     Set command-line client log level to ``DEBUG``. These are commented
     out by default.
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index e3cf75dd29..40782403fa 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -73,7 +73,7 @@ Compute (Nova), Network (Nova), Dashboard (Horizon), Orchestration
 (Heat)
 
 Additional services not included directly in DevStack can be tied in to
-``stack.sh`` using the `plugin mechanism `__ to call
+``stack.sh`` using the :doc:`plugin mechanism ` to call
 scripts that perform the configuration and startup of the service.
 
 Node Configurations
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 282c1a4a3b..b4136c4653 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -8,8 +8,8 @@ support for additional projects and features.
 Extras.d Hooks
 ~~~~~~~~~~~~~~
 
-These relatively new hooks are an extension of the existing calls from
-``stack.sh`` at the end of its run, plus ``unstack.sh`` and
+These hooks are an extension of the service calls in
+``stack.sh`` at specific points in its run, plus ``unstack.sh`` and
 ``clean.sh``. A number of the higher-layer projects are implemented in
 DevStack using this mechanism.
 
diff --git a/doc/source/stackrc.rst b/doc/source/stackrc.rst
index 0faab45c2f..b21f74f761 100644
--- a/doc/source/stackrc.rst
+++ b/doc/source/stackrc.rst
@@ -15,12 +15,12 @@ ENABLED\_SERVICES
     Specify which services to launch. These generally correspond to
     screen tabs. The default includes: Glance (API and Registry),
     Keystone, Nova (API, Certificate, Object Store, Compute, Network,
-    Scheduler, VNC proxies, Certificate Authentication), Cinder
+    Scheduler, Certificate Authentication), Cinder
     (Scheduler, API, Volume), Horizon, MySQL, RabbitMQ, Tempest.
 
     ::
 
-        ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
+        ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,c-sch,c-api,c-vol,n-sch,n-cauth,horizon,rabbit,tempest,$DATABASE_TYPE
 
     Other services that are not enabled by default can be enabled in
     ``localrc``. For example, to add Swift, use the following service

From 90f77fb01579b1859199b451d090170d4752a3e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= 
Date: Fri, 31 Oct 2014 12:05:20 +0100
Subject: [PATCH 0128/3421] Fix DevStack Ceph on the Giant release
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As of the Ceph Giant release, pools 'data' and 'metadata' (used for
CephFS) were removed. Thus applying the pool change command fails on
Giant since those pools don't exist anymore. Now we are checking for
every release prior to Giant and apply proper commands accordingly.

Change-Id: Ia12042899c0e6809f5b98c2e0de177bb61c8a790
Signed-off-by: Sébastien Han 
---
 lib/ceph | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index e55738c0d2..2ddf5dbb6a 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -71,6 +71,11 @@ CEPH_REPLICAS_SEQ=$(seq ${CEPH_REPLICAS})
 # Functions
 # ------------
 
+function get_ceph_version {
+    local ceph_version_str=$(sudo ceph daemon mon.$(hostname) version | cut -d '"' -f 4)
+    echo $ceph_version_str
+}
+
 # import_libvirt_secret_ceph() - Imports Cinder user key into libvirt
 # so it can connect to the Ceph cluster while attaching a Cinder block device
 function import_libvirt_secret_ceph {
@@ -154,10 +159,16 @@ EOF
         sleep 5
     done
 
+    # pools data and metadata were removed in the Giant release so depending on the version we apply different commands
+    local ceph_version=$(get_ceph_version)
     # change pool replica size according to the CEPH_REPLICAS set by the user
-    sudo ceph -c ${CEPH_CONF_FILE} osd pool set data size ${CEPH_REPLICAS}
-    sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
-    sudo ceph -c ${CEPH_CONF_FILE} osd pool set metadata size ${CEPH_REPLICAS}
+    if [[ ${ceph_version%.*} -eq 0 ]] && [[ ${ceph_version##*.} -lt 87 ]]; then
+        sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
+        sudo ceph -c ${CEPH_CONF_FILE} osd pool set data size ${CEPH_REPLICAS}
+        sudo ceph -c ${CEPH_CONF_FILE} osd pool set metadata size ${CEPH_REPLICAS}
+    else
+        sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
+    fi
 
     # create a simple rule to take OSDs instead of host with CRUSH
     # then apply this rules to the default pool

From af81d672937fb4cefb7d723769af232cac714c22 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Mon, 10 Nov 2014 09:04:54 +0100
Subject: [PATCH 0129/3421] Drop PIP_USE_MIRRORS environment variable

The PIP_USE_MIRRORS does not do anything else than adding
 the --use-mirrors option to the pip command line.

The --use-mirrors is deprecated since pip-1.5,
and does not do anything else than printing a warning message.

For using alternate pypi index url this option is not required and
not sufficient. The current way for using alternate mirrors
is to defining them in the .pip/pip.conf either manually (before
devstack), or by using the PYPI_ALTERNATIVE_URL and PYPI_OVERRIDE
environment variables.

Change-Id: Ia33e783360e5661c2ef03b77e9f7af32b2633f2f
---
 functions-common | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/functions-common b/functions-common
index 9f8476e841..b9d9114512 100644
--- a/functions-common
+++ b/functions-common
@@ -25,7 +25,6 @@
 # - ``FILES``
 # - ``OFFLINE``
 # - ``PIP_DOWNLOAD_CACHE``
-# - ``PIP_USE_MIRRORS``
 # - ``RECLONE``
 # - ``REQUIREMENTS_DIR``
 # - ``STACK_USER``
@@ -1559,7 +1558,7 @@ function get_python_exec_prefix {
 }
 
 # Wrapper for ``pip install`` to set cache and proxy environment variables
-# Uses globals ``OFFLINE``, ``PIP_DOWNLOAD_CACHE``, ``PIP_USE_MIRRORS``,
+# Uses globals ``OFFLINE``, ``PIP_DOWNLOAD_CACHE``,
 # ``TRACK_DEPENDS``, ``*_proxy``
 # pip_install package [package ...]
 function pip_install {
@@ -1585,21 +1584,13 @@ function pip_install {
         local sudo_pip="sudo"
     fi
 
-    # Mirror option not needed anymore because pypi has CDN available,
-    # but it's useful in certain circumstances
-    PIP_USE_MIRRORS=${PIP_USE_MIRRORS:-False}
-    local pip_mirror_opt=""
-    if [[ "$PIP_USE_MIRRORS" != "False" ]]; then
-        pip_mirror_opt="--use-mirrors"
-    fi
-
     $xtrace
     $sudo_pip PIP_DOWNLOAD_CACHE=${PIP_DOWNLOAD_CACHE:-/var/cache/pip} \
         http_proxy=$http_proxy \
         https_proxy=$https_proxy \
         no_proxy=$no_proxy \
         $cmd_pip install \
-        $pip_mirror_opt $@
+        $@
 
     INSTALL_TESTONLY_PACKAGES=$(trueorfalse False $INSTALL_TESTONLY_PACKAGES)
     if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
@@ -1610,7 +1601,7 @@ function pip_install {
                 https_proxy=$https_proxy \
                 no_proxy=$no_proxy \
                 $cmd_pip install \
-                $pip_mirror_opt -r $test_req
+                -r $test_req
         fi
     fi
 }

From c411fcfc9224894db55d82b8ce4fa4a2b68de89d Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 19 Aug 2014 16:48:14 +0200
Subject: [PATCH 0130/3421] Allow installing tempest only with keystone

Modify the lib/tempest to not fail
 if no nova or glance available.

* This allows performance test of keystone and neutron with
  tempest (or tempest stress runner) without having system
  noise from another components.
* Depending on not required components for tempest is bad practice,
  tempest service decorators expected to allow tempest,
  to run in more minimal system out-of-the-box.

Change-Id: Ifc40b1eb5c4b79d96a5fae919b88afecca642ca0
---
 lib/tempest | 196 +++++++++++++++++++++++++++-------------------------
 1 file changed, 101 insertions(+), 95 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 66f1a788f1..3996cd1a62 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -110,34 +110,36 @@ function configure_tempest {
     # ... Also ensure we only take active images, so we don't get snapshots in process
     declare -a images
 
-    while read -r IMAGE_NAME IMAGE_UUID; do
-        if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then
-            image_uuid="$IMAGE_UUID"
-            image_uuid_alt="$IMAGE_UUID"
-        fi
-        images+=($IMAGE_UUID)
-    # TODO(stevemar): update this command to use openstackclient's `openstack image list`
-    # when it supports listing by status.
-    done < <(glance image-list --status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
-
-    case "${#images[*]}" in
-        0)
-            echo "Found no valid images to use!"
-            exit 1
-            ;;
-        1)
-            if [ -z "$image_uuid" ]; then
-                image_uuid=${images[0]}
-                image_uuid_alt=${images[0]}
-            fi
-            ;;
-        *)
-            if [ -z "$image_uuid" ]; then
-                image_uuid=${images[0]}
-                image_uuid_alt=${images[1]}
+    if is_service_enabled glance; then
+        while read -r IMAGE_NAME IMAGE_UUID; do
+            if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then
+                image_uuid="$IMAGE_UUID"
+                image_uuid_alt="$IMAGE_UUID"
             fi
-            ;;
-    esac
+            images+=($IMAGE_UUID)
+        # TODO(stevemar): update this command to use openstackclient's `openstack image list`
+        # when it supports listing by status.
+        done < <(glance image-list --status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
+
+        case "${#images[*]}" in
+            0)
+                echo "Found no valid images to use!"
+                exit 1
+                ;;
+            1)
+                if [ -z "$image_uuid" ]; then
+                    image_uuid=${images[0]}
+                    image_uuid_alt=${images[0]}
+                fi
+                ;;
+            *)
+                if [ -z "$image_uuid" ]; then
+                    image_uuid=${images[0]}
+                    image_uuid_alt=${images[1]}
+                fi
+                ;;
+        esac
+    fi
 
     # Create tempest.conf from tempest.conf.sample
     # copy every time, because the image UUIDS are going to change
@@ -161,63 +163,65 @@ function configure_tempest {
     ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
     ADMIN_TENANT_ID=$(openstack project list | awk "/ admin / { print \$2 }")
 
-    # If the ``DEFAULT_INSTANCE_TYPE`` not declared, use the new behavior
-    # Tempest creates instane types for himself
-    if  [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
-        available_flavors=$(nova flavor-list)
-        if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
-            if is_arch "ppc64"; then
-                # qemu needs at least 128MB of memory to boot on ppc64
-                nova flavor-create m1.nano 42 128 0 1
-            else
-                nova flavor-create m1.nano 42 64 0 1
+    if is_service_enabled nova; then
+        # If the ``DEFAULT_INSTANCE_TYPE`` not declared, use the new behavior
+        # Tempest creates instane types for himself
+        if  [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
+            available_flavors=$(nova flavor-list)
+            if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
+                if is_arch "ppc64"; then
+                    # qemu needs at least 128MB of memory to boot on ppc64
+                    nova flavor-create m1.nano 42 128 0 1
+                else
+                    nova flavor-create m1.nano 42 64 0 1
+                fi
             fi
-        fi
-        flavor_ref=42
-        boto_instance_type=m1.nano
-        if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
-            if is_arch "ppc64"; then
-                nova flavor-create m1.micro 84 256 0 1
-            else
-                nova flavor-create m1.micro 84 128 0 1
+            flavor_ref=42
+            boto_instance_type=m1.nano
+            if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
+                if is_arch "ppc64"; then
+                    nova flavor-create m1.micro 84 256 0 1
+                else
+                    nova flavor-create m1.micro 84 128 0 1
+                fi
             fi
-        fi
-        flavor_ref_alt=84
-    else
-        # Check Nova for existing flavors and, if set, look for the
-        # ``DEFAULT_INSTANCE_TYPE`` and use that.
-        boto_instance_type=$DEFAULT_INSTANCE_TYPE
-        flavor_lines=`nova flavor-list`
-        IFS=$'\r\n'
-        flavors=""
-        for line in $flavor_lines; do
-            f=$(echo $line | awk "/ $DEFAULT_INSTANCE_TYPE / { print \$2 }")
-            flavors="$flavors $f"
-        done
-
-        for line in $flavor_lines; do
-            flavors="$flavors `echo $line | grep -v "^\(|\s*ID\|+--\)" | cut -d' ' -f2`"
-        done
-
-        IFS=" "
-        flavors=($flavors)
-        num_flavors=${#flavors[*]}
-        echo "Found $num_flavors flavors"
-        if [[ $num_flavors -eq 0 ]]; then
-            echo "Found no valid flavors to use!"
-            exit 1
-        fi
-        flavor_ref=${flavors[0]}
-        flavor_ref_alt=$flavor_ref
-
-        # ensure flavor_ref and flavor_ref_alt have different values
-        # some resize instance in tempest tests depends on this.
-        for f in ${flavors[@]:1}; do
-            if [[ $f -ne $flavor_ref ]]; then
-                flavor_ref_alt=$f
-                break
+            flavor_ref_alt=84
+        else
+            # Check Nova for existing flavors and, if set, look for the
+            # ``DEFAULT_INSTANCE_TYPE`` and use that.
+            boto_instance_type=$DEFAULT_INSTANCE_TYPE
+            flavor_lines=`nova flavor-list`
+            IFS=$'\r\n'
+            flavors=""
+            for line in $flavor_lines; do
+                f=$(echo $line | awk "/ $DEFAULT_INSTANCE_TYPE / { print \$2 }")
+                flavors="$flavors $f"
+            done
+
+            for line in $flavor_lines; do
+                flavors="$flavors `echo $line | grep -v "^\(|\s*ID\|+--\)" | cut -d' ' -f2`"
+            done
+
+            IFS=" "
+            flavors=($flavors)
+            num_flavors=${#flavors[*]}
+            echo "Found $num_flavors flavors"
+            if [[ $num_flavors -eq 0 ]]; then
+                echo "Found no valid flavors to use!"
+                exit 1
             fi
-        done
+            flavor_ref=${flavors[0]}
+            flavor_ref_alt=$flavor_ref
+
+            # ensure flavor_ref and flavor_ref_alt have different values
+            # some resize instance in tempest tests depends on this.
+            for f in ${flavors[@]:1}; do
+                if [[ $f -ne $flavor_ref ]]; then
+                    flavor_ref_alt=$f
+                    break
+                fi
+            done
+        fi
     fi
 
     if [ "$Q_USE_NAMESPACE" != "False" ]; then
@@ -460,20 +464,22 @@ function init_tempest {
     local kernel="$image_dir/${base_image_name}-vmlinuz"
     local ramdisk="$image_dir/${base_image_name}-initrd"
     local disk_image="$image_dir/${base_image_name}-blank.img"
-    # if the cirros uec downloaded and the system is uec capable
-    if [ -f "$kernel" -a -f "$ramdisk" -a -f "$disk_image" -a  "$VIRT_DRIVER" != "openvz" \
-        -a \( "$LIBVIRT_TYPE" != "lxc" -o "$VIRT_DRIVER" != "libvirt" \) ]; then
-        echo "Prepare aki/ari/ami Images"
-        mkdir -p $BOTO_MATERIALS_PATH
-        ( #new namespace
-            # tenant:demo ; user: demo
-            source $TOP_DIR/accrc/demo/demo
-            euca-bundle-image -r ${CIRROS_ARCH} -i "$kernel" --kernel true -d "$BOTO_MATERIALS_PATH"
-            euca-bundle-image -r ${CIRROS_ARCH} -i "$ramdisk" --ramdisk true -d "$BOTO_MATERIALS_PATH"
-            euca-bundle-image -r ${CIRROS_ARCH} -i "$disk_image" -d "$BOTO_MATERIALS_PATH"
-        ) 2>&1 &1 
Date: Tue, 11 Nov 2014 11:11:00 +0900
Subject: [PATCH 0131/3421] Remove neutron ryu-plugin support

Ryu plugin was marked deprecated in Juno and will be removed for Kilo.

We (Ryu team) recommend users to migrate to ofagent, on which
we aim to concentrate our development resources by this deprecation.

Partial-Bug: #1391714
Change-Id: I1ef28818e9400664ae3d83758dc2dcf71c02f185
---
 MAINTAINERS.rst                   |  6 ---
 lib/neutron_plugins/ofagent_agent |  1 -
 lib/neutron_plugins/ryu           | 79 -------------------------------
 lib/neutron_thirdparty/ryu        | 63 ++----------------------
 4 files changed, 5 insertions(+), 144 deletions(-)
 delete mode 100644 lib/neutron_plugins/ryu

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index d55135de64..a376eb0428 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -56,12 +56,6 @@ OpenFlow Agent (ofagent)
 * YAMAMOTO Takashi 
 * Fumihiko Kakuma 
 
-Ryu
-~~~
-
-* YAMAMOTO Takashi 
-* Fumihiko Kakuma 
-
 Sahara
 ~~~~~~
 
diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index 55f3f72056..90b37f1be9 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -18,7 +18,6 @@ function neutron_plugin_install_agent_packages {
     # This agent uses ryu to talk with switches
     install_package $(get_packages "ryu")
     install_ryu
-    configure_ryu
 }
 
 function neutron_plugin_configure_debug_command {
diff --git a/lib/neutron_plugins/ryu b/lib/neutron_plugins/ryu
deleted file mode 100644
index f45a7972e8..0000000000
--- a/lib/neutron_plugins/ryu
+++ /dev/null
@@ -1,79 +0,0 @@
-# Neutron Ryu plugin
-# ------------------
-
-# Save trace setting
-RYU_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-source $TOP_DIR/lib/neutron_thirdparty/ryu      # for configuration value
-
-function neutron_plugin_create_nova_conf {
-    _neutron_ovs_base_configure_nova_vif_driver
-    iniset $NOVA_CONF DEFAULT libvirt_ovs_integration_bridge "$OVS_BRIDGE"
-}
-
-function neutron_plugin_install_agent_packages {
-    _neutron_ovs_base_install_agent_packages
-
-    # neutron_ryu_agent requires ryu module
-    install_package $(get_packages "ryu")
-    install_ryu
-    configure_ryu
-}
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/ryu
-    Q_PLUGIN_CONF_FILENAME=ryu.ini
-    Q_PLUGIN_CLASS="neutron.plugins.ryu.ryu_neutron_plugin.RyuNeutronPluginV2"
-}
-
-function neutron_plugin_configure_debug_command {
-    _neutron_ovs_base_configure_debug_command
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT ryu_api_host $RYU_API_HOST:$RYU_API_PORT
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    iniset $Q_DHCP_CONF_FILE DEFAULT ryu_api_host $RYU_API_HOST:$RYU_API_PORT
-}
-
-function neutron_plugin_configure_l3_agent {
-    iniset $Q_L3_CONF_FILE DEFAULT ryu_api_host $RYU_API_HOST:$RYU_API_PORT
-    _neutron_ovs_base_configure_l3_agent
-}
-
-function neutron_plugin_configure_plugin_agent {
-    # Set up integration bridge
-    _neutron_ovs_base_setup_bridge $OVS_BRIDGE
-    if [ -n "$RYU_INTERNAL_INTERFACE" ]; then
-        sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_BRIDGE $RYU_INTERNAL_INTERFACE
-    fi
-    iniset /$Q_PLUGIN_CONF_FILE ovs integration_bridge $OVS_BRIDGE
-    AGENT_BINARY="$NEUTRON_DIR/neutron/plugins/ryu/agent/ryu_neutron_agent.py"
-
-    _neutron_ovs_base_configure_firewall_driver
-}
-
-function neutron_plugin_configure_service {
-    iniset /$Q_PLUGIN_CONF_FILE ovs openflow_rest_api $RYU_API_HOST:$RYU_API_PORT
-
-    _neutron_ovs_base_configure_firewall_driver
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-    iniset $conf_file DEFAULT ovs_use_veth True
-}
-
-function has_neutron_plugin_security_group {
-    # 0 means True here
-    return 0
-}
-
-function neutron_plugin_check_adv_test_requirements {
-    is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
-}
-
-# Restore xtrace
-$RYU_XTRACE
diff --git a/lib/neutron_thirdparty/ryu b/lib/neutron_thirdparty/ryu
index 233f3aacdf..eaf088b797 100644
--- a/lib/neutron_thirdparty/ryu
+++ b/lib/neutron_thirdparty/ryu
@@ -1,56 +1,15 @@
-# Ryu OpenFlow Controller
-# -----------------------
+# Ryu SDN Framework
+# -----------------
+
+# Used by ofagent.
+# TODO(yamamoto): Switch to pip_install once the development was settled
 
 # Save trace setting
 RYU3_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-
 RYU_DIR=$DEST/ryu
-# Ryu API Host
-RYU_API_HOST=${RYU_API_HOST:-127.0.0.1}
-# Ryu API Port
-RYU_API_PORT=${RYU_API_PORT:-8080}
-# Ryu OFP Host
-RYU_OFP_HOST=${RYU_OFP_HOST:-127.0.0.1}
-# Ryu OFP Port
-RYU_OFP_PORT=${RYU_OFP_PORT:-6633}
-# Ryu Applications
-RYU_APPS=${RYU_APPS:-ryu.app.simple_isolation,ryu.app.rest}
-
-function configure_ryu {
-    :
-}
-
-function init_ryu {
-    RYU_CONF_DIR=/etc/ryu
-    if [[ ! -d $RYU_CONF_DIR ]]; then
-        sudo mkdir -p $RYU_CONF_DIR
-    fi
-    sudo chown $STACK_USER $RYU_CONF_DIR
-    RYU_CONF=$RYU_CONF_DIR/ryu.conf
-    sudo rm -rf $RYU_CONF
-
-    # Ryu configuration
-    RYU_CONF_CONTENTS=${RYU_CONF_CONTENTS:-"[DEFAULT]
-app_lists=$RYU_APPS
-wsapi_host=$RYU_API_HOST
-wsapi_port=$RYU_API_PORT
-ofp_listen_host=$RYU_OFP_HOST
-ofp_tcp_listen_port=$RYU_OFP_PORT
-neutron_url=http://$Q_HOST:$Q_PORT
-neutron_admin_username=$Q_ADMIN_USERNAME
-neutron_admin_password=$SERVICE_PASSWORD
-neutron_admin_tenant_name=$SERVICE_TENANT_NAME
-neutron_admin_auth_url=$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0
-neutron_auth_strategy=$Q_AUTH_STRATEGY
-neutron_controller_addr=tcp:$RYU_OFP_HOST:$RYU_OFP_PORT
-"}
-    echo "${RYU_CONF_CONTENTS}" > $RYU_CONF
-}
 
-# install_ryu can be called multiple times as neutron_pluing/ryu may call
-# this function for neutron-ryu-agent
 # Make this function idempotent and avoid cloning same repo many times
 # with RECLONE=yes
 _RYU_INSTALLED=${_RYU_INSTALLED:-False}
@@ -63,17 +22,5 @@ function install_ryu {
     fi
 }
 
-function start_ryu {
-    run_process ryu "$RYU_DIR/bin/ryu-manager --config-file $RYU_CONF"
-}
-
-function stop_ryu {
-    :
-}
-
-function check_ryu {
-    :
-}
-
 # Restore xtrace
 $RYU3_XTRACE

From 52f13a4087ef8b49640053bebd6a5046d55c63fe Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 12 Nov 2014 06:33:36 -0500
Subject: [PATCH 0132/3421] remove the trove exercise

The trove cli has been changed in an incompatible way. Exercises
are the requirements of projects to keep functioning, if they aren't
we should fast delete them.

Related-Bug: #1391840

Change-Id: I3b61194ff220525aed202c7f7851faa0be446646
---
 exercises/trove.sh | 49 ----------------------------------------------
 1 file changed, 49 deletions(-)
 delete mode 100755 exercises/trove.sh

diff --git a/exercises/trove.sh b/exercises/trove.sh
deleted file mode 100755
index 053f872361..0000000000
--- a/exercises/trove.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-
-# **trove.sh**
-
-# Sanity check that trove started if enabled
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import configuration
-source $TOP_DIR/openrc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-is_service_enabled trove || exit 55
-
-# can try to get datastore id
-DSTORE_ID=$(trove datastore-list | tail -n +4 |head -3 | get_field 1)
-die_if_not_set $LINENO  DSTORE_ID "Trove API not functioning!"
-
-DV_ID=$(trove datastore-version-list $DSTORE_ID | tail -n +4 | get_field 1)
-die_if_not_set $LINENO DV_ID "Trove API not functioning!"
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
-

From 6d20f09045dba237caf50d8d55dcc90a9f105ee0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Sedl=C3=A1k?= 
Date: Wed, 22 Oct 2014 15:34:46 +0200
Subject: [PATCH 0133/3421] Initial support for Fedora 21

Initial support for Fedora 21.  Add f21 to the distribution lists for
rpms, ensure "mariadb" is used over "mysqld" and enable it in the
distro check, as we have several reports of it working.

Tested with [1]

[1] http://download.fedoraproject.org/pub/fedora/linux/releases/test/21-Beta/Cloud/Images/x86_64/Fedora-Cloud-Base-20141029-21_Beta.x86_64.qcow2

Change-Id: I97cbede806e5c00363c7174fa1e9f286de96aab6
---
 files/rpms/cinder   |  2 +-
 files/rpms/glance   |  6 +++---
 files/rpms/horizon  |  4 ++--
 files/rpms/keystone | 10 +++++-----
 files/rpms/neutron  |  4 ++--
 files/rpms/nova     |  6 +++---
 files/rpms/swift    |  2 +-
 lib/databases/mysql | 18 +++++++++---------
 stack.sh            |  2 +-
 9 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/files/rpms/cinder b/files/rpms/cinder
index ce6181eedf..eedff184dd 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -3,4 +3,4 @@ scsi-target-utils
 qemu-img
 postgresql-devel
 iscsi-initiator-utils
-python-lxml         #dist:f19,f20,rhel7
+python-lxml         #dist:f19,f20,f21,rhel7
diff --git a/files/rpms/glance b/files/rpms/glance
index 5a7f073f35..d2792cf987 100644
--- a/files/rpms/glance
+++ b/files/rpms/glance
@@ -6,10 +6,10 @@ postgresql-devel    # testonly
 python-argparse
 python-eventlet
 python-greenlet
-python-lxml         #dist:f19,f20,rhel7
-python-paste-deploy #dist:f19,f20,rhel7
+python-lxml         #dist:f19,f20,f21,rhel7
+python-paste-deploy #dist:f19,f20,f21,rhel7
 python-routes
 python-sqlalchemy
-python-wsgiref      #dist:f18,f19,f20
+python-wsgiref      #dist:f18,f19,f20,f21
 pyxattr
 zlib-devel          # testonly
diff --git a/files/rpms/horizon b/files/rpms/horizon
index 7add23a549..1d06ac278b 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -12,8 +12,8 @@ python-httplib2
 python-migrate
 python-mox
 python-nose
-python-paste        #dist:f19,f20
-python-paste-deploy #dist:f19,f20
+python-paste        #dist:f19,f20,f21
+python-paste-deploy #dist:f19,f20,f21
 python-routes
 python-sphinx
 python-sqlalchemy
diff --git a/files/rpms/keystone b/files/rpms/keystone
index ce41ee598b..8b0953dd69 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,10 +1,10 @@
 MySQL-python
 python-greenlet
-libxslt-devel       # dist:f20
-python-lxml         #dist:f19,f20
-python-paste        #dist:f19,f20
-python-paste-deploy #dist:f19,f20
-python-paste-script #dist:f19,f20
+libxslt-devel       # dist:f20,f21
+python-lxml         #dist:f19,f20,f21
+python-paste        #dist:f19,f20,f21
+python-paste-deploy #dist:f19,f20,f21
+python-paste-script #dist:f19,f20,f21
 python-routes
 python-sqlalchemy
 python-webob
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 2c9dd3d5e8..f2473fb20d 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -12,8 +12,8 @@ python-eventlet
 python-greenlet
 python-iso8601
 #rhel6 gets via pip
-python-paste        # dist:f19,f20,rhel7
-python-paste-deploy # dist:f19,f20,rhel7
+python-paste        # dist:f19,f20,f21,rhel7
+python-paste-deploy # dist:f19,f20,f21,rhel7
 python-qpid # NOPRIME
 python-routes
 python-sqlalchemy
diff --git a/files/rpms/nova b/files/rpms/nova
index f3261c6ae0..07f13c7071 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -29,11 +29,11 @@ python-iso8601
 python-lockfile
 python-migrate
 python-mox
-python-paramiko # dist:f19,f20,rhel7
+python-paramiko # dist:f19,f20,f21,rhel7
 # ^ on RHEL6, brings in python-crypto which conflicts with version from
 # pip we need
-python-paste        # dist:f19,f20,rhel7
-python-paste-deploy # dist:f19,f20,rhel7
+python-paste        # dist:f19,f20,f21,rhel7
+python-paste-deploy # dist:f19,f20,f21,rhel7
 python-qpid # NOPRIME
 python-routes
 python-sqlalchemy
diff --git a/files/rpms/swift b/files/rpms/swift
index 9ec4aab8ce..ccda22bcc8 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -6,7 +6,7 @@ python-eventlet
 python-greenlet
 python-netifaces
 python-nose
-python-paste-deploy # dist:f19,f20,rhel7
+python-paste-deploy # dist:f19,f20,f21,rhel7
 python-simplejson
 python-webob
 pyxattr
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 67bf85ac97..7a444a3140 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -26,10 +26,10 @@ function cleanup_database_mysql {
         sudo rm -rf /etc/mysql
         return
     elif is_fedora; then
-        if [[ $DISTRO =~ (rhel7) ]]; then
-            MYSQL=mariadb
-        else
+        if [[ $DISTRO =~ (rhel6) ]]; then
             MYSQL=mysqld
+        else
+            MYSQL=mariadb
         fi
     elif is_suse; then
         MYSQL=mysql
@@ -54,10 +54,10 @@ function configure_database_mysql {
         my_conf=/etc/mysql/my.cnf
         mysql=mysql
     elif is_fedora; then
-        if [[ $DISTRO =~ (rhel7) ]]; then
-            mysql=mariadb
-        else
+        if [[ $DISTRO =~ (rhel6) ]]; then
             mysql=mysqld
+        else
+            mysql=mariadb
         fi
         my_conf=/etc/my.cnf
     elif is_suse; then
@@ -142,10 +142,10 @@ EOF
     fi
     # Install mysql-server
     if is_ubuntu || is_fedora; then
-        if [[ $DISTRO =~ (rhel7) ]]; then
-            install_package mariadb-server
-        else
+        if [[ $DISTRO =~ (rhel6) ]]; then
             install_package mysql-server
+        else
+            install_package mariadb-server
         fi
     elif is_suse; then
         if ! is_package_installed mariadb; then
diff --git a/stack.sh b/stack.sh
index 38ecceb717..8e05ae6322 100755
--- a/stack.sh
+++ b/stack.sh
@@ -143,7 +143,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f19|f20|rhel6|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f19|f20|f21|rhel6|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From 91e4018afd98e454a0d56a69271e089ac97aab5c Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Thu, 13 Nov 2014 12:18:33 +0100
Subject: [PATCH 0134/3421] Add 'net-tools' package dependency

Noticed this on a freshly installed, minimal Fedora-21 (from
development repos):

  $ ./stack.sh
  [. . .]
  2014-11-13 10:56:22.442 | + local exitcode=0
  2014-11-13 10:56:22.453 | + sudo route add -net 10.1.0.0/24 gw 172.24.4.2
  2014-11-13 10:56:22.479 | sudo: route: command not found
  2014-11-13 10:56:22.488 | + exit_trap
  [. . .]

Also added it to files/rpms-suse/general, just in case.

Change-Id: I77954d97e654e8f384a2016631df14e73be927fe
---
 files/rpms-suse/general | 1 +
 files/rpms/general      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 0a4746f185..f1f7e8f173 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -22,3 +22,4 @@ tar
 tcpdump
 unzip
 wget
+net-tools
diff --git a/files/rpms/general b/files/rpms/general
index d4a9fcba55..d7ace9b990 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -27,6 +27,7 @@ which
 bc
 libyaml-devel
 gettext  # used for compiling message catalogs
+net-tools
 
 # [1] : some of installed tools have unversioned dependencies on this,
 # but others have versioned (<=0.7).  So if a later version (0.7.1)

From e08ab104e62da041fcc6b2aafba4349326f4a969 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 13 Nov 2014 17:09:28 -0500
Subject: [PATCH 0135/3421] fix python-* lib from git installation

We're using all the magic variables based on python-fooclient, however
all the inline code was using fooclient for variables. So we had a
mismatch, which was kindly pointed out by some of the 3rd party ci
testers.

Change-Id: I27a56222c7e8e610fba8bf97672d2a42f5cf14ca
---
 functions-common | 12 +++++++++++-
 lib/ceilometer   | 10 +++++-----
 lib/cinder       | 10 +++++-----
 lib/glance       |  8 ++++----
 lib/heat         | 10 +++++-----
 lib/ironic       | 10 +++++-----
 lib/keystone     | 10 +++++-----
 lib/neutron      | 10 +++++-----
 lib/nova         | 10 +++++-----
 lib/swift        |  8 ++++----
 lib/trove        |  8 ++++----
 stack.sh         |  8 ++++----
 stackrc          | 44 ++++++++++++++++++++++----------------------
 13 files changed, 84 insertions(+), 74 deletions(-)

diff --git a/functions-common b/functions-common
index 996d79ba6f..e890b75d13 100644
--- a/functions-common
+++ b/functions-common
@@ -1615,7 +1615,6 @@ function use_library_from_git {
     return $enabled
 }
 
-
 # setup a library by name. If we are trying to use the library from
 # git, we'll do a git based install, otherwise we'll punt and the
 # library should be installed by a requirements pull from another
@@ -1626,6 +1625,17 @@ function setup_lib {
     setup_install $dir
 }
 
+# setup a library by name in editiable mode. If we are trying to use
+# the library from git, we'll do a git based install, otherwise we'll
+# punt and the library should be installed by a requirements pull from
+# another project.
+#
+# use this for non namespaced libraries
+function setup_dev_lib {
+    local name=$1
+    local dir=${GITDIR[$name]}
+    setup_develop $dir
+}
 
 # this should be used if you want to install globally, all libraries should
 # use this, especially *oslo* ones
diff --git a/lib/ceilometer b/lib/ceilometer
index eee3e8f35d..c4377e04c0 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -35,7 +35,7 @@ set +o xtrace
 # --------
 
 # Set up default directories
-GITDIR["ceilometerclient"]=$DEST/python-ceilometerclient
+GITDIR["python-ceilometerclient"]=$DEST/python-ceilometerclient
 
 CEILOMETER_DIR=$DEST/ceilometer
 CEILOMETER_CONF_DIR=/etc/ceilometer
@@ -269,10 +269,10 @@ function install_ceilometer {
 
 # install_ceilometerclient() - Collect source and prepare
 function install_ceilometerclient {
-    if use_library_from_git "ceilometerclient"; then
-        git_clone_by_name "ceilometerclient"
-        setup_develop "ceilometerclient"
-        sudo install -D -m 0644 -o $STACK_USER {$CEILOMETERCLIENT_DIR/tools/,/etc/bash_completion.d/}ceilometer.bash_completion
+    if use_library_from_git "python-ceilometerclient"; then
+        git_clone_by_name "python-ceilometerclient"
+        setup_dev_lib "python-ceilometerclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ceilometerclient"]}/tools/,/etc/bash_completion.d/}ceilometer.bash_completion
     fi
 }
 
diff --git a/lib/cinder b/lib/cinder
index 56878642e3..eb3cbe86cf 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -36,7 +36,7 @@ if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
 fi
 
 # set up default directories
-GITDIR["cinderclient"]=$DEST/python-cinderclient
+GITDIR["python-cinderclient"]=$DEST/python-cinderclient
 
 CINDER_DIR=$DEST/cinder
 CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
@@ -403,10 +403,10 @@ function install_cinder {
 
 # install_cinderclient() - Collect source and prepare
 function install_cinderclient {
-    if use_library_from_git "cinderclient"; then
-        git_clone_by_name "cinderclient"
-        setup_develop "cinderclient"
-        sudo install -D -m 0644 -o $STACK_USER {$CINDERCLIENT_DIR/tools/,/etc/bash_completion.d/}cinder.bash_completion
+    if use_library_from_git "python-cinderclient"; then
+        git_clone_by_name "python-cinderclient"
+        setup_dev_lib "python-cinderclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-cinderclient"]}/tools/,/etc/bash_completion.d/}cinder.bash_completion
     fi
 }
 
diff --git a/lib/glance b/lib/glance
index 8cd48b13f9..3a4ccd8132 100644
--- a/lib/glance
+++ b/lib/glance
@@ -27,7 +27,7 @@ set +o xtrace
 # --------
 
 # Set up default directories
-GITDIR["glanceclient"]=$DEST/python-glanceclient
+GITDIR["python-glanceclient"]=$DEST/python-glanceclient
 
 GLANCE_DIR=$DEST/glance
 GLANCE_STORE_DIR=$DEST/glance_store
@@ -287,9 +287,9 @@ function init_glance {
 
 # install_glanceclient() - Collect source and prepare
 function install_glanceclient {
-    if use_library_from_git "glanceclient"; then
-        git_clone_by_name "glanceclient"
-        setup_develop "glanceclient"
+    if use_library_from_git "python-glanceclient"; then
+        git_clone_by_name "python-glanceclient"
+        setup_dev_lib "python-glanceclient"
     fi
 }
 
diff --git a/lib/heat b/lib/heat
index ed5181b2b8..2b55cf0f6a 100644
--- a/lib/heat
+++ b/lib/heat
@@ -29,7 +29,7 @@ set +o xtrace
 # --------
 
 # set up default directories
-GITDIR["heatclient"]=$DEST/python-heatclient
+GITDIR["python-heatclient"]=$DEST/python-heatclient
 
 HEAT_DIR=$DEST/heat
 HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
@@ -184,10 +184,10 @@ function create_heat_cache_dir {
 
 # install_heatclient() - Collect source and prepare
 function install_heatclient {
-    if use_library_from_git "heatclient"; then
-        git_clone_by_name "heatclient"
-        setup_develop "heatclient"
-        sudo install -D -m 0644 -o $STACK_USER {$HEATCLIENT_DIR/tools/,/etc/bash_completion.d/}heat.bash_completion
+    if use_library_from_git "python-heatclient"; then
+        git_clone_by_name "python-heatclient"
+        setup_dev_lib "python-heatclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-heatclient"]}/tools/,/etc/bash_completion.d/}heat.bash_completion
     fi
 }
 
diff --git a/lib/ironic b/lib/ironic
index c90482a00b..afe69f2df8 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -28,7 +28,7 @@ set +o pipefail
 # --------
 
 # Set up default directories
-GITDIR["ironicclient"]=$DEST/python-ironicclient
+GITDIR["python-ironicclient"]=$DEST/python-ironicclient
 
 IRONIC_DIR=$DEST/ironic
 IRONIC_PYTHON_AGENT_DIR=$DEST/ironic-python-agent
@@ -151,10 +151,10 @@ function install_ironic {
 
 # install_ironicclient() - Collect sources and prepare
 function install_ironicclient {
-    if use_library_from_git "ironicclient"; then
-        git_clone_by_name "ironicclient"
-        setup_develop "ironicclient"
-        sudo install -D -m 0644 -o $STACK_USER {$IRONICCLIENT_DIR/tools/,/etc/bash_completion.d/}ironic.bash_completion
+    if use_library_from_git "python-ironicclient"; then
+        git_clone_by_name "python-ironicclient"
+        setup_dev_lib "python-ironicclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ironicclient"]}/tools/,/etc/bash_completion.d/}ironic.bash_completion
     else
         # nothing actually "requires" ironicclient, so force instally from pypi
         pip_install python-ironicclient
diff --git a/lib/keystone b/lib/keystone
index 6341ce2eea..e2c823a89e 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -33,7 +33,7 @@ set +o xtrace
 # --------
 
 # Set up default directories
-GITDIR["keystoneclient"]=$DEST/python-keystoneclient
+GITDIR["python-keystoneclient"]=$DEST/python-keystoneclient
 
 KEYSTONE_DIR=$DEST/keystone
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
@@ -480,10 +480,10 @@ function init_keystone {
 
 # install_keystoneclient() - Collect source and prepare
 function install_keystoneclient {
-    if use_library_from_git "keystoneclient"; then
-        git_clone_by_name "keystoneclient"
-        setup_develop "keystoneclient"
-        sudo install -D -m 0644 -o $STACK_USER {$KEYSTONECLIENT_DIR/tools/,/etc/bash_completion.d/}keystone.bash_completion
+    if use_library_from_git "python-keystoneclient"; then
+        git_clone_by_name "python-keystoneclient"
+        setup_dev_lib "python-keystoneclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-keystoneclient"]}/tools/,/etc/bash_completion.d/}keystone.bash_completion
     fi
 }
 
diff --git a/lib/neutron b/lib/neutron
index 8f1bbf2b93..8295a738b7 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -67,7 +67,7 @@ fi
 
 
 # Set up default directories
-GITDIR["neutronclient"]=$DEST/python-neutronclient
+GITDIR["python-neutronclient"]=$DEST/python-neutronclient
 
 
 NEUTRON_DIR=$DEST/neutron
@@ -620,10 +620,10 @@ function install_neutron {
 
 # install_neutronclient() - Collect source and prepare
 function install_neutronclient {
-    if use_library_from_git "neutronclient"; then
-        git_clone_by_name "neutronclient"
-        setup_develop "neutronclient"
-        sudo install -D -m 0644 -o $STACK_USER {$NEUTRONCLIENT_DIR/tools/,/etc/bash_completion.d/}neutron.bash_completion
+    if use_library_from_git "python-neutronclient"; then
+        git_clone_by_name "python-neutronclient"
+        setup_dev_lib "python-neutronclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-neutronclient"]}/tools/,/etc/bash_completion.d/}neutron.bash_completion
     fi
 }
 
diff --git a/lib/nova b/lib/nova
index d5f11928e5..78906f7210 100644
--- a/lib/nova
+++ b/lib/nova
@@ -29,7 +29,7 @@ set +o xtrace
 # --------
 
 # Set up default directories
-GITDIR["novaclient"]=$DEST/python-novaclient
+GITDIR["python-novaclient"]=$DEST/python-novaclient
 
 
 NOVA_DIR=$DEST/nova
@@ -639,10 +639,10 @@ function init_nova {
 
 # install_novaclient() - Collect source and prepare
 function install_novaclient {
-    if use_library_from_git "novaclient"; then
-        git_clone_by_name "novaclient"
-        setup_develop "novaclient"
-        sudo install -D -m 0644 -o $STACK_USER {$NOVACLIENT_DIR/tools/,/etc/bash_completion.d/}nova.bash_completion
+    if use_library_from_git "python-novaclient"; then
+        git_clone_by_name "python-novaclient"
+        setup_dev_lib "python-novaclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-novaclient"]}/tools/,/etc/bash_completion.d/}nova.bash_completion
     fi
 }
 
diff --git a/lib/swift b/lib/swift
index 801628241a..ae0874ebdf 100644
--- a/lib/swift
+++ b/lib/swift
@@ -34,7 +34,7 @@ if is_ssl_enabled_service "s-proxy" || is_service_enabled tls-proxy; then
 fi
 
 # Set up default directories
-GITDIR["swiftclient"]=$DEST/python-swiftclient
+GITDIR["python-swiftclient"]=$DEST/python-swiftclient
 
 
 SWIFT_DIR=$DEST/swift
@@ -677,9 +677,9 @@ function install_swift {
 }
 
 function install_swiftclient {
-    if use_library_from_git "swiftclient"; then
-        git_clone_by_name "swiftclient"
-        setup_develop "swiftclient"
+    if use_library_from_git "python-swiftclient"; then
+        git_clone_by_name "python-swiftclient"
+        setup_dev_lib "python-swiftclient"
     fi
 }
 
diff --git a/lib/trove b/lib/trove
index 50bd684745..60b2bdba22 100644
--- a/lib/trove
+++ b/lib/trove
@@ -28,7 +28,7 @@ else
 fi
 
 # Set up default configuration
-GITDIR["troveclient"]=$DEST/python-troveclient
+GITDIR["python-troveclient"]=$DEST/python-troveclient
 
 TROVE_DIR=$DEST/trove
 TROVE_CONF_DIR=/etc/trove
@@ -181,9 +181,9 @@ function configure_trove {
 
 # install_troveclient() - Collect source and prepare
 function install_troveclient {
-    if use_library_from_git "troveclient"; then
-        git_clone_by_name "troveclient"
-        setup_develop "troveclient"
+    if use_library_from_git "python-troveclient"; then
+        git_clone_by_name "python-troveclient"
+        setup_dev_lib "python-troveclient"
     fi
 }
 
diff --git a/stack.sh b/stack.sh
index 2f045119bc..54444ad80c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -584,7 +584,7 @@ if [[ -d $TOP_DIR/extras.d ]]; then
 fi
 
 # Set the destination directories for other OpenStack projects
-GITDIR["openstackclient"]=$DEST/python-openstackclient
+GITDIR["python-openstackclient"]=$DEST/python-openstackclient
 
 # Interactive Configuration
 # -------------------------
@@ -788,9 +788,9 @@ fi
 install_keystonemiddleware
 
 # install the OpenStack client, needed for most setup commands
-if use_library_from_git "openstackclient"; then
-    git_clone_by_name "openstackclient"
-    setup_develop "openstackclient"
+if use_library_from_git "python-openstackclient"; then
+    git_clone_by_name "python-openstackclient"
+    setup_dev_lib "python-openstackclient"
 else
     pip_install python-openstackclient
 fi
diff --git a/stackrc b/stackrc
index 2f08c730be..c7bad78c0e 100644
--- a/stackrc
+++ b/stackrc
@@ -210,48 +210,48 @@ GITBRANCH["tempest_lib"]=${TEMPEST_LIB_BRANCH:-master}
 ##############
 
 # ceilometer client library
-GITREPO["ceilometerclient"]=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git}
-GITBRANCH["ceilometerclient"]=${CEILOMETERCLIENT_BRANCH:-master}
+GITREPO["python-ceilometerclient"]=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git}
+GITBRANCH["python-ceilometerclient"]=${CEILOMETERCLIENT_BRANCH:-master}
 
 # volume client
-GITREPO["cinderclient"]=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
-GITBRACH["cinderclient"]=${CINDERCLIENT_BRANCH:-master}
+GITREPO["python-cinderclient"]=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
+GITBRACH["python-cinderclient"]=${CINDERCLIENT_BRANCH:-master}
 
 # python glance client library
-GITREPO["glanceclient"]=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git}
-GITBRANCH["glanceclient"]=${GLANCECLIENT_BRANCH:-master}
+GITREPO["python-glanceclient"]=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git}
+GITBRANCH["python-glanceclient"]=${GLANCECLIENT_BRANCH:-master}
 
 # python heat client library
-GITREPO["heatclient"]=${HEATCLIENT_REPO:-${GIT_BASE}/openstack/python-heatclient.git}
-GITBRANCH["heatclient"]=${HEATCLIENT_BRANCH:-master}
+GITREPO["python-heatclient"]=${HEATCLIENT_REPO:-${GIT_BASE}/openstack/python-heatclient.git}
+GITBRANCH["python-heatclient"]=${HEATCLIENT_BRANCH:-master}
 
 # ironic client
-GITREPO["ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git}
-GITBRANCH["ironicclient"]=${IRONICCLIENT_BRANCH:-master}
+GITREPO["python-ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git}
+GITBRANCH["python-ironicclient"]=${IRONICCLIENT_BRANCH:-master}
 
 # python keystone client library to nova that horizon uses
-GITREPO["keystoneclient"]=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git}
-GITBRANCH["keystoneclient"]=${KEYSTONECLIENT_BRANCH:-master}
+GITREPO["python-keystoneclient"]=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git}
+GITBRANCH["python-keystoneclient"]=${KEYSTONECLIENT_BRANCH:-master}
 
 # neutron client
-GITREPO["neutronclient"]=${NEUTRONCLIENT_REPO:-${GIT_BASE}/openstack/python-neutronclient.git}
-GITBRANCH["neutronclient"]=${NEUTRONCLIENT_BRANCH:-master}
+GITREPO["python-neutronclient"]=${NEUTRONCLIENT_REPO:-${GIT_BASE}/openstack/python-neutronclient.git}
+GITBRANCH["python-neutronclient"]=${NEUTRONCLIENT_BRANCH:-master}
 
 # python client library to nova that horizon (and others) use
-GITREPO["novaclient"]=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git}
-GITBRANCH["novaclient"]=${NOVACLIENT_BRANCH:-master}
+GITREPO["python-novaclient"]=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git}
+GITBRANCH["python-novaclient"]=${NOVACLIENT_BRANCH:-master}
 
 # python swift client library
-GITREPO["swiftclient"]=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
-GITBRANCH["swiftclient"]=${SWIFTCLIENT_BRANCH:-master}
+GITREPO["python-swiftclient"]=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
+GITBRANCH["python-swiftclient"]=${SWIFTCLIENT_BRANCH:-master}
 
 # trove client library test
-GITREPO["troveclient"]=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git}
-GITBRANCH["troveclient"]=${TROVECLIENT_BRANCH:-master}
+GITREPO["python-troveclient"]=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git}
+GITBRANCH["python-troveclient"]=${TROVECLIENT_BRANCH:-master}
 
 # consolidated openstack python client
-GITREPO["openstackclient"]=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git}
-GITBRANCH["openstackclient"]=${OPENSTACKCLIENT_BRANCH:-master}
+GITREPO["python-openstackclient"]=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git}
+GITBRANCH["python-openstackclient"]=${OPENSTACKCLIENT_BRANCH:-master}
 
 ###################
 #

From ee5ae7b92369484007d8deb249f6c941d422123c Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 13 Nov 2014 13:23:27 -0500
Subject: [PATCH 0136/3421] further pypi libs conversions

glance_store and saharaclient were missed in the last round, make
them install from released clients in this patch.

Change-Id: I2e0ed2b7fb5994ae6abd92612a67ce5fd82b3f7e
---
 lib/glance |  8 +++++---
 lib/sahara | 13 +++++--------
 stackrc    | 16 ++++++++++++----
 3 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/lib/glance b/lib/glance
index 3a4ccd8132..04c088aa6d 100644
--- a/lib/glance
+++ b/lib/glance
@@ -28,9 +28,9 @@ set +o xtrace
 
 # Set up default directories
 GITDIR["python-glanceclient"]=$DEST/python-glanceclient
+GIRDIR["glance_store"]=$DEST/glance_store
 
 GLANCE_DIR=$DEST/glance
-GLANCE_STORE_DIR=$DEST/glance_store
 GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
 GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
 GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
@@ -297,8 +297,10 @@ function install_glanceclient {
 function install_glance {
     # Install glance_store from git so we make sure we're testing
     # the latest code.
-    git_clone $GLANCE_STORE_REPO $GLANCE_STORE_DIR $GLANCE_STORE_BRANCH
-    setup_develop $GLANCE_STORE_DIR
+    if use_library_from_git "glance_store"; then
+        git_clone_by_name "glance_store"
+        setup_dev_lib "glance_store"
+    fi
 
     git_clone $GLANCE_REPO $GLANCE_DIR $GLANCE_BRANCH
     setup_develop $GLANCE_DIR
diff --git a/lib/sahara b/lib/sahara
index 6d1bef571a..4f1ba22c67 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -22,15 +22,10 @@ set +o xtrace
 # --------
 
 # Set up default repos
-SAHARA_REPO=${SAHARA_REPO:-${GIT_BASE}/openstack/sahara.git}
-SAHARA_BRANCH=${SAHARA_BRANCH:-master}
-
-SAHARA_PYTHONCLIENT_REPO=${SAHARA_PYTHONCLIENT_REPO:-${GIT_BASE}/openstack/python-saharaclient.git}
-SAHARA_PYTHONCLIENT_BRANCH=${SAHARA_PYTHONCLIENT_BRANCH:-master}
 
 # Set up default directories
+GITDIR["python-saharaclient"]=$DEST/python-saharaclient
 SAHARA_DIR=$DEST/sahara
-SAHARA_PYTHONCLIENT_DIR=$DEST/python-saharaclient
 
 SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara}
 SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf
@@ -158,8 +153,10 @@ function install_sahara {
 
 # install_python_saharaclient() - Collect source and prepare
 function install_python_saharaclient {
-    git_clone $SAHARA_PYTHONCLIENT_REPO $SAHARA_PYTHONCLIENT_DIR $SAHARA_PYTHONCLIENT_BRANCH
-    setup_develop $SAHARA_PYTHONCLIENT_DIR
+    if use_library_from_git "python-saharaclient"; then
+        git_clone_by_name "python-saharaclient"
+        setup_dev_lib "python-saharaclient"
+    fi
 }
 
 # start_sahara() - Start running processes, including screen
diff --git a/stackrc b/stackrc
index c7bad78c0e..75f606f382 100644
--- a/stackrc
+++ b/stackrc
@@ -144,7 +144,7 @@ GIT_BASE=${GIT_BASE:-git://git.openstack.org}
 CEILOMETER_REPO=${CEILOMETER_REPO:-${GIT_BASE}/openstack/ceilometer.git}
 CEILOMETER_BRANCH=${CEILOMETER_BRANCH:-master}
 
-# volume service
+# block storage service
 CINDER_REPO=${CINDER_REPO:-${GIT_BASE}/openstack/cinder.git}
 CINDER_BRANCH=${CINDER_BRANCH:-master}
 
@@ -176,7 +176,11 @@ NEUTRON_BRANCH=${NEUTRON_BRANCH:-master}
 NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git}
 NOVA_BRANCH=${NOVA_BRANCH:-master}
 
-# storage service
+# data processing service
+SAHARA_REPO=${SAHARA_REPO:-${GIT_BASE}/openstack/sahara.git}
+SAHARA_BRANCH=${SAHARA_BRANCH:-master}
+
+# object storage service
 SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git}
 SWIFT_BRANCH=${SWIFT_BRANCH:-master}
 
@@ -241,6 +245,10 @@ GITBRANCH["python-neutronclient"]=${NEUTRONCLIENT_BRANCH:-master}
 GITREPO["python-novaclient"]=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git}
 GITBRANCH["python-novaclient"]=${NOVACLIENT_BRANCH:-master}
 
+# python saharaclient
+GITREPO["python-saharaclient"]=${SAHARACLIENT_REPO:-${GIT_BASE}/openstack/python-saharaclient.git}
+GITBRANCH["python-saharaclient"]=${SAHARACLIENT_BRANCH:-master}
+
 # python swift client library
 GITREPO["python-swiftclient"]=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
 GITBRANCH["python-swiftclient"]=${SWIFTCLIENT_BRANCH:-master}
@@ -330,8 +338,8 @@ GITBRANCH["pbr"]=${PBR_BRANCH:-master}
 ##################
 
 # glance store library
-GLANCE_STORE_REPO=${GLANCE_STORE_REPO:-${GIT_BASE}/openstack/glance_store.git}
-GLANCE_STORE_BRANCH=${GLANCE_STORE_BRANCH:-master}
+GITREPO["glance_store"]=${GLANCE_STORE_REPO:-${GIT_BASE}/openstack/glance_store.git}
+GITBRANCH["glance_store"]=${GLANCE_STORE_BRANCH:-master}
 
 # heat-cfntools server agent
 HEAT_CFNTOOLS_REPO=${HEAT_CFNTOOLS_REPO:-${GIT_BASE}/openstack/heat-cfntools.git}

From ae9ee6bf97c721e43f468b70eb6fb5c234e3eeba Mon Sep 17 00:00:00 2001
From: yunhong jiang 
Date: Wed, 8 Oct 2014 07:01:02 -0700
Subject: [PATCH 0137/3421] Add Ironic hardware deployment support

Currently devstack create VMs and then deploy Ironic on these VMs.
Sometimes developer may want to deploy on real platform.

A separated file is required to provide the baremetal compute node
information, which includes four fields for each hardware platform,
the ipmi address, the mac address, the ipmi user name and the
password.

Change-Id: I422b43eae6edc95f15b8c40383d0ba7fbcd9b1ff
---
 lib/ironic  | 89 ++++++++++++++++++++++++++++++++++++++++++-----------
 lib/neutron | 17 +++++++++-
 2 files changed, 87 insertions(+), 19 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index afe69f2df8..a0a93d5deb 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -40,6 +40,18 @@ IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf
 IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf
 IRONIC_POLICY_JSON=$IRONIC_CONF_DIR/policy.json
 
+# Deploy to hardware platform
+IRONIC_HW_NODE_CPU=${IRONIC_HW_NODE_CPU:-1}
+IRONIC_HW_NODE_RAM=${IRONIC_HW_NODE_RAM:-512}
+IRONIC_HW_NODE_DISK=${IRONIC_HW_NODE_DISK:-10}
+IRONIC_HW_EPHEMERAL_DISK=${IRONIC_HW_EPHEMERAL_DISK:-0}
+# The file is composed of multiple lines, each line includes four field
+# separated by white space: IPMI address, MAC address, IPMI username
+# and IPMI password.
+# An example:
+#   192.168.110.107 00:1e:67:57:50:4c root otc123
+IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info}
+
 # Set up defaults for functional / integration testing
 IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts}
 IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates}
@@ -51,6 +63,7 @@ IRONIC_SSH_KEY_FILENAME=${IRONIC_SSH_KEY_FILENAME:-ironic_key}
 IRONIC_KEY_FILE=$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME
 IRONIC_SSH_VIRT_TYPE=${IRONIC_SSH_VIRT_TYPE:-virsh}
 IRONIC_TFTPBOOT_DIR=${IRONIC_TFTPBOOT_DIR:-$IRONIC_DATA_DIR/tftpboot}
+IRONIC_TFTPSERVER_IP=${IRONIC_TFTPSERVER_IP:-$HOST_IP}
 IRONIC_VM_SSH_PORT=${IRONIC_VM_SSH_PORT:-22}
 IRONIC_VM_SSH_ADDRESS=${IRONIC_VM_SSH_ADDRESS:-$HOST_IP}
 IRONIC_VM_COUNT=${IRONIC_VM_COUNT:-1}
@@ -80,7 +93,7 @@ IRONIC_AGENT_KERNEL_URL=${IRONIC_AGENT_KERNEL_URL:-http://tarballs.openstack.org
 IRONIC_AGENT_RAMDISK_URL=${IRONIC_AGENT_RAMDISK_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz}
 
 # Which deploy driver to use - valid choices right now
-# are 'pxe_ssh' and 'agent_ssh'.
+# are 'pxe_ssh', 'pxe_ipmitool' and 'agent_ssh'.
 IRONIC_DEPLOY_DRIVER=${IRONIC_DEPLOY_DRIVER:-pxe_ssh}
 
 #TODO(agordeev): replace 'ubuntu' with host distro name getting
@@ -133,6 +146,11 @@ function is_ironic_enabled {
     return 1
 }
 
+function is_ironic_hardware {
+    is_ironic_enabled && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0
+    return 1
+}
+
 # install_ironic() - Collect source and prepare
 function install_ironic {
     # make sure all needed service were enabled
@@ -273,7 +291,7 @@ function configure_ironic_conductor {
     iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
     iniset $IRONIC_CONF_FILE DEFAULT enabled_drivers $IRONIC_ENABLED_DRIVERS
     iniset $IRONIC_CONF_FILE conductor api_url http://$HOST_IP:6385
-    iniset $IRONIC_CONF_FILE pxe tftp_server $HOST_IP
+    iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
     iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
     iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
     if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
@@ -475,7 +493,7 @@ function create_bridge_and_vms {
     create_ovs_taps
 }
 
-function enroll_vms {
+function enroll_nodes {
     local chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2)
     local idx=0
 
@@ -487,34 +505,65 @@ function enroll_vms {
         local _IRONIC_DEPLOY_RAMDISK_KEY=deploy_ramdisk
     fi
 
-    while read MAC; do
-
-        local node_id=$(ironic node-create --chassis_uuid $chassis_id \
-            --driver $IRONIC_DEPLOY_DRIVER \
+    if ! is_ironic_hardware; then
+        local ironic_node_cpu=$IRONIC_VM_SPECS_CPU
+        local ironic_node_ram=$IRONIC_VM_SPECS_RAM
+        local ironic_node_disk=$IRONIC_VM_SPECS_DISK
+        local ironic_ephemeral_disk=$IRONIC_VM_EPHEMERAL_DISK
+        local ironic_hwinfo_file=$IRONIC_VM_MACS_CSV_FILE
+        local node_options="\
             -i $_IRONIC_DEPLOY_KERNEL_KEY=$IRONIC_DEPLOY_KERNEL_ID \
             -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID \
             -i ssh_virt_type=$IRONIC_SSH_VIRT_TYPE \
             -i ssh_address=$IRONIC_VM_SSH_ADDRESS \
             -i ssh_port=$IRONIC_VM_SSH_PORT \
             -i ssh_username=$IRONIC_SSH_USERNAME \
-            -i ssh_key_filename=$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME \
-            -p cpus=$IRONIC_VM_SPECS_CPU \
-            -p memory_mb=$IRONIC_VM_SPECS_RAM \
-            -p local_gb=$IRONIC_VM_SPECS_DISK \
+            -i ssh_key_filename=$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME"
+    else
+        local ironic_node_cpu=$IRONIC_HW_NODE_CPU
+        local ironic_node_ram=$IRONIC_HW_NODE_RAM
+        local ironic_node_disk=$IRONIC_HW_NODE_DISK
+        local ironic_ephemeral_disk=$IRONIC_HW_EPHEMERAL_DISK
+        if [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then
+            local ironic_hwinfo_file=$IRONIC_IPMIINFO_FILE
+        fi
+    fi
+
+    while read hardware_info; do
+        if ! is_ironic_hardware; then
+            local mac_address=$hardware_info
+        elif [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then
+            local ipmi_address=$(echo $hardware_info |awk  '{print $1}')
+            local mac_address=$(echo $hardware_info |awk '{print $2}')
+            local ironic_ipmi_username=$(echo $hardware_info |awk '{print $3}')
+            local ironic_ipmi_passwd=$(echo $hardware_info |awk '{print $4}')
+            # Currently we require all hardware platform have same CPU/RAM/DISK info
+            # in future, this can be enhanced to support different type, and then
+            # we create the bare metal flavor with minimum value
+            local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\
+                -i ipmi_username=$ironic_ipmi_username"
+        fi
+
+        local node_id=$(ironic node-create --chassis_uuid $chassis_id \
+            --driver $IRONIC_DEPLOY_DRIVER \
+            -p cpus=$ironic_node_cpu\
+            -p memory_mb=$ironic_node_ram\
+            -p local_gb=$ironic_node_disk\
             -p cpu_arch=x86_64 \
+            $node_options \
             | grep " uuid " | get_field 2)
 
-        ironic port-create --address $MAC --node_uuid $node_id
+        ironic port-create --address $mac_address --node_uuid $node_id
 
         idx=$((idx+1))
-    done < $IRONIC_VM_MACS_CSV_FILE
+    done < $ironic_hwinfo_file
 
     # create the nova flavor
     # NOTE(adam_g): Attempting to use an autogenerated UUID for flavor id here uncovered
     # bug (LP: #1333852) in Trove.  This can be changed to use an auto flavor id when the
     # bug is fixed in Juno.
-    local adjusted_disk=$(($IRONIC_VM_SPECS_DISK - $IRONIC_VM_EPHEMERAL_DISK))
-    nova flavor-create --ephemeral $IRONIC_VM_EPHEMERAL_DISK baremetal 551 $IRONIC_VM_SPECS_RAM $adjusted_disk $IRONIC_VM_SPECS_CPU
+    local adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
+    nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal 551 $ironic_node_ram $adjusted_disk $ironic_node_cpu
 
     # TODO(lucasagomes): Remove the 'baremetal:deploy_kernel_id'
     # and 'baremetal:deploy_ramdisk_id' parameters
@@ -662,11 +711,15 @@ function upload_baremetal_ironic_deploy {
 
 function prepare_baremetal_basic_ops {
     upload_baremetal_ironic_deploy
-    create_bridge_and_vms
-    enroll_vms
+    if ! is_ironic_hardware; then
+        create_bridge_and_vms
+    fi
+    enroll_nodes
     configure_tftpd
     configure_iptables
-    configure_ironic_auxiliary
+    if ! is_ironic_hardware; then
+        configure_ironic_auxiliary
+    fi
 }
 
 function cleanup_baremetal_basic_ops {
diff --git a/lib/neutron b/lib/neutron
index 8295a738b7..db6bd47ced 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -523,7 +523,7 @@ function create_neutron_initial_network {
         die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
         die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
         NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
-        SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+        SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
         SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
         sudo ip link set $OVS_PHYSICAL_BRIDGE up
         sudo ip link set br-int up
@@ -678,6 +678,13 @@ function start_neutron_agents {
         sudo ip link set $OVS_PHYSICAL_BRIDGE up
         sudo ip link set br-int up
         sudo ip link set $PUBLIC_INTERFACE up
+        if is_ironic_hardware; then
+            for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
+                sudo ip addr del $IP dev $PUBLIC_INTERFACE
+                sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
+            done
+            sudo route add -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+        fi
     fi
 
     if is_service_enabled q-vpn; then
@@ -729,6 +736,14 @@ function stop_neutron {
 # cleanup_neutron() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_neutron {
+    if [[ is_provider_network && is_ironic_hardware ]]; then
+        for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
+            sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
+            sudo ip addr add $IP dev $PUBLIC_INTERFACE
+        done
+        sudo route del -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+    fi
+
     if is_neutron_ovs_base_plugin; then
         neutron_ovs_base_cleanup
     fi

From 425e8447f1db92af03c02c1bf42456773206c8a9 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Fri, 14 Nov 2014 11:09:16 +0000
Subject: [PATCH 0138/3421] Fix a typo of python-cinderclient GITBRANCH

A left out N. Causes various failures in shell evaluation.

Change-Id: Icc09998c645ef2b975cb24b56d0f71c60289c188
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index c7bad78c0e..d59166ebae 100644
--- a/stackrc
+++ b/stackrc
@@ -215,7 +215,7 @@ GITBRANCH["python-ceilometerclient"]=${CEILOMETERCLIENT_BRANCH:-master}
 
 # volume client
 GITREPO["python-cinderclient"]=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
-GITBRACH["python-cinderclient"]=${CINDERCLIENT_BRANCH:-master}
+GITBRANCH["python-cinderclient"]=${CINDERCLIENT_BRANCH:-master}
 
 # python glance client library
 GITREPO["python-glanceclient"]=${GLANCECLIENT_REPO:-${GIT_BASE}/openstack/python-glanceclient.git}

From 3c8973a90abc7601e46e2fcaf3d50343338e24d8 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 14 Nov 2014 09:31:02 -0500
Subject: [PATCH 0139/3421] support installing django_openstack_auth from pypi

Part of the libs from pypi conversion, convert django_openstack_auth
to this format.

Change-Id: I97c8ea19d8aed1e0bdd62c06cfadd1d616573d76
---
 lib/horizon | 26 +++++++++++++-------------
 stackrc     |  4 ++--
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/lib/horizon b/lib/horizon
index 0213948633..1b53831135 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -25,8 +25,9 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["django_openstack_auth"]=$DEST/django_openstack_auth
+
 HORIZON_DIR=$DEST/horizon
-HORIZONAUTH_DIR=$DEST/django_openstack_auth
 
 # local_settings.py is used to customize Dashboard settings.
 # The example file in Horizon repo is used by default.
@@ -89,9 +90,7 @@ function configure_horizon {
     # Horizon is installed as develop mode, so we can compile here.
     # Message catalog compilation is handled by Django admin script,
     # so compiling them after the installation avoids Django installation twice.
-    cd $HORIZON_DIR
-    ./run_tests.sh -N --compilemessages
-    cd -
+    (cd $HORIZON_DIR; ./run_tests.sh -N --compilemessages)
 }
 
 # init_horizon() - Initialize databases, etc.
@@ -145,15 +144,16 @@ function init_horizon {
 
 # install_django_openstack_auth() - Collect source and prepare
 function install_django_openstack_auth {
-    git_clone $HORIZONAUTH_REPO $HORIZONAUTH_DIR $HORIZONAUTH_BRANCH
-
-    # Compile message catalogs before installation
-    _prepare_message_catalog_compilation
-    cd $HORIZONAUTH_DIR
-    python setup.py compile_catalog
-    cd -
-
-    setup_install $HORIZONAUTH_DIR
+    if use_library_from_git "django_openstack_auth"; then
+        local dir=${GITDIR["django_openstack_auth"]}
+        git_clone_by_name "django_openstack_auth"
+        # Compile message catalogs before installation
+        _prepare_message_catalog_compilation
+        (cd $dir; python setup.py compile_catalog)
+        setup_dev_lib "django_openstack_auth"
+    fi
+    # if we aren't using this library from git, then we just let it
+    # get dragged in by the horizon setup.
 }
 
 # install_horizon() - Collect source and prepare
diff --git a/stackrc b/stackrc
index 75f606f382..a404ad88f4 100644
--- a/stackrc
+++ b/stackrc
@@ -350,8 +350,8 @@ HEAT_TEMPLATES_REPO=${HEAT_TEMPLATES_REPO:-${GIT_BASE}/openstack/heat-templates.
 HEAT_TEMPLATES_BRANCH=${HEAT_TEMPLATES_BRANCH:-master}
 
 # django openstack_auth library
-HORIZONAUTH_REPO=${HORIZONAUTH_REPO:-${GIT_BASE}/openstack/django_openstack_auth.git}
-HORIZONAUTH_BRANCH=${HORIZONAUTH_BRANCH:-master}
+GITREPO["django_openstack_auth"]=${HORIZONAUTH_REPO:-${GIT_BASE}/openstack/django_openstack_auth.git}
+GITBRANCH["django_openstack_auth"]=${HORIZONAUTH_BRANCH:-master}
 
 # keystone middleware
 KEYSTONEMIDDLEWARE_REPO=${KEYSTONEMIDDLEWARE_REPO:-${GIT_BASE}/openstack/keystonemiddleware.git}

From 658312ca2f54aaabd43f91d2fca73cbee0319735 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 14 Nov 2014 11:35:56 -0500
Subject: [PATCH 0140/3421] move keystonemiddleware to pypi libs

Make keystonemiddleware install from pypi releases by default

Change-Id: I3dc4b096b4184f4cf00fb0df66b76fcc8f19785b
---
 lib/keystone | 9 +++++----
 stackrc      | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index e2c823a89e..72a79be44d 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -34,6 +34,7 @@ set +o xtrace
 
 # Set up default directories
 GITDIR["python-keystoneclient"]=$DEST/python-keystoneclient
+GITDIR["keystonemiddleware"]=$DEST/keystonemiddleware
 
 KEYSTONE_DIR=$DEST/keystone
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
@@ -46,8 +47,6 @@ else
     KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
 fi
 
-KEYSTONEMIDDLEWARE_DIR=$DEST/keystonemiddleware
-
 # Set up additional extensions, such as oauth1, federation
 # Example of KEYSTONE_EXTENSIONS=oauth1,federation
 KEYSTONE_EXTENSIONS=${KEYSTONE_EXTENSIONS:-}
@@ -489,8 +488,10 @@ function install_keystoneclient {
 
 # install_keystonemiddleware() - Collect source and prepare
 function install_keystonemiddleware {
-    git_clone $KEYSTONEMIDDLEWARE_REPO $KEYSTONEMIDDLEWARE_DIR $KEYSTONEMIDDLEWARE_BRANCH
-    setup_install $KEYSTONEMIDDLEWARE_DIR
+    if use_library_from_git "keystonemiddleware"; then
+        git_clone_by_name "keystonemiddleware"
+        setup_dev_lib "keystonemiddleware"
+    fi
 }
 
 # install_keystone() - Collect source and prepare
diff --git a/stackrc b/stackrc
index a404ad88f4..d54a497bb0 100644
--- a/stackrc
+++ b/stackrc
@@ -354,8 +354,8 @@ GITREPO["django_openstack_auth"]=${HORIZONAUTH_REPO:-${GIT_BASE}/openstack/djang
 GITBRANCH["django_openstack_auth"]=${HORIZONAUTH_BRANCH:-master}
 
 # keystone middleware
-KEYSTONEMIDDLEWARE_REPO=${KEYSTONEMIDDLEWARE_REPO:-${GIT_BASE}/openstack/keystonemiddleware.git}
-KEYSTONEMIDDLEWARE_BRANCH=${KEYSTONEMIDDLEWARE_BRANCH:-master}
+GITREPO["keystonemiddleware"]=${KEYSTONEMIDDLEWARE_REPO:-${GIT_BASE}/openstack/keystonemiddleware.git}
+GITBRANCH["keystonemiddleware"]=${KEYSTONEMIDDLEWARE_BRANCH:-master}
 
 # s3 support for swift
 SWIFT3_REPO=${SWIFT3_REPO:-${GIT_BASE}/stackforge/swift3.git}

From 6a41ba20e7978c5f62a125412a9489d59e520a43 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 17 Nov 2014 10:46:56 +1100
Subject: [PATCH 0141/3421] Remove rackspace/centos7 work-around

The current centos 7 images from rackspace do not have cloud-init
installed via pip, so this is no longer needed.  This work around is
actually a little wrong too, see the bug.

Change-Id: I6642593ca2248d9e01f653cc8e70c70ba8372e50
Partial-bug: #1393073
---
 stack.sh | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/stack.sh b/stack.sh
index 7635f32298..ef4591e232 100755
--- a/stack.sh
+++ b/stack.sh
@@ -209,14 +209,6 @@ if is_ubuntu; then
     echo 'APT::Acquire::Retries "20";' | sudo tee /etc/apt/apt.conf.d/80retry  >/dev/null
 fi
 
-# upstream Rackspace centos7 images have an issue where cloud-init is
-# installed via pip because there were not official packages when the
-# image was created (fix in the works).  Remove all pip packages
-# before we do anything else
-if [[ $DISTRO = "rhel7" && is_rackspace ]]; then
-    (sudo pip freeze | xargs sudo pip uninstall -y) || true
-fi
-
 # Some distros need to add repos beyond the defaults provided by the vendor
 # to pick up required packages.
 

From 0eed532ce392f7db7cc004ca4b28c22407499d1d Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Sat, 15 Nov 2014 17:15:49 -0300
Subject: [PATCH 0142/3421] Remove nose things

We don't use nose anywhere in anything related to devstack. The only
legitimate OpenStack things that are still nose are horizon and swift
unittests, and it turns out we don't really run those in devstack.

Change-Id: I215e0f3664f269e0e1b8f5d5f9c70553dededddd
---
 tools/fixup_stuff.sh | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index b8beb01583..ca465339b7 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -18,7 +18,6 @@
 #   - (re)start messagebus daemon
 #   - remove distro packages python-crypto and python-lxml
 #   - pre-install hgtools to work around a bug in RHEL6 distribute
-#   - install nose 1.1 from EPEL
 
 # If TOP_DIR is set we're being sourced rather than running stand-alone
 # or in a sub-shell
@@ -179,14 +178,6 @@ if [[ $DISTRO =~ (rhel6) ]]; then
     # Note we do this before the track-depends in ``stack.sh``.
     pip_install hgtools
 
-
-    # RHEL6's version of ``python-nose`` is incompatible with Tempest.
-    # Install nose 1.1 (Tempest-compatible) from EPEL
-    install_package python-nose1.1
-    # Add a symlink for the new nosetests to allow tox for Tempest to
-    # work unmolested.
-    sudo ln -sf /usr/bin/nosetests1.1 /usr/local/bin/nosetests
-
     # workaround for https://code.google.com/p/unittest-ext/issues/detail?id=79
     install_package python-unittest2 patch
     pip_install discover

From dc73d39a3006f92b2902a08279377634efb03094 Mon Sep 17 00:00:00 2001
From: Ken'ichi Ohmichi 
Date: Mon, 17 Nov 2014 03:54:58 +0000
Subject: [PATCH 0143/3421] Add TEMPEST_ENABLE_NOVA_XML_API option

XML support of Nova API has been deprecated with the following
message:
  XML support has been deprecated and may be removed as early
  as the Juno release.
Now Kilo development cycle started, so we should disable Nova
API XML tests on Tempest.

This patch adds TEMPEST_ENABLE_NOVA_XML_API option for setting
Tempest test by devstack-gate. The default value is True because
of keeping the test coverage. After merging a devstack-gate patch
which specifes True for stable/icehouse and stable/juno, we will
set False for the master blanch.

I4acc15ce5f487738bb34a95c2261a5d05d827d8d is a Nova patch which
removes XML API support.

Change-Id: I2ab8f5c3d15b496e0b639c99bb8592533a69a265
---
 lib/tempest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tempest b/lib/tempest
index 9e025a1096..7ef8a308e3 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -303,6 +303,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
     iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False}
     iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions ${COMPUTE_API_EXTENSIONS:-"all"}
+    iniset $TEMPEST_CONFIG compute-feature-enabled xml_api_v2 ${TEMPEST_ENABLE_NOVA_XML_API:-True}
     iniset $TEMPEST_CONFIG compute-feature-disabled api_extensions ${DISABLE_COMPUTE_API_EXTENSIONS}
 
     # Compute admin

From 7d0a0f7d48222369f36a1a5a27a39c45430c9615 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Mon, 17 Nov 2014 00:03:47 -0500
Subject: [PATCH 0144/3421] Remove hardcoded protocol from backup_swift_url

Use SWIFT_SERVICE_PROTOCOL when configuring backup_swift_url for
cinder configuration.

Change-Id: I09de62e8deca86b473cee969ba2c5919d4f9892d
Closes-Bug: #1393554
---
 lib/cinder | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cinder b/lib/cinder
index eb3cbe86cf..611e1ca5d9 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -258,7 +258,7 @@ function configure_cinder {
     fi
 
     if is_service_enabled swift; then
-        iniset $CINDER_CONF DEFAULT backup_swift_url "http://$SERVICE_HOST:8080/v1/AUTH_"
+        iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_"
     fi
 
     if is_service_enabled ceilometer; then

From 21529a50e3b49ce378da88ce10ce903933fa3a02 Mon Sep 17 00:00:00 2001
From: John Davidge 
Date: Mon, 30 Jun 2014 09:55:11 -0400
Subject: [PATCH 0145/3421] Add IPv6 support for tenant data network

Define IP_VERSION with one of the three values 4, 6, or 4+6 in
your localrc to indicate if you intend to run your tenant data network
as either IPv4, IPv6, or dual stack respectively. Default value is 4.

If your IP_VERSION is set to 6 or 4+6, then the following variables
should be defined in your localrc:
  - FIXED_RANGE_V6: The IPv6 prefix for your tenant network
  - IPV6_PRIVATE_NETWORK_GATEWAY: The gateway IP with the same prefix
  - IPV6_RA_MODE (with default as slaac)
  - IPV6_ADDRESS_MODE (with default as slaac)

If you're going to use IPV6_RA_MODE/IPV6_ADDRESS_MODE settings other
than the defaults then you should make sure your VM image has dhcpv6
client enabled at bootup, otherwise you'll need to run it manually
after the VM is booted.

It's recommended to run the latest version of dnsmasq 2.68.
If you intend to enable internet access in your VM, make sure
your network node has IPv6 internet access, and the IPv6 prefix for
your tenant network is a GUA and routable.

Implements: blueprint ipv6-support
Change-Id: I848abf18e00e2a869697c5ef6366bc567dde448a
Co-Authored-By: John Davidge 
---
 doc/source/configuration.rst |  29 +++++
 lib/neutron                  | 244 ++++++++++++++++++++++++++++++-----
 2 files changed, 242 insertions(+), 31 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index a4d940d762..ba36ebd1b8 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -321,6 +321,35 @@ API rate limits
 
         API_RATE_LIMIT=False
 
+IP Version
+    | Default: ``IP_VERSION=4``
+    | This setting can be used to configure DevStack to create either an IPv4,
+      IPv6, or dual stack tenant data network by setting ``IP_VERSION`` to
+      either ``IP_VERSION=4``, ``IP_VERSION=6``, or ``IP_VERSION=4+6``
+      respectively. This functionality requires that the Neutron networking
+      service is enabled by setting the following options:
+    |
+
+    ::
+
+        disable_service n-net
+        enable_service q-svc q-agt q-dhcp q-l3
+
+    | The following optional variables can be used to alter the default IPv6
+      behavior:
+    |
+
+    ::
+
+        IPV6_RA_MODE=slaac
+        IPV6_ADDRESS_MODE=slaac
+        FIXED_RANGE_V6=fd$IPV6_GLOBAL_ID::/64
+        IPV6_PRIVATE_NETWORK_GATEWAY=fd$IPV6_GLOBAL_ID::1
+
+    | *Note: ``FIXED_RANGE_V6`` and ``IPV6_PRIVATE_NETWORK_GATEWAY``
+      can be configured with any valid IPv6 prefix. The default values make
+      use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC 4193.*
+
 Examples
 ~~~~~~~~
 
diff --git a/lib/neutron b/lib/neutron
index 8295a738b7..8bf4310a27 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -51,10 +51,22 @@
 #
 # With Neutron networking the NETWORK_MANAGER variable is ignored.
 
+# Settings
+# --------
+
+# Timeout value in seconds to wait for IPv6 gateway configuration
+GATEWAY_TIMEOUT=30
+
 
 # Neutron Network Configuration
 # -----------------------------
 
+# Subnet IP version
+IP_VERSION=${IP_VERSION:-4}
+# Validate IP_VERSION
+if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
+    die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
+fi
 # Gateway and subnet defaults, in case they are not customized in localrc
 NETWORK_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
 PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
@@ -65,6 +77,22 @@ if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
     Q_PROTOCOL="https"
 fi
 
+# Generate 40-bit IPv6 Global ID to comply with RFC 4193
+IPV6_GLOBAL_ID=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
+
+# IPv6 gateway and subnet defaults, in case they are not customized in localrc
+IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}
+IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
+IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
+IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
+FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
+IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-fd$IPV6_GLOBAL_ID::1}
+IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-fe80:cafe:cafe::/64}
+IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-fe80:cafe:cafe::2}
+# IPV6_ROUTER_GW_IP must be defined when IP_VERSION=4+6 as it cannot be
+# obtained conventionally until the l3-agent has support for dual-stack
+# TODO (john-davidge) Remove once l3-agent supports dual-stack
+IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
 
 # Set up default directories
 GITDIR["python-neutronclient"]=$DEST/python-neutronclient
@@ -531,8 +559,16 @@ function create_neutron_initial_network {
     else
         NET_ID=$(neutron net-create --tenant-id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
         die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
-        SUBNET_ID=$(neutron subnet-create --tenant-id $TENANT_ID --ip_version 4 --gateway $NETWORK_GATEWAY --name $PRIVATE_SUBNET_NAME $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
-        die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $TENANT_ID"
+
+        if [[ "$IP_VERSION" =~ 4.* ]]; then
+            # Create IPv4 private subnet
+            SUBNET_ID=$(_neutron_create_private_subnet_v4)
+        fi
+
+        if [[ "$IP_VERSION" =~ .*6 ]]; then
+            # Create IPv6 private subnet
+            IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6)
+        fi
     fi
 
     if [[ "$Q_L3_ENABLED" == "True" ]]; then
@@ -546,7 +582,7 @@ function create_neutron_initial_network {
             ROUTER_ID=$(neutron router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
             die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
         fi
-        neutron router-interface-add $ROUTER_ID $SUBNET_ID
+
         # Create an external network, and a subnet. Configure the external network as router gw
         if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
             EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
@@ -554,35 +590,15 @@ function create_neutron_initial_network {
             EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
         fi
         die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
-        EXT_GW_IP=$(neutron subnet-create --ip_version 4 ${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} --gateway $PUBLIC_NETWORK_GATEWAY --name $PUBLIC_SUBNET_NAME $EXT_NET_ID $FLOATING_RANGE -- --enable_dhcp=False | grep 'gateway_ip' | get_field 2)
-        die_if_not_set $LINENO EXT_GW_IP "Failure creating EXT_GW_IP"
-        neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
 
-        if is_service_enabled q-l3; then
-            # logic is specific to using the l3-agent for l3
-            if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-                local ext_gw_interface
-
-                if [[ "$Q_USE_PUBLIC_VETH" = "True" ]]; then
-                    ext_gw_interface=$Q_PUBLIC_VETH_EX
-                else
-                    # Disable in-band as we are going to use local port
-                    # to communicate with VMs
-                    sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
-                        other_config:disable-in-band=true
-                    ext_gw_interface=$PUBLIC_BRIDGE
-                fi
-                CIDR_LEN=${FLOATING_RANGE#*/}
-                sudo ip addr add $EXT_GW_IP/$CIDR_LEN dev $ext_gw_interface
-                sudo ip link set $ext_gw_interface up
-                ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' '{ print $8; }'`
-                die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
-                sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
-            fi
-            if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
-                # Explicitly set router id in l3 agent configuration
-                iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
-            fi
+        if [[ "$IP_VERSION" =~ 4.* ]]; then
+            # Configure router for IPv4 public access
+            _neutron_configure_router_v4
+        fi
+
+        if [[ "$IP_VERSION" =~ .*6 ]]; then
+            # Configure router for IPv6 public access
+            _neutron_configure_router_v6
         fi
     fi
 }
@@ -1050,6 +1066,172 @@ function _neutron_setup_interface_driver {
     neutron_plugin_setup_interface_driver $1
 }
 
+# Create private IPv4 subnet
+function _neutron_create_private_subnet_v4 {
+    local subnet_params="--tenant-id $TENANT_ID "
+    subnet_params+="--ip_version 4 "
+    subnet_params+="--gateway $NETWORK_GATEWAY "
+    subnet_params+="--name $PRIVATE_SUBNET_NAME "
+    subnet_params+="$NET_ID $FIXED_RANGE"
+    local subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
+    die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $TENANT_ID"
+    echo $subnet_id
+}
+
+# Create private IPv6 subnet
+function _neutron_create_private_subnet_v6 {
+    die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
+    die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
+    local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
+    local subnet_params="--tenant-id $TENANT_ID "
+    subnet_params+="--ip_version 6 "
+    subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
+    subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
+    subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
+    local ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
+    die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $TENANT_ID"
+    echo $ipv6_subnet_id
+}
+
+# Create public IPv4 subnet
+function _neutron_create_public_subnet_v4 {
+    local subnet_params+="--ip_version 4 "
+    subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
+    subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
+    subnet_params+="--name $PUBLIC_SUBNET_NAME "
+    subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
+    subnet_params+="-- --enable_dhcp=False"
+    local id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+    die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
+    echo $id_and_ext_gw_ip
+}
+
+# Create public IPv6 subnet
+function _neutron_create_public_subnet_v6 {
+    local subnet_params="--ip_version 6 "
+    subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
+    subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
+    subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
+    subnet_params+="-- --enable_dhcp=False"
+    local ipv6_id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+    die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
+    echo $ipv6_id_and_ext_gw_ip
+}
+
+# Configure neutron router for IPv4 public access
+function _neutron_configure_router_v4 {
+    neutron router-interface-add $ROUTER_ID $SUBNET_ID
+    # Create a public subnet on the external network
+    local id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
+    local ext_gw_ip=$(echo $id_and_ext_gw_ip  | get_field 2)
+    PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
+    # Configure the external network as the default router gateway
+    neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
+
+    # This logic is specific to using the l3-agent for layer 3
+    if is_service_enabled q-l3; then
+        # Configure and enable public bridge
+        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
+            local cidr_len=${FLOATING_RANGE#*/}
+            sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
+            sudo ip link set $ext_gw_interface up
+            ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
+            die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
+            sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
+        fi
+        _neutron_set_router_id
+    fi
+}
+
+# Configure neutron router for IPv6 public access
+function _neutron_configure_router_v6 {
+    neutron router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
+    # Create a public subnet on the external network
+    local ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
+    local ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
+    local ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
+
+    # If the external network has not already been set as the default router
+    # gateway when configuring an IPv4 public subnet, do so now
+    if [[ "$IP_VERSION" == "6" ]]; then
+        neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
+    fi
+
+    # This logic is specific to using the l3-agent for layer 3
+    if is_service_enabled q-l3; then
+        local ipv6_router_gw_port
+        # Ensure IPv6 forwarding is enabled on the host
+        sudo sysctl -w net.ipv6.conf.all.forwarding=1
+        # Configure and enable public bridge
+        if [[ "$IP_VERSION" = "6" ]]; then
+            # Override global IPV6_ROUTER_GW_IP with the true value from neutron
+            IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
+            die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
+            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
+            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
+        else
+            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
+            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
+        fi
+
+        # The ovs_base_configure_l3_agent function flushes the public
+        # bridge's ip addresses, so turn IPv6 support in the host off
+        # and then on to recover the public bridge's link local address
+        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=1
+        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=0
+        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
+            local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
+
+            # Define router_ns based on whether DVR is enabled
+            local router_ns=qrouter
+            if [[ "$Q_DVR_MODE" == "dvr_snat" ]]; then
+                router_ns=snat
+            fi
+
+            # Configure interface for public bridge
+            sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
+
+            # Wait until layer 3 agent has configured the gateway port on
+            # the public bridge, then add gateway address to the interface
+            # TODO (john-davidge) Remove once l3-agent supports dual-stack
+            if [[ "$IP_VERSION" == "4+6" ]]; then
+                if ! timeout $GATEWAY_TIMEOUT sh -c "until sudo ip netns exec $router_ns-$ROUTER_ID ip addr show qg-${ipv6_router_gw_port:0:11} | grep $ROUTER_GW_IP; do sleep 1; done"; then
+                    die $LINENO "Timeout retrieving ROUTER_GW_IP"
+                fi
+                # Configure the gateway port with the public IPv6 adress
+                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 addr add $IPV6_ROUTER_GW_IP/$ipv6_cidr_len dev qg-${ipv6_router_gw_port:0:11}
+                # Add a default IPv6 route to the neutron router as the
+                # l3-agent does not add one in the dual-stack case
+                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 route replace default via $ipv6_ext_gw_ip dev qg-${ipv6_router_gw_port:0:11}
+            fi
+            sudo ip -6 route add $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
+        fi
+        _neutron_set_router_id
+    fi
+}
+
+# Explicitly set router id in l3 agent configuration
+function _neutron_set_router_id {
+    if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
+        iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
+    fi
+}
+
+# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
+function _neutron_get_ext_gw_interface {
+    if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
+        echo $Q_PUBLIC_VETH_EX
+    else
+        # Disable in-band as we are going to use local port
+        # to communicate with VMs
+        sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
+            other_config:disable-in-band=true
+        echo $PUBLIC_BRIDGE
+    fi
+}
+
 # Functions for Neutron Exercises
 #--------------------------------
 

From b3fdb1c93593faa6fb674937155f911beb2f0200 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Mon, 17 Nov 2014 12:45:09 -0600
Subject: [PATCH 0146/3421] Simplify docs build

Remove unnecessary old code from tools/build_docs.sh; it now only builds
docs for the current branch in the current working directory.

Fix the merging if the git log changes into changes.html.

Change-Id: I965dc3383b6317807ca0d47fe42648a19e96b57b
---
 doc/source/changes.rst |  2 +
 tools/build_docs.sh    | 87 ++++--------------------------------------
 tox.ini                |  2 +-
 3 files changed, 11 insertions(+), 80 deletions(-)

diff --git a/doc/source/changes.rst b/doc/source/changes.rst
index f4a326d60e..abe132c31c 100644
--- a/doc/source/changes.rst
+++ b/doc/source/changes.rst
@@ -8,3 +8,5 @@ Recent Changes What's been happening?
 These are the commits to DevStack for the last six months. For the
 complete list see `the DevStack project in
 Gerrit `__.
+
+%GIT_LOG%
diff --git a/tools/build_docs.sh b/tools/build_docs.sh
index f52b179b7e..929d1e0e6c 100755
--- a/tools/build_docs.sh
+++ b/tools/build_docs.sh
@@ -1,35 +1,19 @@
 #!/usr/bin/env bash
 
-# **build_docs.sh** - Build the gh-pages docs for DevStack
+# **build_docs.sh** - Build the docs for DevStack
 #
 # - Install shocco if not found on PATH and INSTALL_SHOCCO is set
 # - Clone MASTER_REPO branch MASTER_BRANCH
 # - Re-creates ``doc/build/html`` directory from existing repo + new generated script docs
 
 # Usage:
-## build_docs.sh [-o ] [-g] [master| []]
-##            The DevStack repository to clone (default is DevStack github repo)
-##                  If a repo is not supplied use the current directory
-##                  (assumed to be a DevStack checkout) as the source.
-##          The DevStack branch to check out (default is master; ignored if
-##                  repo is not specified)
-## .                Use the current repo and branch (do not use with -p to
-##                  prevent stray files in the workspace being added tot he docs)
+## build_docs.sh [-o ]
 ## -o      Write the static HTML output to 
 ##                  (Note that  will be deleted and re-created to ensure it is clean)
-## -g               Update the old gh-pages repo  (set PUSH=1 to actually push up to RCB)
 
 # Defaults
 # --------
 
-# Source repo/branch for DevStack
-MASTER_REPO=${MASTER_REPO:-git://git.openstack.org/openstack-dev/devstack}
-MASTER_BRANCH=${MASTER_BRANCH:-master}
-
-# http://devstack.org is a GitHub gh-pages site in the https://github.com/cloudbuilders/devtack.git repo
-GH_PAGES_REPO=git@github.com:cloudbuilders/devstack.git
-
-DOCS_SOURCE=doc/source
 HTML_BUILD=doc/build/html
 
 # Keep track of the devstack directory
@@ -60,10 +44,8 @@ if ! which shocco; then
 fi
 
 # Process command-line args
-while getopts go: c; do
+while getopts o: c; do
     case $c in
-        g)  GH_UPDATE=1
-            ;;
         o)  HTML_BUILD=$OPTARG
             ;;
     esac
@@ -71,55 +53,24 @@ done
 shift `expr $OPTIND - 1`
 
 
-if [[ -n "$1" ]]; then
-    master="master"
-    if [[ "${master/#$1}" != "master" ]]; then
-        # Partial match on "master"
-        REPO=$MASTER_REPO
-    else
-        REPO=$1
-    fi
-    REPO_BRANCH=${2:-$MASTER_BRANCH}
-fi
-
-# Check out a specific DevStack branch
-if [[ -n $REPO ]]; then
-    # Make a workspace
-    TMP_ROOT=$(mktemp -d work-docs-XXXX)
-    echo "Building docs in $TMP_ROOT"
-    cd $TMP_ROOT
-
-    # Get the master branch
-    git clone $REPO devstack
-    cd devstack
-    if [[ -n "$REPO_BRANCH" ]]; then
-        git checkout $REPO_BRANCH
-    fi
-fi
-
-# Assumption is we are now in the DevStack workspace to be processed
-
 # Processing
 # ----------
 
-# Clean up build dir
-rm -rf $HTML_BUILD
+# Ensure build dir exists
 mkdir -p $HTML_BUILD
 
 # Get fully qualified dirs
-FQ_DOCS_SOURCE=$(cd $DOCS_SOURCE && pwd)
 FQ_HTML_BUILD=$(cd $HTML_BUILD && pwd)
 
-# Get repo static
-cp -pr $FQ_DOCS_SOURCE/* $FQ_HTML_BUILD
-
 # Insert automated bits
 GLOG=$(mktemp gitlogXXXX)
+echo "
      " >$GLOG
 git log \
     --pretty=format:'            
    • %s - Commit %h %cd
      • ' \
     --date=short \
-    --since '6 months ago' | grep -v Merge >$GLOG
-sed -e $"/%GIT_LOG%/r $GLOG" $FQ_DOCS_SOURCE/changes.html >$FQ_HTML_BUILD/changes.html
+    --since '6 months ago' | grep -v Merge >>$GLOG
+echo "
    " >>$GLOG
+sed -i~ -e $"/^.*%GIT_LOG%.*$/r $GLOG" -e $"/^.*%GIT_LOG%.*$/s/^.*%GIT_LOG%.*$//" $FQ_HTML_BUILD/changes.html
 rm -f $GLOG
 
 # Build list of scripts to process
@@ -138,28 +89,6 @@ for f in $(find functions functions-common lib samples -type f -name \*); do
 done
 echo "$FILES" >doc/files
 
-if [[ -n $GH_UPDATE ]]; then
-    GH_ROOT=$(mktemp -d work-gh-XXXX)
-    cd $GH_ROOT
-
-    # Pull the latest docs branch from devstack.org repo
-    git clone -b gh-pages $GH_PAGES_REPO gh-docs
-
-    # Get the generated files
-    cp -pr $FQ_HTML_BUILD/* gh-docs
-
-    # Collect the new generated pages
-    (cd gh-docs; find . -name \*.html -print0 | xargs -0 git add)
-
-    # Push our changes back up to the docs branch
-    if ! git diff-index HEAD --quiet; then
-        git commit -a -m "Update script docs"
-        if [[ -n $PUSH ]]; then
-            git push
-        fi
-    fi
-fi
-
 # Clean up or report the temp workspace
 if [[ -n REPO && -n $PUSH_REPO ]]; then
     echo rm -rf $TMP_ROOT
diff --git a/tox.ini b/tox.ini
index c8d3909805..a958ae7ba4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -36,5 +36,5 @@ setenv =
   TOP_DIR={toxinidir}
   INSTALL_SHOCCO=true
 commands = 
-	bash tools/build_docs.sh
 	python setup.py build_sphinx
+	bash tools/build_docs.sh

From ffd66ad77ff07fff9812836b832bbcd952a61fff Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Mon, 17 Nov 2014 12:26:08 -0800
Subject: [PATCH 0147/3421] Log early boot of Ironic VMs to serial with sgabios

This adds sgabios to the list of packages for Ironic and configures
the libvirt domain to redirect BIOS messages to serial via sgabios,
when console logging is enabled.  The sgabios package in Ubuntu
currently has an apparmor bug, so that is worked around here.

This allows visibility into early boot of Ironic nodes and should
help get to the bottom of a frequent failure we're seeing in the gate.

Change-Id: Ifd18851e2d23d198d36e67883a81afc6a92d2a58
Related-Bug: #1393099
---
 files/apts/ironic                 | 1 +
 files/rpms/ironic                 | 1 +
 lib/ironic                        | 8 ++++++++
 tools/ironic/scripts/configure-vm | 2 ++
 tools/ironic/templates/vm.xml     | 1 +
 5 files changed, 13 insertions(+)

diff --git a/files/apts/ironic b/files/apts/ironic
index 45fdeccbb4..f6c7b74494 100644
--- a/files/apts/ironic
+++ b/files/apts/ironic
@@ -12,6 +12,7 @@ python-libvirt
 qemu
 qemu-kvm
 qemu-utils
+sgabios
 syslinux
 tftpd-hpa
 xinetd
diff --git a/files/rpms/ironic b/files/rpms/ironic
index e646f3a8aa..0a46314964 100644
--- a/files/rpms/ironic
+++ b/files/rpms/ironic
@@ -9,6 +9,7 @@ net-tools
 openssh-clients
 openvswitch
 python-libguestfs
+sgabios
 syslinux
 tftp-server
 xinetd
diff --git a/lib/ironic b/lib/ironic
index afe69f2df8..a8a78d42b2 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -147,6 +147,14 @@ function install_ironic {
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
         install_apache_wsgi
     fi
+
+    if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] && is_ubuntu; then
+        # Ubuntu packaging+apparmor issue prevents libvirt from loading
+        # the ROM from /usr/share/misc.  Workaround by installing it directly
+        # to a directory that it can read from. (LP: #1393548)
+        sudo rm -rf /usr/share/qemu/sgabios.bin
+        sudo cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
+    fi
 }
 
 # install_ironicclient() - Collect sources and prepare
diff --git a/tools/ironic/scripts/configure-vm b/tools/ironic/scripts/configure-vm
index 4c42c491c5..378fcb85ad 100755
--- a/tools/ironic/scripts/configure-vm
+++ b/tools/ironic/scripts/configure-vm
@@ -78,8 +78,10 @@ def main():
             params['emulator'] = "/usr/bin/qemu-kvm"
 
     if args.console_log:
+        params['bios_serial'] = ""
         params['console_log'] = CONSOLE_LOG % {'console_log': args.console_log}
     else:
+        params['bios_serial'] = ''
         params['console_log'] = ''
     libvirt_template = source_template % params
     conn = libvirt.open("qemu:///system")
diff --git a/tools/ironic/templates/vm.xml b/tools/ironic/templates/vm.xml
index 4f40334b7d..ae7d685256 100644
--- a/tools/ironic/templates/vm.xml
+++ b/tools/ironic/templates/vm.xml
@@ -6,6 +6,7 @@
     hvm
     
     
+    %(bios_serial)s
   
   
     

From 958111e188eab1023cea8a499eeb90bfe7164b23 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Mon, 17 Nov 2014 17:35:40 -0500
Subject: [PATCH 0148/3421] Add oslo.context

Treat the new oslo.context library just like the other Oslo
libraries. i.e. make it possible to either test with upstream
released library, or with git versions of oslo.context.

Change-Id: I2dc498324d6c405655a8e2e249465c5b351ca960
---
 lib/oslo | 1 +
 stackrc  | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/lib/oslo b/lib/oslo
index a20aa1450f..d00580b14a 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -23,6 +23,7 @@ set +o xtrace
 GITDIR["cliff"]=$DEST/cliff
 GITDIR["oslo.config"]=$DEST/oslo.config
 GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
+GITDIR["oslo.context"]=$DEST/oslo.context
 GITDIR["oslo.db"]=$DEST/oslo.db
 GITDIR["oslo.i18n"]=$DEST/oslo.i18n
 GITDIR["oslo.log"]=$DEST/oslo.log
diff --git a/stackrc b/stackrc
index 18e1de3b19..bd9548f730 100644
--- a/stackrc
+++ b/stackrc
@@ -279,6 +279,10 @@ GITBRANCH["oslo.concurrency"]=${OSLOCON_BRANCH:-master}
 GITREPO["oslo.config"]=${OSLOCFG_REPO:-${GIT_BASE}/openstack/oslo.config.git}
 GITBRANCH["oslo.config"]=${OSLOCFG_BRANCH:-master}
 
+# oslo.context
+GITREPO["oslo.context"]=${OSLOCTX_REPO:-${GIT_BASE}/openstack/oslo.context.git}
+GITBRANCH["oslo.context"]=${OSLOCTX_BRANCH:-master}
+
 # oslo.db
 GITREPO["oslo.db"]=${OSLODB_REPO:-${GIT_BASE}/openstack/oslo.db.git}
 GITBRANCH["oslo.db"]=${OSLODB_BRANCH:-master}

From 42373c7bfe68302922feb76015534a16d8c00bf5 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Tue, 18 Nov 2014 12:30:16 +0900
Subject: [PATCH 0149/3421] lib/dstat: Fix a comment

Apparently this file was copied from lib/apache.

Change-Id: Ie89d423ca225c697122820a1d9e859769aea9f86
---
 lib/dstat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dstat b/lib/dstat
index a2c522c02a..a6990bbca9 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -1,4 +1,4 @@
-# lib/apache
+# lib/dstat
 # Functions to start and stop dstat
 
 # Dependencies:

From 44f4e205aa81f8fdb0b47b354192b4bb44efad56 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Tue, 18 Nov 2014 13:03:08 +0900
Subject: [PATCH 0150/3421] lib/dstat: Include page stats

Add -g option for dstat.

From the man page:

       -g, --page
              enable page stats (page in, page out)

Change-Id: I865304483af0a529ea8722ed0a9f35ab350670d2
---
 lib/dstat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dstat b/lib/dstat
index a2c522c02a..3852652c8f 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -24,7 +24,7 @@ DSTAT_FILE=${DSTAT_FILE:-"dstat.txt"}
 # start_dstat() - Start running processes, including screen
 function start_dstat {
     # A better kind of sysstat, with the top process per time slice
-    DSTAT_OPTS="-tcmndrylp --top-cpu-adv"
+    DSTAT_OPTS="-tcmndrylpg --top-cpu-adv"
     if [[ -n ${SCREEN_LOGDIR} ]]; then
         screen_it dstat "cd $TOP_DIR; dstat $DSTAT_OPTS | tee $SCREEN_LOGDIR/$DSTAT_FILE"
     else

From 45ce98275c15472f0b6c92b75088064cd3763ff1 Mon Sep 17 00:00:00 2001
From: David Lyle 
Date: Thu, 11 Sep 2014 17:50:08 -0600
Subject: [PATCH 0151/3421] Moving horizon compression offline

Making the horizon scss compilation and compression happen offline.
Potentially fixing an issue with parallel compression in devstack.

Related-Bug: #1345955
Change-Id: I066c80e06a92302a3f8dc5fd45d127fbde6cf99c
---
 lib/horizon | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/horizon b/lib/horizon
index 1b53831135..872e77a040 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -99,6 +99,8 @@ function init_horizon {
     local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
     cp $HORIZON_SETTINGS $local_settings
 
+    _horizon_config_set $local_settings "" COMPRESS_OFFLINE True
+
     _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
     _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
     if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
@@ -140,6 +142,9 @@ function init_horizon {
     # and run_process
     sudo rm -f /var/log/$APACHE_NAME/horizon_*
 
+    DJANGO_SETTINGS_MODULE=openstack_dashboard.settings django-admin.py collectstatic --noinput
+    DJANGO_SETTINGS_MODULE=openstack_dashboard.settings django-admin.py compress --force
+
 }
 
 # install_django_openstack_auth() - Collect source and prepare

From 8f003ef9bf466f931cecfc5a34b51a40b2203f43 Mon Sep 17 00:00:00 2001
From: Akihiro Motoki 
Date: Tue, 18 Nov 2014 13:41:58 +0900
Subject: [PATCH 0152/3421] Use mysql in Ubuntu 12.04 (precise)

After commit 6d20f090, devstack does not work on Ubuntu 12.04
because Ubuntu 12.04 does not provide mariadb but devstack expects it.

Change-Id: Iae9a7a1c09f1fc83573c3926b3470955c244c401
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 7a444a3140..bbf2fd0861 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -142,7 +142,7 @@ EOF
     fi
     # Install mysql-server
     if is_ubuntu || is_fedora; then
-        if [[ $DISTRO =~ (rhel6) ]]; then
+        if [[ $DISTRO =~ (rhel6|precise) ]]; then
             install_package mysql-server
         else
             install_package mariadb-server

From 683ed9eeb2dedddb5053b09ded060a276bed928c Mon Sep 17 00:00:00 2001
From: lokesh 
Date: Mon, 10 Nov 2014 15:07:59 +0530
Subject: [PATCH 0153/3421] fixes cleaning up of ironic directory from /etc

Closes-Bug: 1391083

Change-Id: Ic47161ab375716cc39ee1a7dd57034782717e323
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index cf005a74d6..ffbfc727be 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -177,7 +177,7 @@ function _config_ironic_apache_wsgi {
 # cleanup_ironic() - Remove residual data files, anything left over from previous
 # runs that would need to clean up.
 function cleanup_ironic {
-    sudo rm -rf $IRONIC_AUTH_CACHE_DIR
+    sudo rm -rf $IRONIC_AUTH_CACHE_DIR $IRONIC_CONF_DIR
 }
 
 # configure_ironic_dirs() - Create all directories required by Ironic and

From 1f26c0ef61e4e37bacac68014d993df108f70296 Mon Sep 17 00:00:00 2001
From: Oleg Gashev 
Date: Tue, 18 Nov 2014 02:16:01 -0500
Subject: [PATCH 0154/3421] Fixed conditions to determine if current
 distribution is a Fedora based distribution

stack.sh line 223:
if [[ is_fedora && $DISTRO == "rhel6" ]]; then

stack.sh line 234:
if [[ is_fedora && ( $DISTRO == "rhel6" || $DISTRO == "rhel7" ) ]]; then

stack.sh line 358:
if [[ is_fedora && $DISTRO == "rhel6" ]]; then

Condition [[ is_fedora && $DISTRO == "rhel6" ]] return wrong result.
This condition is equivalent to the
[[ -n is_fedora && $DISTRO == "rhel6" ]]. First expression -n is_fedora
always not null, therefore this condition the same is
[[ $DISTRO = "rhel6" ]].

Change-Id: Ida9eaa7950554bcd2f183dede7ad19522f9ca558
Closes-Bug: #1393684
---
 stack.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/stack.sh b/stack.sh
index 7635f32298..940c4e50e9 100755
--- a/stack.sh
+++ b/stack.sh
@@ -220,7 +220,7 @@ fi
 # Some distros need to add repos beyond the defaults provided by the vendor
 # to pick up required packages.
 
-if [[ is_fedora && $DISTRO == "rhel6" ]]; then
+if is_fedora && [ $DISTRO == "rhel6" ]; then
     # Installing Open vSwitch on RHEL requires enabling the RDO repo.
     RHEL6_RDO_REPO_RPM=${RHEL6_RDO_REPO_RPM:-"http://rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm"}
     RHEL6_RDO_REPO_ID=${RHEL6_RDO_REPO_ID:-"openstack-icehouse"}
@@ -231,7 +231,7 @@ if [[ is_fedora && $DISTRO == "rhel6" ]]; then
     fi
 fi
 
-if [[ is_fedora && ( $DISTRO == "rhel6" || $DISTRO == "rhel7" ) ]]; then
+if is_fedora && [[ $DISTRO == "rhel6" || $DISTRO == "rhel7" ]]; then
     # RHEL requires EPEL for many Open Stack dependencies
 
     # note we always remove and install latest -- some environments
@@ -355,7 +355,7 @@ function echo_nolog {
     echo $@ >&3
 }
 
-if [[ is_fedora && $DISTRO == "rhel6" ]]; then
+if is_fedora && [ $DISTRO == "rhel6" ]; then
     # poor old python2.6 doesn't have argparse by default, which
     # outfilter.py uses
     is_package_installed python-argparse || install_package python-argparse

From 9f20ea13826234ac2c508ea1d50a0822b68d42dc Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 17 Nov 2014 15:14:49 -0500
Subject: [PATCH 0155/3421] make run_tests.sh run devstack unit tests

run_tests.sh was created as an entry point for bashate. We stopped
using it now that we know how to run bashate directly in the gate.
We lost running an unrelated bashate test when that happened.

Devstack does have unit tests. We don't run them. We should.
Especially when working on things like the LIBS_FROM_GIT which is
sufficiently tricky that we really need to add unit tests to ensure
that we don't break it.

Change-Id: Ife067855569e2eae4c085471d326e8086de37332
---
 run_tests.sh       | 45 ++++++++-------------------------------------
 tests/test_refs.sh | 24 ++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 37 deletions(-)
 create mode 100755 tests/test_refs.sh

diff --git a/run_tests.sh b/run_tests.sh
index bf90332698..3ba7e1023d 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -18,47 +18,18 @@
 PASSES=""
 FAILURES=""
 
-# Check the return code and add the test to PASSES or FAILURES as appropriate
-# pass_fail   
-function pass_fail {
-    local result=$1
-    local expected=$2
-    local test_name=$3
+# Test that no one is trying to land crazy refs as branches
 
-    if [[ $result -ne $expected ]]; then
-        FAILURES="$FAILURES $test_name"
+for testfile in tests/test_*.sh; do
+    $testfile
+    if [[ $? -eq 0 ]]; then
+        PASSES="$PASSES $testfile"
     else
-        PASSES="$PASSES $test_name"
+        FAILURES="$FAILURES $testfile"
     fi
-}
-
-if [[ -n $@ ]]; then
-    FILES=$@
-else
-    LIBS=`find lib -type f | grep -v \.md`
-    SCRIPTS=`find . -type f -name \*\.sh`
-    EXTRA="functions functions-common stackrc openrc exerciserc eucarc"
-    FILES="$SCRIPTS $LIBS $EXTRA"
-fi
-
-echo "Running bash8..."
-
-tox -ebashate
-pass_fail $? 0 bash8
-
-
-# Test that no one is trying to land crazy refs as branches
-
-echo "Ensuring we don't have crazy refs"
-
-REFS=`grep BRANCH stackrc | grep -v -- '-master'`
-rc=$?
-pass_fail $rc 1 crazy-refs
-if [[ $rc -eq 0 ]]; then
-    echo "Branch defaults must be master. Found:"
-    echo $REFS
-fi
+done
 
+# Summary display now that all is said and done
 echo "====================================================================="
 for script in $PASSES; do
     echo PASS $script
diff --git a/tests/test_refs.sh b/tests/test_refs.sh
new file mode 100755
index 0000000000..bccca5dff7
--- /dev/null
+++ b/tests/test_refs.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+echo "Ensuring we don't have crazy refs"
+
+REFS=`grep BRANCH stackrc | grep -v -- '-master'`
+rc=$?
+if [[ $rc -eq 0 ]]; then
+    echo "Branch defaults must be master. Found:"
+    echo $REFS
+    exit 1
+fi

From 07d7e5b1f9b2201da006201f99a9b357a45b9b37 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 17 Nov 2014 07:10:14 -0500
Subject: [PATCH 0156/3421] add LIBS_FROM_GIT to docs

Also reformat common configuration variables to have an additional
header level which makes it easy to direct link to specific
configuration vars when directing someone.

Reformat header markup to us a more standard == = - for h1, h2, h3

Change-Id: I10bac5a93529cdfbcde0a05f9ebdbc1799d403cd
---
 doc/source/configuration.rst | 68 +++++++++++++++++++++++++++++-------
 stackrc                      | 13 +++++++
 2 files changed, 69 insertions(+), 12 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index a4d940d762..869908fa81 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -22,7 +22,7 @@ simplify this process and meet the following goals:
 -  allow settings in arbitrary configuration files to be changed
 
 local.conf
-~~~~~~~~~~
+==========
 
 The new configuration file is ``local.conf`` and resides in the root
 DevStack directory like the old ``localrc`` file. It is a modified INI
@@ -96,7 +96,7 @@ fragment amd MUST conform to the shell requirements, specifically no
 whitespace around ``=`` (equals).
 
 Minimal Configuration
-~~~~~~~~~~~~~~~~~~~~~
+=====================
 
 While ``stack.sh`` is happy to run without a ``localrc`` section in
 ``local.conf``, devlife is better when there are a few minimal variables
@@ -136,9 +136,11 @@ available for ``openrc`` to set ``OS_AUTH_URL``. ``HOST_IP`` is not set
 by default.
 
 Common Configuration Variables
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+==============================
+
+Installation Directory
+----------------------
 
-Set DevStack install directory
     | *Default: ``DEST=/opt/stack``*
     |  The DevStack install directory is set by the ``DEST`` variable.
     |  By setting it early in the ``localrc`` section you can reference it
@@ -150,7 +152,27 @@ Set DevStack install directory
 
         DEST=/opt/stack
 
-stack.sh logging
+Libraries from Git
+------------------
+
+   | *Default: ``LIBS_FROM_GIT=""``*
+
+   | By default devstack installs OpenStack server components from
+     git, however it installs client libraries from released versions
+     on pypi. This is appropriate if you are working on server
+     development, but if you want to see how an unreleased version of
+     the client affects the system you can have devstack install it
+     from upstream, or from local git trees.
+   | Multiple libraries can be specified as a comma separated list.
+   |
+
+   ::
+
+      LIBS_FROM_GIT=python-keystoneclient,oslo.config
+
+Enable Logging
+--------------
+
     | *Defaults: ``LOGFILE="" LOGDAYS=7 LOG_COLOR=True``*
     |  By default ``stack.sh`` output is only written to the console
        where is runs. It can be sent to a file in addition to the console
@@ -178,7 +200,9 @@ stack.sh logging
 
         LOG_COLOR=False
 
-Screen logging
+Logging the Screen Output
+-------------------------
+
     | *Default: ``SCREEN_LOGDIR=""``*
     |  By default DevStack runs the OpenStack services using ``screen``
        which is useful for watching log and debug output. However, in
@@ -196,7 +220,9 @@ Screen logging
     *Note the use of ``DEST`` to locate the main install directory; this
     is why we suggest setting it in ``local.conf``.*
 
-One syslog to bind them all
+Enabling Syslog
+---------------
+
     | *Default: ``SYSLOG=False SYSLOG_HOST=$HOST_IP SYSLOG_PORT=516``*
     |  Logging all services to a single syslog can be convenient. Enable
        syslogging by setting ``SYSLOG`` to ``True``. If the destination log
@@ -211,6 +237,8 @@ One syslog to bind them all
         SYSLOG_PORT=516
 
 A clean install every time
+--------------------------
+
     | *Default: ``RECLONE=""``*
     |  By default ``stack.sh`` only clones the project repos if they do
        not exist in ``$DEST``. ``stack.sh`` will freshen each repo on each
@@ -222,10 +250,18 @@ A clean install every time
 
         RECLONE=yes
 
-                    Swift
-                    Default: SWIFT_HASH="" SWIFT_REPLICAS=1 SWIFT_DATA_DIR=$DEST/data/swift
-                    Swift is now used as the back-end for the S3-like object store.  When enabled Nova's objectstore (n-obj in ENABLED_SERVICES) is automatically disabled. Enable Swift by adding it services to ENABLED_SERVICES:
-                    enable_service s-proxy s-object s-container s-account
+Swift
+-----
+
+    | Default: SWIFT_HASH=""
+    | SWIFT_REPLICAS=1
+    | SWIFT_DATA_DIR=$DEST/data/swift
+
+    | Swift is now used as the back-end for the S3-like object store.
+      When enabled Nova's objectstore (n-obj in ENABLED_SERVICES) is
+      automatically disabled. Enable Swift by adding it services to
+      ENABLED_SERVICES: enable_service s-proxy s-object s-container
+      s-account
 
     Setting Swift's hash value is required and you will be prompted for
     it if Swift is enabled so just set it to something already:
@@ -259,6 +295,8 @@ A clean install every time
     work correctly.*
 
 Service Catalog Backend
+-----------------------
+
     | *Default: ``KEYSTONE_CATALOG_BACKEND=sql``*
     |  DevStack uses Keystone's ``sql`` service catalog backend. An
        alternate ``template`` backend is also available. However, it does
@@ -274,6 +312,8 @@ Service Catalog Backend
     ``files/keystone_data.sh``
 
 Cinder
+------
+
     | Default:
     | VOLUME_GROUP="stack-volumes" VOLUME_NAME_PREFIX="volume-" VOLUME_BACKING_FILE_SIZE=10250M
     |  The logical volume group used to hold the Cinder-managed volumes
@@ -289,6 +329,8 @@ Cinder
         VOLUME_BACKING_FILE_SIZE=10250M
 
 Multi-host DevStack
+-------------------
+
     | *Default: ``MULTI_HOST=False``*
     |  Running DevStack with multiple hosts requires a custom
        ``local.conf`` section for each host. The master is the same as a
@@ -311,6 +353,8 @@ Multi-host DevStack
         ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
 
 API rate limits
+---------------
+
     | Default: ``API_RATE_LIMIT=True``
     | Integration tests such as Tempest will likely run afoul of the
       default rate limits configured for Nova. Turn off rate limiting
@@ -322,7 +366,7 @@ API rate limits
         API_RATE_LIMIT=False
 
 Examples
-~~~~~~~~
+========
 
 -  Eliminate a Cinder pass-through (``CINDER_PERIODIC_INTERVAL``):
 
diff --git a/stackrc b/stackrc
index 18e1de3b19..b1a9e20a97 100644
--- a/stackrc
+++ b/stackrc
@@ -134,6 +134,19 @@ REQUIREMENTS_MODE=${REQUIREMENTS_MODE:-strict}
 # Another option is https://git.openstack.org
 GIT_BASE=${GIT_BASE:-git://git.openstack.org}
 
+# Which libraries should we install from git instead of using released
+# versions on pypi?
+#
+# By default devstack is now installing libraries from pypi instead of
+# from git repositories by default. This works great if you are
+# developing server components, but if you want to develop libraries
+# and see them live in devstack you need to tell devstack it should
+# install them from git.
+#
+# ex: LIBS_FROM_GIT=python-keystoneclient,oslo.config
+#
+# Will install those 2 libraries from git, the rest from pypi.
+
 ##############
 #
 #  OpenStack Server Components

From 3293046d3091e7017beafe92bfe361e6d204bfb1 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 18 Nov 2014 06:51:16 -0500
Subject: [PATCH 0157/3421] use a more common rst header hiearchy

While rst doesn't actually care about the order of headers, reviewers
sometimes do. And the build in emacs mode has a certain order
specified that it can easily rotate between.

Standardize on == h1, = h2, - h3, ~ h4 in the code.

Change-Id: I80ff6df6ef0703a3c3005809069428018bb355d4
---
 doc/source/changes.rst               |  2 +-
 doc/source/contributing.rst          | 12 ++++-----
 doc/source/faq.rst                   |  6 ++---
 doc/source/guides/multinode-lab.rst  | 40 ++++++++++++++--------------
 doc/source/guides/single-machine.rst | 16 +++++------
 doc/source/guides/single-vm.rst      | 14 +++++-----
 doc/source/overview.rst              | 18 ++++++-------
 doc/source/plugins.rst               |  4 +--
 8 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/doc/source/changes.rst b/doc/source/changes.rst
index f4a326d60e..7b753753e5 100644
--- a/doc/source/changes.rst
+++ b/doc/source/changes.rst
@@ -3,7 +3,7 @@ Changes
 =======
 
 Recent Changes What's been happening?
--------------------------------------
+=====================================
 
 These are the commits to DevStack for the last six months. For the
 complete list see `the DevStack project in
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index 7ca3d64afd..8c9e6584ec 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -10,9 +10,9 @@ License Agreement (CLA). If you have already done that for another
 OpenStack project you are good to go.
 
 Things To Know
-~~~~~~~~~~~~~~
+==============
 
-| 
+|
 | **Where Things Are**
 
 The official DevStack repository is located at
@@ -30,7 +30,7 @@ queue `__
 is, however, used for all commits except for the text of this website.
 That should also change in the near future.
 
-| 
+|
 | **HACKING.rst**
 
 Like most OpenStack projects, DevStack includes a ``HACKING.rst`` file
@@ -38,7 +38,7 @@ that describes the layout, style and conventions of the project. Because
 ``HACKING.rst`` is in the main DevStack repo it is considered
 authoritative. Much of the content on this page is taken from there.
 
-| 
+|
 | **bashate Formatting**
 
 Around the time of the OpenStack Havana release we added a tool to do
@@ -51,9 +51,9 @@ the script pages for devstack.org and possibly even simple code
 formatting. Run it on the entire project with ``./run_tests.sh``.
 
 Code
-~~~~
+====
 
-| 
+|
 | **Repo Layout**
 
 The DevStack repo generally keeps all of the primary scripts at the root
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index b7943ba130..f39471cb4e 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -7,7 +7,7 @@ FAQ
 -  `Miscellaneous <#misc>`__
 
 General Questions
-~~~~~~~~~~~~~~~~~
+=================
 
 Q: Can I use DevStack for production?
     A: No. We mean it. Really. DevStack makes some implementation
@@ -77,7 +77,7 @@ Q: How about RHEL 6?
     is valuable so we do it...
 
 Operation and Configuration
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+===========================
 
 Q: Can DevStack handle a multi-node installation?
     A: Indirectly, yes. You run DevStack on each node with the
@@ -157,7 +157,7 @@ Q: Why are my configuration changes ignored?
     ``FORCE_PREREQ=1`` and the package checks will never be skipped.
 
 Miscellaneous
-~~~~~~~~~~~~~
+=============
 
 Q: ``tools/fixup_stuff.sh`` is broken and shouldn't 'fix' just one version of packages.
     A: [Another not-a-question] No it isn't. Stuff in there is to
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 4c60b6a745..44601d8713 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -6,10 +6,10 @@ Here is OpenStack in a realistic test configuration with multiple
 physical servers.
 
 Prerequisites Linux & Network
------------------------------
+=============================
 
 Minimal Install
-~~~~~~~~~~~~~~~
+---------------
 
 You need to have a system with a fresh install of Linux. You can
 download the `Minimal
@@ -27,7 +27,7 @@ Install a couple of packages to bootstrap configuration:
     apt-get install -y git sudo || yum install -y git sudo
 
 Network Configuration
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
 The first iteration of the lab uses OpenStack's FlatDHCP network
 controller so only a single network will be required. It should be on
@@ -60,10 +60,10 @@ For Fedora and CentOS/RHEL edit
     GATEWAY=192.168.42.1
 
 Installation shake and bake
----------------------------
+===========================
 
 Add the DevStack User
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
 OpenStack runs as a non-root user that has sudo access to root. There is
 nothing special about the name, we'll use ``stack`` here. Every node
@@ -88,7 +88,7 @@ From here on use the ``stack`` user. **Logout** and **login** as the
 ``stack`` user.
 
 Set Up Ssh
-~~~~~~~~~~
+----------
 
 Set up the stack user on each node with an ssh key for access:
 
@@ -98,7 +98,7 @@ Set up the stack user on each node with an ssh key for access:
     echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyYjfgyPazTvGpd8OaAvtU2utL8W6gWC4JdRS1J95GhNNfQd657yO6s1AH5KYQWktcE6FO/xNUC2reEXSGC7ezy+sGO1kj9Limv5vrvNHvF1+wts0Cmyx61D2nQw35/Qz8BvpdJANL7VwP/cFI/p3yhvx2lsnjFE3hN8xRB2LtLUopUSVdBwACOVUmH2G+2BWMJDjVINd2DPqRIA4Zhy09KJ3O1Joabr0XpQL0yt/I9x8BVHdAx6l9U0tMg9dj5+tAjZvMAFfye3PJcYwwsfJoFxC8w/SLtqlFX7Ehw++8RtvomvuipLdmWCy+T9hIkl+gHYE4cS3OIqXH7f49jdJf jesse@spacey.local" > ~/.ssh/authorized_keys
 
 Download DevStack
-~~~~~~~~~~~~~~~~~
+-----------------
 
 Grab the latest version of DevStack:
 
@@ -112,7 +112,7 @@ From here on there are some differences between the cluster controller
 (aka 'head node') and the compute nodes.
 
 Configure Cluster Controller
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+----------------------------
 
 The cluster controller runs all OpenStack services. Configure the
 cluster controller's DevStack in ``local.conf``:
@@ -153,7 +153,7 @@ to poke at your shiny new OpenStack. The most recent log file is
 available in ``stack.sh.log``.
 
 Configure Compute Nodes
-~~~~~~~~~~~~~~~~~~~~~~~
+-----------------------
 
 The compute nodes only run the OpenStack worker services. For additional
 machines, create a ``local.conf`` with:
@@ -196,7 +196,7 @@ to poke at your shiny new OpenStack. The most recent log file is
 available in ``stack.sh.log``.
 
 Cleaning Up After DevStack
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+--------------------------
 
 Shutting down OpenStack is now as simple as running the included
 ``unstack.sh`` script:
@@ -223,10 +223,10 @@ this when it runs but there are times it needs to still be done by hand:
     sudo virsh list | grep inst | awk '{print $1}' | xargs -n1 virsh destroy
 
 Options pimp your stack
------------------------
+=======================
 
 Additional Users
-~~~~~~~~~~~~~~~~
+----------------
 
 DevStack creates two OpenStack users (``admin`` and ``demo``) and two
 tenants (also ``admin`` and ``demo``). ``admin`` is exactly what it
@@ -242,7 +242,7 @@ for scripting:
 
     # Get admin creds
     . openrc admin admin
-            
+
     # List existing tenants
     keystone tenant-list
 
@@ -260,7 +260,7 @@ for scripting:
     # keystone role-list
 
 Swift
-~~~~~
+-----
 
 Swift requires a significant amount of resources and is disabled by
 default in DevStack. The support in DevStack is geared toward a minimal
@@ -280,7 +280,7 @@ Swift config files are located in ``SWIFT_CONFIG_DIR`` (default
 it...) ``local.conf``.
 
 Volumes
-~~~~~~~
+-------
 
 DevStack will automatically use an existing LVM volume group named
 ``stack-volumes`` to store cloud-created volumes. If ``stack-volumes``
@@ -305,7 +305,7 @@ involved but looks something like this:
     vgcreate stack-volumes /dev/sdc
 
 Syslog
-~~~~~~
+------
 
 DevStack is capable of using ``rsyslog`` to aggregate logging across the
 cluster. It is off by default; to turn it on set ``SYSLOG=True`` in
@@ -319,7 +319,7 @@ output there. In the example above, add this to the compute node
     SYSLOG_HOST=192.168.42.11
 
 Using Alternate Repositories/Branches
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-------------------------------------
 
 The git repositories for all of the OpenStack services are defined in
 ``stackrc``. Since this file is a part of the DevStack package changes
@@ -349,10 +349,10 @@ To pull Glance from an experimental fork:
     GLANCE_REPO=https://github.com/mcuser/glance.git
 
 Notes stuff you might need to know
-----------------------------------
+==================================
 
 Reset the Bridge
-~~~~~~~~~~~~~~~~
+----------------
 
 How to reset the bridge configuration:
 
@@ -363,7 +363,7 @@ How to reset the bridge configuration:
     sudo brctl delbr br100
 
 Set MySQL Password
-~~~~~~~~~~~~~~~~~~
+------------------
 
 If you forgot to set the root password you can do this:
 
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index a7a1099bc7..17e9b9e153 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -7,10 +7,10 @@ nice for kicking the tires, but doesn't compare to the feeling you get
 with hardware.
 
 Prerequisites Linux & Network
------------------------------
+=============================
 
 Minimal Install
-~~~~~~~~~~~~~~~
+---------------
 
 You need to have a system with a fresh install of Linux. You can
 download the `Minimal
@@ -25,7 +25,7 @@ work but you may need to tell Network Manager to keep its fingers off
 the interface(s) that OpenStack uses for bridging.
 
 Network Configuration
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
 Determine the network configuration on the interface used to integrate
 your OpenStack cloud with your existing network. For example, if the IPs
@@ -36,10 +36,10 @@ To make things easier later change your host to use a static IP instead
 of DHCP (i.e. 192.168.1.201).
 
 Installation shake and bake
----------------------------
+===========================
 
 Add your user
-~~~~~~~~~~~~~
+-------------
 
 We need to add a user to install DevStack. (if you created a user during
 install you can skip this step and just give the user sudo privileges
@@ -61,7 +61,7 @@ From here on you should use the user you created. **Logout** and
 **login** as that user.
 
 Download DevStack
-~~~~~~~~~~~~~~~~~
+-----------------
 
 We'll grab the latest version of DevStack via https:
 
@@ -72,7 +72,7 @@ We'll grab the latest version of DevStack via https:
     cd devstack
 
 Run DevStack
-~~~~~~~~~~~~
+------------
 
 Now to configure ``stack.sh``. DevStack includes a sample in
 ``devstack/samples/local.conf``. Create ``local.conf`` as shown below to
@@ -120,7 +120,7 @@ see a summary of ``stack.sh``'s work, including the relevant URLs,
 accounts and passwords to poke at your shiny new OpenStack.
 
 Using OpenStack
-~~~~~~~~~~~~~~~
+---------------
 
 At this point you should be able to access the dashboard from other
 computers on the local network. In this example that would be
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index ef59953eb6..a41c4e14f1 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -9,16 +9,16 @@ launched in the cloud will be slow as they are running in QEMU
 operation. Speed not required.
 
 Prerequisites Cloud & Image
----------------------------
+===========================
 
 Virtual Machine
-~~~~~~~~~~~~~~~
+---------------
 
 DevStack should run in any virtual machine running a supported Linux
 release. It will perform best with 2Gb or more of RAM.
 
 OpenStack Deployment & cloud-init
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+---------------------------------
 
 If the cloud service has an image with ``cloud-init`` pre-installed, use
 it. You can get one from `Ubuntu's Daily
@@ -33,10 +33,10 @@ can manually kick off the script below as a non-root user in a
 bare-bones server installation.
 
 Installation shake and bake
----------------------------
+===========================
 
 Launching With Cloud-Init
-~~~~~~~~~~~~~~~~~~~~~~~~~
+-------------------------
 
 This cloud config grabs the latest version of DevStack via git, creates
 a minimal ``local.conf`` file and kicks off ``stack.sh``. It should be
@@ -79,13 +79,13 @@ As DevStack will refuse to run as root, this configures ``cloud-init``
 to create a non-root user and run the ``start.sh`` script as that user.
 
 Launching By Hand
-~~~~~~~~~~~~~~~~~
+-----------------
 
 Using a hypervisor directly, launch the VM and either manually perform
 the steps in the embedded shell script above or copy it into the VM.
 
 Using OpenStack
-~~~~~~~~~~~~~~~
+---------------
 
 At this point you should be able to access the dashboard. Launch VMs and
 if you give them floating IPs access those VMs from other machines on
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index 40782403fa..23ccf27d0a 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -13,10 +13,10 @@ Below is a list of what is specifically is supported (read that as
 "tested") going forward.
 
 Supported Components
---------------------
+====================
 
 Base OS
-~~~~~~~
+-------
 
 *The OpenStack Technical Committee (TC) has defined the current CI
 strategy to include the latest Ubuntu release and the latest RHEL
@@ -33,7 +33,7 @@ release (for Python 2.6 testing).*
    side-effects on other OS platforms.
 
 Databases
-~~~~~~~~~
+---------
 
 *As packaged by the host OS*
 
@@ -41,7 +41,7 @@ Databases
 -  PostgreSQL
 
 Queues
-~~~~~~
+------
 
 *As packaged by the host OS*
 
@@ -49,14 +49,14 @@ Queues
 -  Qpid
 
 Web Server
-~~~~~~~~~~
+----------
 
 *As packaged by the host OS*
 
 -  Apache
 
 OpenStack Network
-~~~~~~~~~~~~~~~~~
+-----------------
 
 *Default to Nova Network, optionally use Neutron*
 
@@ -65,7 +65,7 @@ OpenStack Network
    mode using linuxbridge or OpenVSwitch.
 
 Services
-~~~~~~~~
+--------
 
 The default services configured by DevStack are Identity (Keystone),
 Object Storage (Swift), Image Storage (Glance), Block Storage (Cinder),
@@ -77,14 +77,14 @@ Additional services not included directly in DevStack can be tied in to
 scripts that perform the configuration and startup of the service.
 
 Node Configurations
-~~~~~~~~~~~~~~~~~~~
+-------------------
 
 -  single node
 -  multi-node is not tested regularly by the core team, and even then
    only minimal configurations are reviewed
 
 Exercises
-~~~~~~~~~
+---------
 
 The DevStack exercise scripts are no longer used as integration and gate
 testing as that job has transitioned to Tempest. They are still
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index b4136c4653..485cd0f04e 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -6,7 +6,7 @@ DevStack has a couple of plugin mechanisms to allow easily adding
 support for additional projects and features.
 
 Extras.d Hooks
-~~~~~~~~~~~~~~
+==============
 
 These hooks are an extension of the service calls in
 ``stack.sh`` at specific points in its run, plus ``unstack.sh`` and
@@ -93,7 +93,7 @@ The arguments are:
    but after ``unstack.sh`` has been called.
 
 Hypervisor
-~~~~~~~~~~
+==========
 
 Hypervisor plugins are fairly new and condense most hypervisor
 configuration into one place.

From 91b229058cd8204d0c3a038d24aa09d1baadef2f Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 18 Nov 2014 07:13:35 -0500
Subject: [PATCH 0158/3421] apparently the upstream naming is tempest-lib

tempest_lib was how this was generally referred to, however that meant
that the job naming wasn't specifying the correctly src
library. Change to tempest-lib to actually test these things before
release.

Change-Id: I4c0712156d7ff71ee43747f30ab940e249d12ebc
---
 lib/tempest | 8 ++++----
 stackrc     | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 9e025a1096..e903ec3bc1 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -45,7 +45,7 @@ set +o xtrace
 # --------
 
 # Set up default directories
-GITDIR["tempest_lib"]=$DEST/tempest-lib
+GITDIR["tempest-lib"]=$DEST/tempest-lib
 
 TEMPEST_DIR=$DEST/tempest
 TEMPEST_CONFIG_DIR=${TEMPEST_CONFIG_DIR:-$TEMPEST_DIR/etc}
@@ -446,9 +446,9 @@ function create_tempest_accounts {
 
 # install_tempest_lib() - Collect source, prepare, and install tempest-lib
 function install_tempest_lib {
-    if use_library_from_git "tempest_lib"; then
-        git_clone_by_name "tempest_lib"
-        setup_develop "tempest_lib"
+    if use_library_from_git "tempest-lib"; then
+        git_clone_by_name "tempest-lib"
+        setup_develop "tempest-lib"
     fi
 }
 
diff --git a/stackrc b/stackrc
index 18e1de3b19..8497f0f627 100644
--- a/stackrc
+++ b/stackrc
@@ -203,8 +203,8 @@ TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git}
 TEMPEST_BRANCH=${TEMPEST_BRANCH:-master}
 
 # TODO(sdague): this should end up as a library component like below
-GITREPO["tempest_lib"]=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git}
-GITBRANCH["tempest_lib"]=${TEMPEST_LIB_BRANCH:-master}
+GITREPO["tempest-lib"]=${TEMPEST_LIB_REPO:-${GIT_BASE}/openstack/tempest-lib.git}
+GITBRANCH["tempest-lib"]=${TEMPEST_LIB_BRANCH:-master}
 
 
 ##############

From d591a25e424ea8cec4d67854fcce236671210139 Mon Sep 17 00:00:00 2001
From: Steven Hardy 
Date: Mon, 27 Oct 2014 17:22:17 +0000
Subject: [PATCH 0159/3421] Add support for tuskar-api service

Adds initial support for configuring and starting the tuskar-api
service.

To enable, add the following to your localrc:

enable_service tuskar
enable_service tuskar-api

The aim of this addition is to provide a more accessible (non devtest)
way for developers to run up tuskar in a familiar devstack environment.

See the official repos for more information:
https://github.com/openstack/tuskar/
https://github.com/openstack/python-tuskarclient

Change-Id: Id0c3c0d3a38100c66dbe6e3adf1f715162f99742
---
 doc/source/index.rst  |   1 +
 extras.d/70-tuskar.sh | 205 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 206 insertions(+)
 create mode 100644 extras.d/70-tuskar.sh

diff --git a/doc/source/index.rst b/doc/source/index.rst
index dbefdec144..17499c520d 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -165,6 +165,7 @@ Scripts
 * `extras.d/60-ceph.sh `__
 * `extras.d/70-sahara.sh `__
 * `extras.d/70-trove.sh `__
+* `extras.d/70-tuskar.sh `__
 * `extras.d/70-zaqar.sh `__
 * `extras.d/80-opendaylight.sh `__
 * `extras.d/80-tempest.sh `__
diff --git a/extras.d/70-tuskar.sh b/extras.d/70-tuskar.sh
new file mode 100644
index 0000000000..e77c504db0
--- /dev/null
+++ b/extras.d/70-tuskar.sh
@@ -0,0 +1,205 @@
+# Install and start the **Tuskar** service
+#
+# To enable, add the following to your localrc
+#
+# enable_service tuskar
+# enable_service tuskar-api
+
+
+if is_service_enabled tuskar; then
+    if [[ "$1" == "source" ]]; then
+        # Initial source, do nothing as functions sourced
+        # are below rather than in lib/tuskar
+        echo_summary "source extras tuskar"
+    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
+        echo_summary "Installing Tuskar"
+        install_tuskarclient
+        install_tuskar
+    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
+        echo_summary "Configuring Tuskar"
+        configure_tuskar
+        configure_tuskarclient
+
+        if is_service_enabled key; then
+            create_tuskar_accounts
+        fi
+
+    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+        echo_summary "Initializing Tuskar"
+        init_tuskar
+        start_tuskar
+    fi
+
+    if [[ "$1" == "unstack" ]]; then
+        stop_tuskar
+    fi
+fi
+
+# library code (equivalent to lib/tuskar)
+# ---------
+# - install_tuskarclient
+# - install_tuskar
+# - configure_tuskarclient
+# - configure_tuskar
+# - init_tuskar
+# - start_tuskar
+# - stop_tuskar
+# - cleanup_tuskar
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+# tuskar repos
+TUSKAR_REPO=${TUSKAR_REPO:-${GIT_BASE}/openstack/tuskar.git}
+TUSKAR_BRANCH=${TUSKAR_BRANCH:-master}
+
+TUSKARCLIENT_REPO=${TUSKARCLIENT_REPO:-${GIT_BASE}/openstack/python-tuskarclient.git}
+TUSKARCLIENT_BRANCH=${TUSKARCLIENT_BRANCH:-master}
+
+# set up default directories
+TUSKAR_DIR=$DEST/tuskar
+TUSKARCLIENT_DIR=$DEST/python-tuskarclient
+TUSKAR_AUTH_CACHE_DIR=${TUSKAR_AUTH_CACHE_DIR:-/var/cache/tuskar}
+TUSKAR_STANDALONE=`trueorfalse False $TUSKAR_STANDALONE`
+TUSKAR_CONF_DIR=/etc/tuskar
+TUSKAR_CONF=$TUSKAR_CONF_DIR/tuskar.conf
+TUSKAR_API_HOST=${TUSKAR_API_HOST:-$HOST_IP}
+TUSKAR_API_PORT=${TUSKAR_API_PORT:-8585}
+
+# Tell Tempest this project is present
+TEMPEST_SERVICES+=,tuskar
+
+# Functions
+# ---------
+
+# Test if any Tuskar services are enabled
+# is_tuskar_enabled
+function is_tuskar_enabled {
+    [[ ,${ENABLED_SERVICES} =~ ,"tuskar-" ]] && return 0
+    return 1
+}
+
+# cleanup_tuskar() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_tuskar {
+    sudo rm -rf $TUSKAR_AUTH_CACHE_DIR
+}
+
+# configure_tuskar() - Set config files, create data dirs, etc
+function configure_tuskar {
+    setup_develop $TUSKAR_DIR
+
+    if [[ ! -d $TUSKAR_CONF_DIR ]]; then
+        sudo mkdir -p $TUSKAR_CONF_DIR
+    fi
+    sudo chown $STACK_USER $TUSKAR_CONF_DIR
+    # remove old config files
+    rm -f $TUSKAR_CONF_DIR/tuskar-*.conf
+
+    TUSKAR_POLICY_FILE=$TUSKAR_CONF_DIR/policy.json
+
+    cp $TUSKAR_DIR/etc/tuskar/policy.json $TUSKAR_POLICY_FILE
+    cp $TUSKAR_DIR/etc/tuskar/tuskar.conf.sample $TUSKAR_CONF
+
+    # common options
+    iniset $TUSKAR_CONF database connection `database_connection_url tuskar`
+
+    # logging
+    iniset $TUSKAR_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $TUSKAR_CONF DEFAULT use_syslog $SYSLOG
+    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+        # Add color to logging output
+        setup_colorized_logging $TUSKAR_CONF DEFAULT tenant user
+    fi
+
+    configure_auth_token_middleware $TUSKAR_CONF tuskar $TUSKAR_AUTH_CACHE_DIR
+
+    if is_ssl_enabled_service "key"; then
+        iniset $TUSKAR_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
+    fi
+
+    iniset $TUSKAR_CONF tuskar_api bind_port $TUSKAR_API_PORT
+
+}
+
+# init_tuskar() - Initialize database
+function init_tuskar {
+
+    # (re)create tuskar database
+    recreate_database tuskar utf8
+
+    tuskar-dbsync --config-file $TUSKAR_CONF
+    create_tuskar_cache_dir
+}
+
+# create_tuskar_cache_dir() - Part of the init_tuskar() process
+function create_tuskar_cache_dir {
+    # Create cache dirs
+    sudo mkdir -p $TUSKAR_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $TUSKAR_AUTH_CACHE_DIR
+}
+
+# install_tuskarclient() - Collect source and prepare
+function install_tuskarclient {
+    git_clone $TUSKARCLIENT_REPO $TUSKARCLIENT_DIR $TUSKARCLIENT_BRANCH
+    setup_develop $TUSKARCLIENT_DIR
+}
+
+# configure_tuskarclient() - Set config files, create data dirs, etc
+function configure_tuskarclient {
+    setup_develop $TUSKARCLIENT_DIR
+}
+
+# install_tuskar() - Collect source and prepare
+function install_tuskar {
+    git_clone $TUSKAR_REPO $TUSKAR_DIR $TUSKAR_BRANCH
+}
+
+# start_tuskar() - Start running processes, including screen
+function start_tuskar {
+    run_process tuskar-api "tuskar-api --config-file=$TUSKAR_CONF"
+}
+
+# stop_tuskar() - Stop running processes
+function stop_tuskar {
+    # Kill the screen windows
+    local serv
+    for serv in tuskar-api; do
+        stop_process $serv
+    done
+}
+
+# create_tuskar_accounts() - Set up common required tuskar accounts
+function create_tuskar_accounts {
+    # migrated from files/keystone_data.sh
+    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
+
+    local tuskar_user=$(get_or_create_user "tuskar" \
+        "$SERVICE_PASSWORD" $service_tenant)
+    get_or_add_user_role $admin_role $tuskar_user $service_tenant
+
+    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+
+        local tuskar_service=$(get_or_create_service "tuskar" \
+                "management" "Tuskar Management Service")
+        get_or_create_endpoint $tuskar_service \
+            "$REGION_NAME" \
+            "$SERVICE_PROTOCOL://$TUSKAR_API_HOST:$TUSKAR_API_PORT" \
+            "$SERVICE_PROTOCOL://$TUSKAR_API_HOST:$TUSKAR_API_PORT" \
+            "$SERVICE_PROTOCOL://$TUSKAR_API_HOST:$TUSKAR_API_PORT"
+    fi
+}
+
+# Restore xtrace
+$XTRACE
+
+# Tell emacs to use shell-script-mode
+## Local variables:
+## mode: shell-script
+## End:

From 4b45fca7bb3ad93d7ee3fb0f121eb715798044f4 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Mon, 17 Nov 2014 09:59:23 -0800
Subject: [PATCH 0160/3421] Do not hardcode ironic svc port, protocol

The Ironic API server's port and protocol are hardcoded in various
places.  This updates the ironic bits to use configured values instead
and fixes a bug around iptables rule creationl.

Change-Id: I1ace68affff3afdbc0058be4d32f8044a24e9338
Closes-bug: #1393498
---
 lib/ironic                         | 12 +++++++-----
 lib/nova_plugins/hypervisor-ironic |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index a56ab7ae65..30ae9e9500 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -104,7 +104,8 @@ IRONIC_BIN_DIR=$(get_python_exec_prefix)
 
 # Ironic connection info.  Note the port must be specified.
 IRONIC_SERVICE_PROTOCOL=http
-IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:6385}
+IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385}
+IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT}
 
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,ironic
@@ -277,6 +278,7 @@ function configure_ironic_api {
     iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
     configure_auth_token_middleware $IRONIC_CONF_FILE ironic $IRONIC_AUTH_CACHE_DIR/api
     iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT
+    iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT
 
     cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON
 }
@@ -298,7 +300,7 @@ function configure_ironic_conductor {
 
     iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
     iniset $IRONIC_CONF_FILE DEFAULT enabled_drivers $IRONIC_ENABLED_DRIVERS
-    iniset $IRONIC_CONF_FILE conductor api_url http://$HOST_IP:6385
+    iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$HOST_IP:$IRONIC_SERVICE_PORT
     iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
     iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
     iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
@@ -419,7 +421,7 @@ function start_ironic {
 function start_ironic_api {
     run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE"
     echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..."
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$IRONIC_HOSTPORT; do sleep 1; done"; then
+    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT; do sleep 1; done"; then
         die $LINENO "ir-api did not start"
     fi
 }
@@ -586,7 +588,7 @@ function configure_iptables {
     sudo modprobe nf_nat_tftp
     # nodes boot from TFTP and callback to the API server listening on $HOST_IP
     sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
-    sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HOSTPORT -j ACCEPT || true
+    sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
     if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
         # agent ramdisk gets instance image from swift
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
@@ -748,7 +750,7 @@ function cleanup_baremetal_basic_ops {
     sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override
     restart_service xinetd
     sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
-    sudo iptables -D INPUT -d $HOST_IP -p tcp --dport 6385 -j ACCEPT || true
+    sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
     if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
         # agent ramdisk gets instance image from swift
         sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 4004cc935a..420950328e 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -47,7 +47,7 @@ function configure_nova_hypervisor {
     iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
     iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
     iniset $NOVA_CONF ironic admin_tenant_name demo
-    iniset $NOVA_CONF ironic api_endpoint http://$SERVICE_HOST:6385/v1
+    iniset $NOVA_CONF ironic api_endpoint $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1
 }
 
 # install_nova_hypervisor() - Install external components

From 849d0b8ebb9aff4a2106c01a691112578f25281c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= 
Date: Tue, 18 Nov 2014 11:10:11 -0800
Subject: [PATCH 0161/3421] Fix the variable substitution
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prior to that commit if ceph_version was equal to 0.80.5, the variable
substitution ${ceph_version%.*} was returning 0.80 and not 0. Using
${ceph_version%%.*} returns the desired value.
Also refactoring the version output to get a X.X format since only
major and minor are important.

Change-Id: Iab50f3c4b24a01a68acda417eae0501f00038f54
Signed-off-by: Sébastien Han 
---
 lib/ceph | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index 2ddf5dbb6a..bfad3dcf60 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -72,7 +72,7 @@ CEPH_REPLICAS_SEQ=$(seq ${CEPH_REPLICAS})
 # ------------
 
 function get_ceph_version {
-    local ceph_version_str=$(sudo ceph daemon mon.$(hostname) version | cut -d '"' -f 4)
+    local ceph_version_str=$(sudo ceph daemon mon.$(hostname) version | cut -d '"' -f 4 | cut -f 1,2 -d '.')
     echo $ceph_version_str
 }
 
@@ -162,7 +162,7 @@ EOF
     # pools data and metadata were removed in the Giant release so depending on the version we apply different commands
     local ceph_version=$(get_ceph_version)
     # change pool replica size according to the CEPH_REPLICAS set by the user
-    if [[ ${ceph_version%.*} -eq 0 ]] && [[ ${ceph_version##*.} -lt 87 ]]; then
+    if [[ ${ceph_version%%.*} -eq 0 ]] && [[ ${ceph_version##*.} -lt 87 ]]; then
         sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
         sudo ceph -c ${CEPH_CONF_FILE} osd pool set data size ${CEPH_REPLICAS}
         sudo ceph -c ${CEPH_CONF_FILE} osd pool set metadata size ${CEPH_REPLICAS}

From 088e66028c4eb41cf583a76409febce13475b66c Mon Sep 17 00:00:00 2001
From: Mikhail S Medvedev 
Date: Tue, 18 Nov 2014 12:11:26 -0600
Subject: [PATCH 0162/3421] Deal with different django-admin executables

After the recent patch [1] the devstack is broken for Fedora 20 with
the error "django-admin.py: command not found" during horizon setup.

This is due to differences in how django currently packaged for Fedora,
where we should use "django-admin", without the .py

This patch sets up executable alias by checking if "django-admin"
exists, and falling back on "django-admin.py".

[1] https://review.openstack.org/#/c/120940/

Change-Id: I2b6de25fe32446edbdc0418674fea8579ec739d9
---
 lib/horizon | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/horizon b/lib/horizon
index 872e77a040..9fd1b854c8 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -142,8 +142,16 @@ function init_horizon {
     # and run_process
     sudo rm -f /var/log/$APACHE_NAME/horizon_*
 
-    DJANGO_SETTINGS_MODULE=openstack_dashboard.settings django-admin.py collectstatic --noinput
-    DJANGO_SETTINGS_MODULE=openstack_dashboard.settings django-admin.py compress --force
+    # Setup alias for django-admin which could be different depending on distro
+    local django_admin
+    if type -p django-admin > /dev/null; then
+        django_admin=django-admin
+    else
+        django_admin=django-admin.py
+    fi
+
+    DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin collectstatic --noinput
+    DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin compress --force
 
 }
 

From fe96ed66f5fea37484dfaae597c43756c16e5779 Mon Sep 17 00:00:00 2001
From: yunhong jiang 
Date: Wed, 5 Nov 2014 03:30:25 -0700
Subject: [PATCH 0163/3421] Add agent_ipmitool support

This patch enables to use the agent_ipmitool deploy driver to
deploy the ironic on real hardware, instead of virtual machine.

It also append the deploy driver name to the kernel/ramdisk
path, so that if developer switch the deploy driver after
./unstack.sh, devstack will use the correct kernel/ramdisk.

Change-Id: Iac0415f6895d037c876e137aa4f2bf2990eb47c5
---
 lib/ironic | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 98619c5f51..f2b1fb2f6a 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -93,7 +93,7 @@ IRONIC_AGENT_KERNEL_URL=${IRONIC_AGENT_KERNEL_URL:-http://tarballs.openstack.org
 IRONIC_AGENT_RAMDISK_URL=${IRONIC_AGENT_RAMDISK_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz}
 
 # Which deploy driver to use - valid choices right now
-# are 'pxe_ssh', 'pxe_ipmitool' and 'agent_ssh'.
+# are 'pxe_ssh', 'pxe_ipmitool', 'agent_ssh' and 'agent_ipmitool'.
 IRONIC_DEPLOY_DRIVER=${IRONIC_DEPLOY_DRIVER:-pxe_ssh}
 
 #TODO(agordeev): replace 'ubuntu' with host distro name getting
@@ -152,6 +152,11 @@ function is_ironic_hardware {
     return 1
 }
 
+function is_deployed_by_agent {
+    [[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]] && return 0
+    return 1
+}
+
 # install_ironic() - Collect source and prepare
 function install_ironic {
     # make sure all needed service were enabled
@@ -307,7 +312,7 @@ function configure_ironic_conductor {
     if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
         iniset $IRONIC_CONF_FILE pxe pxe_append_params "nofb nomodeset vga=normal console=ttyS0"
     fi
-    if [[ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]] ; then
+    if is_deployed_by_agent; then
         if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then
             iniset $IRONIC_CONF_FILE glance swift_temp_url_key $SWIFT_TEMPURL_KEY
         else
@@ -510,7 +515,7 @@ function enroll_nodes {
     if [[ "$IRONIC_DEPLOY_DRIVER" == "pxe_ssh" ]] ; then
         local _IRONIC_DEPLOY_KERNEL_KEY=pxe_deploy_kernel
         local _IRONIC_DEPLOY_RAMDISK_KEY=pxe_deploy_ramdisk
-    elif [[ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]] ; then
+    elif is_deployed_by_agent; then
         local _IRONIC_DEPLOY_KERNEL_KEY=deploy_kernel
         local _IRONIC_DEPLOY_RAMDISK_KEY=deploy_ramdisk
     fi
@@ -552,6 +557,10 @@ function enroll_nodes {
             # we create the bare metal flavor with minimum value
             local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\
                 -i ipmi_username=$ironic_ipmi_username"
+            if is_deployed_by_agent; then
+                node_options+=" -i $_IRONIC_DEPLOY_KERNEL_KEY=$IRONIC_DEPLOY_KERNEL_ID"
+                node_options+=" -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID"
+            fi
         fi
 
         local node_id=$(ironic node-create --chassis_uuid $chassis_id \
@@ -589,7 +598,7 @@ function configure_iptables {
     # nodes boot from TFTP and callback to the API server listening on $HOST_IP
     sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
     sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
-    if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
+    if is_deployed_by_agent; then
         # agent ramdisk gets instance image from swift
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
     fi
@@ -665,8 +674,8 @@ function upload_baremetal_ironic_deploy {
     fi
 
     if [ -z "$IRONIC_DEPLOY_KERNEL" -o -z "$IRONIC_DEPLOY_RAMDISK" ]; then
-        local IRONIC_DEPLOY_KERNEL_PATH=$TOP_DIR/files/ir-deploy.kernel
-        local IRONIC_DEPLOY_RAMDISK_PATH=$TOP_DIR/files/ir-deploy.initramfs
+        local IRONIC_DEPLOY_KERNEL_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.kernel
+        local IRONIC_DEPLOY_RAMDISK_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.initramfs
     else
         local IRONIC_DEPLOY_KERNEL_PATH=$IRONIC_DEPLOY_KERNEL
         local IRONIC_DEPLOY_RAMDISK_PATH=$IRONIC_DEPLOY_RAMDISK
@@ -677,17 +686,17 @@ function upload_baremetal_ironic_deploy {
         if [ "$IRONIC_BUILD_DEPLOY_RAMDISK" = "True" ]; then
             # we can build them only if we're not offline
             if [ "$OFFLINE" != "True" ]; then
-                if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
+                if is_deployed_by_agent; then
                     build_ipa_coreos_ramdisk $IRONIC_DEPLOY_KERNEL_PATH $IRONIC_DEPLOY_RAMDISK_PATH
                 else
                     ramdisk-image-create $IRONIC_DEPLOY_FLAVOR \
-                        -o $TOP_DIR/files/ir-deploy
+                        -o $TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER
                 fi
             else
                 die $LINENO "Deploy kernel+ramdisk files don't exist and cannot be build in OFFLINE mode"
             fi
         else
-            if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
+            if is_deployed_by_agent; then
                 # download the agent image tarball
                 wget "$IRONIC_AGENT_KERNEL_URL" -O $IRONIC_DEPLOY_KERNEL_PATH
                 wget "$IRONIC_AGENT_RAMDISK_URL" -O $IRONIC_DEPLOY_RAMDISK_PATH
@@ -751,7 +760,7 @@ function cleanup_baremetal_basic_ops {
     restart_service xinetd
     sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
     sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
-    if [ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]; then
+    if is_deployed_by_agent; then
         # agent ramdisk gets instance image from swift
         sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
     fi

From e4e535b0bf07bc823bdd72b31f66628e5ea96465 Mon Sep 17 00:00:00 2001
From: salvatore 
Date: Wed, 29 Oct 2014 18:22:46 +0100
Subject: [PATCH 0164/3421] Ensure syslog option is honored by neutron and
 tempest

Syslog settings were not configured at all for these two
projects. As a result, regardless of the value of the
SYSLOG environment variable, the use_syslog options for
these two projects was always set to False.

Change-Id: Iba6155d62beffa06e5bb9ac16b06082ec64d0926
Closes-Bug: #1394024
---
 lib/neutron | 2 +-
 lib/tempest | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index db6bd47ced..1d4fe1bd5f 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -785,7 +785,7 @@ function _configure_neutron_common {
 
     iniset $NEUTRON_CONF database connection `database_connection_url $Q_DB_NAME`
     iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron
-
+    iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
     # If addition config files are set, make sure their path name is set as well
     if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
         die $LINENO "Neutron additional plugin config not set.. exiting"
diff --git a/lib/tempest b/lib/tempest
index 8931300b98..d3fb9fb2dc 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -247,6 +247,7 @@ function configure_tempest {
         fi
     fi
 
+    iniset $TEMPEST_CONF DEFAULT use_syslog $SYSLOG
     # Oslo
     iniset $TEMPEST_CONFIG DEFAULT lock_path $TEMPEST_STATE_PATH
     mkdir -p $TEMPEST_STATE_PATH

From 9d09f0980285b5b5d5ccf3865cab1c5df49b25d5 Mon Sep 17 00:00:00 2001
From: Oleg Gashev 
Date: Wed, 19 Nov 2014 00:29:03 -0500
Subject: [PATCH 0165/3421] Remove is_rackspace function from functions-common

is_rackspace function never used and can be removed from code.

Change-Id: Ic5d1dc419bdea3619fe248afad027e7d7c602b4f
Closes-Bug: #1394076
---
 functions-common | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/functions-common b/functions-common
index e890b75d13..a96c702728 100644
--- a/functions-common
+++ b/functions-common
@@ -499,13 +499,6 @@ function is_arch {
     [[ "$(uname -m)" == "$1" ]]
 }
 
-# Quick check for a rackspace host; n.b. rackspace provided images
-# have these Xen tools installed but a custom image may not.
-function is_rackspace {
-    [ -f /usr/bin/xenstore-ls ] && \
-        sudo /usr/bin/xenstore-ls vm-data | grep -q "Rackspace"
-}
-
 # Determine if current distribution is a Fedora-based distribution
 # (Fedora, RHEL, CentOS, etc).
 # is_fedora

From 48bbfe93f5b4b600db0f12c1f8574d4177ccce36 Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Wed, 19 Nov 2014 15:54:17 -0500
Subject: [PATCH 0166/3421] switch to use ceilometer specific connections

in Juno/Kilo, we added ceilometer purpose specific connections for:
metering, alarms, event. Rather than piggyback off oslo.db's
connection option (which gives misleading sql help message), we
should use Ceilometer specific connections.

Change-Id: I7703b73708a5807fb8de89fbb828f06b488acf69
---
 lib/ceilometer | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index c4377e04c0..cdef422bb5 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -183,10 +183,14 @@ function configure_ceilometer {
     configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
 
     if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
-        iniset $CEILOMETER_CONF database connection $(database_connection_url ceilometer)
+        iniset $CEILOMETER_CONF database alarm_connection $(database_connection_url ceilometer)
+        iniset $CEILOMETER_CONF database event_connection $(database_connection_url ceilometer)
+        iniset $CEILOMETER_CONF database metering_connection $(database_connection_url ceilometer)
         iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS
     else
-        iniset $CEILOMETER_CONF database connection mongodb://localhost:27017/ceilometer
+        iniset $CEILOMETER_CONF database alarm_connection mongodb://localhost:27017/ceilometer
+        iniset $CEILOMETER_CONF database event_connection mongodb://localhost:27017/ceilometer
+        iniset $CEILOMETER_CONF database metering_connection mongodb://localhost:27017/ceilometer
         configure_mongodb
         cleanup_ceilometer
     fi

From 8df690c52530589816a7323c24e4d616478b596c Mon Sep 17 00:00:00 2001
From: Louis Taylor 
Date: Thu, 20 Nov 2014 13:09:03 +0000
Subject: [PATCH 0167/3421] Install bash completion for glanceclient

This installs the new bash-complete file in the standard location,
alongside the rest of the completion files:

    /etc/bash_completion.d/glance.bash_completion

Change-Id: I2944c47d857f7125f370b2b1ee041d1282db09c5
---
 lib/glance | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/glance b/lib/glance
index 04c088aa6d..5b456393ff 100644
--- a/lib/glance
+++ b/lib/glance
@@ -290,6 +290,7 @@ function install_glanceclient {
     if use_library_from_git "python-glanceclient"; then
         git_clone_by_name "python-glanceclient"
         setup_dev_lib "python-glanceclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-glanceclient"]}/tools/,/etc/bash_completion.d/}glance.bash_completion
     fi
 }
 

From aecd189f80533b2680184d648f393bd0f5479882 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 19 Nov 2014 15:19:51 -0500
Subject: [PATCH 0168/3421] add unit tests for GIT* definitions

This adds unit tests for all the GIT* definitions, ensuring that for
libraries we think should be defined, they are. It exposed a bug in
glance_store definitions in the process.

The GITDIR definition for python-openstackclient is moved to stackrc
for testability.

Change-Id: Ibd9ab665f0362a84f4f7e80e80da56a4737f584e
---
 lib/glance                   |  2 +-
 stack.sh                     |  3 --
 stackrc                      |  2 +
 tests/test_libs_from_pypi.sh | 96 ++++++++++++++++++++++++++++++++++++
 4 files changed, 99 insertions(+), 4 deletions(-)
 create mode 100755 tests/test_libs_from_pypi.sh

diff --git a/lib/glance b/lib/glance
index 04c088aa6d..0c1045fd12 100644
--- a/lib/glance
+++ b/lib/glance
@@ -28,7 +28,7 @@ set +o xtrace
 
 # Set up default directories
 GITDIR["python-glanceclient"]=$DEST/python-glanceclient
-GIRDIR["glance_store"]=$DEST/glance_store
+GITDIR["glance_store"]=$DEST/glance_store
 
 GLANCE_DIR=$DEST/glance
 GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
diff --git a/stack.sh b/stack.sh
index 93e4541990..24bda01782 100755
--- a/stack.sh
+++ b/stack.sh
@@ -575,9 +575,6 @@ if [[ -d $TOP_DIR/extras.d ]]; then
     done
 fi
 
-# Set the destination directories for other OpenStack projects
-GITDIR["python-openstackclient"]=$DEST/python-openstackclient
-
 # Interactive Configuration
 # -------------------------
 
diff --git a/stackrc b/stackrc
index e0e886d22c..5c5acb137c 100644
--- a/stackrc
+++ b/stackrc
@@ -273,6 +273,8 @@ GITBRANCH["python-troveclient"]=${TROVECLIENT_BRANCH:-master}
 # consolidated openstack python client
 GITREPO["python-openstackclient"]=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git}
 GITBRANCH["python-openstackclient"]=${OPENSTACKCLIENT_BRANCH:-master}
+# this doesn't exist in a lib file, so set it here
+GITDIR["python-openstackclient"]=$DEST/python-openstackclient
 
 ###################
 #
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
new file mode 100755
index 0000000000..1b576d87c2
--- /dev/null
+++ b/tests/test_libs_from_pypi.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+export TOP_DIR=$TOP
+
+# Import common functions
+source $TOP/functions
+source $TOP/stackrc
+source $TOP/lib/tls
+for i in $TOP/lib/*; do
+    if [[ -f $i ]]; then
+        source $i
+    fi
+done
+
+ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient"
+
+# Generate the above list with
+# echo ${!GITREPO[@]}
+
+function check_exists {
+    local thing=$1
+    local hash=$2
+    local key=$3
+    if [[ ! -z "$VERBOSE" ]]; then
+        echo "Checking for $hash[$key]"
+    fi
+    if [[ -z $thing ]]; then
+        echo "$hash[$key] does not exit!"
+        exit 1
+    else
+        if [[ ! -z "$VERBOSE" ]]; then
+            echo "$hash[$key] => $thing"
+        fi
+    fi
+}
+
+function test_all_libs_upto_date {
+    # this is all the magics
+    local found_libs=${!GITREPO[@]}
+    declare -A all_libs
+    for lib in $ALL_LIBS; do
+        all_libs[$lib]=1
+    done
+
+    for lib in $found_libs; do
+        if [[ -z ${all_libs[$lib]} ]]; then
+            echo "Library '$lib' not listed in unit tests, please add to ALL_LIBS"
+            exit 1
+        fi
+
+    done
+    echo "test_all_libs_upto_date PASSED"
+}
+
+function test_libs_exist {
+    local lib=""
+    for lib in $ALL_LIBS; do
+        check_exists "${GITREPO[$lib]}" "GITREPO" "$lib"
+        check_exists "${GITBRANCH[$lib]}" "GITBRANCH" "$lib"
+        check_exists "${GITDIR[$lib]}" "GITDIR" "$lib"
+    done
+
+    echo "test_libs_exist PASSED"
+}
+
+function test_branch_master {
+    for lib in $ALL_LIBS; do
+        if [[ ${GITBRANCH[$lib]} != "master" ]]; then
+            echo "GITBRANCH for $lib not master (${GITBRANCH[$lib]})"
+            exit 1
+        fi
+    done
+
+    echo "test_branch_master PASSED"
+}
+
+set -o errexit
+
+test_libs_exist
+test_branch_master
+test_all_libs_upto_date

From 34296016632a82ebbc88978a41f12ac2af1730e6 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 27 Oct 2014 11:57:20 -0400
Subject: [PATCH 0169/3421] Documentation: Using Neutron with DevStack

Change-Id: I75f30a6809a6276dbd8a61e73535913be63b54f0
---
 doc/source/guides/neutron.rst | 195 ++++++++++++++++++++++++++++++++++
 doc/source/index.rst          |   8 ++
 2 files changed, 203 insertions(+)
 create mode 100644 doc/source/guides/neutron.rst

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
new file mode 100644
index 0000000000..59b7a9d55b
--- /dev/null
+++ b/doc/source/guides/neutron.rst
@@ -0,0 +1,195 @@
+======================================
+Using DevStack with Neutron Networking
+======================================
+
+This guide will walk you through using OpenStack Neutron with the ML2
+plugin and the Open vSwitch mechanism driver.
+
+Network Interface Configuration
+===============================
+
+To use Neutron, it is suggested that two network interfaces be present
+in the host operating system.
+
+The first interface, eth0 is used for the OpenStack management (API,
+message bus, etc) as well as for ssh for an administrator to access
+the machine.
+
+::
+
+        stack@compute:~$ ifconfig eth0
+        eth0      Link encap:Ethernet  HWaddr bc:16:65:20:af:fc
+                  inet addr:192.168.1.18
+
+eth1 is manually configured at boot to not have an IP address.
+Consult your operating system documentation for the appropriate
+technique. For Ubuntu, the contents of `/etc/networking/interfaces`
+contains:
+
+::
+
+        auto eth1
+        iface eth1 inet manual
+                up ifconfig $IFACE 0.0.0.0 up
+                down ifconfig $IFACE 0.0.0.0 down
+
+The second physical interface, eth1 is added to a bridge (in this case
+named br-ex), which is used to forward network traffic from guest VMs.
+Network traffic from eth1 on the compute nodes is then NAT'd by the
+controller node that runs Neutron's `neutron-l3-agent` and provides L3
+connectivity.
+
+::
+
+        stack@compute:~$ sudo ovs-vsctl add-br br-ex
+        stack@compute:~$ sudo ovs-vsctl add-port br-ex eth1
+        stack@compute:~$ sudo ovs-vsctl show
+        9a25c837-32ab-45f6-b9f2-1dd888abcf0f
+            Bridge br-ex
+                Port br-ex
+                    Interface br-ex
+                        type: internal
+                Port phy-br-ex
+                    Interface phy-br-ex
+                        type: patch
+                        options: {peer=int-br-ex}
+                Port "eth1"
+                    Interface "eth1"
+
+
+
+
+Neutron Networking with Open vSwitch
+====================================
+
+Configuring Neutron networking in DevStack is very similar to
+configuring `nova-network` - many of the same configuration variables
+(like `FIXED_RANGE` and `FLOATING_RANGE`) used by `nova-network` are
+used by Neutron, which is intentional.
+
+The only difference is the disabling of `nova-network` in your
+local.conf, and the enabling of the Neutron components.
+
+
+Configuration
+-------------
+
+::
+
+        FIXED_RANGE=10.0.0.0/24
+        FLOATING_RANGE=192.168.27.0/24
+        PUBLIC_NETWORK_GATEWAY=192.168.27.2
+
+        disable_service n-net
+        enable_service q-svc
+        enable_service q-agt
+        enable_service q-dhcp
+        enable_service q-meta
+        enable_service q-l3
+
+        Q_USE_SECGROUP=True
+        ENABLE_TENANT_VLANS=True
+        TENANT_VLAN_RANGE=1000:1999
+        PHYSICAL_NETWORK=default
+        OVS_PHYSICAL_BRIDGE=br-ex
+
+In this configuration we are defining FLOATING_RANGE to be a
+subnet that exists in the private RFC1918 address space - however in
+in a real setup FLOATING_RANGE would be a public IP address range.
+
+Neutron Networking with Open vSwitch and Provider Networks
+==========================================================
+
+In some instances, it is desirable to use Neutron's provider
+networking extension, so that networks that are configured on an
+external router can be utilized by Neutron, and instances created via
+Nova can attach to the network managed by the external router.
+
+For example, in some lab environments, a hardware router has been
+pre-configured by another party, and an OpenStack developer has been
+given a VLAN tag and IP address range, so that instances created via
+DevStack will use the external router for L3 connectivity, as opposed
+to the Neutron L3 service.
+
+
+Service Configuration
+---------------------
+
+**Control Node**
+
+In this example, the control node will run the majority of the
+OpenStack API and management services (Keystone, Glance,
+Nova, Neutron, etc..)
+
+
+**Compute Nodes**
+
+In this example, the nodes that will host guest instances will run
+the `neutron-openvswitch-agent` for network connectivity, as well as
+the compute service `nova-compute`.
+
+DevStack Configuration
+----------------------
+
+The following is a snippet of the DevStack configuration on the
+controller node.
+
+::
+
+        PUBLIC_INTERFACE=eth1
+
+        ## Neutron options
+        Q_USE_SECGROUP=True
+        ENABLE_TENANT_VLANS=True
+        TENANT_VLAN_RANGE=3001:4000
+        PHYSICAL_NETWORK=default
+        OVS_PHYSICAL_BRIDGE=br-ex
+
+        Q_USE_PROVIDER_NETWORKING=True
+        Q_L3_ENABLED=False
+
+        # Do not use Nova-Network
+        disable_service n-net
+
+        # Neutron
+        ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt
+
+        ## Neutron Networking options used to create Neutron Subnets
+
+        FIXED_RANGE="10.1.1.0/24"
+        PROVIDER_SUBNET_NAME="provider_net"
+        PROVIDER_NETWORK_TYPE="vlan"
+        SEGMENTATION_ID=2010
+
+In this configuration we are defining FIXED_RANGE to be a
+subnet that exists in the private RFC1918 address space - however in
+in a real setup FIXED_RANGE would be a public IP address range, so
+that you could access your instances from the public internet.
+
+The following is a snippet of the DevStack configuration on the
+compute node.
+
+::
+
+        # Services that a compute node runs
+        ENABLED_SERVICES=n-cpu,rabbit,q-agt
+
+        ## Neutron options
+        Q_USE_SECGROUP=True
+        ENABLE_TENANT_VLANS=True
+        TENANT_VLAN_RANGE=3001:4000
+        PHYSICAL_NETWORK=default
+        OVS_PHYSICAL_BRIDGE=br-ex
+        PUBLIC_INTERFACE=eth1
+        Q_USE_PROVIDER_NETWORKING=True
+        Q_L3_ENABLED=False
+
+When DevStack is configured to use provider networking (via
+`Q_USE_PROVIDER_NETWORKING` is True and `Q_L3_ENABLED` is False) -
+DevStack will automatically add the network interface defined in
+`PUBLIC_INTERFACE` to the `OVS_PHYSICAL_BRIDGE`
+
+For example, with the above  configuration, a bridge is
+created, named `br-ex` which is managed by Open vSwitch, and the
+second interface on the compute node, `eth1` is attached to the
+bridge, to forward traffic sent by guest vms.
diff --git a/doc/source/index.rst b/doc/source/index.rst
index dbefdec144..21b31e4925 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -63,6 +63,7 @@ Walk through various setups used by stackers
    guides/single-vm
    guides/single-machine
    guides/multinode-lab
+   guides/neutron
 
 All-In-One Single VM
 --------------------
@@ -84,6 +85,13 @@ Multi-Node Lab
 Setup a :doc:`multi-node cluster ` with dedicated VLANs for VMs & Management.
 :doc:`[Read] `
 
+DevStack with Neutron Networking
+--------------------------------
+
+Building a DevStack cluster with :doc:`Neutron Networking `.
+This guide is meant for building lab environments with a dedicated
+control node and multiple compute nodes.
+
 DevStack Documentation
 ======================
 

From a6dfe8199831019a53c937aa7f1f85549bb268e7 Mon Sep 17 00:00:00 2001
From: JordanP 
Date: Thu, 20 Nov 2014 18:06:23 +0100
Subject: [PATCH 0170/3421] Remove unused and deprecated SWIFT_CONFIG_DIR
 variable

Change-Id: Id9b9f2300288b98e4952ef8da6732232a683338d
---
 doc/source/guides/multinode-lab.rst | 2 +-
 lib/swift                           | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 44601d8713..ff81c93975 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -275,7 +275,7 @@ simple as enabling the ``swift`` service in ``local.conf``:
 Swift will put its data files in ``SWIFT_DATA_DIR`` (default
 ``/opt/stack/data/swift``). The size of the data 'partition' created
 (really a loop-mounted file) is set by ``SWIFT_LOOPBACK_DISK_SIZE``. The
-Swift config files are located in ``SWIFT_CONFIG_DIR`` (default
+Swift config files are located in ``SWIFT_CONF_DIR`` (default
 ``/etc/swift``). All of these settings can be overridden in (wait for
 it...) ``local.conf``.
 
diff --git a/lib/swift b/lib/swift
index ae0874ebdf..9e61331404 100644
--- a/lib/swift
+++ b/lib/swift
@@ -54,8 +54,7 @@ SWIFT_DISK_IMAGE=${SWIFT_DATA_DIR}/drives/images/swift.img
 
 # Set ``SWIFT_CONF_DIR`` to the location of the configuration files.
 # Default is ``/etc/swift``.
-# TODO(dtroyer): remove SWIFT_CONFIG_DIR after cutting stable/grizzly
-SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-${SWIFT_CONFIG_DIR:-/etc/swift}}
+SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-/etc/swift}
 
 if is_service_enabled s-proxy && is_service_enabled swift3; then
     # If we are using swift3, we can default the s3 port to swift instead

From 86b65dd77b14a757b1bdbec2b6ae6b4900a88bed Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 20 Nov 2014 17:23:04 -0500
Subject: [PATCH 0171/3421] fix tempest-lib setup

The setup should have been with setup_dev_lib, which looks up the path
from GITDIR. This should let tempest-lib src jobs function.

Change-Id: Ia160708c089adce469d878030196b6fed8acc92d
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index d3fb9fb2dc..6bcfaec84b 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -450,7 +450,7 @@ function create_tempest_accounts {
 function install_tempest_lib {
     if use_library_from_git "tempest-lib"; then
         git_clone_by_name "tempest-lib"
-        setup_develop "tempest-lib"
+        setup_dev_lib "tempest-lib"
     fi
 }
 

From a1ffcfab478888ac4b0953c51e6d92f586d31d42 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Thu, 20 Nov 2014 16:42:32 -0800
Subject: [PATCH 0172/3421] Set libvirt live_migration_uri

Sets up n-cpu to migrate domains via SSH.  By default, hosts attempt
to connect to each other as root, so this specifies STACK_USER instead.

Change-Id: Ic6e868091c89a2cc6b2f0fada3f7e95002aaff8b
---
 lib/nova_plugins/hypervisor-libvirt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 259bf15a27..53dbfb976f 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -42,6 +42,7 @@ function configure_nova_hypervisor {
     iniset $NOVA_CONF libvirt virt_type "$LIBVIRT_TYPE"
     iniset $NOVA_CONF libvirt cpu_mode "none"
     iniset $NOVA_CONF libvirt use_usb_tablet "False"
+    iniset $NOVA_CONF libvirt live_migration_uri "qemu+ssh://$STACK_USER@%s/system"
     iniset $NOVA_CONF DEFAULT default_ephemeral_format "ext4"
     iniset $NOVA_CONF DEFAULT compute_driver "libvirt.LibvirtDriver"
     LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.libvirt.firewall.IptablesFirewallDriver"}

From 98a0ad44722182453a74872c93c904d35bcac708 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Fri, 21 Nov 2014 10:42:18 +0900
Subject: [PATCH 0173/3421] ovs_base: Fix debug-agent config for
 Q_USE_PROVIDERNET_FOR_PUBLIC=True

Set up external_network_bridge correctly for the case
of Q_USE_PROVIDERNET_FOR_PUBLIC=True.

This is an oversight in commit 6a633fd024347aade777ecd6545fa3efde5a959c.

Closes-Bug: #1394826
Change-Id: I33f0fe15bafb7071d8a09899d636471f49031606
---
 lib/neutron_plugins/ovs_base | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index f0ef194569..07aa7cca9b 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -60,7 +60,11 @@ function _neutron_ovs_base_install_agent_packages {
 }
 
 function _neutron_ovs_base_configure_debug_command {
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
+    if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
+        iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge ""
+    else
+        iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
+    fi
 }
 
 function _neutron_ovs_base_configure_firewall_driver {

From 90c20209088eca3dcf830856a3a3118367dbc09f Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Mon, 17 Nov 2014 01:16:22 -0500
Subject: [PATCH 0174/3421] Configure boto.cfg in tempest to point to SSL
 bundle

The boto client uses the ca_certificate_files value in the
Boto section of /etc/boto.cfg when making an SSL client
connection. Configure that to be the devstack SSL CA bundle
so the boto tests will pass when running against an SSL or
TLS-proxy configured devstack environment.

Change-Id: I55ae6d6e0c5b3adb4370ec93f40ae1cd47741457
---
 lib/tempest | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 8931300b98..ec045a9a4f 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -63,6 +63,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
 
 
 BOTO_MATERIALS_PATH="$FILES/images/s3-materials/cirros-${CIRROS_VERSION}"
+BOTO_CONF=$TEMPEST_DIR/boto.cfg
 
 # Cinder/Volume variables
 TEMPEST_VOLUME_DRIVER=${TEMPEST_VOLUME_DRIVER:-default}
@@ -424,6 +425,12 @@ function configure_tempest {
         fi
     done
 
+    if is_ssl_enabled_service "keystone" || is_service_enabled tls-proxy; then
+        # Use the BOTO_CONFIG environment variable to point to this file
+        iniset $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE
+        sudo chown $STACK_USER $BOTO_CONF
+    fi
+
     # Restore IFS
     IFS=$ifs
 }

From af14029553a3aaeb3edaf49568b175c47f88fbc0 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 20 Nov 2014 21:13:15 -0600
Subject: [PATCH 0175/3421] Rework the old logo

* Re-work the old banner logo for the Sphinx docs
* Remove the remaining leftover assets from the old web site

So this is one possibility, I retained the other logo files so we have
options to play with.

Change-Id: Iac15899780072450dc30600a719283c0e2b0c0ae
---
 doc/source/assets/css/bootstrap.css      |  616 --------
 doc/source/assets/css/local.css          |  122 --
 doc/source/assets/images/header_bg.png   |  Bin 1014 -> 0 bytes
 doc/source/assets/images/logo-blue.png   |  Bin 0 -> 10568 bytes
 doc/source/assets/images/logo-blue.xcf   |  Bin 0 -> 33947 bytes
 doc/source/assets/images/quickstart.png  |  Bin 9491 -> 0 bytes
 doc/source/assets/js/bootstrap.js        | 1722 ----------------------
 doc/source/assets/js/bootstrap.min.js    |    1 -
 doc/source/assets/js/jquery-1.7.1.min.js |    4 -
 doc/source/index.rst                     |    2 +
 10 files changed, 2 insertions(+), 2465 deletions(-)
 delete mode 100644 doc/source/assets/css/bootstrap.css
 delete mode 100644 doc/source/assets/css/local.css
 delete mode 100644 doc/source/assets/images/header_bg.png
 create mode 100644 doc/source/assets/images/logo-blue.png
 create mode 100644 doc/source/assets/images/logo-blue.xcf
 delete mode 100644 doc/source/assets/images/quickstart.png
 delete mode 100644 doc/source/assets/js/bootstrap.js
 delete mode 100644 doc/source/assets/js/bootstrap.min.js
 delete mode 100644 doc/source/assets/js/jquery-1.7.1.min.js

diff --git a/doc/source/assets/css/bootstrap.css b/doc/source/assets/css/bootstrap.css
deleted file mode 100644
index 5fd10bcceb..0000000000
--- a/doc/source/assets/css/bootstrap.css
+++ /dev/null
@@ -1,616 +0,0 @@
-article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block;}
-audio,canvas,video{display:inline-block;*display:inline;*zoom:1;}
-audio:not([controls]){display:none;}
-html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;}
-a:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;}
-a:hover,a:active{outline:0;}
-sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline;}
-sup{top:-0.5em;}
-sub{bottom:-0.25em;}
-img{max-width:100%;height:auto;border:0;-ms-interpolation-mode:bicubic;}
-button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle;}
-button,input{*overflow:visible;line-height:normal;}
-button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0;}
-button,input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button;}
-input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;}
-input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none;}
-textarea{overflow:auto;vertical-align:top;}
-body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;line-height:18px;color:#333333;background-color:#ffffff;}
-a{color:#0088cc;text-decoration:none;}
-a:hover{color:#005580;text-decoration:underline;}
-.row{margin-left:-20px;*zoom:1;}.row:before,.row:after{display:table;content:"";}
-.row:after{clear:both;}
-[class*="span"]{float:left;margin-left:20px;}
-.span1{width:60px;}
-.span2{width:140px;}
-.span3{width:220px;}
-.span4{width:300px;}
-.span5{width:380px;}
-.span6{width:460px;}
-.span7{width:540px;}
-.span8{width:620px;}
-.span9{width:700px;}
-.span10{width:780px;}
-.span11{width:860px;}
-.span12,.container{width:940px;}
-.offset1{margin-left:100px;}
-.offset2{margin-left:180px;}
-.offset3{margin-left:260px;}
-.offset4{margin-left:340px;}
-.offset5{margin-left:420px;}
-.offset6{margin-left:500px;}
-.offset7{margin-left:580px;}
-.offset8{margin-left:660px;}
-.offset9{margin-left:740px;}
-.offset10{margin-left:820px;}
-.offset11{margin-left:900px;}
-.row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";}
-.row-fluid:after{clear:both;}
-.row-fluid>[class*="span"]{float:left;margin-left:2.127659574%;}
-.row-fluid>[class*="span"]:first-child{margin-left:0;}
-.row-fluid .span1{width:6.382978723%;}
-.row-fluid .span2{width:14.89361702%;}
-.row-fluid .span3{width:23.404255317%;}
-.row-fluid .span4{width:31.914893614%;}
-.row-fluid .span5{width:40.425531911%;}
-.row-fluid .span6{width:48.93617020799999%;}
-.row-fluid .span7{width:57.446808505%;}
-.row-fluid .span8{width:65.95744680199999%;}
-.row-fluid .span9{width:74.468085099%;}
-.row-fluid .span10{width:82.97872339599999%;}
-.row-fluid .span11{width:91.489361693%;}
-.row-fluid .span12{width:99.99999998999999%;}
-.container{width:940px;margin-left:auto;margin-right:auto;*zoom:1;}.container:before,.container:after{display:table;content:"";}
-.container:after{clear:both;}
-.container-fluid{padding-left:20px;padding-right:20px;*zoom:1;}.container-fluid:before,.container-fluid:after{display:table;content:"";}
-.container-fluid:after{clear:both;}
-p{margin:0 0 9px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;line-height:18px;}p small{font-size:11px;color:#999999;}
-.lead{margin-bottom:18px;font-size:20px;font-weight:200;line-height:27px;}
-h1,h2,h3,h4,h5,h6{margin:0;font-weight:bold;color:#333333;text-rendering:optimizelegibility;}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;color:#999999;}
-h1{font-size:30px;line-height:36px;}h1 small{font-size:18px;}
-h2{font-size:24px;line-height:36px;}h2 small{font-size:18px;}
-h3{line-height:27px;font-size:18px;}h3 small{font-size:14px;}
-h4,h5,h6{line-height:18px;}
-h4{font-size:14px;}h4 small{font-size:12px;}
-h5{font-size:12px;}
-h6{font-size:11px;color:#999999;text-transform:uppercase;}
-.page-header{padding-bottom:17px;margin:18px 0;border-bottom:1px solid #eeeeee;}
-.page-header h1{line-height:1;}
-ul,ol{padding:0;margin:0 0 9px 25px;}
-ul ul,ul ol,ol ol,ol ul{margin-bottom:0;}
-ul{list-style:disc;}
-ol{list-style:decimal;}
-li{line-height:18px;}
-ul.unstyled{margin-left:0;list-style:none;}
-dl{margin-bottom:18px;}
-dt,dd{line-height:18px;}
-dt{font-weight:bold;}
-dd{margin-left:9px;}
-hr{margin:18px 0;border:0;border-top:1px solid #e5e5e5;border-bottom:1px solid #ffffff;}
-strong{font-weight:bold;}
-em{font-style:italic;}
-.muted{color:#999999;}
-abbr{font-size:90%;text-transform:uppercase;border-bottom:1px dotted #ddd;cursor:help;}
-blockquote{padding:0 0 0 15px;margin:0 0 18px;border-left:5px solid #eeeeee;}blockquote p{margin-bottom:0;font-size:16px;font-weight:300;line-height:22.5px;}
-blockquote small{display:block;line-height:18px;color:#999999;}blockquote small:before{content:'\2014 \00A0';}
-blockquote.pull-right{float:right;padding-left:0;padding-right:15px;border-left:0;border-right:5px solid #eeeeee;}blockquote.pull-right p,blockquote.pull-right small{text-align:right;}
-q:before,q:after,blockquote:before,blockquote:after{content:"";}
-address{display:block;margin-bottom:18px;line-height:18px;font-style:normal;}
-small{font-size:100%;}
-cite{font-style:normal;}
-code,pre{padding:0 3px 2px;font-family:Menlo,Monaco,"Courier New",monospace;font-size:12px;color:#333333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;}
-code{padding:3px 4px;color:#d14;background-color:#f7f7f9;border:1px solid #e1e1e8;}
-pre{display:block;padding:8.5px;margin:0 0 9px;font-size:12px;line-height:18px;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0, 0, 0, 0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;white-space:pre;white-space:pre-wrap;word-break:break-all;}pre.prettyprint{margin-bottom:18px;}
-pre code{padding:0;background-color:transparent;}
-form{margin:0 0 18px;}
-fieldset{padding:0;margin:0;border:0;}
-legend{display:block;width:100%;padding:0;margin-bottom:27px;font-size:19.5px;line-height:36px;color:#333333;border:0;border-bottom:1px solid #eee;}
-label,input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:18px;}
-label{display:block;margin-bottom:5px;color:#333333;}
-input,textarea,select,.uneditable-input{display:inline-block;width:210px;height:18px;padding:4px;margin-bottom:9px;font-size:13px;line-height:18px;color:#555555;border:1px solid #ccc;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;}
-.uneditable-textarea{width:auto;height:auto;}
-label input,label textarea,label select{display:block;}
-input[type="image"],input[type="checkbox"],input[type="radio"]{width:auto;height:auto;padding:0;margin:3px 0;*margin-top:0;line-height:normal;border:0;cursor:pointer;border-radius:0 \0/;}
-input[type="file"]{padding:initial;line-height:initial;border:initial;background-color:#ffffff;background-color:initial;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;}
-input[type="button"],input[type="reset"],input[type="submit"]{width:auto;height:auto;}
-select,input[type="file"]{height:28px;*margin-top:4px;line-height:28px;}
-select{width:220px;background-color:#ffffff;}
-select[multiple],select[size]{height:auto;}
-input[type="image"]{-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;}
-textarea{height:auto;}
-input[type="hidden"]{display:none;}
-.radio,.checkbox{padding-left:18px;}
-.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-18px;}
-.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px;}
-.radio.inline,.checkbox.inline{display:inline-block;margin-bottom:0;vertical-align:middle;}
-.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px;}
-.controls>.radio.inline:first-child,.controls>.checkbox.inline:first-child{padding-top:0;}
-input,textarea{-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075);-webkit-transition:border linear 0.2s,box-shadow linear 0.2s;-moz-transition:border linear 0.2s,box-shadow linear 0.2s;-ms-transition:border linear 0.2s,box-shadow linear 0.2s;-o-transition:border linear 0.2s,box-shadow linear 0.2s;transition:border linear 0.2s,box-shadow linear 0.2s;}
-input:focus,textarea:focus{border-color:rgba(82, 168, 236, 0.8);-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 8px rgba(82, 168, 236, 0.6);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 8px rgba(82, 168, 236, 0.6);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.075),0 0 8px rgba(82, 168, 236, 0.6);outline:0;outline:thin dotted \9;}
-input[type="file"]:focus,input[type="checkbox"]:focus,select:focus{-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;}
-.input-mini{width:60px;}
-.input-small{width:90px;}
-.input-medium{width:150px;}
-.input-large{width:210px;}
-.input-xlarge{width:270px;}
-.input-xxlarge{width:530px;}
-input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input{float:none;margin-left:0;}
-input.span1,textarea.span1,.uneditable-input.span1{width:50px;}
-input.span2,textarea.span2,.uneditable-input.span2{width:130px;}
-input.span3,textarea.span3,.uneditable-input.span3{width:210px;}
-input.span4,textarea.span4,.uneditable-input.span4{width:290px;}
-input.span5,textarea.span5,.uneditable-input.span5{width:370px;}
-input.span6,textarea.span6,.uneditable-input.span6{width:450px;}
-input.span7,textarea.span7,.uneditable-input.span7{width:530px;}
-input.span8,textarea.span8,.uneditable-input.span8{width:610px;}
-input.span9,textarea.span9,.uneditable-input.span9{width:690px;}
-input.span10,textarea.span10,.uneditable-input.span10{width:770px;}
-input.span11,textarea.span11,.uneditable-input.span11{width:850px;}
-input.span12,textarea.span12,.uneditable-input.span12{width:930px;}
-input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{background-color:#f5f5f5;border-color:#ddd;cursor:not-allowed;}
-.control-group.warning>label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853;}
-.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853;border-color:#c09853;}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:0 0 6px #dbc59e;-moz-box-shadow:0 0 6px #dbc59e;box-shadow:0 0 6px #dbc59e;}
-.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853;}
-.control-group.error>label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48;}
-.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48;border-color:#b94a48;}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:0 0 6px #d59392;-moz-box-shadow:0 0 6px #d59392;box-shadow:0 0 6px #d59392;}
-.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48;}
-.control-group.success>label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847;}
-.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847;border-color:#468847;}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:0 0 6px #7aba7b;-moz-box-shadow:0 0 6px #7aba7b;box-shadow:0 0 6px #7aba7b;}
-.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847;}
-input:focus:required:invalid,textarea:focus:required:invalid,select:focus:required:invalid{color:#b94a48;border-color:#ee5f5b;}input:focus:required:invalid:focus,textarea:focus:required:invalid:focus,select:focus:required:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7;}
-.form-actions{padding:17px 20px 18px;margin-top:18px;margin-bottom:18px;background-color:#f5f5f5;border-top:1px solid #ddd;}
-.uneditable-input{display:block;background-color:#ffffff;border-color:#eee;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.025);cursor:not-allowed;}
-:-moz-placeholder{color:#999999;}
-::-webkit-input-placeholder{color:#999999;}
-.help-block{margin-top:5px;margin-bottom:0;color:#999999;}
-.help-inline{display:inline-block;*display:inline;*zoom:1;margin-bottom:9px;vertical-align:middle;padding-left:5px;}
-.input-prepend,.input-append{margin-bottom:5px;*zoom:1;}.input-prepend:before,.input-append:before,.input-prepend:after,.input-append:after{display:table;content:"";}
-.input-prepend:after,.input-append:after{clear:both;}
-.input-prepend input,.input-append input,.input-prepend .uneditable-input,.input-append .uneditable-input{-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0;}.input-prepend input:focus,.input-append input:focus,.input-prepend .uneditable-input:focus,.input-append .uneditable-input:focus{position:relative;z-index:2;}
-.input-prepend .uneditable-input,.input-append .uneditable-input{border-left-color:#ccc;}
-.input-prepend .add-on,.input-append .add-on{float:left;display:block;width:auto;min-width:16px;height:18px;margin-right:-1px;padding:4px 5px;font-weight:normal;line-height:18px;color:#999999;text-align:center;text-shadow:0 1px 0 #ffffff;background-color:#f5f5f5;border:1px solid #ccc;-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px;}
-.input-prepend .active,.input-append .active{background-color:#a9dba9;border-color:#46a546;}
-.input-prepend .add-on{*margin-top:1px;}
-.input-append input,.input-append .uneditable-input{float:left;-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px;}
-.input-append .uneditable-input{border-right-color:#ccc;}
-.input-append .add-on{margin-right:0;margin-left:-1px;-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0;}
-.input-append input:first-child{*margin-left:-160px;}.input-append input:first-child+.add-on{*margin-left:-21px;}
-.search-query{padding-left:14px;padding-right:14px;margin-bottom:0;-webkit-border-radius:14px;-moz-border-radius:14px;border-radius:14px;}
-.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input{display:inline-block;margin-bottom:0;}
-.form-search label,.form-inline label,.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{display:inline-block;}
-.form-search .input-append .add-on,.form-inline .input-prepend .add-on,.form-search .input-append .add-on,.form-inline .input-prepend .add-on{vertical-align:middle;}
-.control-group{margin-bottom:9px;}
-.form-horizontal legend+.control-group{margin-top:18px;-webkit-margin-top-collapse:separate;}
-.form-horizontal .control-group{margin-bottom:18px;*zoom:1;}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;content:"";}
-.form-horizontal .control-group:after{clear:both;}
-.form-horizontal .control-group>label{float:left;width:140px;padding-top:5px;text-align:right;}
-.form-horizontal .controls{margin-left:160px;}
-.form-horizontal .form-actions{padding-left:160px;}
-table{max-width:100%;border-collapse:collapse;border-spacing:0;}
-.table{width:100%;margin-bottom:18px;}.table th,.table td{padding:8px;line-height:18px;text-align:left;border-top:1px solid #ddd;}
-.table th{font-weight:bold;vertical-align:bottom;}
-.table td{vertical-align:top;}
-.table thead:first-child tr th,.table thead:first-child tr td{border-top:0;}
-.table tbody+tbody{border-top:2px solid #ddd;}
-.table-condensed th,.table-condensed td{padding:4px 5px;}
-.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapsed;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}.table-bordered th+th,.table-bordered td+td,.table-bordered th+td,.table-bordered td+th{border-left:1px solid #ddd;}
-.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0;}
-.table-bordered thead:first-child tr:first-child th:first-child,.table-bordered tbody:first-child tr:first-child td:first-child{-webkit-border-radius:4px 0 0 0;-moz-border-radius:4px 0 0 0;border-radius:4px 0 0 0;}
-.table-bordered thead:first-child tr:first-child th:last-child,.table-bordered tbody:first-child tr:first-child td:last-child{-webkit-border-radius:0 4px 0 0;-moz-border-radius:0 4px 0 0;border-radius:0 4px 0 0;}
-.table-bordered thead:last-child tr:last-child th:first-child,.table-bordered tbody:last-child tr:last-child td:first-child{-webkit-border-radius:0 0 0 4px;-moz-border-radius:0 0 0 4px;border-radius:0 0 0 4px;}
-.table-bordered thead:last-child tr:last-child th:last-child,.table-bordered tbody:last-child tr:last-child td:last-child{-webkit-border-radius:0 0 4px 0;-moz-border-radius:0 0 4px 0;border-radius:0 0 4px 0;}
-.table-striped tbody tr:nth-child(even) td,.table-striped tbody tr:nth-child(even) th{background-color:#f1f1f1;}
-table .span1{float:none;width:44px;margin-left:0;}
-table .span2{float:none;width:124px;margin-left:0;}
-table .span3{float:none;width:204px;margin-left:0;}
-table .span4{float:none;width:284px;margin-left:0;}
-table .span5{float:none;width:364px;margin-left:0;}
-table .span6{float:none;width:444px;margin-left:0;}
-table .span7{float:none;width:524px;margin-left:0;}
-table .span8{float:none;width:604px;margin-left:0;}
-table .span9{float:none;width:684px;margin-left:0;}
-table .span10{float:none;width:764px;margin-left:0;}
-table .span11{float:none;width:844px;margin-left:0;}
-table .span12{float:none;width:924px;margin-left:0;}
-[class^="icon-"]{display:inline-block;width:14px;height:14px;vertical-align:text-top;background-image:url(../img/glyphicons-halflings.png);background-position:14px 14px;background-repeat:no-repeat;*margin-right:.3em;}[class^="icon-"]:last-child{*margin-left:0;}
-.icon-white{background-image:url(../img/glyphicons-halflings-white.png);}
-.icon-glass{background-position:0 0;}
-.icon-music{background-position:-24px 0;}
-.icon-search{background-position:-48px 0;}
-.icon-envelope{background-position:-72px 0;}
-.icon-heart{background-position:-96px 0;}
-.icon-star{background-position:-120px 0;}
-.icon-star-empty{background-position:-144px 0;}
-.icon-user{background-position:-168px 0;}
-.icon-film{background-position:-192px 0;}
-.icon-th-large{background-position:-216px 0;}
-.icon-th{background-position:-240px 0;}
-.icon-th-list{background-position:-264px 0;}
-.icon-ok{background-position:-288px 0;}
-.icon-remove{background-position:-312px 0;}
-.icon-zoom-in{background-position:-336px 0;}
-.icon-zoom-out{background-position:-360px 0;}
-.icon-off{background-position:-384px 0;}
-.icon-signal{background-position:-408px 0;}
-.icon-cog{background-position:-432px 0;}
-.icon-trash{background-position:-456px 0;}
-.icon-home{background-position:0 -24px;}
-.icon-file{background-position:-24px -24px;}
-.icon-time{background-position:-48px -24px;}
-.icon-road{background-position:-72px -24px;}
-.icon-download-alt{background-position:-96px -24px;}
-.icon-download{background-position:-120px -24px;}
-.icon-upload{background-position:-144px -24px;}
-.icon-inbox{background-position:-168px -24px;}
-.icon-play-circle{background-position:-192px -24px;}
-.icon-repeat{background-position:-216px -24px;}
-.icon-refresh{background-position:-240px -24px;}
-.icon-list-alt{background-position:-264px -24px;}
-.icon-lock{background-position:-287px -24px;}
-.icon-flag{background-position:-312px -24px;}
-.icon-headphones{background-position:-336px -24px;}
-.icon-volume-off{background-position:-360px -24px;}
-.icon-volume-down{background-position:-384px -24px;}
-.icon-volume-up{background-position:-408px -24px;}
-.icon-qrcode{background-position:-432px -24px;}
-.icon-barcode{background-position:-456px -24px;}
-.icon-tag{background-position:0 -48px;}
-.icon-tags{background-position:-25px -48px;}
-.icon-book{background-position:-48px -48px;}
-.icon-bookmark{background-position:-72px -48px;}
-.icon-print{background-position:-96px -48px;}
-.icon-camera{background-position:-120px -48px;}
-.icon-font{background-position:-144px -48px;}
-.icon-bold{background-position:-167px -48px;}
-.icon-italic{background-position:-192px -48px;}
-.icon-text-height{background-position:-216px -48px;}
-.icon-text-width{background-position:-240px -48px;}
-.icon-align-left{background-position:-264px -48px;}
-.icon-align-center{background-position:-288px -48px;}
-.icon-align-right{background-position:-312px -48px;}
-.icon-align-justify{background-position:-336px -48px;}
-.icon-list{background-position:-360px -48px;}
-.icon-indent-left{background-position:-384px -48px;}
-.icon-indent-right{background-position:-408px -48px;}
-.icon-facetime-video{background-position:-432px -48px;}
-.icon-picture{background-position:-456px -48px;}
-.icon-pencil{background-position:0 -72px;}
-.icon-map-marker{background-position:-24px -72px;}
-.icon-adjust{background-position:-48px -72px;}
-.icon-tint{background-position:-72px -72px;}
-.icon-edit{background-position:-96px -72px;}
-.icon-share{background-position:-120px -72px;}
-.icon-check{background-position:-144px -72px;}
-.icon-move{background-position:-168px -72px;}
-.icon-step-backward{background-position:-192px -72px;}
-.icon-fast-backward{background-position:-216px -72px;}
-.icon-backward{background-position:-240px -72px;}
-.icon-play{background-position:-264px -72px;}
-.icon-pause{background-position:-288px -72px;}
-.icon-stop{background-position:-312px -72px;}
-.icon-forward{background-position:-336px -72px;}
-.icon-fast-forward{background-position:-360px -72px;}
-.icon-step-forward{background-position:-384px -72px;}
-.icon-eject{background-position:-408px -72px;}
-.icon-chevron-left{background-position:-432px -72px;}
-.icon-chevron-right{background-position:-456px -72px;}
-.icon-plus-sign{background-position:0 -96px;}
-.icon-minus-sign{background-position:-24px -96px;}
-.icon-remove-sign{background-position:-48px -96px;}
-.icon-ok-sign{background-position:-72px -96px;}
-.icon-question-sign{background-position:-96px -96px;}
-.icon-info-sign{background-position:-120px -96px;}
-.icon-screenshot{background-position:-144px -96px;}
-.icon-remove-circle{background-position:-168px -96px;}
-.icon-ok-circle{background-position:-192px -96px;}
-.icon-ban-circle{background-position:-216px -96px;}
-.icon-arrow-left{background-position:-240px -96px;}
-.icon-arrow-right{background-position:-264px -96px;}
-.icon-arrow-up{background-position:-289px -96px;}
-.icon-arrow-down{background-position:-312px -96px;}
-.icon-share-alt{background-position:-336px -96px;}
-.icon-resize-full{background-position:-360px -96px;}
-.icon-resize-small{background-position:-384px -96px;}
-.icon-plus{background-position:-408px -96px;}
-.icon-minus{background-position:-433px -96px;}
-.icon-asterisk{background-position:-456px -96px;}
-.icon-exclamation-sign{background-position:0 -120px;}
-.icon-gift{background-position:-24px -120px;}
-.icon-leaf{background-position:-48px -120px;}
-.icon-fire{background-position:-72px -120px;}
-.icon-eye-open{background-position:-96px -120px;}
-.icon-eye-close{background-position:-120px -120px;}
-.icon-warning-sign{background-position:-144px -120px;}
-.icon-plane{background-position:-168px -120px;}
-.icon-calendar{background-position:-192px -120px;}
-.icon-random{background-position:-216px -120px;}
-.icon-comment{background-position:-240px -120px;}
-.icon-magnet{background-position:-264px -120px;}
-.icon-chevron-up{background-position:-288px -120px;}
-.icon-chevron-down{background-position:-313px -119px;}
-.icon-retweet{background-position:-336px -120px;}
-.icon-shopping-cart{background-position:-360px -120px;}
-.icon-folder-close{background-position:-384px -120px;}
-.icon-folder-open{background-position:-408px -120px;}
-.icon-resize-vertical{background-position:-432px -119px;}
-.icon-resize-horizontal{background-position:-456px -118px;}
-.dropdown{position:relative;}
-.dropdown-toggle{*margin-bottom:-3px;}
-.dropdown-toggle:active,.open .dropdown-toggle{outline:0;}
-.caret{display:inline-block;width:0;height:0;text-indent:-99999px;*text-indent:0;vertical-align:top;border-left:4px solid transparent;border-right:4px solid transparent;border-top:4px solid #000000;opacity:0.3;filter:alpha(opacity=30);content:"\2193";}
-.dropdown .caret{margin-top:8px;margin-left:2px;}
-.dropdown:hover .caret,.open.dropdown .caret{opacity:1;filter:alpha(opacity=100);}
-.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;float:left;display:none;min-width:160px;max-width:220px;_width:160px;padding:4px 0;margin:0;list-style:none;background-color:#ffffff;border-color:#ccc;border-color:rgba(0, 0, 0, 0.2);border-style:solid;border-width:1px;-webkit-border-radius:0 0 5px 5px;-moz-border-radius:0 0 5px 5px;border-radius:0 0 5px 5px;-webkit-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-moz-box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);box-shadow:0 5px 10px rgba(0, 0, 0, 0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;*border-right-width:2px;*border-bottom-width:2px;}.dropdown-menu.bottom-up{top:auto;bottom:100%;margin-bottom:2px;}
-.dropdown-menu .divider{height:1px;margin:5px 1px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #ffffff;*width:100%;*margin:-5px 0 5px;}
-.dropdown-menu a{display:block;padding:3px 15px;clear:both;font-weight:normal;line-height:18px;color:#555555;white-space:nowrap;}
-.dropdown-menu li>a:hover,.dropdown-menu .active>a,.dropdown-menu .active>a:hover{color:#ffffff;text-decoration:none;background-color:#0088cc;}
-.dropdown.open{*z-index:1000;}.dropdown.open .dropdown-toggle{color:#ffffff;background:#ccc;background:rgba(0, 0, 0, 0.3);}
-.dropdown.open .dropdown-menu{display:block;}
-.typeahead{margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}
-.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #eee;border:1px solid rgba(0, 0, 0, 0.05);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 1px rgba(0, 0, 0, 0.05);}.well blockquote{border-color:#ddd;border-color:rgba(0, 0, 0, 0.15);}
-.fade{-webkit-transition:opacity 0.15s linear;-moz-transition:opacity 0.15s linear;-ms-transition:opacity 0.15s linear;-o-transition:opacity 0.15s linear;transition:opacity 0.15s linear;opacity:0;}.fade.in{opacity:1;}
-.collapse{-webkit-transition:height 0.35s ease;-moz-transition:height 0.35s ease;-ms-transition:height 0.35s ease;-o-transition:height 0.35s ease;transition:height 0.35s ease;position:relative;overflow:hidden;height:0;}.collapse.in{height:auto;}
-.close{float:right;font-size:20px;font-weight:bold;line-height:18px;color:#000000;text-shadow:0 1px 0 #ffffff;opacity:0.2;filter:alpha(opacity=20);}.close:hover{color:#000000;text-decoration:none;opacity:0.4;filter:alpha(opacity=40);cursor:pointer;}
-.btn{display:inline-block;padding:4px 10px 4px;font-size:13px;line-height:18px;color:#333333;text-align:center;text-shadow:0 1px 1px rgba(255, 255, 255, 0.75);background-color:#fafafa;background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), color-stop(25%, #ffffff), to(#e6e6e6));background-image:-webkit-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);background-image:-moz-linear-gradient(top, #ffffff, #ffffff 25%, #e6e6e6);background-image:-ms-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);background-image:-o-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);background-image:linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);background-repeat:no-repeat;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);border:1px solid #ccc;border-bottom-color:#bbb;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05);cursor:pointer;*margin-left:.3em;}.btn:first-child{*margin-left:0;}
-.btn:hover{color:#333333;text-decoration:none;background-color:#e6e6e6;background-position:0 -15px;-webkit-transition:background-position 0.1s linear;-moz-transition:background-position 0.1s linear;-ms-transition:background-position 0.1s linear;-o-transition:background-position 0.1s linear;transition:background-position 0.1s linear;}
-.btn:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px;}
-.btn.active,.btn:active{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 2px 4px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05);background-color:#e6e6e6;background-color:#d9d9d9 \9;color:rgba(0, 0, 0, 0.5);outline:0;}
-.btn.disabled,.btn[disabled]{cursor:default;background-image:none;background-color:#e6e6e6;opacity:0.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;}
-.btn-large{padding:9px 14px;font-size:15px;line-height:normal;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;}
-.btn-large .icon{margin-top:1px;}
-.btn-small{padding:5px 9px;font-size:11px;line-height:16px;}
-.btn-small .icon{margin-top:-1px;}
-.btn-primary,.btn-primary:hover,.btn-warning,.btn-warning:hover,.btn-danger,.btn-danger:hover,.btn-success,.btn-success:hover,.btn-info,.btn-info:hover{text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);color:#ffffff;}
-.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active{color:rgba(255, 255, 255, 0.75);}
-.btn-primary{background-color:#006dcc;background-image:-moz-linear-gradient(top, #0088cc, #0044cc);background-image:-ms-linear-gradient(top, #0088cc, #0044cc);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#0088cc), to(#0044cc));background-image:-webkit-linear-gradient(top, #0088cc, #0044cc);background-image:-o-linear-gradient(top, #0088cc, #0044cc);background-image:linear-gradient(top, #0088cc, #0044cc);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#0088cc', endColorstr='#0044cc', GradientType=0);border-color:#0044cc #0044cc #002a80;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-primary:hover,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{background-color:#0044cc;}
-.btn-primary:active,.btn-primary.active{background-color:#003399 \9;}
-.btn-warning{background-color:#faa732;background-image:-moz-linear-gradient(top, #fbb450, #f89406);background-image:-ms-linear-gradient(top, #fbb450, #f89406);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#fbb450), to(#f89406));background-image:-webkit-linear-gradient(top, #fbb450, #f89406);background-image:-o-linear-gradient(top, #fbb450, #f89406);background-image:linear-gradient(top, #fbb450, #f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fbb450', endColorstr='#f89406', GradientType=0);border-color:#f89406 #f89406 #ad6704;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-warning:hover,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{background-color:#f89406;}
-.btn-warning:active,.btn-warning.active{background-color:#c67605 \9;}
-.btn-danger{background-color:#da4f49;background-image:-moz-linear-gradient(top, #ee5f5b, #bd362f);background-image:-ms-linear-gradient(top, #ee5f5b, #bd362f);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#bd362f));background-image:-webkit-linear-gradient(top, #ee5f5b, #bd362f);background-image:-o-linear-gradient(top, #ee5f5b, #bd362f);background-image:linear-gradient(top, #ee5f5b, #bd362f);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#bd362f', GradientType=0);border-color:#bd362f #bd362f #802420;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-danger:hover,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{background-color:#bd362f;}
-.btn-danger:active,.btn-danger.active{background-color:#942a25 \9;}
-.btn-success{background-color:#5bb75b;background-image:-moz-linear-gradient(top, #62c462, #51a351);background-image:-ms-linear-gradient(top, #62c462, #51a351);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#51a351));background-image:-webkit-linear-gradient(top, #62c462, #51a351);background-image:-o-linear-gradient(top, #62c462, #51a351);background-image:linear-gradient(top, #62c462, #51a351);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#62c462', endColorstr='#51a351', GradientType=0);border-color:#51a351 #51a351 #387038;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-success:hover,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{background-color:#51a351;}
-.btn-success:active,.btn-success.active{background-color:#408140 \9;}
-.btn-info{background-color:#49afcd;background-image:-moz-linear-gradient(top, #5bc0de, #2f96b4);background-image:-ms-linear-gradient(top, #5bc0de, #2f96b4);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#2f96b4));background-image:-webkit-linear-gradient(top, #5bc0de, #2f96b4);background-image:-o-linear-gradient(top, #5bc0de, #2f96b4);background-image:linear-gradient(top, #5bc0de, #2f96b4);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#5bc0de', endColorstr='#2f96b4', GradientType=0);border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);}.btn-info:hover,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{background-color:#2f96b4;}
-.btn-info:active,.btn-info.active{background-color:#24748c \9;}
-button.btn,input[type="submit"].btn{*padding-top:2px;*padding-bottom:2px;}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0;}
-button.btn.large,input[type="submit"].btn.large{*padding-top:7px;*padding-bottom:7px;}
-button.btn.small,input[type="submit"].btn.small{*padding-top:3px;*padding-bottom:3px;}
-.btn-group{position:relative;*zoom:1;*margin-left:.3em;}.btn-group:before,.btn-group:after{display:table;content:"";}
-.btn-group:after{clear:both;}
-.btn-group:first-child{*margin-left:0;}
-.btn-group+.btn-group{margin-left:5px;}
-.btn-toolbar{margin-top:9px;margin-bottom:9px;}.btn-toolbar .btn-group{display:inline-block;*display:inline;*zoom:1;}
-.btn-group .btn{position:relative;float:left;margin-left:-1px;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;}
-.btn-group .btn:first-child{margin-left:0;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px;border-top-left-radius:4px;-webkit-border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px;border-bottom-left-radius:4px;}
-.btn-group .btn:last-child,.btn-group .dropdown-toggle{-webkit-border-top-right-radius:4px;-moz-border-radius-topright:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px;border-bottom-right-radius:4px;}
-.btn-group .btn.large:first-child{margin-left:0;-webkit-border-top-left-radius:6px;-moz-border-radius-topleft:6px;border-top-left-radius:6px;-webkit-border-bottom-left-radius:6px;-moz-border-radius-bottomleft:6px;border-bottom-left-radius:6px;}
-.btn-group .btn.large:last-child,.btn-group .large.dropdown-toggle{-webkit-border-top-right-radius:6px;-moz-border-radius-topright:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;-moz-border-radius-bottomright:6px;border-bottom-right-radius:6px;}
-.btn-group .btn:hover,.btn-group .btn:focus,.btn-group .btn:active,.btn-group .btn.active{z-index:2;}
-.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0;}
-.btn-group .dropdown-toggle{padding-left:8px;padding-right:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255, 255, 255, 0.125),inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 1px 0 0 rgba(255, 255, 255, 0.125),inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 1px 0 0 rgba(255, 255, 255, 0.125),inset 0 1px 0 rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.05);*padding-top:5px;*padding-bottom:5px;}
-.btn-group.open{*z-index:1000;}.btn-group.open .dropdown-menu{display:block;margin-top:1px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;}
-.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 1px 6px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:inset 0 1px 6px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:inset 0 1px 6px rgba(0, 0, 0, 0.15),0 1px 2px rgba(0, 0, 0, 0.05);}
-.btn .caret{margin-top:7px;margin-left:0;}
-.btn:hover .caret,.open.btn-group .caret{opacity:1;filter:alpha(opacity=100);}
-.btn-primary .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret{border-top-color:#ffffff;opacity:0.75;filter:alpha(opacity=75);}
-.btn-small .caret{margin-top:4px;}
-.alert{padding:8px 35px 8px 14px;margin-bottom:18px;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}
-.alert,.alert-heading{color:#c09853;}
-.alert .close{position:relative;top:-2px;right:-21px;line-height:18px;}
-.alert-success{background-color:#dff0d8;border-color:#d6e9c6;}
-.alert-success,.alert-success .alert-heading{color:#468847;}
-.alert-danger,.alert-error{background-color:#f2dede;border-color:#eed3d7;}
-.alert-danger,.alert-error,.alert-danger .alert-heading,.alert-error .alert-heading{color:#b94a48;}
-.alert-info{background-color:#d9edf7;border-color:#bce8f1;}
-.alert-info,.alert-info .alert-heading{color:#3a87ad;}
-.alert-block{padding-top:14px;padding-bottom:14px;}
-.alert-block>p,.alert-block>ul{margin-bottom:0;}
-.alert-block p+p{margin-top:5px;}
-.nav{margin-left:0;margin-bottom:18px;list-style:none;}
-.nav>li>a{display:block;}
-.nav>li>a:hover{text-decoration:none;background-color:#eeeeee;}
-.nav-list{padding-left:14px;padding-right:14px;margin-bottom:0;}
-.nav-list>li>a,.nav-list .nav-header{display:block;padding:3px 15px;margin-left:-15px;margin-right:-15px;text-shadow:0 1px 0 rgba(255, 255, 255, 0.5);}
-.nav-list .nav-header{font-size:11px;font-weight:bold;line-height:18px;color:#999999;text-transform:uppercase;}
-.nav-list>li+.nav-header{margin-top:9px;}
-.nav-list .active>a{color:#ffffff;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.2);background-color:#0088cc;}
-.nav-list .icon{margin-right:2px;}
-.nav-tabs,.nav-pills{*zoom:1;}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;content:"";}
-.nav-tabs:after,.nav-pills:after{clear:both;}
-.nav-tabs>li,.nav-pills>li{float:left;}
-.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px;}
-.nav-tabs{border-bottom:1px solid #ddd;}
-.nav-tabs>li{margin-bottom:-1px;}
-.nav-tabs>li>a{padding-top:9px;padding-bottom:9px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;}.nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #dddddd;}
-.nav-tabs>.active>a,.nav-tabs>.active>a:hover{color:#555555;background-color:#ffffff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default;}
-.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;}
-.nav-pills .active>a,.nav-pills .active>a:hover{color:#ffffff;background-color:#0088cc;}
-.nav-stacked>li{float:none;}
-.nav-stacked>li>a{margin-right:0;}
-.nav-tabs.nav-stacked{border-bottom:0;}
-.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;}
-.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0;}
-.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;}
-.nav-tabs.nav-stacked>li>a:hover{border-color:#ddd;z-index:2;}
-.nav-pills.nav-stacked>li>a{margin-bottom:3px;}
-.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px;}
-.nav-tabs .dropdown-menu,.nav-pills .dropdown-menu{margin-top:1px;border-width:1px;}
-.nav-pills .dropdown-menu{-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}
-.nav-tabs .dropdown-toggle .caret,.nav-pills .dropdown-toggle .caret{border-top-color:#0088cc;margin-top:6px;}
-.nav-tabs .dropdown-toggle:hover .caret,.nav-pills .dropdown-toggle:hover .caret{border-top-color:#005580;}
-.nav-tabs .active .dropdown-toggle .caret,.nav-pills .active .dropdown-toggle .caret{border-top-color:#333333;}
-.nav>.dropdown.active>a:hover{color:#000000;cursor:pointer;}
-.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>.open.active>a:hover{color:#ffffff;background-color:#999999;border-color:#999999;}
-.nav .open .caret,.nav .open.active .caret,.nav .open a:hover .caret{border-top-color:#ffffff;opacity:1;filter:alpha(opacity=100);}
-.tabs-stacked .open>a:hover{border-color:#999999;}
-.tabbable{*zoom:1;}.tabbable:before,.tabbable:after{display:table;content:"";}
-.tabbable:after{clear:both;}
-.tabs-below .nav-tabs,.tabs-right .nav-tabs,.tabs-left .nav-tabs{border-bottom:0;}
-.tab-content>.tab-pane,.pill-content>.pill-pane{display:none;}
-.tab-content>.active,.pill-content>.active{display:block;}
-.tabs-below .nav-tabs{border-top:1px solid #ddd;}
-.tabs-below .nav-tabs>li{margin-top:-1px;margin-bottom:0;}
-.tabs-below .nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;}.tabs-below .nav-tabs>li>a:hover{border-bottom-color:transparent;border-top-color:#ddd;}
-.tabs-below .nav-tabs .active>a,.tabs-below .nav-tabs .active>a:hover{border-color:transparent #ddd #ddd #ddd;}
-.tabs-left .nav-tabs>li,.tabs-right .nav-tabs>li{float:none;}
-.tabs-left .nav-tabs>li>a,.tabs-right .nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px;}
-.tabs-left .nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd;}
-.tabs-left .nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px;}
-.tabs-left .nav-tabs>li>a:hover{border-color:#eeeeee #dddddd #eeeeee #eeeeee;}
-.tabs-left .nav-tabs .active>a,.tabs-left .nav-tabs .active>a:hover{border-color:#ddd transparent #ddd #ddd;*border-right-color:#ffffff;}
-.tabs-right .nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd;}
-.tabs-right .nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0;}
-.tabs-right .nav-tabs>li>a:hover{border-color:#eeeeee #eeeeee #eeeeee #dddddd;}
-.tabs-right .nav-tabs .active>a,.tabs-right .nav-tabs .active>a:hover{border-color:#ddd #ddd #ddd transparent;*border-left-color:#ffffff;}
-.navbar{overflow:visible;margin-bottom:18px;}
-.navbar-inner{padding-left:20px;padding-right:20px;background-color:#2c2c2c;background-image:-moz-linear-gradient(top, #333333, #222222);background-image:-ms-linear-gradient(top, #333333, #222222);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#333333), to(#222222));background-image:-webkit-linear-gradient(top, #333333, #222222);background-image:-o-linear-gradient(top, #333333, #222222);background-image:linear-gradient(top, #333333, #222222);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#333333', endColorstr='#222222', GradientType=0);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0, 0, 0, 0.25),inset 0 -1px 0 rgba(0, 0, 0, 0.1);-moz-box-shadow:0 1px 3px rgba(0, 0, 0, 0.25),inset 0 -1px 0 rgba(0, 0, 0, 0.1);box-shadow:0 1px 3px rgba(0, 0, 0, 0.25),inset 0 -1px 0 rgba(0, 0, 0, 0.1);}
-.btn-navbar{display:none;float:right;padding:7px 10px;margin-left:5px;margin-right:5px;background-color:#2c2c2c;background-image:-moz-linear-gradient(top, #333333, #222222);background-image:-ms-linear-gradient(top, #333333, #222222);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#333333), to(#222222));background-image:-webkit-linear-gradient(top, #333333, #222222);background-image:-o-linear-gradient(top, #333333, #222222);background-image:linear-gradient(top, #333333, #222222);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#333333', endColorstr='#222222', GradientType=0);border-color:#222222 #222222 #000000;border-color:rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);-webkit-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.075);-moz-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.075);box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.075);}.btn-navbar:hover,.btn-navbar:active,.btn-navbar.active,.btn-navbar.disabled,.btn-navbar[disabled]{background-color:#222222;}
-.btn-navbar:active,.btn-navbar.active{background-color:#080808 \9;}
-.btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);-moz-box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);box-shadow:0 1px 0 rgba(0, 0, 0, 0.25);}
-.btn-navbar .icon-bar+.icon-bar{margin-top:3px;}
-.nav-collapse.collapse{height:auto;}
-.navbar .brand:hover{text-decoration:none;}
-.navbar .brand{float:left;display:block;padding:8px 20px 12px;margin-left:-20px;font-size:20px;font-weight:200;line-height:1;color:#ffffff;}
-.navbar .navbar-text{margin-bottom:0;line-height:40px;color:#999999;}.navbar .navbar-text a:hover{color:#ffffff;background-color:transparent;}
-.navbar .btn,.navbar .btn-group{margin-top:5px;}
-.navbar .btn-group .btn{margin-top:0;}
-.navbar-form{margin-bottom:0;*zoom:1;}.navbar-form:before,.navbar-form:after{display:table;content:"";}
-.navbar-form:after{clear:both;}
-.navbar-form input,.navbar-form select{display:inline-block;margin-top:5px;margin-bottom:0;}
-.navbar-form .radio,.navbar-form .checkbox{margin-top:5px;}
-.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px;}
-.navbar-search{position:relative;float:left;margin-top:6px;margin-bottom:0;}.navbar-search .search-query{padding:4px 9px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;color:#ffffff;color:rgba(255, 255, 255, 0.75);background:#666;background:rgba(255, 255, 255, 0.3);border:1px solid #111;-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1),0 1px 0px rgba(255, 255, 255, 0.15);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1),0 1px 0px rgba(255, 255, 255, 0.15);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1),0 1px 0px rgba(255, 255, 255, 0.15);-webkit-transition:none;-moz-transition:none;-ms-transition:none;-o-transition:none;transition:none;}.navbar-search .search-query :-moz-placeholder{color:#eeeeee;}
-.navbar-search .search-query::-webkit-input-placeholder{color:#eeeeee;}
-.navbar-search .search-query:hover{color:#ffffff;background-color:#999999;background-color:rgba(255, 255, 255, 0.5);}
-.navbar-search .search-query:focus,.navbar-search .search-query.focused{padding:5px 10px;color:#333333;text-shadow:0 1px 0 #ffffff;background-color:#ffffff;border:0;-webkit-box-shadow:0 0 3px rgba(0, 0, 0, 0.15);-moz-box-shadow:0 0 3px rgba(0, 0, 0, 0.15);box-shadow:0 0 3px rgba(0, 0, 0, 0.15);outline:0;}
-.navbar-fixed-top{position:fixed;top:0;right:0;left:0;z-index:1030;}
-.navbar-fixed-top .navbar-inner{padding-left:0;padding-right:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;}
-.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0;}
-.navbar .nav.pull-right{float:right;}
-.navbar .nav>li{display:block;float:left;}
-.navbar .nav>li>a{float:none;padding:10px 10px 11px;line-height:19px;color:#999999;text-decoration:none;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);}
-.navbar .nav>li>a:hover{background-color:transparent;color:#ffffff;text-decoration:none;}
-.navbar .nav .active>a,.navbar .nav .active>a:hover{color:#ffffff;text-decoration:none;background-color:#222222;background-color:rgba(0, 0, 0, 0.5);}
-.navbar .divider-vertical{height:40px;width:1px;margin:0 9px;overflow:hidden;background-color:#222222;border-right:1px solid #333333;}
-.navbar .nav.pull-right{margin-left:10px;margin-right:0;}
-.navbar .dropdown-menu{margin-top:1px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}.navbar .dropdown-menu:before{content:'';display:inline-block;border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-bottom-color:rgba(0, 0, 0, 0.2);position:absolute;top:-7px;left:9px;}
-.navbar .dropdown-menu:after{content:'';display:inline-block;border-left:6px solid transparent;border-right:6px solid transparent;border-bottom:6px solid #ffffff;position:absolute;top:-6px;left:10px;}
-.navbar .nav .dropdown-toggle .caret,.navbar .nav .open.dropdown .caret{border-top-color:#ffffff;}
-.navbar .nav .active .caret{opacity:1;filter:alpha(opacity=100);}
-.navbar .nav .open>.dropdown-toggle,.navbar .nav .active>.dropdown-toggle,.navbar .nav .open.active>.dropdown-toggle{background-color:transparent;}
-.navbar .nav .active>.dropdown-toggle:hover{color:#ffffff;}
-.navbar .nav.pull-right .dropdown-menu{left:auto;right:0;}.navbar .nav.pull-right .dropdown-menu:before{left:auto;right:12px;}
-.navbar .nav.pull-right .dropdown-menu:after{left:auto;right:13px;}
-.breadcrumb{padding:7px 14px;margin:0 0 18px;background-color:#fbfbfb;background-image:-moz-linear-gradient(top, #ffffff, #f5f5f5);background-image:-ms-linear-gradient(top, #ffffff, #f5f5f5);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#f5f5f5));background-image:-webkit-linear-gradient(top, #ffffff, #f5f5f5);background-image:-o-linear-gradient(top, #ffffff, #f5f5f5);background-image:linear-gradient(top, #ffffff, #f5f5f5);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#f5f5f5', GradientType=0);border:1px solid #ddd;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;-webkit-box-shadow:inset 0 1px 0 #ffffff;-moz-box-shadow:inset 0 1px 0 #ffffff;box-shadow:inset 0 1px 0 #ffffff;}.breadcrumb li{display:inline;text-shadow:0 1px 0 #ffffff;}
-.breadcrumb .divider{padding:0 5px;color:#999999;}
-.breadcrumb .active a{color:#333333;}
-.pagination{height:36px;margin:18px 0;}
-.pagination ul{display:inline-block;*display:inline;*zoom:1;margin-left:0;margin-bottom:0;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);-moz-box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);box-shadow:0 1px 2px rgba(0, 0, 0, 0.05);}
-.pagination li{display:inline;}
-.pagination a{float:left;padding:0 14px;line-height:34px;text-decoration:none;border:1px solid #ddd;border-left-width:0;}
-.pagination a:hover,.pagination .active a{background-color:#f5f5f5;}
-.pagination .active a{color:#999999;cursor:default;}
-.pagination .disabled a,.pagination .disabled a:hover{color:#999999;background-color:transparent;cursor:default;}
-.pagination li:first-child a{border-left-width:1px;-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px;}
-.pagination li:last-child a{-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0;}
-.pagination-centered{text-align:center;}
-.pagination-right{text-align:right;}
-.pager{margin-left:0;margin-bottom:18px;list-style:none;text-align:center;*zoom:1;}.pager:before,.pager:after{display:table;content:"";}
-.pager:after{clear:both;}
-.pager li{display:inline;}
-.pager a{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px;}
-.pager a:hover{text-decoration:none;background-color:#f5f5f5;}
-.pager .next a{float:right;}
-.pager .previous a{float:left;}
-.modal-open .dropdown-menu{z-index:2050;}
-.modal-open .dropdown.open{*z-index:2050;}
-.modal-open .popover{z-index:2060;}
-.modal-open .tooltip{z-index:2070;}
-.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000000;}.modal-backdrop.fade{opacity:0;}
-.modal-backdrop,.modal-backdrop.fade.in{opacity:0.8;filter:alpha(opacity=80);}
-.modal{position:fixed;top:50%;left:50%;z-index:1050;max-height:500px;overflow:auto;width:560px;margin:-250px 0 0 -280px;background-color:#ffffff;border:1px solid #999;border:1px solid rgba(0, 0, 0, 0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-moz-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box;}.modal.fade{-webkit-transition:opacity .3s linear, top .3s ease-out;-moz-transition:opacity .3s linear, top .3s ease-out;-ms-transition:opacity .3s linear, top .3s ease-out;-o-transition:opacity .3s linear, top .3s ease-out;transition:opacity .3s linear, top .3s ease-out;top:-25%;}
-.modal.fade.in{top:50%;}
-.modal-header{padding:9px 15px;border-bottom:1px solid #eee;}.modal-header .close{margin-top:2px;}
-.modal-body{padding:15px;}
-.modal-footer{padding:14px 15px 15px;margin-bottom:0;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;-webkit-box-shadow:inset 0 1px 0 #ffffff;-moz-box-shadow:inset 0 1px 0 #ffffff;box-shadow:inset 0 1px 0 #ffffff;*zoom:1;}.modal-footer:before,.modal-footer:after{display:table;content:"";}
-.modal-footer:after{clear:both;}
-.modal-footer .btn{float:right;margin-left:5px;margin-bottom:0;}
-.tooltip{position:absolute;z-index:1020;display:block;visibility:visible;padding:5px;font-size:11px;opacity:0;filter:alpha(opacity=0);}.tooltip.in{opacity:0.8;filter:alpha(opacity=80);}
-.tooltip.top{margin-top:-2px;}
-.tooltip.right{margin-left:2px;}
-.tooltip.bottom{margin-top:2px;}
-.tooltip.left{margin-left:-2px;}
-.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-left:5px solid transparent;border-right:5px solid transparent;border-top:5px solid #000000;}
-.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-top:5px solid transparent;border-bottom:5px solid transparent;border-left:5px solid #000000;}
-.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-left:5px solid transparent;border-right:5px solid transparent;border-bottom:5px solid #000000;}
-.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-top:5px solid transparent;border-bottom:5px solid transparent;border-right:5px solid #000000;}
-.tooltip-inner{max-width:200px;padding:3px 8px;color:#ffffff;text-align:center;text-decoration:none;background-color:#000000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}
-.tooltip-arrow{position:absolute;width:0;height:0;}
-.popover{position:absolute;top:0;left:0;z-index:1010;display:none;padding:5px;}.popover.top{margin-top:-5px;}
-.popover.right{margin-left:5px;}
-.popover.bottom{margin-top:5px;}
-.popover.left{margin-left:-5px;}
-.popover.top .arrow{bottom:0;left:50%;margin-left:-5px;border-left:5px solid transparent;border-right:5px solid transparent;border-top:5px solid #000000;}
-.popover.right .arrow{top:50%;left:0;margin-top:-5px;border-top:5px solid transparent;border-bottom:5px solid transparent;border-right:5px solid #000000;}
-.popover.bottom .arrow{top:0;left:50%;margin-left:-5px;border-left:5px solid transparent;border-right:5px solid transparent;border-bottom:5px solid #000000;}
-.popover.left .arrow{top:50%;right:0;margin-top:-5px;border-top:5px solid transparent;border-bottom:5px solid transparent;border-left:5px solid #000000;}
-.popover .arrow{position:absolute;width:0;height:0;}
-.popover-inner{padding:3px;width:280px;overflow:hidden;background:#000000;background:rgba(0, 0, 0, 0.8);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);-moz-box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);box-shadow:0 3px 7px rgba(0, 0, 0, 0.3);}
-.popover-title{padding:9px 15px;line-height:1;background-color:#f5f5f5;border-bottom:1px solid #eee;-webkit-border-radius:3px 3px 0 0;-moz-border-radius:3px 3px 0 0;border-radius:3px 3px 0 0;}
-.popover-content{padding:14px;background-color:#ffffff;-webkit-border-radius:0 0 3px 3px;-moz-border-radius:0 0 3px 3px;border-radius:0 0 3px 3px;-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box;}.popover-content p,.popover-content ul,.popover-content ol{margin-bottom:0;}
-.thumbnails{margin-left:-20px;list-style:none;*zoom:1;}.thumbnails:before,.thumbnails:after{display:table;content:"";}
-.thumbnails:after{clear:both;}
-.thumbnails>li{float:left;margin:0 0 18px 20px;}
-.thumbnail{display:block;padding:4px;line-height:1;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0, 0, 0, 0.075);-moz-box-shadow:0 1px 1px rgba(0, 0, 0, 0.075);box-shadow:0 1px 1px rgba(0, 0, 0, 0.075);}
-a.thumbnail:hover{border-color:#0088cc;-webkit-box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);-moz-box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);box-shadow:0 1px 4px rgba(0, 105, 214, 0.25);}
-.thumbnail>img{display:block;max-width:100%;margin-left:auto;margin-right:auto;}
-.thumbnail .caption{padding:9px;}
-.label{padding:1px 3px 2px;font-size:9.75px;font-weight:bold;color:#ffffff;text-transform:uppercase;background-color:#999999;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;}
-.label-important{background-color:#b94a48;}
-.label-warning{background-color:#f89406;}
-.label-success{background-color:#468847;}
-.label-info{background-color:#3a87ad;}
-@-webkit-keyframes progress-bar-stripes{from{background-position:0 0;} to{background-position:40px 0;}}@-moz-keyframes progress-bar-stripes{from{background-position:0 0;} to{background-position:40px 0;}}@keyframes progress-bar-stripes{from{background-position:0 0;} to{background-position:40px 0;}}.progress{overflow:hidden;height:18px;margin-bottom:18px;background-color:#f7f7f7;background-image:-moz-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-ms-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#f5f5f5), to(#f9f9f9));background-image:-webkit-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:-o-linear-gradient(top, #f5f5f5, #f9f9f9);background-image:linear-gradient(top, #f5f5f5, #f9f9f9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#f5f5f5', endColorstr='#f9f9f9', GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);-moz-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.1);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}
-.progress .bar{width:0%;height:18px;color:#ffffff;font-size:12px;text-align:center;text-shadow:0 -1px 0 rgba(0, 0, 0, 0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top, #149bdf, #0480be);background-image:-ms-linear-gradient(top, #149bdf, #0480be);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#149bdf), to(#0480be));background-image:-webkit-linear-gradient(top, #149bdf, #0480be);background-image:-o-linear-gradient(top, #149bdf, #0480be);background-image:linear-gradient(top, #149bdf, #0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#149bdf', endColorstr='#0480be', GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);box-shadow:inset 0 -1px 0 rgba(0, 0, 0, 0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width 0.6s ease;-moz-transition:width 0.6s ease;-ms-transition:width 0.6s ease;-o-transition:width 0.6s ease;transition:width 0.6s ease;}
-.progress-striped .bar{background-color:#62c462;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px;}
-.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite;}
-.progress-danger .bar{background-color:#dd514c;background-image:-moz-linear-gradient(top, #ee5f5b, #c43c35);background-image:-ms-linear-gradient(top, #ee5f5b, #c43c35);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#ee5f5b), to(#c43c35));background-image:-webkit-linear-gradient(top, #ee5f5b, #c43c35);background-image:-o-linear-gradient(top, #ee5f5b, #c43c35);background-image:linear-gradient(top, #ee5f5b, #c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#c43c35', GradientType=0);}
-.progress-danger.progress-striped .bar{background-color:#ee5f5b;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);}
-.progress-success .bar{background-color:#5eb95e;background-image:-moz-linear-gradient(top, #62c462, #57a957);background-image:-ms-linear-gradient(top, #62c462, #57a957);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#62c462), to(#57a957));background-image:-webkit-linear-gradient(top, #62c462, #57a957);background-image:-o-linear-gradient(top, #62c462, #57a957);background-image:linear-gradient(top, #62c462, #57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#62c462', endColorstr='#57a957', GradientType=0);}
-.progress-success.progress-striped .bar{background-color:#62c462;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);}
-.progress-info .bar{background-color:#4bb1cf;background-image:-moz-linear-gradient(top, #5bc0de, #339bb9);background-image:-ms-linear-gradient(top, #5bc0de, #339bb9);background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#5bc0de), to(#339bb9));background-image:-webkit-linear-gradient(top, #5bc0de, #339bb9);background-image:-o-linear-gradient(top, #5bc0de, #339bb9);background-image:linear-gradient(top, #5bc0de, #339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#5bc0de', endColorstr='#339bb9', GradientType=0);}
-.progress-info.progress-striped .bar{background-color:#5bc0de;background-image:-webkit-gradient(linear, 0 100%, 100% 0, color-stop(0.25, rgba(255, 255, 255, 0.15)), color-stop(0.25, transparent), color-stop(0.5, transparent), color-stop(0.5, rgba(255, 255, 255, 0.15)), color-stop(0.75, rgba(255, 255, 255, 0.15)), color-stop(0.75, transparent), to(transparent));background-image:-webkit-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-moz-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-ms-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(-45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent);}
-.accordion{margin-bottom:18px;}
-.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;}
-.accordion-heading{border-bottom:0;}
-.accordion-heading .accordion-toggle{display:block;padding:8px 15px;}
-.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5;}
-.carousel{position:relative;margin-bottom:18px;line-height:1;}
-.carousel-inner{overflow:hidden;width:100%;position:relative;}
-.carousel .item{display:none;position:relative;-webkit-transition:0.6s ease-in-out left;-moz-transition:0.6s ease-in-out left;-ms-transition:0.6s ease-in-out left;-o-transition:0.6s ease-in-out left;transition:0.6s ease-in-out left;}
-.carousel .item>img{display:block;line-height:1;}
-.carousel .active,.carousel .next,.carousel .prev{display:block;}
-.carousel .active{left:0;}
-.carousel .next,.carousel .prev{position:absolute;top:0;width:100%;}
-.carousel .next{left:100%;}
-.carousel .prev{left:-100%;}
-.carousel .next.left,.carousel .prev.right{left:0;}
-.carousel .active.left{left:-100%;}
-.carousel .active.right{left:100%;}
-.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#ffffff;text-align:center;background:#222222;border:3px solid #ffffff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:0.5;filter:alpha(opacity=50);}.carousel-control.right{left:auto;right:15px;}
-.carousel-control:hover{color:#ffffff;text-decoration:none;opacity:0.9;filter:alpha(opacity=90);}
-.carousel-caption{position:absolute;left:0;right:0;bottom:0;padding:10px 15px 5px;background:#333333;background:rgba(0, 0, 0, 0.75);}
-.carousel-caption h4,.carousel-caption p{color:#ffffff;}
-.hero-unit{padding:60px;margin-bottom:30px;background-color:#f5f5f5;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;}
-.hero-unit p{font-size:18px;font-weight:200;line-height:27px;}
-.pull-right{float:right;}
-.pull-left{float:left;}
-.hide{display:none;}
-.show{display:block;}
-.invisible{visibility:hidden;}
-
-
-/* Responsive css */
-
-/*.hidden{display:none;visibility:hidden;}*/
-/*@media (max-width:480px){.nav-collapse{-webkit-transform:translate3d(0, 0, 0);} .page-header h1 small{display:block;line-height:18px;} input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input{display:block;width:100%;height:28px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;-ms-box-sizing:border-box;box-sizing:border-box;} .input-prepend input[class*="span"],.input-append input[class*="span"]{width:auto;} input[type="checkbox"],input[type="radio"]{border:1px solid #ccc;} .form-horizontal .control-group>label{float:none;width:auto;padding-top:0;text-align:left;} .form-horizontal .controls{margin-left:0;} .form-horizontal .control-list{padding-top:0;} .form-horizontal .form-actions{padding-left:10px;padding-right:10px;} .modal{position:absolute;top:10px;left:10px;right:10px;width:auto;margin:0;}.modal.fade.in{top:auto;} .modal-header .close{padding:10px;margin:-10px;} .carousel-caption{position:static;}}@media (max-width:768px){.container{width:auto;padding:0 20px;} .row-fluid{width:100%;} .row{margin-left:0;} .row>[class*="span"],.row-fluid>[class*="span"]{float:none;display:block;width:auto;margin:0;}}@media (min-width:768px) and (max-width:980px){.row{margin-left:-20px;*zoom:1;}.row:before,.row:after{display:table;content:"";} .row:after{clear:both;} [class*="span"]{float:left;margin-left:20px;} .span1{width:42px;} .span2{width:104px;} .span3{width:166px;} .span4{width:228px;} .span5{width:290px;} .span6{width:352px;} .span7{width:414px;} .span8{width:476px;} .span9{width:538px;} .span10{width:600px;} .span11{width:662px;} .span12,.container{width:724px;} .offset1{margin-left:82px;} .offset2{margin-left:144px;} .offset3{margin-left:206px;} .offset4{margin-left:268px;} .offset5{margin-left:330px;} .offset6{margin-left:392px;} .offset7{margin-left:454px;} .offset8{margin-left:516px;} .offset9{margin-left:578px;} .offset10{margin-left:640px;} .offset11{margin-left:702px;} .row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";} .row-fluid:after{clear:both;} .row-fluid>[class*="span"]{float:left;margin-left:2.762430939%;} .row-fluid>[class*="span"]:first-child{margin-left:0;} .row-fluid .span1{width:5.801104972%;} .row-fluid .span2{width:14.364640883%;} .row-fluid .span3{width:22.928176794%;} .row-fluid .span4{width:31.491712705%;} .row-fluid .span5{width:40.055248616%;} .row-fluid .span6{width:48.618784527%;} .row-fluid .span7{width:57.182320438000005%;} .row-fluid .span8{width:65.74585634900001%;} .row-fluid .span9{width:74.30939226%;} .row-fluid .span10{width:82.87292817100001%;} .row-fluid .span11{width:91.436464082%;} .row-fluid .span12{width:99.999999993%;} input.span1,textarea.span1,.uneditable-input.span1{width:32px;} input.span2,textarea.span2,.uneditable-input.span2{width:94px;} input.span3,textarea.span3,.uneditable-input.span3{width:156px;} input.span4,textarea.span4,.uneditable-input.span4{width:218px;} input.span5,textarea.span5,.uneditable-input.span5{width:280px;} input.span6,textarea.span6,.uneditable-input.span6{width:342px;} input.span7,textarea.span7,.uneditable-input.span7{width:404px;} input.span8,textarea.span8,.uneditable-input.span8{width:466px;} input.span9,textarea.span9,.uneditable-input.span9{width:528px;} input.span10,textarea.span10,.uneditable-input.span10{width:590px;} input.span11,textarea.span11,.uneditable-input.span11{width:652px;} input.span12,textarea.span12,.uneditable-input.span12{width:714px;}}@media (max-width:980px){body{padding-top:0;} .navbar-fixed-top{position:static;margin-bottom:18px;} .navbar-fixed-top .navbar-inner{padding:5px;} .navbar .container{width:auto;padding:0;} .navbar .brand{padding-left:10px;padding-right:10px;margin:0 0 0 -5px;} .navbar .nav-collapse{clear:left;} .navbar .nav{float:none;margin:0 0 9px;} .navbar .nav>li{float:none;} .navbar .nav>li>a{margin-bottom:2px;} .navbar .nav>.divider-vertical{display:none;} .navbar .nav>li>a,.navbar .dropdown-menu a{padding:6px 15px;font-weight:bold;color:#999999;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;} .navbar .dropdown-menu li+li a{margin-bottom:2px;} .navbar .nav>li>a:hover,.navbar .dropdown-menu a:hover{background-color:#222222;} .navbar .dropdown-menu{position:static;top:auto;left:auto;float:none;display:block;max-width:none;margin:0 15px;padding:0;background-color:transparent;border:none;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none;} .navbar .dropdown-menu:before,.navbar .dropdown-menu:after{display:none;} .navbar .dropdown-menu .divider{display:none;} .navbar-form,.navbar-search{float:none;padding:9px 15px;margin:9px 0;border-top:1px solid #222222;border-bottom:1px solid #222222;-webkit-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.1);-moz-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.1);box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.1),0 1px 0 rgba(255, 255, 255, 0.1);} .navbar .nav.pull-right{float:none;margin-left:0;} .navbar-static .navbar-inner{padding-left:10px;padding-right:10px;} .btn-navbar{display:block;} .nav-collapse{overflow:hidden;height:0;}}@media (min-width:980px){.nav-collapse.collapse{height:auto !important;}}@media (min-width:1200px){.row{margin-left:-30px;*zoom:1;}.row:before,.row:after{display:table;content:"";} .row:after{clear:both;} [class*="span"]{float:left;margin-left:30px;} .span1{width:70px;} .span2{width:170px;} .span3{width:270px;} .span4{width:370px;} .span5{width:470px;} .span6{width:570px;} .span7{width:670px;} .span8{width:770px;} .span9{width:870px;} .span10{width:970px;} .span11{width:1070px;} .span12,.container{width:1170px;} .offset1{margin-left:130px;} .offset2{margin-left:230px;} .offset3{margin-left:330px;} .offset4{margin-left:430px;} .offset5{margin-left:530px;} .offset6{margin-left:630px;} .offset7{margin-left:730px;} .offset8{margin-left:830px;} .offset9{margin-left:930px;} .offset10{margin-left:1030px;} .offset11{margin-left:1130px;} .row-fluid{width:100%;*zoom:1;}.row-fluid:before,.row-fluid:after{display:table;content:"";} .row-fluid:after{clear:both;} .row-fluid>[class*="span"]{float:left;margin-left:2.564102564%;} .row-fluid>[class*="span"]:first-child{margin-left:0;} .row-fluid .span1{width:5.982905983%;} .row-fluid .span2{width:14.529914530000001%;} .row-fluid .span3{width:23.076923077%;} .row-fluid .span4{width:31.623931624%;} .row-fluid .span5{width:40.170940171000005%;} .row-fluid .span6{width:48.717948718%;} .row-fluid .span7{width:57.264957265%;} .row-fluid .span8{width:65.81196581200001%;} .row-fluid .span9{width:74.358974359%;} .row-fluid .span10{width:82.905982906%;} .row-fluid .span11{width:91.45299145300001%;} .row-fluid .span12{width:100%;} input.span1,textarea.span1,.uneditable-input.span1{width:60px;} input.span2,textarea.span2,.uneditable-input.span2{width:160px;} input.span3,textarea.span3,.uneditable-input.span3{width:260px;} input.span4,textarea.span4,.uneditable-input.span4{width:360px;} input.span5,textarea.span5,.uneditable-input.span5{width:460px;} input.span6,textarea.span6,.uneditable-input.span6{width:560px;} input.span7,textarea.span7,.uneditable-input.span7{width:660px;} input.span8,textarea.span8,.uneditable-input.span8{width:760px;} input.span9,textarea.span9,.uneditable-input.span9{width:860px;} input.span10,textarea.span10,.uneditable-input.span10{width:960px;} input.span11,textarea.span11,.uneditable-input.span11{width:1060px;} input.span12,textarea.span12,.uneditable-input.span12{width:1160px;} .thumbnails{margin-left:-30px;} .thumbnails>li{margin-left:30px;}}*/
diff --git a/doc/source/assets/css/local.css b/doc/source/assets/css/local.css
deleted file mode 100644
index c8667c45ff..0000000000
--- a/doc/source/assets/css/local.css
+++ /dev/null
@@ -1,122 +0,0 @@
-
-a.brand {
-	background: url(../images/small_logo.png) no-repeat left 6px;
-	width: 166px;
-	text-indent: -9999px;
-}
-
-code {
-  background-color: #ffffff;
-}
-
-#home .hero-unit {
-  background: url(../images/header_bg.png) top left repeat-x;
-	color: #fff;
-	padding-left: 25px;
-	padding-right: 25px;
-	height: 161px;
-}
-
-#home .hero-unit {
-	margin-right: ;
-}
-
-h1#main_header {
-	background: url(../images/logo.png) top left no-repeat;
-	text-indent: -9999px;
-}
-
-.sub_header {
-	font-size: 12px;
-	font-family: "anivers";
-	font-weight: normal;
-	width: 420px;
-}
-
-#home .hero-unit a {
-	color: #fff;
-	text-decoration: underline;
-}
-
-.clear {
-	clear: both;
-}
-
-ol#getting_started {
-	list-style: none;
-	width: 396px;
-	margin-top: -45px;
-	margin-right: 0;
-	margin-left: 72px;
-}
-
-ol#getting_started li {
-	background: url(../images/quickstart.png) top left no-repeat;
-}
-
-ol#getting_started li pre {
-	font-size: 11px;
-	padding: 5px;
-	background: #4d7ead;
-	border-color: #2c5d8d;
-	color: #fff;
-	overflow: auto;
-}
-
-li#ubuntu {
-	height: 46px;
-	padding: ;
-	padding-left: 82px;
-	padding-top: 27px;
-	margin-bottom: 14px;
-}
-
-li#git {
-	background-position: left -70px !important;
-	height: 61px;
-	padding: ;
-	padding-left: 82px;
-	padding-top: 4px;
-	margin-bottom: 25px;
-}
-
-
-li#install {
-	background-position: left bottom !important;
-	height: 61px;
-	padding: ;
-	padding-left: 82px;
-	padding-top: 4px;
-	margin-bottom: 25px;
-}
-
-h2 small {
-	font-size: 12px;
-	font-style: italic;
-}
-
-.container section {
-	margin-bottom: 25px;
-}
-
-
-thead, tfoot{
-	background: #ededed;
-	color: #444444;
-}
-
-table {
-	color: #444;
-}
-a.table-action {
-	display: block;
-	width: 45px;
-}
-
-footer {
-	clear: both;
-}
-
-.wat {
-	margin-top: 33px;
-}
diff --git a/doc/source/assets/images/header_bg.png b/doc/source/assets/images/header_bg.png
deleted file mode 100644
index 4e6b2b899b5787479204ae00ebe2c4fdb8e3ece1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1014
zcmaJ=+iTNM7>^rx8E!I!jg37VG8ublb6c~SusGVLT_dK6%r1
z@kPW3Uk3gQ>VqJNAR_aEg6zd7Ve?s-58m+2A$ZcYoe$O!IN$mBe!uVbJGU0{^Zk9J
zeH2CYYdN(*&LiX>J>EmCD}xUNa*W_i2`{2Dt{Xn2k``KlKy!>$Sb&DLarGUXrKsLB
zcCmy@`UTlU4r4?yOz3z7O;NLRp=X#?h`|b6wOxh&_H2s=wx!UQM4i*UG_2UUh7T7T
z`J&mVnvzA&oddI>Ob8r^4G=nOZXkyW-Q<;t9l2Q=G(&Jzp%02G=?fr@d-tS1|TumaW(8Onr($
z{wm8$lEiWXD+qBC5f3(8Y=m()7;iJEFfe`F!!~k3#AvLb8dhjh=|KyQ*P(TT)|kk^
z*wFA;p5daF+JUFHy_n)rYC&
G8-D<^u|jZ)*S6>(g6IU%yV2|DeUhjVorvDM!6?zAMdwcRG7-_+AX-AS(M4xQFTogn
zbg%n)pZCXi9N&+t9Q(M+x%XOo@3qc##_4KnkPy)mVPRpBXlbhIV_`kodAOG+#D6%i
zD1MB8xZuBksiBJHg;kBURTiqo_0aOzQ`5u;3yYZI-{TS1mt5M1Mgm{0*J=bvVk#UW
z{7t!fC>GWWEG<=~HvtQ%Jf}qVLBHiN@>CNC%&D|o|7cxX!^Xa6Ab>*`*jUg0tni(Z
z&}(9RTS98Bm!|{_DGCGU1a#*FJuz6}%um8n_$MM>{lac4W=RuL3a9o>spqb0;uFNs
z9*ED5?wiYrhP*YjSG`cNwYT##@-wuzGc=OivvzR!TGl4A)|(JKd*8vOIROZ}{DCe1
zG?@N^(%{Qv##b>Y&ugctQ?Wz5m1Kqc!E~9sVojdylb=@D2?mz0ok0J2s4=IqNjs28
zI6m15PyX~$C%^q4?j23(E}-4*f4=~_)=mz)OXmW_b61AA>`LqW_syy0$WI;HdGd_{
zGwGH`p3>Xp-ueIiYdI-YWzpX^*#uYqU=_=n!aB3`E~59@?X3N)Q-$yklej0qq8}EPm+0OYKgd7|t;*7LCP8qB_@|Z-cPl&+AFl&W+
zK0Y|*>?689t5d9JX@&bQ;UHbWODw@SCp;=^$I!*hP3o%DR@(
zfkgR5v?^hEO8t5*Dg2k2i%{SD#y;anasNh`G5k0A@dg;!+1EPW~5!1Rdu6Gj2x-;lBC~#7d9O^B#&?V~j4gJ^Y!~<3{0~
zT5Q7L$3s4bK#oIpZkEH$KXPb!lhx$>j$Wv^;qOWLO;jv6_bEv!RfEI=W2Z2!TkQ<{
zyLbQwsTDo8UT7Lb*vAg+dcjvY!{@v><1h;7)=b9zu8Au!-tBP%G
zTB?7P_9dHRQO+ag&~4!@XAU^gmJ89NDUiq{AXU9SE0fKRY-Lc8{5d>tEGcw$rdS0d
z$+Kd>EY*j;-OOokEl+WlqS{NcWcCXhU|iiBFpyX%^!xZ!Wve3XgsUP~LC+x&_Nt>a
zAOJdAML^Z;zoDW#lov
zMk)I5p^DE7{qEP$ma3pQ;h5#&mQPCOzCl7V{jGQFaZV$(J8B=PkkA8h7bBj*zpq<`aZf4_jhL86-ZD?>n3vVxi*ul)xLoQxQlBVX`mi
z$oCo#Y+e?T*8Z<0&QC0Dp<8`8cZjiEHX%2>@~Z2GIC(2GNBkL{Swi2{?mf4&Co6-E
zUz#Aa?;xrYllRFPt@`7HPYN#U8gBX|t+uPPxHAD8a{73A0mFTTONC|~ro_G8+gw1maFL4_oJGBvVd)Hc=?c8<8O@9qe+PjbS7
zq8El!gM+U(0anZ=*t~DMO$!;(;AUisdJ`ICiS8?mcxKvi^
zOo3$tuCBWtdQ>T7D6-~wv1&@~d71ILYlvg+sB_GLkt6?NxEjNd|GRN~Y}8%*bbVu^
z+T)hys-w(zB~H2SY}J`D(ck-%ru|B-R+0YxfdiXLV4M(+t-k8H(9IkM`B9CpXfPtP#RR}*!qWakTQxS(UbvP;xFq$c`>9DmVxpjHsqqOi!O{`+95Nh)!T0sh4?74B=%rXPCvEL0Z*7K}
zASPX#o)p!IVK*P3#%o2^>lkUBIpQcsE2^&|g0$*4WJhO)o^jwdr5Utv=;$7?D=TWn
zWf%#jq_O{Is)7GQ312kMAiEjwX$ang?3J7pF2d*8p}K}v<3uFkUQk{A#uIaiXIb$P
zP&&XPqB+L5)W(9#^Zcqx{h%xOAApYw-^XM3h`~XPen8kr*mW7rKVn~eOVNP412uN-
zK>N+*?am9LneX!Fd!E}Tp8@SyKRv>(;#7Lu>Z$-DiJWiGIWOEdGCNK?K9+n@W1A#s
zgW$AET6DdC0`v)yeJt19coH!tcy$4i@-UK)Hb2kh6o3eZpQOWLykKXZ*
zN>6_U59yExp6j>N*ZAg)D^vN#dVhi!+k+yK2_lO)E~CUN_DRkJww+vb`YyL>Ar4jnq*qYJpr%fx0RB`37m$Yx-Lq8jLt$
z2zIw@@^_F$e2d#FgcZf_fM{Ub*uD~j&4j7wdQU8Kp3>uli7ZiK4sAe|BW{e5yLe0e
z0y`mzA?c`Kmc=(na&ch7CLBc~nEM5N(LB^F(cNq*wQ9L$DFS&F5z327Vn
zb%X!oz}5cW&kPR(+rQ15D{ZE5au65l!#k(QNgDTSO(@9db_u)6=n_vX7{
zaMx6v{*nftBn3z+^AAn=(jQC4uosYOZplf>y(@2eF%+eP~XLzk+{rZcNAlvUAW!wl~BJ>CjzO^j8f^4*7b5$+wEnXYt{?w{IA%3BF-3
zs>{eI{m351;9{>hK)&Ok5-`}Vxy-*eG}J_^#aA4m$|wg;(_P}l-}PO(
z8CGjz2)jfc`CwAFXXKY#h15TGe36_M6XUTGcfv%5oc8W>$YY2OaN(n5Mg@lV+BxYz4
zf_|T0P=ZbE&v1_gE&BN~_hnPLA4VQImf`?0KIjwr@5rMdDU4MJzXFS|CL|~4{H)1t
z;HY1+a!v$WAb_EISZcWh^x14AWa^4NJ>t{imkw{29B^J`y^&h>$myLUpHqg{XCwuz;}aY*=G+Hfhk_N%B8mK)^JBFRka2Wh?Osk4QN#qiZm*$((Y}Dv
zoHT<(?}iRg*T!2#16@$Pfl}7G(b_-ABdI`q@V8n?u)@uRW+zz+p1!F
zJ43N7nmtimN-BCkERW%pcWlo`Cf#OtC~w+DdGB8{EqDD{Tk@9vE`S_tLxLuaXWyxo
z`syqRS5leIe4+m!yZ6ZIK4S8M*Q6
z!Tl?Cv!^ofAv{yhOZRkxlg_;(gwHA{&m;A0GV-PbaPEc
zz+F%}Uxk1+AVUZN`dGp&(igauBaq(F56QAz@>)+7dQuLF=>p$rLfn0R$;=
z{>~d%yIYc@^vhKcoAC^;?j~3c^<8;=mtAAEk!sTbtgm0(>kJ5q7lh4osSuldslIEzL|Aqlp
zaQf}~Xa7nqP&E5b-fv%aaI}BiB2H?j&%sHpBg%5hSt4Nf2KymNDteoyg_F`4febti
zhYe>?-5>GQ6gr=%&=F8`YxRuDw+__Nk-7)o1sspg(ES;FUB%x+=z)D-ID1uaSYp!>%T+hu-LS6$ai!_IrjBO>sX!_EtHs
zPZ$Wuh{bOX=Xn90(;I75oTPv(V;9GVh_Zw3hY~}xq?iv?Z@F~A5GGXRQqjq?C*lf^fy7+{&x-$88F_g@;Nz7$}EU_3ElyL3Jvqbjk
zq#thnV{z>>-=cZvYym$uf}AlKsi
z4{S6O+(h%2Y0n{QR#J!?xC}n~RF2~dvhr5A>P*hf+0;~PDax_PXvDJYXzgno6a2)V
zd>n^iTJKg7y*V$iSg#u4HywgxN8Gu`S5>c>T=8;EzWeyw*|T>a
z9!|*IZ3^mw63%PKgbKK7D@Q
z?YT^)#ngE~P?NBAJ8&uU8^OK%iZdKsf_%xGr|D=O_h-Ey-X7dA`1akm%V%!e
z=whamsKK*l=Ixz*f1&irdAYrS09N$}hkuBKh3`&`tk$>Q@(s4WVqNh64;>atrm33m
zJ5SMmZ5y5KE^*oA;i_8XAemr7X#9c>bvvjYs9lWDcoRhxvN!!|L`;XljV5AaIwm>-_9xlr`>CI&2oc;#7NH
z4S7|LpNSK}@+lwI`m7_K)ED6ND~v5-XpH~=M(`Nx_(R?}(aEgvcB^hvAH)-1ninmR
z)fx|S{-U9U7|LzHZEU;oZ5FAJSW;NgU@EVBW5Bpc2-6`{<{fltHfs-P`1=kskrLlQ
zX_~t?V@iQ9fb^;yZY|+3>YEmC9RGwWJ=wTliFDBDzNt|Frz-@X3vPn&#sH}AnM@f^
z%|092hcCwJ=em!%%t|b1kB^f{(E
z0wqT~PK)R3HyRY`Kfrv&cqYD{@b)ID;9|QyIT25`y6>|yt(Q2Z2TdL~=m;~rTOdJQP5GIq7;mr8B)Jw1Pp!^==mW4ZizlcGr
z_!3I}Ch~jgwmne-#)y=m2(+m;yHBGPDstD`
zFanl{9#}>7jio4m*xlD{{KLoWOQ@U=nW@@v+#cxS-!!7IvKQwhl|dtDvzSYQYZ9-K
z)SV_1mw0tK3{OmlNT(R-wUpJ*uyh@r
zY!f5WPwdt7BSiMeqF84+p}(J+hl)F!2)y;zc-`}KXke6-GYwp_{1WUOL$5M58}wo6
zfIBf3m9;hfu)XeF+QG18y@{bluAEBm`$cV|=N_dj^t9AbYY%6d6ACK_lXBYVu~E7d
z7dRN*wW>(>CvBE^19XzI%+Bij7mavnO9*xqI?IGb25}z6pC805jeWb2d{R(<;6yn_
zPtZjQuT88w0&F8_`-L*Rj@-NO+ZwU+yjRY7ii?5yt@R@afh4Zpf!CBC00L9cpp_NU
z)=vHCqK=5l>V1+L(P9Hf*~iAy;AxxkuPw7ev`#57NhuBlbeL8}?N{(fk7N3rRvTqQ
zQirdU{+SfmHH#u)I+c0+lETljt2vACukVYWp4JVw8_Pn$@E>J*K$qt?^4vWleSKYz
znb<`Ik*L{s+3e8PvA-K+$!$4b=IeL2Y^dYi(Vx~nWqOzsyP1c&*KtbAS*;E0&rfq{
z2q?7iII(bmo5hwx-Fk{Zf095yfMcqweL{p6hplv3d%WLU4{`%GXY6XJwFRaF7LQD}
zcA<5QqXiwlIrm3K%{)dG7o7#I>7zv|Ug!zcu2~L-uXUk%I8+~o9|AB4;`275wG602
z7Nqu1@jLskHvyKXsNW?mqHtvG4Z~$^;;F3Q%LT#dUC~54S6uD`If8Ub;5R6PQ`Kc=
zfq4C_PL5X^p?TMad4GUN{99#(~C*>kstCS<&i~2BUEG;xDU|F&c{tO
zM2cR-6HJ?%^ofLtDN7#oZ)+q2F00(M0T<>{dZ_s{3gRKZ0!&`@(NdEe%@^Hjye}X5
zTHKa)|EL$nq&&3OnPb{w^;k<*FM=~M3O{rMY|@k*17W$eLan%R|ygcm#is$Rxgv0@4nO
zjMR!}o|-(nR6e|~mI%22%e!E_K`ZxHDsAuOFSeI<)ksof4|*muL7TeU<-uDk0TY#_
zx-@D+C&VM#IPx@m+T&xhMgFk>{@Gg#Y+E*^bm~#Tj9=XtcUKC0PL4_*JhvwxS|sE<
zd_KCK*l+QGrvH85>D+K9_qJfdAcifLuouxB7fPC-;9+yyjn7-U!NX_Twr6?0&ofIF
zB}l}{M;}akiYhH>Y50$cq~qI+?3DVv((OO!l?95usrkiTLOV72QXa_Th)=z2gPeQ1h|{1s+*`OVrWasr+F_x
ztZMs@7i|eM9^*tsjk_Pkf#tjF=#rha-Y0HaaPbAB)gxbmS5u+SSg!(eM7T|h)U7ve
zQhE6v*Cy3@pCAy3nDeeQk%GTJ}$dE?v
zD4AAIX9|;q{qs48$KF_7@|P2sMidCskE6A|zVJcSW>T^er7KR;Oj!Rwi_DzYxKdzS
zuU0|KaDzgvx|hI`k=*@h%gVsYhh)A;mX!DZ?S}M!x{;7pCe^ml77mi62R@)kjklGp
zjl(=aEj3~Va}bILuOT!jIG6!|yG~;br#()+#}iKr2o}`B&Ax2p0ir!Eo9ej#W}Kq$
zQ6Y)Zn{>TFJrB8C@V``Oem(HV21^8Q4bp8jdkDt}%TLV8C9Rmc@XWxZwQLZ$wJ9-aSrIW01ra5zA7PRkJwz!;vNI
zSi6W-HahIK|Cub)Bx^&BfxLD_%@Im!5v1ZQJx2beh`guB~Zx
zTM1oND!}#W;sW%}_Y>I+7O2H6phNBq?uKs4*|RYkZ)Or}@$XV=dOIXwt5%dkp!D7T
zfI|*99x{HmIsHW#^hPr^u`ZQOwZdNmAEQy|ps{M-9`?{N78Nh%45C=CB@3#^-#cPN
z4Xi7FMvb#NkJK>XXzLQTXudodX*3(Ixg|+U6I1;Us1t71S6HKRWL+&IZ3fu`pB-ph
z{#&O#1Yf5qPc=t>ic?%%Z!aLKR5N;(Et*HxFHIur3p%u*T+^AOUqc5r?diBQ)}(B(
z1l$pvq#y}s1o}5V>&GJsJlmJNm!@twPtx@LBMdaUbuCQynuC
zMVot8ac%7P=J|z4_xz~a{tg_Q4*Aq#6rf{!_%GMay_85}_pL$h!7JlX1`2&`Id|rA
zxY)?s;J(fywjG@1X+q699fqMJHhCYz-h!?lgL$tmV
z(m(pL->G3?5f1*V1<18rTSZ9%VP{&>Fw0dF-M>A>o*J)X8GA$ixtiK8YUe&^%;hTb
zk4G_B;r@VB7t0j0EEvN5d*FR^tH$`%hBd2^I>JDc8)J&s_-dgEz$cYPifzJ_~aLr
zFD3oLQ~ofBUHZem*-AGzL6*dh`_GO6UF(UkbG5?4qUp=34X>bbc&4nGYqJ>2i2?O9
zsxFI**w{E0sf9dOFsE?CTux%G8Z8EFkguuxB*)tWlVB|
zMhG=%JH=*f=BwB{M^_E6q^74!e%_rfI2v+59E12bh5a5o;UJo!)zIpZjT
zJulbXs)*?QLOe1X99Oeu4*Q)R;jC2{_0u?eTVm!wf3!#cA-p{p3poq@SeF9~{QBt^
zt5B-py7$xUg9j$Qd9bR9+JX8dFwmbm&KJ~@gLxh}T1Mjnq|4N?kP;t55s+B6wT>o1
z7USf_`VKcrUfPT(ba}cZDFj|V+5}BM5{Y@T%rq0)6YCbTt}5p4`I|hsAgG_e2I=JGI%5N4eJJI@_9?4sej22uc^3-m#Fq|(
z7-(3udBdHyD|4*dN^EnP(X!Tjd$&UoYoDlWbC;#W%L4A_=_((JWnwi5XYVu1gzx_jPfVg8x~UcGyT@OJ{s$
zi{@@g(|p_%tek$={RaKSG-1lNAE_duKAzB4cJ^#qq=b_2SI!=NNMOQS$Cd_inT-6?
zLjyZ5Wx{Hti{n^zTBePe9S(rMQo$Yq`tVW@-`t3S_yhh8gcy68gd{-ZoT%WUf$=CbluUOCB=aII
z!+9TUQ*)98c3%?;z6lzEw=spRpX_@X2hKqY$b&IK=?}>|%anxDTZ|9C&4#2R-<8Ea
zImf4-?YuM_1CXqRBBFc)Oi%RJVKenHU@u{EEk=`g(_Up6={xfgeI0k$kB8vY?=(Ua
zm`ho6mkB+Wkb}azTh|*Xs04#n7wGTL?#=z+tsBnyc8>-&fSQx6a(WJG=La0GBiwu=
z^`E&&YcQ`D&*l+p$>IX)AJCsRFrI}zm5n!38_9ycA?!6qt9P9wWjfp}SqIEkdEB&I
z|HMoxgdM@@9jHU7D~Q~7%1gnp>*wyZF{tHHMPIlHgOJNe~i39`{34Id)NT)&6
zg09}3rct+bM+UL)j8=*fvAcQ6{U)_6IMhRJ3l+C0JjgM0y*_Kl*Q|FkAVz0tQOYp?
z7Wq}JyyK@H;G2+@wsh)vKV&2o7bx9v=WMKPu(~nGtH;}d>PW|
z3rY8|Fn^E>Sg{GEc|#XQKU03qU7U!FoO>Dce&%(Z<^tW;iKj@N7>a?!UwYpy$lRXCLUf#
zRRRZY3>n+2o*Ay-_%)_|x^*DNa!=}8
z`_PSv;>Z5%{MI3bAn!Pv25qfBBNbG|RgP*7zCwu4B6r`*)=n!mKiCM0tS-bL18b@N
z;u&>MPd@$IG4CA&F4;Vte^3F`QK=de&~2{y41c1f?Ul>Gb6*d(&S?Jlh~V#x|KPH9
zEOaHlP@ByZ&C!5DFsz&H7RKf@H=05}BoTlYp_+b=3J6QFT{RiD#XpH&4
z==Or~1Nw|dJH}+5@}iIFlT*{&=?Ak5+WK|mgvXB9EbG5iWwD4IZXrnAksd3MXDmzn
zTVKf?iNmRJ@yXJR0Lwk5Nmg%1olb%Y@G0}~d)Edti&)`-z#RoFd2wfe4CBi3^oL7EsT9Dko-PY5apxrt(~ts9e?hr1^15=t4fAR;T^7d?Vk7Mmd8w|
zc#m&{YvKQ=##8vGnqu(9V_|a60p7#@L6iTd21HeC-vpGVr*rbxrCB}-B?<_Fmpw=X|MO;_vW~_NFvr_btb1lsQoXE`
U(KlZnG>=$XYTByR%I_ln2eN+=Qvd(}

literal 0
HcmV?d00001

diff --git a/doc/source/assets/images/logo-blue.xcf b/doc/source/assets/images/logo-blue.xcf
new file mode 100644
index 0000000000000000000000000000000000000000..fff75ee21d4035be50343b3ff766966582822cb0
GIT binary patch
literal 33947
zcmd^o34ByVw)efgq_ZzTf+2xm2#Yx2XoC!l2#OyQopBg7&gML4#I2oCah<1c^x-}z
z>Kk=F9LJu;VO&@OvM20WJKdd?tep_ZLKYwigoIA-_xqo!dwWTmfbV<1-}ip+gWt`q
zI(6z))miG)sk(jdqmMoD)btk~d}R6~k3IgdAP8bF{@jd<{w3iOMf{nFEArMq2m)RB
zHwl*p7r|5HG~p!!KOOhPM?rSpV^2Kr=)?0Kede);01{9x3Ui))?#0I+p8o8b#~*v>
zn&>%?Jo@08$JabFeGa?Ld*;#A4^02|{BN^=VG`HNMc1I}>M&K6^68gOP}LWned>V+
zAA9oA>DMc50r+A#pbVS${F9G8H~q0EA2dAtEY)B0$Rp1_{G7joRC_FlLqe+(ALM`H
zdO>*QTAq1rkl+2xCtfBz{rqDO{^r@|9(d-t`Aq+^28u|es$pmYM#L|6HzLqe&qh(2B^M7QqXX@B>DtNOJdyn=eKKt*23
z2rXA_5QM3#1z|3(8$E)sqC^nxMqloKK@gsD5bj!WwGgkLFHF$S6w>sWLX3X+w|i{e
z{nAjEt>AgRR)4h+rS}@!r6|eU{i$A~&k)plM_zqZxvAi^6eoFm*6Y>!X#})2H`djZ
z_e=4T*SQD4i9)P?tJQ2OvPnsj?;X8LACE%U+b7#fK1BWDBlXqgR;vZI9g;@!I9i4!o#g9hcxwIN
zn>JfxldV4YUj2hjAS7B{7SQUDRFd;_&EdlZ7YTb0u;T=k{`|YP#$(kr$LboJit3M5
zmRnWU^Pp^M8Eh^tC@L;4C>)j|B;T-%KGKH1m6umk)`&Hp>WT`h+Ir4nHkTF`6&075
z%F0R#3K;%7dXbTLw=~sI7sPT^g|FPIwR(VECYGtpPK&v$=ui(4H!H|HZ9q=2sw_UU
zMYM=kH&6@
zySlQX+^QkWlA{hOQi{+=6Qx(FEw$B2W2vie5}Ta$5ED>Utl4@<+wqyXtGlba2kNQO
zd#vE4$~sV9QB!BLZ2ZFqf7ocT)zzQ^_0v?;4?#ut(>MPzyr-t6Is3$ZM
zs1rz9Ai3WJh$K@{U0?lUy-q*;V(K|Rg<%&Ql5yRY3fHUa
zcSD?!#NyoqQxoUQiVj~EQDb#m%8C^{R}Co|sC^p`)gfqQghz4%i>w2IBxa6C6192cQ!t&;Ob(^vpe4HqXYF$}a{!U)@8ev5&zDzJ
zAFH?7YHaeLxcb_F7KK5%4>h8*(Ejp@3Rt;#%vHk}#iUYPOnoD}a{a7{G)rgol~<_A
zP$QVVV0z=_?#OqZby4b
zFJ{+hXuo&I-yn^PUy#9&k=96QQVh+}^{7I#Y(D_8G?V9(L0HQwq;x4B%vF;`-FFg<
zuc56B
z?(83w?0uazpBS_TxEq6aZ!fu<{yheb0q(}&u(Y+<8fwmwyXoI#P#fTG435rI?I&Ap
z7s%bX%>csP7)J6=ooodzX@IW`K)4%&y}9jpvkks!n4o5Z$^ds`@cwf>n!ET>=ZR*x
zjE34yayOe$2zO&}ec97nw+;0@)osUZqRrKW>Mrs(u2Umy!exkR!{9$VJKH-t+lpQ_
zyxRdv47H*54EdXZ)~c!+hD~k4-xvlrcebB6-g@F>dq-{Ci58pMW(VPhQx{Lw*3^o%
zo|Y*VTYNDr_={jK2F+2l%hH
zshV{*4={nFYIHVXbd~*t*Qnr?b^8Ga}IMgA8$MUnn7n6ehmpO=N{m|!x)@z6rCU}kZ(D0
z;#EVGVd&Kpkckb0tvxZoJ&eJzyRNH4?nQHJ$04W$9E@RbH!+&YqNcIe%N>ltalEJF
z1RtWO`NRp}!oL{A6GLd3q)`X&)6QpNgX=`+3C1-~OItbQ4ew&`lta%&8wAqmZh$|Q
zQGvmjeZ0*C`N6puJSITES(0qk_*hz~OaRHdBDTa!T4=8ot*KW
zmXl3}7{gE#MgzQt+M3Q0?o$k|4+=?O5NmU5dkus$Ttia}47IMqiDeH$^SuZpnKhf6N+1kkm
z1cL)oCy?Mz44%sN<6xfH?1c@BC)};XASQ;|TIv)xoDL{alugqd$!CoLrQj&FkZ991
zafPgTcG(txpuJhb~
z7zT^G+gf3aC)(O!Wn@U_Nsn!38f$86>*{K&csDR%9qnpwYwPH$*<{!)8wqj#6uFP#
zw(6Ri$^kZ7jlo&i+udILI)v$IJV|;fPlE6tuHL!|1j9w
zP={vC3*3JgMyyQX8=ATQFu;EpM&9ZHpIe*HbN^wmxAbTEkd(BC(?Pwe+KlK(Kk
ze;D9D41WJ%g#R$Ye;DCEjKhao`iAV1bEvQVpiygt|1f&1&XfNbsx)eh@E=CU@iU;?
zPU{u#kjbbv!haaWepla_)7^IRAD$Kf;XjNc)%|CBd%90`g9knW!haa;J!b*y>TIXw
z2cRk={D;w7vv&Dwi=Y-2nQVf9qpK5#de>I=6RQbexCKNr>FPy>E0efS9SS1J5(LM&QszkcV|1O
z1HIHJGV1PuJ`5B{Jvtz&PHDQ}P)-gJN|%DtOr1>Vj_4A*-57N{4Q2?8fbJXJ+Xl|`
zbjNi2db*?dkO!#P$%?^?4)8+PE%u1LE(`+w(K4(y5BUru%+TmAB=Q>Icut==3(mOC
zo;l4rPK})(Q_PVs%}?L
z@7bO*^u$%h#L2tw0TLXB(Opa;776Q2Z>~{i9L`083-%mv;4qBNZH=di=OEv6=5($x
z$~csJ8sqKm>gwz`O^ZHEdPYZO=K%DIqxJUHK?mS4jIK%=SeMx4?CfaoIxl++qoem6
zb(xs%0Z|~sV;EhWERatD`{Y?Z&jJh@#5ACufP~>PjGhzdf!M8vq&nMA%7`9}5RCTp
zo^65H;4qAy7C^w(F3+isw(+sFjC%@_o7(J-peCD@CY#Zu3Qa<#l@=X+=b)F$IC^AE
zR}W*4s>_9Ov?(MyZX|g@sy(Os+98|acA^Hu?Cg{M1@w=J#RZJET+)PGhQl?1Y#aW<
z=;;KKy4%@v`s~@3Jh0E1*K$@CJ6a@#VTzhZnx05*FvHv{7~Ks-Ke1cW#kILxhI`I}
zWI}f|vrHHF6GlhTARBBCnU>h2B`ZJGsp|Bdg2KVdPhR9+!Z>If0GBX*oarOG!Z^jQ
z3!NR^gI(<%9i5O7Z(eO2Y=9D<=^JP_87pb<@~kvKUczy;73HZ8Ucz&}bC`Pxqt{jqhF`3cWzx~hy@XLbmyLPEG8f`>W+@z_quUoWq`K`;BF8cQDX_I0j
z)S_^;(2jahvGIu$Q#0q^^uUH<+bOBPx%jiyOXp9Y6s-}3>B5j05i@a0M&_LBm%Utx
zIcmiA@5`=Di;ob6X~M9miAnj<>+9D4$A%{8s-tPm!i+?nC`?6(ZbIfCzuLNeXI>BF
z2C5H8xzI0{XE+zbY#EroV38
zv3u8!?OV5el)Gb3UcM^-{QiSS%UUm-C@(E4EG)&6Cqi=dEuS7kH3l%|KW*BvH!pAB
zo?Sb4?%umEU!8w$|AB)?3X6&gj~+gB=xAv*)o?#GH%WsE4s~4mM_YF7Lr=s!)jnTd
zzBb@3$oIurcVLlh^S4x`rn9g
z+WcYkdiSoKyLRu{mzS>r{=tGWCp?_z(I2f?DlYXc#^$j@9W&)N>VP`m3G|)YbGL|F
zoVnX~QXLiR%W(>jb{00l2J#r$qy=l=1Bvoq4Cq-V_j;U9AeA6igEQ=S&etB#0HOv#w{
z6BH2ozTMkCT#%8R5E~PlkespL!);Kk`~!yy+kmbS>X=GpT>sFgxjXlQPTrocKV6uf
z7^zXK)SAe|^o5^(4f*arc%-O-c7ioz9Pv|DzVPLi?SwDp+xP9-@-Nd9b+A2A=p)^m
z{^Kp+1QTy*O%LC#8&*fBJoV2lU+>}!8QJ^wr*kJqqmG*DM5WCA6jGr&hmIDS$~&2>
zuxsMd-`u=|YN+!^^7d@|?TjSYlNLG~ku>AC+t9E4{Zyr(w1QP|XcDHs&4uR3+nxJF
zMuJAr34mriK~Ocx`cRQ2JZ?P4jpw+UeE0rCg&cK66F2p(%}`%RpSrOoGf_+3ASKCM
zL*0Oy?sq|*OUfB-40iIXpTk1-GU+?^e*Mv$`*v=9X--;FOr$O{
zCMj*sOIy(ll%v4LH~NM}l|~mcDRaR`fRpO&-Ld861({P)l2fK+E_ex(1y?|~t?wq+xpZEt;F0RzHZ5+)kW+}Ir^LhJr@5tS}$+&4VA3rx3
z+B%K`lOfb+w_+SHy}W&UckkRG?r_l@!UcM;u$=Gvjfj!S-~Kx(t1jP{w@*#8Mg&>w
z(b9hAY{^D{MlB}hYxYwUhl?9{0p$DMmR)41YD@^2Xbv1y9UM6T-NHP>gSP=q+_is4
zWlUjv_v~gqZqR8s27TQk#B5)&p){{LES(q%i(6A;#C+ft=)F@A+E&>~i%W(Zdn4wSe
zUn>1HNko41JrrlUL>Pg;N-1qzs`N3EO0UJ8j!q_ph
zZO`MpEKvq%ByY`qIC4mk^IGg>($QIb5Rn9&oV^VgolPkXCjzz}d$_@{B-FhRu-G8H
z36igdfq47TlJ9wJpvTIsAxot(fvl5d1MN(bd`47=2_gxQWh}_XK)jV0I-R0Q<7Y!!
zsUAzRU@T}o1I^H*<3p^cENPLGhy$HJ2L>@z8pyxQlNkqi_dL%;O1UVUXU>HRkXp=;_p+gG2B@2S
zsSHpzq(|SCa=NPwOwoe=Dy6i~p)x?~2B@2XHc_E&LHS4n)Ga9QZ7eWEV1GLa_%Q}_
z-QD>K_RFDe3;=a&eG5B~P&byxxG&JwIn>Qh1nTDg3NYH5RvL!7xoHQ*2+MfJjC<~HrJqTtTkk*6ndd#-7FiZ58c{}3Q#vcNr0Nhf;t(9(}BA6UqLp6
z!vJ-2mqA2OH>N3&*@f!2n9Ml9YyO0ZlyXrx&zK7pAhnnwZ+$`Cj8HfE
zQW>FcNRPfN<#bmWnYso2RZ1ylQW+t2Bh<}E`!7(ppnRke>K2sub~P9yupO2J{1_v;
z?&&{>?KP+y13=wQZ^!lp)Q#maZaeL?LEZdBpl+U0z@S=w7}U*ULhu+2gSy$b0|vhO
z@t|&}8HkgIm<}Q~hq|%Wkfl>W$8eJsetKr@W!xRdpiCA;J#)XlRU7{mamTRXs%gt`rZeUyZ{F&07Hj8He0hPoNS
z_8}4jrJ-)v*VI5HTtgr;d)sysclXG0FRxX~M8cJ;CElaMymOufld+uKKgF6%|8F1Vl9cc3e
zTBL-6t;umR?Ax<7+0NVV_`#~X@5#~Rpj_@PpsayeS(+^8tZT1da?46!hSX<$N{rRS
zIulc8FJ8F{_1(1C!NPZaAM^pRBoL%{A8~5+j1;L)IH=Dd2nmt+by5#K3sM
zm>dvu7hE-3Kw)e*N^;rnnUzQ)XCt~sa(%WSHOj9@b0lZe@=V$tlM!Y^)$X}wBHM*h
zI*X}>k(RV5%$YYiiZ->B4q^sl9mKwuqv@V`SJCz!N(1u`n-Q?hHDdpG`86q29MAhQ
zRk|=|k|cHh(sgq(QWD70Cj@n1
zh^g?zglHY@T22g_Z|!WprC1B|&zPB+$3M#jpB`HndcAn51TAIxa$H6k7qAqBluM0z
zS^m1?<&+w9Cp-#elCj37`;|ei#shCjz#V-jYLju%V>I~KJu^m2>wNQ>hAaVnV+yHro
zPtbCbFNtN8aREy~NV&im1G>sq=uB{z%qcbKPPM=W14JHF^Ky`@@!UxgYLC7XH3*nJ
zl|nQ){cjE-x(nrNBG%%;R5h2$&l*!#84ZN#A8T-$iJVa-{!vNror#=1$w88Vlu2-0
zD&aCW0+p_XavT7W8%g9w$TNI`mUMhsDx-`GSPDYQ1;!ZBRkliItiEJUsX=$D1(p~g
z@}QcRgItYM<0RA`eJ5%VFgsHw8l3(&hY;O`@--3b;b5wo%j9Q`sjG|z!t{?dIL$=P
zs1pCEB>2um&dy>2>wNPG*L*ybV1g3pE7UWuumR9GQSjy146OXL}
z$G<`+kC7OcNXvCi7Izs@OS;gJjjkJRfO0nw@W=`k>0kV4a>gGgf+)5=QQ@pg(JoE)C59VV+{x?+ZYN~a
zB%>4_Mn#St*RmUzQ7Hu%AO+R3aE-oWg3zb>Su|cQ5w+*y
z8hwud1^S5!mM173FBb(oqA>dIlW_Jz2Uo-aoiKiuj<~Xb6?$JQW7S%dPLRPe_{BTAq_c=9?;n?0y3%Vo&q
z>=8g%^Z`7!0*jGG*lL@fY`AC%BC#^KR+RBDh`Cu8EiHK&eC#FaDVvJgoWWJMEzF!0
z7aijdk!UT*LZs1sye=~>ZEB`JLJIC<2))JguDxN&3V(nUOivz*xHL-|JqB?FV59mT
zf){856qj6g-4YhV1;V0`{`h$d==F2vT+af`KvWbW2YKD8%?Y9F4~l|i>+gRIUms89
zQ9+C(t^kCjKoG`vaj75Y5pa?@ARASJe$hg?v3{h7U
zSKjuKxrP|jFF~?-Ix!S*(7^&Fc|&K0vS|P?jflV)5x`7tW3c%)0Zv^hhN1ScdE`G2
z=?N7cj%z85iPN!o!9SIbQZza#l2tUAmK<^_$}5qQ(D@?|Qz#c9xFzbOd@6~pDasKv
zEH3M9oPUy^>^Df%V0}cH-z_Mc7bs&pX(;o%7G*PJt@u4GS(ghl@f-7-><@A&qqwfI<
z|2Jc$C(JbRc*CXt=d|M2G5j*^CizM+LdTF+8KGk#ccx>k6#8YPi|H7Cea4SLpiS&J
zgdQVfI>vHW22H{tOFAfxz6U5Xt@2a6Ty8WSC4c4glp3S&0SeGDJY@Et8!J6lrjf@R
zF8x2J6-CE=f~
zTnOb5VUO3DK>=pAXK6QnyYZ9bFqZW+@PXXLor%P`Iw}mc}w(K3a-HImsz))IHAs0GcAC-HC`TE1@2<`N@vswpMG9MEnF^5^&v_5
zio2rvmuiy&(JSjSBzXmVprBacEsbToJS2&7l2h8Kdz?X8uIg}zF%5?p$)oOZMo5w!
zeV{dztBjE3xOpZk{Jw*p0uznsTgW|73huLT0$gEO6bgy!sXIb
zACi=>xGSoEsWvGDy0Sh)l2^b7NY1G6mc}w(9+E^k$ti8rJ`7*Jw76Dg34|sY0TM?CfmDW34UQ4yz4qSXtO*%
zWaAYjY~z(yb||4JM&79nt`jAR%BHV!&ZQg#B;f!_-u921l(~={$#k!}Ej!!4P0k+y
zlurWCU!@=|E%Q2dD$~7UNluP`E0;fWCvPN!x>9h%weuD;>fTki;oSr*6q+H4OOttU
zgyae&DL^79e%W+SjyCjZztI5^Aq1cJ-~pDE**u8yKlm3|bt<7#=*f&{<^zuJ+NP@9EAGFeCw*5*zae+#zR9{!?M^s+Ee3
zjXOyY|7fEoWaA~=tm9dA8+Cll=1sT>4UeoTbVD|P!p)WPY!lx0!+`
zYm{7~4m6K?s;GTn4=bFnKvy%fv|)C_!nq(kY!?%&^?SC!ep)!s7I^kxb
zQTHi=3-1W>c|D?sJ;KG;*@!m;=iKX4Ka+fTDpTd72gH<;IKeCZ7*MZI@~M5IH@GZb
za7k{j$BP$-q~mAzo&>iSZ{%Rfc)ajRPR1dbBx&^%Kov-r&j!^Sn@nJD((?HvB8Mp=
z8hQL`*W(qvGH{Y0`ZN+U_~ViA8v;ZlT8Ur|k97Cl_ul(ceKOTt==EY;c=3{i5&Rmj
zQAq(*BdGy!`J|79kDvnt@{Pc?s|d{}y#+LSQgMm^(n=#fJYeq!!q~miYr$xMc%(N+
zL449XfFy82!0<`ylsvtO8Tq&6JPw?BhBx8)7$d{0g#xfN!3!RQfbetNq+l2g!xI?_
znIzy@2~H&i91?wS@Vr+O8OuZ;eijO$qt?^t3IRdn_sFUxjc>#&6*XH64{Vp^5DC6{
zp*|WWelRBjNCZ%Uf<6s`2TTVTF)cVB;nxfxkT|gHh5{<;;&Y=pj2Q2omKBIZ8OxPy
zJqko*shSR;c<8EEh7b{gI6eS~C~%~JVkZdhb?Bdus0E<-abL6W5ooAHA6=&=>8U-XgiQ4{
z#&G;mk>Io;rOpM=O~@G5inkVceuyOOi;_RUsDhHPRs+mSDH%T-RBvqZP7ubk#>`sr
zdIQfLNW$}ZRX*qw0KQE05in?lmrRvFcy&7l25a?7YuCQ|>g$GNs`(hWAX}?X`Tz=<
z0;u0wcM99dTB$m{>PEKKFMtN&8epwnYJ#;RTPp`LOWPQX28dVsd=$hdeFaEDP@ON8
zJiX%)8o8G1Cl!eFwc64O@lI`C&8;Pj)CoHdi9UikAf!b7p$J%|=Kw
zwTLD*097vd0tISG>vKr8r|_QnVlrB^5eY_Nw9INDY}6sEC4m^ycwVvC;5>{|)(%t%
zvRDP^K~rcC7Ar$!izRj1gn}T8#S@{_Jclrg1;mjXYO#L(hQ)pfY;LiBC@l7ruwAiO
zKbTqU0cNot>JH6Acv}Zq8nf6UWvZF^vW)^#<$=2MBY0z)6
z2*@YkU9{?ud$M59nzeYZ2TV60la
zs}5$wArNBuDs#7v5uaq-OrHtGJy_gM#9DsOU!YG(c2EoYX_+c~z
zc*GEhY^PL(jqud~SF9
z&k2IBgqb5TR#9?TX}@4qtke%?R(gzCDPB43!)s5-u$X~1DhA3x%s`uoIU@rnPxbbk
zIeSh;hV<(3lm1eW(z(7qr&%M2F&!NA0M0l
z=}_euHdbg(G8I->%jr`aW>aa2$zrLhu5F;9@qGsWBce*cg134kS&H%Pl8&;f`sTLI
zlQlKlxBmHcYJ|t{{)Y?$jkpsn#q=$VvkkfH9=m|ZfqDzp=<7wKt5|Ja9=O)>UlAh6hYfJIL}`o}w@
z?6k3G1c_D|h7$`J;3r=c4Ned|iN}hq(N?Fqq!coO#j+ty5ZvnbD@@iX6x7x?)S0P(
zS8%EBJ7Turn*1d-pFe+APGrsnIl7kjgeC~CRKr258CaeY+dY^~qOvc@$FcI>
zCEg*iVw+)Kg$3U`aaxMoR;pB(R-b2nFh{`i+wPzHpDms1}4Z#1PK&s%m3gwVuX^B|kJX%n6
zxOpXE_#gfo@%OaLq81aI2oJEDO*EjWOa>|E>^2A#t*9`PIi2vHoyX8EHew
z@n!fuw>m1ILiT9mZ;sZO==(#W#a>oi`&{;Yk38{4K$Y5JYXA3|gLTElm_W)bmWtBS
z^2*AZaW%Lt)?E4bNB1<;H8$5)9L?XJUq*T{u4%NzTT7}pzWm-3_uu`!+w_YQ?kKdt
zLdUha&IwkNrQ+}p=Vsr&`qwZ1<*u6!9w{g(9b?X&^B`rjwXBT3nPX}G?e`0g9yxem
z%T(O7%TH5*s|=JoX($DhNZ$}myt
ztUcvrHOHD7>Z-<_Bi-V&(6}h8SSFgpvUB51!Eu87s?Fu4)_5y_QhBtOa9{mZg~=L+
zQc}%O-w=o0VBzX7p-#~lN%;B>wQ%+4m1P#Z0$(iinaad62PVu*`mO}wG%9SYghhhS
zRru6WdD&4m?S=D#iNYCRe|+@t;jN#4y8i7~UV89nE7|N9&YdRVO`byXlEvT2nldp`
zhZ$(Cc&o4gpF+A*@H~NaJeJ+(gjx6v5dBDFrbHpWrx)MWn}|iP1G`WT?{H6V7hCoC
z4&z-pZnu4yeIqUx@6*ACn@{>HUbusec(?RNJO+**LEEKU;4e}nr%U?0AC#hm$&wQ*
zks72U1so{(yeu^ZU+!TEw$MtJ+&-RF`#?lVh6S_mo;H+JKAg{RR7zr@6`|zS((r}*
zfA{bI{?0qbBJ>_hM~>(E#jk$z_zpZGfHe?a+r-*T5X5?SL$k1xern+DmB?qb3HdCC
z9wOH(H#`yh36RxDtyzN>y%IsOvia%c+?62wtk4zMC|7Y
zZwKudoGmC@w?<1bJZFkqVq%U%nvR
zg!3|hY2!wVHo3Ufv~PgemGuCRQurn-Nf!P=<}^Yyg~t6wAsL))qDx%J95-5uB8qla
zF-nTTXxz|bBBPU{krUA~&m>_300>sFgXVHw9C3Q_HY%bVAzko!JMry-bLZ@K7dHG7
zgdv|~t8F>n*4cewa0qX;^Y%!1Pd!?_Pe>EoU%dF%IsvZ+A_FqOfIi{|G~_p+`?&!P
zpbJz9^-@pCAhb3f8bm-dVRD@wR{u&b%As-SS&_RpYX%*X_3H7WNV
zdcU;jvy%)EV#XE7R^*{@lQvkG75OBqAUrv)6;a!=74f8EMLZ`PPMA!v74c%(iX4n$
zI4e^5+}^u{+<+0e9Zt*)iV=yv!7~Hr28V_m4!87G#-eCw?|GlpdE!)8@0tFK7e`|8
zK7z@Dw_i4;x5$(Zefq_hiYXakN_mWjz7cLpX@YBp@V}XLvFRyMxNzGe&p?GRt+VCq2f=4}CF`r)nB3AvZcJXOmgWh?n8?RP3aOBV-y3mm
z_>GBY{l>(z0b}BM#hBzAra->U4!^`fkTct`fn(wTwPbhhICAu8X=zo5qO5q%_G`SD
z+!lwWhOd*E5+TEs&O-Z}3C%mqjOV=2N;%n-hIx)~VOT@RDW*h&LWn{jW&%9VP>5Kd
z!liS^S+ktZ1))8dj@u#Z=|(phA?%7sFn2izGb;9*5pTzRPH3R*U1mlE;%0PGF(bJ*
zOYJp4V#eYGQlv0Evv#1X^JGJ##aa+Bqd%d<%f82@n32!-s|IF9IR3)w!f!*ZD}}$q
zhScHR5Va~B5Kk%w#B;I%g~o@#Q~$`q|da
z`3FiYRko(GCs5%0V)ND=rKSq8LW@sox~(;jYv7dZ_{b#!ctjsqQ@bo>$DY-~y2SDb
zYlP(@b}uR_s?3eg)5klyu(-wU2z}tTt`?uRGnE|3+qw0t4Ig}=M`=f6OKW3Y*}*-Z
z|Ly&EUVZBRdw#lP#k_A_JLg;3cj8kokX-vq5B>6v<@zNH7U;9SbHj>TfBMjqZ@l^G
zKX&4^_IWF?{T3;--*n4e_dovRYrp^G?_2T@l$x#O_%0_tp;lRGu6mzgxc3*Dtd*)t
zv1+8cs*<)=EZF-HElz8R^?i|O_$=0Bd|tQ2`X0+pzC=3Gs;r~ipOzXQuU63;Bt^k7@vDNTKQ1pbs}MD~iYzZ-WS9f+!5Lx7msOVM
zevirswegwKRrKP@3Bp-XxauoQVcpxW9o+cmKdyWI7mqDQ6$VfJva-}vz2W}Z^XJc4
z^zBF2;=4H<|4RfmrFC02?9QufX=)+n`QhbOb7eJlyvmN6-$n1Re*yZ0FItDqOb~i
z9{o-d?D#uv`|sWbE=i-*`UeIcQAI{AKUnnK2ME@E6tO!i3idvOA}CmF%H-)YuUWk4
zuAG1WAivUF{QMuvE2}CiEJdbYsln?=q2s-cU+m03RAz#}Yb<4@=Aswh`tap758rp!
z|5`LT5?b7LthySTA!XoHnaNyUVKSG_nR&qulqsqu7VPawc?LVkK6Ha;Ns$=M+yszxJ8w>Uh`lh_DihA)nCia2bGgW)`
zeERlF4?ehP<}M3%ATUZ^-v0HUKX~r(yS}%0?$oOmX6WZHT5<1JR@$QQtNxj*X3t-I
z`>ppq_{O?VHf}vwRNI7jlRiJJFgjA`+q8RsiKXUvOIcvH+
zh?3pq-(_I6MP>GtVFytx@xs`l^Og~F*=HL*eq$xQ=2m6yEvv>Sc`YTyhY#(~-}K2x
z&%bd0k8X&KqAw4f-M{Cn&42&vx)+|xS+!_R`s5_M@Q9S(zG(hcQxf73DPw+AA(X%j
zsTS7?h4jt!VO;Wu+J%2Znmz(g|CZvS55VJ}{{!#zvH6G}Jn-Vf&k*>(!{_Lg-l99N
z*r-!My~S_tUvUb;YZbUq_F7kH`KvPp;Z-v(l)ZWy7vbVHN)mM1u_Z7AF36Skp@ZcAC7;JCU`*6kCzQAW3=EKhK}z(ale7U?^ZD0pZ0
zOG^+V&X#VHyy|}Z_1!Klm3&*IwXuikhBN_q8OKv<`N^zJc;#ta+i-Q`lK!jnSs3X|
zjCvO1LS#4HvXCcu7DhS~qn^dM5ZO()EaVBEg^|w0sAn-QM0V3H3weTHEqS)wu7+yP
zklg*V@m7E=$vd0`PY0&rsF6iuZV*p^FjN@g>wWcd%AgXVo#R>O3{P@EUKKIy~
zC#T=}z_Y(0NkdiGKSib2A{U8^;H30W3qMYJP&!^t6HX#7H7@*{giEQ)0D|!Pvq72(
z^w&QUgg5>b*Xy|cgCi++_WBXPpxJLs#5EaL8ZOxA8#8c$U!<9yv~@LHiypEwEqaKw
zD9uhE~$r@r0i)Vn053A
cEs>;ZH~=z28U6wfl47+WDNY7mzpSMG4+mqQQvd(}

literal 0
HcmV?d00001

diff --git a/doc/source/assets/images/quickstart.png b/doc/source/assets/images/quickstart.png
deleted file mode 100644
index 735617b8cd4845e1afa9b85524c96d9015fbc410..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9491
zcmXY11yCGK6WzltcyM=!AVCjz3-0a~oWu2k1PyXPfN;1&&>+D{fP)0r1b5fq65zkD
z>aX42shZm9s+sA2ue)brHPscL;ZWfK0Psv%NlqKt$|Ge23j_H*cI$*A8w_hzMLFQ<
zzbC)5EEU;Sx#ElfBwiU
zz+ZP}DReA{^_~w~nE~ww6(P?{>^P?U7~Ht>>8&b5SLMFG+NRkOy{c-T+HW&sNyP&7
zzarxD#TqJJ#xbP#qp=c7C9`4^Dk%-}DYKzhq@LOxA%Mpu`!zbgC?=o<
zWCEF>$VoDp6$s!9R0GDlQ}{hw&nSHH0c#9G3`!fLo4f8Set3MI%V
zgQi0#bXj}H3{~)ox#|rZ@LN~i{WOBaz)ZzSvyb*gj2Ey8&eRdM-k-Gh8gP_x1wn+K
zQR5l=J@uG10gBLnuQiKiA$=xfLM&Aa`_kvpr0ioGWaHXS@)KRP8=JD{;Lfp+CQB`2
zZd)DETbLzVt1dZUprHO<6$^mYwZ1_lOlwnClM%g(%L>}cRHfry^oQToI7uXQqD9Kk
zlE0p2d2mmbB3ARQ{?YjvBxhTCNxd~Dj(1Eh3TGKsx?VecuF1lKhGqXV>chA_n@7U+
zQl>~aq$Xx#jDP;~CzqG6n5A4Ac>ya%Hk)F}Yhn^Q>j|vWKzVI62FA@-On}@+3c{5g
z#80Op#p1psrI?Sq88q}F<5SplU9QB3_zuoyMb&42_7D-O-ShV&A957;sj^Lu9v78D
zAP1Bpzm9k{`SD8M7cxbpij6CCTqIdD#vL|i(Kfa$ksQH7ZT@nuVeK1)2%>f4M
znc0Z4<5ss|d9S>3P*#&*|{`tEwY>hpJi|GWS0ZzIzkfJz1Fca^UIR
z;zfZnk;S2yHfj$I-MePH;>#f{ga9UM|5a7FoABf1@tID#z-+G*>N-hbuWVrx(|kYm
zRY#|X{DdIj0Py1~Pv9&YCWClM7(Bb-5`iwW!=8Q!g%4M*Zmy!K4`=)6n29rj0M^59
zZFi<*xx0%oPmQZPWIoThF<`E(uy+f%@gaY95Tv)gngU0S`*D-beP_
ziY)dvIcBa%NKU>nDKq0)BWN*&I}1|D^o1^5(XL!92uWCgdII)#)24+&gGM60!?c64
zr@CrxPMgb?mpVR9%TQ>tQ|i5df?+TPl>R+zQdvS!EZVptE+L?#97ET*ik+zV4)j}U;yH2tt#}d$@xGI1P9?!$k&DJZp(lSM5MudcVV0g7dh!KZ
zM-|`TLDOtykqJGlW^;HBtMX0>l$8azL4U8-AeZ0XUlTX>A9!f~XzxefkXGQ{3}ZZCD(lhN}vN|BmZhUwiBM+pW|@0|(p
zN%w7G)oa=uzL~rrZV}TapXG2pbf7ZEzoAuCRZ5Um1k%h@rM8UvCQQUy>YuRqz~_Vy
z<1DJ1v17h8T&zXE-xj)*jM>M6Nwd}N8bOW~u8ji0%^TzIAD#;Yu_r324^5Xlt=Q|FfsGmq-#Hpu(V|Het
z2G%ZeVd4Wdb5|Q@?2ivK4#i{of!d?%|6C00CREh3x9ij8UuYRM!q^=~w~61J5DGfp
zetNk7z+&=N_Ri?T{$PQO4soF?bvL)D4DlZ})%Z#DBofd5Z`0qA_GEKO)9!WfUgPoZ
zxO9v)ae6IY@Atd@+c_B+yjVpayi=jLa(9+W&-G5_0`BncuBS@wZcSYn9d?gJ#dDT>
zFfcX==@BX!5R~lPJ!k^db>!x7@<%MB7QZw4I5P`;LG=hcKF=eCm)C!~2TSk`(>z?%
zmYGTCN22h=94_xNUuGQPXIzMQ_d#zYBJL1(Zy%hgjVq7CAV&khyU3;!E{5YC+f7p8
zLE+yZp3V;MgL`g!jj(YSzRXTqNhjSWPGEK-g7~WXYccXK9x5>5hnES-cxBz_s$^c*
zGkaNq2?vvE_xf6On{Re@Wk`spQ1Y!H%C||PVPdT_zok93tYW7I2viCrvLXQvx(3sf
zs{zzqSrf4dAO-lLP;y1NaZt$q?#mW>UZ}xK@mN9k1Or0dpXzR%Yc1}b)~8hKyZw4{gIZ9WR6k*nhL+i2zf&RZYUB3xtObm#6O#18tX43*y7uKlb3`t@GkaR0N(3u&
z+b;VmWCJ%X^lwT9v6CAx&W12T3wswJaS&$&DNXqIQIx@YadX*-q=7z9Gyn(a4eS1U
z>lKu(lPWCXy*>`Jj2_zbY9(bVg|iiXrz5g%$N}4kzlCkVq_t3Jjx7OGpV_?dvzeNPDPjikXDXsR
zs)C>NH8sfyy-HFjORH6CW0<(dAhKnJGOUD0M<}
z^ZQL5iTcjE)nH6Zs!WQU!^fb}XC#wn21jCSpxz(~JZ9*)&`G!NcAf3e7Jk{#>bm8s
zX^2vSXVDK+g@|?Gz{Q$X^IO*VS05fGif16gifEzGqm3g>*649_RHl82
z{p<8R3GhbBb*`aBu&uJZPj6Rh(`>_k61V>$Nxyn$7(hVrhX+WRLX?_sA3)^SqDK
zACM9Gel
zG*!3KDE)J>8jQy}fDLnn6AM(%swN-gl6NHBsD>#`bJm{CZZ0eKHWDj0{8@rRf5g`B
z-wB-)zde1Uzh0KGn)qP}YT}=Z6A3c)OtgJ-{fU^2IJZx%j*G`pz3^RARV;g(^Tuwo
zX3OFv!&&AK>HjsBEU|9WiY(A?8QT^js!3@y;zlibbfIN|=~6KVzGNW_%NrI4A`A|*
zkqgn6EqIaO&lLQz6P5m%Z|rRE>})Vh3wCahAkjiaYqxil)nSo8E`8*5Yq30cQNrCN
z<6jtcJ=P)liuH9m6r23JHbak+X+vznJ3Ocak~FmGyId!OE${&#w7i^i?j~eTD;90T
zjBS
z@nXN?hSjMPedQwD9Hlxb%s)|DUjZfa%f+LlJ#1LaLG?fX^RAAl7x8|-7OT_Jzyf^E
zt$Yg{%1WfbP(+J*+uqZMnKc+X1X~5SN|zq>>Vo5E;dN#Sj<_Omkoj&A@NYL
zJ8z@)wY(b=cpsQ#M(Qupo@wv2lFI!QOE7hHg0Zl8IX0B6tQ_b1#!K2!&XNW7u4K5F
zscTOb%BN%K`e+(867!eh0vzJTu4-y=R=qmw!Ji`Oh4sH46#RQe4RCzrR-?WduTHHI
z_g;Ui>J#!cvxP(@&w7|Md|FM{7@?s?pLw;JqvO`Eua=izVZ3r|6
z3XL1fCu=rYtl=e;Jz3oyU!9KX9zA8JwAT><@wmDE_f^j?c$gp#4x21}kpxB;yB}L<
z#f|({H?vBAnMJG9iur$O-mfyVn~~8j{ivp?U-#q5IxBaHgod58t
zvg+yL@rCyrtAoeTfr$4Kp4GER2)>!Sk~NY1W7zg&=o697(u19U)LlbC+iq*)#95Ir
z_V>_I*EIf*Jf4Ta(%(h)Tg;^2q3kCY6Wbv#9O-*W{LFowctD)UfbFS<+~6_j`((BJ
zKqWQR;-FUH`*r9ar~&H9F<9Nr
zUuyc_)Ec`WTV&Yx0wlaWO7X_=iq(mHN=ddo(rqayc*tU9sWBI}2==c?z@y@z>WPH?
z#tPb7{{p~6?dF=-kM0xcQOCU(8nq_&WQo}^4?d4|w%7>(
z_g~Ln=WSNuF!2fopCS{r+vm!jnL=aK(?&E@7ZK&bE-2%T-c!pB$njx@E7QhvGtM)D
zjk?e2%fHZMQqb~+{9`baA~Jb#m}byD=V0L
zw6V?1%1Tg)S@zOsbzRiEnnRonB`$}I{Lv!$a7|lvEu1a$$*~#EH%~GmbdhIVE@DM;x%=0p<=dvJd9~#Zv=qMYxIqr
zs~cNHs-s_w(S)3*77~Lsl#EqOVUpMUJdA-@U^cz0Wfz@_d_-d6+Ap@0AsS(Qosd<-
z5hB1sRmjC-!vjw2I-xM2Kux-hclB`fXFNi;kzHlvXqTdaUx~7gX%4)NKxr#R8^!A}
z46Q5(UdMXa(+KeCwUX8jVwwmFZfM>_$pPT77tz!V#?pmwk#>N;_GVk^=d%oa_ZjNz
z;Li3ArFBhH2XqbzVJowUe`v+1P*-=O%L@1FJVVidVdz{};sT`jF8f;Wkkf~~vVDg2
znkPB@h1<=;Q_X!ba)ZMQ1)oOeDQGw8m{-x3U|1ZM$ThdWD|l(O+e$ec14v
zSexLT+^6u-U-&t~y5+px-Da<)X9h{H#S(N_gI7HQbh5SHXN&(gI{}D
zm=r31;ht^6!L4w6Y@Kj)^zmLN5R~i*;Ox%(evGy)TfuQ$fl!l<-m(JbWx&w3v^M1f
z8UCsdczaQYezcXcM;8b~NmfcJsddJs)_Jx{iTG0rQPU;{E#fkuzl)`qy6yR#uRaw7
zhe&LgqLz^Lh-%{EFz0v6z_b*yfmN%~+nJrT>$P`k|M-D1scI(2zvp-M+QK^-Apb<&trcL|I$>^4
z2))N2c#^@~!I5Mw1@)vR)W4F%)fC<#NA-WkwQ$U2zL5tkW31XHcxsn;q8Z*Nyp;T$
z65b`rgJ{m1$@dr?(6MAw1&T5^o&)ie2NbYXxC0^2Yj1P@)B`jHQ1S@H{qYyHC`c~;
zs<>B?aZUr^Pt_Cc)P7vTF09E|?O$6mz
zDQ(XY3-7Wq?$+Bi5J2*5bwUcl$_hx)Ffhwa>7)8*@isG-!+wb5Da4vu69PoO
z{W4l^pV~Xu;nAuVA+q%&SpX|r3T)6x8Z~OShkb9enL%O7nkqhMITe*5p2@6!ML*7U
zAEl00uo9!RZlyb
z@teTVV5Rbz;I=#&L?#9OJep-9X)iy@ASw?=&OmY_)airqv#uCOXbU@Pt$%WIKTP6k
zmZMNdyCmSp4IhFgp`HryhZAA=+~!LZ@0Bya3fB9nVA(Y$k~CQ*QCnbx6Xs5S8N)Yq
z3%ov?H$iOgVPT>36uSEzptB10C^fZzE_b()fQL)I=U{H<*Wl)O+@==CRv>L1qD};r=f7lNn}I+3RHYAJP(z(i;&^Xbl0S?aR3&jpFZTW_ILo@
zJ8+9bH&Nl8f=zj{JtgVLNPw%>q(;=A`6+}PtnhSeln*8Y+yVbsNbaZz{dW<1tW`f?
zRyA*#c@l9m{tF_iUjiW2tb_pX%Wi
z-<&?Ikd$dXds5nTE8rdv_>27ltgm~`%4jtmJy5P;HUy)zF)7ea(t}B0R5^{zYlgo}
zDeyiS)3gZhEz@LbhN`>aPmUlRK(&70rV#ErSob
zN&OJo4OqGp7Ej7u-&IO}F_F?@@XSpDVh&Jn$uWH7-064Vtx05FqnN3-_)?a*A)gCi
z%eW{Nc7ILY?lE!8&@u^NaIgk}(k5=dAp{bE8%5}(b#YJ-@A!Hy)cyl6qH7i2g5r<;
znDh_{_(${39@=zQ0(74_CU&)tRC+KzzP^hFI^?OLMsSEl?TQOtPtyxcXZ>dHnbiW^
z9+zkp%DXpn^B_y&4xIvC&1eDRf5RUeBDDIZ?0zd2{eu)F{<oXqRQ+=DcWmEfOo3(=?^W`8J#&OC#=(G5yeOx6^QsUjXqAG7D{?FeX6wVSrUc
z{!x~bqopW430?F(Ty4HgbkbA>6MKBp2;bKlP2ZO_hk|kTTvyGLhkZ0T`>MqQ^2F8U
zbV3GY3eg)ePFpV)LIQ$XF4m=KrL2eq`z<{+F1^llCtkkP^f9F(~=>IQc)7vJBjdzBrRF
z)b9zMW#a4x`q;w8_@z=-8W|kb>V3G(B)eJWZhgCQ+@DT5H2{pyPX6qFYx-D#h=Ma7
z=J>OQzHEyR6QRnQ10Mm)FnhPP@b!O(OK?a;+3i@aaZ9!0kca_=O-%wkoX{IDG`l>)
z+E|4JDxF3<@O;azWL%=Ryw?hVJ#_LzapTS!%tz32?Gr-On3ES5z6316*1cLY3pq^p
zIfjN`k-D#wrK0{Qp+V0-
ztk$S8@*RiT(%YB>-fbKTQY|YvYjNUtdRlydjh4ASeT9we#9w^BPI*D52ldfFt=gVJ1foYG;%2sV+K3EY}}
zqH`t>yLGwjoGxe?;GLw;(2A$6It!z8ehZkk^;d!t0@BeBb
zSz5*3tw1^296})FA=zp2>U|hh59j_g_P!+vw5T!f`Nc0R6dSA~XSDH*&;!}rSG4=W
zsURtD)Lk7FGBqpZhyt#IgKm~WeWjdem>gL{{9a=lG!
z?tcVpDCl=NMGRzEm
z+Nw;nbvf5SN{%f8MJ&AP+uzN4F%sTk;yM3$3lBP5L^97K&Els2)sjTE@Ae?s490%Mxt!1LkQNmuUSmL%^bx
zT)L|4yqI!mOv?irs{IAbj*cm|{#$%y5tAR{O|7KRM#wCzO+JrRH
zk&%-L(=EQTbYT>@dk&4zG`J(?^7}A-Bs?v!
zaRvGVFr@PeE-vgAa%WE}X!PQ&G6TO0Z5oQ!`~73DzecM7du)jh7rC$3!`y*7y8XiL
zAWqI_?3z@ZkecYW(5DL|SnwhKIBBr!dCQfMYjJhc^^hX|c#O8H;(S;v8_oh;FzXU8
z$d`bamq)Jy0U?wd7~ZwqFT}?_-uPircscIzQ0Yxv{Sh#UbuAQt@^au8-72YZe$&i>QV-py)b4h?4qjy$Xoa@Zz|i=A6)IQ%?t+an)f()y
z%yvK?E;RKCylLUdy-DQ||Ctq?*zDw!Hd?DhfI#cXOwsA#^z$0`(J4p8hMx<=VBX-9
z{L(YC;DmY6Xe6c%Vrp!#y?<~;qaVt+|Y-A~K##>hF
zB4lNF@dp-=f?S`U(<#D*Y?;%ogd2Qk8vuZo_TOCq6{(y?$5PW>hx}E()UJCtB=i{+
z%VQbmlGd&oelCbGBvDpo_T-#FDxe84`h4lW>_v}sYym8;)F-;>>m$<_d$kQlPqxjp3s;3B)N&%p2LGl}5c4YcZ~)825>15FjI&?K21E+<`PD{-
zU%liU9h2D8((X7-54Y=%N|;vxzE1pY(3dZKPP!j{FLleo&9%eiYo?TsOZ7aJw8)X@
z5QPGBTDuVyps_r}k3(QeRm;{VTj>LRWLtK$W5cf&pDTTGky8}V!kV_5lVo$}$CNbN
zE2Na7p1yR+7TFObUU;-6UyR3!%61*A6c8qE)qRVRr21|X#c~xM-_nFv9KAcj$=@^N
zb=D;nn|8+V25ONUGKZC3QVUqxBp4wzc)wJmP|)^;Cbq78#Pn6pJI3o&)z*k$iB*W5
znut>t_7RNJ9j{4gT~LlXTDImcB9P&n{AjA3UxVI`xi9DZruBzMd4$#)i(Vm{E74w)
z?4&d5ZZ$SCn%FH)d3gAgN?6w?X4t{Nj3%I
z&(HRcqa!LERmCz07x
zBY)*1OOE}Wq{5j3#!oXpYT63_6sBY4fv76Bh(#<*b}$ZlZ+TJ5biMFh0xLF8p-l&Z
zz9CjNDEW1HzHo7QQu~{|v~2$d^z|Vgpmo>ZDrFAyMXkVsZtkCaJ;%ZDoW?-06zZ&^
zszJj9-gfyGbz)Cu@EFZ=TwhTZ*_Xc;`C{!zBK9%7x^sx-Ia4m8M{PqRWL!z6>uKMB
zGeQH`MHiQf?{|x&y=uK2KEhfw`B{occ8y8j|J$nqpib5pGCufR1-;
zAMwq0)lPu_+nn&*j+3KW&>vSHpAX}I49hH*qrFHdDF}J+k!3NmIR+5p@0wPA@Cl5`
z6m?5JuH~Tp!55{+7^sRr|7yk3bq
zxnjVQQh?mV?vR^SRYCHy!uuQ|sb@PKR8Xh&5cj--6}aYszRG{9%(Bq7@ZVM!t4x6!
zc@S@jJ^NxGVDEX9F7l+~xyBtwE_9zG3|~#lNMS;MApt=DuAPV$J<64oBF?A2AI?xB
zEV;1v-5f*AY?OpY#=2(ONfk}rBfNY>Uz3*rIz@64)DAnAkG!rXU5F796d*hm1Wd<%
z5KMcP;i34o89F;xjiD4u&5n?N)wDtS{P724)=ikqt&S!xFjOw9?)}ByC0(vHx664d
z@H5!(;cB#1BZQfq$V2>X#uwzho%gGzk(GZOBWfo#S`xXIt@Dq+goBY4sh))=&@N52
V6fLn*CGz?bpe(O0S0iH?{y%IZ@nHY}

diff --git a/doc/source/assets/js/bootstrap.js b/doc/source/assets/js/bootstrap.js
deleted file mode 100644
index c832ccb2e6..0000000000
--- a/doc/source/assets/js/bootstrap.js
+++ /dev/null
@@ -1,1722 +0,0 @@
-/* ===================================================
- * bootstrap-transition.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#transitions
- * ===================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================================================== */
-
-!function( $ ) {
-
-  $(function () {
-
-    "use strict"
-
-    /* CSS TRANSITION SUPPORT (https://gist.github.com/373874)
-     * ======================================================= */
-
-    $.support.transition = (function () {
-      var thisBody = document.body || document.documentElement
-        , thisStyle = thisBody.style
-        , support = thisStyle.transition !== undefined || thisStyle.WebkitTransition !== undefined || thisStyle.MozTransition !== undefined || thisStyle.MsTransition !== undefined || thisStyle.OTransition !== undefined
-
-      return support && {
-        end: (function () {
-          var transitionEnd = "TransitionEnd"
-          if ( $.browser.webkit ) {
-          	transitionEnd = "webkitTransitionEnd"
-          } else if ( $.browser.mozilla ) {
-          	transitionEnd = "transitionend"
-          } else if ( $.browser.opera ) {
-          	transitionEnd = "oTransitionEnd"
-          }
-          return transitionEnd
-        }())
-      }
-    })()
-
-  })
-  
-}( window.jQuery )
-/* ==========================================================
- * bootstrap-alert.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#alerts
- * ==========================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================================================== */
-
-
-!function( $ ){
-
-  "use strict"
-
- /* ALERT CLASS DEFINITION
-  * ====================== */
-
-  var dismiss = '[data-dismiss="alert"]'
-    , Alert = function ( el ) {
-        $(el).on('click', dismiss, this.close)
-      }
-
-  Alert.prototype = {
-
-    constructor: Alert
-
-  , close: function ( e ) {
-      var $this = $(this)
-        , selector = $this.attr('data-target')
-        , $parent
-
-      if (!selector) {
-        selector = $this.attr('href')
-        selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') //strip for ie7
-      }
-
-      $parent = $(selector)
-      $parent.trigger('close')
-
-      e && e.preventDefault()
-
-      $parent.length || ($parent = $this.hasClass('alert') ? $this : $this.parent())
-
-      $parent.removeClass('in')
-
-      function removeElement() {
-        $parent.remove()
-        $parent.trigger('closed')
-      }
-
-      $.support.transition && $parent.hasClass('fade') ?
-        $parent.on($.support.transition.end, removeElement) :
-        removeElement()
-    }
-
-  }
-
-
- /* ALERT PLUGIN DEFINITION
-  * ======================= */
-
-  $.fn.alert = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('alert')
-      if (!data) $this.data('alert', (data = new Alert(this)))
-      if (typeof option == 'string') data[option].call($this)
-    })
-  }
-
-  $.fn.alert.Constructor = Alert
-
-
- /* ALERT DATA-API
-  * ============== */
-
-  $(function () {
-    $('body').on('click.alert.data-api', dismiss, Alert.prototype.close)
-  })
-
-}( window.jQuery )
-/* ============================================================
- * bootstrap-button.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#buttons
- * ============================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============================================================ */
-
-!function( $ ){
-
-  "use strict"
-
- /* BUTTON PUBLIC CLASS DEFINITION
-  * ============================== */
-
-  var Button = function ( element, options ) {
-    this.$element = $(element)
-    this.options = $.extend({}, $.fn.button.defaults, options)
-  }
-
-  Button.prototype = {
-
-      constructor: Button
-
-    , setState: function ( state ) {
-        var d = 'disabled'
-          , $el = this.$element
-          , data = $el.data()
-          , val = $el.is('input') ? 'val' : 'html'
-
-        state = state + 'Text'
-        data.resetText || $el.data('resetText', $el[val]())
-
-        $el[val](data[state] || this.options[state])
-
-        // push to event loop to allow forms to submit
-        setTimeout(function () {
-          state == 'loadingText' ?
-            $el.addClass(d).attr(d, d) :
-            $el.removeClass(d).removeAttr(d)
-        }, 0)
-      }
-
-    , toggle: function () {
-        var $parent = this.$element.parent('[data-toggle="buttons-radio"]')
-
-        $parent && $parent
-          .find('.active')
-          .removeClass('active')
-
-        this.$element.toggleClass('active')
-      }
-
-  }
-
-
- /* BUTTON PLUGIN DEFINITION
-  * ======================== */
-
-  $.fn.button = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('button')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('button', (data = new Button(this, options)))
-      if (option == 'toggle') data.toggle()
-      else if (option) data.setState(option)
-    })
-  }
-
-  $.fn.button.defaults = {
-    loadingText: 'loading...'
-  }
-
-  $.fn.button.Constructor = Button
-
-
- /* BUTTON DATA-API
-  * =============== */
-
-  $(function () {
-    $('body').on('click.button.data-api', '[data-toggle^=button]', function ( e ) {
-      $(e.target).button('toggle')
-    })
-  })
-
-}( window.jQuery )
-/* ==========================================================
- * bootstrap-carousel.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#carousel
- * ==========================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================================================== */
-
-
-!function( $ ){
-
-  "use strict"
-
- /* CAROUSEL CLASS DEFINITION
-  * ========================= */
-
-  var Carousel = function (element, options) {
-    this.$element = $(element)
-    this.options = $.extend({}, $.fn.carousel.defaults, options)
-    this.options.slide && this.slide(this.options.slide)
-  }
-
-  Carousel.prototype = {
-
-    cycle: function () {
-      this.interval = setInterval($.proxy(this.next, this), this.options.interval)
-      return this
-    }
-
-  , to: function (pos) {
-      var $active = this.$element.find('.active')
-        , children = $active.parent().children()
-        , activePos = children.index($active)
-        , that = this
-
-      if (pos > (children.length - 1) || pos < 0) return
-
-      if (this.sliding) {
-        return this.$element.one('slid', function () {
-          that.to(pos)
-        })
-      }
-
-      if (activePos == pos) {
-        return this.pause().cycle()
-      }
-
-      return this.slide(pos > activePos ? 'next' : 'prev', $(children[pos]))
-    }
-
-  , pause: function () {
-      clearInterval(this.interval)
-      return this
-    }
-
-  , next: function () {
-      if (this.sliding) return
-      return this.slide('next')
-    }
-
-  , prev: function () {
-      if (this.sliding) return
-      return this.slide('prev')
-    }
-
-  , slide: function (type, next) {
-      var $active = this.$element.find('.active')
-        , $next = next || $active[type]()
-        , isCycling = this.interval
-        , direction = type == 'next' ? 'left' : 'right'
-        , fallback  = type == 'next' ? 'first' : 'last'
-        , that = this
-
-      this.sliding = true
-
-      isCycling && this.pause()
-
-      $next = $next.length ? $next : this.$element.find('.item')[fallback]()
-
-      if (!$.support.transition && this.$element.hasClass('slide')) {
-        this.$element.trigger('slide')
-        $active.removeClass('active')
-        $next.addClass('active')
-        this.sliding = false
-        this.$element.trigger('slid')
-      } else {
-        $next.addClass(type)
-        $next[0].offsetWidth // force reflow
-        $active.addClass(direction)
-        $next.addClass(direction)
-        this.$element.trigger('slide')
-        this.$element.one($.support.transition.end, function () {
-          $next.removeClass([type, direction].join(' ')).addClass('active')
-          $active.removeClass(['active', direction].join(' '))
-          that.sliding = false
-          setTimeout(function () { that.$element.trigger('slid') }, 0)
-        })
-      }
-
-      isCycling && this.cycle()
-
-      return this
-    }
-
-  }
-
-
- /* CAROUSEL PLUGIN DEFINITION
-  * ========================== */
-
-  $.fn.carousel = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('carousel')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('carousel', (data = new Carousel(this, options)))
-      if (typeof option == 'number') data.to(option)
-      else if (typeof option == 'string' || (option = options.slide)) data[option]()
-      else data.cycle()
-    })
-  }
-
-  $.fn.carousel.defaults = {
-    interval: 5000
-  }
-
-  $.fn.carousel.Constructor = Carousel
-
-
- /* CAROUSEL DATA-API
-  * ================= */
-
-  $(function () {
-    $('body').on('click.carousel.data-api', '[data-slide]', function ( e ) {
-      var $this = $(this), href
-        , $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) //strip for ie7
-        , options = !$target.data('modal') && $.extend({}, $target.data(), $this.data())
-      $target.carousel(options)
-      e.preventDefault()
-    })
-  })
-
-}( window.jQuery )
-/* =============================================================
- * bootstrap-collapse.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#collapse
- * =============================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============================================================ */
-
-!function( $ ){
-
-  "use strict"
-
-  var Collapse = function ( element, options ) {
-  	this.$element = $(element)
-    this.options = $.extend({}, $.fn.collapse.defaults, options)
-
-    if (this.options["parent"]) {
-      this.$parent = $(this.options["parent"])
-    }
-
-    this.options.toggle && this.toggle()
-  }
-
-  Collapse.prototype = {
-
-    constructor: Collapse
-
-  , dimension: function () {
-      var hasWidth = this.$element.hasClass('width')
-      return hasWidth ? 'width' : 'height'
-    }
-
-  , show: function () {
-      var dimension = this.dimension()
-        , scroll = $.camelCase(['scroll', dimension].join('-'))
-        , actives = this.$parent && this.$parent.find('.in')
-        , hasData
-
-      if (actives && actives.length) {
-        hasData = actives.data('collapse')
-        actives.collapse('hide')
-        hasData || actives.data('collapse', null)
-      }
-
-      this.$element[dimension](0)
-      this.transition('addClass', 'show', 'shown')
-      this.$element[dimension](this.$element[0][scroll])
-
-    }
-
-  , hide: function () {
-      var dimension = this.dimension()
-      this.reset(this.$element[dimension]())
-      this.transition('removeClass', 'hide', 'hidden')
-      this.$element[dimension](0)
-    }
-
-  , reset: function ( size ) {
-      var dimension = this.dimension()
-
-      this.$element
-        .removeClass('collapse')
-        [dimension](size || 'auto')
-        [0].offsetWidth
-
-      this.$element.addClass('collapse')
-    }
-
-  , transition: function ( method, startEvent, completeEvent ) {
-      var that = this
-        , complete = function () {
-            if (startEvent == 'show') that.reset()
-            that.$element.trigger(completeEvent)
-          }
-
-      this.$element
-        .trigger(startEvent)
-        [method]('in')
-
-      $.support.transition && this.$element.hasClass('collapse') ?
-        this.$element.one($.support.transition.end, complete) :
-        complete()
-  	}
-
-  , toggle: function () {
-      this[this.$element.hasClass('in') ? 'hide' : 'show']()
-  	}
-
-  }
-
-  /* COLLAPSIBLE PLUGIN DEFINITION
-  * ============================== */
-
-  $.fn.collapse = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('collapse')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('collapse', (data = new Collapse(this, options)))
-      if (typeof option == 'string') data[option]()
-    })
-  }
-
-  $.fn.collapse.defaults = {
-    toggle: true
-  }
-
-  $.fn.collapse.Constructor = Collapse
-
-
- /* COLLAPSIBLE DATA-API
-  * ==================== */
-
-  $(function () {
-    $('body').on('click.collapse.data-api', '[data-toggle=collapse]', function ( e ) {
-      var $this = $(this), href
-        , target = $this.attr('data-target')
-          || e.preventDefault()
-          || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '') //strip for ie7
-        , option = $(target).data('collapse') ? 'toggle' : $this.data()
-      $(target).collapse(option)
-    })
-  })
-
-}( window.jQuery )
-/* ============================================================
- * bootstrap-dropdown.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#dropdowns
- * ============================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============================================================ */
-
-
-!function( $ ){
-
-  "use strict"
-
- /* DROPDOWN CLASS DEFINITION
-  * ========================= */
-
-  var toggle = '[data-toggle="dropdown"]'
-    , Dropdown = function ( element ) {
-        var $el = $(element).on('click.dropdown.data-api', this.toggle)
-        $('html').on('click.dropdown.data-api', function () {
-          $el.parent().removeClass('open')
-        })
-      }
-
-  Dropdown.prototype = {
-
-    constructor: Dropdown
-
-  , toggle: function ( e ) {
-      var $this = $(this)
-        , selector = $this.attr('data-target')
-        , $parent
-        , isActive
-
-      if (!selector) {
-        selector = $this.attr('href')
-        selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') //strip for ie7
-      }
-
-      $parent = $(selector)
-      $parent.length || ($parent = $this.parent())
-
-      isActive = $parent.hasClass('open')
-
-      clearMenus()
-      !isActive && $parent.toggleClass('open')
-
-      return false
-    }
-
-  }
-
-  function clearMenus() {
-    $(toggle).parent().removeClass('open')
-  }
-
-
-  /* DROPDOWN PLUGIN DEFINITION
-   * ========================== */
-
-  $.fn.dropdown = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('dropdown')
-      if (!data) $this.data('dropdown', (data = new Dropdown(this)))
-      if (typeof option == 'string') data[option].call($this)
-    })
-  }
-
-  $.fn.dropdown.Constructor = Dropdown
-
-
-  /* APPLY TO STANDARD DROPDOWN ELEMENTS
-   * =================================== */
-
-  $(function () {
-    $('html').on('click.dropdown.data-api', clearMenus)
-    $('body').on('click.dropdown.data-api', toggle, Dropdown.prototype.toggle)
-  })
-
-}( window.jQuery )
-/* =========================================================
- * bootstrap-modal.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#modals
- * =========================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================================================= */
-
-
-!function( $ ){
-
-  "use strict"
-
- /* MODAL CLASS DEFINITION
-  * ====================== */
-
-  var Modal = function ( content, options ) {
-    this.options = $.extend({}, $.fn.modal.defaults, options)
-    this.$element = $(content)
-      .delegate('[data-dismiss="modal"]', 'click.dismiss.modal', $.proxy(this.hide, this))
-  }
-
-  Modal.prototype = {
-
-      constructor: Modal
-
-    , toggle: function () {
-        return this[!this.isShown ? 'show' : 'hide']()
-      }
-
-    , show: function () {
-        var that = this
-
-        if (this.isShown) return
-
-        $('body').addClass('modal-open')
-
-        this.isShown = true
-        this.$element.trigger('show')
-
-        escape.call(this)
-        backdrop.call(this, function () {
-          var transition = $.support.transition && that.$element.hasClass('fade')
-
-          !that.$element.parent().length && that.$element.appendTo(document.body) //don't move modals dom position
-
-          that.$element
-            .show()
-
-          if (transition) {
-            that.$element[0].offsetWidth // force reflow
-          }
-
-          that.$element.addClass('in')
-
-          transition ?
-            that.$element.one($.support.transition.end, function () { that.$element.trigger('shown') }) :
-            that.$element.trigger('shown')
-
-        })
-      }
-
-    , hide: function ( e ) {
-        e && e.preventDefault()
-
-        if (!this.isShown) return
-
-        var that = this
-        this.isShown = false
-
-        $('body').removeClass('modal-open')
-
-        escape.call(this)
-
-        this.$element
-          .trigger('hide')
-          .removeClass('in')
-
-        $.support.transition && this.$element.hasClass('fade') ?
-          hideWithTransition.call(this) :
-          hideModal.call(this)
-      }
-
-  }
-
-
- /* MODAL PRIVATE METHODS
-  * ===================== */
-
-  function hideWithTransition() {
-    var that = this
-      , timeout = setTimeout(function () {
-          that.$element.off($.support.transition.end)
-          hideModal.call(that)
-        }, 500)
-
-    this.$element.one($.support.transition.end, function () {
-      clearTimeout(timeout)
-      hideModal.call(that)
-    })
-  }
-
-  function hideModal( that ) {
-    this.$element
-      .hide()
-      .trigger('hidden')
-
-    backdrop.call(this)
-  }
-
-  function backdrop( callback ) {
-    var that = this
-      , animate = this.$element.hasClass('fade') ? 'fade' : ''
-
-    if (this.isShown && this.options.backdrop) {
-      var doAnimate = $.support.transition && animate
-
-      this.$backdrop = $('
    ')
-        .appendTo(document.body)
-
-      if (this.options.backdrop != 'static') {
-        this.$backdrop.click($.proxy(this.hide, this))
-      }
-
-      if (doAnimate) this.$backdrop[0].offsetWidth // force reflow
-
-      this.$backdrop.addClass('in')
-
-      doAnimate ?
-        this.$backdrop.one($.support.transition.end, callback) :
-        callback()
-
-    } else if (!this.isShown && this.$backdrop) {
-      this.$backdrop.removeClass('in')
-
-      $.support.transition && this.$element.hasClass('fade')?
-        this.$backdrop.one($.support.transition.end, $.proxy(removeBackdrop, this)) :
-        removeBackdrop.call(this)
-
-    } else if (callback) {
-      callback()
-    }
-  }
-
-  function removeBackdrop() {
-    this.$backdrop.remove()
-    this.$backdrop = null
-  }
-
-  function escape() {
-    var that = this
-    if (this.isShown && this.options.keyboard) {
-      $(document).on('keyup.dismiss.modal', function ( e ) {
-        e.which == 27 && that.hide()
-      })
-    } else if (!this.isShown) {
-      $(document).off('keyup.dismiss.modal')
-    }
-  }
-
-
- /* MODAL PLUGIN DEFINITION
-  * ======================= */
-
-  $.fn.modal = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('modal')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('modal', (data = new Modal(this, options)))
-      if (typeof option == 'string') data[option]()
-      else data.show()
-    })
-  }
-
-  $.fn.modal.defaults = {
-      backdrop: true
-    , keyboard: true
-  }
-
-  $.fn.modal.Constructor = Modal
-
-
- /* MODAL DATA-API
-  * ============== */
-
-  $(function () {
-    $('body').on('click.modal.data-api', '[data-toggle="modal"]', function ( e ) {
-      var $this = $(this), href
-        , $target = $($this.attr('data-target') || (href = $this.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) //strip for ie7
-        , option = $target.data('modal') ? 'toggle' : $.extend({}, $target.data(), $this.data())
-
-      e.preventDefault()
-      $target.modal(option)
-    })
-  })
-
-}( window.jQuery )
-/* ===========================================================
- * bootstrap-tooltip.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#tooltips
- * Inspired by the original jQuery.tipsy by Jason Frame
- * ===========================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================================================== */
-
-!function( $ ) {
-
-  "use strict"
-
- /* TOOLTIP PUBLIC CLASS DEFINITION
-  * =============================== */
-
-  var Tooltip = function ( element, options ) {
-    this.init('tooltip', element, options)
-  }
-
-  Tooltip.prototype = {
-
-    constructor: Tooltip
-
-  , init: function ( type, element, options ) {
-      var eventIn
-        , eventOut
-
-      this.type = type
-      this.$element = $(element)
-      this.options = this.getOptions(options)
-      this.enabled = true
-
-      if (this.options.trigger != 'manual') {
-        eventIn  = this.options.trigger == 'hover' ? 'mouseenter' : 'focus'
-        eventOut = this.options.trigger == 'hover' ? 'mouseleave' : 'blur'
-        this.$element.on(eventIn, this.options.selector, $.proxy(this.enter, this))
-        this.$element.on(eventOut, this.options.selector, $.proxy(this.leave, this))
-      }
-
-      this.options.selector ?
-        (this._options = $.extend({}, this.options, { trigger: 'manual', selector: '' })) :
-        this.fixTitle()
-    }
-
-  , getOptions: function ( options ) {
-      options = $.extend({}, $.fn[this.type].defaults, options, this.$element.data())
-
-      if (options.delay && typeof options.delay == 'number') {
-        options.delay = {
-          show: options.delay
-        , hide: options.delay
-        }
-      }
-
-      return options
-    }
-
-  , enter: function ( e ) {
-      var self = $(e.currentTarget)[this.type](this._options).data(this.type)
-
-      if (!self.options.delay || !self.options.delay.show) {
-        self.show()
-      } else {
-        self.hoverState = 'in'
-        setTimeout(function() {
-          if (self.hoverState == 'in') {
-            self.show()
-          }
-        }, self.options.delay.show)
-      }
-    }
-
-  , leave: function ( e ) {
-      var self = $(e.currentTarget)[this.type](this._options).data(this.type)
-
-      if (!self.options.delay || !self.options.delay.hide) {
-        self.hide()
-      } else {
-        self.hoverState = 'out'
-        setTimeout(function() {
-          if (self.hoverState == 'out') {
-            self.hide()
-          }
-        }, self.options.delay.hide)
-      }
-    }
-
-  , show: function () {
-      var $tip
-        , inside
-        , pos
-        , actualWidth
-        , actualHeight
-        , placement
-        , tp
-
-      if (this.hasContent() && this.enabled) {
-        $tip = this.tip()
-        this.setContent()
-
-        if (this.options.animation) {
-          $tip.addClass('fade')
-        }
-
-        placement = typeof this.options.placement == 'function' ?
-          this.options.placement.call(this, $tip[0], this.$element[0]) :
-          this.options.placement
-
-        inside = /in/.test(placement)
-
-        $tip
-          .remove()
-          .css({ top: 0, left: 0, display: 'block' })
-          .appendTo(inside ? this.$element : document.body)
-
-        pos = this.getPosition(inside)
-
-        actualWidth = $tip[0].offsetWidth
-        actualHeight = $tip[0].offsetHeight
-
-        switch (inside ? placement.split(' ')[1] : placement) {
-          case 'bottom':
-            tp = {top: pos.top + pos.height, left: pos.left + pos.width / 2 - actualWidth / 2}
-            break
-          case 'top':
-            tp = {top: pos.top - actualHeight, left: pos.left + pos.width / 2 - actualWidth / 2}
-            break
-          case 'left':
-            tp = {top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left - actualWidth}
-            break
-          case 'right':
-            tp = {top: pos.top + pos.height / 2 - actualHeight / 2, left: pos.left + pos.width}
-            break
-        }
-
-        $tip
-          .css(tp)
-          .addClass(placement)
-          .addClass('in')
-      }
-    }
-
-  , setContent: function () {
-      var $tip = this.tip()
-      $tip.find('.tooltip-inner').html(this.getTitle())
-      $tip.removeClass('fade in top bottom left right')
-    }
-
-  , hide: function () {
-      var that = this
-        , $tip = this.tip()
-
-      $tip.removeClass('in')
-
-      function removeWithAnimation() {
-        var timeout = setTimeout(function () {
-          $tip.off($.support.transition.end).remove()
-        }, 500)
-
-        $tip.one($.support.transition.end, function () {
-          clearTimeout(timeout)
-          $tip.remove()
-        })
-      }
-
-      $.support.transition && this.$tip.hasClass('fade') ?
-        removeWithAnimation() :
-        $tip.remove()
-    }
-
-  , fixTitle: function () {
-      var $e = this.$element
-      if ($e.attr('title') || typeof($e.attr('data-original-title')) != 'string') {
-        $e.attr('data-original-title', $e.attr('title') || '').removeAttr('title')
-      }
-    }
-
-  , hasContent: function () {
-      return this.getTitle()
-    }
-
-  , getPosition: function (inside) {
-      return $.extend({}, (inside ? {top: 0, left: 0} : this.$element.offset()), {
-        width: this.$element[0].offsetWidth
-      , height: this.$element[0].offsetHeight
-      })
-    }
-
-  , getTitle: function () {
-      var title
-        , $e = this.$element
-        , o = this.options
-
-      title = $e.attr('data-original-title')
-        || (typeof o.title == 'function' ? o.title.call($e[0]) :  o.title)
-
-      title = title.toString().replace(/(^\s*|\s*$)/, "")
-
-      return title
-    }
-
-  , tip: function () {
-      return this.$tip = this.$tip || $(this.options.template)
-    }
-
-  , validate: function () {
-      if (!this.$element[0].parentNode) {
-        this.hide()
-        this.$element = null
-        this.options = null
-      }
-    }
-
-  , enable: function () {
-      this.enabled = true
-    }
-
-  , disable: function () {
-      this.enabled = false
-    }
-
-  , toggleEnabled: function () {
-      this.enabled = !this.enabled
-    }
-
-  , toggle: function () {
-      this[this.tip().hasClass('in') ? 'hide' : 'show']()
-    }
-
-  }
-
-
- /* TOOLTIP PLUGIN DEFINITION
-  * ========================= */
-
-  $.fn.tooltip = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('tooltip')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('tooltip', (data = new Tooltip(this, options)))
-      if (typeof option == 'string') data[option]()
-    })
-  }
-
-  $.fn.tooltip.Constructor = Tooltip
-
-  $.fn.tooltip.defaults = {
-    animation: true
-  , delay: 0
-  , selector: false
-  , placement: 'top'
-  , trigger: 'hover'
-  , title: ''
-  , template: '
    '
-  }
-
-}( window.jQuery )
-/* ===========================================================
- * bootstrap-popover.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#popovers
- * ===========================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * =========================================================== */
-
-
-!function( $ ) {
-
- "use strict"
-
-  var Popover = function ( element, options ) {
-    this.init('popover', element, options)
-  }
-
-  /* NOTE: POPOVER EXTENDS BOOTSTRAP-TOOLTIP.js
-     ========================================== */
-
-  Popover.prototype = $.extend({}, $.fn.tooltip.Constructor.prototype, {
-
-    constructor: Popover
-
-  , setContent: function () {
-      var $tip = this.tip()
-        , title = this.getTitle()
-        , content = this.getContent()
-
-      $tip.find('.popover-title')[ $.type(title) == 'object' ? 'append' : 'html' ](title)
-      $tip.find('.popover-content > *')[ $.type(content) == 'object' ? 'append' : 'html' ](content)
-
-      $tip.removeClass('fade top bottom left right in')
-    }
-
-  , hasContent: function () {
-      return this.getTitle() || this.getContent()
-    }
-
-  , getContent: function () {
-      var content
-        , $e = this.$element
-        , o = this.options
-
-      content = $e.attr('data-content')
-        || (typeof o.content == 'function' ? o.content.call($e[0]) :  o.content)
-
-      content = content.toString().replace(/(^\s*|\s*$)/, "")
-
-      return content
-    }
-
-  , tip: function() {
-      if (!this.$tip) {
-        this.$tip = $(this.options.template)
-      }
-      return this.$tip
-    }
-
-  })
-
-
- /* POPOVER PLUGIN DEFINITION
-  * ======================= */
-
-  $.fn.popover = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('popover')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('popover', (data = new Popover(this, options)))
-      if (typeof option == 'string') data[option]()
-    })
-  }
-
-  $.fn.popover.Constructor = Popover
-
-  $.fn.popover.defaults = $.extend({} , $.fn.tooltip.defaults, {
-    placement: 'right'
-  , content: ''
-  , template: '
    '
-  })
-
-}( window.jQuery )
-/* =============================================================
- * bootstrap-scrollspy.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#scrollspy
- * =============================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============================================================== */
-
-!function ( $ ) {
-
-  "use strict"
-
-  /* SCROLLSPY CLASS DEFINITION
-   * ========================== */
-
-  function ScrollSpy( element, options) {
-    var process = $.proxy(this.process, this)
-      , $element = $(element).is('body') ? $(window) : $(element)
-      , href
-    this.options = $.extend({}, $.fn.scrollspy.defaults, options)
-    this.$scrollElement = $element.on('scroll.scroll.data-api', process)
-    this.selector = (this.options.target
-      || ((href = $(element).attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')) //strip for ie7
-      || '') + ' .nav li > a'
-    this.$body = $('body').on('click.scroll.data-api', this.selector, process)
-    this.refresh()
-    this.process()
-  }
-
-  ScrollSpy.prototype = {
-
-      constructor: ScrollSpy
-
-    , refresh: function () {
-        this.targets = this.$body
-          .find(this.selector)
-          .map(function () {
-            var href = $(this).attr('href')
-            return /^#\w/.test(href) && $(href).length ? href : null
-          })
-
-        this.offsets = $.map(this.targets, function (id) {
-          return $(id).position().top
-        })
-      }
-
-    , process: function () {
-        var scrollTop = this.$scrollElement.scrollTop() + this.options.offset
-          , offsets = this.offsets
-          , targets = this.targets
-          , activeTarget = this.activeTarget
-          , i
-
-        for (i = offsets.length; i--;) {
-          activeTarget != targets[i]
-            && scrollTop >= offsets[i]
-            && (!offsets[i + 1] || scrollTop <= offsets[i + 1])
-            && this.activate( targets[i] )
-        }
-      }
-
-    , activate: function (target) {
-        var active
-
-        this.activeTarget = target
-
-        this.$body
-          .find(this.selector).parent('.active')
-          .removeClass('active')
-
-        active = this.$body
-          .find(this.selector + '[href="' + target + '"]')
-          .parent('li')
-          .addClass('active')
-
-        if ( active.parent('.dropdown-menu') )  {
-          active.closest('li.dropdown').addClass('active')
-        }
-      }
-
-  }
-
-
- /* SCROLLSPY PLUGIN DEFINITION
-  * =========================== */
-
-  $.fn.scrollspy = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('scrollspy')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('scrollspy', (data = new ScrollSpy(this, options)))
-      if (typeof option == 'string') data[option]()
-    })
-  }
-
-  $.fn.scrollspy.Constructor = ScrollSpy
-
-  $.fn.scrollspy.defaults = {
-    offset: 10
-  }
-
-
- /* SCROLLSPY DATA-API
-  * ================== */
-
-  $(function () {
-    $('[data-spy="scroll"]').each(function () {
-      var $spy = $(this)
-      $spy.scrollspy($spy.data())
-    })
-  })
-
-}( window.jQuery )
-/* ========================================================
- * bootstrap-tab.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#tabs
- * ========================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ======================================================== */
-
-
-!function( $ ){
-
-  "use strict"
-
- /* TAB CLASS DEFINITION
-  * ==================== */
-
-  var Tab = function ( element ) {
-    this.element = $(element)
-  }
-
-  Tab.prototype = {
-
-    constructor: Tab
-
-  , show: function () {
-      var $this = this.element
-        , $ul = $this.closest('ul:not(.dropdown-menu)')
-        , selector = $this.attr('data-target')
-        , previous
-        , $target
-
-      if (!selector) {
-        selector = $this.attr('href')
-        selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') //strip for ie7
-      }
-
-      if ( $this.parent('li').hasClass('active') ) return
-
-      previous = $ul.find('.active a').last()[0]
-
-      $this.trigger({
-        type: 'show'
-      , relatedTarget: previous
-      })
-
-      $target = $(selector)
-
-      this.activate($this.parent('li'), $ul)
-      this.activate($target, $target.parent(), function () {
-        $this.trigger({
-          type: 'shown'
-        , relatedTarget: previous
-        })
-      })
-    }
-
-  , activate: function ( element, container, callback) {
-      var $active = container.find('> .active')
-        , transition = callback
-            && $.support.transition
-            && $active.hasClass('fade')
-
-      function next() {
-        $active
-          .removeClass('active')
-          .find('> .dropdown-menu > .active')
-          .removeClass('active')
-
-        element.addClass('active')
-
-        if (transition) {
-          element[0].offsetWidth // reflow for transition
-          element.addClass('in')
-        } else {
-          element.removeClass('fade')
-        }
-
-        if ( element.parent('.dropdown-menu') ) {
-          element.closest('li.dropdown').addClass('active')
-        }
-
-        callback && callback()
-      }
-
-      transition ?
-        $active.one($.support.transition.end, next) :
-        next()
-
-      $active.removeClass('in')
-    }
-  }
-
-
- /* TAB PLUGIN DEFINITION
-  * ===================== */
-
-  $.fn.tab = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('tab')
-      if (!data) $this.data('tab', (data = new Tab(this)))
-      if (typeof option == 'string') data[option]()
-    })
-  }
-
-  $.fn.tab.Constructor = Tab
-
-
- /* TAB DATA-API
-  * ============ */
-
-  $(function () {
-    $('body').on('click.tab.data-api', '[data-toggle="tab"], [data-toggle="pill"]', function (e) {
-      e.preventDefault()
-      $(this).tab('show')
-    })
-  })
-
-}( window.jQuery )
-/* =============================================================
- * bootstrap-typeahead.js v2.0.0
- * http://twitter.github.com/bootstrap/javascript.html#typeahead
- * =============================================================
- * Copyright 2012 Twitter, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============================================================ */
-
-!function( $ ){
-
-  "use strict"
-
-  var Typeahead = function ( element, options ) {
-    this.$element = $(element)
-    this.options = $.extend({}, $.fn.typeahead.defaults, options)
-    this.matcher = this.options.matcher || this.matcher
-    this.sorter = this.options.sorter || this.sorter
-    this.highlighter = this.options.highlighter || this.highlighter
-    this.$menu = $(this.options.menu).appendTo('body')
-    this.source = this.options.source
-    this.shown = false
-    this.listen()
-  }
-
-  Typeahead.prototype = {
-
-    constructor: Typeahead
-
-  , select: function () {
-      var val = this.$menu.find('.active').attr('data-value')
-      this.$element.val(val)
-      return this.hide()
-    }
-
-  , show: function () {
-      var pos = $.extend({}, this.$element.offset(), {
-        height: this.$element[0].offsetHeight
-      })
-
-      this.$menu.css({
-        top: pos.top + pos.height
-      , left: pos.left
-      })
-
-      this.$menu.show()
-      this.shown = true
-      return this
-    }
-
-  , hide: function () {
-      this.$menu.hide()
-      this.shown = false
-      return this
-    }
-
-  , lookup: function (event) {
-      var that = this
-        , items
-        , q
-
-      this.query = this.$element.val()
-
-      if (!this.query) {
-        return this.shown ? this.hide() : this
-      }
-
-      items = $.grep(this.source, function (item) {
-        if (that.matcher(item)) return item
-      })
-
-      items = this.sorter(items)
-
-      if (!items.length) {
-        return this.shown ? this.hide() : this
-      }
-
-      return this.render(items.slice(0, this.options.items)).show()
-    }
-
-  , matcher: function (item) {
-      return ~item.toLowerCase().indexOf(this.query.toLowerCase())
-    }
-
-  , sorter: function (items) {
-      var beginswith = []
-        , caseSensitive = []
-        , caseInsensitive = []
-        , item
-
-      while (item = items.shift()) {
-        if (!item.toLowerCase().indexOf(this.query.toLowerCase())) beginswith.push(item)
-        else if (~item.indexOf(this.query)) caseSensitive.push(item)
-        else caseInsensitive.push(item)
-      }
-
-      return beginswith.concat(caseSensitive, caseInsensitive)
-    }
-
-  , highlighter: function (item) {
-      return item.replace(new RegExp('(' + this.query + ')', 'ig'), function ($1, match) {
-        return '' + match + ''
-      })
-    }
-
-  , render: function (items) {
-      var that = this
-
-      items = $(items).map(function (i, item) {
-        i = $(that.options.item).attr('data-value', item)
-        i.find('a').html(that.highlighter(item))
-        return i[0]
-      })
-
-      items.first().addClass('active')
-      this.$menu.html(items)
-      return this
-    }
-
-  , next: function (event) {
-      var active = this.$menu.find('.active').removeClass('active')
-        , next = active.next()
-
-      if (!next.length) {
-        next = $(this.$menu.find('li')[0])
-      }
-
-      next.addClass('active')
-    }
-
-  , prev: function (event) {
-      var active = this.$menu.find('.active').removeClass('active')
-        , prev = active.prev()
-
-      if (!prev.length) {
-        prev = this.$menu.find('li').last()
-      }
-
-      prev.addClass('active')
-    }
-
-  , listen: function () {
-      this.$element
-        .on('blur',     $.proxy(this.blur, this))
-        .on('keypress', $.proxy(this.keypress, this))
-        .on('keyup',    $.proxy(this.keyup, this))
-
-      if ($.browser.webkit || $.browser.msie) {
-        this.$element.on('keydown', $.proxy(this.keypress, this))
-      }
-
-      this.$menu
-        .on('click', $.proxy(this.click, this))
-        .on('mouseenter', 'li', $.proxy(this.mouseenter, this))
-    }
-
-  , keyup: function (e) {
-      e.stopPropagation()
-      e.preventDefault()
-
-      switch(e.keyCode) {
-        case 40: // down arrow
-        case 38: // up arrow
-          break
-
-        case 9: // tab
-        case 13: // enter
-          if (!this.shown) return
-          this.select()
-          break
-
-        case 27: // escape
-          this.hide()
-          break
-
-        default:
-          this.lookup()
-      }
-
-  }
-
-  , keypress: function (e) {
-      e.stopPropagation()
-      if (!this.shown) return
-
-      switch(e.keyCode) {
-        case 9: // tab
-        case 13: // enter
-        case 27: // escape
-          e.preventDefault()
-          break
-
-        case 38: // up arrow
-          e.preventDefault()
-          this.prev()
-          break
-
-        case 40: // down arrow
-          e.preventDefault()
-          this.next()
-          break
-      }
-    }
-
-  , blur: function (e) {
-      var that = this
-      e.stopPropagation()
-      e.preventDefault()
-      setTimeout(function () { that.hide() }, 150)
-    }
-
-  , click: function (e) {
-      e.stopPropagation()
-      e.preventDefault()
-      this.select()
-    }
-
-  , mouseenter: function (e) {
-      this.$menu.find('.active').removeClass('active')
-      $(e.currentTarget).addClass('active')
-    }
-
-  }
-
-
-  /* TYPEAHEAD PLUGIN DEFINITION
-   * =========================== */
-
-  $.fn.typeahead = function ( option ) {
-    return this.each(function () {
-      var $this = $(this)
-        , data = $this.data('typeahead')
-        , options = typeof option == 'object' && option
-      if (!data) $this.data('typeahead', (data = new Typeahead(this, options)))
-      if (typeof option == 'string') data[option]()
-    })
-  }
-
-  $.fn.typeahead.defaults = {
-    source: []
-  , items: 8
-  , menu: '
      '
-  , item: '
      • '
-  }
-
-  $.fn.typeahead.Constructor = Typeahead
-
-
- /* TYPEAHEAD DATA-API
-  * ================== */
-
-  $(function () {
-    $('body').on('focus.typeahead.data-api', '[data-provide="typeahead"]', function (e) {
-      var $this = $(this)
-      if ($this.data('typeahead')) return
-      e.preventDefault()
-      $this.typeahead($this.data())
-    })
-  })
-
-}( window.jQuery )
diff --git a/doc/source/assets/js/bootstrap.min.js b/doc/source/assets/js/bootstrap.min.js
deleted file mode 100644
index 1f295a14e9..0000000000
--- a/doc/source/assets/js/bootstrap.min.js
+++ /dev/null
@@ -1 +0,0 @@
-!function(a){a(function(){"use strict",a.support.transition=function(){var b=document.body||document.documentElement,c=b.style,d=c.transition!==undefined||c.WebkitTransition!==undefined||c.MozTransition!==undefined||c.MsTransition!==undefined||c.OTransition!==undefined;return d&&{end:function(){var b="TransitionEnd";return a.browser.webkit?b="webkitTransitionEnd":a.browser.mozilla?b="transitionend":a.browser.opera&&(b="oTransitionEnd"),b}()}}()})}(window.jQuery),!function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype={constructor:c,close:function(b){function f(){e.remove(),e.trigger("closed")}var c=a(this),d=c.attr("data-target"),e;d||(d=c.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),e=a(d),e.trigger("close"),b&&b.preventDefault(),e.length||(e=c.hasClass("alert")?c:c.parent()),e.removeClass("in"),a.support.transition&&e.hasClass("fade")?e.on(a.support.transition.end,f):f()}},a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("alert");e||d.data("alert",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.alert.Constructor=c,a(function(){a("body").on("click.alert.data-api",b,c.prototype.close)})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.button.defaults,c)};b.prototype={constructor:b,setState:function(a){var b="disabled",c=this.$element,d=c.data(),e=c.is("input")?"val":"html";a+="Text",d.resetText||c.data("resetText",c[e]()),c[e](d[a]||this.options[a]),setTimeout(function(){a=="loadingText"?c.addClass(b).attr(b,b):c.removeClass(b).removeAttr(b)},0)},toggle:function(){var a=this.$element.parent('[data-toggle="buttons-radio"]');a&&a.find(".active").removeClass("active"),this.$element.toggleClass("active")}},a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("button"),f=typeof c=="object"&&c;e||d.data("button",e=new b(this,f)),c=="toggle"?e.toggle():c&&e.setState(c)})},a.fn.button.defaults={loadingText:"loading..."},a.fn.button.Constructor=b,a(function(){a("body").on("click.button.data-api","[data-toggle^=button]",function(b){a(b.target).button("toggle")})})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.carousel.defaults,c),this.options.slide&&this.slide(this.options.slide)};b.prototype={cycle:function(){return this.interval=setInterval(a.proxy(this.next,this),this.options.interval),this},to:function(b){var c=this.$element.find(".active"),d=c.parent().children(),e=d.index(c),f=this;if(b>d.length-1||b<0)return;return this.sliding?this.$element.one("slid",function(){f.to(b)}):e==b?this.pause().cycle():this.slide(b>e?"next":"prev",a(d[b]))},pause:function(){return clearInterval(this.interval),this},next:function(){if(this.sliding)return;return this.slide("next")},prev:function(){if(this.sliding)return;return this.slide("prev")},slide:function(b,c){var d=this.$element.find(".active"),e=c||d[b](),f=this.interval,g=b=="next"?"left":"right",h=b=="next"?"first":"last",i=this;return this.sliding=!0,f&&this.pause(),e=e.length?e:this.$element.find(".item")[h](),!a.support.transition&&this.$element.hasClass("slide")?(this.$element.trigger("slide"),d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid")):(e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),this.$element.trigger("slide"),this.$element.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid")},0)})),f&&this.cycle(),this}},a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("carousel"),f=typeof c=="object"&&c;e||d.data("carousel",e=new b(this,f)),typeof c=="number"?e.to(c):typeof c=="string"||(c=f.slide)?e[c]():e.cycle()})},a.fn.carousel.defaults={interval:5e3},a.fn.carousel.Constructor=b,a(function(){a("body").on("click.carousel.data-api","[data-slide]",function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=!e.data("modal")&&a.extend({},e.data(),c.data());e.carousel(f),b.preventDefault()})})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.collapse.defaults,c),this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.prototype={constructor:b,dimension:function(){var a=this.$element.hasClass("width");return a?"width":"height"},show:function(){var b=this.dimension(),c=a.camelCase(["scroll",b].join("-")),d=this.$parent&&this.$parent.find(".in"),e;d&&d.length&&(e=d.data("collapse"),d.collapse("hide"),e||d.data("collapse",null)),this.$element[b](0),this.transition("addClass","show","shown"),this.$element[b](this.$element[0][c])},hide:function(){var a=this.dimension();this.reset(this.$element[a]()),this.transition("removeClass","hide","hidden"),this.$element[a](0)},reset:function(a){var b=this.dimension();this.$element.removeClass("collapse")[b](a||"auto")[0].offsetWidth,this.$element.addClass("collapse")},transition:function(b,c,d){var e=this,f=function(){c=="show"&&e.reset(),e.$element.trigger(d)};this.$element.trigger(c)[b]("in"),a.support.transition&&this.$element.hasClass("collapse")?this.$element.one(a.support.transition.end,f):f()},toggle:function(){this[this.$element.hasClass("in")?"hide":"show"]()}},a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("collapse"),f=typeof c=="object"&&c;e||d.data("collapse",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.collapse.defaults={toggle:!0},a.fn.collapse.Constructor=b,a(function(){a("body").on("click.collapse.data-api","[data-toggle=collapse]",function(b){var c=a(this),d,e=c.attr("data-target")||b.preventDefault()||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""),f=a(e).data("collapse")?"toggle":c.data();a(e).collapse(f)})})}(window.jQuery),!function(a){function d(){a(b).parent().removeClass("open")}"use strict";var b='[data-toggle="dropdown"]',c=function(b){var c=a(b).on("click.dropdown.data-api",this.toggle);a("html").on("click.dropdown.data-api",function(){c.parent().removeClass("open")})};c.prototype={constructor:c,toggle:function(b){var c=a(this),e=c.attr("data-target"),f,g;return e||(e=c.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,"")),f=a(e),f.length||(f=c.parent()),g=f.hasClass("open"),d(),!g&&f.toggleClass("open"),!1}},a.fn.dropdown=function(b){return this.each(function(){var d=a(this),e=d.data("dropdown");e||d.data("dropdown",e=new c(this)),typeof b=="string"&&e[b].call(d)})},a.fn.dropdown.Constructor=c,a(function(){a("html").on("click.dropdown.data-api",d),a("body").on("click.dropdown.data-api",b,c.prototype.toggle)})}(window.jQuery),!function(a){function c(){var b=this,c=setTimeout(function(){b.$element.off(a.support.transition.end),d.call(b)},500);this.$element.one(a.support.transition.end,function(){clearTimeout(c),d.call(b)})}function d(a){this.$element.hide().trigger("hidden"),e.call(this)}function e(b){var c=this,d=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var e=a.support.transition&&d;this.$backdrop=a('
      ').appendTo(document.body),this.options.backdrop!="static"&&this.$backdrop.click(a.proxy(this.hide,this)),e&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),e?this.$backdrop.one(a.support.transition.end,b):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,a.proxy(f,this)):f.call(this)):b&&b()}function f(){this.$backdrop.remove(),this.$backdrop=null}function g(){var b=this;this.isShown&&this.options.keyboard?a(document).on("keyup.dismiss.modal",function(a){a.which==27&&b.hide()}):this.isShown||a(document).off("keyup.dismiss.modal")}"use strict";var b=function(b,c){this.options=a.extend({},a.fn.modal.defaults,c),this.$element=a(b).delegate('[data-dismiss="modal"]',"click.dismiss.modal",a.proxy(this.hide,this))};b.prototype={constructor:b,toggle:function(){return this[this.isShown?"hide":"show"]()},show:function(){var b=this;if(this.isShown)return;a("body").addClass("modal-open"),this.isShown=!0,this.$element.trigger("show"),g.call(this),e.call(this,function(){var c=a.support.transition&&b.$element.hasClass("fade");!b.$element.parent().length&&b.$element.appendTo(document.body),b.$element.show(),c&&b.$element[0].offsetWidth,b.$element.addClass("in"),c?b.$element.one(a.support.transition.end,function(){b.$element.trigger("shown")}):b.$element.trigger("shown")})},hide:function(b){b&&b.preventDefault();if(!this.isShown)return;var e=this;this.isShown=!1,a("body").removeClass("modal-open"),g.call(this),this.$element.trigger("hide").removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?c.call(this):d.call(this)}},a.fn.modal=function(c){return this.each(function(){var d=a(this),e=d.data("modal"),f=typeof c=="object"&&c;e||d.data("modal",e=new b(this,f)),typeof c=="string"?e[c]():e.show()})},a.fn.modal.defaults={backdrop:!0,keyboard:!0},a.fn.modal.Constructor=b,a(function(){a("body").on("click.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d,e=a(c.attr("data-target")||(d=c.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("modal")?"toggle":a.extend({},e.data(),c.data());b.preventDefault(),e.modal(f)})})}(window.jQuery),!function(a){"use strict";var b=function(a,b){this.init("tooltip",a,b)};b.prototype={constructor:b,init:function(b,c,d){var e,f;this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.enabled=!0,this.options.trigger!="manual"&&(e=this.options.trigger=="hover"?"mouseenter":"focus",f=this.options.trigger=="hover"?"mouseleave":"blur",this.$element.on(e,this.options.selector,a.proxy(this.enter,this)),this.$element.on(f,this.options.selector,a.proxy(this.leave,this))),this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},getOptions:function(b){return b=a.extend({},a.fn[this.type].defaults,b,this.$element.data()),b.delay&&typeof b.delay=="number"&&(b.delay={show:b.delay,hide:b.delay}),b},enter:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);!c.options.delay||!c.options.delay.show?c.show():(c.hoverState="in",setTimeout(function(){c.hoverState=="in"&&c.show()},c.options.delay.show))},leave:function(b){var c=a(b.currentTarget)[this.type](this._options).data(this.type);!c.options.delay||!c.options.delay.hide?c.hide():(c.hoverState="out",setTimeout(function(){c.hoverState=="out"&&c.hide()},c.options.delay.hide))},show:function(){var a,b,c,d,e,f,g;if(this.hasContent()&&this.enabled){a=this.tip(),this.setContent(),this.options.animation&&a.addClass("fade"),f=typeof this.options.placement=="function"?this.options.placement.call(this,a[0],this.$element[0]):this.options.placement,b=/in/.test(f),a.remove().css({top:0,left:0,display:"block"}).appendTo(b?this.$element:document.body),c=this.getPosition(b),d=a[0].offsetWidth,e=a[0].offsetHeight;switch(b?f.split(" ")[1]:f){case"bottom":g={top:c.top+c.height,left:c.left+c.width/2-d/2};break;case"top":g={top:c.top-e,left:c.left+c.width/2-d/2};break;case"left":g={top:c.top+c.height/2-e/2,left:c.left-d};break;case"right":g={top:c.top+c.height/2-e/2,left:c.left+c.width}}a.css(g).addClass(f).addClass("in")}},setContent:function(){var a=this.tip();a.find(".tooltip-inner").html(this.getTitle()),a.removeClass("fade in top bottom left right")},hide:function(){function d(){var b=setTimeout(function(){c.off(a.support.transition.end).remove()},500);c.one(a.support.transition.end,function(){clearTimeout(b),c.remove()})}var b=this,c=this.tip();c.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d():c.remove()},fixTitle:function(){var a=this.$element;(a.attr("title")||typeof a.attr("data-original-title")!="string")&&a.attr("data-original-title",a.attr("title")||"").removeAttr("title")},hasContent:function(){return this.getTitle()},getPosition:function(b){return a.extend({},b?{top:0,left:0}:this.$element.offset(),{width:this.$element[0].offsetWidth,height:this.$element[0].offsetHeight})},getTitle:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||(typeof c.title=="function"?c.title.call(b[0]):c.title),a=a.toString().replace(/(^\s*|\s*$)/,""),a},tip:function(){return this.$tip=this.$tip||a(this.options.template)},validate:function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},enable:function(){this.enabled=!0},disable:function(){this.enabled=!1},toggleEnabled:function(){this.enabled=!this.enabled},toggle:function(){this[this.tip().hasClass("in")?"hide":"show"]()}},a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("tooltip"),f=typeof c=="object"&&c;e||d.data("tooltip",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.tooltip.Constructor=b,a.fn.tooltip.defaults={animation:!0,delay:0,selector:!1,placement:"top",trigger:"hover",title:"",template:'
      '}}(window.jQuery),!function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype,{constructor:b,setContent:function(){var b=this.tip(),c=this.getTitle(),d=this.getContent();b.find(".popover-title")[a.type(c)=="object"?"append":"html"](c),b.find(".popover-content > *")[a.type(d)=="object"?"append":"html"](d),b.removeClass("fade top bottom left right in")},hasContent:function(){return this.getTitle()||this.getContent()},getContent:function(){var a,b=this.$element,c=this.options;return a=b.attr("data-content")||(typeof c.content=="function"?c.content.call(b[0]):c.content),a=a.toString().replace(/(^\s*|\s*$)/,""),a},tip:function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip}}),a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("popover"),f=typeof c=="object"&&c;e||d.data("popover",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.popover.Constructor=b,a.fn.popover.defaults=a.extend({},a.fn.tooltip.defaults,{placement:"right",content:"",template:'
      '})}(window.jQuery),!function(a){function b(b,c){var d=a.proxy(this.process,this),e=a(b).is("body")?a(window):a(b),f;this.options=a.extend({},a.fn.scrollspy.defaults,c),this.$scrollElement=e.on("scroll.scroll.data-api",d),this.selector=(this.options.target||(f=a(b).attr("href"))&&f.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.$body=a("body").on("click.scroll.data-api",this.selector,d),this.refresh(),this.process()}"use strict",b.prototype={constructor:b,refresh:function(){this.targets=this.$body.find(this.selector).map(function(){var b=a(this).attr("href");return/^#\w/.test(b)&&a(b).length?b:null}),this.offsets=a.map(this.targets,function(b){return a(b).position().top})},process:function(){var a=this.$scrollElement.scrollTop()+this.options.offset,b=this.offsets,c=this.targets,d=this.activeTarget,e;for(e=b.length;e--;)d!=c[e]&&a>=b[e]&&(!b[e+1]||a<=b[e+1])&&this.activate(c[e])},activate:function(a){var b;this.activeTarget=a,this.$body.find(this.selector).parent(".active").removeClass("active"),b=this.$body.find(this.selector+'[href="'+a+'"]').parent("li").addClass("active"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active")}},a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("scrollspy"),f=typeof c=="object"&&c;e||d.data("scrollspy",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.defaults={offset:10},a(function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(window.jQuery),!function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype={constructor:b,show:function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.attr("data-target"),e,f;d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,""));if(b.parent("li").hasClass("active"))return;e=c.find(".active a").last()[0],b.trigger({type:"show",relatedTarget:e}),f=a(d),this.activate(b.parent("li"),c),this.activate(f,f.parent(),function(){b.trigger({type:"shown",relatedTarget:e})})},activate:function(b,c,d){function g(){e.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),f?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var e=c.find("> .active"),f=d&&a.support.transition&&e.hasClass("fade");f?e.one(a.support.transition.end,g):g(),e.removeClass("in")}},a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("tab");e||d.data("tab",e=new b(this)),typeof c=="string"&&e[c]()})},a.fn.tab.Constructor=b,a(function(){a("body").on("click.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})})}(window.jQuery),!function(a){"use strict";var b=function(b,c){this.$element=a(b),this.options=a.extend({},a.fn.typeahead.defaults,c),this.matcher=this.options.matcher||this.matcher,this.sorter=this.options.sorter||this.sorter,this.highlighter=this.options.highlighter||this.highlighter,this.$menu=a(this.options.menu).appendTo("body"),this.source=this.options.source,this.shown=!1,this.listen()};b.prototype={constructor:b,select:function(){var a=this.$menu.find(".active").attr("data-value");return this.$element.val(a),this.hide()},show:function(){var b=a.extend({},this.$element.offset(),{height:this.$element[0].offsetHeight});return this.$menu.css({top:b.top+b.height,left:b.left}),this.$menu.show(),this.shown=!0,this},hide:function(){return this.$menu.hide(),this.shown=!1,this},lookup:function(b){var c=this,d,e;return this.query=this.$element.val(),this.query?(d=a.grep(this.source,function(a){if(c.matcher(a))return a}),d=this.sorter(d),d.length?this.render(d.slice(0,this.options.items)).show():this.shown?this.hide():this):this.shown?this.hide():this},matcher:function(a){return~a.toLowerCase().indexOf(this.query.toLowerCase())},sorter:function(a){var b=[],c=[],d=[],e;while(e=a.shift())e.toLowerCase().indexOf(this.query.toLowerCase())?~e.indexOf(this.query)?c.push(e):d.push(e):b.push(e);return b.concat(c,d)},highlighter:function(a){return a.replace(new RegExp("("+this.query+")","ig"),function(a,b){return""+b+""})},render:function(b){var c=this;return b=a(b).map(function(b,d){return b=a(c.options.item).attr("data-value",d),b.find("a").html(c.highlighter(d)),b[0]}),b.first().addClass("active"),this.$menu.html(b),this},next:function(b){var c=this.$menu.find(".active").removeClass("active"),d=c.next();d.length||(d=a(this.$menu.find("li")[0])),d.addClass("active")},prev:function(a){var b=this.$menu.find(".active").removeClass("active"),c=b.prev();c.length||(c=this.$menu.find("li").last()),c.addClass("active")},listen:function(){this.$element.on("blur",a.proxy(this.blur,this)).on("keypress",a.proxy(this.keypress,this)).on("keyup",a.proxy(this.keyup,this)),(a.browser.webkit||a.browser.msie)&&this.$element.on("keydown",a.proxy(this.keypress,this)),this.$menu.on("click",a.proxy(this.click,this)).on("mouseenter","li",a.proxy(this.mouseenter,this))},keyup:function(a){a.stopPropagation(),a.preventDefault();switch(a.keyCode){case 40:case 38:break;case 9:case 13:if(!this.shown)return;this.select();break;case 27:this.hide();break;default:this.lookup()}},keypress:function(a){a.stopPropagation();if(!this.shown)return;switch(a.keyCode){case 9:case 13:case 27:a.preventDefault();break;case 38:a.preventDefault(),this.prev();break;case 40:a.preventDefault(),this.next()}},blur:function(a){var b=this;a.stopPropagation(),a.preventDefault(),setTimeout(function(){b.hide()},150)},click:function(a){a.stopPropagation(),a.preventDefault(),this.select()},mouseenter:function(b){this.$menu.find(".active").removeClass("active"),a(b.currentTarget).addClass("active")}},a.fn.typeahead=function(c){return this.each(function(){var d=a(this),e=d.data("typeahead"),f=typeof c=="object"&&c;e||d.data("typeahead",e=new b(this,f)),typeof c=="string"&&e[c]()})},a.fn.typeahead.defaults={source:[],items:8,menu:'
        ',item:'
        • '},a.fn.typeahead.Constructor=b,a(function(){a("body").on("focus.typeahead.data-api",'[data-provide="typeahead"]',function(b){var c=a(this);if(c.data("typeahead"))return;b.preventDefault(),c.typeahead(c.data())})})}(window.jQuery);
\ No newline at end of file
diff --git a/doc/source/assets/js/jquery-1.7.1.min.js b/doc/source/assets/js/jquery-1.7.1.min.js
deleted file mode 100644
index ee0233703d..0000000000
--- a/doc/source/assets/js/jquery-1.7.1.min.js
+++ /dev/null
@@ -1,4 +0,0 @@
-/*! jQuery v1.7.1 jquery.com | jquery.org/license */
-(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"":"")+""),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;g=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.1",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c
        a",d=q.getElementsByTagName("*"),e=q.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=q.getElementsByTagName("input")[0],b={leadingWhitespace:q.firstChild.nodeType===3,tbody:!q.getElementsByTagName("tbody").length,htmlSerialize:!!q.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:q.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete q.test}catch(s){b.deleteExpando=!1}!q.addEventListener&&q.attachEvent&&q.fireEvent&&(q.attachEvent("onclick",function(){b.noCloneEvent=!1}),q.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),q.appendChild(i),k=c.createDocumentFragment(),k.appendChild(q.lastChild),b.checkClone=k.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,k.removeChild(i),k.appendChild(q),q.innerHTML="",a.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",q.style.width="2px",q.appendChild(j),b.reliableMarginRight=(parseInt((a.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0);if(q.attachEvent)for(o in{submit:1,change:1,focusin:1})n="on"+o,p=n in q,p||(q.setAttribute(n,"return;"),p=typeof q[n]=="function"),b[o+"Bubbles"]=p;k.removeChild(q),k=g=h=j=q=i=null,f(function(){var a,d,e,g,h,i,j,k,m,n,o,r=c.getElementsByTagName("body")[0];!r||(j=1,k="position:absolute;top:0;left:0;width:1px;height:1px;margin:0;",m="visibility:hidden;border:0;",n="style='"+k+"border:5px solid #000;padding:0;'",o="
        "+""+"
        ",a=c.createElement("div"),a.style.cssText=m+"width:0;height:0;position:static;top:0;margin-top:"+j+"px",r.insertBefore(a,r.firstChild),q=c.createElement("div"),a.appendChild(q),q.innerHTML="
        t
        ",l=q.getElementsByTagName("td"),p=l[0].offsetHeight===0,l[0].style.display="",l[1].style.display="none",b.reliableHiddenOffsets=p&&l[0].offsetHeight===0,q.innerHTML="",q.style.width=q.style.paddingLeft="1px",f.boxModel=b.boxModel=q.offsetWidth===2,typeof q.style.zoom!="undefined"&&(q.style.display="inline",q.style.zoom=1,b.inlineBlockNeedsLayout=q.offsetWidth===2,q.style.display="",q.innerHTML="
        ",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position="fixed",e.style.top="20px",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/\bhover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")};
-f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&i.push({elem:this,matches:d.slice(e)});for(j=0;j0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="
        ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
        ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
        ","
        "],thead:[1,"","
        "],tr:[2,"","
        "],td:[3,"","
        "],col:[2,"","
        "],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
        ","
        "]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function()
-{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test("<"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement("div");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bz(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f||0,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\[\]$/,bF=/\r?\n/g,bG=/#.*$/,bH=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\/\//,bM=/\?/,bN=/)<[^<]*)*<\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=["*/"]+["*"];try{bV=e.href}catch(bY){bV=c.createElement("a"),bV.href="",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
        ").append(c.replace(bN,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,"\r\n")}}):{name:b.name,value:c.replace(bF,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cc(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bG,"").replace(bL,bW[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]==="http:"?80:443))==(bW[3]||(bW[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,"$1_="+x);d.url=y+(y===d.url?(bM.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bX+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)ca(g,a[g],c,e);return d.join("&").replace(bD,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cd++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cp,cq=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,"padding")):this[d]():null},f.fn["outer"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?"margin":"border")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window);
\ No newline at end of file
diff --git a/doc/source/index.rst b/doc/source/index.rst
index dbefdec144..69e6ce940f 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -1,6 +1,8 @@
 DevStack - an OpenStack Community Production
 ============================================
 
+.. image:: assets/images/logo-blue.png
+
 .. toctree::
    :glob:
    :maxdepth: 1

From 50187eec280422fe091297901bb5e9396728d10a Mon Sep 17 00:00:00 2001
From: mathieu-rohon 
Date: Fri, 21 Nov 2014 22:12:40 +0100
Subject: [PATCH 0176/3421] Restore linuxbridge-agent compatibility

This patch partially reverts commit
15130cd5fd1688b8984d78136b97bb8de7c32b64.

This commit was desupporting ovs and linuxbridge plugins.
But the ML2 plugin can be deployed with the linuxbridge agent.

The current patch restores the linuxbridge agent configuration
file.

Closes-Bug: #1393429

Change-Id: If824185b22e22a1de6498f1f0f2742a279235675
---
 lib/neutron_plugins/linuxbridge_agent | 77 +++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 lib/neutron_plugins/linuxbridge_agent

diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
new file mode 100644
index 0000000000..2638dd3725
--- /dev/null
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -0,0 +1,77 @@
+# Neutron Linux Bridge L2 agent
+# -----------------------------
+
+# Save trace setting
+PLUGIN_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+function is_neutron_ovs_base_plugin {
+    # linuxbridge doesn't use OVS
+    return 1
+}
+
+function neutron_plugin_create_nova_conf {
+    :
+}
+
+function neutron_plugin_install_agent_packages {
+    install_package bridge-utils
+}
+
+function neutron_plugin_configure_debug_command {
+    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge
+}
+
+function neutron_plugin_configure_dhcp_agent {
+    iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
+}
+
+function neutron_plugin_configure_l3_agent {
+    iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge
+    iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
+}
+
+function neutron_plugin_configure_plugin_agent {
+    # Setup physical network interface mappings.  Override
+    # ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc`` for more
+    # complex physical network configurations.
+    if [[ "$LB_INTERFACE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then
+        LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE
+    fi
+    if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
+        iniset /$Q_PLUGIN_CONF_FILE linux_bridge physical_interface_mappings $LB_INTERFACE_MAPPINGS
+    fi
+    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+    else
+        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
+    fi
+    AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-linuxbridge-agent"
+    iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
+    # Define extra "AGENT" configuration options when q-agt is configured by defining
+    # the array ``Q_AGENT_EXTRA_AGENT_OPTS``.
+    # For Example: ``Q_AGENT_EXTRA_AGENT_OPTS=(foo=true bar=2)``
+    for I in "${Q_AGENT_EXTRA_AGENT_OPTS[@]}"; do
+        # Replace the first '=' with ' ' for iniset syntax
+        iniset /$Q_PLUGIN_CONF_FILE agent ${I/=/ }
+    done
+    # Define extra "LINUX_BRIDGE" configuration options when q-agt is configured by defining
+    # the array ``Q_AGENT_EXTRA_SRV_OPTS``.
+    # For Example: ``Q_AGENT_EXTRA_SRV_OPTS=(foo=true bar=2)``
+    for I in "${Q_AGENT_EXTRA_SRV_OPTS[@]}"; do
+        # Replace the first '=' with ' ' for iniset syntax
+        iniset /$Q_PLUGIN_CONF_FILE linux_bridge ${I/=/ }
+    done
+}
+
+function neutron_plugin_setup_interface_driver {
+    local conf_file=$1
+    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
+}
+
+function neutron_plugin_check_adv_test_requirements {
+    is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
+}
+
+# Restore xtrace
+$PLUGIN_XTRACE

From 81a016dbcd7bbf9fde791386fcc294fca0a59d71 Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Sat, 15 Nov 2014 17:18:13 -0300
Subject: [PATCH 0177/3421] Rename apts to debs

apts aren't a thing, debs are. apt-get installs debs, like yum installs
rpms. Another option would be to rename rpms to yums, but that is even
sillier, considering then for suse we'd have to call it "zypper-suse" or
something, even though it would want to consume yums-general as a base.

Include a symlink to the old name to help out with grenade. The symlink
should go away later.

This is a long-standing annoyance of mine.

Related-to: I915f0e59c13d8cf5fb3549c6202f8aa2f8be0856
Change-Id: I0416180db5b6add996ce5b48c6966c1b68adbcb0
---
 files/apts                                | 1 +
 files/{apts => debs}/baremetal            | 0
 files/{apts => debs}/ceilometer-collector | 0
 files/{apts => debs}/ceph                 | 0
 files/{apts => debs}/cinder               | 0
 files/{apts => debs}/dstat                | 0
 files/{apts => debs}/general              | 0
 files/{apts => debs}/glance               | 0
 files/{apts => debs}/heat                 | 0
 files/{apts => debs}/horizon              | 0
 files/{apts => debs}/ironic               | 0
 files/{apts => debs}/keystone             | 0
 files/{apts => debs}/ldap                 | 0
 files/{apts => debs}/n-api                | 0
 files/{apts => debs}/n-cpu                | 0
 files/{apts => debs}/n-novnc              | 0
 files/{apts => debs}/neutron              | 0
 files/{apts => debs}/nova                 | 0
 files/{apts => debs}/openvswitch          | 0
 files/{apts => debs}/postgresql           | 0
 files/{apts => debs}/q-agt                | 0
 files/{apts => debs}/q-l3                 | 0
 files/{apts => debs}/qpid                 | 0
 files/{apts => debs}/ryu                  | 0
 files/{apts => debs}/swift                | 0
 files/{apts => debs}/tempest              | 0
 files/{apts => debs}/tls-proxy            | 0
 files/{apts => debs}/trema                | 0
 files/{apts => debs}/trove                | 0
 files/{apts => debs}/zaqar-server         | 0
 functions-common                          | 4 ++--
 31 files changed, 3 insertions(+), 2 deletions(-)
 create mode 120000 files/apts
 rename files/{apts => debs}/baremetal (100%)
 rename files/{apts => debs}/ceilometer-collector (100%)
 rename files/{apts => debs}/ceph (100%)
 rename files/{apts => debs}/cinder (100%)
 rename files/{apts => debs}/dstat (100%)
 rename files/{apts => debs}/general (100%)
 rename files/{apts => debs}/glance (100%)
 rename files/{apts => debs}/heat (100%)
 rename files/{apts => debs}/horizon (100%)
 rename files/{apts => debs}/ironic (100%)
 rename files/{apts => debs}/keystone (100%)
 rename files/{apts => debs}/ldap (100%)
 rename files/{apts => debs}/n-api (100%)
 rename files/{apts => debs}/n-cpu (100%)
 rename files/{apts => debs}/n-novnc (100%)
 rename files/{apts => debs}/neutron (100%)
 rename files/{apts => debs}/nova (100%)
 rename files/{apts => debs}/openvswitch (100%)
 rename files/{apts => debs}/postgresql (100%)
 rename files/{apts => debs}/q-agt (100%)
 rename files/{apts => debs}/q-l3 (100%)
 rename files/{apts => debs}/qpid (100%)
 rename files/{apts => debs}/ryu (100%)
 rename files/{apts => debs}/swift (100%)
 rename files/{apts => debs}/tempest (100%)
 rename files/{apts => debs}/tls-proxy (100%)
 rename files/{apts => debs}/trema (100%)
 rename files/{apts => debs}/trove (100%)
 rename files/{apts => debs}/zaqar-server (100%)

diff --git a/files/apts b/files/apts
new file mode 120000
index 0000000000..ef926de053
--- /dev/null
+++ b/files/apts
@@ -0,0 +1 @@
+debs/
\ No newline at end of file
diff --git a/files/apts/baremetal b/files/debs/baremetal
similarity index 100%
rename from files/apts/baremetal
rename to files/debs/baremetal
diff --git a/files/apts/ceilometer-collector b/files/debs/ceilometer-collector
similarity index 100%
rename from files/apts/ceilometer-collector
rename to files/debs/ceilometer-collector
diff --git a/files/apts/ceph b/files/debs/ceph
similarity index 100%
rename from files/apts/ceph
rename to files/debs/ceph
diff --git a/files/apts/cinder b/files/debs/cinder
similarity index 100%
rename from files/apts/cinder
rename to files/debs/cinder
diff --git a/files/apts/dstat b/files/debs/dstat
similarity index 100%
rename from files/apts/dstat
rename to files/debs/dstat
diff --git a/files/apts/general b/files/debs/general
similarity index 100%
rename from files/apts/general
rename to files/debs/general
diff --git a/files/apts/glance b/files/debs/glance
similarity index 100%
rename from files/apts/glance
rename to files/debs/glance
diff --git a/files/apts/heat b/files/debs/heat
similarity index 100%
rename from files/apts/heat
rename to files/debs/heat
diff --git a/files/apts/horizon b/files/debs/horizon
similarity index 100%
rename from files/apts/horizon
rename to files/debs/horizon
diff --git a/files/apts/ironic b/files/debs/ironic
similarity index 100%
rename from files/apts/ironic
rename to files/debs/ironic
diff --git a/files/apts/keystone b/files/debs/keystone
similarity index 100%
rename from files/apts/keystone
rename to files/debs/keystone
diff --git a/files/apts/ldap b/files/debs/ldap
similarity index 100%
rename from files/apts/ldap
rename to files/debs/ldap
diff --git a/files/apts/n-api b/files/debs/n-api
similarity index 100%
rename from files/apts/n-api
rename to files/debs/n-api
diff --git a/files/apts/n-cpu b/files/debs/n-cpu
similarity index 100%
rename from files/apts/n-cpu
rename to files/debs/n-cpu
diff --git a/files/apts/n-novnc b/files/debs/n-novnc
similarity index 100%
rename from files/apts/n-novnc
rename to files/debs/n-novnc
diff --git a/files/apts/neutron b/files/debs/neutron
similarity index 100%
rename from files/apts/neutron
rename to files/debs/neutron
diff --git a/files/apts/nova b/files/debs/nova
similarity index 100%
rename from files/apts/nova
rename to files/debs/nova
diff --git a/files/apts/openvswitch b/files/debs/openvswitch
similarity index 100%
rename from files/apts/openvswitch
rename to files/debs/openvswitch
diff --git a/files/apts/postgresql b/files/debs/postgresql
similarity index 100%
rename from files/apts/postgresql
rename to files/debs/postgresql
diff --git a/files/apts/q-agt b/files/debs/q-agt
similarity index 100%
rename from files/apts/q-agt
rename to files/debs/q-agt
diff --git a/files/apts/q-l3 b/files/debs/q-l3
similarity index 100%
rename from files/apts/q-l3
rename to files/debs/q-l3
diff --git a/files/apts/qpid b/files/debs/qpid
similarity index 100%
rename from files/apts/qpid
rename to files/debs/qpid
diff --git a/files/apts/ryu b/files/debs/ryu
similarity index 100%
rename from files/apts/ryu
rename to files/debs/ryu
diff --git a/files/apts/swift b/files/debs/swift
similarity index 100%
rename from files/apts/swift
rename to files/debs/swift
diff --git a/files/apts/tempest b/files/debs/tempest
similarity index 100%
rename from files/apts/tempest
rename to files/debs/tempest
diff --git a/files/apts/tls-proxy b/files/debs/tls-proxy
similarity index 100%
rename from files/apts/tls-proxy
rename to files/debs/tls-proxy
diff --git a/files/apts/trema b/files/debs/trema
similarity index 100%
rename from files/apts/trema
rename to files/debs/trema
diff --git a/files/apts/trove b/files/debs/trove
similarity index 100%
rename from files/apts/trove
rename to files/debs/trove
diff --git a/files/apts/zaqar-server b/files/debs/zaqar-server
similarity index 100%
rename from files/apts/zaqar-server
rename to files/debs/zaqar-server
diff --git a/functions-common b/functions-common
index e890b75d13..24507fef91 100644
--- a/functions-common
+++ b/functions-common
@@ -945,7 +945,7 @@ function get_or_create_endpoint {
 function _get_package_dir {
     local pkg_dir
     if is_ubuntu; then
-        pkg_dir=$FILES/apts
+        pkg_dir=$FILES/debs
     elif is_fedora; then
         pkg_dir=$FILES/rpms
     elif is_suse; then
@@ -975,7 +975,7 @@ function apt_get {
 }
 
 # get_packages() collects a list of package names of any type from the
-# prerequisite files in ``files/{apts|rpms}``.  The list is intended
+# prerequisite files in ``files/{debs|rpms}``.  The list is intended
 # to be passed to a package installer such as apt or yum.
 #
 # Only packages required for the services in 1st argument will be

From b64738f1c9fb69ba4af8e2088fc8585ab38f50b3 Mon Sep 17 00:00:00 2001
From: Flavio Percoco 
Date: Mon, 24 Nov 2014 16:44:50 +0100
Subject: [PATCH 0178/3421] Enable admin mode by default

Zaqar has an admin mode which enables certain endpoints. This mode
should be enabled by default in devstack so that tests environments can
rely on those endpoints to be present.

Change-Id: Ic50875f4515bb631a6bf800c9338d3b6bbeaafae
---
 lib/zaqar | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/zaqar b/lib/zaqar
index b8570eb282..3b0452940f 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -112,6 +112,7 @@ function configure_zaqar {
     sudo chown $USER $ZAQAR_API_LOG_DIR
 
     iniset $ZAQAR_CONF DEFAULT verbose True
+    iniset $ZAQAR_CONF DEFAULT admin_mode True
     iniset $ZAQAR_CONF DEFAULT use_syslog $SYSLOG
     iniset $ZAQAR_CONF DEFAULT log_file $ZAQAR_API_LOG_FILE
     iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST

From 6de7dba863cfbe0fda6f918eea31adbd7d652676 Mon Sep 17 00:00:00 2001
From: pcrews 
Date: Tue, 18 Nov 2014 20:50:00 -0800
Subject: [PATCH 0179/3421] Return mysql-server to default for all ubuntu
 installs

Change: I97cbede806e5c00363c7174fa1e9f286de96aab6 altered
the logic in lib/databases/mysql from installing mariadb only if
one was using rhel7 to installing it by default unless one was using
rhel6.

Change: Iae9a7a1c09f1fc83573c3926b3470955c244c401
Attempted to fix this, but only does so for precise.

Unless mariadb has become the default, I strongly prefer to keep
standard mysql as the database on ubuntu (precise or otherwise).

Closes-Bug: 1395776

Change-Id: I3afb89ae6d55405313b7219dd6daa24d9ca80f70
---
 lib/databases/mysql | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index bbf2fd0861..eab1aa400f 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -141,12 +141,14 @@ EOF
         chmod 0600 $HOME/.my.cnf
     fi
     # Install mysql-server
-    if is_ubuntu || is_fedora; then
-        if [[ $DISTRO =~ (rhel6|precise) ]]; then
+    if is_fedora; then
+        if [[ $DISTRO =~ (rhel6) ]]; then
             install_package mysql-server
         else
             install_package mariadb-server
         fi
+    elif is_ubuntu; then
+        install_package mysql-server
     elif is_suse; then
         if ! is_package_installed mariadb; then
             install_package mysql-community-server

From 7f8a27da52e9564c0d6ff477eedb2bafb6864179 Mon Sep 17 00:00:00 2001
From: Jay Faulkner 
Date: Mon, 24 Nov 2014 11:12:20 -0800
Subject: [PATCH 0180/3421] IPA Ramdisk should log to console in devstack

Setting these kernel command line parameters will have journald log
everything to the console, which means it'll end up in the appropriate
log in the ironic-bm-logs/ directory.

Change-Id: I0f4c79436c4856a5aa72f00f1ac8c2ed534b702e
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index f2b1fb2f6a..3742d27d18 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -326,7 +326,7 @@ function configure_ironic_conductor {
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
         iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30
         if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
-            iniset $IRONIC_CONF_FILE agent agent_pxe_append_params "nofb nomodeset vga=normal console=ttyS0"
+            iniset $IRONIC_CONF_FILE agent agent_pxe_append_params "nofb nomodeset vga=normal console=ttyS0 systemd.journald.forward_to_console=yes"
         fi
     fi
 

From 55c7ebbdbaf97c8f1f22d8a06579edf836b503c6 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Tue, 25 Nov 2014 12:08:55 +1000
Subject: [PATCH 0181/3421] Use new cafile option in nova cinder options

ca_certificate_file is deprecated in favour of using the standard
options from keystoneclient session.

Change-Id: I611da719fb3a95d0a9c2f6ad43e2c083ea7d6862
---
 lib/nova | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 78906f7210..32ab567023 100644
--- a/lib/nova
+++ b/lib/nova
@@ -459,7 +459,7 @@ function create_nova_conf {
             CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
             CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
             iniset $NOVA_CONF cinder endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
-            iniset $NOVA_CONF cinder ca_certificates_file $SSL_BUNDLE_FILE
+            iniset $NOVA_CONF cinder cafile $SSL_BUNDLE_FILE
         fi
     fi
 

From d7af4843382d0f281a35e3769109da7beda1dfc5 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Tue, 25 Nov 2014 12:10:07 +1000
Subject: [PATCH 0182/3421] Use the service catalog when talking to cinder

The cinder endpoints should be correctly established in the service
catalog. There is no reason to provide an overriding endpoint_template.

Change-Id: I9b206fa22a8271a0fb65789d139ead35dfb1ea0d
---
 lib/nova | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 32ab567023..2ebba40cfb 100644
--- a/lib/nova
+++ b/lib/nova
@@ -458,7 +458,6 @@ function create_nova_conf {
         if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
             CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
             CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
-            iniset $NOVA_CONF cinder endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
             iniset $NOVA_CONF cinder cafile $SSL_BUNDLE_FILE
         fi
     fi

From ff8de0c707a779bcd329b3bb513c5fea806bcbea Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Thu, 13 Nov 2014 07:57:09 +0000
Subject: [PATCH 0183/3421] Update the ODL support to Helium SR1.

This commit updates the default ODL package to be tested with to the
first stable release of Helium. Critically, this includes ODL fixes
for some IPV6 issues.

Change-Id: I4eaa52a8baffdcc3a5e74cabca2f9cd7ea4ec237
---
 lib/opendaylight | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/opendaylight b/lib/opendaylight
index bdebe5846d..831329a750 100644
--- a/lib/opendaylight
+++ b/lib/opendaylight
@@ -45,16 +45,16 @@ ODL_USERNAME=${ODL_USERNAME:-admin}
 ODL_PASSWORD=${ODL_PASSWORD:-admin}
 
 # Short name of ODL package
-ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.0-Helium}
+ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1}
 
 # 
 ODL_DIR=$DEST/opendaylight
 
 # The OpenDaylight Package, currently using 'Hydrogen' release
-ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.0-Helium.zip}
+ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.zip}
 
 # The OpenDaylight URL
-ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.2.0-Helium}
+ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1/}
 
 # Default arguments for OpenDaylight. This is typically used to set
 # Java memory options.

From b01fb940c93dfa3ae75b11e34b8a99e6906c8a25 Mon Sep 17 00:00:00 2001
From: Eric Harney 
Date: Wed, 1 Oct 2014 13:20:50 -0400
Subject: [PATCH 0184/3421] Ceph: undefine secret from nova.conf when deleting
 secret

At teardown time we delete the libvirt secret but leave
nova.conf referencing the stale UUID.  Remove it to make
debugging and repeated runs less error-prone.

Additionally, only try to delete secret if it Cinder is
enabled (causing it to be defined when deploying devstack).

Change-Id: Id5e1290b8dcfd79238f02e31084ab12c3d6aed5f
---
 lib/ceph | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index 2ddf5dbb6a..521430626b 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -106,8 +106,13 @@ function cleanup_ceph {
         sudo rm -f ${CEPH_DISK_IMAGE}
     fi
     uninstall_package ceph ceph-common python-ceph libcephfs1 > /dev/null 2>&1
-    VIRSH_UUID=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
-    sudo virsh secret-undefine ${VIRSH_UUID} >/dev/null 2>&1
+    if is_service_enabled cinder || is_service_enabled nova; then
+        local virsh_uuid=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
+        sudo virsh secret-undefine ${virsh_uuid} >/dev/null 2>&1
+    fi
+    if is_service_enabled nova; then
+        iniset $NOVA_CONF libvirt rbd_secret_uuid ""
+    fi
 }
 
 # configure_ceph() - Set config files, create data dirs, etc

From 9eb8177eb7afa1e1cc9c64f80d175a1cb658ea50 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Fri, 21 Nov 2014 09:41:45 -0800
Subject: [PATCH 0185/3421] Move sgabios setup to hypervisor-ironic

This moves setup of sgabios ROM to the ironic hypervisor library.
This is failing to backport to juno because of an error in the sideways ironic
grenade. install_ironic() is expected to setup only python things and happens
earlier than initial package installation.

Fixes-bug: #1396352
Change-Id: I75f0052045143571619e6712d57014228abf7a20
---
 lib/ironic                         | 8 --------
 lib/nova_plugins/hypervisor-ironic | 7 +++++++
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index f2b1fb2f6a..fc4b162036 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -171,14 +171,6 @@ function install_ironic {
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
         install_apache_wsgi
     fi
-
-    if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] && is_ubuntu; then
-        # Ubuntu packaging+apparmor issue prevents libvirt from loading
-        # the ROM from /usr/share/misc.  Workaround by installing it directly
-        # to a directory that it can read from. (LP: #1393548)
-        sudo rm -rf /usr/share/qemu/sgabios.bin
-        sudo cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
-    fi
 }
 
 # install_ironicclient() - Collect sources and prepare
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 420950328e..abf59b8008 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -56,6 +56,13 @@ function install_nova_hypervisor {
         die $LINENO "Neutron should be enabled for usage of the Ironic Nova driver."
     fi
     install_libvirt
+    if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] && is_ubuntu; then
+        # Ubuntu packaging+apparmor issue prevents libvirt from loading
+        # the ROM from /usr/share/misc.  Workaround by installing it directly
+        # to a directory that it can read from. (LP: #1393548)
+        sudo rm -rf /usr/share/qemu/sgabios.bin
+        sudo cp /usr/share/misc/sgabios.bin /usr/share/qemu/sgabios.bin
+    fi
 }
 
 # start_nova_hypervisor - Start any required external services

From ea70cc94719b140f90fb3a3d86e37bd543146ee3 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Tue, 25 Nov 2014 19:07:11 -0800
Subject: [PATCH 0186/3421] Copy nova-api-paste.ini if n-api* is enabled

In multi node devstack using multi-host nova-networking, n-api-meta runs
on every machine but n-api only runs on the API node. So copy
nova-api-paste.ini if any version of n-api* is running.

Change-Id: I323f39f5080b94e22907a173a1a2bc4a324567b8
---
 lib/nova | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 78906f7210..9a8614b47a 100644
--- a/lib/nova
+++ b/lib/nova
@@ -257,7 +257,7 @@ function configure_nova {
 
     configure_nova_rootwrap
 
-    if is_service_enabled n-api; then
+    if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
         # Remove legacy paste config if present
         rm -f $NOVA_DIR/bin/nova-api-paste.ini
 

From a3d60c80d9f39ee6a0410dcdd5c778d0b7511c9d Mon Sep 17 00:00:00 2001
From: Julie Pichon 
Date: Fri, 21 Nov 2014 14:57:16 +0000
Subject: [PATCH 0187/3421] Explicitly pass in SLAPPASS when setting up LDAP

Change-Id: Ibcceabf2c76aaeeb8902a670557cc0093943a3e4
Closes-Bug: #1373750
---
 lib/ldap | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/ldap b/lib/ldap
index a6fb82f6f2..2a3ba64efb 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -51,9 +51,10 @@ fi
 # _ldap_varsubst file
 function _ldap_varsubst {
     local infile=$1
+    local slappass=$2
     sed -e "
         s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|
-        s|\${SLAPPASS}|$SLAPPASS|
+        s|\${SLAPPASS}|$slappass|
         s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
         s|\${BASE_DC}|$LDAP_BASE_DC|
         s|\${BASE_DN}|$LDAP_BASE_DN|
@@ -130,7 +131,7 @@ function install_ldap {
     printf "LDAP secret is $slappass\n"
 
     # Create manager.ldif and add to olcdb
-    _ldap_varsubst $FILES/ldap/manager.ldif.in >$tmp_ldap_dir/manager.ldif
+    _ldap_varsubst $FILES/ldap/manager.ldif.in $slappass >$tmp_ldap_dir/manager.ldif
     sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $tmp_ldap_dir/manager.ldif
 
     # On fedora we need to manually add cosine and inetorgperson schemas

From 19354585e16513f5ee590c90620b7fae603b6a78 Mon Sep 17 00:00:00 2001
From: Evgeny Antyshev 
Date: Mon, 24 Nov 2014 14:20:35 +0400
Subject: [PATCH 0188/3421] libvirt plugin "parallels" support

We're in the process of establishing the CI testing with
Parallels Cloud Server plugin for libvirt.
Currently we use local clone of devstack in our infrastructure,
but we want to switch to upstream

requires extra customization of nova.conf and glance-api.conf:
nova.conf should have "images_type" and "connection_uri"
defined, and glance-api.conf to have "ploop" in disk formats

Implements: blueprint pcs-support
Change-Id: I0b073359fda8b4531cae7b8946eb52a561c82857
---
 lib/glance                          | 3 +++
 lib/nova_plugins/hypervisor-libvirt | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/lib/glance b/lib/glance
index b4c18f8ac7..0970f9483a 100644
--- a/lib/glance
+++ b/lib/glance
@@ -129,6 +129,9 @@ function configure_glance {
         iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
         iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso"
     fi
+    if [ "$VIRT_DRIVER" = 'libvirt' ] && [ "$LIBVIRT_TYPE" = 'parallels' ]; then
+        iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,ploop"
+    fi
 
     # Store specific configs
     iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 53dbfb976f..123ca82048 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -64,6 +64,11 @@ function configure_nova_hypervisor {
         # disable it here for now to avoid surprises later.
         iniset $NOVA_CONF libvirt inject_partition '-2'
     fi
+
+    if [[ "$LIBVIRT_TYPE" = "parallels" ]]; then
+        iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
+        iniset $NOVA_CONF libvirt images_type "ploop"
+    fi
 }
 
 # install_nova_hypervisor() - Install external components

From f10c81869e27f215092c98af5d5b7c19bd64a8c9 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 27 Nov 2014 07:13:35 -0500
Subject: [PATCH 0189/3421] drop tempest xml variable setting

tempest has dropped xml support, this variable no longer does
anything.

Change-Id: Iab4dbb88f6f01fe301fd54b3ac53995bed1c485a
---
 lib/tempest | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 6bcfaec84b..46c9e26916 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -304,7 +304,6 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
     iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False}
     iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions ${COMPUTE_API_EXTENSIONS:-"all"}
-    iniset $TEMPEST_CONFIG compute-feature-enabled xml_api_v2 ${TEMPEST_ENABLE_NOVA_XML_API:-True}
     iniset $TEMPEST_CONFIG compute-feature-disabled api_extensions ${DISABLE_COMPUTE_API_EXTENSIONS}
 
     # Compute admin

From fe6dccb0a8b1ca05e73982f0aba647044bf79a2d Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles 
Date: Fri, 28 Nov 2014 13:12:14 +0200
Subject: [PATCH 0190/3421] Fix typos in the configuration documentation

Change-Id: I0089c195f4cda313c3b68a7c5c215b9dbff94db2
---
 doc/source/configuration.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 5157622441..baebe979b0 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -92,7 +92,7 @@ added:
     [[post-config|/$Q_PLUGIN_CONF_FILE]]
 
 Also note that the ``localrc`` section is sourced as a shell script
-fragment amd MUST conform to the shell requirements, specifically no
+fragment and MUST conform to the shell requirements, specifically no
 whitespace around ``=`` (equals).
 
 Minimal Configuration
@@ -131,7 +131,7 @@ used for both the local networking and Nova's fixed and floating ranges.
 
 ``HOST_IP`` is normally detected on the first run of ``stack.sh`` but
 often is indeterminate on later runs due to the IP being moved from an
-Ethernet integace to a bridge on the host. Setting it here also makes it
+Ethernet interface to a bridge on the host. Setting it here also makes it
 available for ``openrc`` to set ``OS_AUTH_URL``. ``HOST_IP`` is not set
 by default.
 
@@ -208,7 +208,7 @@ Logging the Screen Output
        which is useful for watching log and debug output. However, in
        automated testing the interactive ``screen`` sessions may not be
        available after the fact; setting ``SCREEN_LOGDIR`` enables logging
-       of the ``screen`` sessions in the specified diretory. There will be
+       of the ``screen`` sessions in the specified directory. There will be
        one file per ``screen`` session named for the session name and a
        timestamp.
     |

From b7c1ce4d0f40cb24c78d6a14bb092b57ee12be03 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles 
Date: Fri, 28 Nov 2014 14:19:19 +0200
Subject: [PATCH 0191/3421] Fix path to network interfaces configurations

This commit changes the path that is used as reference in the
documentation to one that is widely used in both ubuntu and debian. This
was made in order to avoid confusions (that actually happened while I
was trying out the devstack guide).

Change-Id: Ic3ce40816f79f9f522fc33ed8b4a574d7a57d586
---
 doc/source/guides/neutron.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 59b7a9d55b..dc2fc71617 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -23,7 +23,7 @@ the machine.
 
 eth1 is manually configured at boot to not have an IP address.
 Consult your operating system documentation for the appropriate
-technique. For Ubuntu, the contents of `/etc/networking/interfaces`
+technique. For Ubuntu, the contents of `/etc/network/interfaces`
 contains:
 
 ::

From 5a252d9a0e860e27676b60851766728451c29c17 Mon Sep 17 00:00:00 2001
From: Masayuki Igawa 
Date: Fri, 21 Nov 2014 21:55:09 +0900
Subject: [PATCH 0192/3421] Fix variable typo of use_syslog in lib/tempest

TEMPEST_CONF is not set but used it. As a result the meaningless file
'DEFAULT' is created. So this commit fixes to use proper variable name.

Closes-bug: #1394969
Change-Id: If6e58f269319df3c4f71b4fc13aa855c63f7e3a3
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index d3fb9fb2dc..399e8e6c22 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -247,7 +247,7 @@ function configure_tempest {
         fi
     fi
 
-    iniset $TEMPEST_CONF DEFAULT use_syslog $SYSLOG
+    iniset $TEMPEST_CONFIG DEFAULT use_syslog $SYSLOG
     # Oslo
     iniset $TEMPEST_CONFIG DEFAULT lock_path $TEMPEST_STATE_PATH
     mkdir -p $TEMPEST_STATE_PATH

From c78e4671098f08c2eaf0b033777d3c01082141cd Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Mon, 1 Dec 2014 11:24:37 -0800
Subject: [PATCH 0193/3421] Wait for hypervisor-stats to reflect ironic nodes

When enrolling nodes into Ironic, poll nova's hypervisor-stats until
the hypervisor count reflects the number of enrolled nodes.  This
eliminates a race where devstack completes and an instance is spawned
before the first post-enrollment periodic task ticks on the Nova side,
which has recently started popping up in the gate.

Change-Id: Ib3d8005e0094ee8af2d5fcb65aca6cd92736da90
Closes-bug: #1398128
---
 lib/ironic | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 622c18937f..28f8fe87e5 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -500,9 +500,23 @@ function create_bridge_and_vms {
     create_ovs_taps
 }
 
+function wait_for_nova_resources {
+    # After nodes have been enrolled, we need to wait for n-cpu's periodic
+    # task populate the resource tracker with available nodes.  Wait for 2
+    # minutes before timing out.
+    local expected_count=$1
+    echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $expected_count Ironic nodes"
+    for i in $(seq 1 120); do
+        if [ $(nova hypervisor-stats | grep " count " | get_field 2) -ge $expected_count ]; then
+            return 0
+        fi
+        sleep 1
+    done
+    die $LINENO "Nova hypervisor-stats did not register at least $expected_count nodes"
+}
+
 function enroll_nodes {
     local chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2)
-    local idx=0
 
     if [[ "$IRONIC_DEPLOY_DRIVER" == "pxe_ssh" ]] ; then
         local _IRONIC_DEPLOY_KERNEL_KEY=pxe_deploy_kernel
@@ -536,6 +550,7 @@ function enroll_nodes {
         fi
     fi
 
+    local total_nodes=0
     while read hardware_info; do
         if ! is_ironic_hardware; then
             local mac_address=$hardware_info
@@ -566,7 +581,7 @@ function enroll_nodes {
 
         ironic port-create --address $mac_address --node_uuid $node_id
 
-        idx=$((idx+1))
+        total_nodes=$((total_nodes+1))
     done < $ironic_hwinfo_file
 
     # create the nova flavor
@@ -581,6 +596,10 @@ function enroll_nodes {
     # from the flavor after the completion of
     # https://blueprints.launchpad.net/ironic/+spec/add-node-instance-info
     nova flavor-key baremetal set "cpu_arch"="x86_64" "baremetal:deploy_kernel_id"="$IRONIC_DEPLOY_KERNEL_ID" "baremetal:deploy_ramdisk_id"="$IRONIC_DEPLOY_RAMDISK_ID"
+
+    if [ "$VIRT_DRIVER" == "ironic" ]; then
+        wait_for_nova_resources $total_nodes
+    fi
 }
 
 function configure_iptables {

From 505b96afbe8f910d2c0d858f1da61ed361f5f14c Mon Sep 17 00:00:00 2001
From: Ken'ichi Ohmichi 
Date: Wed, 19 Nov 2014 07:00:00 +0000
Subject: [PATCH 0194/3421] Remove TEMPEST_ENABLE_NOVA_XML_API from Tempest
 config

I5b3e221d942e09134024b82acaf179dc869357e0 has removed xml_api_v2 from
Tempest config, and xml_api_v2 setting of DevStack is unnecessary now.
This patch removes it.

Change-Id: Ic85fbfda13fd352c4d513859915aaca27e894b58
---
 lib/tempest | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 6bcfaec84b..46c9e26916 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -304,7 +304,6 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
     iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False}
     iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions ${COMPUTE_API_EXTENSIONS:-"all"}
-    iniset $TEMPEST_CONFIG compute-feature-enabled xml_api_v2 ${TEMPEST_ENABLE_NOVA_XML_API:-True}
     iniset $TEMPEST_CONFIG compute-feature-disabled api_extensions ${DISABLE_COMPUTE_API_EXTENSIONS}
 
     # Compute admin

From 6623049ec48058afcb207855a9754df197a8cbb6 Mon Sep 17 00:00:00 2001
From: Jiri Tomasek 
Date: Tue, 2 Dec 2014 13:23:19 +0100
Subject: [PATCH 0195/3421] Horizon front page test fix

Fixes the test string in horizon front page test so it is not failing
when header tag gets new attributes

Change-Id: Ibf62bf6f6300eeb0ab2f22086b0ff1c05c69d86b
---
 exercises/horizon.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exercises/horizon.sh b/exercises/horizon.sh
index d62ad52123..ad08221690 100755
--- a/exercises/horizon.sh
+++ b/exercises/horizon.sh
@@ -36,7 +36,7 @@ source $TOP_DIR/exerciserc
 is_service_enabled horizon || exit 55
 
 # can we get the front page
-curl http://$SERVICE_HOST 2>/dev/null | grep -q '
        Log In
        ' || die $LINENO "Horizon front page not functioning!"
+curl http://$SERVICE_HOST 2>/dev/null | grep -q 'Log In' || die $LINENO "Horizon front page not functioning!"
 
 set +o xtrace
 echo "*********************************************************************"

From bfadd227ecd593d1aa151246fdc18952fcbe9d37 Mon Sep 17 00:00:00 2001
From: Steven Hardy 
Date: Wed, 3 Dec 2014 23:15:08 +0000
Subject: [PATCH 0196/3421] heat remove copy of sample config file

We're moving to a model like nova where we don't maintain a static
sample config, instead providing a readme showing how to generate
it in https://review.openstack.org/#/c/138800/, so this change
is needed before we can land that change.

Change-Id: I335a33646eef72962c9036dcd1de50144d8575c8
---
 lib/heat | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/heat b/lib/heat
index 2b55cf0f6a..3ed9a5ff41 100644
--- a/lib/heat
+++ b/lib/heat
@@ -94,7 +94,6 @@ function configure_heat {
 
     cp $HEAT_DIR/etc/heat/api-paste.ini $HEAT_API_PASTE_FILE
     cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE
-    cp $HEAT_DIR/etc/heat/heat.conf.sample $HEAT_CONF
 
     # common options
     iniset_rpc_backend heat $HEAT_CONF DEFAULT

From 8b469c1c5e36047a9e5a80e040f137957bdb8d66 Mon Sep 17 00:00:00 2001
From: Steven Hardy 
Date: Thu, 4 Dec 2014 10:43:52 +0000
Subject: [PATCH 0197/3421] Remove heat_stack_owner role

Since https://review.openstack.org/#/c/128509/ heat no longer requires
the "heat_stack_owner" role by default, as we now delegate all roles
via the trust.  So remove the now unnecessary role creation and assignment
from lib/heat.

Change-Id: Ia097ac9a76b3242ed6e62b11ca64c7ac7680b97c
---
 lib/heat | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/lib/heat b/lib/heat
index 2b55cf0f6a..74163bdc31 100644
--- a/lib/heat
+++ b/lib/heat
@@ -252,17 +252,6 @@ function create_heat_accounts {
     get_or_create_role "heat_stack_user"
 
     if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
-
-        # heat_stack_owner role is given to users who create Heat stacks,
-        # it's the default role used by heat to delegate to the heat service
-        # user (for performing deferred operations via trusts), see heat.conf
-        local heat_owner_role=$(get_or_create_role "heat_stack_owner")
-
-        # Give the role to the demo and admin users so they can create stacks
-        # in either of the projects created by devstack
-        get_or_add_user_role $heat_owner_role demo demo
-        get_or_add_user_role $heat_owner_role admin demo
-        get_or_add_user_role $heat_owner_role admin admin
         iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
     fi
 

From ffc1f8d426573f78e3a4bb88bd0246b59694bdcc Mon Sep 17 00:00:00 2001
From: Gary Kotton 
Date: Wed, 26 Nov 2014 04:00:33 -0800
Subject: [PATCH 0198/3421] Fix tools upload_image.sh utility

The utility would fail due to the fact that the GLANCE_SERVICE_PROTOCOL
was not set.

Change-Id: Iff0b59274fa909895abd70c3a6d1da63dbd70483
Closes-bug: #1396567
---
 tools/upload_image.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/upload_image.sh b/tools/upload_image.sh
index d81a5c8dab..5d23f31b9c 100755
--- a/tools/upload_image.sh
+++ b/tools/upload_image.sh
@@ -37,6 +37,7 @@ die_if_not_set $LINENO TOKEN "Keystone fail to get token"
 
 # Glance connection info.  Note the port must be specified.
 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_HOST:9292}
+GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
 for IMAGE in "$*"; do
     upload_image $IMAGE $TOKEN

From 82a7d939290ec7224f1e918a35e8c5ad0c18cb31 Mon Sep 17 00:00:00 2001
From: JordanP 
Date: Thu, 4 Dec 2014 14:09:16 +0100
Subject: [PATCH 0199/3421] Fixes lib/tempest to accomodate Storage Protocol
 name with spaces

Change-Id: Ic711b2bb69f78b10ff6cb48e670df2d35646d8e9
Closes-Bug: #1278835
---
 lib/tempest | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 6bcfaec84b..8c5da5ea8d 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -390,8 +390,8 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG volume vendor_name "$TEMPEST_VOLUME_VENDOR"
     fi
     if [ $TEMPEST_VOLUME_DRIVER != "default" -o \
-        $TEMPEST_STORAGE_PROTOCOL != $TEMPEST_DEFAULT_STORAGE_PROTOCOL ]; then
-        iniset $TEMPEST_CONFIG volume storage_protocol $TEMPEST_STORAGE_PROTOCOL
+        "$TEMPEST_STORAGE_PROTOCOL" != "$TEMPEST_DEFAULT_STORAGE_PROTOCOL" ]; then
+        iniset $TEMPEST_CONFIG volume storage_protocol "$TEMPEST_STORAGE_PROTOCOL"
     fi
 
     # Dashboard

From 5bef3e1633ec2c7e2b932f6d519baa23526f5f87 Mon Sep 17 00:00:00 2001
From: Victoria Martinez de la Cruz 
Date: Thu, 4 Dec 2014 10:24:37 -0300
Subject: [PATCH 0200/3421] Enable Zaqar to run in debug mode

Change-Id: Ia751f04119ce1b4c6213be75d087ef24de904498
---
 lib/zaqar | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/zaqar b/lib/zaqar
index 3b0452940f..22ef5ef20f 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -111,6 +111,7 @@ function configure_zaqar {
     [ ! -d $ZAQAR_API_LOG_DIR ] &&  sudo mkdir -m 755 -p $ZAQAR_API_LOG_DIR
     sudo chown $USER $ZAQAR_API_LOG_DIR
 
+    iniset $ZAQAR_CONF DEFAULT debug True
     iniset $ZAQAR_CONF DEFAULT verbose True
     iniset $ZAQAR_CONF DEFAULT admin_mode True
     iniset $ZAQAR_CONF DEFAULT use_syslog $SYSLOG

From 0f176d8bc2010920842e1e6c1422aba05b9b5eb4 Mon Sep 17 00:00:00 2001
From: Ken'ichi Ohmichi 
Date: Wed, 3 Dec 2014 01:24:47 +0000
Subject: [PATCH 0201/3421] Add NOVA_API_VERSIONS

This provides a mechanism for overriding v2 endpoint with v2.1 so that
tests can be run against a devstack to provide equivalency between the
APIs.

Change-Id: Iaaa530bda6bcdae75e86be8dbe572abe4396e8e9
---
 lib/nova | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/nova b/lib/nova
index d5fe7ac48e..5db2f8fcd3 100644
--- a/lib/nova
+++ b/lib/nova
@@ -45,6 +45,12 @@ NOVA_FAKE_CONF=$NOVA_CONF_DIR/nova-fake.conf
 NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
 
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
+# NOVA_API_VERSIONS valid options
+#   - default - setup API end points as nova does out of the box
+#   - v21default - make v21 the default on /v2
+# NOTE(sdague): this is for transitional testing of the Nova v21 API.
+# Expect to remove in L or M.
+NOVA_API_VERSIONS=${NOVA_API_VERSIONS:-default}
 
 if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
     NOVA_SERVICE_PROTOCOL="https"
@@ -263,6 +269,11 @@ function configure_nova {
 
         # Get the sample configuration file in place
         cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF_DIR
+
+        # For testing v21 is equivalent to v2
+        if [[ "$NOVA_API_VERSION" == "v21default" ]]; then
+            sed -i s/": openstack_compute_api_v2$"/": openstack_compute_api_v21"/ "$NOVA_API_PASTE_INI"
+        fi
     fi
 
     if is_service_enabled n-cpu; then

From c30d3213f8fc683523267574676fa5062c2c36de Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 4 Dec 2014 07:20:03 -0500
Subject: [PATCH 0202/3421] remove legacy work around for nova paste.ini

This code goes *way* back and is not needed any more

Change-Id: I23716d88899a7fc18b7d4ccfa12b563d288810b0
---
 lib/nova | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/nova b/lib/nova
index 5db2f8fcd3..cdf43c4db3 100644
--- a/lib/nova
+++ b/lib/nova
@@ -264,9 +264,6 @@ function configure_nova {
     configure_nova_rootwrap
 
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
-        # Remove legacy paste config if present
-        rm -f $NOVA_DIR/bin/nova-api-paste.ini
-
         # Get the sample configuration file in place
         cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF_DIR
 

From a883698ca79a29c37a8c5a2f61966efb589f2697 Mon Sep 17 00:00:00 2001
From: Ken'ichi Ohmichi 
Date: Thu, 4 Dec 2014 23:08:10 +0000
Subject: [PATCH 0203/3421] Fix NOVA_API_VERSION option

lib/nova checks NOVA_API_VERSION for setting Nova v2.1 API endpoint,
but the name of the initialization is different.
This patch fixes it.

Change-Id: I2fa234d66fe76b2a7146288adc1384b33921e178
---
 lib/nova | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/nova b/lib/nova
index 5db2f8fcd3..ec2d0bf29c 100644
--- a/lib/nova
+++ b/lib/nova
@@ -45,12 +45,12 @@ NOVA_FAKE_CONF=$NOVA_CONF_DIR/nova-fake.conf
 NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
 
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
-# NOVA_API_VERSIONS valid options
+# NOVA_API_VERSION valid options
 #   - default - setup API end points as nova does out of the box
 #   - v21default - make v21 the default on /v2
 # NOTE(sdague): this is for transitional testing of the Nova v21 API.
 # Expect to remove in L or M.
-NOVA_API_VERSIONS=${NOVA_API_VERSIONS:-default}
+NOVA_API_VERSION=${NOVA_API_VERSION-default}
 
 if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
     NOVA_SERVICE_PROTOCOL="https"

From 9bc3459927ea48b2633b4a8c4a247764d6d4b8bd Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Tue, 2 Dec 2014 16:49:14 -0800
Subject: [PATCH 0204/3421] Tighten up parsing of neutron tap device for ironic

The current parsing of the interfaces from the neutron network namespace
fails if there are other things that match 'tap' (ie, gretaps created
for other purposes)  This tightens up the parsing to only match devices
starting 'tap' instead of anything containing 'tap'

Change-Id: I9a31ec8ad253da0b3c5bd7f5eb105c49850f3060
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 28f8fe87e5..0e72f6e331 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -460,7 +460,7 @@ function create_ovs_taps {
     # intentional sleep to make sure the tag has been set to port
     sleep 10
 
-    local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep tap | cut -d':' -f2 | cut -b2-)
+    local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -b2-)
     local tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
 
     # make sure veth pair is not existing, otherwise delete its links

From 6c74932bf7f02ddd5bad7c276bca68b58e5b745d Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Tue, 2 Dec 2014 16:20:50 -0800
Subject: [PATCH 0205/3421] Do not regenerate ironic ssh key if one exists

Gets rid of redundant globals and avoids regenerating an ssh key
for ironic if one exists.  Also allows key file to be user-specified,
letting ironic use pregenerated keys.

Change-Id: Iaa6f8918bf14dae2116269a0be5039fc5afaecfa
---
 lib/ironic | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 0e72f6e331..0a0e8b8bcd 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -60,7 +60,7 @@ IRONIC_ENABLED_DRIVERS=${IRONIC_ENABLED_DRIVERS:-fake,pxe_ssh,pxe_ipmitool}
 IRONIC_SSH_USERNAME=${IRONIC_SSH_USERNAME:-`whoami`}
 IRONIC_SSH_KEY_DIR=${IRONIC_SSH_KEY_DIR:-$IRONIC_DATA_DIR/ssh_keys}
 IRONIC_SSH_KEY_FILENAME=${IRONIC_SSH_KEY_FILENAME:-ironic_key}
-IRONIC_KEY_FILE=$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME
+IRONIC_KEY_FILE=${IRONIC_KEY_FILE:-$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME}
 IRONIC_SSH_VIRT_TYPE=${IRONIC_SSH_VIRT_TYPE:-virsh}
 IRONIC_TFTPBOOT_DIR=${IRONIC_TFTPBOOT_DIR:-$IRONIC_DATA_DIR/tftpboot}
 IRONIC_TFTPSERVER_IP=${IRONIC_TFTPSERVER_IP:-$HOST_IP}
@@ -632,15 +632,16 @@ function configure_tftpd {
 }
 
 function configure_ironic_ssh_keypair {
-    # Generating ssh key pair for stack user
-    if [[ ! -d $IRONIC_SSH_KEY_DIR ]]; then
-        mkdir -p $IRONIC_SSH_KEY_DIR
-    fi
     if [[ ! -d $HOME/.ssh ]]; then
         mkdir -p $HOME/.ssh
         chmod 700 $HOME/.ssh
     fi
-    echo -e 'n\n' | ssh-keygen -q -t rsa -P '' -f $IRONIC_KEY_FILE
+    if [[ ! -e $IRONIC_KEY_FILE ]]; then
+        if [[ ! -d $(dirname $IRONIC_KEY_FILE) ]]; then
+            mkdir -p $(dirname $IRONIC_KEY_FILE)
+        fi
+        echo -e 'n\n' | ssh-keygen -q -t rsa -P '' -f $IRONIC_KEY_FILE
+    fi
     cat $IRONIC_KEY_FILE.pub | tee -a $IRONIC_AUTHORIZED_KEYS_FILE
 }
 
@@ -657,7 +658,7 @@ function ironic_ssh_check {
 
 function configure_ironic_auxiliary {
     configure_ironic_ssh_keypair
-    ironic_ssh_check $IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME 10
+    ironic_ssh_check $IRONIC_KEY_FILE $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME 10
 }
 
 function build_ipa_coreos_ramdisk {

From 88cde0b3da7102cd28b3b44fbf6112b17303b27d Mon Sep 17 00:00:00 2001
From: Sabari Kumar Murugesan 
Date: Thu, 4 Dec 2014 17:48:26 -0800
Subject: [PATCH 0206/3421] VMware: add default image metadata for hw_vif_model

During glance image-create we are currently setting a null value
for the hw_vif_model, if we are unable to introspect from the vmdk
file.

This patch adds a default value if not found.

Change-Id: I6d0f551b18f03e2a799ae14c3347652a285693f0
---
 functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions b/functions
index bb40a481bd..f31a59afac 100644
--- a/functions
+++ b/functions
@@ -82,7 +82,7 @@ function upload_image {
         # driver will supply default values.
 
         local vmdk_disktype=""
-        local vmdk_net_adapter=""
+        local vmdk_net_adapter="e1000"
         local path_len
 
         # vmdk adapter type

From 2f8e08b5728f4272b415b1c0aab8ff62eae29b06 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 5 Dec 2014 08:31:16 -0500
Subject: [PATCH 0207/3421] remove nova baremetal driver support

This has been deleted from the nova tree, we should purge it from
devstack, as it will not work any more.

Change-Id: I20501fec140998b91c9ddfd84b7b10168624430a
---
 clean.sh                              |   1 -
 doc/source/index.rst                  |   1 -
 lib/baremetal                         | 439 --------------------------
 lib/neutron                           |  20 +-
 lib/nova                              |   6 -
 lib/nova_plugins/hypervisor-baremetal |  87 -----
 stack.sh                              |  63 +---
 stackrc                               |   4 +-
 unstack.sh                            |   1 -
 9 files changed, 11 insertions(+), 611 deletions(-)
 delete mode 100644 lib/baremetal
 delete mode 100644 lib/nova_plugins/hypervisor-baremetal

diff --git a/clean.sh b/clean.sh
index db1a1e4637..f2f13389c8 100755
--- a/clean.sh
+++ b/clean.sh
@@ -50,7 +50,6 @@ source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron
-source $TOP_DIR/lib/baremetal
 source $TOP_DIR/lib/ironic
 source $TOP_DIR/lib/trove
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index a917ac341d..7188f6ecf4 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -139,7 +139,6 @@ Scripts
 * `functions `__ - DevStack-specific functions
 * `functions-common `__ - Functions shared with other projects
 * `lib/apache `__
-* `lib/baremetal `__
 * `lib/ceilometer `__
 * `lib/ceph `__
 * `lib/cinder `__
diff --git a/lib/baremetal b/lib/baremetal
deleted file mode 100644
index af90c06360..0000000000
--- a/lib/baremetal
+++ /dev/null
@@ -1,439 +0,0 @@
-## vim: tabstop=4 shiftwidth=4 softtabstop=4
-
-## Copyright (c) 2012 Hewlett-Packard Development Company, L.P.
-## All Rights Reserved.
-##
-##    Licensed under the Apache License, Version 2.0 (the "License"); you may
-##    not use this file except in compliance with the License. You may obtain
-##    a copy of the License at
-##
-##         http://www.apache.org/licenses/LICENSE-2.0
-##
-##    Unless required by applicable law or agreed to in writing, software
-##    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-##    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-##    License for the specific language governing permissions and limitations
-##    under the License.
-
-
-# This file provides devstack with the environment and utilities to
-# control nova-compute's baremetal driver.
-# It sets reasonable defaults to run within a single host,
-# using virtual machines in place of physical hardware.
-# However, by changing just a few options, devstack+baremetal can in fact
-# control physical hardware resources on the same network, if you know
-# the MAC address(es) and IPMI credentials.
-#
-# At a minimum, to enable the baremetal driver, you must set these in localrc:
-#
-#    VIRT_DRIVER=baremetal
-#    ENABLED_SERVICES="$ENABLED_SERVICES,baremetal"
-#
-#
-# We utilize diskimage-builder to create a ramdisk, and then
-# baremetal driver uses that to push a disk image onto the node(s).
-#
-# Below we define various defaults which control the behavior of the
-# baremetal compute service, and inform it of the hardware it will control.
-#
-# Below that, various functions are defined, which are called by devstack
-# in the following order:
-#
-# before nova-cpu starts:
-#
-#  - prepare_baremetal_toolchain
-#  - configure_baremetal_nova_dirs
-#
-# after nova and glance have started:
-#
-#  - build_and_upload_baremetal_deploy_k_and_r $token
-#  - create_baremetal_flavor $BM_DEPLOY_KERNEL_ID $BM_DEPLOY_RAMDISK_ID
-#  - upload_baremetal_image $url $token
-#  - add_baremetal_node  
-
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Sub-driver settings
-# -------------------
-
-# sub-driver to use for kernel deployment
-#
-# - nova.virt.baremetal.pxe.PXE
-# - nova.virt.baremetal.tilera.TILERA
-BM_DRIVER=${BM_DRIVER:-nova.virt.baremetal.pxe.PXE}
-
-# sub-driver to use for remote power management
-#
-# - nova.virt.baremetal.fake.FakePowerManager, for manual power control
-# - nova.virt.baremetal.ipmi.IPMI, for remote IPMI
-# - nova.virt.baremetal.tilera_pdu.Pdu, for TilePro hardware
-BM_POWER_MANAGER=${BM_POWER_MANAGER:-nova.virt.baremetal.fake.FakePowerManager}
-
-
-# These should be customized to your environment and hardware
-# -----------------------------------------------------------
-
-# To provide PXE, configure nova-network's dnsmasq rather than run the one
-# dedicated to baremetal. When enable this, make sure these conditions are
-# fulfilled:
-#
-# 1) nova-compute and nova-network runs on the same host
-# 2) nova-network uses FlatDHCPManager
-#
-# NOTE: the other BM_DNSMASQ_* have no effect on the behavior if this option
-# is enabled.
-BM_DNSMASQ_FROM_NOVA_NETWORK=`trueorfalse False $BM_DNSMASQ_FROM_NOVA_NETWORK`
-
-# BM_DNSMASQ_IFACE should match FLAT_NETWORK_BRIDGE
-BM_DNSMASQ_IFACE=${BM_DNSMASQ_IFACE:-eth0}
-# if testing on a physical network,
-# BM_DNSMASQ_RANGE must be changed to suit your network
-BM_DNSMASQ_RANGE=${BM_DNSMASQ_RANGE:-}
-
-# BM_DNSMASQ_DNS provide dns server to bootstrap clients
-BM_DNSMASQ_DNS=${BM_DNSMASQ_DNS:-}
-
-# BM_FIRST_MAC *must* be set to the MAC address of the node you will
-# boot.  This is passed to dnsmasq along with the kernel/ramdisk to
-# deploy via PXE.
-BM_FIRST_MAC=${BM_FIRST_MAC:-}
-
-# BM_SECOND_MAC is only important if the host has >1 NIC.
-BM_SECOND_MAC=${BM_SECOND_MAC:-}
-
-# Hostname for the baremetal nova-compute node, if not run on this host
-BM_HOSTNAME=${BM_HOSTNAME:-$(hostname -f)}
-
-# BM_PM_* options are only necessary if BM_POWER_MANAGER=...IPMI
-BM_PM_ADDR=${BM_PM_ADDR:-0.0.0.0}
-BM_PM_USER=${BM_PM_USER:-user}
-BM_PM_PASS=${BM_PM_PASS:-pass}
-
-# BM_FLAVOR_* options are arbitrary and not necessarily related to
-# physical hardware capacity. These can be changed if you are testing
-# BaremetalHostManager with multiple nodes and different flavors.
-BM_CPU_ARCH=${BM_CPU_ARCH:-x86_64}
-BM_FLAVOR_CPU=${BM_FLAVOR_CPU:-1}
-BM_FLAVOR_RAM=${BM_FLAVOR_RAM:-1024}
-BM_FLAVOR_ROOT_DISK=${BM_FLAVOR_ROOT_DISK:-10}
-BM_FLAVOR_EPHEMERAL_DISK=${BM_FLAVOR_EPHEMERAL_DISK:-0}
-BM_FLAVOR_SWAP=${BM_FLAVOR_SWAP:-1}
-BM_FLAVOR_NAME=${BM_FLAVOR_NAME:-bm.small}
-BM_FLAVOR_ID=${BM_FLAVOR_ID:-11}
-BM_FLAVOR_ARCH=${BM_FLAVOR_ARCH:-$BM_CPU_ARCH}
-
-
-# Use DIB to create deploy ramdisk and kernel.
-BM_BUILD_DEPLOY_RAMDISK=`trueorfalse True $BM_BUILD_DEPLOY_RAMDISK`
-# If not use DIB, these files are used as deploy ramdisk/kernel.
-# (The value must be a relative path from $TOP_DIR/files/)
-BM_DEPLOY_RAMDISK=${BM_DEPLOY_RAMDISK:-}
-BM_DEPLOY_KERNEL=${BM_DEPLOY_KERNEL:-}
-
-# If you need to add any extra flavors to the deploy ramdisk image
-# eg, specific network drivers, specify them here
-#
-# NOTE(deva): this will be moved to lib/ironic in a future patch
-#             for now, set the default to a suitable value for Ironic's needs
-BM_DEPLOY_FLAVOR=${BM_DEPLOY_FLAVOR:--a amd64 ubuntu deploy-ironic}
-
-# set URL and version for google shell-in-a-box
-BM_SHELL_IN_A_BOX=${BM_SHELL_IN_A_BOX:-http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz}
-
-
-# Functions
-# ---------
-
-# Check if baremetal is properly enabled
-# Returns false if VIRT_DRIVER is not baremetal, or if ENABLED_SERVICES
-# does not contain "baremetal"
-function is_baremetal {
-    if [[ "$ENABLED_SERVICES" =~ 'baremetal' && "$VIRT_DRIVER" = 'baremetal' ]]; then
-        return 0
-    fi
-    return 1
-}
-
-# Install diskimage-builder and shell-in-a-box
-# so that we can build the deployment kernel & ramdisk
-function prepare_baremetal_toolchain {
-    if [[ $(type -P ramdisk-image-create) == "" ]]; then
-        pip_install diskimage_builder
-    fi
-    local shellinabox_basename=$(basename $BM_SHELL_IN_A_BOX)
-    if [[ ! -e $DEST/$shellinabox_basename ]]; then
-        cd $DEST
-        wget $BM_SHELL_IN_A_BOX
-    fi
-    if [[ ! -d $DEST/${shellinabox_basename%%.tar.gz} ]]; then
-        cd $DEST
-        tar xzf $shellinabox_basename
-    fi
-    if [[ ! $(which shellinaboxd) ]]; then
-        cd $DEST/${shellinabox_basename%%.tar.gz}
-        ./configure
-        make
-        sudo make install
-    fi
-}
-
-# prepare various directories needed by baremetal hypervisor
-function configure_baremetal_nova_dirs {
-    # ensure /tftpboot is prepared
-    sudo mkdir -p /tftpboot
-    sudo mkdir -p /tftpboot/pxelinux.cfg
-
-    PXEBIN=/usr/share/syslinux/pxelinux.0
-    if [ ! -f $PXEBIN ]; then
-        PXEBIN=/usr/lib/syslinux/pxelinux.0
-        if [ ! -f $PXEBIN ]; then
-            die $LINENO "pxelinux.0 (from SYSLINUX) not found."
-        fi
-    fi
-
-    sudo cp $PXEBIN /tftpboot/
-    sudo chown -R $STACK_USER:$LIBVIRT_GROUP /tftpboot
-
-    # ensure $NOVA_STATE_PATH/baremetal is prepared
-    sudo mkdir -p $NOVA_STATE_PATH/baremetal
-    sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
-    sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
-    sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
-    sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
-
-    # ensure dnsmasq is installed but not running
-    # because baremetal driver will reconfigure and restart this as needed
-    is_package_installed dnsmasq || install_package dnsmasq
-    stop_service dnsmasq
-}
-
-# build deploy kernel+ramdisk, then upload them to glance
-# this function sets BM_DEPLOY_KERNEL_ID and BM_DEPLOY_RAMDISK_ID
-function upload_baremetal_deploy {
-    token=$1
-
-    if [ "$BM_BUILD_DEPLOY_RAMDISK" = "True" ]; then
-        BM_DEPLOY_KERNEL=bm-deploy.kernel
-        BM_DEPLOY_RAMDISK=bm-deploy.initramfs
-        if [ ! -e "$TOP_DIR/files/$BM_DEPLOY_KERNEL" -o ! -e "$TOP_DIR/files/$BM_DEPLOY_RAMDISK" ]; then
-            ramdisk-image-create $BM_DEPLOY_FLAVOR \
-                -o $TOP_DIR/files/bm-deploy
-        fi
-    fi
-
-    # load them into glance
-    BM_DEPLOY_KERNEL_ID=$(openstack \
-        --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
-        image create \
-        $BM_DEPLOY_KERNEL \
-        --public --disk-format=aki \
-        --container-format=aki \
-        < $TOP_DIR/files/$BM_DEPLOY_KERNEL  | grep ' id ' | get_field 2)
-    BM_DEPLOY_RAMDISK_ID=$(openstack \
-        --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
-        image create \
-        $BM_DEPLOY_RAMDISK \
-        --public --disk-format=ari \
-        --container-format=ari \
-        < $TOP_DIR/files/$BM_DEPLOY_RAMDISK  | grep ' id ' | get_field 2)
-}
-
-# create a basic baremetal flavor, associated with deploy kernel & ramdisk
-#
-# Usage: create_baremetal_flavor  
-function create_baremetal_flavor {
-    aki=$1
-    ari=$2
-    nova flavor-create $BM_FLAVOR_NAME $BM_FLAVOR_ID \
-        $BM_FLAVOR_RAM $BM_FLAVOR_ROOT_DISK $BM_FLAVOR_CPU
-    nova flavor-key $BM_FLAVOR_NAME set \
-        "cpu_arch"="$BM_FLAVOR_ARCH" \
-        "baremetal:deploy_kernel_id"="$aki" \
-        "baremetal:deploy_ramdisk_id"="$ari"
-
-}
-
-# Pull run-time kernel/ramdisk out of disk image and load into glance.
-# Note that $file is currently expected to be in qcow2 format.
-# Sets KERNEL_ID and RAMDISK_ID
-#
-# Usage: extract_and_upload_k_and_r_from_image $token $file
-function extract_and_upload_k_and_r_from_image {
-    token=$1
-    file=$2
-    image_name=$(basename "$file" ".qcow2")
-
-    # this call returns the file names as "$kernel,$ramdisk"
-    out=$(disk-image-get-kernel \
-            -x -d $TOP_DIR/files -o bm-deploy -i $file)
-    if [ $? -ne 0 ]; then
-        die $LINENO "Failed to get kernel and ramdisk from $file"
-    fi
-    XTRACE=$(set +o | grep xtrace)
-    set +o xtrace
-    out=$(echo "$out" | tail -1)
-    $XTRACE
-    OUT_KERNEL=${out%%,*}
-    OUT_RAMDISK=${out##*,}
-
-    # load them into glance
-    KERNEL_ID=$(openstack \
-        --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
-        image create \
-        $image_name-kernel \
-        --public --disk-format=aki \
-        --container-format=aki \
-        < $TOP_DIR/files/$OUT_KERNEL | grep ' id ' | get_field 2)
-    RAMDISK_ID=$(openstack \
-        --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
-        image create \
-        $image_name-initrd \
-        --public --disk-format=ari \
-        --container-format=ari \
-        < $TOP_DIR/files/$OUT_RAMDISK | grep ' id ' | get_field 2)
-}
-
-
-# Re-implementation of devstack's "upload_image" function
-#
-# Takes the same parameters, but has some peculiarities which made it
-# easier to create a separate method, rather than complicate the logic
-# of the existing function.
-function upload_baremetal_image {
-    local image_url=$1
-    local token=$2
-
-    # Create a directory for the downloaded image tarballs.
-    mkdir -p $FILES/images
-
-    # Downloads the image (uec ami+aki style), then extracts it.
-    IMAGE_FNAME=`basename "$image_url"`
-    if [[ ! -f $FILES/$IMAGE_FNAME || \
-        "$(stat -c "%s" $FILES/$IMAGE_FNAME)" = "0" ]]; then
-        wget -c $image_url -O $FILES/$IMAGE_FNAME
-        if [[ $? -ne 0 ]]; then
-            echo "Not found: $image_url"
-            return
-        fi
-    fi
-
-    local KERNEL=""
-    local RAMDISK=""
-    local DISK_FORMAT=""
-    local CONTAINER_FORMAT=""
-    case "$IMAGE_FNAME" in
-        *.tar.gz|*.tgz)
-            # Extract ami and aki files
-            [ "${IMAGE_FNAME%.tar.gz}" != "$IMAGE_FNAME" ] &&
-                IMAGE_NAME="${IMAGE_FNAME%.tar.gz}" ||
-                IMAGE_NAME="${IMAGE_FNAME%.tgz}"
-            xdir="$FILES/images/$IMAGE_NAME"
-            rm -Rf "$xdir";
-            mkdir "$xdir"
-            tar -zxf $FILES/$IMAGE_FNAME -C "$xdir"
-            KERNEL=$(for f in "$xdir/"*-vmlinuz* "$xdir/"aki-*/image; do
-                [ -f "$f" ] && echo "$f" && break; done; true)
-            RAMDISK=$(for f in "$xdir/"*-initrd* "$xdir/"ari-*/image; do
-                [ -f "$f" ] && echo "$f" && break; done; true)
-            IMAGE=$(for f in "$xdir/"*.img "$xdir/"ami-*/image; do
-                [ -f "$f" ] && echo "$f" && break; done; true)
-            if [[ -z "$IMAGE_NAME" ]]; then
-                IMAGE_NAME=$(basename "$IMAGE" ".img")
-            fi
-            DISK_FORMAT=ami
-            CONTAINER_FORMAT=ami
-            ;;
-        *.qcow2)
-            IMAGE="$FILES/${IMAGE_FNAME}"
-            IMAGE_NAME=$(basename "$IMAGE" ".qcow2")
-            DISK_FORMAT=qcow2
-            CONTAINER_FORMAT=bare
-            ;;
-        *) echo "Do not know what to do with $IMAGE_FNAME"; false;;
-    esac
-
-    if [ "$CONTAINER_FORMAT" = "bare" ]; then
-        extract_and_upload_k_and_r_from_image $token $IMAGE
-    elif [ "$CONTAINER_FORMAT" = "ami" ]; then
-        KERNEL_ID=$(openstack \
-            --os-token $token \
-            --os-url http://$GLANCE_HOSTPORT \
-            image create \
-            "$IMAGE_NAME-kernel" --public \
-            --container-format aki \
-            --disk-format aki < "$KERNEL" | grep ' id ' | get_field 2)
-        RAMDISK_ID=$(openstack \
-            --os-token $token \
-            --os-url http://$GLANCE_HOSTPORT \
-            image create \
-            "$IMAGE_NAME-ramdisk" --public \
-            --container-format ari \
-            --disk-format ari < "$RAMDISK" | grep ' id ' | get_field 2)
-    else
-        # TODO(deva): add support for other image types
-        return
-    fi
-
-    openstack \
-        --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
-        image create \
-        "${IMAGE_NAME%.img}" --public \
-        --container-format $CONTAINER_FORMAT \
-        --disk-format $DISK_FORMAT \
-        ${KERNEL_ID:+--property kernel_id=$KERNEL_ID} \
-        ${RAMDISK_ID:+--property ramdisk_id=$RAMDISK_ID} < "${IMAGE}"
-
-    # override DEFAULT_IMAGE_NAME so that tempest can find the image
-    # that we just uploaded in glance
-    DEFAULT_IMAGE_NAME="${IMAGE_NAME%.img}"
-}
-
-function clear_baremetal_of_all_nodes {
-    list=$(nova baremetal-node-list | awk -F '| ' 'NR>3 {print $2}' )
-    for node in $list; do
-        nova baremetal-node-delete $node
-    done
-}
-
-# Inform nova-baremetal about nodes, MACs, etc.
-# Defaults to using BM_FIRST_MAC and BM_SECOND_MAC if parameters not specified
-#
-# Usage: add_baremetal_node  
-function add_baremetal_node {
-    mac_1=${1:-$BM_FIRST_MAC}
-    mac_2=${2:-$BM_SECOND_MAC}
-
-    id=$(nova baremetal-node-create \
-        --pm_address="$BM_PM_ADDR" \
-        --pm_user="$BM_PM_USER" \
-        --pm_password="$BM_PM_PASS" \
-        "$BM_HOSTNAME" \
-        "$BM_FLAVOR_CPU" \
-        "$BM_FLAVOR_RAM" \
-        "$BM_FLAVOR_ROOT_DISK" \
-        "$mac_1" \
-        | grep ' id ' | get_field 2 )
-    [ $? -eq 0 ] || [ "$id" ] || die $LINENO "Error adding baremetal node"
-    if [ -n "$mac_2" ]; then
-        id2=$(nova baremetal-interface-add "$id" "$mac_2" )
-        [ $? -eq 0 ] || [ "$id2" ] || die $LINENO "Error adding interface to barmetal node $id"
-    fi
-}
-
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/lib/neutron b/lib/neutron
index 09d935423e..5a2bfea801 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -529,25 +529,7 @@ function create_neutron_initial_network {
     TENANT_ID=$(openstack project list | grep " demo " | get_field 1)
     die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for demo"
 
-    # Create a small network
-    # Since neutron command is executed in admin context at this point,
-    # ``--tenant-id`` needs to be specified.
-    if is_baremetal; then
-        if [[ "$PUBLIC_INTERFACE" == '' || "$OVS_PHYSICAL_BRIDGE" == '' ]]; then
-            die $LINENO "Neutron settings for baremetal not set.. exiting"
-        fi
-        sudo ovs-vsctl add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
-        for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
-            sudo ip addr del $IP dev $PUBLIC_INTERFACE
-            sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
-        done
-        NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant-id $TENANT_ID --provider:network_type flat --provider:physical_network "$PHYSICAL_NETWORK" | grep ' id ' | get_field 2)
-        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
-        SUBNET_ID=$(neutron subnet-create --tenant-id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --gateway $NETWORK_GATEWAY --name $PRIVATE_SUBNET_NAME $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
-        die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $TENANT_ID"
-        sudo ifconfig $OVS_PHYSICAL_BRIDGE up
-        sudo route add default gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
-    elif is_provider_network; then
+    if is_provider_network; then
         die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
         die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
         NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
diff --git a/lib/nova b/lib/nova
index ec2d0bf29c..0e6c6afcf7 100644
--- a/lib/nova
+++ b/lib/nova
@@ -635,12 +635,6 @@ function init_nova {
         if is_service_enabled n-cell; then
             recreate_database $NOVA_CELLS_DB latin1
         fi
-
-        # (Re)create nova baremetal database
-        if is_baremetal; then
-            recreate_database nova_bm latin1
-            $NOVA_BIN_DIR/nova-baremetal-manage db sync
-        fi
     fi
 
     create_nova_cache_dir
diff --git a/lib/nova_plugins/hypervisor-baremetal b/lib/nova_plugins/hypervisor-baremetal
deleted file mode 100644
index 22d16a667b..0000000000
--- a/lib/nova_plugins/hypervisor-baremetal
+++ /dev/null
@@ -1,87 +0,0 @@
-# lib/nova_plugins/hypervisor-baremetal
-# Configure the baremetal hypervisor
-
-# Enable with:
-# VIRT_DRIVER=baremetal
-
-# Dependencies:
-# ``functions`` file
-# ``nova`` configuration
-
-# install_nova_hypervisor - install any external requirements
-# configure_nova_hypervisor - make configuration changes, including those to other services
-# start_nova_hypervisor - start any external services
-# stop_nova_hypervisor - stop any external services
-# cleanup_nova_hypervisor - remove transient data and cache
-
-# Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-NETWORK_MANAGER=${NETWORK_MANAGER:-FlatManager}
-PUBLIC_INTERFACE_DEFAULT=eth0
-FLAT_INTERFACE=${FLAT_INTERFACE:-eth0}
-FLAT_NETWORK_BRIDGE_DEFAULT=br100
-STUB_NETWORK=${STUB_NETWORK:-False}
-
-
-# Entry Points
-# ------------
-
-# clean_nova_hypervisor - Clean up an installation
-function cleanup_nova_hypervisor {
-    # This function intentionally left blank
-    :
-}
-
-# configure_nova_hypervisor - Set config files, create data dirs, etc
-function configure_nova_hypervisor {
-    configure_baremetal_nova_dirs
-
-    iniset $NOVA_CONF baremetal sql_connection `database_connection_url nova_bm`
-    LIBVIRT_FIREWALL_DRIVER=${LIBVIRT_FIREWALL_DRIVER:-"nova.virt.firewall.NoopFirewallDriver"}
-    iniset $NOVA_CONF DEFAULT compute_driver nova.virt.baremetal.driver.BareMetalDriver
-    iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
-    iniset $NOVA_CONF DEFAULT scheduler_host_manager nova.scheduler.baremetal_host_manager.BaremetalHostManager
-    iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
-    iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
-    iniset $NOVA_CONF baremetal flavor_extra_specs cpu_arch:$BM_CPU_ARCH
-    iniset $NOVA_CONF baremetal driver $BM_DRIVER
-    iniset $NOVA_CONF baremetal power_manager $BM_POWER_MANAGER
-    iniset $NOVA_CONF baremetal tftp_root /tftpboot
-    if [[ "$BM_DNSMASQ_FROM_NOVA_NETWORK" = "True" ]]; then
-        BM_DNSMASQ_CONF=$NOVA_CONF_DIR/dnsmasq-for-baremetal-from-nova-network.conf
-        sudo cp "$FILES/dnsmasq-for-baremetal-from-nova-network.conf" "$BM_DNSMASQ_CONF"
-        iniset $NOVA_CONF DEFAULT dnsmasq_config_file "$BM_DNSMASQ_CONF"
-    fi
-}
-
-# install_nova_hypervisor() - Install external components
-function install_nova_hypervisor {
-    # This function intentionally left blank
-    :
-}
-
-# start_nova_hypervisor - Start any required external services
-function start_nova_hypervisor {
-    # This function intentionally left blank
-    :
-}
-
-# stop_nova_hypervisor - Stop any external services
-function stop_nova_hypervisor {
-    # This function intentionally left blank
-    :
-}
-
-
-# Restore xtrace
-$MY_XTRACE
-
-# Local variables:
-# mode: shell-script
-# End:
diff --git a/stack.sh b/stack.sh
index 24bda01782..cd1c200404 100755
--- a/stack.sh
+++ b/stack.sh
@@ -561,7 +561,6 @@ source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron
-source $TOP_DIR/lib/baremetal
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
 
@@ -1136,14 +1135,6 @@ if is_service_enabled nova; then
     init_nova_cells
 fi
 
-# Extra things to prepare nova for baremetal, before nova starts
-if is_service_enabled nova && is_baremetal; then
-    echo_summary "Preparing for nova baremetal"
-    prepare_baremetal_toolchain
-    configure_baremetal_nova_dirs
-fi
-
-
 # Extras Configuration
 # ====================
 
@@ -1197,28 +1188,16 @@ if is_service_enabled g-reg; then
     TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
     die_if_not_set $LINENO TOKEN "Keystone fail to get token"
 
-    if is_baremetal; then
-        echo_summary "Creating and uploading baremetal images"
-
-        # build and upload separate deploy kernel & ramdisk
-        upload_baremetal_deploy $TOKEN
-
-        # upload images, separating out the kernel & ramdisk for PXE boot
-        for image_url in ${IMAGE_URLS//,/ }; do
-            upload_baremetal_image $image_url $TOKEN
-        done
-    else
-        echo_summary "Uploading images"
-
-        # Option to upload legacy ami-tty, which works with xenserver
-        if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then
-            IMAGE_URLS="${IMAGE_URLS:+${IMAGE_URLS},}https://github.com/downloads/citrix-openstack/warehouse/tty.tgz"
-        fi
+    echo_summary "Uploading images"
 
-        for image_url in ${IMAGE_URLS//,/ }; do
-            upload_image $image_url $TOKEN
-        done
+    # Option to upload legacy ami-tty, which works with xenserver
+    if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then
+        IMAGE_URLS="${IMAGE_URLS:+${IMAGE_URLS},}https://github.com/downloads/citrix-openstack/warehouse/tty.tgz"
     fi
+
+    for image_url in ${IMAGE_URLS//,/ }; do
+        upload_image $image_url $TOKEN
+    done
 fi
 
 # Create an access key and secret key for nova ec2 register image
@@ -1325,32 +1304,6 @@ if is_service_enabled nova && is_service_enabled key; then
 fi
 
 
-# If we are running nova with baremetal driver, there are a few
-# last-mile configuration bits to attend to, which must happen
-# after n-api and n-sch have started.
-# Also, creating the baremetal flavor must happen after images
-# are loaded into glance, though just knowing the IDs is sufficient here
-if is_service_enabled nova && is_baremetal; then
-    # create special flavor for baremetal if we know what images to associate
-    [[ -n "$BM_DEPLOY_KERNEL_ID" ]] && [[ -n "$BM_DEPLOY_RAMDISK_ID" ]] && \
-        create_baremetal_flavor $BM_DEPLOY_KERNEL_ID $BM_DEPLOY_RAMDISK_ID
-
-    # otherwise user can manually add it later by calling nova-baremetal-manage
-    [[ -n "$BM_FIRST_MAC" ]] && add_baremetal_node
-
-    if [[ "$BM_DNSMASQ_FROM_NOVA_NETWORK" = "False" ]]; then
-        # NOTE: we do this here to ensure that our copy of dnsmasq is running
-        sudo pkill dnsmasq || true
-        sudo dnsmasq --conf-file= --port=0 --enable-tftp --tftp-root=/tftpboot \
-            --dhcp-boot=pxelinux.0 --bind-interfaces --pid-file=/var/run/dnsmasq.pid \
-            --interface=$BM_DNSMASQ_IFACE --dhcp-range=$BM_DNSMASQ_RANGE \
-            ${BM_DNSMASQ_DNS:+--dhcp-option=option:dns-server,$BM_DNSMASQ_DNS}
-    fi
-    # ensure callback daemon is running
-    sudo pkill nova-baremetal-deploy-helper || true
-    run_process baremetal "nova-baremetal-deploy-helper"
-fi
-
 # Save some values we generated for later use
 CURRENT_RUN_TIME=$(date "+$TIMESTAMP_FORMAT")
 echo "# $CURRENT_RUN_TIME" >$TOP_DIR/.stackenv
diff --git a/stackrc b/stackrc
index 5c5acb137c..ac798894b8 100644
--- a/stackrc
+++ b/stackrc
@@ -551,7 +551,7 @@ esac
 # Use 64bit fedora image if heat is enabled
 if [[ "$ENABLED_SERVICES" =~ 'h-api' ]]; then
     case "$VIRT_DRIVER" in
-        libvirt|baremetal|ironic)
+        libvirt|ironic)
             HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"}
             IMAGE_URLS+=",$HEAT_CFN_IMAGE_URL"
             ;;
@@ -563,7 +563,7 @@ fi
 # Trove needs a custom image for its work
 if [[ "$ENABLED_SERVICES" =~ 'tr-api' ]]; then
     case "$VIRT_DRIVER" in
-        libvirt|baremetal|ironic|xenapi)
+        libvirt|ironic|xenapi)
             TROVE_GUEST_IMAGE_URL=${TROVE_GUEST_IMAGE_URL:-"http://tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2"}
             IMAGE_URLS+=",${TROVE_GUEST_IMAGE_URL}"
             ;;
diff --git a/unstack.sh b/unstack.sh
index fee608e17b..3403919042 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -53,7 +53,6 @@ source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron
-source $TOP_DIR/lib/baremetal
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
 

From fb3ce0bd6be04a5f23d33f3444a48a92fd8d0af1 Mon Sep 17 00:00:00 2001
From: Emily Hugenbruch 
Date: Fri, 21 Nov 2014 22:15:08 +0000
Subject: [PATCH 0208/3421] Adding tempest install to devstack

Stack.sh doesn't install tempest, but it would be useful if it did.

Change-Id: I2eba3738342cb4835a992aa1152939a8dc2f74da
---
 samples/local.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/samples/local.conf b/samples/local.conf
index 20c58929e4..9e0b540250 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -93,3 +93,9 @@ SWIFT_REPLICAS=1
 # moved by setting ``SWIFT_DATA_DIR``. The directory will be created
 # if it does not exist.
 SWIFT_DATA_DIR=$DEST/data
+
+# Tempest
+# -------
+
+# Install the tempest test suite
+enable_service tempest
\ No newline at end of file

From 0354640587cde740aa0299c722f019ae1c01e05d Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Fri, 5 Dec 2014 16:49:12 -0800
Subject: [PATCH 0209/3421] Move ironic ssh key creation early in preparation

SSH creds should be in place before nodes are enrolled.  If not,
ironic cannot sync power state causing nova to skip nodes in
its resource tracker.

Change-Id: I6b98ae57ce33783f69e2cf9ba357807d384b3012
Closes-bug: #1398128
---
 lib/ironic | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 28f8fe87e5..058ee31195 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -740,6 +740,9 @@ function upload_baremetal_ironic_deploy {
 }
 
 function prepare_baremetal_basic_ops {
+    if ! is_ironic_hardware; then
+        configure_ironic_auxiliary
+    fi
     upload_baremetal_ironic_deploy
     if ! is_ironic_hardware; then
         create_bridge_and_vms
@@ -747,9 +750,6 @@ function prepare_baremetal_basic_ops {
     enroll_nodes
     configure_tftpd
     configure_iptables
-    if ! is_ironic_hardware; then
-        configure_ironic_auxiliary
-    fi
 }
 
 function cleanup_baremetal_basic_ops {

From 245daa27da40cb94410c7a8f8f19961c21821231 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Fri, 14 Nov 2014 02:17:22 -0500
Subject: [PATCH 0210/3421] Use --or-show for get_or_create_user/project/role
 function

Exploit the --or-show functionality of openstackclient,
rather than issuing two different commands at the shell level,
let the CLI handle things.

Change-Id: I1db239fd3473eb580def1c5fb28ce472a1363569
---
 functions-common | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/functions-common b/functions-common
index 24507fef91..686b5082ab 100644
--- a/functions-common
+++ b/functions-common
@@ -831,15 +831,14 @@ function get_or_create_user {
     fi
     # Gets user id
     local user_id=$(
-        # Gets user id
-        $os_cmd user show $1 $domain -f value -c id 2>/dev/null ||
-        # Creates new user
+        # Creates new user with --or-show
         $os_cmd user create \
             $1 \
             --password "$2" \
             --project $3 \
             $email \
             $domain \
+            --or-show \
             -f value -c id
     )
     echo $user_id
@@ -856,10 +855,8 @@ function get_or_create_project {
         os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
     fi
     local project_id=$(
-        # Gets project id
-        $os_cmd project show $1 $domain -f value -c id 2>/dev/null ||
-        # Creates new project if not exists
-        $os_cmd project create $1 $domain -f value -c id
+        # Creates new project with --or-show
+        $os_cmd project create $1 $domain --or-show -f value -c id
     )
     echo $project_id
 }
@@ -868,10 +865,8 @@ function get_or_create_project {
 # Usage: get_or_create_role 
 function get_or_create_role {
     local role_id=$(
-        # Gets role id
-        openstack role show $1 -f value -c id 2>/dev/null ||
-        # Creates role if not exists
-        openstack role create $1 -f value -c id
+        # Creates role with --or-show
+        openstack role create $1 --or-show -f value -c id
     )
     echo $role_id
 }

From b7d5bf6e9d2140e932419fd0cce11afe161dc73e Mon Sep 17 00:00:00 2001
From: Yuiko Takada 
Date: Thu, 20 Nov 2014 18:23:06 +0900
Subject: [PATCH 0211/3421] add the kernel/ramdisk id to driver_info

Because bp https://blueprints.launchpad.net/ironic/+spec/add-node-instance-info
has been completed,
add the deploy_kernel_id and deploy_ramdisk_id to ironic node's driver_info
in stead of to flavor.

Change-Id: I90ffae49212e68749b8331edc278228419317453
---
 lib/ironic | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 28f8fe87e5..b329438cad 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -564,10 +564,8 @@ function enroll_nodes {
             # we create the bare metal flavor with minimum value
             local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\
                 -i ipmi_username=$ironic_ipmi_username"
-            if is_deployed_by_agent; then
-                node_options+=" -i $_IRONIC_DEPLOY_KERNEL_KEY=$IRONIC_DEPLOY_KERNEL_ID"
-                node_options+=" -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID"
-            fi
+            node_options+=" -i $_IRONIC_DEPLOY_KERNEL_KEY=$IRONIC_DEPLOY_KERNEL_ID"
+            node_options+=" -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID"
         fi
 
         local node_id=$(ironic node-create --chassis_uuid $chassis_id \
@@ -591,11 +589,7 @@ function enroll_nodes {
     local adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
     nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal 551 $ironic_node_ram $adjusted_disk $ironic_node_cpu
 
-    # TODO(lucasagomes): Remove the 'baremetal:deploy_kernel_id'
-    # and 'baremetal:deploy_ramdisk_id' parameters
-    # from the flavor after the completion of
-    # https://blueprints.launchpad.net/ironic/+spec/add-node-instance-info
-    nova flavor-key baremetal set "cpu_arch"="x86_64" "baremetal:deploy_kernel_id"="$IRONIC_DEPLOY_KERNEL_ID" "baremetal:deploy_ramdisk_id"="$IRONIC_DEPLOY_RAMDISK_ID"
+    nova flavor-key baremetal set "cpu_arch"="x86_64"
 
     if [ "$VIRT_DRIVER" == "ironic" ]; then
         wait_for_nova_resources $total_nodes

From 20b839fd51ff0ccecbc67f3d29578ce042c8b3c3 Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Mon, 8 Dec 2014 06:17:27 +0000
Subject: [PATCH 0212/3421] Update devstack to work with new split neutron
 services repos

This commit udpates devstack to work with the latest neutron services, which
are now in their own repositories. This will also unblock third party CI for
services testing. This also allows devstack users to run neutron with
services again.

Change-Id: I9cdd51f09edaccf218988240b48ce733d5771a65
---
 lib/neutron                               | 15 +++++++++++++++
 lib/neutron_plugins/services/firewall     |  2 +-
 lib/neutron_plugins/services/loadbalancer |  2 +-
 lib/neutron_plugins/services/vpn          |  2 +-
 stackrc                                   | 12 ++++++++++++
 5 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 5a2bfea801..0029158202 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -99,6 +99,9 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient
 
 
 NEUTRON_DIR=$DEST/neutron
+NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
+NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
+NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 
 # Support entry points installation of console scripts
@@ -596,6 +599,18 @@ function init_neutron {
 function install_neutron {
     git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
     setup_develop $NEUTRON_DIR
+    if is_service_enabled q-fwaas; then
+        git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
+        setup_develop $NEUTRON_FWAAS_DIR
+    fi
+    if is_service_enabled q-lbaas; then
+        git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
+        setup_develop $NEUTRON_LBAAS_DIR
+    fi
+    if is_service_enabled q-vpn; then
+        git_clone $NEUTRON_VPNAAS_REPO $NEUTRON_VPNAAS_DIR $NEUTRON_VPNAAS_BRANCH
+        setup_develop $NEUTRON_VPNAAS_DIR
+    fi
 
     if [ "$VIRT_DRIVER" == 'xenserver' ]; then
         local dom0_ip
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index b5253dbeef..ce1f93f7d2 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -5,7 +5,7 @@
 FW_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-FWAAS_PLUGIN=neutron.services.firewall.fwaas_plugin.FirewallPlugin
+FWAAS_PLUGIN=neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin
 
 function neutron_fwaas_configure_common {
     _neutron_service_plugin_class_add $FWAAS_PLUGIN
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
index f84b71076d..bd9dc8731b 100644
--- a/lib/neutron_plugins/services/loadbalancer
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -7,7 +7,7 @@ set +o xtrace
 
 
 AGENT_LBAAS_BINARY="$NEUTRON_BIN_DIR/neutron-lbaas-agent"
-LBAAS_PLUGIN=neutron.services.loadbalancer.plugin.LoadBalancerPlugin
+LBAAS_PLUGIN=neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin
 
 function neutron_agent_lbaas_install_agent_packages {
     if is_ubuntu || is_fedora || is_suse; then
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index 2478c47ae5..07f1f35d9a 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -7,7 +7,7 @@ set +o xtrace
 
 
 AGENT_VPN_BINARY="$NEUTRON_BIN_DIR/neutron-vpn-agent"
-VPN_PLUGIN=${VPN_PLUGIN:-"neutron.services.vpn.plugin.VPNDriverPlugin"}
+VPN_PLUGIN=${VPN_PLUGIN:-"neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin"}
 IPSEC_PACKAGE=${IPSEC_PACKAGE:-"openswan"}
 
 function neutron_vpn_install_agent_packages {
diff --git a/stackrc b/stackrc
index 81b60674ee..ccff87e2e4 100644
--- a/stackrc
+++ b/stackrc
@@ -185,6 +185,18 @@ KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master}
 NEUTRON_REPO=${NEUTRON_REPO:-${GIT_BASE}/openstack/neutron.git}
 NEUTRON_BRANCH=${NEUTRON_BRANCH:-master}
 
+# neutron fwaas service
+NEUTRON_FWAAS_REPO=${NEUTRON_FWAAS_REPO:-${GIT_BASE}/openstack/neutron-fwaas.git}
+NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-master}
+
+# neutron lbaas service
+NEUTRON_LBAAS_REPO=${NEUTRON_LBAAS_REPO:-${GIT_BASE}/openstack/neutron-lbaas.git}
+NEUTRON_LBAAS_BRANCH=${NEUTRON_LBAAS_BRANCH:-master}
+
+# neutron vpnaas service
+NEUTRON_VPNAAS_REPO=${NEUTRON_VPNAAS_REPO:-${GIT_BASE}/openstack/neutron-vpnaas.git}
+NEUTRON_VPNAAS_BRANCH=${NEUTRON_VPNAAS_BRANCH:-master}
+
 # compute service
 NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git}
 NOVA_BRANCH=${NOVA_BRANCH:-master}

From 6accb136d3219af588d26a904f8a1f748d5e8818 Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Mon, 8 Dec 2014 17:35:15 +0000
Subject: [PATCH 0213/3421] Fix fwaas service plugin location

This was missed during the services split.

Change-Id: I8b51ca2c6ef734bf2747cec48a2f751eb682afe5
---
 lib/neutron_plugins/services/firewall | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index ce1f93f7d2..a1c13ed153 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -16,7 +16,7 @@ function neutron_fwaas_configure_driver {
     cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
 
     iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
-    iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
+    iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
 }
 
 function neutron_fwaas_stop {

From 092c124b16c3eaa541ff0e90df55c7b2c94b6eda Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Mon, 8 Dec 2014 13:48:18 -0500
Subject: [PATCH 0214/3421] Sort oslo libraries and add missing oslo.context

Ensure both lists of oslo libraries are sorted and
add the missing oslo.context in install_oslo method

Change-Id: I5b849c97b681e65425304e05534a61140e4e1fda
---
 lib/oslo | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/oslo b/lib/oslo
index d00580b14a..1fff1f5d32 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -21,14 +21,14 @@ set +o xtrace
 # Defaults
 # --------
 GITDIR["cliff"]=$DEST/cliff
-GITDIR["oslo.config"]=$DEST/oslo.config
 GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
+GITDIR["oslo.config"]=$DEST/oslo.config
 GITDIR["oslo.context"]=$DEST/oslo.context
 GITDIR["oslo.db"]=$DEST/oslo.db
 GITDIR["oslo.i18n"]=$DEST/oslo.i18n
 GITDIR["oslo.log"]=$DEST/oslo.log
-GITDIR["oslo.middleware"]=$DEST/oslo.middleware
 GITDIR["oslo.messaging"]=$DEST/oslo.messaging
+GITDIR["oslo.middleware"]=$DEST/oslo.middleware
 GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap
 GITDIR["oslo.serialization"]=$DEST/oslo.serialization
 GITDIR["oslo.utils"]=$DEST/oslo.utils
@@ -54,16 +54,17 @@ function _do_install_oslo_lib {
 # install_oslo() - Collect source and prepare
 function install_oslo {
     _do_install_oslo_lib "cliff"
-    _do_install_oslo_lib "oslo.i18n"
-    _do_install_oslo_lib "oslo.utils"
-    _do_install_oslo_lib "oslo.serialization"
-    _do_install_oslo_lib "oslo.config"
     _do_install_oslo_lib "oslo.concurrency"
+    _do_install_oslo_lib "oslo.config"
+    _do_install_oslo_lib "oslo.context"
+    _do_install_oslo_lib "oslo.db"
+    _do_install_oslo_lib "oslo.i18n"
     _do_install_oslo_lib "oslo.log"
-    _do_install_oslo_lib "oslo.middleware"
     _do_install_oslo_lib "oslo.messaging"
+    _do_install_oslo_lib "oslo.middleware"
     _do_install_oslo_lib "oslo.rootwrap"
-    _do_install_oslo_lib "oslo.db"
+    _do_install_oslo_lib "oslo.serialization"
+    _do_install_oslo_lib "oslo.utils"
     _do_install_oslo_lib "oslo.vmware"
     _do_install_oslo_lib "pycadf"
     _do_install_oslo_lib "stevedore"

From a9c2594442301b18f9d48f4ee52f6e450ec00992 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Mon, 8 Dec 2014 14:26:28 +0000
Subject: [PATCH 0215/3421] Document local.conf settings for ceilometer

Describe the various settings that can be made to control the
behavior of Ceilometer. Doing in lib/ceilometer for now. When there
is more something under doc may be warranted.

Change-Id: I9cd47085a5e91bae0a88f6e26f6c8bdc86c02978
---
 lib/ceilometer | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index cdef422bb5..b43a4ed12a 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -1,13 +1,32 @@
 # lib/ceilometer
 # Install and start **Ceilometer** service
 
-# To enable a minimal set of Ceilometer services, add the following to localrc:
+# To enable a minimal set of Ceilometer services, add the following to the
+# localrc section of local.conf:
 #
 #   enable_service ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector ceilometer-api
 #
-# To ensure Ceilometer alarming services are enabled also, further add to the localrc:
+# To ensure Ceilometer alarming services are enabled also, further add to the
+# localrc section of local.conf:
 #
 #   enable_service ceilometer-alarm-notifier ceilometer-alarm-evaluator
+#
+# To ensure events are stored, add the following section to local.conf:
+#
+#   [[post-config|$CEILOMETER_CONF]]
+#   [notification]
+#   store_events=True
+#
+# Several variables set in the localrc section adjust common behaviors
+# of Ceilometer (see within for additional settings):
+#
+#   CEILOMETER_USE_MOD_WSGI:       When True, run the api under mod_wsgi.
+#   CEILOMETER_PIPELINE_INTERVAL:  The number of seconds between pipeline processing
+#                                  runs. Default 600.
+#   CEILOMETER_BACKEND:            The database backend (e.g. 'mysql', 'mongodb')
+#   CEILOMETER_COORDINATION_URL:   The URL for a group membership service provided
+#                                  by tooz.
+
 
 # Dependencies:
 #

From c187b88e698a203a222b38cbf3a045b520918042 Mon Sep 17 00:00:00 2001
From: Julien Danjou 
Date: Tue, 9 Dec 2014 15:41:55 +0100
Subject: [PATCH 0216/3421] Add tooz support from Oslo

Change-Id: I4ccf4bf08e10c0ba651f973aa62562af85ea0f19
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index 1fff1f5d32..79d63ba8f7 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -36,6 +36,7 @@ GITDIR["oslo.vmware"]=$DEST/oslo.vmware
 GITDIR["pycadf"]=$DEST/pycadf
 GITDIR["stevedore"]=$DEST/stevedore
 GITDIR["taskflow"]=$DEST/taskflow
+GITDIR["tooz"]=$DEST/tooz
 
 # Support entry points installation of console scripts
 OSLO_BIN_DIR=$(get_python_exec_prefix)
@@ -69,6 +70,7 @@ function install_oslo {
     _do_install_oslo_lib "pycadf"
     _do_install_oslo_lib "stevedore"
     _do_install_oslo_lib "taskflow"
+    _do_install_oslo_lib "tooz"
 }
 
 # Restore xtrace
diff --git a/stackrc b/stackrc
index ac798894b8..81b60674ee 100644
--- a/stackrc
+++ b/stackrc
@@ -346,6 +346,10 @@ GITBRANCH["stevedore"]=${STEVEDORE_BRANCH:-master}
 GITREPO["taskflow"]=${TASKFLOW_REPO:-${GIT_BASE}/openstack/taskflow.git}
 GITBRANCH["taskflow"]=${TASKFLOW_BRANCH:-master}
 
+# tooz plugin manager
+GITREPO["tooz"]=${TOOZ_REPO:-${GIT_BASE}/openstack/tooz.git}
+GITBRANCH["tooz"]=${TOOZ_BRANCH:-master}
+
 # pbr drives the setuptools configs
 GITREPO["pbr"]=${PBR_REPO:-${GIT_BASE}/openstack-dev/pbr.git}
 GITBRANCH["pbr"]=${PBR_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 1b576d87c2..7e96bae7bb 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -27,7 +27,7 @@ for i in $TOP/lib/*; do
     fi
 done
 
-ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient"
+ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient tooz"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 33e8ee20a4ad087f5538e813eace1ca23243e2c5 Mon Sep 17 00:00:00 2001
From: Salvatore 
Date: Sun, 5 Oct 2014 01:36:34 +0200
Subject: [PATCH 0217/3421] Tempest: configure exact set of extensions to test

So far devstack configures tempest either for testing all extensions
or a specific subset. It does not allow users for specifying a set
of extensions which should not be exercised.

This patch adds this support. To this aim, the tempest configuration
process will scan API endpoints for active extensions using the
verify_tempest_config.py tool, and then will remove those extensions
which have been explicitly disabled by the user.

If an explicit subset of extensions to enable is passed to devstack,
tempest will use this subset, rather than the list of active
extensions.

Implements blueprint branchless-tempest-extensions

Change-Id: I263bcf04668953f414a4ef18cb98c1c373e142ad
---
 lib/tempest | 60 ++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 52 insertions(+), 8 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 46c9e26916..416fae2c31 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -78,6 +78,18 @@ IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True $IPV6_SUBNET_ATTRIBUTES_ENABLE
 # Functions
 # ---------
 
+# remove_disabled_extension - removes disabled extensions from the list of extensions
+# to test for a given service
+function remove_disabled_extensions {
+    local extensions_list=$1
+    shift
+    local disabled_exts=$*
+    for ext_to_remove in ${disabled_exts//,/ } ; do
+        extensions_list=${extensions_list/$ext_to_remove","}
+    done
+    echo $extensions_list
+}
+
 # configure_tempest() - Set config files, create data dirs, etc
 function configure_tempest {
     setup_develop $TEMPEST_DIR
@@ -299,12 +311,24 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
 
     # Compute Features
+    # Run verify_tempest_config -ur to retrieve enabled extensions on API endpoints
+    # NOTE(mtreinish): This must be done after auth settings are added to the tempest config
+    local tmp_cfg_file=$(mktemp)
+    $TEMPEST_DIR/tempest/cmd/verify_tempest_config.py -uro $tmp_cfg_file
+
+    local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
+    if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then
+        # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
+        compute_api_extensions=${COMPUTE_API_EXTENSIONS:-$(iniget $tmp_cfg_file compute-feature-enabled api_extensions | tr -d " ")}
+        # Remove disabled extensions
+        compute_api_extensions=$(remove_disabled_extensions $compute_api_extensions $DISABLE_COMPUTE_API_EXTENSIONS)
+    fi
+
     iniset $TEMPEST_CONFIG compute-feature-enabled resize True
     iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
     iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
     iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False}
-    iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions ${COMPUTE_API_EXTENSIONS:-"all"}
-    iniset $TEMPEST_CONFIG compute-feature-disabled api_extensions ${DISABLE_COMPUTE_API_EXTENSIONS}
+    iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions $compute_api_extensions
 
     # Compute admin
     iniset $TEMPEST_CONFIG "compute-admin" username $ADMIN_USERNAME
@@ -319,8 +343,15 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG network default_network "$FIXED_RANGE"
     iniset $TEMPEST_CONFIG network-feature-enabled ipv6 "$IPV6_ENABLED"
     iniset $TEMPEST_CONFIG network-feature-enabled ipv6_subnet_attributes "$IPV6_SUBNET_ATTRIBUTES_ENABLED"
-    iniset $TEMPEST_CONFIG network-feature-enabled api_extensions ${NETWORK_API_EXTENSIONS:-"all"}
-    iniset $TEMPEST_CONFIG network-feature-disabled api_extensions ${DISABLE_NETWORK_API_EXTENSIONS}
+
+    local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"}
+    if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then
+        # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
+        network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")}
+        # Remove disabled extensions
+        network_api_extensions=$(remove_disabled_extensions $network_api_extensions $DISABLE_NETWORK_API_EXTENSIONS)
+    fi
+    iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions
 
     # boto
     iniset $TEMPEST_CONFIG boto ec2_url "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud"
@@ -362,12 +393,25 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG telemetry too_slow_to_test "False"
 
     # Object storage
-    iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis ${OBJECT_STORAGE_API_EXTENSIONS:-"all"}
-    iniset $TEMPEST_CONFIG object-storage-feature-disabled discoverable_apis ${OBJECT_STORAGE_DISABLE_API_EXTENSIONS}
+    local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"}
+    if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then
+        # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
+        object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")}
+        # Remove disabled extensions
+        object_storage_api_extensions=$(remove_disabled_extensions $object_storage_api_extensions $DISABLE_STORAGE_API_EXTENSIONS)
+    fi
+    iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions
 
     # Volume
-    iniset $TEMPEST_CONFIG volume-feature-enabled api_extensions ${VOLUME_API_EXTENSIONS:-"all"}
-    iniset $TEMPEST_CONFIG volume-feature-disabled api_extensions ${DISABLE_VOLUME_API_EXTENSIONS}
+    local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
+    if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then
+        # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
+        volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")}
+        # Remove disabled extensions
+        volume_api_extensions=$(remove_disabled_extensions $volume_api_extensions $DISABLE_VOLUME_API_EXTENSIONS)
+    fi
+    iniset $TEMPEST_CONFIG volume-feature-enabled api_extensions $volume_api_extensions
+
     if ! is_service_enabled c-bak; then
         iniset $TEMPEST_CONFIG volume-feature-enabled backup False
     fi

From f3b49e23b04878a2a4d37bbb1884c677b6b56c2a Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Tue, 9 Dec 2014 17:37:03 +0000
Subject: [PATCH 0218/3421] XenAPI: Add another plugin directory

Buildroot on 64-bit systems may use /usr/lib64 to store the XAPI plugins
Add this as an option to search for.

The list is getting of acceptable paths is getting longer but some work is going
on in XAPI to allow us to query for this path, which will mean we can get
rid of this list in future.

Change-Id: I79aafb6a86032c7ab04937c9e9bec08661ecdefa
---
 tools/xen/functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/xen/functions b/tools/xen/functions
index c8efd57d88..4e9fede387 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -10,7 +10,7 @@ function die_with_error {
 }
 
 function xapi_plugin_location {
-    for PLUGIN_DIR in "/etc/xapi.d/plugins/" "/usr/lib/xcp/plugins/" "/usr/lib/xapi/plugins"; do
+    for PLUGIN_DIR in "/etc/xapi.d/plugins/" "/usr/lib/xcp/plugins/" "/usr/lib/xapi/plugins" "/usr/lib64/xapi/plugins"; do
         if [ -d $PLUGIN_DIR ]; then
             echo $PLUGIN_DIR
             return 0

From fc094655080955f7bfcb628b544d131145830b67 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Tue, 9 Dec 2014 11:36:53 -0700
Subject: [PATCH 0219/3421] Generate an IPv6 address when PUBLIC_BRIDGE does
 not have one

Closes-Bug: #1400823
Change-Id: Ic79fd003aea2af7b258397ec2cdfd70c8568743c
---
 lib/neutron | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index 5a2bfea801..c1311db1e0 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -1177,6 +1177,12 @@ function _neutron_configure_router_v6 {
         # and then on to recover the public bridge's link local address
         sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=1
         sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=0
+        if ! ip -6 addr show dev $PUBLIC_BRIDGE | grep 'scope global'; then
+            # Create an IPv6 ULA address for PUBLIC_BRIDGE if one is not present
+            IPV6_BRIDGE_ULA=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
+            sudo ip -6 addr add fd$IPV6_BRIDGE_ULA::1 dev $PUBLIC_BRIDGE
+        fi
+
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}

From 19d22bd19a1802cae3eab2c194cb7c0dd7d3c47c Mon Sep 17 00:00:00 2001
From: John Griffith 
Date: Tue, 9 Dec 2014 21:48:58 -0700
Subject: [PATCH 0220/3421] Change Cinder Cert script to run all Volume tests

The Cinder Cert script currently only runs the Tempest
tests tagged with volume.api, should be all Volume tests
to make sure we get things like attach and other commands
fully tested.

Change-Id: Ic15d2ad6d3616bfde4838873d0c79664b009ef1f
---
 driver_certs/cinder_driver_cert.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/driver_certs/cinder_driver_cert.sh b/driver_certs/cinder_driver_cert.sh
index 7726e7eb01..27570389a9 100755
--- a/driver_certs/cinder_driver_cert.sh
+++ b/driver_certs/cinder_driver_cert.sh
@@ -93,7 +93,7 @@ start_cinder
 sleep 5
 
 # run tempest api/volume/test_*
-log_message "Run the actual tempest volume tests (./tools/pretty_tox.sh api.volume)...", True
+log_message "Run the actual tempest volume tests (./tools/pretty_tox.sh volume)...", True
 ./tools/pretty_tox.sh api.volume 2>&1 | tee -a $TEMPFILE
 if [[ $? = 0 ]]; then
     log_message "CONGRATULATIONS!!!  Device driver PASSED!", True

From e263c82e48a431e502bd6baceb6dfcfdc1750cbb Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 5 Dec 2014 14:25:28 -0500
Subject: [PATCH 0221/3421] add shebang lines to all lib files

With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.

Change-Id: Id238748417ffab53e02d59413dba66f61e724383
---
 functions                                   | 2 ++
 functions-common                            | 2 ++
 lib/apache                                  | 2 ++
 lib/ceilometer                              | 2 ++
 lib/ceph                                    | 2 ++
 lib/cinder                                  | 2 ++
 lib/cinder_backends/ceph                    | 2 ++
 lib/cinder_backends/glusterfs               | 2 ++
 lib/cinder_backends/lvm                     | 2 ++
 lib/cinder_backends/netapp_iscsi            | 2 ++
 lib/cinder_backends/netapp_nfs              | 2 ++
 lib/cinder_backends/nfs                     | 2 ++
 lib/cinder_backends/solidfire               | 2 ++
 lib/cinder_backends/vmdk                    | 2 ++
 lib/cinder_backends/xiv                     | 3 ++-
 lib/cinder_plugins/XenAPINFS                | 2 ++
 lib/cinder_plugins/glusterfs                | 2 ++
 lib/cinder_plugins/nfs                      | 2 ++
 lib/cinder_plugins/sheepdog                 | 2 ++
 lib/cinder_plugins/vsphere                  | 2 ++
 lib/config                                  | 2 ++
 lib/database                                | 2 ++
 lib/databases/mysql                         | 2 ++
 lib/databases/postgresql                    | 2 ++
 lib/dib                                     | 2 ++
 lib/dstat                                   | 2 ++
 lib/gantt                                   | 2 ++
 lib/glance                                  | 2 ++
 lib/heat                                    | 2 ++
 lib/horizon                                 | 2 ++
 lib/infra                                   | 2 ++
 lib/ironic                                  | 2 ++
 lib/keystone                                | 2 ++
 lib/ldap                                    | 2 ++
 lib/neutron                                 | 2 ++
 lib/neutron_plugins/bigswitch_floodlight    | 2 ++
 lib/neutron_plugins/brocade                 | 2 ++
 lib/neutron_plugins/cisco                   | 2 ++
 lib/neutron_plugins/embrane                 | 2 ++
 lib/neutron_plugins/ibm                     | 2 ++
 lib/neutron_plugins/linuxbridge_agent       | 2 ++
 lib/neutron_plugins/midonet                 | 2 ++
 lib/neutron_plugins/ml2                     | 2 ++
 lib/neutron_plugins/nec                     | 2 ++
 lib/neutron_plugins/nuage                   | 2 ++
 lib/neutron_plugins/ofagent_agent           | 2 ++
 lib/neutron_plugins/oneconvergence          | 2 ++
 lib/neutron_plugins/openvswitch             | 2 ++
 lib/neutron_plugins/openvswitch_agent       | 2 ++
 lib/neutron_plugins/ovs_base                | 2 ++
 lib/neutron_plugins/plumgrid                | 2 ++
 lib/neutron_plugins/vmware_nsx              | 2 ++
 lib/neutron_thirdparty/bigswitch_floodlight | 2 ++
 lib/neutron_thirdparty/midonet              | 2 ++
 lib/neutron_thirdparty/ryu                  | 2 ++
 lib/neutron_thirdparty/trema                | 2 ++
 lib/neutron_thirdparty/vmware_nsx           | 2 ++
 lib/nova                                    | 2 ++
 lib/nova_plugins/functions-libvirt          | 2 ++
 lib/nova_plugins/hypervisor-fake            | 2 ++
 lib/nova_plugins/hypervisor-ironic          | 2 ++
 lib/nova_plugins/hypervisor-libvirt         | 2 ++
 lib/nova_plugins/hypervisor-openvz          | 2 ++
 lib/nova_plugins/hypervisor-vsphere         | 2 ++
 lib/nova_plugins/hypervisor-xenserver       | 2 ++
 lib/opendaylight                            | 2 ++
 lib/oslo                                    | 2 ++
 lib/rpc_backend                             | 2 ++
 lib/sahara                                  | 2 ++
 lib/stackforge                              | 2 ++
 lib/swift                                   | 2 ++
 lib/tempest                                 | 2 ++
 lib/template                                | 2 ++
 lib/tls                                     | 2 ++
 lib/trove                                   | 2 ++
 lib/zaqar                                   | 2 ++
 stackrc                                     | 2 ++
 77 files changed, 154 insertions(+), 1 deletion(-)

diff --git a/functions b/functions
index bb40a481bd..d33ad8c3a0 100644
--- a/functions
+++ b/functions
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # functions - DevStack-specific functions
 #
 # The following variables are assumed to be defined by certain functions:
diff --git a/functions-common b/functions-common
index 24507fef91..cbfa130fd1 100644
--- a/functions-common
+++ b/functions-common
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # functions-common - Common functions used by DevStack components
 #
 # The canonical copy of this file is maintained in the DevStack repo.
diff --git a/lib/apache b/lib/apache
index 2c436816c3..c7d69f2ea7 100644
--- a/lib/apache
+++ b/lib/apache
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/apache
 # Functions to control configuration and operation of apache web server
 
diff --git a/lib/ceilometer b/lib/ceilometer
index cdef422bb5..43a39dd7cb 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/ceilometer
 # Install and start **Ceilometer** service
 
diff --git a/lib/ceph b/lib/ceph
index 521430626b..c2d418f49c 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/ceph
 # Functions to control the configuration and operation of the **Ceph** storage service
 
diff --git a/lib/cinder b/lib/cinder
index 611e1ca5d9..930119cd61 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder
 # Install and start **Cinder** volume service
 
diff --git a/lib/cinder_backends/ceph b/lib/cinder_backends/ceph
index e9d2a02ad3..415ce94489 100644
--- a/lib/cinder_backends/ceph
+++ b/lib/cinder_backends/ceph
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/ceph
 # Configure the ceph backend
 
diff --git a/lib/cinder_backends/glusterfs b/lib/cinder_backends/glusterfs
index dd772a84de..00c62e04cd 100644
--- a/lib/cinder_backends/glusterfs
+++ b/lib/cinder_backends/glusterfs
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/glusterfs
 # Configure the glusterfs backend
 
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 8f8ab7958e..a3ab5bf3f9 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/lvm
 # Configure the LVM backend
 
diff --git a/lib/cinder_backends/netapp_iscsi b/lib/cinder_backends/netapp_iscsi
index 7a67da7a26..be9442eb83 100644
--- a/lib/cinder_backends/netapp_iscsi
+++ b/lib/cinder_backends/netapp_iscsi
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/netapp_iscsi
 # Configure the NetApp iSCSI driver
 
diff --git a/lib/cinder_backends/netapp_nfs b/lib/cinder_backends/netapp_nfs
index d90b7f7d19..dc919ad86b 100644
--- a/lib/cinder_backends/netapp_nfs
+++ b/lib/cinder_backends/netapp_nfs
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/netapp_nfs
 # Configure the NetApp NFS driver
 
diff --git a/lib/cinder_backends/nfs b/lib/cinder_backends/nfs
index 76487884f7..fc51b2b440 100644
--- a/lib/cinder_backends/nfs
+++ b/lib/cinder_backends/nfs
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/nfs
 # Configure the nfs backend
 
diff --git a/lib/cinder_backends/solidfire b/lib/cinder_backends/solidfire
index 95ffce1ccc..7cc70fc86d 100644
--- a/lib/cinder_backends/solidfire
+++ b/lib/cinder_backends/solidfire
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/solidfire
 # Configure the solidfire driver
 
diff --git a/lib/cinder_backends/vmdk b/lib/cinder_backends/vmdk
index b32c4b2e7a..d5b945354b 100644
--- a/lib/cinder_backends/vmdk
+++ b/lib/cinder_backends/vmdk
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_backends/vmdk
 # Configure the VMware vmdk backend
 
diff --git a/lib/cinder_backends/xiv b/lib/cinder_backends/xiv
index ee5da2d487..6eadaae93b 100644
--- a/lib/cinder_backends/xiv
+++ b/lib/cinder_backends/xiv
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Copyright 2014 IBM Corp.
 # Copyright (c) 2014 OpenStack Foundation
 # All Rights Reserved.
@@ -82,4 +84,3 @@ $XIV_XTRACE
 # Local variables:
 # mode: shell-script
 # End:
-
diff --git a/lib/cinder_plugins/XenAPINFS b/lib/cinder_plugins/XenAPINFS
index fa10715bdf..f7306955cb 100644
--- a/lib/cinder_plugins/XenAPINFS
+++ b/lib/cinder_plugins/XenAPINFS
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_plugins/XenAPINFS
 # Configure the XenAPINFS driver
 
diff --git a/lib/cinder_plugins/glusterfs b/lib/cinder_plugins/glusterfs
index b4196e4738..35ceb27ce1 100644
--- a/lib/cinder_plugins/glusterfs
+++ b/lib/cinder_plugins/glusterfs
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_plugins/glusterfs
 # Configure the glusterfs driver
 
diff --git a/lib/cinder_plugins/nfs b/lib/cinder_plugins/nfs
index 5f4cc5369a..83b39932cf 100644
--- a/lib/cinder_plugins/nfs
+++ b/lib/cinder_plugins/nfs
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_plugins/nfs
 # Configure the nfs driver
 
diff --git a/lib/cinder_plugins/sheepdog b/lib/cinder_plugins/sheepdog
index 30c60c6efe..ca343f708b 100644
--- a/lib/cinder_plugins/sheepdog
+++ b/lib/cinder_plugins/sheepdog
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_plugins/sheepdog
 # Configure the sheepdog driver
 
diff --git a/lib/cinder_plugins/vsphere b/lib/cinder_plugins/vsphere
index 436b060377..f14ddf0998 100644
--- a/lib/cinder_plugins/vsphere
+++ b/lib/cinder_plugins/vsphere
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/cinder_plugins/vsphere
 # Configure the vsphere driver
 
diff --git a/lib/config b/lib/config
index a4d032864b..c0756bf3fe 100644
--- a/lib/config
+++ b/lib/config
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/config - Configuration file manipulation functions
 
 # These functions have no external dependencies and the following side-effects:
diff --git a/lib/database b/lib/database
index e226515347..366d2b3d2c 100644
--- a/lib/database
+++ b/lib/database
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/database
 # Interface for interacting with different database backends
 
diff --git a/lib/databases/mysql b/lib/databases/mysql
index eab1aa400f..d39d9667fc 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/databases/mysql
 # Functions to control the configuration and operation of the **MySQL** database backend
 
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index fb6d304180..76491c479d 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/databases/postgresql
 # Functions to control the configuration and operation of the **PostgreSQL** database backend
 
diff --git a/lib/dib b/lib/dib
index 30b31ec0ee..177f4c1ef0 100644
--- a/lib/dib
+++ b/lib/dib
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/dib
 # Install and build images with **diskimage-builder**
 
diff --git a/lib/dstat b/lib/dstat
index 4ec10dcefb..8f456a879f 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/dstat
 # Functions to start and stop dstat
 
diff --git a/lib/gantt b/lib/gantt
index 485613f2cb..5bd28c2823 100644
--- a/lib/gantt
+++ b/lib/gantt
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/gantt
 # Install and start **Gantt** scheduler service
 
diff --git a/lib/glance b/lib/glance
index b4c18f8ac7..2cffc5ef63 100644
--- a/lib/glance
+++ b/lib/glance
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/glance
 # Functions to control the configuration and operation of the **Glance** service
 
diff --git a/lib/heat b/lib/heat
index 3ed9a5ff41..f9ac03a43d 100644
--- a/lib/heat
+++ b/lib/heat
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/heat
 # Install and start **Heat** service
 
diff --git a/lib/horizon b/lib/horizon
index 9fd1b854c8..3f3b1ca28f 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/horizon
 # Functions to control the configuration and operation of the horizon service
 
diff --git a/lib/infra b/lib/infra
index cd439e723a..57df07deed 100644
--- a/lib/infra
+++ b/lib/infra
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/infra
 #
 # Functions to install infrastructure projects needed by other projects
diff --git a/lib/ironic b/lib/ironic
index 28f8fe87e5..6866ae77d0 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/ironic
 # Functions to control the configuration and operation of the **Ironic** service
 
diff --git a/lib/keystone b/lib/keystone
index 72a79be44d..a218732aaf 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/keystone
 # Functions to control the configuration and operation of **Keystone**
 
diff --git a/lib/ldap b/lib/ldap
index a6fb82f6f2..5beac38038 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/ldap
 # Functions to control the installation and configuration of **ldap**
 
diff --git a/lib/neutron b/lib/neutron
index 5a2bfea801..24d7c6cf68 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/neutron
 # functions - functions specific to neutron
 
diff --git a/lib/neutron_plugins/bigswitch_floodlight b/lib/neutron_plugins/bigswitch_floodlight
index 9e84f2e75a..4166131534 100644
--- a/lib/neutron_plugins/bigswitch_floodlight
+++ b/lib/neutron_plugins/bigswitch_floodlight
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neuton Big Switch/FloodLight plugin
 # ------------------------------------
 
diff --git a/lib/neutron_plugins/brocade b/lib/neutron_plugins/brocade
index 511fb71d61..b8166d9af9 100644
--- a/lib/neutron_plugins/brocade
+++ b/lib/neutron_plugins/brocade
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Brocade Neutron Plugin
 # ----------------------
 
diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco
index 95e0ab3368..b067aa6b11 100644
--- a/lib/neutron_plugins/cisco
+++ b/lib/neutron_plugins/cisco
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron Cisco plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/embrane b/lib/neutron_plugins/embrane
index 7dafdc001f..6b4819ef70 100644
--- a/lib/neutron_plugins/embrane
+++ b/lib/neutron_plugins/embrane
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron Embrane plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/ibm b/lib/neutron_plugins/ibm
index 39b00401ae..3660a9f2b9 100644
--- a/lib/neutron_plugins/ibm
+++ b/lib/neutron_plugins/ibm
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron IBM SDN-VE plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index 2638dd3725..ec17c01612 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron Linux Bridge L2 agent
 # -----------------------------
 
diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
index 6ccd502d97..eb27ed63dd 100644
--- a/lib/neutron_plugins/midonet
+++ b/lib/neutron_plugins/midonet
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron MidoNet plugin
 # ----------------------
 
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index f9a9774e98..e3b2c4dd28 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron Modular Layer 2 plugin
 # ------------------------------
 
diff --git a/lib/neutron_plugins/nec b/lib/neutron_plugins/nec
index f8d98c35fe..3b1a25716a 100644
--- a/lib/neutron_plugins/nec
+++ b/lib/neutron_plugins/nec
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron NEC OpenFlow plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/nuage b/lib/neutron_plugins/nuage
index 70de8fad01..7bce233853 100644
--- a/lib/neutron_plugins/nuage
+++ b/lib/neutron_plugins/nuage
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Nuage Neutron Plugin
 # ----------------------
 
diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index 90b37f1be9..915badc7a0 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # OpenFlow Agent plugin
 # ----------------------
 
diff --git a/lib/neutron_plugins/oneconvergence b/lib/neutron_plugins/oneconvergence
index 4fd8c7c48f..48a368a967 100644
--- a/lib/neutron_plugins/oneconvergence
+++ b/lib/neutron_plugins/oneconvergence
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron One Convergence plugin
 # ------------------------------
 
diff --git a/lib/neutron_plugins/openvswitch b/lib/neutron_plugins/openvswitch
index 3b6567cd0a..891ab4982b 100644
--- a/lib/neutron_plugins/openvswitch
+++ b/lib/neutron_plugins/openvswitch
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Common code used by cisco and embrane plugins
 # ---------------------------------------------
 
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index e1a6f4a47f..2ab61b0c3e 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron Open vSwitch L2 agent
 # -----------------------------
 
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 07aa7cca9b..cde5298af8 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # common functions for ovs based plugin
 # -------------------------------------
 
diff --git a/lib/neutron_plugins/plumgrid b/lib/neutron_plugins/plumgrid
index 7950ac0605..0d711fe8b2 100644
--- a/lib/neutron_plugins/plumgrid
+++ b/lib/neutron_plugins/plumgrid
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # PLUMgrid Neutron Plugin
 # Edgar Magana emagana@plumgrid.com
 # ------------------------------------
diff --git a/lib/neutron_plugins/vmware_nsx b/lib/neutron_plugins/vmware_nsx
index f4eb82d04e..4cbedd6de4 100644
--- a/lib/neutron_plugins/vmware_nsx
+++ b/lib/neutron_plugins/vmware_nsx
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Neutron VMware NSX plugin
 # -------------------------
 
diff --git a/lib/neutron_thirdparty/bigswitch_floodlight b/lib/neutron_thirdparty/bigswitch_floodlight
index 033731e27c..e3f4689fd7 100644
--- a/lib/neutron_thirdparty/bigswitch_floodlight
+++ b/lib/neutron_thirdparty/bigswitch_floodlight
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Big Switch/FloodLight  OpenFlow Controller
 # ------------------------------------------
 
diff --git a/lib/neutron_thirdparty/midonet b/lib/neutron_thirdparty/midonet
index 099a66eb2d..2c82d487e4 100644
--- a/lib/neutron_thirdparty/midonet
+++ b/lib/neutron_thirdparty/midonet
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # MidoNet
 # -------
 
diff --git a/lib/neutron_thirdparty/ryu b/lib/neutron_thirdparty/ryu
index eaf088b797..1f78a21fa4 100644
--- a/lib/neutron_thirdparty/ryu
+++ b/lib/neutron_thirdparty/ryu
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Ryu SDN Framework
 # -----------------
 
diff --git a/lib/neutron_thirdparty/trema b/lib/neutron_thirdparty/trema
index 3e59ef2b28..075f013ded 100644
--- a/lib/neutron_thirdparty/trema
+++ b/lib/neutron_thirdparty/trema
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # Trema Sliceable Switch
 # ----------------------
 
diff --git a/lib/neutron_thirdparty/vmware_nsx b/lib/neutron_thirdparty/vmware_nsx
index 7a20c64afb..7027a29892 100644
--- a/lib/neutron_thirdparty/vmware_nsx
+++ b/lib/neutron_thirdparty/vmware_nsx
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # VMware NSX
 # ----------
 
diff --git a/lib/nova b/lib/nova
index 0e6c6afcf7..ebc3db5eeb 100644
--- a/lib/nova
+++ b/lib/nova
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova
 # Functions to control the configuration and operation of the **Nova** service
 
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index d3c4eab0aa..4601eea47b 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/functions-libvirt
 # Common libvirt configuration functions
 
diff --git a/lib/nova_plugins/hypervisor-fake b/lib/nova_plugins/hypervisor-fake
index dc93633410..3180d91f0a 100644
--- a/lib/nova_plugins/hypervisor-fake
+++ b/lib/nova_plugins/hypervisor-fake
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/hypervisor-fake
 # Configure the fake hypervisor
 
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index abf59b8008..4c2043b6b5 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/hypervisor-ironic
 # Configure the ironic hypervisor
 
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 53dbfb976f..cc6f29e0f8 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/hypervisor-libvirt
 # Configure the libvirt hypervisor
 
diff --git a/lib/nova_plugins/hypervisor-openvz b/lib/nova_plugins/hypervisor-openvz
index a1636adf9c..cce36b8d3f 100644
--- a/lib/nova_plugins/hypervisor-openvz
+++ b/lib/nova_plugins/hypervisor-openvz
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/hypervisor-openvz
 # Configure the openvz hypervisor
 
diff --git a/lib/nova_plugins/hypervisor-vsphere b/lib/nova_plugins/hypervisor-vsphere
index 9933a3c712..c406e094f3 100644
--- a/lib/nova_plugins/hypervisor-vsphere
+++ b/lib/nova_plugins/hypervisor-vsphere
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/hypervisor-vsphere
 # Configure the vSphere hypervisor
 
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index 0dba471394..db19cc2fb6 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/nova_plugins/hypervisor-xenserver
 # Configure the XenServer hypervisor
 
diff --git a/lib/opendaylight b/lib/opendaylight
index 831329a750..936a17cbed 100644
--- a/lib/opendaylight
+++ b/lib/opendaylight
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/opendaylight
 # Functions to control the configuration and operation of the opendaylight service
 
diff --git a/lib/oslo b/lib/oslo
index d00580b14a..e0b4afebdb 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/oslo
 #
 # Functions to install oslo libraries from git
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 14c78fbf7b..4c1efa66cb 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/rpc_backend
 # Interface for interactig with different rpc backend
 # rpc backend settings
diff --git a/lib/sahara b/lib/sahara
index 4f1ba22c67..c902d385d1 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/sahara
 
 # Dependencies:
diff --git a/lib/stackforge b/lib/stackforge
index 2d80dad48c..cc3a689973 100644
--- a/lib/stackforge
+++ b/lib/stackforge
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/stackforge
 #
 # Functions to install stackforge libraries that we depend on so
diff --git a/lib/swift b/lib/swift
index 9e61331404..41f9e84afa 100644
--- a/lib/swift
+++ b/lib/swift
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/swift
 # Functions to control the configuration and operation of the **Swift** service
 
diff --git a/lib/tempest b/lib/tempest
index 46c9e26916..6894501319 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/tempest
 # Install and configure Tempest
 
diff --git a/lib/template b/lib/template
index f77409bd47..2703788af4 100644
--- a/lib/template
+++ b/lib/template
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/template
 # Functions to control the configuration and operation of the XXXX service
 # 
diff --git a/lib/tls b/lib/tls
index fdb798ff30..677895b9b2 100644
--- a/lib/tls
+++ b/lib/tls
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/tls
 # Functions to control the configuration and operation of the TLS proxy service
 
diff --git a/lib/trove b/lib/trove
index 60b2bdba22..6cc5fa8f53 100644
--- a/lib/trove
+++ b/lib/trove
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/trove
 # Functions to control the configuration and operation of the **Trove** service
 
diff --git a/lib/zaqar b/lib/zaqar
index 22ef5ef20f..0d1f6f4aaf 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/zaqar
 # Install and start **Zaqar** service
 
diff --git a/stackrc b/stackrc
index ac798894b8..cb01f21942 100644
--- a/stackrc
+++ b/stackrc
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # stackrc
 #
 # Find the other rc files

From 342ac4b77429aa0ccf0bfbd864d91477cfb656c0 Mon Sep 17 00:00:00 2001
From: Sabari Kumar Murugesan 
Date: Tue, 9 Dec 2014 15:54:40 -0800
Subject: [PATCH 0222/3421] Use latest version of python-openstackclient

Some options in openstack client like --or-show are available only
from 1.0.0. Adding this 'requirement' explictly as openstackclient
is not as part of requirements of other projects.

Change-Id: I96a98331ece15da869a3ea7af80d16fab2351329
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index cd1c200404..375be2846d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -780,7 +780,7 @@ if use_library_from_git "python-openstackclient"; then
     git_clone_by_name "python-openstackclient"
     setup_dev_lib "python-openstackclient"
 else
-    pip_install python-openstackclient
+    pip_install 'python-openstackclient>=1.0.0'
 fi
 
 

From 63d25d978ba0a0cdb1b689cafcebdaae7d609e06 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" 
Date: Tue, 9 Dec 2014 15:21:22 +0000
Subject: [PATCH 0223/3421] Allow use of dnf instead of yum on Fedora

Since Fedora 20 it has been possible to use 'dnf' as a drop-in
replacement for 'yum', and it is targetted to become the default
in Fedora 22

   http://fedoraproject.org/wiki/Changes/ReplaceYumWithDNF

There are many benefits of 'dnf' over 'yum' but the biggest
from the POV of an openstack developer is its speed.

Assuming an existing running devstack install ie all required
RPMs already installed on the system. Now look at how long it
takes to run stack.sh, during which yum does not have to
actually install anything

 # ./unstack.sh
 # time ./stack.sh
 real 11m12.193s
 user 10m17.129s
 sys  0m15.275s

Now, with 'export YUM=dnf' set in local.conf, run the same
test again

 # ./unstack.sh
 # time ./stack.sh
 real 0m48.610s
 user 0m28.939s
 sys  0m7.801s

So, this is showing that devstack is wasting 10 minutes just
for yum to figure out that everything is already installed.
The overhead of yum vs dnf is even worse when yum has to
acutally depsolve to install new packages.

Change-Id: Ia01a5f330a47b32207586902a861bedfc8a0f6e2
---
 functions-common | 8 ++++----
 stackrc          | 6 ++++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/functions-common b/functions-common
index 24507fef91..83db9d3667 100644
--- a/functions-common
+++ b/functions-common
@@ -1165,7 +1165,7 @@ function uninstall_package {
     if is_ubuntu; then
         apt_get purge "$@"
     elif is_fedora; then
-        sudo yum remove -y "$@"
+        sudo $YUM remove -y "$@" ||:
     elif is_suse; then
         sudo zypper rm "$@"
     else
@@ -1174,7 +1174,7 @@ function uninstall_package {
 }
 
 # Wrapper for ``yum`` to set proxy environment variables
-# Uses globals ``OFFLINE``, ``*_proxy``
+# Uses globals ``OFFLINE``, ``*_proxy``, ``YUM``
 # yum_install package [package ...]
 function yum_install {
     [[ "$OFFLINE" = "True" ]] && return
@@ -1186,7 +1186,7 @@ function yum_install {
     # https://bugzilla.redhat.com/show_bug.cgi?id=965567
     $sudo http_proxy=$http_proxy https_proxy=$https_proxy \
         no_proxy=$no_proxy \
-        yum install -y "$@" 2>&1 | \
+        $YUM install -y "$@" 2>&1 | \
         awk '
             BEGIN { fail=0 }
             /No package/ { fail=1 }
@@ -1196,7 +1196,7 @@ function yum_install {
 
     # also ensure we catch a yum failure
     if [[ ${PIPESTATUS[0]} != 0 ]]; then
-        die $LINENO "Yum install failure"
+        die $LINENO "$YUM install failure"
     fi
 }
 
diff --git a/stackrc b/stackrc
index ac798894b8..2a5d877223 100644
--- a/stackrc
+++ b/stackrc
@@ -621,6 +621,12 @@ API_WORKERS=${API_WORKERS:=$(( ($(nproc)/2)<2 ? 2 : ($(nproc)/2) ))}
 # Service startup timeout
 SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60}
 
+# Support alternative yum -- in future Fedora 'dnf' will become the
+# only supported installer, but for now 'yum' and 'dnf' are both
+# available in parallel with compatible CLIs.  Allow manual switching
+# till we get to the point we need to handle this automatically
+YUM=${YUM:-yum}
+
 # Following entries need to be last items in file
 
 # Local variables:

From 2bfb9af0c952f59287be4ce684b78cfb710a6105 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Fri, 7 Nov 2014 07:44:25 -0600
Subject: [PATCH 0224/3421] Remove NoVNC from the default enabled services

Preparing to remove all non-stackforge git repos

Change-Id: I91f628f09fcdfd1aefbc40c9e26be0509eee484d
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index 15b0951a1a..6881a517d8 100644
--- a/stackrc
+++ b/stackrc
@@ -44,7 +44,7 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 # this allows us to pass ENABLED_SERVICES
 if [[ -z "$ENABLED_SERVICES" ]]; then
     # core compute (glance / keystone / nova (+ nova-network))
-    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-novnc,n-xvnc,n-cauth
+    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-xvnc,n-cauth
     # cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
     # heat

From 21dbe993348b794a1b77c4f9db0081d1cc32138c Mon Sep 17 00:00:00 2001
From: Christian Berendt 
Date: Tue, 9 Dec 2014 21:01:40 +0100
Subject: [PATCH 0225/3421] Update used Fedora images to version 21

Change-Id: I26a3d7d0842f9d4c5fc33350992a19f597f39b2e
---
 stackrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index ac798894b8..9960a1b320 100644
--- a/stackrc
+++ b/stackrc
@@ -552,7 +552,7 @@ esac
 if [[ "$ENABLED_SERVICES" =~ 'h-api' ]]; then
     case "$VIRT_DRIVER" in
         libvirt|ironic)
-            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"}
+            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2"}
             IMAGE_URLS+=",$HEAT_CFN_IMAGE_URL"
             ;;
         *)
@@ -577,7 +577,7 @@ fi
 PRECACHE_IMAGES=$(trueorfalse False $PRECACHE_IMAGES)
 if [[ "$PRECACHE_IMAGES" == "True" ]]; then
     # staging in update for nodepool
-    IMAGE_URL="https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"
+    IMAGE_URL="https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2"
     if ! [[ "$IMAGE_URLS"  =~ "$IMAGE_URL" ]]; then
         IMAGE_URLS+=",$IMAGE_URL"
     fi

From 0c99e2f65b6e86236c0d29928c110628f1e32f3d Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Tue, 9 Dec 2014 14:44:24 -0800
Subject: [PATCH 0226/3421] Poll resource tracker for ironic cpus as well as
 count

When ironic nodes are enrolled, their resources are not available
to the nova scheduler until after a round of ironic and nova periodic
tasks have run  In addition to waiting for ironic nodes to show up in
the resource tracker, also wait for associated CPU resources.  In
the worst case, this means waiting for 3 total rounds of periodic
tasks.

Change-Id: Idbbc43bf74ff5fff3d50f3494148454bb51e378f
Closes-bug: #1398128
---
 lib/ironic | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index e79842c0f3..abf4700949 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -501,18 +501,20 @@ function create_bridge_and_vms {
 }
 
 function wait_for_nova_resources {
-    # After nodes have been enrolled, we need to wait for n-cpu's periodic
-    # task populate the resource tracker with available nodes.  Wait for 2
-    # minutes before timing out.
-    local expected_count=$1
-    echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $expected_count Ironic nodes"
+    # After nodes have been enrolled, we need to wait for both ironic and
+    # nova's periodic tasks to populate the resource tracker with available
+    # nodes and resources. Wait up to 2 minutes for a given resource before
+    # timing out.
+    local resource=$1
+    local expected_count=$2
+    echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $resource >= $expected_count"
     for i in $(seq 1 120); do
-        if [ $(nova hypervisor-stats | grep " count " | get_field 2) -ge $expected_count ]; then
+        if [ $(nova hypervisor-stats | grep " $resource " | get_field 2) -ge $expected_count ]; then
             return 0
         fi
         sleep 1
     done
-    die $LINENO "Nova hypervisor-stats did not register at least $expected_count nodes"
+    die $LINENO "Timed out waiting for Nova hypervisor-stats $resource >= $expected_count"
 }
 
 function enroll_nodes {
@@ -551,6 +553,7 @@ function enroll_nodes {
     fi
 
     local total_nodes=0
+    local total_cpus=0
     while read hardware_info; do
         if ! is_ironic_hardware; then
             local mac_address=$hardware_info
@@ -582,6 +585,7 @@ function enroll_nodes {
         ironic port-create --address $mac_address --node_uuid $node_id
 
         total_nodes=$((total_nodes+1))
+        total_cpus=$((total_cpus+$ironic_node_cpu))
     done < $ironic_hwinfo_file
 
     # create the nova flavor
@@ -598,7 +602,8 @@ function enroll_nodes {
     nova flavor-key baremetal set "cpu_arch"="x86_64" "baremetal:deploy_kernel_id"="$IRONIC_DEPLOY_KERNEL_ID" "baremetal:deploy_ramdisk_id"="$IRONIC_DEPLOY_RAMDISK_ID"
 
     if [ "$VIRT_DRIVER" == "ironic" ]; then
-        wait_for_nova_resources $total_nodes
+        wait_for_nova_resources "count" $total_nodes
+        wait_for_nova_resources "vcpus" $total_cpus
     fi
 }
 

From d5b74c688febfafb69ddc3881d9936e0268daa4c Mon Sep 17 00:00:00 2001
From: Abhishek Chanda 
Date: Fri, 12 Dec 2014 02:15:55 +0530
Subject: [PATCH 0227/3421] Take an optional rabbit user name as input

Newer versions of rabbitmq (3.3 and later) do not allow the 'guest'
user to access on non-local interfaces.

- Added a new config RABBIT_USERID which defaults to stackrabbit
- Invoked config scripts using that variable

Adopted from:
https://review.openstack.org/#/c/107779/

Change-Id: I43a231c9611b4cc2e390b603aa3bfb49c915bdc5
Closes-Bug: #1343354
Co-Authored-By: Scott Moser 
---
 lib/keystone    |  1 +
 lib/nova        |  4 ++--
 lib/rpc_backend | 26 +++++++++++++++++++++++---
 lib/trove       |  4 ++++
 stack.sh        |  1 +
 5 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index a218732aaf..9c0b01378c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -214,6 +214,7 @@ function configure_keystone {
 
     # Configure rabbitmq credentials
     if is_service_enabled rabbit; then
+        iniset $KEYSTONE_CONF DEFAULT rabbit_userid $RABBIT_USERID
         iniset $KEYSTONE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
         iniset $KEYSTONE_CONF DEFAULT rabbit_host $RABBIT_HOST
     fi
diff --git a/lib/nova b/lib/nova
index 4c86d79130..cbfbdfa69f 100644
--- a/lib/nova
+++ b/lib/nova
@@ -587,8 +587,8 @@ function init_nova_cells {
         fi
 
         $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF db sync
-        $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=guest --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1
-        $NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=guest --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1
+        $NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1
+        $NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1
     fi
 }
 
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 4c1efa66cb..6afec370e8 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -7,7 +7,7 @@
 # Dependencies:
 #
 # - ``functions`` file
-# - ``RABBIT_{HOST|PASSWORD}`` must be defined when RabbitMQ is used
+# - ``RABBIT_{HOST|PASSWORD|USERID}`` must be defined when RabbitMQ is used
 # - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol
 
 # ``stack.sh`` calls the entry points in this order:
@@ -68,6 +68,9 @@ function check_rpc_backend {
 function cleanup_rpc_backend {
     if is_service_enabled rabbit; then
         # Obliterate rabbitmq-server
+        if [ -n "$RABBIT_USERID" ]; then
+            sudo rabbitmqctl delete_user "$RABBIT_USERID"
+        fi
         uninstall_package rabbitmq-server
         sudo killall epmd || sudo killall -9 epmd
         if is_ubuntu; then
@@ -180,15 +183,16 @@ function restart_rpc_backend {
                 # service is not started by default
                 restart_service rabbitmq-server
             fi
+            rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD"
             # change the rabbit password since the default is "guest"
-            sudo rabbitmqctl change_password guest $RABBIT_PASSWORD && break
+            sudo rabbitmqctl change_password $RABBIT_USERID $RABBIT_PASSWORD && break
             [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
         done
         if is_service_enabled n-cell; then
             # Add partitioned access for the child cell
             if [ -z `sudo rabbitmqctl list_vhosts | grep child_cell` ]; then
                 sudo rabbitmqctl add_vhost child_cell
-                sudo rabbitmqctl set_permissions -p child_cell guest ".*" ".*" ".*"
+                sudo rabbitmqctl set_permissions -p child_cell $RABBIT_USERID ".*" ".*" ".*"
             fi
         fi
     elif is_service_enabled qpid; then
@@ -225,6 +229,7 @@ function iniset_rpc_backend {
         iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu
         iniset $file $section rabbit_hosts $RABBIT_HOST
         iniset $file $section rabbit_password $RABBIT_PASSWORD
+        iniset $file $section rabbit_userid $RABBIT_USERID
     fi
 }
 
@@ -239,6 +244,21 @@ function qpid_is_supported {
     ( ! is_suse )
 }
 
+function rabbit_setuser {
+    local user="$1" pass="$2" found="" out=""
+    out=$(sudo rabbitmqctl list_users) ||
+        { echo "failed to list users" 1>&2; return 1; }
+    found=$(echo "$out" | awk '$1 == user { print $1 }' "user=$user")
+    if [ "$found" = "$user" ]; then
+        sudo rabbitmqctl change_password "$user" "$pass" ||
+            { echo "failed changing pass for '$user'" 1>&2; return 1; }
+    else
+        sudo rabbitmqctl add_user "$user" "$pass" ||
+            { echo "failed changing pass for $user"; return 1; }
+    fi
+    sudo rabbitmqctl set_permissions "$user" ".*" ".*" ".*"
+}
+
 # Set up the various configuration files used by the qpidd broker
 function _configure_qpid {
 
diff --git a/lib/trove b/lib/trove
index 6cc5fa8f53..4149b0d592 100644
--- a/lib/trove
+++ b/lib/trove
@@ -134,6 +134,7 @@ function configure_trove {
     rm -f $TROVE_CONF_DIR/trove-taskmanager.conf
     rm -f $TROVE_CONF_DIR/trove-conductor.conf
 
+    iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
     iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_password $RABBIT_PASSWORD
     iniset $TROVE_CONF_DIR/trove.conf DEFAULT sql_connection `database_connection_url trove`
     iniset $TROVE_CONF_DIR/trove.conf DEFAULT default_datastore $TROVE_DATASTORE_TYPE
@@ -145,6 +146,7 @@ function configure_trove {
     if is_service_enabled tr-tmgr; then
         TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
 
+        iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
         iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
         iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
         iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
@@ -157,6 +159,7 @@ function configure_trove {
 
     # (Re)create trove conductor conf file if needed
     if is_service_enabled tr-cond; then
+        iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
         iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
         iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
         iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
@@ -168,6 +171,7 @@ function configure_trove {
     fi
 
     # Set up Guest Agent conf
+    iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin
diff --git a/stack.sh b/stack.sh
index 375be2846d..d97139aaa7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -643,6 +643,7 @@ initialize_database_backends && echo "Using $DATABASE_TYPE database backend" ||
 
 # Rabbit connection info
 if is_service_enabled rabbit; then
+    RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
     RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
     read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
 fi

From 6d012cf16f8d0f4f0a2fae4f5215fadf9884f7fc Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Fri, 12 Dec 2014 00:52:59 +0000
Subject: [PATCH 0228/3421] Revert "Update used Fedora images to version 21"

This breaks check-heat-dsvm-functional-mysql which assumes the previous glance image name.

This reverts commit 21dbe993348b794a1b77c4f9db0081d1cc32138c.

Change-Id: I77749f3f9f1a64719447ddd25ee95bc6d3afa5b3
---
 stackrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index 9960a1b320..ac798894b8 100644
--- a/stackrc
+++ b/stackrc
@@ -552,7 +552,7 @@ esac
 if [[ "$ENABLED_SERVICES" =~ 'h-api' ]]; then
     case "$VIRT_DRIVER" in
         libvirt|ironic)
-            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2"}
+            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"}
             IMAGE_URLS+=",$HEAT_CFN_IMAGE_URL"
             ;;
         *)
@@ -577,7 +577,7 @@ fi
 PRECACHE_IMAGES=$(trueorfalse False $PRECACHE_IMAGES)
 if [[ "$PRECACHE_IMAGES" == "True" ]]; then
     # staging in update for nodepool
-    IMAGE_URL="https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2"
+    IMAGE_URL="https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"
     if ! [[ "$IMAGE_URLS"  =~ "$IMAGE_URL" ]]; then
         IMAGE_URLS+=",$IMAGE_URL"
     fi

From 31f70b4016b9f65325d1f7d2d7fc594b4dc98c12 Mon Sep 17 00:00:00 2001
From: Zhongyue Luo 
Date: Fri, 12 Dec 2014 15:41:17 +0800
Subject: [PATCH 0229/3421] Delete is_ironic function

This function is not used in DevStack anymore.

Change-Id: I4a4430e451094d638704a2da1eb2de7f22f25b84
---
 lib/ironic | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index fe7b1df2d4..571202d2fd 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -444,13 +444,6 @@ function stop_ironic {
     fi
 }
 
-function is_ironic {
-    if ( is_service_enabled ir-cond && is_service_enabled ir-api ); then
-        return 0
-    fi
-    return 1
-}
-
 function create_ovs_taps {
     local ironic_net_id=$(neutron net-list | grep private | get_field 1)
 

From be485221b321ebb418f3f5dd8d86e164797f07de Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Wed, 10 Dec 2014 10:33:53 +0000
Subject: [PATCH 0230/3421] XenAPI: Simplify installed packages

Remove duplicate packages.
pip is handled by devstack, so don't try and install it here.

Change-Id: I6f22e0f86ae071d30bf69de9ed5dec6b28ebc92b
---
 lib/nova_plugins/hypervisor-xenserver | 3 +--
 tools/xen/prepare_guest.sh            | 4 +---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index db19cc2fb6..4d0ec898ad 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -94,8 +94,7 @@ CRONTAB
 
 # install_nova_hypervisor() - Install external components
 function install_nova_hypervisor {
-    # This function intentionally left blank
-    :
+    pip_install xenapi
 }
 
 # start_nova_hypervisor - Start any required external services
diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh
index 7383c91e37..7fe032a064 100755
--- a/tools/xen/prepare_guest.sh
+++ b/tools/xen/prepare_guest.sh
@@ -73,9 +73,7 @@ EOF
 # Install basics
 apt-get update
 apt-get install -y cracklib-runtime curl wget ssh openssh-server tcpdump ethtool
-apt-get install -y curl wget ssh openssh-server python-pip git sudo python-netaddr
-apt-get install -y coreutils
-pip install xenapi
+apt-get install -y git sudo python-netaddr coreutils
 
 # Install XenServer guest utilities
 dpkg -i $XS_TOOLS_PATH

From d4a6e355cab59f61c269139092e261aa105f52dc Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Thu, 11 Dec 2014 14:53:17 -0800
Subject: [PATCH 0231/3421] Enroll Ironic nodes /w IRONIC_KEY_FILE

Do not compose a full path to the ironic ssh keyfile.  Instead,
use IRONIC_KEY_FILE which will be set to the full path to the key.
This is required when IRONIC_KEY_FILE is user-specified, otherwise
we're still enrolling nodes with the default path that is only
used when generating a key.

Change-Id: Icf1ba97becc3e800caf9329a16b79cf106ac3c9a
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 3f7ae2111c..55272b9a1d 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -536,7 +536,7 @@ function enroll_nodes {
             -i ssh_address=$IRONIC_VM_SSH_ADDRESS \
             -i ssh_port=$IRONIC_VM_SSH_PORT \
             -i ssh_username=$IRONIC_SSH_USERNAME \
-            -i ssh_key_filename=$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME"
+            -i ssh_key_filename=$IRONIC_KEY_FILE"
     else
         local ironic_node_cpu=$IRONIC_HW_NODE_CPU
         local ironic_node_ram=$IRONIC_HW_NODE_RAM

From 7bb9a73b8cbb62b31cbf8faa0f19d9c609b359fd Mon Sep 17 00:00:00 2001
From: Sushil Kumar 
Date: Sat, 13 Dec 2014 16:32:11 +0000
Subject: [PATCH 0232/3421] Adds missing rabbit_userid to trove configs

- rabbit_userid was only updated in trove.conf leaving other
  trove configuration files not having this value.
- Trove service setup was broken because of this.
- Added rabbit_userid to trove-taskmanager.conf,
  trove-conductor.conf and trove-guest.conf.

Change-Id: I60bd160600ec4a02c94ee5e33e4bc91c9f2aa2ed
Closes-Bug: #1402227
---
 lib/trove | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/trove b/lib/trove
index 4149b0d592..8b7b0ef640 100644
--- a/lib/trove
+++ b/lib/trove
@@ -146,7 +146,7 @@ function configure_trove {
     if is_service_enabled tr-tmgr; then
         TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
 
-        iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
+        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_userid $RABBIT_USERID
         iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
         iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
         iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
@@ -159,7 +159,7 @@ function configure_trove {
 
     # (Re)create trove conductor conf file if needed
     if is_service_enabled tr-cond; then
-        iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
+        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_userid $RABBIT_USERID
         iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
         iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
         iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
@@ -171,7 +171,7 @@ function configure_trove {
     fi
 
     # Set up Guest Agent conf
-    iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
+    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_userid $RABBIT_USERID
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin

From 3b782d304ec2073a6406c37b9e1a76c8aecfc9a3 Mon Sep 17 00:00:00 2001
From: Ruslan Kamaldinov 
Date: Sat, 13 Dec 2014 23:18:31 +0300
Subject: [PATCH 0233/3421] Pin version of setuptools

Latest release of setuptool 8.0 made several versions used in
requirements.txt of OpenStack projects invalid. Instances:
* SQLAlchemy>=0.8.4,<=0.8.99,>=0.9.7,<=0.9.99 in oslo.db 1.2.0
* python-neutronclient 2.3.9.40.g9ed73c0 in openstackclient

Cap '<8.0' is set as a temporary fix until a better solution
comes up.

Change-Id: I4cfe2e4c86474ec9bf69a3c2007c0277288ea2b6
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 55ef93e44d..c9119ae410 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -83,6 +83,6 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then
     configure_pypi_alternative_url
 fi
 
-pip_install -U setuptools
+pip_install -U "setuptools<8.0"
 
 get_versions

From dc31f76a27a909d010408428d938121b3abd3101 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Sat, 13 Dec 2014 23:34:15 -0500
Subject: [PATCH 0234/3421] Add WSGIPassAuthorization to the keystone apache
 template

For the OS-OAUTH1 Keystone extension to fully work under Apache,
the WSGIPassAuthorization parameter must be set to On, rather
than the default of Off. This will make functional testing of
this extension much easier.

Change-Id: I5dcbdd27e7ef7a60fe3c7cb8b9c3c83b4197dfc1
---
 files/apache-keystone.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 88492d3408..b0cfb84ce0 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -6,6 +6,7 @@ Listen %ADMINPORT%
     WSGIProcessGroup keystone-public
     WSGIScriptAlias / %PUBLICWSGI%
     WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
     = 2.4>
       ErrorLogFormat "%{cu}t %M"
     

From 1f65fd64ce2f4ed32a706f9bcb28c2ee0cf51e5b Mon Sep 17 00:00:00 2001
From: Doug Wiegley 
Date: Sat, 13 Dec 2014 11:56:16 -0700
Subject: [PATCH 0235/3421] Clear multi-line sections before adding lines

With multiline support for local.conf, the first line is created with
iniset, which will set *all* previous lines to the same thing, and then
subsequent lines will be added. Modify the multiline support to first
clear existing lines from the section.

This causes fatal errors with neutron.conf, which defines drivers with a bunch
of service_provider= options, and the current code ends up with the first
driver defined in local.conf being present twice.

Change-Id: If132a94e53545d9134859aa508da7b9819ede2f8
---
 functions-common  | 15 +++++++++++++
 lib/config        |  1 +
 tests/test_ini.sh | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+)

diff --git a/functions-common b/functions-common
index 94ab34763e..352102e24a 100644
--- a/functions-common
+++ b/functions-common
@@ -148,6 +148,21 @@ $option = $value
     $xtrace
 }
 
+function inidelete {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+
+    [[ -z $section || -z $option ]] && return
+
+    # Remove old values
+    sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+
+    $xtrace
+}
+
 # Set an option in an INI file
 # iniset config-file section option value
 function iniset {
diff --git a/lib/config b/lib/config
index c0756bf3fe..31c6fa6e57 100644
--- a/lib/config
+++ b/lib/config
@@ -144,6 +144,7 @@ function merge_config_file {
                     else {
                         # For multiline, invoke the ini routines in the reverse order
                         count = cfg_attr_count[section, attr]
+                        print "inidelete " configfile " " section " " attr
                         print "iniset " configfile " " section " " attr " \"" cfg_attr[section, attr, count - 1] "\""
                         for (l = count -2; l >= 0; l--)
                             print "iniadd_literal " configfile " " section " " attr " \"" cfg_attr[section, attr, l] "\""
diff --git a/tests/test_ini.sh b/tests/test_ini.sh
index 598cd578f6..106cc9507f 100755
--- a/tests/test_ini.sh
+++ b/tests/test_ini.sh
@@ -34,6 +34,32 @@ empty =
 [eee]
 multi = foo1
 multi = foo2
+
+# inidelete(a)
+[del_separate_options]
+a=b
+b=c
+
+# inidelete(a)
+[del_same_option]
+a=b
+a=c
+
+# inidelete(a)
+[del_missing_option]
+b=c
+
+# inidelete(a)
+[del_missing_option_multi]
+b=c
+b=d
+
+# inidelete(a)
+[del_no_options]
+
+# inidelete(a)
+# no section - del_no_section
+
 EOF
 
 # Test with missing arguments
@@ -237,4 +263,33 @@ else
     echo "iniadd with non-exsting failed: $VAL"
 fi
 
+# Test inidelete
+del_cases="
+    del_separate_options
+    del_same_option
+    del_missing_option
+    del_missing_option_multi
+    del_no_options
+    del_no_section"
+
+for x in $del_cases; do
+    inidelete test.ini $x a
+    VAL=$(iniget_multiline test.ini $x a)
+    if [ -z "$VAL" ]; then
+        echo "OK: inidelete $x"
+    else
+        echo "inidelete $x failed: $VAL"
+    fi
+    if [ "$x" = "del_separate_options" -o \
+        "$x" = "del_missing_option" -o \
+        "$x" = "del_missing_option_multi" ]; then
+        VAL=$(iniget_multiline test.ini $x b)
+        if [ "$VAL" = "c" -o "$VAL" = "c d" ]; then
+            echo "OK: inidelete other_options $x"
+        else
+            echo "inidelete other_option $x failed: $VAL"
+        fi
+    fi
+done
+
 rm test.ini

From 1cbb5d3f0c3200ce0446de59a8b9b3af1b8db483 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 15 Dec 2014 14:57:15 -0500
Subject: [PATCH 0236/3421] Clean database ubuntu/RHEL/SUSE use
 uninstall_package and clean /var/lib/mysql

Change-Id: I72c9df06903e536320a807fae8b817379e448444
Related-Bug: #1395776
---
 lib/databases/mysql | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index d39d9667fc..0e423de675 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -23,22 +23,27 @@ function cleanup_database_mysql {
     if is_ubuntu; then
         # Get ruthless with mysql
         stop_service $MYSQL
-        apt_get purge -y mysql*
+        uninstall_package mysql-server mariadb-server
         sudo rm -rf /var/lib/mysql
         sudo rm -rf /etc/mysql
         return
     elif is_fedora; then
         if [[ $DISTRO =~ (rhel6) ]]; then
-            MYSQL=mysqld
+            stop_service mysqld
+            uninstall_package mysql-server
+            sudo rm -rf /var/lib/mysql
         else
-            MYSQL=mariadb
+            stop_service mariadb
+            uninstall_package mariadb-server
+            sudo rm -rf /var/lib/mysql
         fi
     elif is_suse; then
-        MYSQL=mysql
+        stop_service mysql
+        uninstall_package mysql-community-server
+        sudo rm -rf /var/lib/mysql
     else
         return
     fi
-    stop_service $MYSQL
 }
 
 function recreate_database_mysql {

From f3e75bf979bac5330034d350c416c61df7d8feb4 Mon Sep 17 00:00:00 2001
From: Alessandro Pilotti 
Date: Mon, 15 Dec 2014 20:02:08 +0200
Subject: [PATCH 0237/3421] Fixes Heat tempest issue due to hardcoded qcow2
 extension

The orchestration image_ref is set incorrectly if the extension is not
qcow2, as a result tempest cannot find the Glance image and the
associated tests fail.

This patch fixes the issue by handling any extension.

Change-Id: I32ffe021714590a1b1bab232b1d4f5da238bd4d8
Closes-Bug: #1402774
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 6fc157fa7d..7cac6dd642 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -372,7 +372,7 @@ function configure_tempest {
     # Orchestration Tests
     if is_service_enabled heat; then
         if [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
-            iniset $TEMPEST_CONFIG orchestration image_ref $(basename "$HEAT_CFN_IMAGE_URL" ".qcow2")
+            iniset $TEMPEST_CONFIG orchestration image_ref $(basename "${HEAT_CFN_IMAGE_URL%.*}")
         fi
         # build a specialized heat flavor
         available_flavors=$(nova flavor-list)

From ef844fd08da208947c8e5d8e74e598d7cf7072af Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 15 Dec 2014 16:32:43 -0500
Subject: [PATCH 0238/3421] remove $KEYSTONE_TOKEN_HASH_ALGORITHM

Now that Keystone is back to UUID token defaults the use case for this
in devstack is extremely dubious, and it can be set through via
local.conf if anyone *really* cares.

Part of bp:devstack-nounset

Change-Id: I644b5b1579952959d253758b2a12b97d8a704657
---
 lib/horizon  | 3 ---
 lib/keystone | 7 -------
 2 files changed, 10 deletions(-)

diff --git a/lib/horizon b/lib/horizon
index 3f3b1ca28f..edb95e9812 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -105,9 +105,6 @@ function init_horizon {
 
     _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
     _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
-    if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
-        _horizon_config_set $local_settings "" OPENSTACK_TOKEN_HASH_ALGORITHM \""$KEYSTONE_TOKEN_HASH_ALGORITHM"\"
-    fi
 
     if [ -f $SSL_BUNDLE_FILE ]; then
         _horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
diff --git a/lib/keystone b/lib/keystone
index 9c0b01378c..071dc908ae 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -318,10 +318,6 @@ function configure_keystone {
 
     iniset $KEYSTONE_CONF DEFAULT admin_workers "$API_WORKERS"
     # Public workers will use the server default, typically number of CPU.
-
-    if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
-        iniset $KEYSTONE_CONF token hash_algorithm "$KEYSTONE_TOKEN_HASH_ALGORITHM"
-    fi
 }
 
 function configure_keystone_extensions {
@@ -443,9 +439,6 @@ function configure_auth_token_middleware {
     iniset $conf_file $section admin_user $admin_user
     iniset $conf_file $section admin_password $SERVICE_PASSWORD
     iniset $conf_file $section signing_dir $signing_dir
-    if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
-        iniset $conf_file keystone_authtoken hash_algorithms "$KEYSTONE_TOKEN_HASH_ALGORITHM"
-    fi
 }
 
 # init_keystone() - Initialize databases, etc.

From 64b56a53d8f5136c6902ce0fa948317f171a664d Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 16 Dec 2014 09:53:36 +1100
Subject: [PATCH 0239/3421] Fix rabbitmq retry for error checking

I think this retry check has been broken since we introduced "set -e".
Unfortunately it seems the issue of rabbitmq not starting first-time
persists on centos 7 hosts occasionally, e.g. [1]:

---
 + rabbit_setuser stackrabbit secretrabbit
 + local user=stackrabbit pass=secretrabbit found= out=
 ++ sudo rabbitmqctl list_users
 Error: unable to connect to node 'rabbit@devstack-centos7-rax-iad-100675': nodedown

 DIAGNOSTICS
 ===========

 nodes in question: ['rabbit@devstack-centos7-rax-iad-100675']

 hosts, their running nodes and ports:
 - devstack-centos7-rax-iad-100675: [{rabbitmqctl29293,39511}]

 current node details:
 - node name: 'rabbitmqctl29293@devstack-centos7-rax-iad-100675'
 - home dir: /var/lib/rabbitmq
 - cookie hash: KieJnx1pnllKbHVihGcDqA==
---

Fix up this retry while we investigate [2]

[1] http://logs.openstack.org/64/141864/1/check//check-tempest-dsvm-centos7/4308f0c/logs/devstacklog.txt.gz
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1144100

Change-Id: I11fb3728e08adc1e0f7acca63e5a308d24dce78e
---
 lib/rpc_backend | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 6afec370e8..400204abe1 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -176,17 +176,31 @@ function restart_rpc_backend {
         echo_summary "Starting RabbitMQ"
         # NOTE(bnemec): Retry initial rabbitmq configuration to deal with
         # the fact that sometimes it fails to start properly.
-        # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1059028
+        # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144100
         local i
         for i in `seq 10`; do
+            local rc=0
+
+            [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
+
             if is_fedora || is_suse; then
                 # service is not started by default
                 restart_service rabbitmq-server
             fi
-            rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD"
+
+            rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD" || rc=$?
+            if [ $rc -ne 0 ]; then
+                continue
+            fi
+
             # change the rabbit password since the default is "guest"
-            sudo rabbitmqctl change_password $RABBIT_USERID $RABBIT_PASSWORD && break
-            [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
+            sudo rabbitmqctl change_password \
+                $RABBIT_USERID $RABBIT_PASSWORD || rc=$?
+            if [ $rc -ne 0 ]; then
+                continue;
+            fi
+
+            break
         done
         if is_service_enabled n-cell; then
             # Add partitioned access for the child cell

From fc99426a907473de3fc392c19eded30b88e8f46f Mon Sep 17 00:00:00 2001
From: Zhang Jinnan 
Date: Sun, 14 Dec 2014 19:19:53 -0500
Subject: [PATCH 0240/3421] Install Juno RDO repos for RHEL7

RHEL7 does not include Open vSwitch in the default repos, but it
is available via the RDO repo.  This patch automatically
configures the RDO repo for RHEL7.

Move this into the existing rhel6/rhel7 section.  We update RHEl6 to
the latest icehouse release, but it is not supported with Juno

Closes-Bug: #1402390
Change-Id: I4707cf68e39d9e900ec6c01331d7e124c8c4f6c4
---
 stack.sh | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/stack.sh b/stack.sh
index d97139aaa7..bbb7d75a4a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -212,17 +212,6 @@ fi
 # Some distros need to add repos beyond the defaults provided by the vendor
 # to pick up required packages.
 
-if is_fedora && [ $DISTRO == "rhel6" ]; then
-    # Installing Open vSwitch on RHEL requires enabling the RDO repo.
-    RHEL6_RDO_REPO_RPM=${RHEL6_RDO_REPO_RPM:-"http://rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm"}
-    RHEL6_RDO_REPO_ID=${RHEL6_RDO_REPO_ID:-"openstack-icehouse"}
-    if ! sudo yum repolist enabled $RHEL6_RDO_REPO_ID | grep -q $RHEL6_RDO_REPO_ID; then
-        echo "RDO repo not detected; installing"
-        yum_install $RHEL6_RDO_REPO_RPM || \
-            die $LINENO "Error installing RDO repo, cannot continue"
-    fi
-fi
-
 if is_fedora && [[ $DISTRO == "rhel6" || $DISTRO == "rhel7" ]]; then
     # RHEL requires EPEL for many Open Stack dependencies
 
@@ -269,6 +258,23 @@ EOF
         OPTIONAL_REPO=rhel-6-server-optional-rpms
     fi
     sudo yum-config-manager --enable ${OPTIONAL_REPO}
+
+    # Installing Open vSwitch on RHEL requires enabling the RDO repo.
+    # Note no juno packages for rhel6
+    if [[ $DISTRO == "rhel6" ]]; then
+        RHEL_RDO_REPO_RPM=${RHEL6_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm"}
+        RHEL_RDO_REPO_ID=${RHEL6_RDO_REPO_ID:-"openstack-icehouse"}
+    elif [[ $DISTRO == "rhel7" ]]; then
+        RHEL_RDO_REPO_RPM=${RHEL7_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm"}
+        RHEL_RDO_REPO_ID=${RHEL7_RDO_REPO_ID:-"openstack-juno"}
+    fi
+
+    if ! sudo yum repolist enabled $RHEL_RDO_REPO_ID | grep -q $RHEL_RDO_REPO_ID; then
+        echo "RDO repo not detected; installing"
+        yum_install $RHEL_RDO_REPO_RPM || \
+            die $LINENO "Error installing RDO repo, cannot continue"
+    fi
+
 fi
 
 

From b57f636ec8fc648917c05c80469473d4f1deb14e Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Mon, 15 Dec 2014 20:55:54 -0500
Subject: [PATCH 0241/3421] Add WSGIPassAuthorization to the admin port too

Accidentally only added WSGIPassAuthorization to the public port,
like all the other WSGI props, it should be added for both ports.

Change-Id: I4e52e0881df464dfb7b28e22581f462e14e37bdb
---
 files/apache-keystone.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index b0cfb84ce0..2190d831c0 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -22,6 +22,7 @@ Listen %ADMINPORT%
     WSGIProcessGroup keystone-admin
     WSGIScriptAlias / %ADMINWSGI%
     WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
     = 2.4>
       ErrorLogFormat "%{cu}t %M"
     

From 981ed299abe07b2b3e6d8df695a6b045804a5716 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Mon, 15 Dec 2014 21:11:20 -0800
Subject: [PATCH 0242/3421] Fix TRACKING_DEPENDS mode

TRACKING_DEPENDS mode was added in I89677fd54635e82b10ab674ddeb9ffb3f1a755f0

TRACKING_DEPENDS creates a global virtualenv and assumes it exists for
all pip_installs (except for installing virtualenv), so we need to set
this up before any other pip install

Change-Id: Iebe6295913094b32124295e7c5e674e1cebaaa87
---
 stack.sh | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/stack.sh b/stack.sh
index d97139aaa7..55a5a2dbd3 100755
--- a/stack.sh
+++ b/stack.sh
@@ -704,6 +704,19 @@ if [[ "$OFFLINE" != "True" ]]; then
     PYPI_ALTERNATIVE_URL=$PYPI_ALTERNATIVE_URL $TOP_DIR/tools/install_pip.sh
 fi
 
+TRACK_DEPENDS=${TRACK_DEPENDS:-False}
+
+# Install python packages into a virtualenv so that we can track them
+if [[ $TRACK_DEPENDS = True ]]; then
+    echo_summary "Installing Python packages into a virtualenv $DEST/.venv"
+    pip_install -U virtualenv
+
+    rm -rf $DEST/.venv
+    virtualenv --system-site-packages $DEST/.venv
+    source $DEST/.venv/bin/activate
+    $DEST/.venv/bin/pip freeze > $DEST/requires-pre-pip
+fi
+
 # Do the ugly hacks for broken packages and distros
 source $TOP_DIR/tools/fixup_stuff.sh
 
@@ -729,19 +742,6 @@ if is_service_enabled neutron; then
     install_neutron_agent_packages
 fi
 
-TRACK_DEPENDS=${TRACK_DEPENDS:-False}
-
-# Install python packages into a virtualenv so that we can track them
-if [[ $TRACK_DEPENDS = True ]]; then
-    echo_summary "Installing Python packages into a virtualenv $DEST/.venv"
-    pip_install -U virtualenv
-
-    rm -rf $DEST/.venv
-    virtualenv --system-site-packages $DEST/.venv
-    source $DEST/.venv/bin/activate
-    $DEST/.venv/bin/pip freeze > $DEST/requires-pre-pip
-fi
-
 # Check Out and Install Source
 # ----------------------------
 

From 5c66ff6f20e8fd9a439d9c0edabd3e88423e0ac0 Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Tue, 16 Dec 2014 16:50:46 +0000
Subject: [PATCH 0243/3421] Update the default ODL to Helium SR1.1

Per a nasty security vulnerability, OpenDaylight has released a security
update for Helium, SR1.1. You can read more about this here [1].

[1] https://lists.opendaylight.org/pipermail/discuss/2014-December/004135.html

Change-Id: I8b9f436b5bf7cabd2d32aaf7388f3f82f9617c3e
---
 lib/opendaylight | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/opendaylight b/lib/opendaylight
index 936a17cbed..2f0f37e34d 100644
--- a/lib/opendaylight
+++ b/lib/opendaylight
@@ -47,16 +47,16 @@ ODL_USERNAME=${ODL_USERNAME:-admin}
 ODL_PASSWORD=${ODL_PASSWORD:-admin}
 
 # Short name of ODL package
-ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1}
+ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1.1}
 
 # 
 ODL_DIR=$DEST/opendaylight
 
 # The OpenDaylight Package, currently using 'Hydrogen' release
-ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.zip}
+ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.1.zip}
 
 # The OpenDaylight URL
-ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1/}
+ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1.1/}
 
 # Default arguments for OpenDaylight. This is typically used to set
 # Java memory options.

From f6287c2adb4722b5688da9a4ac61dc6eda4a1372 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Tue, 16 Dec 2014 13:32:41 -0800
Subject: [PATCH 0244/3421] Fix rabbit_userid for multi node devstack

I43a231c9611b4cc2e390b603aa3bfb49c915bdc5 introduced a new setting
RABBIT_USERID but only set it if rabbit is enabled. In multi node
devstack the second node uses RABBIT_USERID but the service rabbit isn't
enabled on it.

Always set RABBIT_USERID, if a different message queue is used the
variable will just be ignored.

Change-Id: I8568bddda2a5c66235ecae23af58983ee94c720a
---
 stack.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index d97139aaa7..605d3cc889 100755
--- a/stack.sh
+++ b/stack.sh
@@ -642,8 +642,10 @@ initialize_database_backends && echo "Using $DATABASE_TYPE database backend" ||
 # Queue Configuration
 
 # Rabbit connection info
+# In multi node devstack, second node needs RABBIT_USERID, but rabbit
+# isn't enabled.
+RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
 if is_service_enabled rabbit; then
-    RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
     RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST}
     read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
 fi

From fc0ff92777cc6be1914ff59b02d10e9fb75eb199 Mon Sep 17 00:00:00 2001
From: JordanP 
Date: Wed, 17 Dec 2014 12:39:36 +0100
Subject: [PATCH 0245/3421] lib/swift : fix misleading typo in a code comment

The code comment was picked from lib/keystone but not changed.

Change-Id: Idebe5af84d481d52d529575e666105e4b0e06a59
---
 lib/swift | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/swift b/lib/swift
index 41f9e84afa..e9043b32a1 100644
--- a/lib/swift
+++ b/lib/swift
@@ -132,7 +132,7 @@ SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY}
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,swift
 
-# Toggle for deploying Keystone under HTTPD + mod_wsgi
+# Toggle for deploying Swift under HTTPD + mod_wsgi
 SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
 
 # Functions

From 684e9e9ce2bfbe21571b7ba61aa9b91ea49892fa Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Wed, 17 Dec 2014 11:48:59 -0500
Subject: [PATCH 0246/3421] Don't install sphinx from distro

We don't generate docs in devstack. But also, sphinx depends on babel
which has a hard depend that breaks with setuptools 8. However, pip
installed babel/sphinx should not have this problem.

Change-Id: I84a82e56f6540724d50c6201a68c480ba7645add
---
 files/debs/horizon      | 1 -
 files/debs/ryu          | 1 -
 files/rpms-suse/horizon | 1 -
 files/rpms-suse/ryu     | 1 -
 files/rpms/horizon      | 1 -
 files/rpms/ryu          | 1 -
 6 files changed, 6 deletions(-)

diff --git a/files/debs/horizon b/files/debs/horizon
index 5d06928c7b..f9b7d597dc 100644
--- a/files/debs/horizon
+++ b/files/debs/horizon
@@ -12,7 +12,6 @@ python-webob
 pylint
 python-eventlet
 python-nose
-python-sphinx
 python-mox
 python-coverage
 python-cherrypy3 # why?
diff --git a/files/debs/ryu b/files/debs/ryu
index 9b850807e6..354c1b75d3 100644
--- a/files/debs/ryu
+++ b/files/debs/ryu
@@ -1,2 +1 @@
 python-eventlet
-python-sphinx
diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
index fa7e43964a..d1f378a70d 100644
--- a/files/rpms-suse/horizon
+++ b/files/rpms-suse/horizon
@@ -4,7 +4,6 @@ python-CherryPy # why? (coming from apts)
 python-Paste
 python-PasteDeploy
 python-Routes
-python-Sphinx
 python-SQLAlchemy
 python-WebOb
 python-anyjson
diff --git a/files/rpms-suse/ryu b/files/rpms-suse/ryu
index 6b426fb163..354c1b75d3 100644
--- a/files/rpms-suse/ryu
+++ b/files/rpms-suse/ryu
@@ -1,2 +1 @@
-python-Sphinx
 python-eventlet
diff --git a/files/rpms/horizon b/files/rpms/horizon
index 1d06ac278b..82385ed06c 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -15,7 +15,6 @@ python-nose
 python-paste        #dist:f19,f20,f21
 python-paste-deploy #dist:f19,f20,f21
 python-routes
-python-sphinx
 python-sqlalchemy
 python-webob
 pyxattr
diff --git a/files/rpms/ryu b/files/rpms/ryu
index 9b850807e6..354c1b75d3 100644
--- a/files/rpms/ryu
+++ b/files/rpms/ryu
@@ -1,2 +1 @@
 python-eventlet
-python-sphinx

From 0943e076624274978d1e87c8a44f80df9151a5e9 Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Wed, 17 Dec 2014 16:07:32 -0800
Subject: [PATCH 0247/3421] [Sahara] Set use_floating_ips=false for nova
 network

There is no sense in using floating IPs in case of nova network.
Sahara doesn't support assigning floating IPs from
default_floating_pool. The best solution is to use private network
for management.

Change-Id: I4b3e1d52cab28fe5c8d398ca896216b47b9c4ee0
Closes-Bug: #1403680
---
 lib/sahara | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/sahara b/lib/sahara
index 6d1bef571a..e5f988bb31 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -131,6 +131,9 @@ function configure_sahara {
     if is_service_enabled neutron; then
         iniset $SAHARA_CONF_FILE DEFAULT use_neutron true
         iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips true
+    else
+        iniset $SAHARA_CONF_FILE DEFAULT use_neutron false
+        iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips false
     fi
 
     if is_service_enabled heat; then

From b7ebc4765a327e97837f2f6696682859eb77a93d Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Wed, 17 Dec 2014 03:32:42 +0000
Subject: [PATCH 0248/3421] Revert "Pin version of setuptools"

This reverts commit 3b782d304ec2073a6406c37b9e1a76c8aecfc9a3.

The blockers for setuptools 8 compatibility should all be resolved
now.

Change-Id: I6d2d63746f98f0f885816395f36022a2706fb9c5
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index c9119ae410..55ef93e44d 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -83,6 +83,6 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then
     configure_pypi_alternative_url
 fi
 
-pip_install -U "setuptools<8.0"
+pip_install -U setuptools
 
 get_versions

From 35b5283a8f365f12996af1209448ccd816276e1f Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Thu, 18 Dec 2014 17:27:22 +0000
Subject: [PATCH 0249/3421] Comment option to enable Setuptools warnings

Change-Id: I9fc247ab343c2cea0a8a5b7a3823b5525d6c311f
---
 tools/install_pip.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 55ef93e44d..f30ad2bcd0 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -68,6 +68,13 @@ function configure_pypi_alternative_url {
 
 }
 
+# Setuptools 8 implements PEP 440, and 8.0.4 adds a warning triggered any time
+# pkg_resources inspects the list of installed Python packages if there are
+# non-compliant version numbers in the egg-info (for example, from distro
+# system packaged Python libraries). This is off by default after 8.2 but can
+# be enabled by uncommenting the lines below.
+#PYTHONWARNINGS=$PYTHONWARNINGS,always::RuntimeWarning:pkg_resources
+#export PYTHONWARNINGS
 
 # Show starting versions
 get_versions

From 2191f838a718049b3ba3be42f3aef8a970ff4278 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Thu, 18 Dec 2014 22:13:13 +0000
Subject: [PATCH 0250/3421] Revert "Revert "Pin version of setuptools""

This reverts commit b7ebc4765a327e97837f2f6696682859eb77a93d.

We weren't quite ready yet... :/

Change-Id: Idccc4b79a700ca34a80f590e942e1647cdfdefb0
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 55ef93e44d..c9119ae410 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -83,6 +83,6 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then
     configure_pypi_alternative_url
 fi
 
-pip_install -U setuptools
+pip_install -U "setuptools<8.0"
 
 get_versions

From 305c4debde80a79676848c108cb42c0a12ce7405 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 18 Dec 2014 17:11:07 -0600
Subject: [PATCH 0251/3421] Fix wsgi dir cleanup in Keystone

Change-Id: I8350d2de8602472e5a7d80b490d2c24f43865e19
---
 lib/keystone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index 071dc908ae..1599fa5738 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -116,7 +116,7 @@ function cleanup_keystone {
 
 # _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
 function _cleanup_keystone_apache_wsgi {
-    sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
+    sudo rm -f $KEYSTONE_WSGI_DIR/*
     sudo rm -f $(apache_site_config_for keystone)
 }
 

From 9d0d3fb46824d3f9056acf18ad218b22b31b64af Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Thu, 18 Dec 2014 23:14:54 +0000
Subject: [PATCH 0252/3421] Revert "Revert "Revert "Pin version of
 setuptools"""

This reverts commit 2191f838a718049b3ba3be42f3aef8a970ff4278.

Approve once Setuptools 8 is silencing runtime warnings by default,
e.g. via https://github.com/jaraco/setuptools/pull/23 or a similar
patch.

Change-Id: I3c97a4d7810870c9ac058350b362930ce2af713b
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index c9119ae410..55ef93e44d 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -83,6 +83,6 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then
     configure_pypi_alternative_url
 fi
 
-pip_install -U "setuptools<8.0"
+pip_install -U setuptools
 
 get_versions

From 5107556a7985b35a22904c57fd4a6f851cef0024 Mon Sep 17 00:00:00 2001
From: Peter Pentchev 
Date: Fri, 19 Dec 2014 11:31:43 +0200
Subject: [PATCH 0253/3421] Actually run all the Cinder cert tests.

Change the tests to run on the tox invocation line, too, not just in
the message logged.

Change-Id: I86e02ea5a5eace92397bc18e08c494c6fd009880
---
 driver_certs/cinder_driver_cert.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/driver_certs/cinder_driver_cert.sh b/driver_certs/cinder_driver_cert.sh
index 27570389a9..d066e0667f 100755
--- a/driver_certs/cinder_driver_cert.sh
+++ b/driver_certs/cinder_driver_cert.sh
@@ -94,7 +94,7 @@ sleep 5
 
 # run tempest api/volume/test_*
 log_message "Run the actual tempest volume tests (./tools/pretty_tox.sh volume)...", True
-./tools/pretty_tox.sh api.volume 2>&1 | tee -a $TEMPFILE
+./tools/pretty_tox.sh volume 2>&1 | tee -a $TEMPFILE
 if [[ $? = 0 ]]; then
     log_message "CONGRATULATIONS!!!  Device driver PASSED!", True
     log_message "Submit output: ($TEMPFILE)"

From 933827cccea4d0866ecac9513a5f3ebeb90749ff Mon Sep 17 00:00:00 2001
From: saradpatel 
Date: Fri, 19 Dec 2014 12:09:05 +0000
Subject: [PATCH 0254/3421] Fix typo errors in devstack documentation

This submission fixes typo errors in following files
  1. contributing.rst
  2. exerciserc.rst
  3. faq.rst
  4. local.conf.rst
  5. openrc.rst

Change-Id: I2b2d61673c3c95f60c56978b5a81016603fef252
---
 doc/source/contributing.rst | 2 +-
 doc/source/exerciserc.rst   | 2 +-
 doc/source/faq.rst          | 2 +-
 doc/source/local.conf.rst   | 2 +-
 doc/source/openrc.rst       | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index 8c9e6584ec..b2a219b596 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -5,7 +5,7 @@ Contributing
 DevStack uses the standard OpenStack contribution process as outlined in
 `the OpenStack wiki 'How To
 Contribute' `__. This
-means that you will need to meet the requirements of the Contribututors
+means that you will need to meet the requirements of the Contributors
 License Agreement (CLA). If you have already done that for another
 OpenStack project you are good to go.
 
diff --git a/doc/source/exerciserc.rst b/doc/source/exerciserc.rst
index f3780c34c5..dacae2ecf2 100644
--- a/doc/source/exerciserc.rst
+++ b/doc/source/exerciserc.rst
@@ -3,7 +3,7 @@ exerciserc - Exercise Settings
 ==============================
 
 ``exerciserc`` is used to configure settings for the exercise scripts.
-The values shown below are the default values. Thse can all be
+The values shown below are the default values. These can all be
 overridden by setting them in the ``localrc`` section.
 
 ACTIVE\_TIMEOUT
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index f39471cb4e..92d794572e 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -123,7 +123,7 @@ Q: Why not use [STRIKEOUT:``tools/pip-requires``]\ ``requirements.txt`` to grab
     [STRIKEOUT:The majority of deployments will use packages to install
     OpenStack that will have distro-based packages as dependencies.
     DevStack installs as many of these Python packages as possible to
-    mimic the expected production environemnt.] Certain Linux
+    mimic the expected production environment.] Certain Linux
     distributions have a 'lack of workaround' in their Python
     configurations that installs vendor packaged Python modules and
     pip-installed modules to the SAME DIRECTORY TREE. This is causing
diff --git a/doc/source/local.conf.rst b/doc/source/local.conf.rst
index b2f7557e6d..a1ca60a75d 100644
--- a/doc/source/local.conf.rst
+++ b/doc/source/local.conf.rst
@@ -2,7 +2,7 @@
 local.conf - User Settings
 ==========================
 
-``local.conf`` is a user-maintained setings file that is sourced in
+``local.conf`` is a user-maintained settings file that is sourced in
 ``stackrc``. It contains a section that replaces the historical
 ``localrc`` file. See the description of
 :doc:`local.conf ` for more details about the mechanics
diff --git a/doc/source/openrc.rst b/doc/source/openrc.rst
index 56ff5c2edb..0b090c77b7 100644
--- a/doc/source/openrc.rst
+++ b/doc/source/openrc.rst
@@ -4,7 +4,7 @@ openrc - User Authentication Settings
 
 ``openrc`` configures login credentials suitable for use with the
 OpenStack command-line tools. ``openrc`` sources ``stackrc`` at the
-beginning (which in turn sources the ``localrc`` setion of
+beginning (which in turn sources the ``localrc`` section of
 ``local.conf``) in order to pick up ``HOST_IP`` and/or ``SERVICE_HOST``
 to use in the endpoints. The values shown below are the default values.
 

From 95d1a43f1feef36ee50b0f53a6da258a4a646244 Mon Sep 17 00:00:00 2001
From: Guillaume Delacour 
Date: Sat, 20 Dec 2014 17:09:05 +0100
Subject: [PATCH 0255/3421] uuidgen binary is needed by lib/{neutron,ceph}

When using unstack.sh script on Debian Wheezy, i saw a failing call on
uuidgen binary:

    $ ./unstack.sh
    /home/stack/devstack/lib/neutron: line 83: uuidgen: command not found
    Site keystone disabled.
    [...]

Change-Id: I47e158abce9d090eb839c6e97d9191dc99ccfe55
---
 files/debs/neutron | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/debs/neutron b/files/debs/neutron
index a48a800527..fd99677412 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -24,3 +24,4 @@ qpidd # NOPRIME
 sqlite3
 vlan
 radvd # NOPRIME
+uuid-runtime

From ce1524d0843894b099c4abd20a64f92acad50c55 Mon Sep 17 00:00:00 2001
From: Li Ma 
Date: Sun, 21 Dec 2014 00:46:34 -0800
Subject: [PATCH 0256/3421] Fix proper oslo.messaging object for zeromq driver

Currently, as almost all the rpc driver of projects
have been switched to oslo.messaging, the object should
be imported via oslo.messaging rather than its own rpc lib.

Change-Id: I9633446e78cb5af21f61a26f6fb365a8ed57a85f
Partially-Implements: blueprint zeromq
Closes-Bug: #1395721
---
 lib/rpc_backend | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 400204abe1..172d024f90 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -221,9 +221,9 @@ function iniset_rpc_backend {
     local file=$2
     local section=$3
     if is_service_enabled zeromq; then
-        iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_zmq
+        iniset $file $section rpc_backend "zmq"
         iniset $file $section rpc_zmq_matchmaker \
-            ${package}.openstack.common.rpc.matchmaker_redis.MatchMakerRedis
+            oslo.messaging._drivers.matchmaker_redis.MatchMakerRedis
         # Set MATCHMAKER_REDIS_HOST if running multi-node.
         MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
         iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST

From 58402537351ed30afc0d2ee99dc52687301ff9dc Mon Sep 17 00:00:00 2001
From: "Gary W. Smith" 
Date: Mon, 22 Dec 2014 09:13:23 -0800
Subject: [PATCH 0257/3421] Add missing space before ] in lib/trove

Change-Id: Ic852f642f03124c4a878c92ea8b6b11519c51e59
Fixes-Bug: 1404939
---
 lib/trove | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/trove b/lib/trove
index 8b7b0ef640..d889b056e8 100644
--- a/lib/trove
+++ b/lib/trove
@@ -207,7 +207,7 @@ function init_trove {
     $TROVE_BIN_DIR/trove-manage db_sync
 
     # If no guest image is specified, skip remaining setup
-    [ -z "$TROVE_GUEST_IMAGE_URL"] && return 0
+    [ -z "$TROVE_GUEST_IMAGE_URL" ] && return 0
 
     # Find the glance id for the trove guest image
     # The image is uploaded by stack.sh -- see $IMAGE_URLS handling

From 6ec66bb3d1354062ec70be972dba990e886084d5 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Mon, 22 Dec 2014 17:17:51 +0000
Subject: [PATCH 0258/3421] Install prettytable>=0.7 to satisfy pip 6/PEP 440

Also use sudo -H with pip so that it doesn't create a ~stack/.cache
other things can't write to as the stack user later.

Change-Id: I2134c7d8f58f8b83f33150c9ed86d87f8ccba2f3
---
 functions-common     | 2 +-
 tools/fixup_stuff.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 94ab34763e..40a0d2b942 100644
--- a/functions-common
+++ b/functions-common
@@ -1578,7 +1578,7 @@ function pip_install {
         local sudo_pip="env"
     else
         local cmd_pip=$(get_pip_command)
-        local sudo_pip="sudo"
+        local sudo_pip="sudo -H"
     fi
 
     $xtrace
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index ca465339b7..26aae82535 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -85,7 +85,7 @@ function get_package_path {
 
 # Fix prettytable 0.7.2 permissions
 # Don't specify --upgrade so we use the existing package if present
-pip_install 'prettytable>0.7'
+pip_install 'prettytable>=0.7'
 PACKAGE_DIR=$(get_package_path prettytable)
 # Only fix version 0.7.2
 dir=$(echo $PACKAGE_DIR/prettytable-0.7.2*)

From fe5164aeef1c3fab581272201e4e21f8821e8784 Mon Sep 17 00:00:00 2001
From: Ilya Tyaptin 
Date: Tue, 23 Dec 2014 14:53:43 +0400
Subject: [PATCH 0259/3421] Fix redis service restarting for Ceilometer

In Ubuntu redis service is named as redis-server. So in this
patchset different restarting for this service at different
OSes have been added.

Change-Id: I406e3556c7b9a2bef8277f34862375c5ffd3888e
Closes-bug: #1405147
---
 lib/ceilometer | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 1f480eaf63..f6280d9d3b 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -272,12 +272,12 @@ function init_ceilometer {
 function install_redis {
     if is_ubuntu; then
         install_package redis-server
+        restart_service redis-server
     else
         # This will fail (correctly) where a redis package is unavailable
         install_package redis
+        restart_service redis
     fi
-
-    restart_service redis
 }
 
 # install_ceilometer() - Collect source and prepare

From 013f52b01508f20c34209a30d76c1843764f88ca Mon Sep 17 00:00:00 2001
From: Clark Boylan 
Date: Tue, 23 Dec 2014 16:56:15 -0800
Subject: [PATCH 0260/3421] Always install latest pbr

When not installing pbr from source always install the latest version of
pbr. It turns out that python-pbr is a system package that satisfies
many of our requirements files pbr requirements but breaks under
setuptools 8.0. Fix this by passing the -U flag to pip when installing
pbr so that we install the latest version of pbr always.

Note that we likely need to make this more generic to avoid other system
package leakage when installing packages not from source.

We should also probably bump our pbr requirements across the board to
reflect the new setuptools 8.0 world needs.

Change-Id: I23dd21cea37d26f879aa8d864ee7d371e70221ea
Fixes-bug: 1405318
---
 lib/infra | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/infra b/lib/infra
index 57df07deed..c825b4ee56 100644
--- a/lib/infra
+++ b/lib/infra
@@ -37,7 +37,9 @@ function install_infra {
         git_clone_by_name "pbr"
         setup_lib "pbr"
     else
-        pip_install "pbr"
+        # Always upgrade pbr to latest version as we may have pulled it
+        # in via system packages.
+        pip_install "-U" "pbr"
     fi
 }
 

From 18a81a20581e7e53fa69d91b6b77f739b1e960b2 Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Fri, 26 Dec 2014 09:53:21 -0600
Subject: [PATCH 0261/3421] Stop installing setuptools from distros

We go through a bunch of trouble to install setuptools via pip. Having
it in the distro install too is confusing.

Change-Id: I6875fe2a1ee6b7d296f7f44b4b1601794b136440
---
 files/debs/general      | 1 -
 files/rpms-suse/general | 1 -
 files/rpms/general      | 1 -
 3 files changed, 3 deletions(-)

diff --git a/files/debs/general b/files/debs/general
index 3fe7863de2..e824d239b4 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -1,6 +1,5 @@
 bridge-utils
 pylint
-python-setuptools
 screen
 unzip
 wget
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index f1f7e8f173..63ef705b64 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -15,7 +15,6 @@ openssl
 psmisc
 python-cmd2 # dist:opensuse-12.3
 python-pylint
-python-setuptools # instead of python-distribute; dist:sle11sp2
 python-unittest2
 screen
 tar
diff --git a/files/rpms/general b/files/rpms/general
index d7ace9b990..ee7cc12cef 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -13,7 +13,6 @@ libxml2-devel
 libxslt-devel
 psmisc
 pylint
-python-setuptools
 python-prettytable # dist:rhel6 [1]
 python-unittest2
 python-virtualenv

From 130efefe6c8e8750504152742bd82961f18c8a02 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Sat, 27 Dec 2014 14:01:00 -0800
Subject: [PATCH 0262/3421] Call sudo /w -H in install_pip.sh as well

We updated other usage of sudo to pass -H when installing pip things,
to avoid creating a .cache directory in $STACK_USER's $HOME that is
owned by root. get-pip.py also ends up creating a ~/.cache, so we
need to update sudo usage there as well.

Closes-bug: #1405626
Related-bug: #1405732

Change-Id: If791b9b25d6a4280dab19117004184e57e78d038
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index f30ad2bcd0..d57a687ecc 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -46,7 +46,7 @@ function install_get_pip {
         curl -o $LOCAL_PIP $PIP_GET_PIP_URL || \
             die $LINENO "Download of get-pip.py failed"
     fi
-    sudo -E python $LOCAL_PIP
+    sudo -H -E python $LOCAL_PIP
 }
 
 

From 7b5c4e6797b8e7344f42728ef5cd2208cdc8717d Mon Sep 17 00:00:00 2001
From: "Haomeng, Wang" 
Date: Sun, 28 Dec 2014 03:15:14 +0000
Subject: [PATCH 0263/3421] ironic scripts should support $Q_USE_NAMESPACE

add logic for ironic to support $Q_USE_NAMESPACE, if it is false,
will not call 'ip netns' with network namespace

Change-Id: Idc4dfb49ee478486476973a41b420b9b7e11a4e0
---
 lib/ironic | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 3f7ae2111c..8af3a7c3a6 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -455,7 +455,11 @@ function create_ovs_taps {
     # intentional sleep to make sure the tag has been set to port
     sleep 10
 
-    local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -b2-)
+    if  [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+        local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -b2-)
+    else
+        local tapdev=$(sudo ip link list | grep " tap" | cut -d':' -f2 | cut -b2-)
+    fi
     local tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
 
     # make sure veth pair is not existing, otherwise delete its links

From 1eb4c6a3753fad0166359fff417f63f028ab871d Mon Sep 17 00:00:00 2001
From: gong yong sheng 
Date: Wed, 24 Dec 2014 09:21:01 +0800
Subject: [PATCH 0264/3421] remove brackets around boolean condition expression

Change-Id: Ia550d4603d9520ddea84a144e5e042903456d96d
Closes-Bug: 1405319
---
 lib/cinder  | 2 +-
 lib/horizon | 2 +-
 lib/neutron | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 930119cd61..c106424378 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -292,7 +292,7 @@ function configure_cinder {
         configure_cinder_driver
     fi
 
-    if [[ is_fedora && $DISTRO =~ (rhel6) ]]; then
+    if is_fedora && [[ $DISTRO =~ (rhel6) ]]; then
         # Cinder clones are slightly larger due to some extra
         # metadata.  RHEL6 will not allow auto-extending of LV's
         # without this, leading to clones giving hard-to-track disk
diff --git a/lib/horizon b/lib/horizon
index edb95e9812..fee2ef0b3a 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -72,7 +72,7 @@ function _horizon_config_set {
 # cleanup_horizon() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_horizon {
-    if [[ is_fedora && $DISTRO =~ (rhel6) ]]; then
+    if is_fedora && [[ $DISTRO =~ (rhel6) ]]; then
         # If ``/usr/bin/node`` points into ``$DEST``
         # we installed it via ``install_nodejs``
         if [[ $(readlink -f /usr/bin/node) =~ ($DEST) ]]; then
diff --git a/lib/neutron b/lib/neutron
index 8517102a65..0134cbde2c 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -751,7 +751,7 @@ function stop_neutron {
 # cleanup_neutron() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_neutron {
-    if [[ is_provider_network && is_ironic_hardware ]]; then
+    if is_provider_network && is_ironic_hardware; then
         for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
             sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
             sudo ip addr add $IP dev $PUBLIC_INTERFACE

From 0f52d93d6ddc0716f78fa2cd18ec16422fd367f6 Mon Sep 17 00:00:00 2001
From: Zhi Yan Liu 
Date: Tue, 30 Dec 2014 14:37:02 +0800
Subject: [PATCH 0265/3421] Setup notification properly for Zaqar

As we integrated OSprofiler with Zaqar by change
I32565de6c447cd5e95a0ef54a9fbd4e571c2d820 , then service
zaqar-server requires using notification API sends profiling
data to ceilometer, so zaqar needs relevant options to make
it work.

Change-Id: Ib09b241f60dd9961e9366f69cf7fbe8388179f96
Signed-off-by: Zhi Yan Liu 
---
 lib/zaqar | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/zaqar b/lib/zaqar
index 0d1f6f4aaf..dfa3452f0d 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -135,6 +135,12 @@ function configure_zaqar {
         configure_redis
     fi
 
+    if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
+        iniset $ZAQAR_CONF DEFAULT notification_driver messaging
+        iniset $ZAQAR_CONF DEFAULT control_exchange zaqar
+    fi
+    iniset_rpc_backend zaqar $ZAQAR_CONF DEFAULT
+
     cleanup_zaqar
 }
 

From a38bc5b3c2b97230896948073401153b0c3d157f Mon Sep 17 00:00:00 2001
From: Sergey Kraynev 
Date: Tue, 16 Dec 2014 04:25:11 -0500
Subject: [PATCH 0266/3421] Adding installation Heat package after cloning

There are two important reasons for this change:
 - Other OpenStack components contain this code already.
 - Heat store references on client/constraint/version plugins in
   setup.cfg and and stevedore uses these references, so we should
   install Heat after changing this part of code. As example look patch
   https://review.openstack.org/#/c/86978/ for grenade job, where
   heat-engine can not find two constrainsts due to changing their code
   place between releases.

Change-Id: Ic6b1f70ec2d2c06002eb6877a747b7b84213c710
Closes-Bug: #1402985
---
 lib/heat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/heat b/lib/heat
index 49ed5331aa..4e72caeb54 100644
--- a/lib/heat
+++ b/lib/heat
@@ -73,7 +73,6 @@ function cleanup_heat {
 
 # configure_heat() - Set config files, create data dirs, etc
 function configure_heat {
-    setup_develop $HEAT_DIR
     if [[ "$HEAT_STANDALONE" = "True" ]]; then
         setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2
     fi
@@ -195,6 +194,7 @@ function install_heatclient {
 # install_heat() - Collect source and prepare
 function install_heat {
     git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH
+    setup_develop $HEAT_DIR
 }
 
 # install_heat_other() - Collect source and prepare

From 3a6b128f3af8068362bdd78a0d264aa54672328e Mon Sep 17 00:00:00 2001
From: Steven Dake 
Date: Wed, 31 Dec 2014 14:27:22 -0700
Subject: [PATCH 0267/3421] Improve firewall recommendations for Neutron
 documentation

The documention does not mention that either ufw or firewalld should be
disabled to operate a devstack+Neutron environment.  This change adds a
description of fault symptoms as well as a simple workaround.

Change-Id: Ie0ec614dfa56febbf6588836d2e1fc057aa8830f
---
 doc/source/guides/neutron.rst | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index dc2fc71617..90d4ca3c77 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -59,6 +59,40 @@ connectivity.
 
 
 
+Disabling Next Generation Firewall Tools
+========================================
+
+Devstack does not properly operate with modern firewall tools.  Specifically
+it will appear as if the guest VM can access the external network via ICMP,
+but UDP and TCP packets will not be delivered to the guest VM.  The root cause
+of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
+firewall manager) apply firewall rules to all interfaces in the system, rather
+then per-device.  One solution to this problem is to revert to iptables
+functionality.
+
+To get a functional firewall configuration for Fedora do the following:
+
+::
+
+         sudo service iptables save
+         sudo systemctl disable firewalld
+         sudo systemctl enable iptables
+         sudo systemctl stop firewalld
+         sudo systemctl start iptables
+
+
+To get a functional firewall configuration for distributions containing ufw,
+disable ufw.  Note ufw is generally not enabled by default in Ubuntu.  To
+disable ufw if it was enabled, do the following:
+
+::
+
+        sudo service iptables save
+        sudo ufw disable
+
+
+
+
 Neutron Networking with Open vSwitch
 ====================================
 

From 2de47465bdc33e7cc7bd6626a91374eccbf014f1 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Tue, 23 Dec 2014 11:08:15 +1000
Subject: [PATCH 0268/3421] Trove configure authtoken via conf file

Configure auth_token middleware in trove via the conf file rather than
the paste pipeline. This is the standard and expected mechanism.

Change-Id: Iec6bf74c9321082c35465d332aba7f5fa240cc1a
---
 lib/trove | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/trove b/lib/trove
index d889b056e8..abf4e87f9d 100644
--- a/lib/trove
+++ b/lib/trove
@@ -123,11 +123,8 @@ function configure_trove {
     sudo chown -R $STACK_USER: ${TROVE_CONF_DIR}
     sudo chown -R $STACK_USER: ${TROVE_AUTH_CACHE_DIR}
 
-    # Copy api-paste file over to the trove conf dir and configure it
+    # Copy api-paste file over to the trove conf dir
     cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
-    TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
-
-    configure_auth_token_middleware $TROVE_API_PASTE_INI trove $TROVE_AUTH_CACHE_DIR filter:authtoken
 
     # (Re)create trove conf files
     rm -f $TROVE_CONF_DIR/trove.conf
@@ -141,6 +138,7 @@ function configure_trove {
     setup_trove_logging $TROVE_CONF_DIR/trove.conf
     iniset $TROVE_CONF_DIR/trove.conf DEFAULT trove_api_workers "$API_WORKERS"
 
+    configure_auth_token_middleware $TROVE_CONF_DIR/trove.conf trove $TROVE_AUTH_CACHE_DIR
 
     # (Re)create trove taskmanager conf file if needed
     if is_service_enabled tr-tmgr; then

From cc5715531b46f558faffefe4fe6e77d48af2368b Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Thu, 25 Sep 2014 20:00:29 +0900
Subject: [PATCH 0269/3421] Fix configure to metadata_agent.ini

Devstack set auth_uri to metadata_agent.ini in _neutron_setup_keystone function.
But Metadata_agent use auth_url not auth_uri.

This is regression caused by https://review.openstack.org/#/c/122882/

Change-Id: Iac8f240558abcdc5bcee3d3c87cef5ad3bb007e8
Closes-bug: #1373859
---
 lib/neutron | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 lib/neutron

diff --git a/lib/neutron b/lib/neutron
old mode 100644
new mode 100755
index 0134cbde2c..6c9d7b9a9e
--- a/lib/neutron
+++ b/lib/neutron
@@ -921,7 +921,9 @@ function _configure_neutron_metadata_agent {
     iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
     iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
 
-    _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT
+    # Configures keystone for metadata_agent
+    # The third argument "True" sets auth_url needed to communicate with keystone
+    _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True
 
 }
 
@@ -1066,6 +1068,13 @@ function _neutron_setup_rootwrap {
 function _neutron_setup_keystone {
     local conf_file=$1
     local section=$2
+    local use_auth_url=$3
+
+    # Configures keystone for metadata_agent
+    # metadata_agent needs auth_url to communicate with keystone
+    if [[ "$use_auth_url" == "True" ]]; then
+        iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
+    fi
 
     create_neutron_cache_dir
     configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section

From 7faceb67ad73a21a6c2ee626fc7acfb02bd6cb8a Mon Sep 17 00:00:00 2001
From: Donagh McCabe 
Date: Fri, 19 Dec 2014 13:20:45 +0000
Subject: [PATCH 0270/3421] Allow swift keystoneauth reseller_prefix in sample
 file

The reseller_prefix option cannot be added to the
swift-proxy-server.conf-sample file because it
inadvertently gets set to "TEMPAUTH" and Tempest
tests fail.

Change-Id: Ib08d6fa1926531b8966151258eae6771c99c41ca
Closes-Bug: 1404226
---
 lib/swift | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/swift b/lib/swift
index e9043b32a1..3c1f2ec5f9 100644
--- a/lib/swift
+++ b/lib/swift
@@ -401,11 +401,10 @@ function configure_swift {
     sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
     sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
 
-    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
+
     iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
 
-    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
+
 
     # Configure Crossdomain
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
@@ -422,6 +421,13 @@ function configure_swift {
     iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
 
+    # Configure Tempauth. In the sample config file, Keystoneauth is commented
+    # out. Make sure we uncomment Tempauth after we uncomment Keystoneauth
+    # otherwise, this code also sets the reseller_prefix for Keystoneauth.
+    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
+    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth reseller_prefix "TEMPAUTH"
+
     if is_service_enabled swift3; then
         cat <>${SWIFT_CONFIG_PROXY_SERVER}
 # NOTE(chmou): s3token middleware is not updated yet to use only

From 157c84b8766ae67f6868f26505ce9a5d7291730b Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka 
Date: Mon, 6 Oct 2014 13:29:39 +0200
Subject: [PATCH 0271/3421] Enforce UTF-8 encoding when creating databases

We use InnoDB everywhere, so there should be no issues with long unicode
keys. Dropped charset parameter for recreate_database since it's not
needed anymore.

Change-Id: Ib768402a9337c918309030a92ab81da17269f4f6
---
 extras.d/70-tuskar.sh    | 2 +-
 lib/ceilometer           | 2 +-
 lib/cinder               | 2 +-
 lib/database             | 4 +---
 lib/databases/mysql      | 3 +--
 lib/databases/postgresql | 3 +--
 lib/glance               | 2 +-
 lib/heat                 | 2 +-
 lib/ironic               | 2 +-
 lib/keystone             | 2 +-
 lib/neutron              | 2 +-
 lib/nova                 | 7 ++-----
 lib/sahara               | 2 +-
 lib/trove                | 2 +-
 14 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/extras.d/70-tuskar.sh b/extras.d/70-tuskar.sh
index e77c504db0..56f26fff33 100644
--- a/extras.d/70-tuskar.sh
+++ b/extras.d/70-tuskar.sh
@@ -131,7 +131,7 @@ function configure_tuskar {
 function init_tuskar {
 
     # (re)create tuskar database
-    recreate_database tuskar utf8
+    recreate_database tuskar
 
     tuskar-dbsync --config-file $TUSKAR_CONF
     create_tuskar_cache_dir
diff --git a/lib/ceilometer b/lib/ceilometer
index f6280d9d3b..04f68acada 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -262,7 +262,7 @@ function init_ceilometer {
 
     if is_service_enabled mysql postgresql; then
         if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
-            recreate_database ceilometer utf8
+            recreate_database ceilometer
             $CEILOMETER_BIN_DIR/ceilometer-dbsync
         fi
     fi
diff --git a/lib/cinder b/lib/cinder
index c106424378..4b98bd9640 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -376,7 +376,7 @@ function init_cinder {
 
     if is_service_enabled $DATABASE_BACKENDS; then
         # (Re)create cinder database
-        recreate_database cinder utf8
+        recreate_database cinder
 
         # Migrate cinder database
         $CINDER_BIN_DIR/cinder-manage db sync
diff --git a/lib/database b/lib/database
index 366d2b3d2c..a25c21a6d3 100644
--- a/lib/database
+++ b/lib/database
@@ -98,11 +98,9 @@ function initialize_database_backends {
 
 # Recreate a given database
 #  $1 The name of the database
-#  $2 The character set/encoding of the database
 function recreate_database {
     local db=$1
-    local charset=$2
-    recreate_database_$DATABASE_TYPE $db $charset
+    recreate_database_$DATABASE_TYPE $db
 }
 
 # Install the database
diff --git a/lib/databases/mysql b/lib/databases/mysql
index d39d9667fc..673d867d8f 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -43,9 +43,8 @@ function cleanup_database_mysql {
 
 function recreate_database_mysql {
     local db=$1
-    local charset=$2
     mysql -u$DATABASE_USER -p$DATABASE_PASSWORD -h$MYSQL_HOST -e "DROP DATABASE IF EXISTS $db;"
-    mysql -u$DATABASE_USER -p$DATABASE_PASSWORD -h$MYSQL_HOST -e "CREATE DATABASE $db CHARACTER SET $charset;"
+    mysql -u$DATABASE_USER -p$DATABASE_PASSWORD -h$MYSQL_HOST -e "CREATE DATABASE $db CHARACTER SET utf8;"
 }
 
 function configure_database_mysql {
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index 76491c479d..ad8cdc77a2 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -37,10 +37,9 @@ function cleanup_database_postgresql {
 
 function recreate_database_postgresql {
     local db=$1
-    local charset=$2
     # Avoid unsightly error when calling dropdb when the database doesn't exist
     psql -h$DATABASE_HOST -U$DATABASE_USER -dtemplate1 -c "DROP DATABASE IF EXISTS $db"
-    createdb -h $DATABASE_HOST -U$DATABASE_USER -l C -T template0 -E $charset $db
+    createdb -h $DATABASE_HOST -U$DATABASE_USER -l C -T template0 -E utf8 $db
 }
 
 function configure_database_postgresql {
diff --git a/lib/glance b/lib/glance
index 8cda6be00a..87687613cd 100644
--- a/lib/glance
+++ b/lib/glance
@@ -279,7 +279,7 @@ function init_glance {
     mkdir -p $GLANCE_CACHE_DIR
 
     # (Re)create glance database
-    recreate_database glance utf8
+    recreate_database glance
 
     # Migrate glance database
     $GLANCE_BIN_DIR/glance-manage db_sync
diff --git a/lib/heat b/lib/heat
index 49ed5331aa..3c20b2ffe9 100644
--- a/lib/heat
+++ b/lib/heat
@@ -170,7 +170,7 @@ function configure_heat {
 function init_heat {
 
     # (re)create heat database
-    recreate_database heat utf8
+    recreate_database heat
 
     $HEAT_DIR/bin/heat-manage db_sync
     create_heat_cache_dir
diff --git a/lib/ironic b/lib/ironic
index 3f7ae2111c..acbffafdfb 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -380,7 +380,7 @@ function create_ironic_accounts {
 # init_ironic() - Initialize databases, etc.
 function init_ironic {
     # (Re)create  ironic database
-    recreate_database ironic utf8
+    recreate_database ironic
 
     # Migrate ironic database
     $IRONIC_BIN_DIR/ironic-dbsync --config-file=$IRONIC_CONF_FILE
diff --git a/lib/keystone b/lib/keystone
index 071dc908ae..fa6f346c30 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -448,7 +448,7 @@ function init_keystone {
     fi
 
     # (Re)create keystone database
-    recreate_database keystone utf8
+    recreate_database keystone
 
     # Initialize keystone database
     $KEYSTONE_DIR/bin/keystone-manage db_sync
diff --git a/lib/neutron b/lib/neutron
index 6c9d7b9a9e..08bd43b6c0 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -592,7 +592,7 @@ function create_neutron_initial_network {
 
 # init_neutron() - Initialize databases, etc.
 function init_neutron {
-    recreate_database $Q_DB_NAME utf8
+    recreate_database $Q_DB_NAME
     # Run Neutron db migrations
     $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
 }
diff --git a/lib/nova b/lib/nova
index cbfbdfa69f..f8d36ce640 100644
--- a/lib/nova
+++ b/lib/nova
@@ -623,16 +623,13 @@ function init_nova {
     # Only do this step once on the API node for an entire cluster.
     if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
         # (Re)create nova database
-        # Explicitly use latin1: to avoid lp#829209, nova expects the database to
-        # use latin1 by default, and then upgrades the database to utf8 (see the
-        # 082_essex.py in nova)
-        recreate_database nova latin1
+        recreate_database nova
 
         # Migrate nova database
         $NOVA_BIN_DIR/nova-manage db sync
 
         if is_service_enabled n-cell; then
-            recreate_database $NOVA_CELLS_DB latin1
+            recreate_database $NOVA_CELLS_DB
         fi
     fi
 
diff --git a/lib/sahara b/lib/sahara
index c902d385d1..8573ee83c8 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -143,7 +143,7 @@ function configure_sahara {
         setup_colorized_logging $SAHARA_CONF_FILE DEFAULT
     fi
 
-    recreate_database sahara utf8
+    recreate_database sahara
     $SAHARA_BIN_DIR/sahara-db-manage --config-file $SAHARA_CONF_FILE upgrade head
 }
 
diff --git a/lib/trove b/lib/trove
index d889b056e8..e0a3831bc0 100644
--- a/lib/trove
+++ b/lib/trove
@@ -201,7 +201,7 @@ function install_trove {
 # init_trove() - Initializes Trove Database as a Service
 function init_trove {
     # (Re)Create trove db
-    recreate_database trove utf8
+    recreate_database trove
 
     # Initialize the trove database
     $TROVE_BIN_DIR/trove-manage db_sync

From f9512d6459599e947cd393cfd711798e95f513aa Mon Sep 17 00:00:00 2001
From: Doug Wiegley 
Date: Mon, 15 Dec 2014 10:23:20 -0800
Subject: [PATCH 0272/3421] Initialize neutron service db with neutron

Partially-Implements: blueprint services-split
Change-Id: I407a4bb3c60ab6a491669b4ddd16aee1239808f1
---
 lib/neutron | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index 6c9d7b9a9e..5678769255 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -595,6 +595,16 @@ function init_neutron {
     recreate_database $Q_DB_NAME utf8
     # Run Neutron db migrations
     $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+    for svc in fwaas lbaas vpnaas; do
+        if [ "$svc" = "vpnaas" ]; then
+            q_svc="q-vpn"
+        else
+            q_svc="q-$svc"
+        fi
+        if is_service_enabled $q_svc; then
+            $NEUTRON_BIN_DIR/neutron-db-manage --service $svc --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+        fi
+    done
 }
 
 # install_neutron() - Collect source and prepare

From cecbd1ff6fa56052018422e4892b9f58239d12b3 Mon Sep 17 00:00:00 2001
From: Yalei Wang 
Date: Mon, 5 Jan 2015 17:05:47 +0800
Subject: [PATCH 0273/3421] delete cinder configuration file before config it

Some misleading configuration item will remain if we don't delete the cinder
conf everytime before we configure it.

Change-Id: Iab6a5d7bc5fdcb05b28d24b0419c0bf380a140c1
Closes-bug: #1405301
---
 lib/cinder | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index c106424378..3e8ed53f81 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -205,6 +205,8 @@ function configure_cinder {
 
     cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
 
+    rm -f $CINDER_CONF
+
     configure_cinder_rootwrap
 
     cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI

From 7b47c47308a601839008413d20acacf2c52e3f45 Mon Sep 17 00:00:00 2001
From: Nels Nelson 
Date: Mon, 5 Jan 2015 16:36:42 -0600
Subject: [PATCH 0274/3421] Customizing tempest configuration for libvirt-lxc

In order to support the continued testing of the libvirt driver
with lxc virtualization, certain compute features must be disabled
including rescue, resize, and suspend.

Change-Id: I52150fef11ba6e3ab2fd0acacaa3c64413c0c0d1
---
 lib/tempest | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 7cac6dd642..d31119bdf6 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -464,6 +464,13 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG compute-feature-enabled suspend False
     fi
 
+    # Libvirt-LXC
+    if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
+        iniset $TEMPEST_CONFIG compute-feature-enabled rescue False
+        iniset $TEMPEST_CONFIG compute-feature-enabled resize False
+        iniset $TEMPEST_CONFIG compute-feature-enabled suspend False
+    fi
+
     # service_available
     for service in ${TEMPEST_SERVICES//,/ }; do
         if is_service_enabled $service ; then

From 7c9df1017cb249afd329e915aab8a04b04940bc2 Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Fri, 2 Jan 2015 18:39:29 +0100
Subject: [PATCH 0275/3421] Remove Fedora 19 as supported distribution

Fedora 19 will reach its end of life on 6-JAN-2015

  https://lists.fedoraproject.org/pipermail/announce/2014-December/003243.html

Remove it as a supported distribution and add Fedora 21

  - stack.sh: Remove Fedora 19 from list of 'supported' distributions.
  - tools/fixup_stuff.sh: Remove Fedora 19. Also remove the workaround
    of disabling firewalld for Fedora 21.

Change-Id: If92b87d2f9a2bb95469730cda201a7981670f727
---
 stack.sh             | 2 +-
 tools/fixup_stuff.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/stack.sh b/stack.sh
index 605d3cc889..61d9cd74cd 100755
--- a/stack.sh
+++ b/stack.sh
@@ -143,7 +143,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f19|f20|f21|rhel6|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f20|f21|rhel6|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 26aae82535..c7f1efa441 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -111,8 +111,8 @@ if is_fedora; then
     fi
 
     FORCE_FIREWALLD=$(trueorfalse False $FORCE_FIREWALLD)
-    if [[ ${DISTRO} =~ (f19|f20) && $FORCE_FIREWALLD == "False" ]]; then
-        # On Fedora 19 and 20 firewalld interacts badly with libvirt and
+    if [[ ${DISTRO} =~ (f20) && $FORCE_FIREWALLD == "False" ]]; then
+        # On Fedora 20 firewalld interacts badly with libvirt and
         # slows things down significantly.  However, for those cases
         # where that combination is desired, allow this fix to be skipped.
 

From 2c65e71ab85a6271818048f79541e9b269566df5 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 18 Dec 2014 09:44:56 -0500
Subject: [PATCH 0276/3421] Implement devstack external plugins

This is an initial pass at plugin infrastructure for devstack which
allows specifying an external repository via:

enable_plugin   [branch]

It implements the devstack specification for this at
I173dee3d57967b1d2ffd30e4868a2832aeac97ce

Change-Id: I8e4175313b3cf0b12e981122358b1288a7eb0746
---
 doc/source/plugins.rst | 39 ++++++++++++++++++
 functions-common       | 92 +++++++++++++++++++++++++++++++++++++++++-
 stack.sh               | 34 ++++------------
 unstack.sh             |  8 ++--
 4 files changed, 141 insertions(+), 32 deletions(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 485cd0f04e..d1f73771a3 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -92,6 +92,45 @@ The arguments are:
 -  **clean** - Called by ``clean.sh`` before other services are cleaned,
    but after ``unstack.sh`` has been called.
 
+
+Externally Hosted Plugins
+=========================
+
+Based on the extras.d hooks, DevStack supports a standard mechansim
+for including plugins from external repositories. The plugin interface
+assumes the following:
+
+An external git repository that includes a ``devstack/`` top level
+directory. Inside this directory there can be 2 files.
+
+- ``settings`` - a file containing global variables that will be
+  sourced very early in the process. This is helpful if other plugins
+  might depend on this one, and need access to global variables to do
+  their work.
+- ``plugin.sh`` - the actual plugin. It will be executed by devstack
+  during it's run. The run order will be done in the registration
+  order for these plugins, and will occur immediately after all in
+  tree extras.d dispatch at the phase in question.  The plugin.sh
+  looks like the extras.d dispatcher above **except** it should not
+  include the is_service_enabled conditional. All external plugins are
+  always assumed to be enabled.
+
+Plugins are registered by adding the following to the localrc section
+of ``local.conf``.
+
+They are added in the following format::
+
+  enable_plugin   [GITREF]
+
+- ``name`` - an arbitrary name. (ex: glustfs, docker, zaqar, congress)
+- ``giturl`` - a valid git url that can be cloned
+- ``gitref`` - an optional git ref (branch / ref / tag) that will be
+  cloned. Defaults to master.
+
+An example would be as follows::
+
+  enable_plugin glusterfs https://github.com/sdague/devstack-plugins glusterfs
+
 Hypervisor
 ==========
 
diff --git a/functions-common b/functions-common
index 94ab34763e..1a0b5d6d1c 100644
--- a/functions-common
+++ b/functions-common
@@ -44,7 +44,6 @@ declare -A GITREPO
 declare -A GITBRANCH
 declare -A GITDIR
 
-
 # Config Functions
 # ================
 
@@ -1722,6 +1721,97 @@ function setup_package {
     fi
 }
 
+# Plugin Functions
+# =================
+
+DEVSTACK_PLUGINS=${DEVSTACK_PLUGINS:-""}
+
+# enable_plugin   [branch]
+#
+# ``name`` is an arbitrary name - (aka: glusterfs, nova-docker, zaqar)
+# ``url`` is a git url
+# ``branch`` is a gitref. If it's not set, defaults to master
+function enable_plugin {
+    local name=$1
+    local url=$2
+    local branch=${3:-master}
+    DEVSTACK_PLUGINS+=",$name"
+    GITREPO[$name]=$url
+    GITDIR[$name]=$DEST/$name
+    GITBRANCH[$name]=$branch
+}
+
+# fetch_plugins
+#
+# clones all plugins
+function fetch_plugins {
+    local plugins="${DEVSTACK_PLUGINS}"
+    local plugin
+
+    # short circuit if nothing to do
+    if [[ -z $plugins ]]; then
+        return
+    fi
+
+    echo "Fetching devstack plugins"
+    for plugin in ${plugins//,/ }; do
+        git_clone_by_name $plugin
+    done
+}
+
+# load_plugin_settings
+#
+# Load settings from plugins in the order that they were registered
+function load_plugin_settings {
+    local plugins="${DEVSTACK_PLUGINS}"
+    local plugin
+
+    # short circuit if nothing to do
+    if [[ -z $plugins ]]; then
+        return
+    fi
+
+    echo "Loading plugin settings"
+    for plugin in ${plugins//,/ }; do
+        local dir=${GITDIR[$plugin]}
+        # source any known settings
+        if [[ -f $dir/devstack/settings ]]; then
+            source $dir/devstack/settings
+        fi
+    done
+}
+
+# run_plugins
+#
+# Run the devstack/plugin.sh in all the plugin directories. These are
+# run in registration order.
+function run_plugins {
+    local mode=$1
+    local phase=$2
+    for plugin in ${plugins//,/ }; do
+        local dir=${GITDIR[$plugin]}
+        if [[ -f $dir/devstack/plugin.sh ]]; then
+            source $dir/devstack/plugin.sh $mode $phase
+        fi
+    done
+}
+
+function run_phase {
+    local mode=$1
+    local phase=$2
+    if [[ -d $TOP_DIR/extras.d ]]; then
+        for i in $TOP_DIR/extras.d/*.sh; do
+            [[ -r $i ]] && source $i $mode $phase
+        done
+    fi
+    # the source phase corresponds to settings loading in plugins
+    if [[ "$mode" == "source" ]]; then
+        load_plugin_settings
+    else
+        run_plugins $mode $phase
+    fi
+}
+
 
 # Service Functions
 # =================
diff --git a/stack.sh b/stack.sh
index 605d3cc889..d4f2afc61b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -564,15 +564,14 @@ source $TOP_DIR/lib/neutron
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
 
+# Clone all external plugins
+fetch_plugins
+
 # Extras Source
 # --------------
 
 # Phase: source
-if [[ -d $TOP_DIR/extras.d ]]; then
-    for i in $TOP_DIR/extras.d/*.sh; do
-        [[ -r $i ]] && source $i source
-    done
-fi
+run_phase source
 
 # Interactive Configuration
 # -------------------------
@@ -714,12 +713,7 @@ source $TOP_DIR/tools/fixup_stuff.sh
 # ------------------
 
 # Phase: pre-install
-if [[ -d $TOP_DIR/extras.d ]]; then
-    for i in $TOP_DIR/extras.d/*.sh; do
-        [[ -r $i ]] && source $i stack pre-install
-    done
-fi
-
+run_phase stack pre-install
 
 install_rpc_backend
 
@@ -865,11 +859,7 @@ fi
 # --------------
 
 # Phase: install
-if [[ -d $TOP_DIR/extras.d ]]; then
-    for i in $TOP_DIR/extras.d/*.sh; do
-        [[ -r $i ]] && source $i stack install
-    done
-fi
+run_phase stack install
 
 if [[ $TRACK_DEPENDS = True ]]; then
     $DEST/.venv/bin/pip freeze > $DEST/requires-post-pip
@@ -1142,11 +1132,7 @@ fi
 # ====================
 
 # Phase: post-config
-if [[ -d $TOP_DIR/extras.d ]]; then
-    for i in $TOP_DIR/extras.d/*.sh; do
-        [[ -r $i ]] && source $i stack post-config
-    done
-fi
+run_phase stack post-config
 
 
 # Local Configuration
@@ -1328,11 +1314,7 @@ merge_config_group $TOP_DIR/local.conf extra
 # ==========
 
 # Phase: extra
-if [[ -d $TOP_DIR/extras.d ]]; then
-    for i in $TOP_DIR/extras.d/*.sh; do
-        [[ -r $i ]] && source $i stack extra
-    done
-fi
+run_phase stack extra
 
 # Local Configuration
 # ===================
diff --git a/unstack.sh b/unstack.sh
index 3403919042..ea45da9fc4 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -66,6 +66,8 @@ if [[ -d $TOP_DIR/extras.d ]]; then
     done
 fi
 
+load_plugin_settings
+
 # Determine what system we are running on.  This provides ``os_VENDOR``,
 # ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
 GetOSVersion
@@ -78,11 +80,7 @@ fi
 # ==========
 
 # Phase: unstack
-if [[ -d $TOP_DIR/extras.d ]]; then
-    for i in $TOP_DIR/extras.d/*.sh; do
-        [[ -r $i ]] && source $i unstack
-    done
-fi
+run_phase unstack
 
 if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
     source $TOP_DIR/openrc

From 826e4509363ff6415a257ce1ff9ea13af390d47d Mon Sep 17 00:00:00 2001
From: Angus Salkeld 
Date: Wed, 7 Jan 2015 17:52:05 +1000
Subject: [PATCH 0277/3421] Add support for enabling heat adopt and abandon

This is by default disabled, but we need to enable
it to test it in the gate.

Change-Id: I2339ebcaf4bd6308041675bcd35c0b70206e2e5e
---
 lib/heat | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/heat b/lib/heat
index 49ed5331aa..e3e5d0eb65 100644
--- a/lib/heat
+++ b/lib/heat
@@ -38,6 +38,7 @@ HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
 HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
 HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
 HEAT_STANDALONE=`trueorfalse False $HEAT_STANDALONE`
+HEAT_ENABLE_ADOPT_ABANDON=`trueorfalse False $HEAT_ENABLE_ADOPT_ABANDON`
 HEAT_CONF_DIR=/etc/heat
 HEAT_CONF=$HEAT_CONF_DIR/heat.conf
 HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
@@ -152,6 +153,11 @@ function configure_heat {
         iniset $HEAT_CONF clients_cinder ca_file $SSL_BUNDLE_FILE
     fi
 
+    if [[ "$HEAT_ENABLE_ADOPT_ABANDON" = "True" ]]; then
+        iniset $HEAT_CONF DEFAULT enable_stack_adopt true
+        iniset $HEAT_CONF DEFAULT enable_stack_abandon true
+    fi
+
     # heat environment
     sudo mkdir -p $HEAT_ENV_DIR
     sudo chown $STACK_USER $HEAT_ENV_DIR

From f303d7ed0b2061b49eb9390c7b8f2a18de7bc8dd Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Tue, 6 Jan 2015 12:18:03 -0800
Subject: [PATCH 0278/3421] Allow specification of ironic callback timeout

We need to be able to adjust Ironic's timeout for a node's deployment
callback.  The default is much longer than Tempest's server build
timeout, causing Ironic deployment issues to be masked by more generic
server timeouts in the tempest logs.  Being able to set this to be
lower than the nova timeout, we'll have Ironic errors that we can
fingerprint.

Change-Id: I7b8eeda504da7ffd64967bbcfa2625acf418f263
Related-bug: #1408067
---
 lib/ironic | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/ironic b/lib/ironic
index 3f7ae2111c..68641426e9 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -42,6 +42,9 @@ IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf
 IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf
 IRONIC_POLICY_JSON=$IRONIC_CONF_DIR/policy.json
 
+# Deploy callback timeout can be changed from its default (1800), if required.
+IRONIC_CALLBACK_TIMEOUT=${IRONIC_CALLBACK_TIMEOUT:-}
+
 # Deploy to hardware platform
 IRONIC_HW_NODE_CPU=${IRONIC_HW_NODE_CPU:-1}
 IRONIC_HW_NODE_RAM=${IRONIC_HW_NODE_RAM:-512}
@@ -300,6 +303,9 @@ function configure_ironic_conductor {
     iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
     iniset $IRONIC_CONF_FILE DEFAULT enabled_drivers $IRONIC_ENABLED_DRIVERS
     iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$HOST_IP:$IRONIC_SERVICE_PORT
+    if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then
+        iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT
+    fi
     iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
     iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
     iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images

From 441ff07b97b4d44a25479912ff2878be3fa6e9a9 Mon Sep 17 00:00:00 2001
From: Bharat Kumar Kobagana 
Date: Thu, 8 Jan 2015 12:26:26 +0530
Subject: [PATCH 0279/3421] Fixing the problem in loading plugins

This patch fixes the problem in loading the plugins in devstack
by defining the "plugins" variable in "run_plugins" function of
devstack/functions-common file.

Change-Id: I9fb0e24bf1fd282931a8489e0a8ec0c9ea078520
Closes-Bug: 1408571
---
 functions-common | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/functions-common b/functions-common
index 56106b3194..7a6c3a127c 100644
--- a/functions-common
+++ b/functions-common
@@ -1803,6 +1803,9 @@ function load_plugin_settings {
 function run_plugins {
     local mode=$1
     local phase=$2
+
+    local plugins="${DEVSTACK_PLUGINS}"
+    local plugin
     for plugin in ${plugins//,/ }; do
         local dir=${GITDIR[$plugin]}
         if [[ -f $dir/devstack/plugin.sh ]]; then

From d3ca1418c4f048be58080bd51c9497abe33d49b9 Mon Sep 17 00:00:00 2001
From: Li Ma 
Date: Sun, 21 Dec 2014 23:36:43 -0800
Subject: [PATCH 0280/3421] Fix matchmaker-redis dependencies for zeromq driver

Add an option 'ZEROMQ_MATCHMAKER' to indicate which
matchmaker driver to use.

When it indicates 'redis', the dependencies will be
installed.

Change-Id: I910b48347bad0685ea10083a3b0b243524f32095
Partially-Implements: blueprint zeromq
---
 lib/rpc_backend | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 172d024f90..778d466963 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -87,11 +87,20 @@ function cleanup_rpc_backend {
         fi
     elif is_service_enabled zeromq; then
         if is_fedora; then
-            uninstall_package zeromq python-zmq redis
+            uninstall_package zeromq python-zmq
+            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+                uninstall_package redis python-redis
+            fi
         elif is_ubuntu; then
-            uninstall_package libzmq1 python-zmq redis-server
+            uninstall_package libzmq1 python-zmq
+            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+                uninstall_package redis-server python-redis
+            fi
         elif is_suse; then
-            uninstall_package libzmq1 python-pyzmq redis
+            uninstall_package libzmq1 python-pyzmq
+            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+                uninstall_package redis python-redis
+            fi
         else
             exit_distro_not_supported "zeromq installation"
         fi
@@ -150,11 +159,20 @@ function install_rpc_backend {
         # but there is a matchmaker driver that works
         # really well & out of the box for multi-node.
         if is_fedora; then
-            install_package zeromq python-zmq redis
+            install_package zeromq python-zmq
+            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+                install_package redis python-redis
+            fi
         elif is_ubuntu; then
-            install_package libzmq1 python-zmq redis-server
+            install_package libzmq1 python-zmq
+            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+                install_package redis-server python-redis
+            fi
         elif is_suse; then
-            install_package libzmq1 python-pyzmq redis
+            install_package libzmq1 python-pyzmq
+            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+                install_package redis python-redis
+            fi
         else
             exit_distro_not_supported "zeromq installation"
         fi

From 26ac3d7ebbc739a2a5378716aebaa68c6ab9c84d Mon Sep 17 00:00:00 2001
From: Li Ma 
Date: Sun, 21 Dec 2014 23:41:07 -0800
Subject: [PATCH 0281/3421] Fix service start sequence

1. zmq-receiver should be started in advance
2. when using zeromq driver, nova-compute relies
on nova-conductor's rpc to be initialized

This fix is totally safe and won't influence
on other services.

Change-Id: I9d7b682df4d411af24a1ff6bcad79697e32fa723
Partially-Implements: blueprint zeromq
---
 lib/nova |  2 +-
 stack.sh | 13 ++++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/nova b/lib/nova
index cbfbdfa69f..5ac9ff1a2b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -769,8 +769,8 @@ function start_nova_rest {
 }
 
 function start_nova {
-    start_nova_compute
     start_nova_rest
+    start_nova_compute
 }
 
 function stop_nova_compute {
diff --git a/stack.sh b/stack.sh
index b064c22f8f..3fa32125ac 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1030,6 +1030,14 @@ if is_service_enabled key; then
 fi
 
 
+# ZeroMQ
+# ------
+if is_service_enabled zeromq; then
+    echo_summary "Starting zeromq receiver"
+    run_process zeromq "$OSLO_BIN_DIR/oslo-messaging-zmq-receiver"
+fi
+
+
 # Horizon
 # -------
 
@@ -1208,11 +1216,6 @@ if is_service_enabled nova; then
     iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32)
 fi
 
-if is_service_enabled zeromq; then
-    echo_summary "Starting zermomq receiver"
-    run_process zeromq "$OSLO_BIN_DIR/oslo-messaging-zmq-receiver"
-fi
-
 # Launch the nova-api and wait for it to answer before continuing
 if is_service_enabled n-api; then
     echo_summary "Starting Nova API"

From b968b0c36b09b8b5df860d5334e175ec75a838f6 Mon Sep 17 00:00:00 2001
From: Shuichiro MAKIGAKI 
Date: Sun, 4 Jan 2015 17:53:12 +0900
Subject: [PATCH 0282/3421] Fix comments to use 'local.conf' instead of
 'localrc'

Instead of 'localrc', 'local.conf' should be used.
Example codes to enable neutron also should follow local.conf syntax.

Change-Id: I4f4c03fdbf0f612e5b518177b29669fb202d9f7a
Closes-Bug: #1407391
---
 stackrc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/stackrc b/stackrc
index be27dceac1..355c0dca7c 100644
--- a/stackrc
+++ b/stackrc
@@ -33,7 +33,8 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 # For example, to enable Swift add this to ``local.conf``:
 #  enable_service s-proxy s-object s-container s-account
 # In order to enable Neutron (a single node setup) add the following
-# settings in `` localrc``:
+# settings in ``local.conf``:
+#  [[local|localrc]]
 #  disable_service n-net
 #  enable_service q-svc
 #  enable_service q-agt
@@ -529,8 +530,8 @@ CIRROS_VERSION=${CIRROS_VERSION:-"0.3.2"}
 CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"}
 
 # Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
-# which may be set in ``localrc``.  Also allow ``DEFAULT_IMAGE_NAME`` and
-# ``IMAGE_URLS`` to be set directly in ``localrc``.
+# which may be set in ``local.conf``.  Also allow ``DEFAULT_IMAGE_NAME`` and
+# ``IMAGE_URLS`` to be set in the `localrc` section of ``local.conf``.
 case "$VIRT_DRIVER" in
     openvz)
         DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ubuntu-12.04-x86_64}

From afc1423e70074762e5c8d74b7295b9e55f91a44c Mon Sep 17 00:00:00 2001
From: git-harry 
Date: Thu, 8 Jan 2015 17:37:40 +0000
Subject: [PATCH 0283/3421] Change default nova service name in cinder.conf

In cinder the config options nova_catalog_info and
nova_catalog_admin_info define values to be matched when searching for
the correct compute service in the catalog.

The commit 5ad15c040fdc115bca9efb1c952279988a2a48b3 in the cinder
project has changed these defaults.

This commit sets the options in cinder.conf to the values set by
devstack.

Change-Id: I2a0b09c34fac5f63a5cdbbe05761a0857f243465
Closes-Bug: #1408734
---
 lib/cinder | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index c106424378..9d27daa091 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -110,6 +110,12 @@ if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
     done
 fi
 
+# Change the default nova_catalog_info and nova_catalog_admin_info values in
+# cinder so that the service name cinder is searching for matches that set for
+# nova in keystone.
+CINDER_NOVA_CATALOG_INFO=${CINDER_NOVA_CATALOG_INFO:-compute:nova:publicURL}
+CINDER_NOVA_CATALOG_ADMIN_INFO=${CINDER_NOVA_CATALOG_ADMIN_INFO:-compute:nova:adminURL}
+
 
 # Functions
 # ---------
@@ -220,6 +226,9 @@ function configure_cinder {
 
     configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
 
+    iniset $CINDER_CONF DEFAULT nova_catalog_info $CINDER_NOVA_CATALOG_INFO
+    iniset $CINDER_CONF DEFAULT nova_catalog_admin_info $CINDER_NOVA_CATALOG_ADMIN_INFO
+
     iniset $CINDER_CONF DEFAULT auth_strategy keystone
     iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $CINDER_CONF DEFAULT verbose True

From 13519e8a5b8bb9141ecff09f5273d5c2896a8082 Mon Sep 17 00:00:00 2001
From: Maru Newby 
Date: Fri, 9 Jan 2015 13:06:56 +0000
Subject: [PATCH 0284/3421] Fix get_packages when $DISTRO is not set

Sourcing the tools/install-prereqs.sh script with TOP_DIR set results
in GetDistro being called in get_packages and echoing the result.
Since all output from get_packages is assumed to be package names,
this results in the attempted installation of the non-existant 'Found'
'Distro' and '[distro name]' packages.  This change removes the echo
statement to avoid this problem.

Change-Id: Idd05c31b9eec9e6209666fa16fa425cdf1f35aa2
---
 functions-common | 1 -
 1 file changed, 1 deletion(-)

diff --git a/functions-common b/functions-common
index 7a6c3a127c..3b4309a15d 100644
--- a/functions-common
+++ b/functions-common
@@ -1011,7 +1011,6 @@ function get_packages {
     fi
     if [[ -z "$DISTRO" ]]; then
         GetDistro
-        echo "Found Distro $DISTRO"
     fi
     for service in ${services//,/ }; do
         # Allow individual services to specify dependencies

From 5ecf46b581b70d2ef9139ad168c80f532e901abb Mon Sep 17 00:00:00 2001
From: Maru Newby 
Date: Fri, 9 Jan 2015 13:35:18 +0000
Subject: [PATCH 0285/3421] Add 'acl' package to neutron deps

The acl package has been added as a test-only dependency of neutron.
It is used by the functional job in configuring postgres.

Change-Id: Ie28da793237b51cced3bd0a9b35273d9c50472e8
---
 files/debs/neutron      | 1 +
 files/rpms-suse/neutron | 1 +
 files/rpms/neutron      | 1 +
 3 files changed, 3 insertions(+)

diff --git a/files/debs/neutron b/files/debs/neutron
index fd99677412..5a59b22b9d 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -1,3 +1,4 @@
+acl     # testonly
 ebtables
 iptables
 iputils-ping
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index 8431bd1bd0..50ee145928 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -1,3 +1,4 @@
+acl     # testonly
 dnsmasq
 dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
 ebtables
diff --git a/files/rpms/neutron b/files/rpms/neutron
index f2473fb20d..5450408a35 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -1,4 +1,5 @@
 MySQL-python
+acl     # testonly
 dnsmasq # for q-dhcp
 dnsmasq-utils # for dhcp_release
 ebtables

From b31304829f4ec3830c30fcf25c55f100ebfe7227 Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Tue, 16 Dec 2014 14:36:59 -0800
Subject: [PATCH 0286/3421] Register heat image in sahara image registry for
 fake plugin

Fake plugin can work with heat image. Even more, sahara uses heat
to provision instances. So, registering image in sahara image
registry.

Change-Id: Ie498fc05d0afe7f276b6f29f20a61abb58a5c676
Closes-Bug: #1402856
---
 extras.d/70-sahara.sh |  1 +
 lib/sahara            | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/extras.d/70-sahara.sh b/extras.d/70-sahara.sh
index 2a349991ef..f177766d3b 100644
--- a/extras.d/70-sahara.sh
+++ b/extras.d/70-sahara.sh
@@ -15,6 +15,7 @@ if is_service_enabled sahara; then
         create_sahara_accounts
     elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
         echo_summary "Initializing sahara"
+        sahara_register_images
         start_sahara
     fi
 
diff --git a/lib/sahara b/lib/sahara
index c902d385d1..03b902e5b6 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -11,6 +11,7 @@
 # install_sahara
 # install_python_saharaclient
 # configure_sahara
+# sahara_register_images
 # start_sahara
 # stop_sahara
 # cleanup_sahara
@@ -161,6 +162,17 @@ function install_python_saharaclient {
     fi
 }
 
+# sahara_register_images() - Registers images in sahara image registry
+function sahara_register_images {
+    if is_service_enabled heat && [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
+        # Register heat image for Fake plugin
+        local fake_plugin_properties="--property _sahara_tag_0.1=True"
+        fake_plugin_properties+=" --property _sahara_tag_fake=True"
+        fake_plugin_properties+=" --property _sahara_username=fedora"
+        openstack --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image set $(basename "$HEAT_CFN_IMAGE_URL" ".qcow2") $fake_plugin_properties
+    fi
+}
+
 # start_sahara() - Start running processes, including screen
 function start_sahara {
     run_process sahara "$SAHARA_BIN_DIR/sahara-all --config-file $SAHARA_CONF_FILE"

From 78b7726dddb2e317370cfc4699a93c759cabed9a Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 19 Dec 2014 12:56:01 +1000
Subject: [PATCH 0287/3421] Configure auth_token middleware by auth plugin

As of release 1.3 auth_token middleware can be configured to use any
authentication plugin. This allows us to move to the more generic
password mechanism which will default to using keystone v3 if available.

This will allow in future revisions to move the devstack service users
out of the default domain.

Work will need to be done in heat to remove it's dependency on the
(supposed to be private) keystone_authtoken CONF values.

Change-Id: Ieac26806bd420aa08fc79bbc6a11eb6a1c15c7df
---
 lib/heat     | 13 ++++++++++++-
 lib/keystone | 26 +++++++++-----------------
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/lib/heat b/lib/heat
index 4e72caeb54..019f668ae4 100644
--- a/lib/heat
+++ b/lib/heat
@@ -114,7 +114,18 @@ function configure_heat {
         setup_colorized_logging $HEAT_CONF DEFAULT tenant user
     fi
 
-    configure_auth_token_middleware $HEAT_CONF heat $HEAT_AUTH_CACHE_DIR
+    # NOTE(jamielennox): heat re-uses specific values from the
+    # keystone_authtoken middleware group and so currently fails when using the
+    # auth plugin setup. This should be fixed in heat.  Heat is also the only
+    # service that requires the auth_uri to include a /v2.0. Remove this custom
+    # setup when bug #1300246 is resolved.
+    iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+    iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
+    iniset $HEAT_CONF keystone_authtoken admin_user heat
+    iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+    iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
+    iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
 
     if is_ssl_enabled_service "key"; then
         iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
diff --git a/lib/keystone b/lib/keystone
index 1599fa5738..9c15688062 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -407,15 +407,6 @@ function create_keystone_accounts {
     fi
 }
 
-# Configure the API version for the OpenStack projects.
-# configure_API_version conf_file version [section]
-function configure_API_version {
-    local conf_file=$1
-    local api_version=$2
-    local section=${3:-keystone_authtoken}
-    iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version
-}
-
 # Configure the service to use the auth token middleware.
 #
 # configure_auth_token_middleware conf_file admin_user signing_dir [section]
@@ -429,15 +420,16 @@ function configure_auth_token_middleware {
     local signing_dir=$3
     local section=${4:-keystone_authtoken}
 
-    iniset $conf_file $section auth_host $KEYSTONE_AUTH_HOST
-    iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
-    iniset $conf_file $section auth_protocol $KEYSTONE_AUTH_PROTOCOL
-    iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
+    iniset $conf_file $section auth_plugin password
+    iniset $conf_file $section auth_url $KEYSTONE_AUTH_URI
+    iniset $conf_file $section username $admin_user
+    iniset $conf_file $section password $SERVICE_PASSWORD
+    iniset $conf_file $section user_domain_id default
+    iniset $conf_file $section project_name $SERVICE_TENANT_NAME
+    iniset $conf_file $section project_domain_id default
+
+    iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
     iniset $conf_file $section cafile $SSL_BUNDLE_FILE
-    configure_API_version $conf_file $IDENTITY_API_VERSION $section
-    iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
-    iniset $conf_file $section admin_user $admin_user
-    iniset $conf_file $section admin_password $SERVICE_PASSWORD
     iniset $conf_file $section signing_dir $signing_dir
 }
 

From 5893cc7c5f14ecf645a010b930577eaaa01a3eb8 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka 
Date: Mon, 22 Dec 2014 11:49:42 +0100
Subject: [PATCH 0288/3421] neutron: use config files from neutron-*aas repos

Now that we split the neutron repository and have service configuration
files maintained in their own repos, start using them.

The old files are going to be cleaned up from the Neutron tree.

Change-Id: Iaeff0b9de88e9bcca87da1092cc888c4cc1bedfd
---
 lib/neutron                               | 20 +++++++++++++-------
 lib/neutron_plugins/services/firewall     |  2 +-
 lib/neutron_plugins/services/loadbalancer |  3 ++-
 lib/neutron_plugins/services/vpn          |  1 +
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 6c9d7b9a9e..111a13b445 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -898,7 +898,7 @@ function _configure_neutron_l3_agent {
     Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE
 
     if is_service_enabled q-vpn; then
-        cp $NEUTRON_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE
+        cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE
     fi
 
     cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
@@ -1024,22 +1024,28 @@ function _neutron_service_plugin_class_add {
     fi
 }
 
+# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
+function _neutron_deploy_rootwrap_filters {
+    local srcdir=$1
+    mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
+    sudo cp -pr $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
+    sudo chown -R root:root $Q_CONF_ROOTWRAP_D
+    sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
+}
+
 # _neutron_setup_rootwrap() - configure Neutron's rootwrap
 function _neutron_setup_rootwrap {
     if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
         return
     fi
-    # Deploy new rootwrap filters files (owned by root).
     # Wipe any existing ``rootwrap.d`` files first
     Q_CONF_ROOTWRAP_D=$NEUTRON_CONF_DIR/rootwrap.d
     if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
         sudo rm -rf $Q_CONF_ROOTWRAP_D
     fi
-    # Deploy filters to ``$NEUTRON_CONF_DIR/rootwrap.d``
-    mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
-    cp -pr $NEUTRON_DIR/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
-    sudo chown -R root:root $Q_CONF_ROOTWRAP_D
-    sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
+
+    _neutron_deploy_rootwrap_filters $NEUTRON_DIR
+
     # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d``
     # location moved in newer versions, prefer new location
     if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index a1c13ed153..61a148e596 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -13,7 +13,7 @@ function neutron_fwaas_configure_common {
 
 function neutron_fwaas_configure_driver {
     FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini
-    cp $NEUTRON_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
+    cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
 
     iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
     iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
index bd9dc8731b..f465cc94b4 100644
--- a/lib/neutron_plugins/services/loadbalancer
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -17,6 +17,7 @@ function neutron_agent_lbaas_install_agent_packages {
 
 function neutron_agent_lbaas_configure_common {
     _neutron_service_plugin_class_add $LBAAS_PLUGIN
+    _neutron_deploy_rootwrap_filters $NEUTRON_LBAAS_DIR
 }
 
 function neutron_agent_lbaas_configure_agent {
@@ -25,7 +26,7 @@ function neutron_agent_lbaas_configure_agent {
 
     LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini"
 
-    cp $NEUTRON_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME
+    cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME
 
     # ovs_use_veth needs to be set before the plugin configuration
     # occurs to allow plugins to override the setting.
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index 07f1f35d9a..7e80b5b5f8 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -16,6 +16,7 @@ function neutron_vpn_install_agent_packages {
 
 function neutron_vpn_configure_common {
     _neutron_service_plugin_class_add $VPN_PLUGIN
+    _neutron_deploy_rootwrap_filters $NEUTRON_VPNAAS_DIR
 }
 
 function neutron_vpn_stop {

From 06005723922dcecff9be67685345e02f8f173ca8 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Tue, 13 Jan 2015 16:36:43 +1300
Subject: [PATCH 0289/3421] log dstat top io

We aren't always cpu bound, track top io usage as well.

Change-Id: I3c16b851ebab61ef96a6e3016237a294038561de
---
 lib/dstat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dstat b/lib/dstat
index 8f456a879f..73ca279fea 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -26,7 +26,7 @@ DSTAT_FILE=${DSTAT_FILE:-"dstat.txt"}
 # start_dstat() - Start running processes, including screen
 function start_dstat {
     # A better kind of sysstat, with the top process per time slice
-    DSTAT_OPTS="-tcmndrylpg --top-cpu-adv"
+    DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
     if [[ -n ${SCREEN_LOGDIR} ]]; then
         screen_it dstat "cd $TOP_DIR; dstat $DSTAT_OPTS | tee $SCREEN_LOGDIR/$DSTAT_FILE"
     else

From 6ce071b796d7bbf851df225ca7097d2de26b3456 Mon Sep 17 00:00:00 2001
From: Radoslaw Smigielski 
Date: Tue, 13 Jan 2015 06:29:31 +0000
Subject: [PATCH 0290/3421] Depreciated pip option PIP_DOWNLOAD_CACHE removal

Fix warning:
DEPRECATION: --download-cache has been deprecated and will be removed in the
future. Pip now automatically uses and configures its cache.

1. Since version 6.0 (2014-12-22) pip has deprecated PIP_DOWNLOAD_CACHE
   and now automatically uses and configures its cache.
   Default new location is $HOME/.cache/pip.
2. pip gets upgraded to the latest version in tools/install_pip.sh
   but if pip version<6, exit with error: "Currently installed pip version
   ${pip_version} does not meet meet minimum requirements"

Change-Id: I8b203ffc6d9cf588462d0d65a9703a9941d8fa71
---
 functions-common | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/functions-common b/functions-common
index 40a0d2b942..30f99ba3e9 100644
--- a/functions-common
+++ b/functions-common
@@ -26,7 +26,6 @@
 # - ``ERROR_ON_CLONE``
 # - ``FILES``
 # - ``OFFLINE``
-# - ``PIP_DOWNLOAD_CACHE``
 # - ``RECLONE``
 # - ``REQUIREMENTS_DIR``
 # - ``STACK_USER``
@@ -1555,8 +1554,7 @@ function get_python_exec_prefix {
 }
 
 # Wrapper for ``pip install`` to set cache and proxy environment variables
-# Uses globals ``OFFLINE``, ``PIP_DOWNLOAD_CACHE``,
-# ``TRACK_DEPENDS``, ``*_proxy``
+# Uses globals ``OFFLINE``, ``TRACK_DEPENDS``, ``*_proxy``
 # pip_install package [package ...]
 function pip_install {
     local xtrace=$(set +o | grep xtrace)
@@ -1581,8 +1579,15 @@ function pip_install {
         local sudo_pip="sudo -H"
     fi
 
+    local pip_version=$(python -c "import pip; \
+                        print(pip.__version__.strip('.')[0])")
+    if (( pip_version<6 )); then
+        die $LINENO "Currently installed pip version ${pip_version} does not" \
+            "meet minimum requirements (>=6)."
+    fi
+
     $xtrace
-    $sudo_pip PIP_DOWNLOAD_CACHE=${PIP_DOWNLOAD_CACHE:-/var/cache/pip} \
+    $sudo_pip \
         http_proxy=$http_proxy \
         https_proxy=$https_proxy \
         no_proxy=$no_proxy \
@@ -1593,7 +1598,7 @@ function pip_install {
     if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
         local test_req="$@/test-requirements.txt"
         if [[ -e "$test_req" ]]; then
-            $sudo_pip PIP_DOWNLOAD_CACHE=${PIP_DOWNLOAD_CACHE:-/var/cache/pip} \
+            $sudo_pip \
                 http_proxy=$http_proxy \
                 https_proxy=$https_proxy \
                 no_proxy=$no_proxy \

From 4eb04a5f9e378fa67175056ab94b5803db2be875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= 
Date: Thu, 4 Dec 2014 16:22:41 +0100
Subject: [PATCH 0291/3421] Ability to use a remote Ceph cluster
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sometimes we want to run some benchmarks on virtual machines that will be
backed by a Ceph cluster. The first idea that comes in our mind is to
use devstack to quickly get an OpenStack up and running but what about
the configuration of Devstack with this remote cluster?

Thanks to this commit it's now possible to use an already existing Ceph
cluster. In this case Devstack just needs two things:

* the location of the Ceph config file (by default devstack will look
for /etc/ceph/ceph.conf
* the admin key of the remote ceph cluster (by default devstack will
look for /etc/ceph/ceph.client.admin.keyring)

Devstack will then create the necessary pools, users, keys and will
connect the OpenStack environment as usual. During the unstack phase
every pools, users and keys will be deleted on the remote cluster while
local files and ceph-common package will be removed from the current
Devstack host.

To enable this mode simply add REMOTE_CEPH=True to your localrc file.

Change-Id: I1a4b6fd676d50b6a41a09e7beba9b11f8d1478f7
Signed-off-by: Sébastien Han 
---
 extras.d/60-ceph.sh      |  52 +++++++++++++++----
 lib/ceph                 | 106 ++++++++++++++++++++++++++++-----------
 lib/cinder_backends/ceph |  10 ++--
 3 files changed, 125 insertions(+), 43 deletions(-)

diff --git a/extras.d/60-ceph.sh b/extras.d/60-ceph.sh
index 50bdfaee3b..38b901b767 100644
--- a/extras.d/60-ceph.sh
+++ b/extras.d/60-ceph.sh
@@ -6,14 +6,19 @@ if is_service_enabled ceph; then
         source $TOP_DIR/lib/ceph
     elif [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
         echo_summary "Installing Ceph"
-        install_ceph
-        echo_summary "Configuring Ceph"
-        configure_ceph
-        # NOTE (leseb): Do everything here because we need to have Ceph started before the main
-        # OpenStack components. Ceph OSD must start here otherwise we can't upload any images.
-        echo_summary "Initializing Ceph"
-        init_ceph
-        start_ceph
+        check_os_support_ceph
+        if [ "$REMOTE_CEPH" = "False" ]; then
+            install_ceph
+            echo_summary "Configuring Ceph"
+            configure_ceph
+            # NOTE (leseb): Do everything here because we need to have Ceph started before the main
+            # OpenStack components. Ceph OSD must start here otherwise we can't upload any images.
+            echo_summary "Initializing Ceph"
+            init_ceph
+            start_ceph
+        else
+            install_ceph_remote
+        fi
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         if is_service_enabled glance; then
             echo_summary "Configuring Glance for Ceph"
@@ -32,14 +37,39 @@ if is_service_enabled ceph; then
             echo_summary "Configuring libvirt secret"
             import_libvirt_secret_ceph
         fi
+
+        if [ "$REMOTE_CEPH" = "False" ]; then
+            if is_service_enabled glance; then
+                echo_summary "Configuring Glance for Ceph"
+                configure_ceph_embedded_glance
+            fi
+            if is_service_enabled nova; then
+                echo_summary "Configuring Nova for Ceph"
+                configure_ceph_embedded_nova
+            fi
+            if is_service_enabled cinder; then
+                echo_summary "Configuring Cinder for Ceph"
+                configure_ceph_embedded_cinder
+            fi
+        fi
     fi
 
     if [[ "$1" == "unstack" ]]; then
-        stop_ceph
-        cleanup_ceph
+        if [ "$REMOTE_CEPH" = "True" ]; then
+            cleanup_ceph_remote
+        else
+            cleanup_ceph_embedded
+            stop_ceph
+        fi
+        cleanup_ceph_general
     fi
 
     if [[ "$1" == "clean" ]]; then
-        cleanup_ceph
+        if [ "$REMOTE_CEPH" = "True" ]; then
+            cleanup_ceph_remote
+        else
+            cleanup_ceph_embedded
+        fi
+        cleanup_ceph_general
     fi
 fi
diff --git a/lib/ceph b/lib/ceph
index 521430626b..d5c916f084 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -68,6 +68,11 @@ CINDER_CEPH_UUID=${CINDER_CEPH_UUID:-$(uuidgen)}
 CEPH_REPLICAS=${CEPH_REPLICAS:-1}
 CEPH_REPLICAS_SEQ=$(seq ${CEPH_REPLICAS})
 
+# Connect to an existing Ceph cluster
+REMOTE_CEPH=$(trueorfalse False $REMOTE_CEPH)
+REMOTE_CEPH_ADMIN_KEY_PATH=${REMOTE_CEPH_ADMIN_KEY_PATH:-$CEPH_CONF_DIR/ceph.client.admin.keyring}
+
+
 # Functions
 # ------------
 
@@ -92,29 +97,69 @@ EOF
     sudo rm -f secret.xml
 }
 
+# undefine_virsh_secret() - Undefine Cinder key secret from libvirt
+function undefine_virsh_secret {
+    if is_service_enabled cinder || is_service_enabled nova; then
+        local virsh_uuid=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
+        sudo virsh secret-undefine ${virsh_uuid} >/dev/null 2>&1
+    fi
+}
+
+
+# check_os_support_ceph() - Check if the operating system provides a decent version of Ceph
+function check_os_support_ceph {
+    if [[ ! ${DISTRO} =~ (trusty|f20|f21) ]]; then
+        echo "WARNING: your distro $DISTRO does not provide (at least) the Firefly release. Please use Ubuntu Trusty or Fedora 20 (and higher)"
+        if [[ "$FORCE_CEPH_INSTALL" != "yes" ]]; then
+            die $LINENO "If you wish to install Ceph on this distribution anyway run with FORCE_CEPH_INSTALL=yes"
+        fi
+        NO_UPDATE_REPOS=False
+    fi
+}
+
 # cleanup_ceph() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
-function cleanup_ceph {
+function cleanup_ceph_remote {
+    # do a proper cleanup from here to avoid leftover on the remote Ceph cluster
+    if is_service_enabled glance; then
+        sudo ceph osd pool delete $GLANCE_CEPH_POOL $GLANCE_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
+        sudo ceph auth del client.$GLANCE_CEPH_USER > /dev/null 2>&1
+    fi
+    if is_service_enabled cinder; then
+        sudo ceph osd pool delete $CINDER_CEPH_POOL $CINDER_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
+        sudo ceph auth del client.$CINDER_CEPH_USER > /dev/null 2>&1
+    fi
+    if is_service_enabled c-bak; then
+        sudo ceph osd pool delete $CINDER_BAK_CEPH_POOL $CINDER_BAK_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
+        sudo ceph auth del client.$CINDER_BAK_CEPH_USER > /dev/null 2>&1
+    fi
+    if is_service_enabled nova; then
+        iniset $NOVA_CONF libvirt rbd_secret_uuid ""
+        sudo ceph osd pool delete $NOVA_CEPH_POOL $NOVA_CEPH_POOL --yes-i-really-really-mean-it > /dev/null 2>&1
+    fi
+}
+
+function cleanup_ceph_embedded {
     sudo pkill -f ceph-mon
     sudo pkill -f ceph-osd
     sudo rm -rf ${CEPH_DATA_DIR}/*/*
-    sudo rm -rf ${CEPH_CONF_DIR}/*
     if egrep -q ${CEPH_DATA_DIR} /proc/mounts; then
         sudo umount ${CEPH_DATA_DIR}
     fi
     if [[ -e ${CEPH_DISK_IMAGE} ]]; then
         sudo rm -f ${CEPH_DISK_IMAGE}
     fi
+}
+
+function cleanup_ceph_general {
+    undefine_virsh_secret
     uninstall_package ceph ceph-common python-ceph libcephfs1 > /dev/null 2>&1
-    if is_service_enabled cinder || is_service_enabled nova; then
-        local virsh_uuid=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
-        sudo virsh secret-undefine ${virsh_uuid} >/dev/null 2>&1
-    fi
-    if is_service_enabled nova; then
-        iniset $NOVA_CONF libvirt rbd_secret_uuid ""
-    fi
+
+    # purge ceph config file and keys
+    sudo rm -rf ${CEPH_CONF_DIR}/*
 }
 
+
 # configure_ceph() - Set config files, create data dirs, etc
 function configure_ceph {
     local count=0
@@ -130,7 +175,7 @@ function configure_ceph {
     sudo mkdir /var/lib/ceph/mon/ceph-$(hostname)
 
     # create a default ceph configuration file
-    sudo tee -a ${CEPH_CONF_FILE} > /dev/null < /dev/null <
Date: Tue, 13 Jan 2015 14:01:26 +0100
Subject: [PATCH 0292/3421] wget less verbose

wget is too verbose in devstack logs [1] on image download.

Changing the progress bar style to giga, in order
to be less verbose.

http://logs.openstack.org/73/146573/2/check/
check-tempest-dsvm-full-juno/41ba988/logs/devstacklog.txt.gz#_2015-01-13_11_34_15_330

Change-Id: Ic5304893f4c97c50e7a2f29ad5cd77dba3d5a9dd
---
 functions | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions b/functions
index c7a3b9db1d..12be160e7d 100644
--- a/functions
+++ b/functions
@@ -42,7 +42,7 @@ function upload_image {
     if [[ $image_url != file* ]]; then
         # Downloads the image (uec ami+akistyle), then extracts it.
         if [[ ! -f $FILES/$image_fname || "$(stat -c "%s" $FILES/$image_fname)" = "0" ]]; then
-            wget -c $image_url -O $FILES/$image_fname
+            wget --progress=dot:giga -c $image_url -O $FILES/$image_fname
             if [[ $? -ne 0 ]]; then
                 echo "Not found: $image_url"
                 return
@@ -116,7 +116,7 @@ function upload_image {
             if [[ $flat_url != file* ]]; then
                 if [[ ! -f $FILES/$flat_fname || \
                 "$(stat -c "%s" $FILES/$flat_fname)" = "0" ]]; then
-                    wget -c $flat_url -O $FILES/$flat_fname
+                    wget --progress=dot:giga -c $flat_url -O $FILES/$flat_fname
                 fi
                 image="$FILES/${flat_fname}"
             else

From d97d2cb01767d670969449d7f11f8438c014933e Mon Sep 17 00:00:00 2001
From: Moshe Levi 
Date: Mon, 12 Jan 2015 22:47:29 +0200
Subject: [PATCH 0293/3421] fix mysql clean on ubuntu

Closes-Bug: 1409902
Change-Id: I72900eb2c7f3c6f66d829b10e9bb73b6d186da98
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 0e423de675..62c3d4c90e 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -23,7 +23,7 @@ function cleanup_database_mysql {
     if is_ubuntu; then
         # Get ruthless with mysql
         stop_service $MYSQL
-        uninstall_package mysql-server mariadb-server
+        uninstall_package mysql-common mariadb-common
         sudo rm -rf /var/lib/mysql
         sudo rm -rf /etc/mysql
         return

From a134f652e51d9d7922ef37feb535d583619f4055 Mon Sep 17 00:00:00 2001
From: Ethan Lynn 
Date: Mon, 12 Jan 2015 12:59:30 +0800
Subject: [PATCH 0294/3421] Configure region name in neutron & ceilometer
 config files

Because of lacking some options in multi-region env, neutron and
ceilometer can not work after setup a multi-region env using
devstack.
This patch adds related options for multi-region env.

Change-Id: I4de890b233366f9526fa283aa9078a4d6ed0ca23
Closes-Bug: #1409589
---
 lib/ceilometer | 2 ++
 lib/neutron    | 1 +
 2 files changed, 3 insertions(+)

diff --git a/lib/ceilometer b/lib/ceilometer
index f6280d9d3b..d9064e2747 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -200,6 +200,8 @@ function configure_ceilometer {
     iniset $CEILOMETER_CONF service_credentials os_username ceilometer
     iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
     iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
+    iniset $CEILOMETER_CONF service_credentials os_region_name $REGION_NAME
+    iniset $CEILOMETER_CONF service_credentials os_auth_url $KEYSTONE_SERVICE_URI/v2.0
 
     configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
 
diff --git a/lib/neutron b/lib/neutron
index 5678769255..8a8fe3cabf 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -1011,6 +1011,7 @@ function _configure_neutron_service {
     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
     iniset $NEUTRON_CONF DEFAULT nova_url "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2"
+    iniset $NEUTRON_CONF DEFAULT nova_region_name $REGION_NAME
     iniset $NEUTRON_CONF DEFAULT nova_admin_username nova
     iniset $NEUTRON_CONF DEFAULT nova_admin_password $SERVICE_PASSWORD
     ADMIN_TENANT_ID=$(openstack project list | awk "/ service / { print \$2 }")

From 56b7efbf93d8afbdd093934f183a7096ce798552 Mon Sep 17 00:00:00 2001
From: Zhongyue Luo 
Date: Tue, 16 Dec 2014 11:36:49 +0800
Subject: [PATCH 0295/3421] Gracefully add provider network port

Patch 5ec6f8f1 introduced the provider network support in DevStack. However, this patch
does not include a port clean up routine during ./unstack that openvswitch complains
that the PUBLIC_INTERFACE already exists and exits when you run DevStack multiple times.
Adding --may-exist to ovs add-port command solves this problem.

Change-Id: I89dc560ffb35fccf6ceed2557047adca37054ce7
---
 lib/neutron | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index b4d0b8cad4..90991d15e0 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -699,7 +699,7 @@ function start_neutron_agents {
     run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
 
     if is_provider_network; then
-        sudo ovs-vsctl add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
+        sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
         sudo ip link set $OVS_PHYSICAL_BRIDGE up
         sudo ip link set br-int up
         sudo ip link set $PUBLIC_INTERFACE up

From 8f90f765faf269c3b1f9c04d80a1369223bc982c Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 14 Jan 2015 10:36:48 -0500
Subject: [PATCH 0296/3421] clean mysql better

The purge that was previously removed was actually kind of important
to burning mysql back down to a stateless zero point. Bring this back
with the addition of doing it for mariadb as well.

Change-Id: If608db8731d9ddfb2440a37387409798619b163c
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 62c3d4c90e..1c74c03735 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -23,7 +23,7 @@ function cleanup_database_mysql {
     if is_ubuntu; then
         # Get ruthless with mysql
         stop_service $MYSQL
-        uninstall_package mysql-common mariadb-common
+        apt_get purge -y mysql* mariadb*
         sudo rm -rf /var/lib/mysql
         sudo rm -rf /etc/mysql
         return

From b74e01c34de76cb451f80d2f1ac1c4ccac1bb7e4 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Thu, 18 Dec 2014 01:35:35 -0500
Subject: [PATCH 0297/3421] Add a group create function, and a sample group

Slowly trying to introduce more v3 concepts into a generic
devstack installation.

Work with description of none and description with spaces

Change-Id: I7d2fde58363698ff020f92f129f1ff7378f945a8
---
 functions-common | 23 ++++++++++++++++++++---
 lib/heat         | 10 ++++------
 lib/keystone     |  7 +++++++
 lib/tempest      |  2 +-
 4 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/functions-common b/functions-common
index 3b4309a15d..c3c8486f13 100644
--- a/functions-common
+++ b/functions-common
@@ -815,7 +815,7 @@ function policy_add {
 # Gets or creates a domain
 # Usage: get_or_create_domain  
 function get_or_create_domain {
-    local os_url="$KEYSTONE_SERVICE_URI/v3"
+    local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets domain id
     local domain_id=$(
         # Gets domain id
@@ -831,6 +831,23 @@ function get_or_create_domain {
     echo $domain_id
 }
 
+# Gets or creates group
+# Usage: get_or_create_group  [ ]
+function get_or_create_group {
+    local domain=${2:+--domain ${2}}
+    local desc="${3:-}"
+    local os_url="$KEYSTONE_SERVICE_URI_V3"
+    # Gets group id
+    local group_id=$(
+        # Creates new group with --or-show
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 group create $1 \
+            $domain --description "$desc" --or-show \
+            -f value -c id
+    )
+    echo $group_id
+}
+
 # Gets or creates user
 # Usage: get_or_create_user    [ []]
 function get_or_create_user {
@@ -843,7 +860,7 @@ function get_or_create_user {
     local domain=""
     if [[ ! -z "$5" ]]; then
         domain="--domain=$5"
-        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
+        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
     fi
     # Gets user id
     local user_id=$(
@@ -868,7 +885,7 @@ function get_or_create_project {
     local domain=""
     if [[ ! -z "$2" ]]; then
         domain="--domain=$2"
-        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
+        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
     fi
     local project_id=$(
         # Creates new project with --or-show
diff --git a/lib/heat b/lib/heat
index 544ec451f7..d98b0960ae 100644
--- a/lib/heat
+++ b/lib/heat
@@ -265,23 +265,21 @@ function create_heat_accounts {
     if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
         # Note we have to pass token/endpoint here because the current endpoint and
         # version negotiation in OSC means just --os-identity-api-version=3 won't work
-        local ks_endpoint_v3="$KEYSTONE_SERVICE_URI/v3"
-
-        D_ID=$(openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
+        D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
             --os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
 
         if [[ -z "$D_ID" ]]; then
-            D_ID=$(openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
+            D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
                 --os-identity-api-version=3 domain create heat \
                 --description "Owns users and projects created by heat" \
                 | grep ' id ' | get_field 2)
             iniset $HEAT_CONF DEFAULT stack_user_domain_id ${D_ID}
 
-            openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
+            openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
                 --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
                 --domain $D_ID heat_domain_admin \
                 --description "Manages users and projects created by heat"
-            openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
+            openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
                 --os-identity-api-version=3 role add \
                 --user heat_domain_admin --domain ${D_ID} admin
             iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
diff --git a/lib/keystone b/lib/keystone
index 1599fa5738..219034b1d4 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -106,6 +106,10 @@ fi
 KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
 KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
 
+# V3 URIs
+KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
+KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
+
 # Functions
 # ---------
 # cleanup_keystone() - Remove residual data files, anything left over from previous
@@ -394,6 +398,9 @@ function create_keystone_accounts {
     get_or_add_user_role $another_role $demo_user $demo_tenant
     get_or_add_user_role $member_role $demo_user $invis_tenant
 
+    get_or_create_group "developers" "default" "openstack developers"
+    get_or_create_group "testers" "default"
+
     # Keystone
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/tempest b/lib/tempest
index d31119bdf6..aea913d143 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -278,7 +278,7 @@ function configure_tempest {
 
     # Identity
     iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
-    iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v3/"
+    iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
     iniset $TEMPEST_CONFIG identity username $TEMPEST_USERNAME
     iniset $TEMPEST_CONFIG identity password "$password"
     iniset $TEMPEST_CONFIG identity tenant_name $TEMPEST_TENANT_NAME

From 537532931da4103e1a873684476dac6d7fe56489 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 4 Dec 2014 19:38:15 -0500
Subject: [PATCH 0298/3421] Make changes such that -o nounset runs

This makes a bunch of variable cleanups that will let -o nounset
function, for the time being we hide nounset behind another setting
variable so that it's not on by default.

Because this is bash, and things are only executed on demand, this
probably only works in the config it was run in. Expect cleaning up
all the paths to be something that takes quite a while.

This also includes a new set of unit tests around the trueorfalse
function, because my change in how it worked, didn't. Tests are good
m'kay.

Change-Id: I71a896623ea9e1f042a73dc0678ce85acf0dc87d
---
 clean.sh                            |  2 +-
 extras.d/70-tuskar.sh               |  2 +-
 functions                           |  2 +-
 functions-common                    | 72 ++++++++++++++++++-----------
 lib/ceilometer                      |  5 +-
 lib/cinder                          |  4 +-
 lib/cinder_backends/lvm             |  1 +
 lib/database                        |  3 +-
 lib/databases/mysql                 | 10 ++++
 lib/dib                             |  2 +-
 lib/heat                            |  6 +--
 lib/horizon                         |  2 +-
 lib/ironic                          |  6 +--
 lib/keystone                        |  1 +
 lib/nova                            | 10 ++--
 lib/nova_plugins/functions-libvirt  |  2 +-
 lib/nova_plugins/hypervisor-libvirt |  2 +-
 lib/rpc_backend                     |  8 ++--
 lib/swift                           |  4 +-
 lib/tempest                         |  4 +-
 stack.sh                            | 72 ++++++++---------------------
 stackrc                             | 62 +++++++++++++++++++++++--
 tests/test_functions.sh             | 34 ++++++++++++++
 tests/unittest.sh                   | 39 ++++++++++++++++
 tools/install_prereqs.sh            | 12 +++--
 unstack.sh                          | 19 +++++---
 26 files changed, 265 insertions(+), 121 deletions(-)
 create mode 100755 tests/test_functions.sh
 create mode 100644 tests/unittest.sh

diff --git a/clean.sh b/clean.sh
index f2f13389c8..edbd04a2d9 100755
--- a/clean.sh
+++ b/clean.sh
@@ -18,7 +18,7 @@ source $TOP_DIR/functions
 FILES=$TOP_DIR/files
 
 # Load local configuration
-source $TOP_DIR/stackrc
+source $TOP_DIR/openrc
 
 # Get the variables that are set in stack.sh
 if [[ -r $TOP_DIR/.stackenv ]]; then
diff --git a/extras.d/70-tuskar.sh b/extras.d/70-tuskar.sh
index e77c504db0..38aba34518 100644
--- a/extras.d/70-tuskar.sh
+++ b/extras.d/70-tuskar.sh
@@ -65,7 +65,7 @@ TUSKARCLIENT_BRANCH=${TUSKARCLIENT_BRANCH:-master}
 TUSKAR_DIR=$DEST/tuskar
 TUSKARCLIENT_DIR=$DEST/python-tuskarclient
 TUSKAR_AUTH_CACHE_DIR=${TUSKAR_AUTH_CACHE_DIR:-/var/cache/tuskar}
-TUSKAR_STANDALONE=`trueorfalse False $TUSKAR_STANDALONE`
+TUSKAR_STANDALONE=$(trueorfalse False TUSKAR_STANDALONE)
 TUSKAR_CONF_DIR=/etc/tuskar
 TUSKAR_CONF=$TUSKAR_CONF_DIR/tuskar.conf
 TUSKAR_API_HOST=${TUSKAR_API_HOST:-$HOST_IP}
diff --git a/functions b/functions
index 12be160e7d..5b3a8ea192 100644
--- a/functions
+++ b/functions
@@ -353,7 +353,7 @@ function _ping_check_novanet {
     local boot_timeout=$3
     local expected=${4:-"True"}
     local check_command=""
-    MULTI_HOST=`trueorfalse False $MULTI_HOST`
+    MULTI_HOST=$(trueorfalse False MULTI_HOST)
     if [[ "$MULTI_HOST" = "True" && "$from_net" = "$PRIVATE_NETWORK_NAME" ]]; then
         return
     fi
diff --git a/functions-common b/functions-common
index b0b262236d..1f76458db0 100644
--- a/functions-common
+++ b/functions-common
@@ -21,7 +21,6 @@
 #
 # The following variables are assumed to be defined by certain functions:
 #
-# - ``GIT_DEPTH``
 # - ``ENABLED_SERVICES``
 # - ``ERROR_ON_CLONE``
 # - ``FILES``
@@ -43,6 +42,8 @@ declare -A GITREPO
 declare -A GITBRANCH
 declare -A GITDIR
 
+TRACK_DEPENDS=${TRACK_DEPENDS:-False}
+
 # Config Functions
 # ================
 
@@ -243,7 +244,8 @@ function trueorfalse {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local default=$1
-    local testval=$2
+    local literal=$2
+    local testval=${!literal}
 
     [[ -z "$testval" ]] && { echo "$default"; return; }
     [[ "0 no No NO false False FALSE" =~ "$testval" ]] && { echo "False"; return; }
@@ -252,6 +254,14 @@ function trueorfalse {
     $xtrace
 }
 
+function isset {
+    nounset=$(set +o | grep nounset)
+    set +o nounset
+    [[ -n "${!1+x}" ]]
+    result=$?
+    $nounset
+    return $result
+}
 
 # Control Functions
 # =================
@@ -381,7 +391,11 @@ function warn {
 # ``os_UPDATE`` - update: ex. the ``5`` in ``RHEL6.5``
 # ``os_PACKAGE`` - package type: ``deb`` or ``rpm``
 # ``os_CODENAME`` - vendor's codename for release: ``snow leopard``, ``trusty``
-declare os_VENDOR os_RELEASE os_UPDATE os_PACKAGE os_CODENAME
+os_VENDOR=""
+os_RELEASE=""
+os_UPDATE=""
+os_PACKAGE=""
+os_CODENAME=""
 
 # GetOSVersion
 function GetOSVersion {
@@ -577,8 +591,7 @@ function get_release_name_from_branch {
 # Set global ``RECLONE=yes`` to simulate a clone when dest-dir exists
 # Set global ``ERROR_ON_CLONE=True`` to abort execution with an error if the git repo
 # does not exist (default is False, meaning the repo will be cloned).
-# Set global ``GIT_DEPTH=`` to limit the history depth of the git clone
-# Uses globals ``ERROR_ON_CLONE``, ``OFFLINE``, ``RECLONE``, ``GIT_DEPTH``
+# Uses globals ``ERROR_ON_CLONE``, ``OFFLINE``, ``RECLONE``
 # git_clone remote dest-dir branch
 function git_clone {
     local git_remote=$1
@@ -587,8 +600,7 @@ function git_clone {
     local orig_dir=$(pwd)
     local git_clone_flags=""
 
-    RECLONE=$(trueorfalse False $RECLONE)
-
+    RECLONE=$(trueorfalse False RECLONE)
     if [[ -n "${GIT_DEPTH}" ]]; then
         git_clone_flags="$git_clone_flags --depth $GIT_DEPTH"
     fi
@@ -978,9 +990,10 @@ function apt_get {
     [[ "$(id -u)" = "0" ]] && sudo="env"
 
     $xtrace
+
     $sudo DEBIAN_FRONTEND=noninteractive \
-        http_proxy=$http_proxy https_proxy=$https_proxy \
-        no_proxy=$no_proxy \
+        http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
+        no_proxy=${no_proxy:-} \
         apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@"
 }
 
@@ -999,10 +1012,10 @@ function get_packages {
     set +o xtrace
     local services=$@
     local package_dir=$(_get_package_dir)
-    local file_to_parse
-    local service
+    local file_to_parse=""
+    local service=""
 
-    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False $INSTALL_TESTONLY_PACKAGES)
+    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False INSTALL_TESTONLY_PACKAGES)
 
     if [[ -z "$package_dir" ]]; then
         echo "No package directory supplied"
@@ -1112,6 +1125,10 @@ function get_packages {
 # Uses globals ``NO_UPDATE_REPOS``, ``REPOS_UPDATED``, ``RETRY_UPDATE``
 # install_package package [package ...]
 function update_package_repo {
+    NO_UPDATE_REPOS=${NO_UPDATE_REPOS:-False}
+    REPOS_UPDATED=${REPOS_UPDATED:-False}
+    RETRY_UPDATE=${RETRY_UPDATE:-False}
+
     if [[ "$NO_UPDATE_REPOS" = "True" ]]; then
         return 0
     fi
@@ -1321,7 +1338,7 @@ function screen_process {
 
     SCREEN_NAME=${SCREEN_NAME:-stack}
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
-    USE_SCREEN=$(trueorfalse True $USE_SCREEN)
+    USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
     # Append the process to the screen rc file
     screen_rc "$name" "$command"
@@ -1394,7 +1411,7 @@ function screen_stop_service {
 
     SCREEN_NAME=${SCREEN_NAME:-stack}
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
-    USE_SCREEN=$(trueorfalse True $USE_SCREEN)
+    USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
     if is_service_enabled $service; then
         # Clean up the screen window
@@ -1412,7 +1429,7 @@ function stop_process {
     local service=$1
 
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
-    USE_SCREEN=$(trueorfalse True $USE_SCREEN)
+    USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
     if is_service_enabled $service; then
         # Kill via pid if we have one available
@@ -1462,7 +1479,7 @@ function tail_log {
     local name=$1
     local logfile=$2
 
-    USE_SCREEN=$(trueorfalse True $USE_SCREEN)
+    USE_SCREEN=$(trueorfalse True USE_SCREEN)
     if [[ "$USE_SCREEN" = "True" ]]; then
         screen_process "$name" "sudo tail -f $logfile"
     fi
@@ -1572,7 +1589,8 @@ function get_python_exec_prefix {
 function pip_install {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
-    if [[ "$OFFLINE" = "True" || -z "$@" ]]; then
+    local offline=${OFFLINE:-False}
+    if [[ "$offline" == "True" || -z "$@" ]]; then
         $xtrace
         return
     fi
@@ -1601,20 +1619,20 @@ function pip_install {
 
     $xtrace
     $sudo_pip \
-        http_proxy=$http_proxy \
-        https_proxy=$https_proxy \
-        no_proxy=$no_proxy \
+        http_proxy=${http_proxy:-} \
+        https_proxy=${https_proxy:-} \
+        no_proxy=${no_proxy:-} \
         $cmd_pip install \
         $@
 
-    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False $INSTALL_TESTONLY_PACKAGES)
+    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False INSTALL_TESTONLY_PACKAGES)
     if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
         local test_req="$@/test-requirements.txt"
         if [[ -e "$test_req" ]]; then
             $sudo_pip \
-                http_proxy=$http_proxy \
-                https_proxy=$https_proxy \
-                no_proxy=$no_proxy \
+                http_proxy=${http_proxy:-} \
+                https_proxy=${https_proxy:-} \
+                no_proxy=${no_proxy:-} \
                 $cmd_pip install \
                 -r $test_req
         fi
@@ -2084,13 +2102,13 @@ function cp_it {
 #     http_proxy=http://proxy.example.com:3128/ no_proxy=repo.example.net ./stack.sh
 
 function export_proxy_variables {
-    if [[ -n "$http_proxy" ]]; then
+    if isset http_proxy ; then
         export http_proxy=$http_proxy
     fi
-    if [[ -n "$https_proxy" ]]; then
+    if isset https_proxy ; then
         export https_proxy=$https_proxy
     fi
-    if [[ -n "$no_proxy" ]]; then
+    if isset no_proxy ; then
         export no_proxy=$no_proxy
     fi
 }
diff --git a/lib/ceilometer b/lib/ceilometer
index f6280d9d3b..98a7e8f0e0 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -75,11 +75,14 @@ CEILOMETER_BACKEND=${CEILOMETER_BACKEND:-mysql}
 CEILOMETER_SERVICE_PROTOCOL=http
 CEILOMETER_SERVICE_HOST=$SERVICE_HOST
 CEILOMETER_SERVICE_PORT=${CEILOMETER_SERVICE_PORT:-8777}
-CEILOMETER_USE_MOD_WSGI=$(trueorfalse False $CEILOMETER_USE_MOD_WSGI)
+CEILOMETER_USE_MOD_WSGI=$(trueorfalse False CEILOMETER_USE_MOD_WSGI)
 
 # To enable OSprofiler change value of this variable to "notifications,profiler"
 CEILOMETER_NOTIFICATION_TOPICS=${CEILOMETER_NOTIFICATION_TOPICS:-notifications}
 
+CEILOMETER_COORDINATION_URL=${CEILOMETER_COORDINATION_URL:-}
+CEILOMETER_PIPELINE_INTERVAL=${CEILOMETER_PIPELINE_INTERVAL:-}
+
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,ceilometer
 
diff --git a/lib/cinder b/lib/cinder
index 177ddf0bf2..7fc694957b 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -68,7 +68,7 @@ fi
 # Maintain this here for backward-compatibility with the old configuration
 # DEPRECATED: Use CINDER_ENABLED_BACKENDS instead
 # Support for multi lvm backend configuration (default is no support)
-CINDER_MULTI_LVM_BACKEND=$(trueorfalse False $CINDER_MULTI_LVM_BACKEND)
+CINDER_MULTI_LVM_BACKEND=$(trueorfalse False CINDER_MULTI_LVM_BACKEND)
 
 # Default backends
 # The backend format is type:name where type is one of the supported backend
@@ -85,7 +85,7 @@ fi
 # Should cinder perform secure deletion of volumes?
 # Defaults to true, can be set to False to avoid this bug when testing:
 # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1023755
-CINDER_SECURE_DELETE=`trueorfalse True $CINDER_SECURE_DELETE`
+CINDER_SECURE_DELETE=$(trueorfalse True CINDER_SECURE_DELETE)
 
 # Cinder reports allocations back to the scheduler on periodic intervals
 # it turns out we can get an "out of space" issue when we run tests too
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index a3ab5bf3f9..280baf7b3e 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -33,6 +33,7 @@ set +o xtrace
 # If ``VOLUME_GROUP`` is set, use it, otherwise we'll build a VG name based
 # on ``VOLUME_GROUP_NAME`` that includes the backend name
 # Grenade doesn't use ``VOLUME_GROUP2`` so it is left out
+VOLUME_GROUP=${VOLUME_GROUP:-}
 VOLUME_GROUP_NAME=${VOLUME_GROUP:-${VOLUME_GROUP_NAME:-stack-volumes}}
 
 # TODO: resurrect backing device...need to know how to set values
diff --git a/lib/database b/lib/database
index 366d2b3d2c..896b8e1430 100644
--- a/lib/database
+++ b/lib/database
@@ -23,6 +23,7 @@
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
+DATABASE_BACKENDS=""
 
 # Register a database backend
 #
@@ -30,7 +31,7 @@ set +o xtrace
 #
 # This is required to be defined before the specific database scripts are sourced
 function register_database {
-    [ -z "$DATABASE_BACKENDS" ] && DATABASE_BACKENDS=$1 || DATABASE_BACKENDS+=" $1"
+    DATABASE_BACKENDS+=" $1"
 }
 
 # Sourcing the database libs sets DATABASE_BACKENDS with the available list
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 62c3d4c90e..42004c5dcd 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -14,12 +14,22 @@ set +o xtrace
 
 register_database mysql
 
+# Linux distros, thank you for being incredibly consistent
+MYSQL=mysql
+if is_fedora; then
+    if [[ $DISTRO =~ (rhel6) ]]; then
+        MYSQL=mysqld
+    else
+        MYSQL=mariadb
+    fi
+fi
 
 # Functions
 # ---------
 
 # Get rid of everything enough to cleanly change database backends
 function cleanup_database_mysql {
+    stop_service $MYSQL
     if is_ubuntu; then
         # Get ruthless with mysql
         stop_service $MYSQL
diff --git a/lib/dib b/lib/dib
index 177f4c1ef0..809217bc93 100644
--- a/lib/dib
+++ b/lib/dib
@@ -26,7 +26,7 @@ TIE_DIR=$DEST/tripleo-image-elements
 # NOTE: Setting DIB_APT_SOURCES assumes you will be building
 # Debian/Ubuntu based images. Leave unset for other flavors.
 DIB_APT_SOURCES=${DIB_APT_SOURCES:-""}
-DIB_BUILD_OFFLINE=$(trueorfalse False $DIB_BUILD_OFFLINE)
+DIB_BUILD_OFFLINE=$(trueorfalse False DIB_BUILD_OFFLINE)
 DIB_IMAGE_CACHE=$DATA_DIR/diskimage-builder/image-create
 DIB_PIP_REPO=$DATA_DIR/diskimage-builder/pip-repo
 DIB_PIP_REPO_PORT=${DIB_PIP_REPO_PORT:-8899}
diff --git a/lib/heat b/lib/heat
index 544ec451f7..b2e5a1272f 100644
--- a/lib/heat
+++ b/lib/heat
@@ -37,13 +37,13 @@ HEAT_DIR=$DEST/heat
 HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
 HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
 HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
-HEAT_STANDALONE=`trueorfalse False $HEAT_STANDALONE`
-HEAT_ENABLE_ADOPT_ABANDON=`trueorfalse False $HEAT_ENABLE_ADOPT_ABANDON`
+HEAT_STANDALONE=$(trueorfalse False HEAT_STANDALONE)
+HEAT_ENABLE_ADOPT_ABANDON=$(trueorfalse False HEAT_ENABLE_ADOPT_ABANDON)
 HEAT_CONF_DIR=/etc/heat
 HEAT_CONF=$HEAT_CONF_DIR/heat.conf
 HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
 HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
-HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
+HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
 HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
 HEAT_API_PORT=${HEAT_API_PORT:-8004}
 
diff --git a/lib/horizon b/lib/horizon
index fee2ef0b3a..aa70bd59eb 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -173,7 +173,7 @@ function install_horizon {
     # Apache installation, because we mark it NOPRIME
     install_apache_wsgi
 
-    git_clone $HORIZON_REPO $HORIZON_DIR $HORIZON_BRANCH $HORIZON_TAG
+    git_clone $HORIZON_REPO $HORIZON_DIR $HORIZON_BRANCH
 }
 
 # start_horizon() - Start running processes, including screen
diff --git a/lib/ironic b/lib/ironic
index 55272b9a1d..141b2fda54 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -57,7 +57,7 @@ IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info}
 # Set up defaults for functional / integration testing
 IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts}
 IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates}
-IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False $IRONIC_BAREMETAL_BASIC_OPS)
+IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS)
 IRONIC_ENABLED_DRIVERS=${IRONIC_ENABLED_DRIVERS:-fake,pxe_ssh,pxe_ipmitool}
 IRONIC_SSH_USERNAME=${IRONIC_SSH_USERNAME:-`whoami`}
 IRONIC_SSH_KEY_DIR=${IRONIC_SSH_KEY_DIR:-$IRONIC_DATA_DIR/ssh_keys}
@@ -84,7 +84,7 @@ IRONIC_VM_LOG_CONSOLE=${IRONIC_VM_LOG_CONSOLE:-True}
 IRONIC_VM_LOG_DIR=${IRONIC_VM_LOG_DIR:-$IRONIC_DATA_DIR/logs/}
 
 # Use DIB to create deploy ramdisk and kernel.
-IRONIC_BUILD_DEPLOY_RAMDISK=`trueorfalse True $IRONIC_BUILD_DEPLOY_RAMDISK`
+IRONIC_BUILD_DEPLOY_RAMDISK=$(trueorfalse True IRONIC_BUILD_DEPLOY_RAMDISK)
 # If not use DIB, these files are used as deploy ramdisk/kernel.
 # (The value must be a absolute path)
 IRONIC_DEPLOY_RAMDISK=${IRONIC_DEPLOY_RAMDISK:-}
@@ -113,7 +113,7 @@ IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT}
 TEMPEST_SERVICES+=,ironic
 
 # Enable iPXE
-IRONIC_IPXE_ENABLED=$(trueorfalse False $IRONIC_IPXE_ENABLED)
+IRONIC_IPXE_ENABLED=$(trueorfalse False IRONIC_IPXE_ENABLED)
 IRONIC_HTTP_DIR=${IRONIC_HTTP_DIR:-$IRONIC_DATA_DIR/httpboot}
 IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$HOST_IP}
 IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-8088}
diff --git a/lib/keystone b/lib/keystone
index 1599fa5738..ad77bb39f9 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -71,6 +71,7 @@ KEYSTONE_ASSIGNMENT_BACKEND=${KEYSTONE_ASSIGNMENT_BACKEND:-sql}
 
 # Select Keystone's token format
 # Choose from 'UUID', 'PKI', or 'PKIZ'
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
 KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
 
 # Set Keystone interface configuration
diff --git a/lib/nova b/lib/nova
index 5ac9ff1a2b..0e9282bb1b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -106,7 +106,7 @@ GUEST_INTERFACE_DEFAULT=$(ip link \
 
 # $NOVA_VNC_ENABLED can be used to forcibly enable vnc configuration.
 # In multi-node setups allows compute hosts to not run n-novnc.
-NOVA_VNC_ENABLED=$(trueorfalse False $NOVA_VNC_ENABLED)
+NOVA_VNC_ENABLED=$(trueorfalse False NOVA_VNC_ENABLED)
 
 # Get hypervisor configuration
 # ----------------------------
@@ -145,11 +145,11 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
 # ``MULTI_HOST`` is a mode where each compute node runs its own network node.  This
 # allows network operations and routing for a VM to occur on the server that is
 # running the VM - removing a SPOF and bandwidth bottleneck.
-MULTI_HOST=`trueorfalse False $MULTI_HOST`
+MULTI_HOST=$(trueorfalse False MULTI_HOST)
 
 # ``NOVA_ALLOW_MOVE_TO_SAME_HOST` can be set to False in multi node devstack,
 # where there are at least two nova-computes.
-NOVA_ALLOW_MOVE_TO_SAME_HOST=`trueorfalse True $NOVA_ALLOW_MOVE_TO_SAME_HOST`
+NOVA_ALLOW_MOVE_TO_SAME_HOST=$(trueorfalse True NOVA_ALLOW_MOVE_TO_SAME_HOST)
 
 # Test floating pool and range are used for testing.  They are defined
 # here until the admin APIs can replace nova-manage
@@ -657,7 +657,7 @@ function install_nova {
 
     if is_service_enabled n-novnc; then
         # a websockets/html5 or flash powered VNC console for vm instances
-        NOVNC_FROM_PACKAGE=`trueorfalse False $NOVNC_FROM_PACKAGE`
+        NOVNC_FROM_PACKAGE=$(trueorfalse False NOVNC_FROM_PACKAGE)
         if [ "$NOVNC_FROM_PACKAGE" = "True" ]; then
             NOVNC_WEB_DIR=/usr/share/novnc
             install_package novnc
@@ -669,7 +669,7 @@ function install_nova {
 
     if is_service_enabled n-spice; then
         # a websockets/html5 or flash powered SPICE console for vm instances
-        SPICE_FROM_PACKAGE=`trueorfalse True $SPICE_FROM_PACKAGE`
+        SPICE_FROM_PACKAGE=$(trueorfalse True SPICE_FROM_PACKAGE)
         if [ "$SPICE_FROM_PACKAGE" = "True" ]; then
             SPICE_WEB_DIR=/usr/share/spice-html5
             install_package spice-html5
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 4601eea47b..c136e352df 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -15,7 +15,7 @@ set +o xtrace
 # --------
 
 # if we should turn on massive libvirt debugging
-DEBUG_LIBVIRT=$(trueorfalse False $DEBUG_LIBVIRT)
+DEBUG_LIBVIRT=$(trueorfalse False DEBUG_LIBVIRT)
 
 # Installs required distro-specific libvirt packages.
 function install_libvirt {
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index b1b440073f..4d1eb6cdcb 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -54,7 +54,7 @@ function configure_nova_hypervisor {
         iniset $NOVA_CONF DEFAULT vnc_enabled "false"
     fi
 
-    ENABLE_FILE_INJECTION=$(trueorfalse False $ENABLE_FILE_INJECTION)
+    ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
     if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
         # When libguestfs is available for file injection, enable using
         # libguestfs to inspect the image and figure out the proper
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 778d466963..d87d6207b1 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -21,6 +21,11 @@
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
+RPC_MESSAGING_PROTOCOL=${RPC_MESSAGING_PROTOCOL:-0.9}
+
+# TODO(sdague): RPC backend selection is super wonky because we treat
+# messaging server as a service, which it really isn't for multi host
+QPID_HOST=${QPID_HOST:-}
 
 # Functions
 # ---------
@@ -68,9 +73,6 @@ function check_rpc_backend {
 function cleanup_rpc_backend {
     if is_service_enabled rabbit; then
         # Obliterate rabbitmq-server
-        if [ -n "$RABBIT_USERID" ]; then
-            sudo rabbitmqctl delete_user "$RABBIT_USERID"
-        fi
         uninstall_package rabbitmq-server
         sudo killall epmd || sudo killall -9 epmd
         if is_ubuntu; then
diff --git a/lib/swift b/lib/swift
index e9043b32a1..b5577d86b8 100644
--- a/lib/swift
+++ b/lib/swift
@@ -82,7 +82,7 @@ SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-formpost staticweb}
 
 # Set ``SWIFT_EXTRAS_MIDDLEWARE_LAST`` to extras middlewares that need to be at
 # the end of the pipeline.
-SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST}
+SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST:-}
 
 # Set ``SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH`` to extras middlewares that need to be at
 # the beginning of the pipeline, before authentication middlewares.
@@ -127,7 +127,7 @@ ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012}
 
 # Enable tempurl feature
 SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False}
-SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY}
+SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY:-}
 
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,swift
diff --git a/lib/tempest b/lib/tempest
index d31119bdf6..a525b85b1e 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -75,8 +75,8 @@ TEMPEST_DEFAULT_STORAGE_PROTOCOL="iSCSI"
 TEMPEST_STORAGE_PROTOCOL=${TEMPEST_STORAGE_PROTOCOL:-$TEMPEST_DEFAULT_STORAGE_PROTOCOL}
 
 # Neutron/Network variables
-IPV6_ENABLED=$(trueorfalse True $IPV6_ENABLED)
-IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True $IPV6_SUBNET_ATTRIBUTES_ENABLED)
+IPV6_ENABLED=$(trueorfalse True IPV6_ENABLED)
+IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True IPV6_SUBNET_ATTRIBUTES_ENABLED)
 
 # Functions
 # ---------
diff --git a/stack.sh b/stack.sh
index 696dc2473b..dedc500763 100755
--- a/stack.sh
+++ b/stack.sh
@@ -40,6 +40,12 @@ PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
 # Keep track of the devstack directory
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 
+# Check for uninitialized variables, a big cause of bugs
+NOUNSET=${NOUNSET:-}
+if [[ -n "$NOUNSET" ]]; then
+    set -o nounset
+fi
+
 # Sanity Checks
 # -------------
 
@@ -79,6 +85,9 @@ fi
 # Prepare the environment
 # -----------------------
 
+# Initialize variables:
+LAST_SPINNER_PID=""
+
 # Import common functions
 source $TOP_DIR/functions
 
@@ -172,12 +181,12 @@ export_proxy_variables
 disable_negated_services
 
 # Look for obsolete stuff
-if [[ ,${ENABLED_SERVICES}, =~ ,"swift", ]]; then
-    echo "FATAL: 'swift' is not supported as a service name"
-    echo "FATAL: Use the actual swift service names to enable them as required:"
-    echo "FATAL: s-proxy s-object s-container s-account"
-    exit 1
-fi
+# if [[ ,${ENABLED_SERVICES}, =~ ,"swift", ]]; then
+#     echo "FATAL: 'swift' is not supported as a service name"
+#     echo "FATAL: Use the actual swift service names to enable them as required:"
+#     echo "FATAL: s-proxy s-object s-container s-account"
+#     exit 1
+# fi
 
 # Configure sudo
 # --------------
@@ -311,7 +320,7 @@ fi
 # -----------------
 
 # Set up logging level
-VERBOSE=$(trueorfalse True $VERBOSE)
+VERBOSE=$(trueorfalse True VERBOSE)
 
 # Draw a spinner so the user knows something is happening
 function spinner {
@@ -482,47 +491,6 @@ set -o errexit
 # an error.  It is also useful for following along as the install occurs.
 set -o xtrace
 
-
-# Common Configuration
-# --------------------
-
-# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
-# Internet access. ``stack.sh`` must have been previously run with Internet
-# access to install prerequisites and fetch repositories.
-OFFLINE=`trueorfalse False $OFFLINE`
-
-# Set ``ERROR_ON_CLONE`` to ``True`` to configure ``stack.sh`` to exit if
-# the destination git repository does not exist during the ``git_clone``
-# operation.
-ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE`
-
-# Whether to enable the debug log level in OpenStack services
-ENABLE_DEBUG_LOG_LEVEL=`trueorfalse True $ENABLE_DEBUG_LOG_LEVEL`
-
-# Set fixed and floating range here so we can make sure not to use addresses
-# from either range when attempting to guess the IP to use for the host.
-# Note that setting FIXED_RANGE may be necessary when running DevStack
-# in an OpenStack cloud that uses either of these address ranges internally.
-FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24}
-FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}
-FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256}
-
-HOST_IP=$(get_default_host_ip $FIXED_RANGE $FLOATING_RANGE "$HOST_IP_IFACE" "$HOST_IP")
-if [ "$HOST_IP" == "" ]; then
-    die $LINENO "Could not determine host ip address.  See local.conf for suggestions on setting HOST_IP."
-fi
-
-# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for service endpoints.
-SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
-
-# Configure services to use syslog instead of writing to individual log files
-SYSLOG=`trueorfalse False $SYSLOG`
-SYSLOG_HOST=${SYSLOG_HOST:-$HOST_IP}
-SYSLOG_PORT=${SYSLOG_PORT:-516}
-
-# Use color for logging output (only available if syslog is not used)
-LOG_COLOR=`trueorfalse True $LOG_COLOR`
-
 # Reset the bundle of CA certificates
 SSL_BUNDLE_FILE="$DATA_DIR/ca-bundle.pem"
 rm -f $SSL_BUNDLE_FILE
@@ -535,9 +503,6 @@ source $TOP_DIR/lib/rpc_backend
 # and the specified rpc backend is available on your platform.
 check_rpc_backend
 
-# Use native SSL for servers in SSL_ENABLED_SERVICES
-USE_SSL=$(trueorfalse False $USE_SSL)
-
 # Service to enable with SSL if USE_SSL is True
 SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron"
 
@@ -708,7 +673,7 @@ source $TOP_DIR/tools/install_prereqs.sh
 
 # Configure an appropriate python environment
 if [[ "$OFFLINE" != "True" ]]; then
-    PYPI_ALTERNATIVE_URL=$PYPI_ALTERNATIVE_URL $TOP_DIR/tools/install_pip.sh
+    PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/install_pip.sh
 fi
 
 # Do the ugly hacks for broken packages and distros
@@ -944,13 +909,14 @@ fi
 # Configure screen
 # ----------------
 
-USE_SCREEN=$(trueorfalse True $USE_SCREEN)
+USE_SCREEN=$(trueorfalse True USE_SCREEN)
 if [[ "$USE_SCREEN" == "True" ]]; then
     # Create a new named screen to run processes in
     screen -d -m -S $SCREEN_NAME -t shell -s /bin/bash
     sleep 1
 
     # Set a reasonable status bar
+    SCREEN_HARDSTATUS=${SCREEN_HARDSTATUS-:}
     if [ -z "$SCREEN_HARDSTATUS" ]; then
         SCREEN_HARDSTATUS='%{= .} %-Lw%{= .}%> %n%f %t*%{= .}%+Lw%< %-=%{g}(%{d}%H/%l%{g})'
     fi
diff --git a/stackrc b/stackrc
index 355c0dca7c..25682027df 100644
--- a/stackrc
+++ b/stackrc
@@ -43,9 +43,17 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 #  enable_service q-meta
 #  # Optional, to enable tempest configuration as part of devstack
 #  enable_service tempest
+function isset {
+    local nounset=$(set +o | grep nounset)
+    set +o nounset
+    [[ -n "${!1+x}" ]]
+    result=$?
+    $nounset
+    return $result
+}
 
 # this allows us to pass ENABLED_SERVICES
-if [[ -z "$ENABLED_SERVICES" ]]; then
+if ! isset ENABLED_SERVICES ; then
     # core compute (glance / keystone / nova (+ nova-network))
     ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-xvnc,n-cauth
     # cinder
@@ -106,7 +114,7 @@ fi
 
 # This can be used to turn database query logging on and off
 # (currently only implemented for MySQL backend)
-DATABASE_QUERY_LOGGING=$(trueorfalse True $DATABASE_QUERY_LOGGING)
+DATABASE_QUERY_LOGGING=$(trueorfalse True DATABASE_QUERY_LOGGING)
 
 # Set a timeout for git operations.  If git is still running when the
 # timeout expires, the command will be retried up to 3 times.  This is
@@ -593,7 +601,7 @@ fi
 
 # Staging Area for New Images, have them here for at least 24hrs for nodepool
 # to cache them otherwise the failure rates in the gate are too high
-PRECACHE_IMAGES=$(trueorfalse False $PRECACHE_IMAGES)
+PRECACHE_IMAGES=$(trueorfalse False PRECACHE_IMAGES)
 if [[ "$PRECACHE_IMAGES" == "True" ]]; then
     # staging in update for nodepool
     IMAGE_URL="https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"
@@ -646,6 +654,54 @@ SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60}
 # till we get to the point we need to handle this automatically
 YUM=${YUM:-yum}
 
+# Common Configuration
+# --------------------
+
+# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
+# Internet access. ``stack.sh`` must have been previously run with Internet
+# access to install prerequisites and fetch repositories.
+OFFLINE=$(trueorfalse False OFFLINE)
+
+# Set ``ERROR_ON_CLONE`` to ``True`` to configure ``stack.sh`` to exit if
+# the destination git repository does not exist during the ``git_clone``
+# operation.
+ERROR_ON_CLONE=$(trueorfalse False ERROR_ON_CLONE)
+
+# Whether to enable the debug log level in OpenStack services
+ENABLE_DEBUG_LOG_LEVEL=$(trueorfalse True ENABLE_DEBUG_LOG_LEVEL)
+
+# Set fixed and floating range here so we can make sure not to use addresses
+# from either range when attempting to guess the IP to use for the host.
+# Note that setting FIXED_RANGE may be necessary when running DevStack
+# in an OpenStack cloud that uses either of these address ranges internally.
+FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24}
+FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}
+FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256}
+HOST_IP_IFACE=${HOST_IP_IFACE:-}
+HOST_IP=${HOST_IP:-}
+
+HOST_IP=$(get_default_host_ip $FIXED_RANGE $FLOATING_RANGE "$HOST_IP_IFACE" "$HOST_IP")
+if [ "$HOST_IP" == "" ]; then
+    die $LINENO "Could not determine host ip address.  See local.conf for suggestions on setting HOST_IP."
+fi
+
+# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for service endpoints.
+SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
+
+# Configure services to use syslog instead of writing to individual log files
+SYSLOG=$(trueorfalse False SYSLOG)
+SYSLOG_HOST=${SYSLOG_HOST:-$HOST_IP}
+SYSLOG_PORT=${SYSLOG_PORT:-516}
+
+# Use color for logging output (only available if syslog is not used)
+LOG_COLOR=$(trueorfalse True LOG_COLOR)
+
+# Set global ``GIT_DEPTH=`` to limit the history depth of the git clone
+GIT_DEPTH=${GIT_DEPTH:-1}
+
+# Use native SSL for servers in SSL_ENABLED_SERVICES
+USE_SSL=$(trueorfalse False USE_SSL)
+
 # Following entries need to be last items in file
 
 # Local variables:
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
new file mode 100755
index 0000000000..e57948a407
--- /dev/null
+++ b/tests/test_functions.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Tests for DevStack meta-config functions
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP/functions
+source $TOP/tests/unittest.sh
+
+function test_truefalse {
+    local one=1
+    local captrue=True
+    local lowtrue=true
+    local abrevtrue=t
+    local zero=0
+    local capfalse=False
+    local lowfalse=false
+    local abrevfalse=f
+    for against in True False; do
+        for name in one captrue lowtrue abrevtrue; do
+            assert_equal "True" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
+        done
+    done
+    for against in True False; do
+        for name in zero capfalse lowfalse abrevfalse; do
+            assert_equal "False" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
+        done
+    done
+}
+
+test_truefalse
+
+report_results
diff --git a/tests/unittest.sh b/tests/unittest.sh
new file mode 100644
index 0000000000..435cc3a58b
--- /dev/null
+++ b/tests/unittest.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# we always start with no errors
+ERROR=0
+FAILED_FUNCS=""
+
+function assert_equal {
+    local lineno=`caller 0 | awk '{print $1}'`
+    local function=`caller 0 | awk '{print $2}'`
+    local msg=$3
+    if [[ "$1" != "$2" ]]; then
+        FAILED_FUNCS+="$function:L$lineno\n"
+        echo "ERROR: $1 != $2 in $function:L$lineno!"
+        echo "  $msg"
+        ERROR=1
+    else
+        echo "$function:L$lineno - ok"
+    fi
+}
+
+function report_results {
+    if [[ $ERROR -eq 1 ]]; then
+        echo "Tests FAILED"
+        echo $FAILED_FUNCS
+        exit 1
+    fi
+}
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 9651083cb3..303cc63307 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -8,9 +8,15 @@
 #
 # -f        Force an install run now
 
-if [[ -n "$1" &&  "$1" = "-f" ]]; then
-    FORCE_PREREQ=1
-fi
+FORCE_PREREQ=0
+
+while getopts ":f" opt; do
+    case $opt in
+        f)
+            FORCE_PREREQ=1
+            ;;
+    esac
+done
 
 # If TOP_DIR is set we're being sourced rather than running stand-alone
 # or in a sub-shell
diff --git a/unstack.sh b/unstack.sh
index ea45da9fc4..bff01d1ca4 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -6,11 +6,22 @@
 # mysql and rabbit are left running as OpenStack code refreshes
 # do not require them to be restarted.
 #
-# Stop all processes by setting ``UNSTACK_ALL`` or specifying ``--all``
+# Stop all processes by setting ``UNSTACK_ALL`` or specifying ``-a``
 # on the command line
 
+UNSTACK_ALL=""
+
+while getopts ":a" opt; do
+    case $opt in
+        a)
+            UNSTACK_ALL=""
+            ;;
+    esac
+done
+
 # Keep track of the current devstack directory.
 TOP_DIR=$(cd $(dirname "$0") && pwd)
+FILES=$TOP_DIR/files
 
 # Import common functions
 source $TOP_DIR/functions
@@ -19,7 +30,7 @@ source $TOP_DIR/functions
 source $TOP_DIR/lib/database
 
 # Load local configuration
-source $TOP_DIR/stackrc
+source $TOP_DIR/openrc
 
 # Destination path for service data
 DATA_DIR=${DATA_DIR:-${DEST}/data}
@@ -72,10 +83,6 @@ load_plugin_settings
 # ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
 GetOSVersion
 
-if [[ "$1" == "--all" ]]; then
-    UNSTACK_ALL=${UNSTACK_ALL:-1}
-fi
-
 # Run extras
 # ==========
 

From 37026f536663f6d915169b356db08ac5fe4831cb Mon Sep 17 00:00:00 2001
From: Zhongyue Luo 
Date: Tue, 16 Dec 2014 10:56:54 +0800
Subject: [PATCH 0299/3421] Avoid VM configuration with Ironic hardware mode.

If "IRONIC_HARDWARE" is True, VMs are not required when using Ironic.

Change-Id: I33ba294f1e2ea583cd4c24c392637a4ee60a39ab
---
 lib/nova_plugins/hypervisor-ironic | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 4c2043b6b5..0169d731e8 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -56,6 +56,8 @@ function configure_nova_hypervisor {
 function install_nova_hypervisor {
     if ! is_service_enabled neutron; then
         die $LINENO "Neutron should be enabled for usage of the Ironic Nova driver."
+    elif is_ironic_hardware; then
+        return
     fi
     install_libvirt
     if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] && is_ubuntu; then

From 5bc957711ddefddc686af6a3be7ef8f984ee4779 Mon Sep 17 00:00:00 2001
From: Ryu Ishimoto 
Date: Thu, 15 Jan 2015 17:00:03 +0000
Subject: [PATCH 0300/3421] Clone neutron_lbaas for midonet plugin

MidoNet plugin needs the 'neutron_lbaas' module available when it
starts up without needing to start the LBaaS service.  After the
advanced service split, however, devstack clones 'neutron_lbaas'
only when the 'lbaas' service is enabled.  To get around this
conflict, clone 'neutron_lbaas' everytime midonet is configured
as the Neutron plugin.

Change-Id: Ide620db383fc44a66a84d00b2365ec2e846469fe
Closes-Bug: 1402242
---
 lib/neutron_plugins/midonet | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
index eb27ed63dd..23ad8b2020 100644
--- a/lib/neutron_plugins/midonet
+++ b/lib/neutron_plugins/midonet
@@ -29,6 +29,18 @@ function neutron_plugin_configure_common {
     Q_PLUGIN_CONF_PATH=etc/neutron/plugins/midonet
     Q_PLUGIN_CONF_FILENAME=midonet.ini
     Q_PLUGIN_CLASS="neutron.plugins.midonet.plugin.MidonetPluginV2"
+
+    # MidoNet implements LBaaS API in the plugin, not as an LBaaS driver.
+    # In this model, the plugin references the 'neutron_lbaas' module but
+    # does not require starting an LBaaS service.  Devstack, however, clones
+    # 'neutron_lbaas' only if 'lbaas' service is enabled.  To get around this,
+    # always clone 'neutron_lbaas' so that it is made available to the plugin.
+    # Also, discontinue if the 'lbaas' service is enabled.
+    if is_service_enabled q-lbaas; then
+        die $LINENO "LBaaS service should be disabled for the MidoNet plugin"
+    fi
+    git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
+    setup_develop $NEUTRON_LBAAS_DIR
 }
 
 function neutron_plugin_configure_debug_command {

From 0686dae6617407270e08b9313b9be3fa7a2592a0 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Thu, 15 Jan 2015 12:48:26 +0000
Subject: [PATCH 0301/3421] XenAPI: Fix another race condition

Fix it properly this time by forcing a PID from run.sh and using that to track.

A second issue is that upstart may run services twice, introduce a flock test
to ensure that we only run stack.sh once as running in parallel causes issues.

Change-Id: I05990c7154366350b0f9cc3e6c70d6f34238486f
---
 tools/xen/build_xva.sh       | 21 +++++++++++++++------
 tools/xen/install_os_domU.sh | 13 +++++--------
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/tools/xen/build_xva.sh b/tools/xen/build_xva.sh
index 7c8e620f44..7002e6e22e 100755
--- a/tools/xen/build_xva.sh
+++ b/tools/xen/build_xva.sh
@@ -119,9 +119,7 @@ script
 
     chown -R $STACK_USER /opt/stack
 
-    if su -c "/opt/stack/run.sh" $STACK_USER; then
-        touch /var/run/devstack.succeeded
-    fi
+    su -c "/opt/stack/run.sh" $STACK_USER
 
     # Update /etc/issue
     {
@@ -177,8 +175,19 @@ fi
 cat <$STAGING_DIR/opt/stack/run.sh
 #!/bin/bash
 set -eux
-cd /opt/stack/devstack
-./unstack.sh || true
-./stack.sh
+(
+  flock -n 9 || exit 1
+
+  [ -e /opt/stack/runsh.succeeded ] && rm /opt/stack/runsh.succeeded
+  echo \$\$ >> /opt/stack/run_sh.pid
+
+  cd /opt/stack/devstack
+  ./unstack.sh || true
+  ./stack.sh
+
+  # Got to the end - success
+  touch /opt/stack/runsh.succeeded
+  rm /opt/stack/run_sh.pid
+) 9> /opt/stack/.runsh_lock
 EOF
 chmod 755 $STAGING_DIR/opt/stack/run.sh
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 3a63473d40..753f06a83d 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -365,8 +365,8 @@ COPYENV=${COPYENV:-1}
 if [ "$WAIT_TILL_LAUNCH" = "1" ]  && [ -e ~/.ssh/id_rsa.pub  ] && [ "$COPYENV" = "1" ]; then
     set +x
 
-    echo "VM Launched - Waiting for devstack to start"
-    while ! ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "service devstack status | grep -q running"; do
+    echo "VM Launched - Waiting for run.sh"
+    while ! ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "test -e /opt/stack/run_sh.pid"; do
         sleep 10
     done
     echo -n "devstack service is running, waiting for stack.sh to start logging..."
@@ -376,14 +376,11 @@ if [ "$WAIT_TILL_LAUNCH" = "1" ]  && [ -e ~/.ssh/id_rsa.pub  ] && [ "$COPYENV" =
     done
     set -x
 
-    # Watch devstack's output (which doesn't start until stack.sh is running,
-    # but wait for run.sh (which starts stack.sh) to exit as that is what
-    # hopefully writes the succeeded cookie.
-    pid=`ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS pgrep run.sh`
+    pid=`ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "cat /opt/stack/run_sh.pid"`
     ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "tail --pid $pid -n +1 -f /tmp/devstack/log/stack.log"
 
     # Fail if devstack did not succeed
-    ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS 'test -e /var/run/devstack.succeeded'
+    ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS 'test -e /opt/stack/runsh.succeeded'
 
     set +x
     echo "################################################################################"
@@ -401,7 +398,7 @@ else
     echo ""
     echo "ssh into your domU now: 'ssh stack@$OS_VM_MANAGEMENT_ADDRESS' using your password"
     echo "and then do: 'sudo service devstack status' to check if devstack is still running."
-    echo "Check that /var/run/devstack.succeeded exists"
+    echo "Check that /opt/stack/runsh.succeeded exists"
     echo ""
     echo "When devstack completes, you can visit the OpenStack Dashboard"
     echo "at http://$OS_VM_SERVICES_ADDRESS, and contact other services at the usual ports."

From 1e3a5d2d6cfd298080a9596ae4efa5c450341b69 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Fri, 16 Jan 2015 13:06:58 +0000
Subject: [PATCH 0302/3421] XenAPI: Use SCREEN_LOGDIR rather than assuming a
 static value

This value was defined in Citrix's install-devstack-xen script, so
only worked for those using that script.

Change-Id: Iab63389f41760865f2b67f6dccd57d774e889905
---
 tools/xen/install_os_domU.sh | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 753f06a83d..546ead6127 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -371,14 +371,19 @@ if [ "$WAIT_TILL_LAUNCH" = "1" ]  && [ -e ~/.ssh/id_rsa.pub  ] && [ "$COPYENV" =
     done
     echo -n "devstack service is running, waiting for stack.sh to start logging..."
 
-    while ! ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "test -e /tmp/devstack/log/stack.log"; do
-        sleep 10
-    done
-    set -x
-
     pid=`ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "cat /opt/stack/run_sh.pid"`
-    ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "tail --pid $pid -n +1 -f /tmp/devstack/log/stack.log"
+    if [ -n "$SCREEN_LOGDIR" ]; then
+        while ! ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "test -e ${SCREEN_LOGDIR}/stack.log"; do
+            sleep 10
+        done
+
+        ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "tail --pid $pid -n +1 -f ${SCREEN_LOGDIR}/stack.log"
+    else
+        echo -n "SCREEN_LOGDIR not set; just waiting for process $pid to finish"
+        ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS "wait $pid"
+    fi
 
+    set -x
     # Fail if devstack did not succeed
     ssh_no_check -q stack@$OS_VM_MANAGEMENT_ADDRESS 'test -e /opt/stack/runsh.succeeded'
 

From d06a6d9d8bd3663d0cc0783b0868f6cfc9b8563e Mon Sep 17 00:00:00 2001
From: Rob 
Date: Thu, 4 Dec 2014 20:32:22 +0000
Subject: [PATCH 0303/3421] Create initial network when using Cisco N1k plugin

This patch creates an initial network when using the Cisco n1k plugin,
as it fails otherwise.

Change-Id: Ieceac0e2518bf5ca4cd808f6719b73aad0db903b
Closes-Bug: 1399389
---
 lib/neutron               | 5 +++++
 lib/neutron_plugins/cisco | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index b4d0b8cad4..bfb0fbadec 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -534,6 +534,11 @@ function create_neutron_initial_network {
     TENANT_ID=$(openstack project list | grep " demo " | get_field 1)
     die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for demo"
 
+    # Allow drivers that need to create an initial network to do so here
+    if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
+        neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
+    fi
+
     if is_provider_network; then
         die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
         die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco
index b067aa6b11..90dcd574c0 100644
--- a/lib/neutron_plugins/cisco
+++ b/lib/neutron_plugins/cisco
@@ -144,6 +144,10 @@ function neutron_plugin_configure_service {
     fi
 }
 
+function neutron_plugin_create_initial_network_profile {
+    neutron cisco-network-profile-create default_network_profile vlan --segment_range 1-3000 --physical_network "$1"
+}
+
 function neutron_plugin_setup_interface_driver {
     local conf_file=$1
     iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver

From ad5cc986d86e9deff506c0451409f26fc8e86efe Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 10 Dec 2014 16:35:32 -0600
Subject: [PATCH 0304/3421] Rename screen logfiles

This renames the log files in logs/screen that contain timestamps to put
the timestamp after '.log' and '.log.summary' in the names.  This will
simplify devstack-gate's search for log files to copy to '*.log'.

dstat.txt is also renamed to dstat.log

Make LOGDIR and LOGFILE local

bp:devstack-logging-and-service-names
Change-Id: I02aba9ca82c117a1186dafc1d3c07aa04ecd1dde
---
 functions-common | 14 +++++++-------
 lib/dstat        |  2 +-
 stack.sh         | 19 +++++++++----------
 3 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/functions-common b/functions-common
index b0b262236d..23d59c7d98 100644
--- a/functions-common
+++ b/functions-common
@@ -1244,8 +1244,8 @@ function _run_process {
     exec 6>&-
 
     if [[ -n ${SCREEN_LOGDIR} ]]; then
-        exec 1>&${SCREEN_LOGDIR}/screen-${service}.${CURRENT_LOG_TIME}.log 2>&1
-        ln -sf ${SCREEN_LOGDIR}/screen-${service}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${service}.log
+        exec 1>&${SCREEN_LOGDIR}/screen-${service}.log.${CURRENT_LOG_TIME} 2>&1
+        ln -sf ${SCREEN_LOGDIR}/screen-${service}.log.${CURRENT_LOG_TIME} ${SCREEN_LOGDIR}/screen-${service}.log
 
         # TODO(dtroyer): Hack to get stdout from the Python interpreter for the logs.
         export PYTHONUNBUFFERED=1
@@ -1329,9 +1329,9 @@ function screen_process {
     screen -S $SCREEN_NAME -X screen -t $name
 
     if [[ -n ${SCREEN_LOGDIR} ]]; then
-        screen -S $SCREEN_NAME -p $name -X logfile ${SCREEN_LOGDIR}/screen-${name}.${CURRENT_LOG_TIME}.log
+        screen -S $SCREEN_NAME -p $name -X logfile ${SCREEN_LOGDIR}/screen-${name}.log.${CURRENT_LOG_TIME}
         screen -S $SCREEN_NAME -p $name -X log on
-        ln -sf ${SCREEN_LOGDIR}/screen-${name}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${name}.log
+        ln -sf ${SCREEN_LOGDIR}/screen-${name}.log.${CURRENT_LOG_TIME} ${SCREEN_LOGDIR}/screen-${name}.log
     fi
 
     # sleep to allow bash to be ready to be send the command - we are
@@ -1377,7 +1377,7 @@ function screen_rc {
         echo "stuff \"$2$NL\"" >> $SCREENRC
 
         if [[ -n ${SCREEN_LOGDIR} ]]; then
-            echo "logfile ${SCREEN_LOGDIR}/screen-${1}.${CURRENT_LOG_TIME}.log" >>$SCREENRC
+            echo "logfile ${SCREEN_LOGDIR}/screen-${1}.log.${CURRENT_LOG_TIME}" >>$SCREENRC
             echo "log on" >>$SCREENRC
         fi
     fi
@@ -1489,8 +1489,8 @@ function _old_run_process {
     exec 6>&-
 
     if [[ -n ${SCREEN_LOGDIR} ]]; then
-        exec 1>&${SCREEN_LOGDIR}/screen-${1}.${CURRENT_LOG_TIME}.log 2>&1
-        ln -sf ${SCREEN_LOGDIR}/screen-${1}.${CURRENT_LOG_TIME}.log ${SCREEN_LOGDIR}/screen-${1}.log
+        exec 1>&${SCREEN_LOGDIR}/screen-${1}.log.${CURRENT_LOG_TIME} 2>&1
+        ln -sf ${SCREEN_LOGDIR}/screen-${1}.log.${CURRENT_LOG_TIME} ${SCREEN_LOGDIR}/screen-${1}.log
 
         # TODO(dtroyer): Hack to get stdout from the Python interpreter for the logs.
         export PYTHONUNBUFFERED=1
diff --git a/lib/dstat b/lib/dstat
index 73ca279fea..a17125fc92 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -20,7 +20,7 @@ set +o xtrace
 # Defaults
 # --------
 # for DSTAT logging
-DSTAT_FILE=${DSTAT_FILE:-"dstat.txt"}
+DSTAT_FILE=${DSTAT_FILE:-"dstat.log"}
 
 
 # start_dstat() - Start running processes, including screen
diff --git a/stack.sh b/stack.sh
index 048e5d1a1e..f42e68ae08 100755
--- a/stack.sh
+++ b/stack.sh
@@ -370,15 +370,14 @@ if [[ -n "$LOGFILE" || -n "$SCREEN_LOGDIR" ]]; then
 fi
 
 if [[ -n "$LOGFILE" ]]; then
-    # First clean up old log files.  Use the user-specified ``LOGFILE``
-    # as the template to search for, appending '.*' to match the date
-    # we added on earlier runs.
-    LOGDIR=$(dirname "$LOGFILE")
-    LOGFILENAME=$(basename "$LOGFILE")
-    mkdir -p $LOGDIR
-    find $LOGDIR -maxdepth 1 -name $LOGFILENAME.\* -mtime +$LOGDAYS -exec rm {} \;
+    # Clean up old log files.  Append '.*' to the user-specified
+    # ``LOGFILE`` to match the date in the search template.
+    local logfile_dir="${LOGFILE%/*}"           # dirname
+    local logfile_name="${LOGFILE##*/}"         # basename
+    mkdir -p $logfile_dir
+    find $logfile_dir -maxdepth 1 -name $logfile_name.\* -mtime +$LOGDAYS -exec rm {} \;
     LOGFILE=$LOGFILE.${CURRENT_LOG_TIME}
-    SUMFILE=$LOGFILE.${CURRENT_LOG_TIME}.summary
+    SUMFILE=$LOGFILE.summary.${CURRENT_LOG_TIME}
 
     # Redirect output according to config
 
@@ -399,8 +398,8 @@ if [[ -n "$LOGFILE" ]]; then
 
     echo_summary "stack.sh log $LOGFILE"
     # Specified logfile name always links to the most recent log
-    ln -sf $LOGFILE $LOGDIR/$LOGFILENAME
-    ln -sf $SUMFILE $LOGDIR/$LOGFILENAME.summary
+    ln -sf $LOGFILE $logfile_dir/$logfile_name
+    ln -sf $SUMFILE $logfile_dir/$logfile_name.summary
 else
     # Set up output redirection without log files
     # Set fd 3 to a copy of stdout. So we can set fd 1 without losing

From 9b1df576342e2151df4b6e8daec3ccb72abc238a Mon Sep 17 00:00:00 2001
From: venkata anil 
Date: Thu, 15 Jan 2015 07:38:22 +0000
Subject: [PATCH 0305/3421] neutron should log user_name and project_name by
 default like in nova

neutron doesn't log user_name and project_name along side req-id in
devstack logs. So, Openstack jenkins neutron check and gate jobs also
not logging user_name and project_name along side req-id.
Without knowing the user and tenant, its hard to understand what the
logs are doing when multiple tenants are using the cloud.

Nova is logging user_name and project_name by default.
So porting the same changes to neutron.

Change-Id: I10eac2e4177a898e9bcc60c08f3bd39a2ec9f31b
Closes-Bug: #1399788
---
 lib/neutron | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index b4d0b8cad4..52cc575d1c 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -837,6 +837,9 @@ function _configure_neutron_common {
     # Format logging
     if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
         setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
+    else
+        # Show user_name and project_name by default like in nova
+        iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
     fi
 
     if is_service_enabled tls-proxy; then

From 90333437337ff38c04e363cd3dbd7aa970ef21c4 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Mon, 19 Jan 2015 10:56:42 +0000
Subject: [PATCH 0306/3421] Set password irrespective of mysql server version

Ubuntu recently upgraded from 5.1 to 5.5 so the previous debconf
settings no longer work.  Removing the version number should make
the settings work for all versions of mysql

Change-Id: I6b399a06232364d3ba3bf74430b663e0b8b922ed
---
 lib/databases/mysql | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 45484c15e9..7bd74dce27 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -138,10 +138,10 @@ function install_database_mysql {
     if is_ubuntu; then
         # Seed configuration with mysql password so that apt-get install doesn't
         # prompt us for a password upon install.
-        cat <
Date: Fri, 31 Oct 2014 15:01:29 -0400
Subject: [PATCH 0307/3421] Adds support for LVM ephemeral storage in Nova

DevStack currently lacks support for LVM ephemeral storage in Nova.
This support is important for testing of Nova's LVM backend. The
proposed change adds a default volume group, to be shared by Cinder
and Nova. It also adds a configuration option NOVA_BACKEND, which
must be LVM if it is set, that determines whether Nova should be
configured to use LVM ephemeral storage.

Change-Id: I4eb9afff3536fbcd563939f2d325efbb845081bb
---
 HACKING.rst             |   4 +-
 lib/cinder              |   4 +-
 lib/cinder_backends/lvm | 130 +++-------------------------------------
 lib/lvm                 | 124 ++++++++++++++++++++++++++++++++++++++
 lib/nova                |   5 ++
 stack.sh                |   5 ++
 unstack.sh              |   3 +
 7 files changed, 150 insertions(+), 125 deletions(-)
 create mode 100644 lib/lvm

diff --git a/HACKING.rst b/HACKING.rst
index 3ffe1e2103..b7d9a49458 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -110,8 +110,8 @@ follows:
 * Global configuration that may be referenced in ``local.conf``, i.e. ``DEST``, ``DATA_DIR``
 * Global service configuration like ``ENABLED_SERVICES``
 * Variables used by multiple services that do not have a clear owner, i.e.
-  ``VOLUME_BACKING_FILE_SIZE`` (nova-volumes and cinder) or ``PUBLIC_NETWORK_NAME``
-  (nova-network and neutron)
+  ``VOLUME_BACKING_FILE_SIZE`` (nova-compute, nova-volumes and cinder) or
+  ``PUBLIC_NETWORK_NAME`` (nova-network and neutron)
 * Variables that can not be cleanly declared in a project file due to
   dependency ordering, i.e. the order of sourcing the project files can
   not be changed for other reasons but the earlier file needs to dereference a
diff --git a/lib/cinder b/lib/cinder
index 7fc694957b..f1a5de7e05 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -76,9 +76,9 @@ CINDER_MULTI_LVM_BACKEND=$(trueorfalse False CINDER_MULTI_LVM_BACKEND)
 # configuration and for the volume type name.  Multiple backends are
 # comma-separated.
 if [[ $CINDER_MULTI_LVM_BACKEND == "False" ]]; then
-    CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1}
+    CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:${DEFAULT_VOLUME_GROUP_NAME##*-}}
 else
-    CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2}
+    CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:${DEFAULT_VOLUME_GROUP_NAME##*-},lvm:cinder}
 fi
 
 
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 280baf7b3e..43e13e4dac 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -14,6 +14,7 @@
 
 # CINDER_CONF
 # DATA_DIR
+# VOLUME_GROUP_NAME
 
 # clean_cinder_backend_lvm - called from clean_cinder()
 # configure_cinder_backend_lvm - called from configure_cinder()
@@ -25,157 +26,44 @@ MY_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
 
-# Defaults
-# --------
-
-# Name of the lvm volume groups to use/create for iscsi volumes
-# This monkey-motion is for compatibility with icehouse-generation Grenade
-# If ``VOLUME_GROUP`` is set, use it, otherwise we'll build a VG name based
-# on ``VOLUME_GROUP_NAME`` that includes the backend name
-# Grenade doesn't use ``VOLUME_GROUP2`` so it is left out
-VOLUME_GROUP=${VOLUME_GROUP:-}
-VOLUME_GROUP_NAME=${VOLUME_GROUP:-${VOLUME_GROUP_NAME:-stack-volumes}}
-
 # TODO: resurrect backing device...need to know how to set values
 #VOLUME_BACKING_DEVICE=${VOLUME_BACKING_DEVICE:-}
 
-VOLUME_NAME_PREFIX=${VOLUME_NAME_PREFIX:-volume-}
-
-
 # Entry Points
 # ------------
 
-# Compatibility for getting a volume group name from either ``VOLUME_GROUP``
-# or from ``VOLUME_GROUP_NAME`` plus the backend name
-function get_volume_group_name {
-    local be_name=$1
-
-    # Again with the icehouse-generation compatibility
-    local volume_group_name=$VOLUME_GROUP_NAME
-    if [[ -z $VOLUME_GROUP ]]; then
-        volume_group_name+="-$be_name"
-    fi
-    echo $volume_group_name
-}
-
+# cleanup_cinder_backend_lvm - Delete volume group and remove backing file
+# cleanup_cinder_backend_lvm $be_name
 function cleanup_cinder_backend_lvm {
     local be_name=$1
 
-    # Again with the icehouse-generation compatibility
-    local volume_group_name=$(get_volume_group_name $be_name)
-
     # Campsite rule: leave behind a volume group at least as clean as we found it
-    _clean_lvm_lv ${volume_group_name} $VOLUME_NAME_PREFIX
-    _clean_lvm_backing_file ${volume_group_name} $DATA_DIR/${volume_group_name}-backing-file
+    clean_lvm_volume_group $VOLUME_GROUP_NAME-$be_name
 }
 
 # configure_cinder_backend_lvm - Set config files, create data dirs, etc
-# configure_cinder_backend_lvm $name
+# configure_cinder_backend_lvm $be_name
 function configure_cinder_backend_lvm {
     local be_name=$1
 
-    # Again with the icehouse-generation compatibility
-    local volume_group_name=$(get_volume_group_name $be_name)
-
     iniset $CINDER_CONF $be_name volume_backend_name $be_name
     iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMISCSIDriver"
-    iniset $CINDER_CONF $be_name volume_group $volume_group_name
+    iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
 
     if [[ "$CINDER_SECURE_DELETE" == "False" ]]; then
         iniset $CINDER_CONF $be_name volume_clear none
     fi
 }
 
-
+# init_cinder_backend_lvm - Initialize volume group
+# init_cinder_backend_lvm $be_name
 function init_cinder_backend_lvm {
     local be_name=$1
 
-    # Again with the icehouse-generation compatibility
-    local volume_group_name=$(get_volume_group_name $be_name)
-
     # Start with a clean volume group
-    _create_cinder_volume_group ${volume_group_name} $DATA_DIR/${volume_group_name}-backing-file
-
-    if is_fedora || is_suse; then
-        # service is not started by default
-        start_service tgtd
-    fi
-
-    # Remove iscsi targets
-    sudo tgtadm --op show --mode target | grep $VOLUME_NAME_PREFIX | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
-    _clean_lvm_lv ${volume_group_name} $VOLUME_NAME_PREFIX
-}
-
-
-# _clean_lvm_lv removes all cinder LVM volumes
-#
-# Usage: _clean_lvm_lv volume-group-name $VOLUME_NAME_PREFIX
-function _clean_lvm_lv {
-    local vg=$1
-    local lv_prefix=$2
-
-    # Clean out existing volumes
-    local lv
-    for lv in $(sudo lvs --noheadings -o lv_name $vg 2>/dev/null); do
-        # lv_prefix prefixes the LVs we want
-        if [[ "${lv#$lv_prefix}" != "$lv" ]]; then
-            sudo lvremove -f $vg/$lv
-        fi
-    done
-}
-
-# _clean_lvm_backing_file() removes the backing file of the
-# volume group used by cinder
-#
-# Usage: _clean_lvm_backing_file() volume-group-name backing-file-name
-function _clean_lvm_backing_file {
-    local vg=$1
-    local backing_file=$2
-
-    # if there is no logical volume left, it's safe to attempt a cleanup
-    # of the backing file
-    if [[ -z "$(sudo lvs --noheadings -o lv_name $vg 2>/dev/null)" ]]; then
-        # if the backing physical device is a loop device, it was probably setup by devstack
-        local vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/backing-file/ { print $1}')
-        if [[ -n "$vg_dev" ]] && [[ -e "$vg_dev" ]]; then
-            sudo losetup -d $vg_dev
-            rm -f $backing_file
-        fi
-    fi
+    init_lvm_volume_group $VOLUME_GROUP_NAME-$be_name $VOLUME_BACKING_FILE_SIZE
 }
 
-# _create_cinder_volume_group volume-group-name backing-file-name
-function _create_cinder_volume_group {
-    # According to the ``CINDER_MULTI_LVM_BACKEND`` value, configure one or two default volumes
-    # group called ``stack-volumes`` (and ``stack-volumes2``) for the volume
-    # service if it (they) does (do) not yet exist. If you don't wish to use a
-    # file backed volume group, create your own volume group called ``stack-volumes``
-    # and ``stack-volumes2`` before invoking ``stack.sh``.
-    #
-    # The two backing files are ``VOLUME_BACKING_FILE_SIZE`` in size, and they are stored in
-    # the ``DATA_DIR``.
-
-    local vg_name=$1
-    local backing_file=$2
-
-    if ! sudo vgs $vg_name; then
-        # TODO: fix device handling
-        if [ -z "$VOLUME_BACKING_DEVICE" ]; then
-            # Only create if the file doesn't already exists
-            [[ -f $backing_file ]] || truncate -s $VOLUME_BACKING_FILE_SIZE $backing_file
-            local vg_dev=`sudo losetup -f --show $backing_file`
-
-            # Only create if the loopback device doesn't contain $VOLUME_GROUP
-            if ! sudo vgs $vg_name; then
-                sudo vgcreate $vg_name $vg_dev
-            fi
-        else
-            sudo vgcreate $vg_name $VOLUME_BACKING_DEVICE
-        fi
-    fi
-}
-
-
 # Restore xtrace
 $MY_XTRACE
 
diff --git a/lib/lvm b/lib/lvm
new file mode 100644
index 0000000000..4ef260d593
--- /dev/null
+++ b/lib/lvm
@@ -0,0 +1,124 @@
+# lib/lvm
+# Configure the default LVM volume group used by Cinder and Nova
+
+# Dependencies:
+#
+# - ``functions`` file
+# - ``cinder`` configurations
+
+# DATA_DIR
+
+# clean_default_volume_group - called from clean()
+# configure_default_volume_group - called from configure()
+# init_default_volume_group - called from init()
+
+
+# Save trace setting
+MY_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+# Name of the lvm volume groups to use/create for iscsi volumes
+# This monkey-motion is for compatibility with icehouse-generation Grenade
+# If ``VOLUME_GROUP`` is set, use it, otherwise we'll build a VG name based
+# on ``VOLUME_GROUP_NAME`` that includes the backend name
+# Grenade doesn't use ``VOLUME_GROUP2`` so it is left out
+VOLUME_GROUP_NAME=${VOLUME_GROUP:-${VOLUME_GROUP_NAME:-stack-volumes}}
+DEFAULT_VOLUME_GROUP_NAME=$VOLUME_GROUP_NAME-default
+
+# Backing file name is of the form $VOLUME_GROUP$BACKING_FILE_SUFFIX
+BACKING_FILE_SUFFIX=-backing-file
+
+
+# Entry Points
+# ------------
+
+# _clean_lvm_volume_group removes all default LVM volumes
+#
+# Usage: clean_lvm_volume_group $vg
+function _clean_lvm_volume_group {
+    local vg=$1
+
+    # Clean out existing volumes
+    sudo lvremove -f $vg
+}
+
+# _clean_lvm_backing_file() removes the backing file of the
+# volume group
+#
+# Usage: _clean_lvm_backing_file() $backing_file
+function _clean_lvm_backing_file {
+    local backing_file=$1
+
+    # if the backing physical device is a loop device, it was probably setup by devstack
+    if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
+        local vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
+        sudo losetup -d $vg_dev
+        rm -f $backing_file
+    fi
+}
+
+# clean_lvm_volume_group() cleans up the volume group and removes the
+# backing file
+#
+# Usage: clean_lvm_volume_group $vg
+function clean_lvm_volume_group {
+    local vg=$1
+
+    _clean_lvm_volume_group $vg
+    # if there is no logical volume left, it's safe to attempt a cleanup
+    # of the backing file
+    if [[ -z "$(sudo lvs --noheadings -o lv_name $vg 2>/dev/null)" ]]; then
+        _clean_lvm_backing_file $DATA_DIR/$vg$BACKING_FILE_SUFFIX
+    fi
+}
+
+
+# _create_volume_group creates default volume group
+#
+# Usage: _create_lvm_volume_group() $vg $size
+function _create_lvm_volume_group {
+    local vg=$1
+    local size=$2
+
+    local backing_file=$DATA_DIR/$vg$BACKING_FILE_SUFFIX
+    if ! sudo vgs $vg; then
+        # Only create if the file doesn't already exists
+        [[ -f $DATA_DIR/$backing_file ]] || truncate -s $size $backing_file
+        local vg_dev=`sudo losetup -f --show $backing_file`
+
+        # Only create volume group if it doesn't already exist
+        if ! sudo vgs $vg; then
+            sudo vgcreate $vg $vg_dev
+        fi
+    fi
+}
+
+# init_lvm_volume_group() initializes the volume group creating the backing
+# file if necessary
+#
+# Usage: init_lvm_volume_group() $vg
+function init_lvm_volume_group {
+    local vg=$1
+    local size=$2
+    # Start with a clean volume group
+    _create_lvm_volume_group $vg $size
+
+    if is_fedora || is_suse; then
+        # service is not started by default
+        start_service tgtd
+    fi
+
+    # Remove iscsi targets
+    sudo tgtadm --op show --mode target | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
+
+    _clean_lvm_volume_group $vg
+}
+
+# Restore xtrace
+$MY_XTRACE
+
+# mode: shell-script
+# End:
diff --git a/lib/nova b/lib/nova
index 0e9282bb1b..61216ff9d6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -547,6 +547,11 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS"
     iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS"
 
+    if [[ "$NOVA_BACKEND" == "LVM" ]]; then
+        iniset $NOVA_CONF libvirt images_type "lvm"
+        iniset $NOVA_CONF libvirt images_volume_group $DEFAULT_VOLUME_GROUP_NAME
+    fi
+
     if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
         iniset $NOVA_CONF DEFAULT glance_protocol https
     fi
diff --git a/stack.sh b/stack.sh
index 585d1ceaf6..45113b50d2 100755
--- a/stack.sh
+++ b/stack.sh
@@ -523,6 +523,7 @@ source $TOP_DIR/lib/tls
 source $TOP_DIR/lib/infra
 source $TOP_DIR/lib/oslo
 source $TOP_DIR/lib/stackforge
+source $TOP_DIR/lib/lvm
 source $TOP_DIR/lib/horizon
 source $TOP_DIR/lib/keystone
 source $TOP_DIR/lib/glance
@@ -939,6 +940,10 @@ init_service_check
 # A better kind of sysstat, with the top process per time slice
 start_dstat
 
+# Initialize default LVM volume group
+# -----------------------------------
+init_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME $VOLUME_BACKING_FILE_SIZE
+
 # Start Services
 # ==============
 
diff --git a/unstack.sh b/unstack.sh
index bff01d1ca4..b8b7f4a130 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -55,6 +55,7 @@ source $TOP_DIR/lib/tls
 source $TOP_DIR/lib/infra
 source $TOP_DIR/lib/oslo
 source $TOP_DIR/lib/stackforge
+source $TOP_DIR/lib/lvm
 source $TOP_DIR/lib/horizon
 source $TOP_DIR/lib/keystone
 source $TOP_DIR/lib/glance
@@ -177,3 +178,5 @@ if [[ -n "$SCREEN" ]]; then
         screen -X -S $SESSION quit
     fi
 fi
+
+clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME

From 5541a618de890ec721c375506057eeb6cb7a5a63 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Mon, 19 Jan 2015 15:58:49 -0500
Subject: [PATCH 0308/3421] Use `os role list` instead of `os user role list`

Since `os user role list` is being deprecated, we should start
migrating to `os role list`, which now has the required ability
to list a users role on a project as of v1.0.2 of osc.

Change-Id: I3fa8bf8f1feaac16e1cde5c55b1be00b92eaa5f6
---
 functions-common | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 5bca836d37..9c4d59976a 100644
--- a/functions-common
+++ b/functions-common
@@ -919,8 +919,8 @@ function get_or_create_role {
 # Usage: get_or_add_user_role   
 function get_or_add_user_role {
     # Gets user role id
-    local user_role_id=$(openstack user role list \
-        $2 \
+    local user_role_id=$(openstack role list \
+        --user $2 \
         --project $3 \
         --column "ID" \
         --column "Name" \

From 789af5ccfa49e40eabe1454e9e2d31bd6c6f0ef8 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Mon, 19 Jan 2015 16:11:44 -0500
Subject: [PATCH 0309/3421] Update osc server create to have type as positional
 arg

In Keystone, for v2 and v3 service creation, there was a bug that
allowed a service to be created with no type, which made it useless.

See reference bug for details.

Change-Id: I5d095007fe2ebc8219dc012c5b16cb4c122179cd
Related-Bug: #1404073
---
 functions-common | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 5bca836d37..ce809f1563 100644
--- a/functions-common
+++ b/functions-common
@@ -945,8 +945,8 @@ function get_or_create_service {
         openstack service show $1 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
-            $1 \
-            --type=$2 \
+            $2 \
+            --name $1 \
             --description="$3" \
             -f value -c id
     )

From 3566310ea8731547afd1ca18e1416a2d12dbc0c7 Mon Sep 17 00:00:00 2001
From: Kennan 
Date: Tue, 20 Jan 2015 16:19:49 +0800
Subject: [PATCH 0310/3421] Remove unneeded word

Change-Id: Ic3f7fb5bc992e1a8c5b9fc433572d7e39f81f08a
---
 doc/source/guides/neutron.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 90d4ca3c77..95cde9699a 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -196,7 +196,7 @@ controller node.
         SEGMENTATION_ID=2010
 
 In this configuration we are defining FIXED_RANGE to be a
-subnet that exists in the private RFC1918 address space - however in
+subnet that exists in the private RFC1918 address space - however
 in a real setup FIXED_RANGE would be a public IP address range, so
 that you could access your instances from the public internet.
 

From 37b7a665d046160754396423cd4443a3e3f9bb11 Mon Sep 17 00:00:00 2001
From: JordanP 
Date: Tue, 20 Jan 2015 14:28:22 +0100
Subject: [PATCH 0311/3421] Fix doc: API_RATE_LIMIT has been removed

Ib0538bdd23b17e519b9c917018ccc9fa8c6425c5 removed the option
API_RATE_LIMIT. So don't mention it in the documentation.

Change-Id: I9df67c3dd1b800f6a51de2cd78aeaad10ca38f7e
---
 doc/source/configuration.rst | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index baebe979b0..b9a48024ed 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -352,19 +352,6 @@ Multi-host DevStack
         GLANCE_HOSTPORT=w.x.y.z:9292
         ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
 
-API rate limits
----------------
-
-    | Default: ``API_RATE_LIMIT=True``
-    | Integration tests such as Tempest will likely run afoul of the
-      default rate limits configured for Nova. Turn off rate limiting
-      during testing by setting ``API_RATE_LIMIT=False``.*
-    |
-
-    ::
-
-        API_RATE_LIMIT=False
-
 IP Version
     | Default: ``IP_VERSION=4``
     | This setting can be used to configure DevStack to create either an IPv4,

From 59d52f307b8fee53c29cda803ba3d1848ef91a8b Mon Sep 17 00:00:00 2001
From: Kevin Benton 
Date: Sat, 17 Jan 2015 11:29:12 -0800
Subject: [PATCH 0312/3421] Disable shallow cloning with GIT_DEPTH=0

The recent patch to enable shallow cloning added a method to skip
it by checking if GIT_DEPTH was null. However, this could never
be triggered because if the user specified it as null, the default
setting code would take over and set it to 1.

This patch allows the user to specify GIT_DEPTH=0 to skip the
shallow clone.

Change-Id: I00ea7ab54ed51dc3ede9ceb9ff0f11575a035d1c
---
 functions-common | 2 +-
 stackrc          | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 5bca836d37..7be0a92a72 100644
--- a/functions-common
+++ b/functions-common
@@ -601,7 +601,7 @@ function git_clone {
     local git_clone_flags=""
 
     RECLONE=$(trueorfalse False RECLONE)
-    if [[ -n "${GIT_DEPTH}" ]]; then
+    if [[ "${GIT_DEPTH}" -gt 0 ]]; then
         git_clone_flags="$git_clone_flags --depth $GIT_DEPTH"
     fi
 
diff --git a/stackrc b/stackrc
index 25682027df..2dd56e8104 100644
--- a/stackrc
+++ b/stackrc
@@ -697,7 +697,8 @@ SYSLOG_PORT=${SYSLOG_PORT:-516}
 LOG_COLOR=$(trueorfalse True LOG_COLOR)
 
 # Set global ``GIT_DEPTH=`` to limit the history depth of the git clone
-GIT_DEPTH=${GIT_DEPTH:-1}
+# Set to 0 to disable shallow cloning
+GIT_DEPTH=${GIT_DEPTH:-0}
 
 # Use native SSL for servers in SSL_ENABLED_SERVICES
 USE_SSL=$(trueorfalse False USE_SSL)

From fc9cc96514bf582d644029f114441891a087d665 Mon Sep 17 00:00:00 2001
From: Mikhail S Medvedev 
Date: Tue, 20 Jan 2015 11:04:48 -0600
Subject: [PATCH 0313/3421] Remove locals that were not inside functions

Using 'local' keyword outside a function is invalid.

Also uppercase the variables to adhere to the style.

Related: I02aba9ca82c117a1186dafc1d3c07aa04ecd1dde
Change-Id: I76d358f8ebf5145cd3c65f9a470c83d4af67fd32
---
 stack.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/stack.sh b/stack.sh
index 00a617253e..aeaaf6072c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -381,10 +381,10 @@ fi
 if [[ -n "$LOGFILE" ]]; then
     # Clean up old log files.  Append '.*' to the user-specified
     # ``LOGFILE`` to match the date in the search template.
-    local logfile_dir="${LOGFILE%/*}"           # dirname
-    local logfile_name="${LOGFILE##*/}"         # basename
-    mkdir -p $logfile_dir
-    find $logfile_dir -maxdepth 1 -name $logfile_name.\* -mtime +$LOGDAYS -exec rm {} \;
+    LOGFILE_DIR="${LOGFILE%/*}"           # dirname
+    LOGFILE_NAME="${LOGFILE##*/}"         # basename
+    mkdir -p $LOGFILE_DIR
+    find $LOGFILE_DIR -maxdepth 1 -name $LOGFILE_NAME.\* -mtime +$LOGDAYS -exec rm {} \;
     LOGFILE=$LOGFILE.${CURRENT_LOG_TIME}
     SUMFILE=$LOGFILE.summary.${CURRENT_LOG_TIME}
 
@@ -407,8 +407,8 @@ if [[ -n "$LOGFILE" ]]; then
 
     echo_summary "stack.sh log $LOGFILE"
     # Specified logfile name always links to the most recent log
-    ln -sf $LOGFILE $logfile_dir/$logfile_name
-    ln -sf $SUMFILE $logfile_dir/$logfile_name.summary
+    ln -sf $LOGFILE $LOGFILE_DIR/$LOGFILE_NAME
+    ln -sf $SUMFILE $LOGFILE_DIR/$LOGFILE_NAME.summary
 else
     # Set up output redirection without log files
     # Set fd 3 to a copy of stdout. So we can set fd 1 without losing

From dde41d0797f0b085099cd5c9ff1e0110d5ae3fbd Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Tue, 9 Dec 2014 17:47:57 -0600
Subject: [PATCH 0314/3421] Deprecate SCREEN_LOGDIR in favor of LOGDIR

This is the first step in the log file cleanup.  If SCREEN_LOGDIR
is still set, symlinks will be created in the old screen log directory
so things like the devstack-gate log collector continues to work.

bp:logging-and-service-names
Change-Id: I3ac796e322a18dbd0b8b2310a08310ca159d7613
---
 doc/source/configuration.rst | 25 +++++++++----------
 functions-common             | 43 +++++++++++++++++++++------------
 lib/dstat                    |  8 ++++--
 stack.sh                     |  7 +++---
 stackrc                      | 47 ++++++++++++++++++++++++++++++++++++
 5 files changed, 95 insertions(+), 35 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index baebe979b0..7dbb5882ee 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -200,22 +200,19 @@ Enable Logging
 
         LOG_COLOR=False
 
-Logging the Screen Output
--------------------------
-
-    | *Default: ``SCREEN_LOGDIR=""``*
-    |  By default DevStack runs the OpenStack services using ``screen``
-       which is useful for watching log and debug output. However, in
-       automated testing the interactive ``screen`` sessions may not be
-       available after the fact; setting ``SCREEN_LOGDIR`` enables logging
-       of the ``screen`` sessions in the specified directory. There will be
-       one file per ``screen`` session named for the session name and a
-       timestamp.
+Logging the Service Output
+--------------------------
+
+    | *Default: ``LOGDIR=""``*
+    |  DevStack will log the stdout output of the services it starts.
+       When using ``screen`` this logs the output in the screen windows
+       to a file.  Without ``screen`` this simply redirects stdout of
+       the service process to a file in ``LOGDIR``.
     |
 
     ::
 
-        SCREEN_LOGDIR=$DEST/logs/screen
+        LOGDIR=$DEST/logs
 
     *Note the use of ``DEST`` to locate the main install directory; this
     is why we suggest setting it in ``local.conf``.*
@@ -413,8 +410,8 @@ Examples
        FIXED_RANGE=10.254.1.0/24
        NETWORK_GATEWAY=10.254.1.1
        LOGDAYS=1
-       LOGFILE=$DEST/logs/stack.sh.log
-       SCREEN_LOGDIR=$DEST/logs/screen
+       LOGDIR=$DEST/logs
+       LOGFILE=$LOGDIR/stack.sh.log
        ADMIN_PASSWORD=quiet
        DATABASE_PASSWORD=$ADMIN_PASSWORD
        RABBIT_PASSWORD=$ADMIN_PASSWORD
diff --git a/functions-common b/functions-common
index 44d5671236..8d54473a99 100644
--- a/functions-common
+++ b/functions-common
@@ -319,8 +319,8 @@ function err {
     set +o xtrace
     local msg="[ERROR] ${BASH_SOURCE[2]}:$1 $2"
     echo $msg 1>&2;
-    if [[ -n ${SCREEN_LOGDIR} ]]; then
-        echo $msg >> "${SCREEN_LOGDIR}/error.log"
+    if [[ -n ${LOGDIR} ]]; then
+        echo $msg >> "${LOGDIR}/error.log"
     fi
     $xtrace
     return $exitcode
@@ -372,8 +372,8 @@ function warn {
     set +o xtrace
     local msg="[WARNING] ${BASH_SOURCE[2]}:$1 $2"
     echo $msg 1>&2;
-    if [[ -n ${SCREEN_LOGDIR} ]]; then
-        echo $msg >> "${SCREEN_LOGDIR}/error.log"
+    if [[ -n ${LOGDIR} ]]; then
+        echo $msg >> "${LOGDIR}/error.log"
     fi
     $xtrace
     return $exitcode
@@ -1261,8 +1261,8 @@ function zypper_install {
 # _run_process() is designed to be backgrounded by run_process() to simulate a
 # fork.  It includes the dirty work of closing extra filehandles and preparing log
 # files to produce the same logs as screen_it().  The log filename is derived
-# from the service name and global-and-now-misnamed ``SCREEN_LOGDIR``
-# Uses globals ``CURRENT_LOG_TIME``, ``SCREEN_LOGDIR``, ``SCREEN_NAME``, ``SERVICE_DIR``
+# from the service name.
+# Uses globals ``CURRENT_LOG_TIME``, ``LOGDIR``, ``SCREEN_LOGDIR``, ``SCREEN_NAME``, ``SERVICE_DIR``
 # If an optional group is provided sg will be used to set the group of
 # the command.
 # _run_process service "command-line" [group]
@@ -1277,9 +1277,14 @@ function _run_process {
     exec 3>&-
     exec 6>&-
 
-    if [[ -n ${SCREEN_LOGDIR} ]]; then
-        exec 1>&${SCREEN_LOGDIR}/screen-${service}.log.${CURRENT_LOG_TIME} 2>&1
-        ln -sf ${SCREEN_LOGDIR}/screen-${service}.log.${CURRENT_LOG_TIME} ${SCREEN_LOGDIR}/screen-${service}.log
+    local real_logfile="${LOGDIR}/${service}.log.${CURRENT_LOG_TIME}"
+    if [[ -n ${LOGDIR} ]]; then
+        exec 1>&"$real_logfile" 2>&1
+        ln -sf "$real_logfile" ${LOGDIR}/${service}.log
+        if [[ -n ${SCREEN_LOGDIR} ]]; then
+            # Drop the backward-compat symlink
+            ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
+        fi
 
         # TODO(dtroyer): Hack to get stdout from the Python interpreter for the logs.
         export PYTHONUNBUFFERED=1
@@ -1343,7 +1348,7 @@ function run_process {
 }
 
 # Helper to launch a process in a named screen
-# Uses globals ``CURRENT_LOG_TIME``, ``SCREEN_NAME``, ``SCREEN_LOGDIR``,
+# Uses globals ``CURRENT_LOG_TIME``, ```LOGDIR``, ``SCREEN_LOGDIR``, `SCREEN_NAME``,
 # ``SERVICE_DIR``, ``USE_SCREEN``
 # screen_process name "command-line" [group]
 # Run a command in a shell in a screen window, if an optional group
@@ -1362,10 +1367,18 @@ function screen_process {
 
     screen -S $SCREEN_NAME -X screen -t $name
 
-    if [[ -n ${SCREEN_LOGDIR} ]]; then
-        screen -S $SCREEN_NAME -p $name -X logfile ${SCREEN_LOGDIR}/screen-${name}.log.${CURRENT_LOG_TIME}
+    local real_logfile="${LOGDIR}/${name}.log.${CURRENT_LOG_TIME}"
+    echo "LOGDIR: $LOGDIR"
+    echo "SCREEN_LOGDIR: $SCREEN_LOGDIR"
+    echo "log: $real_logfile"
+    if [[ -n ${LOGDIR} ]]; then
+        screen -S $SCREEN_NAME -p $name -X logfile "$real_logfile"
         screen -S $SCREEN_NAME -p $name -X log on
-        ln -sf ${SCREEN_LOGDIR}/screen-${name}.log.${CURRENT_LOG_TIME} ${SCREEN_LOGDIR}/screen-${name}.log
+        ln -sf "$real_logfile" ${LOGDIR}/${name}.log
+        if [[ -n ${SCREEN_LOGDIR} ]]; then
+            # Drop the backward-compat symlink
+            ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${1}.log
+        fi
     fi
 
     # sleep to allow bash to be ready to be send the command - we are
@@ -1410,8 +1423,8 @@ function screen_rc {
         echo "screen -t $1 bash" >> $SCREENRC
         echo "stuff \"$2$NL\"" >> $SCREENRC
 
-        if [[ -n ${SCREEN_LOGDIR} ]]; then
-            echo "logfile ${SCREEN_LOGDIR}/screen-${1}.log.${CURRENT_LOG_TIME}" >>$SCREENRC
+        if [[ -n ${LOGDIR} ]]; then
+            echo "logfile ${LOGDIR}/${1}.log.${CURRENT_LOG_TIME}" >>$SCREENRC
             echo "log on" >>$SCREENRC
         fi
     fi
diff --git a/lib/dstat b/lib/dstat
index a17125fc92..d1db469aa6 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -27,8 +27,12 @@ DSTAT_FILE=${DSTAT_FILE:-"dstat.log"}
 function start_dstat {
     # A better kind of sysstat, with the top process per time slice
     DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
-    if [[ -n ${SCREEN_LOGDIR} ]]; then
-        screen_it dstat "cd $TOP_DIR; dstat $DSTAT_OPTS | tee $SCREEN_LOGDIR/$DSTAT_FILE"
+    if [[ -n ${LOGDIR} ]]; then
+        screen_it dstat "cd $TOP_DIR; dstat $DSTAT_OPTS | tee $LOGDIR/$DSTAT_FILE"
+        if [[ -n ${SCREEN_LOGDIR} ]]; then
+            # Drop the backward-compat symlink
+            ln -sf $LOGDIR/$DSTAT_FILE ${SCREEN_LOGDIR}/$DSTAT_FILE
+        fi
     else
         screen_it dstat "dstat $DSTAT_OPTS"
     fi
diff --git a/stack.sh b/stack.sh
index aeaaf6072c..558b07eb07 100755
--- a/stack.sh
+++ b/stack.sh
@@ -373,10 +373,8 @@ fi
 # Append '.xxxxxxxx' to the given name to maintain history
 # where 'xxxxxxxx' is a representation of the date the file was created
 TIMESTAMP_FORMAT=${TIMESTAMP_FORMAT:-"%F-%H%M%S"}
-if [[ -n "$LOGFILE" || -n "$SCREEN_LOGDIR" ]]; then
-    LOGDAYS=${LOGDAYS:-7}
-    CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT")
-fi
+LOGDAYS=${LOGDAYS:-7}
+CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT")
 
 if [[ -n "$LOGFILE" ]]; then
     # Clean up old log files.  Append '.*' to the user-specified
@@ -428,6 +426,7 @@ fi
 # ``screen-$SERVICE_NAME-$TIMESTAMP.log`` in that dir and have a link
 # ``screen-$SERVICE_NAME.log`` to the latest log file.
 # Logs are kept for as long specified in ``LOGDAYS``.
+# This is deprecated....logs go in ``LOGDIR``, only symlinks will be here now.
 if [[ -n "$SCREEN_LOGDIR" ]]; then
 
     # We make sure the directory is created.
diff --git a/stackrc b/stackrc
index 2dd56e8104..ff821401d7 100644
--- a/stackrc
+++ b/stackrc
@@ -705,6 +705,53 @@ USE_SSL=$(trueorfalse False USE_SSL)
 
 # Following entries need to be last items in file
 
+# Compatibility bits required by other callers like Grenade
+
+# Old way was using SCREEN_LOGDIR to locate those logs and LOGFILE for the stack.sh trace log.
+# LOGFILE       SCREEN_LOGDIR       output
+# not set       not set             no log files
+# set           not set             stack.sh log to LOGFILE
+# not set       set                 screen logs to SCREEN_LOGDIR
+# set           set                 stack.sh log to LOGFILE, screen logs to SCREEN_LOGDIR
+
+# New way is LOGDIR for all logs and LOGFILE for stack.sh trace log, but if not fully-qualified will be in LOGDIR
+# LOGFILE       LOGDIR              output
+# not set       not set             (new) set LOGDIR from default
+# set           not set             stack.sh log to LOGFILE, (new) set LOGDIR from LOGFILE
+# not set       set                 screen logs to LOGDIR
+# set           set                 stack.sh log to LOGFILE, screen logs to LOGDIR
+
+# For compat, if SCREEN_LOGDIR is set, it will be used to create back-compat symlinks to the LOGDIR
+# symlinks to SCREEN_LOGDIR (compat)
+
+
+# Set up new logging defaults
+if [[ -z "${LOGDIR:-}" ]]; then
+    default_logdir=$DEST/logs
+    if [[ -z "${LOGFILE:-}" ]]; then
+        # Nothing is set, we need a default
+        LOGDIR="$default_logdir"
+    else
+        # Set default LOGDIR
+        LOGDIR="${LOGFILE%/*}"
+        logfile="${LOGFILE##*/}"
+        if [[ -z "$LOGDIR" || "$LOGDIR" == "$logfile" ]]; then
+            # LOGFILE had no path, set a default
+            LOGDIR="$default_logdir"
+        fi
+
+        # Check for duplication
+        if [[ "${SCREEN_LOGDIR:-}" == "${LOGDIR}" ]]; then
+            # We don't need the symlinks since it's the same directory
+            unset SCREEN_LOGDIR
+        fi
+    fi
+    unset default_logdir logfile
+fi
+
+# LOGDIR is always set at this point so it is not useful as a 'enable' for service logs
+# SCREEN_LOGDIR may be set, it is useful to enable the compat symlinks
+
 # Local variables:
 # mode: shell-script
 # End:

From e9a96ea8855574b157d336c51ff876d1c76ae620 Mon Sep 17 00:00:00 2001
From: Jakub Libosvar 
Date: Wed, 21 Jan 2015 16:08:12 +0100
Subject: [PATCH 0315/3421] Use openstackclient>=1.0.2

After changing usage of "openstack role" [1] python-openstackclient
stoppped working with 1.0.1 and less. This patch bumps version to use at
least 1.0.2v.

[1] https://review.openstack.org/#/c/148361

Change-Id: I2fdca28ae97a215cff5e2a6dd7cab2d3321caa6c
Closes-bug: 1413252
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index aeaaf6072c..4602b0b7d8 100755
--- a/stack.sh
+++ b/stack.sh
@@ -748,7 +748,7 @@ if use_library_from_git "python-openstackclient"; then
     git_clone_by_name "python-openstackclient"
     setup_dev_lib "python-openstackclient"
 else
-    pip_install 'python-openstackclient>=1.0.0'
+    pip_install 'python-openstackclient>=1.0.2'
 fi
 
 

From ff72c5050e23cf7a68f9b3929180959aff5c522e Mon Sep 17 00:00:00 2001
From: Ed Cranford 
Date: Wed, 21 Jan 2015 16:42:42 -0600
Subject: [PATCH 0316/3421] Fixes SCREEN_HARDSTATUS default value

If SCREEN_HARDSTATUS is null, default it to "", not ":".

Change-Id: I52d4eb6bb494cca995e33971d5f1eec953d484fd
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index aeaaf6072c..4eed4ca23e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -916,7 +916,7 @@ if [[ "$USE_SCREEN" == "True" ]]; then
     sleep 1
 
     # Set a reasonable status bar
-    SCREEN_HARDSTATUS=${SCREEN_HARDSTATUS-:}
+    SCREEN_HARDSTATUS=${SCREEN_HARDSTATUS:-}
     if [ -z "$SCREEN_HARDSTATUS" ]; then
         SCREEN_HARDSTATUS='%{= .} %-Lw%{= .}%> %n%f %t*%{= .}%+Lw%< %-=%{g}(%{d}%H/%l%{g})'
     fi

From 2548e6f290b90c790fd055bef03ee60d97a1eb26 Mon Sep 17 00:00:00 2001
From: Zhongyue Luo 
Date: Thu, 18 Dec 2014 15:57:31 +0800
Subject: [PATCH 0317/3421] Provider network subnets based on IP version

Subnets for both IP version 4 and 6 are created even if IP_VERSION is set to 4.
Added two if statements to only create subnets that are nessesary.

Change-Id: I87c97741808726a260c846db48c10931e8991a74
---
 lib/neutron | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 3c6b0dbafc..954a2d9524 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -538,8 +538,15 @@ function create_neutron_initial_network {
         die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
         die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
         NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
-        SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
-        SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+
+        if [[ "$IP_VERSION" =~ 4.* ]]; then
+            SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+        fi
+
+        if [[ "$IP_VERSION" =~ .*6 ]]; then
+            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+        fi
+
         sudo ip link set $OVS_PHYSICAL_BRIDGE up
         sudo ip link set br-int up
         sudo ip link set $PUBLIC_INTERFACE up

From f5b415425199c3496872849a3ada08e5a821b36b Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Thu, 22 Jan 2015 07:57:37 -0500
Subject: [PATCH 0318/3421] Switch on curl retry options for fetching
 get-pip.py

Let's retry a few times before giving up.

Related-Bug: #1413034

Change-Id: I7c5c1a3936b5c08c5de43edc569b5a53d11b55a7
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index d57a687ecc..73d0947320 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -43,7 +43,7 @@ function get_versions {
 
 function install_get_pip {
     if [[ ! -r $LOCAL_PIP ]]; then
-        curl -o $LOCAL_PIP $PIP_GET_PIP_URL || \
+        curl --retry 6 --retry-delay 5 -o $LOCAL_PIP $PIP_GET_PIP_URL || \
             die $LINENO "Download of get-pip.py failed"
     fi
     sudo -H -E python $LOCAL_PIP

From c1dbf10562796c7006fd0a66c6cb39a1b990c8c1 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" 
Date: Thu, 22 Jan 2015 14:09:00 +0000
Subject: [PATCH 0319/3421] Exit after printing error about RPC config

When finding an invalid RPC configuration, devstack prints
a suitable error in the logs

    ERROR: only one rpc backend may be enabled,
           set only one of 'rabbit', 'qpid', 'zeromq'
           via ENABLED_SERVICES.

but then just carries on running, as a result the developer
is very unlikely to ever see the original error message.
Change the 'echo' to a 'die' so that it stop immediately
making the error message clearly visible.

Change-Id: If108f314e1ad2ecc79f41cbca47d08c4024a23cd
---
 lib/rpc_backend | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index d87d6207b1..98be1844b6 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -54,13 +54,15 @@ function check_rpc_backend {
         (( rpc_backend_cnt++ )) || true
     done
     if [ "$rpc_backend_cnt" -gt 1 ]; then
-        echo "ERROR: only one rpc backend may be enabled,"
-        echo "       set only one of 'rabbit', 'qpid', 'zeromq'"
-        echo "       via ENABLED_SERVICES."
+        die $LINENO \
+            "Only one rpc backend may be enabled, " \
+            "set only one of 'rabbit', 'qpid', 'zeromq' " \
+            "via ENABLED_SERVICES."
     elif [ "$rpc_backend_cnt" == 0 ] && [ "$rpc_needed" == 0 ]; then
-        echo "ERROR: at least one rpc backend must be enabled,"
-        echo "       set one of 'rabbit', 'qpid', 'zeromq'"
-        echo "       via ENABLED_SERVICES."
+        die $LINENO \
+            "at least one rpc backend must be enabled, " \
+            "set one of 'rabbit', 'qpid', 'zeromq'" \
+            "via ENABLED_SERVICES."
     fi
 
     if is_service_enabled qpid && ! qpid_is_supported; then

From 2d7c346f0c8cefe622edc8fed47cc2782aeb9a9b Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" 
Date: Thu, 22 Jan 2015 14:37:04 +0000
Subject: [PATCH 0320/3421] Exit when printing error about database config

When finding no configured database, devstack prints
a suitable error in the logs

   "No database enabled"

but then just carries on running, as a result the developer
is very unlikely to ever see the original error message.
Change the 'echo' to a 'die' so that it stop immediately
making the error message clearly visible.

Change-Id: Ibd86bfcb5d4a3b90a1ee7a5bd637b01124e3a6ba
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index 4602b0b7d8..b03cca8c51 100755
--- a/stack.sh
+++ b/stack.sh
@@ -606,7 +606,7 @@ function read_password {
 # The available database backends are listed in ``DATABASE_BACKENDS`` after
 # ``lib/database`` is sourced. ``mysql`` is the default.
 
-initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || echo "No database enabled"
+initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || die $LINENO "No database enabled"
 
 
 # Queue Configuration

From 1f3f4b0a69a70bb5fce0707a517d67c896c3cf2c Mon Sep 17 00:00:00 2001
From: Steven Hardy 
Date: Wed, 14 Jan 2015 10:52:03 +0000
Subject: [PATCH 0321/3421] Check dib is available before building heat test
 image

When running with HEAT_CREATE_TEST_IMAGE=True, it's necessary
to add dib to ENABLED_SERVICES, or the image building will fail
so check for is_service_enabled dib before we start and error
with a helpful message if it's not.

Change-Id: Ia7ee64f6f8dd628267e485a1dc67581d8896d19c
---
 lib/heat | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/lib/heat b/lib/heat
index 9a28af568b..c9a3f7e6e2 100644
--- a/lib/heat
+++ b/lib/heat
@@ -10,6 +10,7 @@
 # Dependencies:
 #
 # - functions
+# - dib (if HEAT_CREATE_TEST_IMAGE=True)
 
 # stack.sh
 # ---------
@@ -290,19 +291,25 @@ function create_heat_accounts {
 
 # build_heat_functional_test_image() - Build and upload functional test image
 function build_heat_functional_test_image {
-    build_dib_pip_repo "$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
-    local image_name=heat-functional-tests-image
-
-    # The elements to invoke disk-image-create with
-    local image_elements="vm fedora selinux-permissive pypi \
-        os-collect-config os-refresh-config os-apply-config heat-cfntools \
-        heat-config heat-config-cfn-init heat-config-puppet heat-config-script"
-
-    # Elements path for tripleo-image-elements and heat-templates software-config
-    local elements_path=$TIE_DIR/elements:$HEAT_TEMPLATES_REPO_DIR/hot/software-config/elements
-
-    disk_image_create_upload "$image_name" "$image_elements" "$elements_path"
-    iniset $TEMPEST_CONFIG orchestration image_ref $image_name
+    if is_service_enabled dib; then
+        build_dib_pip_repo "$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
+        local image_name=heat-functional-tests-image
+
+        # The elements to invoke disk-image-create with
+        local image_elements="vm fedora selinux-permissive pypi \
+            os-collect-config os-refresh-config os-apply-config heat-cfntools \
+            heat-config heat-config-cfn-init heat-config-puppet heat-config-script"
+
+        # Elements path for tripleo-image-elements and heat-templates software-config
+        local elements_path=$TIE_DIR/elements:$HEAT_TEMPLATES_REPO_DIR/hot/software-config/elements
+
+        disk_image_create_upload "$image_name" "$image_elements" "$elements_path"
+        iniset $TEMPEST_CONFIG orchestration image_ref $image_name
+    else
+        echo "Error, HEAT_CREATE_TEST_IMAGE=True requires dib" >&2
+        echo "Add \"enable_service dib\" to your localrc" >&2
+        exit 1
+    fi
 }
 
 # Restore xtrace

From 0b9e76f280208b5b5ad54bb6fbc4133e63037286 Mon Sep 17 00:00:00 2001
From: John Griffith 
Date: Wed, 21 Jan 2015 13:46:59 -0700
Subject: [PATCH 0322/3421] Auto add a cinder lvm.conf file

We have a number of issues where LVM scan commands hang during
test runs.  Looking closer at this with strace it turns out
that what seems to be happening is that we're scanning all of the
devices on the node, this includes the loop devices for swift and
other projects as well as the Cinder devices that are being attached
to the system during the test.

This is particularly messy for example when we issue a VG or LV scan
on a device like /dev/vdb and at the same time issue a detach.  The
result is LVM scan commands hanging waiting for timeout.

This patch adds a function to the cinder_backend/lvm module which
is called as the last part of cinder init.  If Cinder LVM is in use
as per cinder.conf this function will copy the default
/etc/lvm/lvm.conf to /etc/cinder/lvm.conf and use the cinder.conf file
and PVS to create filters so that ONLY the devices actually being used
by Cinder are included in scans.

There are two pieces to this fix; the first is to properly setup an
lvm.conf file with filters.  The second step is to merge the Cinder
change that modifies the Cinder LVM commands to specify the lvm.conf
file usage.

The Cinder part of this fix can be found here:
    https://review.openstack.org/#/c/148747/

Change-Id: I962b6e21cbfb6f5612b6c973053d86828ca8071a
Partial-Bug: #1373513
---
 lib/cinder              | 17 +++++++++++++++++
 lib/cinder_backends/lvm | 30 ++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index 6eee880fef..6043891164 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -395,15 +395,32 @@ function init_cinder {
 
     if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
         local be be_name be_type
+        local has_lvm=0
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
             be_type=${be%%:*}
             be_name=${be##*:}
+
+            if [[ $be_type == 'lvm' ]]; then
+                has_lvm=1
+            fi
+
             if type init_cinder_backend_${be_type} >/dev/null 2>&1; then
                 init_cinder_backend_${be_type} ${be_name}
             fi
         done
     fi
 
+    # Keep it simple, set a marker if there's an LVM backend
+    # use the created VG's to setup lvm filters
+    if [[ $has_lvm == 1 ]]; then
+        # Order matters here, not only obviously to make
+        # sure the VG's are created, but also some distros
+        # do some customizations to lvm.conf on init, we
+        # want to make sure we copy those over
+        sudo cp /etc/lvm/lvm.conf /etc/cinder/lvm.conf
+        configure_cinder_backend_conf_lvm
+    fi
+
     mkdir -p $CINDER_STATE_PATH/volumes
     create_cinder_cache_dir
 }
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 43e13e4dac..8aee2a99ef 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -19,6 +19,7 @@
 # clean_cinder_backend_lvm - called from clean_cinder()
 # configure_cinder_backend_lvm - called from configure_cinder()
 # init_cinder_backend_lvm - called from init_cinder()
+# configure_cinder_backend_conf_lvm - called from configure_cinder()
 
 
 # Save trace setting
@@ -64,6 +65,35 @@ function init_cinder_backend_lvm {
     init_lvm_volume_group $VOLUME_GROUP_NAME-$be_name $VOLUME_BACKING_FILE_SIZE
 }
 
+# configure_cinder_backend_conf_lvm - Sets device filter in /etc/cinder/lvm.conf
+# init_cinder_backend_lvm
+function configure_cinder_backend_conf_lvm {
+    local filter_suffix='"r/.*/" ]'
+    local filter_string="filter = [ "
+    local conf_entries=$(grep volume_group /etc/cinder/cinder.conf | sed "s/ //g")
+    local pv
+    local vg
+    local line
+
+    for pv_info in $(sudo pvs --noheadings -o name,vg_name --separator ';'); do
+        IFS=';' read pv vg <<< $pv_info
+        for line in ${conf_entries}; do
+            IFS='=' read label group <<< $line
+            group=$(echo $group|sed "s/^ *//g")
+            if [[ "$vg" == "$group" ]]; then
+                new="\"a$pv/\", "
+                filter_string=$filter_string$new
+            fi
+        done
+    done
+    filter_string=$filter_string$filter_suffix
+
+    # FIXME(jdg): Possible odd case that the lvm.conf file has been modified
+    # and doesn't have a filter entry to search/replace.  For devstack don't
+    # know that we care, but could consider adding a check and add
+    sudo sed -i "s#^[ \t]*filter.*#    $filter_string#g" /etc/cinder/lvm.conf
+    echo "set LVM filter_strings: $filter_string"
+}
 # Restore xtrace
 $MY_XTRACE
 

From bbe771a8d0682dbf85ecd18f9da071c40886fe7c Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Tue, 20 Jan 2015 13:30:33 -0500
Subject: [PATCH 0323/3421] Add bash completion for OSC

use openstackclient to generate bash completion script, and move
the file to the right location.

Change-Id: I96f2230cbba030e235161165d3b173c7af5e28fe
---
 stack.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/stack.sh b/stack.sh
index 585d1ceaf6..37b4e2853f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1312,6 +1312,13 @@ fi
 service_check
 
 
+# Bash completion
+# ===============
+
+# Prepare bash completion for OSC
+openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
+
+
 # Fin
 # ===
 

From a0126b642c6021310798762342139dc41614697b Mon Sep 17 00:00:00 2001
From: Mike Perez 
Date: Thu, 22 Jan 2015 08:25:59 -0800
Subject: [PATCH 0324/3421] Use LVMVolumeDriver instead of LVMISCSIDriver

The Cinder LVMISCSIDriver is now deprecated. As a result, default
settings in devstack are giving warnings in the Cinder volume serivce.
The LVMVolumeDriver now handles all cases, by looking at the
iscsi_helper. This will use that driver instead, which will stop the
deprecation warnings.

Closes-bug: #1413761
Change-Id: Ifbb9ce45694095ff9e30f3ca4c3859a07de8df73
---
 lib/cinder_backends/lvm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 43e13e4dac..f210578339 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -47,8 +47,9 @@ function configure_cinder_backend_lvm {
     local be_name=$1
 
     iniset $CINDER_CONF $be_name volume_backend_name $be_name
-    iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMISCSIDriver"
+    iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMVolumeDriver"
     iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
+    iniset $CINDER_CONF $be_name iscsi_helper "tgtadm"
 
     if [[ "$CINDER_SECURE_DELETE" == "False" ]]; then
         iniset $CINDER_CONF $be_name volume_clear none

From 529f8113c2d93c85bbede7041cde1b455bc2119f Mon Sep 17 00:00:00 2001
From: Li Ma 
Date: Fri, 23 Jan 2015 03:10:49 -0800
Subject: [PATCH 0325/3421] Fix oslo_messaging package and related object names

Use the latest oslo_messaging package and the related driver names.

Change-Id: I20d4c9286cd2216aa238705f00d8f4537ed91234
---
 lib/rpc_backend | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index d87d6207b1..981b80b405 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -243,7 +243,7 @@ function iniset_rpc_backend {
     if is_service_enabled zeromq; then
         iniset $file $section rpc_backend "zmq"
         iniset $file $section rpc_zmq_matchmaker \
-            oslo.messaging._drivers.matchmaker_redis.MatchMakerRedis
+            oslo_messaging._drivers.matchmaker_redis.MatchMakerRedis
         # Set MATCHMAKER_REDIS_HOST if running multi-node.
         MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
         iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
@@ -252,7 +252,7 @@ function iniset_rpc_backend {
         if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
             iniset $file $section rpc_backend "amqp"
         else
-            iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_qpid
+            iniset $file $section rpc_backend "qpid"
         fi
         iniset $file $section qpid_hostname ${QPID_HOST:-$SERVICE_HOST}
         if [ -n "$QPID_USERNAME" ]; then
@@ -260,7 +260,7 @@ function iniset_rpc_backend {
             iniset $file $section qpid_password $QPID_PASSWORD
         fi
     elif is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
-        iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_kombu
+        iniset $file $section rpc_backend "rabbit"
         iniset $file $section rabbit_hosts $RABBIT_HOST
         iniset $file $section rabbit_password $RABBIT_PASSWORD
         iniset $file $section rabbit_userid $RABBIT_USERID

From 3163c17170b0b2bd7775e5e0d50040504b559ea1 Mon Sep 17 00:00:00 2001
From: Steven Hardy 
Date: Fri, 23 Jan 2015 13:26:29 +0000
Subject: [PATCH 0326/3421] Make elements for heat test image configurable

Allow the elements built into the heat functional test image to
be overridden via the localrc, allows easier testing of local
images with different/additional elements.

Change-Id: Ibaf2322e0572d25461579bbb2dc8a18858f4e09c
---
 lib/heat | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/heat b/lib/heat
index c9a3f7e6e2..ed5d834460 100644
--- a/lib/heat
+++ b/lib/heat
@@ -47,6 +47,11 @@ HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
 HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
 HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
 HEAT_API_PORT=${HEAT_API_PORT:-8004}
+HEAT_FUNCTIONAL_IMAGE_ELEMENTS=${HEAT_FUNCTIONAL_IMAGE_ELEMENTS:-\
+vm fedora selinux-permissive pypi  os-collect-config os-refresh-config \
+os-apply-config heat-cfntools heat-config heat-config-cfn-init \
+heat-config-puppet heat-config-script}
+
 
 # other default options
 HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
@@ -295,15 +300,10 @@ function build_heat_functional_test_image {
         build_dib_pip_repo "$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
         local image_name=heat-functional-tests-image
 
-        # The elements to invoke disk-image-create with
-        local image_elements="vm fedora selinux-permissive pypi \
-            os-collect-config os-refresh-config os-apply-config heat-cfntools \
-            heat-config heat-config-cfn-init heat-config-puppet heat-config-script"
-
         # Elements path for tripleo-image-elements and heat-templates software-config
         local elements_path=$TIE_DIR/elements:$HEAT_TEMPLATES_REPO_DIR/hot/software-config/elements
 
-        disk_image_create_upload "$image_name" "$image_elements" "$elements_path"
+        disk_image_create_upload "$image_name" "$HEAT_FUNCTIONAL_IMAGE_ELEMENTS" "$elements_path"
         iniset $TEMPEST_CONFIG orchestration image_ref $image_name
     else
         echo "Error, HEAT_CREATE_TEST_IMAGE=True requires dib" >&2

From 905275ec9f51614911fbb915f8bba9896b3ab684 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Sat, 24 Jan 2015 19:21:34 -0500
Subject: [PATCH 0327/3421] Bump up the count of workers for heat

Looks like the workers is set to 0 which in heat is used
mainly for profiling/debugging and not really useful in
the devstack scenarios.
https://github.com/openstack/heat/blob/master/heat/common/wsgi.py#L286

Partial-Bug: #1412923
Change-Id: Iccf6aeffd461fdc1f78022cbda370be4b9573267
---
 lib/heat | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/heat b/lib/heat
index 9a28af568b..ad9148ab64 100644
--- a/lib/heat
+++ b/lib/heat
@@ -133,6 +133,7 @@ function configure_heat {
 
     # OpenStack API
     iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
+    iniset $HEAT_CONF heat_api workers "$API_WORKERS"
 
     # Cloudformation API
     iniset $HEAT_CONF heat_api_cfn bind_port $HEAT_API_CFN_PORT

From f35e95706c42f98336059c2177261a77b55427a9 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Mon, 26 Jan 2015 14:13:02 +0000
Subject: [PATCH 0328/3421] XenAPI: Replace remaining instances of
 'devstack.succeeded'

Commit I05990c7154366350b0f9cc3e6c70d6f34238486f was incomplete
and left two references to the, now replaced, devstack.succeeded.

The impact of this is that the XVA always claims that devstack failed
to run when actually the run may have been successful

Change-Id: Ie4ac673011d77a9edc8923db94d914efe9f45d5d
---
 tools/xen/build_xva.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/xen/build_xva.sh b/tools/xen/build_xva.sh
index 7002e6e22e..25bf58cb8a 100755
--- a/tools/xen/build_xva.sh
+++ b/tools/xen/build_xva.sh
@@ -104,7 +104,7 @@ console output
 task
 
 pre-start script
-    rm -f /var/run/devstack.succeeded
+    rm -f /opt/stack/runsh.succeeded
 end script
 
 script
@@ -127,7 +127,7 @@ script
         IPADDR=\$(ip -4 address show eth0 | sed -n 's/.*inet \\([0-9\.]\\+\\).*/\1/p')
         echo "  Management IP:   \$IPADDR"
         echo -n "  Devstack run:    "
-        if [ -e /var/run/devstack.succeeded ]; then
+        if [ -e /opt/stack/runsh.succeeded ]; then
             echo "SUCCEEDED"
         else
             echo "FAILED"

From 55383f1a9bb2538b3e6add6dd9bf38080b910492 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Mon, 26 Jan 2015 18:06:33 +0100
Subject: [PATCH 0329/3421] Do not install wsgiref for glance

wsgiref is not used by glance.

Change-Id: I5085e6418ca3cea2549b1b5d8a5877445b10c4a7
Related-Bug: #1255826
---
 files/debs/glance      | 1 -
 files/rpms-suse/glance | 1 -
 files/rpms/glance      | 1 -
 3 files changed, 3 deletions(-)

diff --git a/files/debs/glance b/files/debs/glance
index 15e09aad4d..8db8145935 100644
--- a/files/debs/glance
+++ b/files/debs/glance
@@ -7,7 +7,6 @@ python-eventlet
 python-routes
 python-greenlet
 python-sqlalchemy
-python-wsgiref
 python-pastedeploy
 python-xattr
 python-iso8601
diff --git a/files/rpms-suse/glance b/files/rpms-suse/glance
index edd1564e92..9b962f9643 100644
--- a/files/rpms-suse/glance
+++ b/files/rpms-suse/glance
@@ -8,5 +8,4 @@ python-eventlet
 python-greenlet
 python-iso8601
 python-pyOpenSSL
-python-wsgiref
 python-xattr
diff --git a/files/rpms/glance b/files/rpms/glance
index d2792cf987..acf0cc394b 100644
--- a/files/rpms/glance
+++ b/files/rpms/glance
@@ -10,6 +10,5 @@ python-lxml         #dist:f19,f20,f21,rhel7
 python-paste-deploy #dist:f19,f20,f21,rhel7
 python-routes
 python-sqlalchemy
-python-wsgiref      #dist:f18,f19,f20,f21
 pyxattr
 zlib-devel          # testonly

From 8874115668427b9d60bb65cbe3670d01d3f7eb14 Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Tue, 23 Dec 2014 13:13:05 +1300
Subject: [PATCH 0330/3421] Define extra_elements inside
 disk_image_create_upload

This avoids the need to define a global variable,
and tolerates extra_elements not being set when bash
flag -u is set.

Change-Id: I343951a678bed9ca3cda347a9c902e60c7b70e2d
---
 lib/dib | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/dib b/lib/dib
index 809217bc93..88d9fd8434 100644
--- a/lib/dib
+++ b/lib/dib
@@ -35,15 +35,6 @@ OCC_DIR=$DEST/os-collect-config
 ORC_DIR=$DEST/os-refresh-config
 OAC_DIR=$DEST/os-apply-config
 
-# Include the apt-sources element in builds if we have an
-# alternative sources.list specified.
-if [ -n "$DIB_APT_SOURCES" ]; then
-    if [ ! -e "$DIB_APT_SOURCES" ]; then
-        die $LINENO "DIB_APT_SOURCES set but not found at $DIB_APT_SOURCES"
-    fi
-    EXTRA_ELEMENTS="apt-sources"
-fi
-
 # Functions
 # ---------
 
@@ -106,6 +97,15 @@ function disk_image_create_upload {
 
     local image_path=$TOP_DIR/files/$image_name.qcow2
 
+    # Include the apt-sources element in builds if we have an
+    # alternative sources.list specified.
+    if [ -n "$DIB_APT_SOURCES" ]; then
+        if [ ! -e "$DIB_APT_SOURCES" ]; then
+            die $LINENO "DIB_APT_SOURCES set but not found at $DIB_APT_SOURCES"
+        fi
+        local extra_elements="apt-sources"
+    fi
+
     # Set the local pip repo as the primary index mirror so the
     # image is built with local packages
     local pypi_mirror_url=http://$SERVICE_HOST:$DIB_PIP_REPO_PORT/
@@ -127,7 +127,7 @@ function disk_image_create_upload {
     DIB_OFFLINE=$DIB_BUILD_OFFLINE \
     PYPI_MIRROR_URL=$pypi_mirror_url \
     PYPI_MIRROR_URL_1=$pypi_mirror_url_1 \
-    disk-image-create -a amd64 $image_elements $EXTRA_ELEMENTS \
+    disk-image-create -a amd64 $image_elements ${extra_elements:-} \
         --image-cache $DIB_IMAGE_CACHE \
         -o $image_path
 

From 1f316beb2052b715f077ef42279361026d1a24c3 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Mon, 26 Jan 2015 16:39:57 +0100
Subject: [PATCH 0331/3421] Remove rhel6 and py26 support

el6 is shipped with Python 2.6.x which is not expected
to be supported with the openstack kilo release.

For el6 support we need to do lot of thing differently,
which makes the code more complicated.

This change removes el6 and py26 support from devstack.

This change also removed a discontinued (1 year ago)
openSUSE 12.2 code path, which used a similar codepath as el6.

Several comment related to el6 also removed or modified.

Change-Id: Iea0b0c98a5e11fd85bb5e93c099f740fe05d2f3a
---
 doc/source/faq.rst                     |  7 +--
 files/apache-keystone.template         |  4 --
 files/patches/unittest2-discover.patch | 16 ------
 files/rpms/cinder                      |  2 +-
 files/rpms/general                     |  6 ---
 files/rpms/glance                      |  4 +-
 files/rpms/horizon                     |  4 +-
 files/rpms/keystone                    | 10 ++--
 files/rpms/neutron                     |  5 +-
 files/rpms/nova                        |  8 ++-
 files/rpms/swift                       |  2 +-
 lib/cinder                             | 20 +-------
 lib/databases/mysql                    | 32 +++---------
 lib/databases/postgresql               |  6 +--
 lib/horizon                            |  8 ---
 lib/nova_plugins/functions-libvirt     | 40 +++------------
 stack.sh                               | 38 +++-----------
 tools/fixup_stuff.sh                   | 69 ++------------------------
 18 files changed, 45 insertions(+), 236 deletions(-)
 delete mode 100644 files/patches/unittest2-discover.patch

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 92d794572e..f10c2eec36 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -24,7 +24,7 @@ Q: Then why selinux in enforcing mode?
     by packaging in "real" deployments. To remove additional protections
     that will be desired/required in production would be a step
     backward.
-Q: But selinux is disabled in RHEL 6!
+Q: But selinux is disabled in RHEL!
     A: Today it is, yes. That is a specific exception that certain
     DevStack contributors fought strongly against. The primary reason it
     was allowed was to support using RHEL6 as the Python 2.6 test
@@ -70,11 +70,6 @@ Q: What about Fedora/RHEL/CentOS?
 Q: Are there any differences between Ubuntu and Fedora support?
     A: Neutron is not fully supported prior to Fedora 18 due lack of
     OpenVSwitch packages.
-Q: How about RHEL 6?
-    A: RHEL 6 has Python 2.6 and many old modules packaged and is a
-    challenge to support. There are a number of specific RHEL6
-    work-arounds in ``stack.sh`` to handle this. But the testing on py26
-    is valuable so we do it...
 
 Operation and Configuration
 ===========================
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 2190d831c0..504dc01d21 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -32,7 +32,3 @@ Listen %ADMINPORT%
     %SSLCERTFILE%
     %SSLKEYFILE%
 
-
-# Workaround for missing path on RHEL6, see
-#  https://bugzilla.redhat.com/show_bug.cgi?id=1121019
-WSGISocketPrefix /var/run/%APACHE_NAME%
diff --git a/files/patches/unittest2-discover.patch b/files/patches/unittest2-discover.patch
deleted file mode 100644
index 347300d172..0000000000
--- a/files/patches/unittest2-discover.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -r b2efb7df637b discover.py
---- a/discover.py	Thu Mar 24 00:31:02 2011 -0400
-+++ b/discover.py	Thu Nov 28 12:02:19 2013 +0000
-@@ -82,7 +82,11 @@
-     """
-     testMethodPrefix = 'test'
-     sortTestMethodsUsing = cmp
--    suiteClass = unittest.TestSuite
-+    try:
-+        import unittest2
-+        suiteClass = unittest2.TestSuite
-+    except ImportError:
-+        suiteClass = unittest.TestSuite
-     _top_level_dir = None
- 
-     def loadTestsFromTestCase(self, testCaseClass):
diff --git a/files/rpms/cinder b/files/rpms/cinder
index eedff184dd..082a35af32 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -3,4 +3,4 @@ scsi-target-utils
 qemu-img
 postgresql-devel
 iscsi-initiator-utils
-python-lxml         #dist:f19,f20,f21,rhel7
+python-lxml
diff --git a/files/rpms/general b/files/rpms/general
index ee7cc12cef..13c8a87780 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -13,7 +13,6 @@ libxml2-devel
 libxslt-devel
 psmisc
 pylint
-python-prettytable # dist:rhel6 [1]
 python-unittest2
 python-virtualenv
 python-devel
@@ -27,8 +26,3 @@ bc
 libyaml-devel
 gettext  # used for compiling message catalogs
 net-tools
-
-# [1] : some of installed tools have unversioned dependencies on this,
-# but others have versioned (<=0.7).  So if a later version (0.7.1)
-# gets installed in response to an unversioned dependency, it breaks.
-# This pre-installs a compatible 0.6(ish) version from RHEL
diff --git a/files/rpms/glance b/files/rpms/glance
index acf0cc394b..a09b669309 100644
--- a/files/rpms/glance
+++ b/files/rpms/glance
@@ -6,8 +6,8 @@ postgresql-devel    # testonly
 python-argparse
 python-eventlet
 python-greenlet
-python-lxml         #dist:f19,f20,f21,rhel7
-python-paste-deploy #dist:f19,f20,f21,rhel7
+python-lxml
+python-paste-deploy
 python-routes
 python-sqlalchemy
 pyxattr
diff --git a/files/rpms/horizon b/files/rpms/horizon
index 82385ed06c..585c36cfde 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -12,8 +12,8 @@ python-httplib2
 python-migrate
 python-mox
 python-nose
-python-paste        #dist:f19,f20,f21
-python-paste-deploy #dist:f19,f20,f21
+python-paste
+python-paste-deploy
 python-routes
 python-sqlalchemy
 python-webob
diff --git a/files/rpms/keystone b/files/rpms/keystone
index 8b0953dd69..45492e0de6 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,10 +1,10 @@
 MySQL-python
 python-greenlet
-libxslt-devel       # dist:f20,f21
-python-lxml         #dist:f19,f20,f21
-python-paste        #dist:f19,f20,f21
-python-paste-deploy #dist:f19,f20,f21
-python-paste-script #dist:f19,f20,f21
+libxslt-devel
+python-lxml
+python-paste
+python-paste-deploy
+python-paste-script
 python-routes
 python-sqlalchemy
 python-webob
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 5450408a35..59152d6e93 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -12,9 +12,8 @@ openvswitch # NOPRIME
 python-eventlet
 python-greenlet
 python-iso8601
-#rhel6 gets via pip
-python-paste        # dist:f19,f20,f21,rhel7
-python-paste-deploy # dist:f19,f20,f21,rhel7
+python-paste
+python-paste-deploy
 python-qpid # NOPRIME
 python-routes
 python-sqlalchemy
diff --git a/files/rpms/nova b/files/rpms/nova
index 07f13c7071..557de908f1 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -29,11 +29,9 @@ python-iso8601
 python-lockfile
 python-migrate
 python-mox
-python-paramiko # dist:f19,f20,f21,rhel7
-# ^ on RHEL6, brings in python-crypto which conflicts with version from
-# pip we need
-python-paste        # dist:f19,f20,f21,rhel7
-python-paste-deploy # dist:f19,f20,f21,rhel7
+python-paramiko
+python-paste
+python-paste-deploy
 python-qpid # NOPRIME
 python-routes
 python-sqlalchemy
diff --git a/files/rpms/swift b/files/rpms/swift
index ccda22bcc8..0fcdb0fe27 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -6,7 +6,7 @@ python-eventlet
 python-greenlet
 python-netifaces
 python-nose
-python-paste-deploy # dist:f19,f20,f21,rhel7
+python-paste-deploy
 python-simplejson
 python-webob
 pyxattr
diff --git a/lib/cinder b/lib/cinder
index 6eee880fef..12bac8cb38 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -303,18 +303,6 @@ function configure_cinder {
         configure_cinder_driver
     fi
 
-    if is_fedora && [[ $DISTRO =~ (rhel6) ]]; then
-        # Cinder clones are slightly larger due to some extra
-        # metadata.  RHEL6 will not allow auto-extending of LV's
-        # without this, leading to clones giving hard-to-track disk
-        # I/O errors.
-        # see https://bugzilla.redhat.com/show_bug.cgi?id=975052
-        sudo sed -i~ \
-            -e 's/snapshot_autoextend_threshold =.*/snapshot_autoextend_threshold = 80/' \
-            -e 's/snapshot_autoextend_percent =.*/snapshot_autoextend_percent = 20/' \
-            /etc/lvm/lvm.conf
-    fi
-
     iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS"
 
     iniset $CINDER_CONF DEFAULT glance_api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
@@ -446,12 +434,8 @@ function start_cinder {
         if is_ubuntu; then
             sudo service tgt restart
         elif is_fedora; then
-            if [[ $DISTRO =~ (rhel6) ]]; then
-                sudo /sbin/service tgtd restart
-            else
-                # bypass redirection to systemctl during restart
-                sudo /sbin/service --skip-redirect tgtd restart
-            fi
+            # bypass redirection to systemctl during restart
+            sudo /sbin/service --skip-redirect tgtd restart
         elif is_suse; then
             restart_service tgtd
         else
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 2f3b6d4123..72c0f82b4a 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -17,11 +17,7 @@ register_database mysql
 # Linux distros, thank you for being incredibly consistent
 MYSQL=mysql
 if is_fedora; then
-    if [[ $DISTRO =~ (rhel6) ]]; then
-        MYSQL=mysqld
-    else
-        MYSQL=mariadb
-    fi
+    MYSQL=mariadb
 fi
 
 # Functions
@@ -38,15 +34,9 @@ function cleanup_database_mysql {
         sudo rm -rf /etc/mysql
         return
     elif is_fedora; then
-        if [[ $DISTRO =~ (rhel6) ]]; then
-            stop_service mysqld
-            uninstall_package mysql-server
-            sudo rm -rf /var/lib/mysql
-        else
-            stop_service mariadb
-            uninstall_package mariadb-server
-            sudo rm -rf /var/lib/mysql
-        fi
+        stop_service mariadb
+        uninstall_package mariadb-server
+        sudo rm -rf /var/lib/mysql
     elif is_suse; then
         stop_service mysql
         uninstall_package mysql-community-server
@@ -70,11 +60,7 @@ function configure_database_mysql {
         my_conf=/etc/mysql/my.cnf
         mysql=mysql
     elif is_fedora; then
-        if [[ $DISTRO =~ (rhel6) ]]; then
-            mysql=mysqld
-        else
-            mysql=mariadb
-        fi
+        mysql=mariadb
         my_conf=/etc/my.cnf
     elif is_suse; then
         my_conf=/etc/my.cnf
@@ -110,7 +96,7 @@ function configure_database_mysql {
 
     if [[ "$DATABASE_QUERY_LOGGING" == "True" ]]; then
         echo_summary "Enabling MySQL query logging"
-        if is_fedora && ! [[ $DISTRO =~ (rhel6) ]]; then
+        if is_fedora; then
             slow_log=/var/log/mariadb/mariadb-slow.log
         else
             slow_log=/var/log/mysql/mysql-slow.log
@@ -158,11 +144,7 @@ EOF
     fi
     # Install mysql-server
     if is_fedora; then
-        if [[ $DISTRO =~ (rhel6) ]]; then
-            install_package mysql-server
-        else
-            install_package mariadb-server
-        fi
+        install_package mariadb-server
     elif is_ubuntu; then
         install_package mysql-server
     elif is_suse; then
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index ad8cdc77a2..317e0ebf53 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -49,11 +49,7 @@ function configure_database_postgresql {
         pg_hba=/var/lib/pgsql/data/pg_hba.conf
         pg_conf=/var/lib/pgsql/data/postgresql.conf
         if ! sudo [ -e $pg_hba ]; then
-            if ! [[ $DISTRO =~ (rhel6) ]]; then
-                sudo postgresql-setup initdb
-            else
-                sudo service postgresql initdb
-            fi
+            sudo postgresql-setup initdb
         fi
     elif is_ubuntu; then
         pg_dir=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
diff --git a/lib/horizon b/lib/horizon
index aa70bd59eb..122d516673 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -72,14 +72,6 @@ function _horizon_config_set {
 # cleanup_horizon() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_horizon {
-    if is_fedora && [[ $DISTRO =~ (rhel6) ]]; then
-        # If ``/usr/bin/node`` points into ``$DEST``
-        # we installed it via ``install_nodejs``
-        if [[ $(readlink -f /usr/bin/node) =~ ($DEST) ]]; then
-            sudo rm /usr/bin/node
-        fi
-    fi
-
     local horizon_conf=$(apache_site_config_for horizon)
     sudo rm -f $horizon_conf
 }
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index c136e352df..4d617e8b5e 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -37,8 +37,7 @@ function install_libvirt {
 
     # Note there is a difference between F20 rackspace cloud images
     # and HP images used in the gate; rackspace has firewalld but hp
-    # cloud doesn't.  RHEL6 doesn't have firewalld either.  So we
-    # don't care if it fails.
+    # cloud doesn't.
     if is_fedora && is_package_installed firewalld; then
         sudo service firewalld restart || true
     fi
@@ -68,34 +67,12 @@ EOF
     fi
 
     if is_fedora || is_suse; then
-        if is_fedora && [[ $DISTRO =~ (rhel6) || "$os_RELEASE" -le "17" ]]; then
-            cat <&3
 }
 
-if is_fedora && [ $DISTRO == "rhel6" ]; then
-    # poor old python2.6 doesn't have argparse by default, which
-    # outfilter.py uses
-    is_package_installed python-argparse || install_package python-argparse
-fi
-
 # Set up logging for ``stack.sh``
 # Set ``LOGFILE`` to turn on logging
 # Append '.xxxxxxxx' to the given name to maintain history
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index c7f1efa441..cc5275fe45 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -12,12 +12,10 @@
 # - httplib2 0.8 permissions are 600 in the package and
 #   pip 1.4 doesn't fix it (1.3 did)
 #
-# - RHEL6:
-#
+# - Fedora:
 #   - set selinux not enforcing
-#   - (re)start messagebus daemon
-#   - remove distro packages python-crypto and python-lxml
-#   - pre-install hgtools to work around a bug in RHEL6 distribute
+#   - uninstall firewalld (f20 only)
+
 
 # If TOP_DIR is set we're being sourced rather than running stand-alone
 # or in a sub-shell
@@ -125,64 +123,3 @@ if is_fedora; then
     fi
 
 fi
-
-# RHEL6
-# -----
-
-if [[ $DISTRO =~ (rhel6) ]]; then
-
-    # install_pip.sh installs the latest setuptools over the packaged
-    # version.  We can't really uninstall the packaged version if it
-    # is there, because it may remove other important things like
-    # cloud-init.  Things work, but there can be an old egg file left
-    # around from the package that causes some really strange
-    # setuptools errors.  Remove it, if it is there
-    sudo rm -f /usr/lib/python2.6/site-packages/setuptools-0.6*.egg-info
-
-    # If the ``dbus`` package was installed by DevStack dependencies the
-    # uuid may not be generated because the service was never started (PR#598200),
-    # causing Nova to stop later on complaining that ``/var/lib/dbus/machine-id``
-    # does not exist.
-    sudo service messagebus restart
-
-    # The following workarounds break xenserver
-    if [ "$VIRT_DRIVER" != 'xenserver' ]; then
-        # An old version of ``python-crypto`` (2.0.1) may be installed on a
-        # fresh system via Anaconda and the dependency chain
-        # ``cas`` -> ``python-paramiko`` -> ``python-crypto``.
-        # ``pip uninstall pycrypto`` will remove the packaged ``.egg-info``
-        # file but leave most of the actual library files behind in
-        # ``/usr/lib64/python2.6/Crypto``. Later ``pip install pycrypto``
-        # will install over the packaged files resulting
-        # in a useless mess of old, rpm-packaged files and pip-installed files.
-        # Remove the package so that ``pip install python-crypto`` installs
-        # cleanly.
-        # Note: other RPM packages may require ``python-crypto`` as well.
-        # For example, RHEL6 does not install ``python-paramiko packages``.
-        uninstall_package python-crypto
-
-        # A similar situation occurs with ``python-lxml``, which is required by
-        # ``ipa-client``, an auditing package we don't care about.  The
-        # build-dependencies needed for ``pip install lxml`` (``gcc``,
-        # ``libxml2-dev`` and ``libxslt-dev``) are present in
-        # ``files/rpms/general``.
-        uninstall_package python-lxml
-    fi
-
-    # ``setup.py`` contains a ``setup_requires`` package that is supposed
-    # to be transient.  However, RHEL6 distribute has a bug where
-    # ``setup_requires`` registers entry points that are not cleaned
-    # out properly after the setup-phase resulting in installation failures
-    # (bz#924038).  Pre-install the problem package so the ``setup_requires``
-    # dependency is satisfied and it will not be installed transiently.
-    # Note we do this before the track-depends in ``stack.sh``.
-    pip_install hgtools
-
-    # workaround for https://code.google.com/p/unittest-ext/issues/detail?id=79
-    install_package python-unittest2 patch
-    pip_install discover
-    (cd /usr/lib/python2.6/site-packages/; sudo patch <"$FILES/patches/unittest2-discover.patch" || echo 'Assume already applied')
-    # Make sure the discover.pyc is up to date
-    sudo rm /usr/lib/python2.6/site-packages/discover.pyc || true
-    sudo python -c 'import discover'
-fi

From a27b74cdf74a83ef2d197d026526211d12990228 Mon Sep 17 00:00:00 2001
From: Eric Harney 
Date: Thu, 18 Sep 2014 13:02:55 -0400
Subject: [PATCH 0332/3421] Ceph: wait for services to shutdown during cleanup

It can take ceph-osd and ceph-mon a few seconds to complete when
they are killed.  This races against the umount command in cleaup
and can often result in $CEPH_DATA_DIR failing to unmount since
it is still in use.

Wait for these processes to stop to ensure the mount point is
umounted successfully.

Change-Id: I1a635e75a68be6b14fbee52ff981b5f5a3a8eb0e
---
 lib/ceph | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index 77b5726df1..a6b8cc8b57 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -142,8 +142,8 @@ function cleanup_ceph_remote {
 }
 
 function cleanup_ceph_embedded {
-    sudo pkill -f ceph-mon
-    sudo pkill -f ceph-osd
+    sudo killall -w -9 ceph-mon
+    sudo killall -w -9 ceph-osd
     sudo rm -rf ${CEPH_DATA_DIR}/*/*
     if egrep -q ${CEPH_DATA_DIR} /proc/mounts; then
         sudo umount ${CEPH_DATA_DIR}

From c906bb38851037880f557b15ad30c9b0bb7fa295 Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Mon, 1 Dec 2014 07:20:33 +0000
Subject: [PATCH 0333/3421] Make neutron the default in devstack

This changes the default devstack configuration to use Neutron instead of
nova-network.

Change-Id: Ia161695a8414cad751c3e66b985a78384a76890d
---
 stackrc | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/stackrc b/stackrc
index 2dd56e8104..ce54fae432 100644
--- a/stackrc
+++ b/stackrc
@@ -32,15 +32,11 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 # ``disable_service`` functions in ``local.conf``.
 # For example, to enable Swift add this to ``local.conf``:
 #  enable_service s-proxy s-object s-container s-account
-# In order to enable Neutron (a single node setup) add the following
-# settings in ``local.conf``:
+# In order to enable nova-networking add the following settings in
+# `` local.conf ``:
 #  [[local|localrc]]
-#  disable_service n-net
-#  enable_service q-svc
-#  enable_service q-agt
-#  enable_service q-dhcp
-#  enable_service q-l3
-#  enable_service q-meta
+#  disable_service q-svc q-agt q-dhcp q-l3 q-meta
+#  enable_service n-net
 #  # Optional, to enable tempest configuration as part of devstack
 #  enable_service tempest
 function isset {
@@ -54,14 +50,16 @@ function isset {
 
 # this allows us to pass ENABLED_SERVICES
 if ! isset ENABLED_SERVICES ; then
-    # core compute (glance / keystone / nova (+ nova-network))
-    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-xvnc,n-cauth
+    # core compute (glance / keystone / nova)
+    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-cond,n-sch,n-xvnc,n-cauth
     # cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
     # heat
     ENABLED_SERVICES+=,h-eng,h-api,h-api-cfn,h-api-cw
     # dashboard
     ENABLED_SERVICES+=,horizon
+    # neutron
+    ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta
     # additional services
     ENABLED_SERVICES+=,rabbit,tempest,mysql
 fi

From c070a3dbb5c52fb9099bd6cec477ba3d0a75760a Mon Sep 17 00:00:00 2001
From: Maru Newby 
Date: Tue, 27 Jan 2015 17:44:44 +0000
Subject: [PATCH 0334/3421] Init default lvm volume group only if required

A recent patch [1] added support for lvm ephemeral storage for nova,
but at the cost of initializing a default lvm volume group even if it
was not required.  This change ensures that init of the default volume
group is only performed when nova and/or cinder are configured to use
lvm.

1: https://review.openstack.org/#/c/132333

Change-Id: I7634ca0ed0ffe1b13464e4d66744918f85149f2e
Closes-Bug: #1414820
---
 lib/cinder |  4 ++++
 lib/lvm    | 19 +++++++++++++++++++
 lib/nova   |  4 ++++
 stack.sh   |  4 ----
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 6eee880fef..03e2e28727 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -399,6 +399,10 @@ function init_cinder {
             be_type=${be%%:*}
             be_name=${be##*:}
             if type init_cinder_backend_${be_type} >/dev/null 2>&1; then
+                # Always init the default volume group for lvm.
+                if [[ "$be_type" == "lvm" ]]; then
+                    init_default_lvm_volume_group
+                fi
                 init_cinder_backend_${be_type} ${be_name}
             fi
         done
diff --git a/lib/lvm b/lib/lvm
index 4ef260d593..ed24487c5f 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -117,6 +117,25 @@ function init_lvm_volume_group {
     _clean_lvm_volume_group $vg
 }
 
+# Sentinal value to ensure that init of default lvm volume group is
+# only performed once across calls of init_default_lvm_volume_group.
+_DEFAULT_LVM_INIT=${_DEFAULT_LVM_INIT:-0}
+
+# init_default_lvm_volume_group() initializes a default volume group
+# intended to be shared between cinder and nova.  It is idempotent;
+# the init of the default volume group is guaranteed to be performed
+# only once so that either or both of the dependent services can
+# safely call this function.
+#
+# Usage: init_default_lvm_volume_group()
+function init_default_lvm_volume_group {
+    if [[ "$_DEFAULT_LVM_INIT" = "0" ]]; then
+        init_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME $VOLUME_BACKING_FILE_SIZE
+        _DEFAULT_LVM_INIT=1
+    fi
+}
+
+
 # Restore xtrace
 $MY_XTRACE
 
diff --git a/lib/nova b/lib/nova
index 76212edc96..a4b1bb15dc 100644
--- a/lib/nova
+++ b/lib/nova
@@ -640,6 +640,10 @@ function init_nova {
 
     create_nova_cache_dir
     create_nova_keys_dir
+
+    if [[ "$NOVA_BACKEND" == "LVM" ]]; then
+        init_default_lvm_volume_group
+    fi
 }
 
 # install_novaclient() - Collect source and prepare
diff --git a/stack.sh b/stack.sh
index b03cca8c51..db36367c07 100755
--- a/stack.sh
+++ b/stack.sh
@@ -939,10 +939,6 @@ init_service_check
 # A better kind of sysstat, with the top process per time slice
 start_dstat
 
-# Initialize default LVM volume group
-# -----------------------------------
-init_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME $VOLUME_BACKING_FILE_SIZE
-
 # Start Services
 # ==============
 

From 18f39bfb1f6af23a7fc5f5a5b822e7216ce9ec62 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Wed, 28 Jan 2015 13:38:32 +1000
Subject: [PATCH 0335/3421] Remove the default project from all users

The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.

Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
---
 extras.d/70-tuskar.sh |  3 +--
 functions-common      | 11 +++++------
 lib/ceilometer        |  3 +--
 lib/cinder            |  3 +--
 lib/glance            |  5 ++---
 lib/heat              |  3 +--
 lib/ironic            |  3 +--
 lib/keystone          |  5 ++---
 lib/neutron           |  3 +--
 lib/nova              |  3 +--
 lib/sahara            |  3 +--
 lib/swift             | 16 ++++++----------
 lib/tempest           |  2 +-
 lib/trove             |  3 +--
 lib/zaqar             |  3 +--
 15 files changed, 26 insertions(+), 43 deletions(-)

diff --git a/extras.d/70-tuskar.sh b/extras.d/70-tuskar.sh
index 6e26db2804..551916f35a 100644
--- a/extras.d/70-tuskar.sh
+++ b/extras.d/70-tuskar.sh
@@ -180,8 +180,7 @@ function create_tuskar_accounts {
     local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    local tuskar_user=$(get_or_create_user "tuskar" \
-        "$SERVICE_PASSWORD" $service_tenant)
+    local tuskar_user=$(get_or_create_user "tuskar" "$SERVICE_PASSWORD")
     get_or_add_user_role $admin_role $tuskar_user $service_tenant
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/functions-common b/functions-common
index f8b8eaf567..29c28f4581 100644
--- a/functions-common
+++ b/functions-common
@@ -860,17 +860,17 @@ function get_or_create_group {
 }
 
 # Gets or creates user
-# Usage: get_or_create_user    [ []]
+# Usage: get_or_create_user   [ []]
 function get_or_create_user {
-    if [[ ! -z "$4" ]]; then
-        local email="--email=$4"
+    if [[ ! -z "$3" ]]; then
+        local email="--email=$3"
     else
         local email=""
     fi
     local os_cmd="openstack"
     local domain=""
-    if [[ ! -z "$5" ]]; then
-        domain="--domain=$5"
+    if [[ ! -z "$4" ]]; then
+        domain="--domain=$4"
         os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
     fi
     # Gets user id
@@ -879,7 +879,6 @@ function get_or_create_user {
         $os_cmd user create \
             $1 \
             --password "$2" \
-            --project $3 \
             $email \
             $domain \
             --or-show \
diff --git a/lib/ceilometer b/lib/ceilometer
index d48751e5a3..a83d0931a1 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -110,8 +110,7 @@ function create_ceilometer_accounts {
 
     # Ceilometer
     if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
-        local ceilometer_user=$(get_or_create_user "ceilometer" \
-            "$SERVICE_PASSWORD" $service_tenant)
+        local ceilometer_user=$(get_or_create_user "ceilometer" "$SERVICE_PASSWORD")
         get_or_add_user_role $admin_role $ceilometer_user $service_tenant
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/cinder b/lib/cinder
index 6043891164..dbccf44600 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -348,8 +348,7 @@ function create_cinder_accounts {
     # Cinder
     if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
 
-        local cinder_user=$(get_or_create_user "cinder" \
-            "$SERVICE_PASSWORD" $service_tenant)
+        local cinder_user=$(get_or_create_user "cinder" "$SERVICE_PASSWORD")
         get_or_add_user_role $admin_role $cinder_user $service_tenant
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/glance b/lib/glance
index 87687613cd..bee57a3100 100644
--- a/lib/glance
+++ b/lib/glance
@@ -232,15 +232,14 @@ function configure_glance {
 function create_glance_accounts {
     if is_service_enabled g-api; then
 
-        local glance_user=$(get_or_create_user "glance" \
-            "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME)
+        local glance_user=$(get_or_create_user "glance" "$SERVICE_PASSWORD")
         get_or_add_user_role service $glance_user $SERVICE_TENANT_NAME
 
         # required for swift access
         if is_service_enabled s-proxy; then
 
             local glance_swift_user=$(get_or_create_user "glance-swift" \
-                "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com")
+                "$SERVICE_PASSWORD" "glance-swift@example.com")
             get_or_add_user_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
         fi
 
diff --git a/lib/heat b/lib/heat
index 813c2fe65a..5bc7283361 100644
--- a/lib/heat
+++ b/lib/heat
@@ -243,8 +243,7 @@ function create_heat_accounts {
     local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    local heat_user=$(get_or_create_user "heat" \
-        "$SERVICE_PASSWORD" $service_tenant)
+    local heat_user=$(get_or_create_user "heat" "$SERVICE_PASSWORD")
     get_or_add_user_role $admin_role $heat_user $service_tenant
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/ironic b/lib/ironic
index 2075a9cda6..fced2949f4 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -365,8 +365,7 @@ function create_ironic_accounts {
     if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
         # Get ironic user if exists
 
-        local ironic_user=$(get_or_create_user "ironic" \
-            "$SERVICE_PASSWORD" $service_tenant)
+        local ironic_user=$(get_or_create_user "ironic" "$SERVICE_PASSWORD")
         get_or_add_user_role $admin_role $ironic_user $service_tenant
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/keystone b/lib/keystone
index afa7f009e7..d5ccc2f075 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -362,8 +362,7 @@ function create_keystone_accounts {
 
     # admin
     local admin_tenant=$(get_or_create_project "admin")
-    local admin_user=$(get_or_create_user "admin" \
-        "$ADMIN_PASSWORD" "$admin_tenant")
+    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
     local admin_role=$(get_or_create_role "admin")
     get_or_add_user_role $admin_role $admin_user $admin_tenant
 
@@ -392,7 +391,7 @@ function create_keystone_accounts {
     # demo
     local demo_tenant=$(get_or_create_project "demo")
     local demo_user=$(get_or_create_user "demo" \
-        "$ADMIN_PASSWORD" "$demo_tenant" "demo@example.com")
+        "$ADMIN_PASSWORD" "demo@example.com")
 
     get_or_add_user_role $member_role $demo_user $demo_tenant
     get_or_add_user_role $admin_role $admin_user $demo_tenant
diff --git a/lib/neutron b/lib/neutron
index b22c00b097..d16cd3810b 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -513,8 +513,7 @@ function create_neutron_accounts {
 
     if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
 
-        local neutron_user=$(get_or_create_user "neutron" \
-            "$SERVICE_PASSWORD" $service_tenant)
+        local neutron_user=$(get_or_create_user "neutron" "$SERVICE_PASSWORD")
         get_or_add_user_role $service_role $neutron_user $service_tenant
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/nova b/lib/nova
index 76212edc96..c8d0d94c27 100644
--- a/lib/nova
+++ b/lib/nova
@@ -359,8 +359,7 @@ function create_nova_accounts {
     # Nova
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
 
-        local nova_user=$(get_or_create_user "nova" \
-            "$SERVICE_PASSWORD" $service_tenant)
+        local nova_user=$(get_or_create_user "nova" "$SERVICE_PASSWORD")
         get_or_add_user_role $admin_role $nova_user $service_tenant
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/sahara b/lib/sahara
index 995935aebf..44c06d3c46 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -64,8 +64,7 @@ function create_sahara_accounts {
     local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    local sahara_user=$(get_or_create_user "sahara" \
-        "$SERVICE_PASSWORD" $service_tenant)
+    local sahara_user=$(get_or_create_user "sahara" "$SERVICE_PASSWORD")
     get_or_add_user_role $admin_role $sahara_user $service_tenant
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/swift b/lib/swift
index ee4543cb5b..1ddfa450ab 100644
--- a/lib/swift
+++ b/lib/swift
@@ -594,8 +594,7 @@ function create_swift_accounts {
     local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
     local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
 
-    local swift_user=$(get_or_create_user "swift" \
-        "$SERVICE_PASSWORD" $service_tenant)
+    local swift_user=$(get_or_create_user "swift" "$SERVICE_PASSWORD")
     get_or_add_user_role $admin_role $swift_user $service_tenant
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
@@ -611,21 +610,18 @@ function create_swift_accounts {
 
     local swift_tenant_test1=$(get_or_create_project swifttenanttest1)
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
-    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
-        "$swift_tenant_test1" "test@example.com")
+    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
     get_or_add_user_role $admin_role $SWIFT_USER_TEST1 $swift_tenant_test1
 
-    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
-        "$swift_tenant_test1" "test3@example.com")
+    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
     get_or_add_user_role $another_role $swift_user_test3 $swift_tenant_test1
 
     local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
 
-    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
-        "$swift_tenant_test2" "test2@example.com")
+    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
     get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
 
@@ -634,8 +630,8 @@ function create_swift_accounts {
 
     local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
     die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
-    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
-        $swift_tenant_test4 "test4@example.com" $swift_domain)
+
+    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
     get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
 }
diff --git a/lib/tempest b/lib/tempest
index 1ae945779d..86f30b4a40 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -502,7 +502,7 @@ function create_tempest_accounts {
         # Tempest has some tests that validate various authorization checks
         # between two regular users in separate tenants
         get_or_create_project alt_demo
-        get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com"
+        get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
         get_or_add_user_role Member alt_demo alt_demo
     fi
 }
diff --git a/lib/trove b/lib/trove
index 3249ce0746..5e6b1b39c3 100644
--- a/lib/trove
+++ b/lib/trove
@@ -84,8 +84,7 @@ function create_trove_accounts {
 
     if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
 
-        local trove_user=$(get_or_create_user "trove" \
-            "$SERVICE_PASSWORD" $service_tenant)
+        local trove_user=$(get_or_create_user "trove" "$SERVICE_PASSWORD")
         get_or_add_user_role $service_role $trove_user $service_tenant
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/zaqar b/lib/zaqar
index dfa3452f0d..618ac30534 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -218,8 +218,7 @@ function create_zaqar_accounts {
     local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
     ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    local zaqar_user=$(get_or_create_user "zaqar" \
-        "$SERVICE_PASSWORD" $service_tenant)
+    local zaqar_user=$(get_or_create_user "zaqar" "$SERVICE_PASSWORD")
     get_or_add_user_role $ADMIN_ROLE $zaqar_user $service_tenant
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then

From 9a704486a9471d6e0d6e6bf82321784e2348f257 Mon Sep 17 00:00:00 2001
From: Zhenzan Zhou 
Date: Tue, 27 Jan 2015 10:48:24 +0800
Subject: [PATCH 0336/3421] Fix wrong grep regular expression for tap ports

The regular expression used in neutron_ovs_base_cleanup omit
prefix in ovs tap ports, so wrong names are returned and used.
E.g. tap devices created for ironic in devstack are brbm-tap1
and ovs-tap1.

Change-Id: I034be6362b3d09c5296ecc413828a056712c3bd2
---
 lib/neutron_plugins/ovs_base | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index cde5298af8..2997c6c25a 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -28,7 +28,7 @@ function _neutron_ovs_base_setup_bridge {
 
 function neutron_ovs_base_cleanup {
     # remove all OVS ports that look like Neutron created ports
-    for port in $(sudo ovs-vsctl list port | grep -o -e tap[0-9a-f\-]* -e q[rg]-[0-9a-f\-]*); do
+    for port in $(sudo ovs-vsctl list port | grep -o -e [a-zA-Z\-]*tap[0-9a-f\-]* -e q[rg]-[0-9a-f\-]*); do
         sudo ovs-vsctl del-port ${port}
     done
 

From ec89fa039bb115bce8dc40c4b72359c07e487a3a Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 29 Jan 2015 11:16:00 +0100
Subject: [PATCH 0337/3421] Remove --skip-redirect form the tgtd service
 restart

skip-redirect was intruduced with the first commit related
to cinder support, nobody remembers why was this undocumented option
there those times.

Change-Id: If579a93090392327bce96ddd1b562977edf762de
---
 lib/cinder | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 1bc6ddd7c5..524152b302 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -450,10 +450,7 @@ function start_cinder {
         _configure_tgt_for_config_d
         if is_ubuntu; then
             sudo service tgt restart
-        elif is_fedora; then
-            # bypass redirection to systemctl during restart
-            sudo /sbin/service --skip-redirect tgtd restart
-        elif is_suse; then
+        elif is_fedora || is_suse; then
             restart_service tgtd
         else
             # note for other distros: unstack.sh also uses the tgt/tgtd service

From d8267b74aeb865ac1289d75bd2a965d3248aeed5 Mon Sep 17 00:00:00 2001
From: Clark Boylan 
Date: Thu, 29 Jan 2015 09:25:42 -0800
Subject: [PATCH 0338/3421] Revert "Exit after printing error about RPC config"

This reverts commit c1dbf10562796c7006fd0a66c6cb39a1b990c8c1.

Reverting because it is valid to run devstack without enabling an rpc
backend. For example when you run devstack on a multinode deployment
compute hosts probably shouldn't run rabbit and instead will just talk
to the rabbit server set up on the controller node. As a result we
should not die when no rpc backends are set.

Change-Id: If9a31e031552f4161d42094fa960221b4d9e893c
---
 lib/rpc_backend | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 98be1844b6..d87d6207b1 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -54,15 +54,13 @@ function check_rpc_backend {
         (( rpc_backend_cnt++ )) || true
     done
     if [ "$rpc_backend_cnt" -gt 1 ]; then
-        die $LINENO \
-            "Only one rpc backend may be enabled, " \
-            "set only one of 'rabbit', 'qpid', 'zeromq' " \
-            "via ENABLED_SERVICES."
+        echo "ERROR: only one rpc backend may be enabled,"
+        echo "       set only one of 'rabbit', 'qpid', 'zeromq'"
+        echo "       via ENABLED_SERVICES."
     elif [ "$rpc_backend_cnt" == 0 ] && [ "$rpc_needed" == 0 ]; then
-        die $LINENO \
-            "at least one rpc backend must be enabled, " \
-            "set one of 'rabbit', 'qpid', 'zeromq'" \
-            "via ENABLED_SERVICES."
+        echo "ERROR: at least one rpc backend must be enabled,"
+        echo "       set one of 'rabbit', 'qpid', 'zeromq'"
+        echo "       via ENABLED_SERVICES."
     fi
 
     if is_service_enabled qpid && ! qpid_is_supported; then

From b43b3595061ce3138889ac78ded0eebbb144e4db Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 29 Jan 2015 12:05:43 -0600
Subject: [PATCH 0339/3421] Create LOGDIR if it doesn't exist

Create LOGDIR when LOGFILE is not set.  This fix is rather blunt
as logging setup will be further tweaked as
https://github.com/openstack/qa-specs/blob/master/specs/devstack/devstack-logging-and-service-names.rst
progresses.

Change-Id: I4a574f295eb6d55c7196ec563bd356d6c0bc8833
---
 stack.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/stack.sh b/stack.sh
index 5b5697252b..d3d54cc699 100755
--- a/stack.sh
+++ b/stack.sh
@@ -352,6 +352,10 @@ TIMESTAMP_FORMAT=${TIMESTAMP_FORMAT:-"%F-%H%M%S"}
 LOGDAYS=${LOGDAYS:-7}
 CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT")
 
+if [[ -n ${LOGDIR:-} ]]; then
+    mkdir -p $LOGDIR
+fi
+
 if [[ -n "$LOGFILE" ]]; then
     # Clean up old log files.  Append '.*' to the user-specified
     # ``LOGFILE`` to match the date in the search template.

From 38c95b8eba7a67535895c62a0d676f0ad37c5070 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 30 Jan 2015 02:15:42 +0000
Subject: [PATCH 0340/3421] Configure auth_token middleware manually in swift.

Swift doesn't use olso.config and so the method of configuring swift via the
[keystone_authtoken] config options will not work. Go back to configuring swift
manually.

This will need to be fixed in either keystonemiddleware or swift as configuring
via plugin is the path to v3 authentication, service domains and new forms of
service user authentication.

Closes-Bug: #1415795
Change-Id: Ibe27116a11756072d5a300a6d3691c5f8c32317e
---
 lib/swift | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/lib/swift b/lib/swift
index ee4543cb5b..e6e1212f23 100644
--- a/lib/swift
+++ b/lib/swift
@@ -409,16 +409,27 @@ function configure_swift {
     # Configure Crossdomain
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
 
-    # Configure Keystone
-    sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
-    configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
+
     # This causes the authtoken middleware to use the same python logging
     # adapter provided by the swift proxy-server, so that request transaction
     # IDs will included in all of its log messages.
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
 
-    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use
-    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
+    # NOTE(jamielennox): swift cannot use the regular configure_auth_token_middleware function because swift
+    # doesn't use oslo.config which is the only way to configure auth plugins with the middleare.
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken identity_uri $KEYSTONE_AUTH_URI
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_URI
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $SSL_BUNDLE_FILE
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
+
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth"
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
 
     # Configure Tempauth. In the sample config file, Keystoneauth is commented

From 901dbecd4ca2d851cfb929b18aec546481699978 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" 
Date: Fri, 30 Jan 2015 17:03:32 +0000
Subject: [PATCH 0341/3421] dstat: avoid creating self-referential symlink

If the SCREEN_LOGDIR and LOGDIR environment variables point to the
same location, devstack creates a dstat.log which is a symlink
pointing to itself. The second invokation of devstack then fails
trying to reference this broken symlink

Change-Id: I1de2bb7983e7535b41b28f526083a0d77312ff85
---
 lib/dstat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dstat b/lib/dstat
index d1db469aa6..8165e5c5e9 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -29,7 +29,7 @@ function start_dstat {
     DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
     if [[ -n ${LOGDIR} ]]; then
         screen_it dstat "cd $TOP_DIR; dstat $DSTAT_OPTS | tee $LOGDIR/$DSTAT_FILE"
-        if [[ -n ${SCREEN_LOGDIR} ]]; then
+        if [[ -n ${SCREEN_LOGDIR} && ${SCREEN_LOGDIR} != ${LOGDIR} ]]; then
             # Drop the backward-compat symlink
             ln -sf $LOGDIR/$DSTAT_FILE ${SCREEN_LOGDIR}/$DSTAT_FILE
         fi

From a1b82cc1b5a7172c3fdf17d2c3f0725660911ad7 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Fri, 30 Jan 2015 13:54:40 -0600
Subject: [PATCH 0342/3421] Fix unbound literal in trueorfalse()

Change-Id: I4c465819c311604e97d24e081389ff531f8a42fa
---
 functions-common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index 4d1c89ae15..b92fa55663 100644
--- a/functions-common
+++ b/functions-common
@@ -245,7 +245,7 @@ function trueorfalse {
     set +o xtrace
     local default=$1
     local literal=$2
-    local testval=${!literal}
+    local testval=${!literal:-}
 
     [[ -z "$testval" ]] && { echo "$default"; return; }
     [[ "0 no No NO false False FALSE" =~ "$testval" ]] && { echo "False"; return; }

From 490430dbe3b7d9979b4623f2c327bb0a74436401 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Fri, 30 Jan 2015 14:38:35 -0600
Subject: [PATCH 0343/3421] Split functions-common: python functions

Move Python-related functions into inc/python

Should be transparent to all callers as it is sourced from functions-common

Change-Id: I88043830cef9211b4e0baa91bfcc7a92125afa9f
---
 functions        |   1 +
 functions-common | 199 ------------------------------------------
 inc/python       | 223 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 224 insertions(+), 199 deletions(-)
 create mode 100644 inc/python

diff --git a/functions b/functions
index 5b3a8ea192..2f976cfab1 100644
--- a/functions
+++ b/functions
@@ -13,6 +13,7 @@
 # Include the common functions
 FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 source ${FUNC_DIR}/functions-common
+source ${FUNC_DIR}/inc/python
 
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
diff --git a/functions-common b/functions-common
index b92fa55663..a6ecdd6983 100644
--- a/functions-common
+++ b/functions-common
@@ -15,7 +15,6 @@
 # - OpenStack Functions
 # - Package Functions
 # - Process Functions
-# - Python Functions
 # - Service Functions
 # - System Functions
 #
@@ -1590,204 +1589,6 @@ function screen_stop {
 }
 
 
-# Python Functions
-# ================
-
-# Get the path to the pip command.
-# get_pip_command
-function get_pip_command {
-    which pip || which pip-python
-
-    if [ $? -ne 0 ]; then
-        die $LINENO "Unable to find pip; cannot continue"
-    fi
-}
-
-# Get the path to the direcotry where python executables are installed.
-# get_python_exec_prefix
-function get_python_exec_prefix {
-    if is_fedora || is_suse; then
-        echo "/usr/bin"
-    else
-        echo "/usr/local/bin"
-    fi
-}
-
-# Wrapper for ``pip install`` to set cache and proxy environment variables
-# Uses globals ``OFFLINE``, ``TRACK_DEPENDS``, ``*_proxy``
-# pip_install package [package ...]
-function pip_install {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local offline=${OFFLINE:-False}
-    if [[ "$offline" == "True" || -z "$@" ]]; then
-        $xtrace
-        return
-    fi
-
-    if [[ -z "$os_PACKAGE" ]]; then
-        GetOSVersion
-    fi
-    if [[ $TRACK_DEPENDS = True && ! "$@" =~ virtualenv ]]; then
-        # TRACK_DEPENDS=True installation creates a circular dependency when
-        # we attempt to install virtualenv into a virualenv, so we must global
-        # that installation.
-        source $DEST/.venv/bin/activate
-        local cmd_pip=$DEST/.venv/bin/pip
-        local sudo_pip="env"
-    else
-        local cmd_pip=$(get_pip_command)
-        local sudo_pip="sudo -H"
-    fi
-
-    local pip_version=$(python -c "import pip; \
-                        print(pip.__version__.strip('.')[0])")
-    if (( pip_version<6 )); then
-        die $LINENO "Currently installed pip version ${pip_version} does not" \
-            "meet minimum requirements (>=6)."
-    fi
-
-    $xtrace
-    $sudo_pip \
-        http_proxy=${http_proxy:-} \
-        https_proxy=${https_proxy:-} \
-        no_proxy=${no_proxy:-} \
-        $cmd_pip install \
-        $@
-
-    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False INSTALL_TESTONLY_PACKAGES)
-    if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
-        local test_req="$@/test-requirements.txt"
-        if [[ -e "$test_req" ]]; then
-            $sudo_pip \
-                http_proxy=${http_proxy:-} \
-                https_proxy=${https_proxy:-} \
-                no_proxy=${no_proxy:-} \
-                $cmd_pip install \
-                -r $test_req
-        fi
-    fi
-}
-
-# should we use this library from their git repo, or should we let it
-# get pulled in via pip dependencies.
-function use_library_from_git {
-    local name=$1
-    local enabled=1
-    [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0
-    return $enabled
-}
-
-# setup a library by name. If we are trying to use the library from
-# git, we'll do a git based install, otherwise we'll punt and the
-# library should be installed by a requirements pull from another
-# project.
-function setup_lib {
-    local name=$1
-    local dir=${GITDIR[$name]}
-    setup_install $dir
-}
-
-# setup a library by name in editiable mode. If we are trying to use
-# the library from git, we'll do a git based install, otherwise we'll
-# punt and the library should be installed by a requirements pull from
-# another project.
-#
-# use this for non namespaced libraries
-function setup_dev_lib {
-    local name=$1
-    local dir=${GITDIR[$name]}
-    setup_develop $dir
-}
-
-# this should be used if you want to install globally, all libraries should
-# use this, especially *oslo* ones
-function setup_install {
-    local project_dir=$1
-    setup_package_with_req_sync $project_dir
-}
-
-# this should be used for projects which run services, like all services
-function setup_develop {
-    local project_dir=$1
-    setup_package_with_req_sync $project_dir -e
-}
-
-# determine if a project as specified by directory is in
-# projects.txt. This will not be an exact match because we throw away
-# the namespacing when we clone, but it should be good enough in all
-# practical ways.
-function is_in_projects_txt {
-    local project_dir=$1
-    local project_name=$(basename $project_dir)
-    return grep "/$project_name\$" $REQUIREMENTS_DIR/projects.txt >/dev/null
-}
-
-# ``pip install -e`` the package, which processes the dependencies
-# using pip before running `setup.py develop`
-#
-# Updates the dependencies in project_dir from the
-# openstack/requirements global list before installing anything.
-#
-# Uses globals ``TRACK_DEPENDS``, ``REQUIREMENTS_DIR``, ``UNDO_REQUIREMENTS``
-# setup_develop directory
-function setup_package_with_req_sync {
-    local project_dir=$1
-    local flags=$2
-
-    # Don't update repo if local changes exist
-    # Don't use buggy "git diff --quiet"
-    # ``errexit`` requires us to trap the exit code when the repo is changed
-    local update_requirements=$(cd $project_dir && git diff --exit-code >/dev/null || echo "changed")
-
-    if [[ $update_requirements != "changed" ]]; then
-        if [[ "$REQUIREMENTS_MODE" == "soft" ]]; then
-            if is_in_projects_txt $project_dir; then
-                (cd $REQUIREMENTS_DIR; \
-                    python update.py $project_dir)
-            else
-                # soft update projects not found in requirements project.txt
-                (cd $REQUIREMENTS_DIR; \
-                    python update.py -s $project_dir)
-            fi
-        else
-            (cd $REQUIREMENTS_DIR; \
-                python update.py $project_dir)
-        fi
-    fi
-
-    setup_package $project_dir $flags
-
-    # We've just gone and possibly modified the user's source tree in an
-    # automated way, which is considered bad form if it's a development
-    # tree because we've screwed up their next git checkin. So undo it.
-    #
-    # However... there are some circumstances, like running in the gate
-    # where we really really want the overridden version to stick. So provide
-    # a variable that tells us whether or not we should UNDO the requirements
-    # changes (this will be set to False in the OpenStack ci gate)
-    if [ $UNDO_REQUIREMENTS = "True" ]; then
-        if [[ $update_requirements != "changed" ]]; then
-            (cd $project_dir && git reset --hard)
-        fi
-    fi
-}
-
-# ``pip install -e`` the package, which processes the dependencies
-# using pip before running `setup.py develop`
-# Uses globals ``STACK_USER``
-# setup_develop_no_requirements_update directory
-function setup_package {
-    local project_dir=$1
-    local flags=$2
-
-    pip_install $flags $project_dir
-    # ensure that further actions can do things like setup.py sdist
-    if [[ "$flags" == "-e" ]]; then
-        safe_chown -R $STACK_USER $1/*.egg-info
-    fi
-}
-
 # Plugin Functions
 # =================
 
diff --git a/inc/python b/inc/python
new file mode 100644
index 0000000000..0348cb389f
--- /dev/null
+++ b/inc/python
@@ -0,0 +1,223 @@
+#!/bin/bash
+#
+# **inc/python** - Python-related functions
+#
+# Support for pip/setuptools interfaces and virtual environments
+#
+# External functions used:
+# - GetOSVersion
+# - is_fedora
+# - is_suse
+# - safe_chown
+
+# Save trace setting
+INC_PY_TRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Python Functions
+# ================
+
+# Get the path to the pip command.
+# get_pip_command
+function get_pip_command {
+    which pip || which pip-python
+
+    if [ $? -ne 0 ]; then
+        die $LINENO "Unable to find pip; cannot continue"
+    fi
+}
+
+# Get the path to the direcotry where python executables are installed.
+# get_python_exec_prefix
+function get_python_exec_prefix {
+    if is_fedora || is_suse; then
+        echo "/usr/bin"
+    else
+        echo "/usr/local/bin"
+    fi
+}
+
+# Wrapper for ``pip install`` to set cache and proxy environment variables
+# Uses globals ``INSTALL_TESTONLY_PACKAGES``, ``OFFLINE``, ``TRACK_DEPENDS``,
+# ``*_proxy``
+# pip_install package [package ...]
+function pip_install {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local offline=${OFFLINE:-False}
+    if [[ "$offline" == "True" || -z "$@" ]]; then
+        $xtrace
+        return
+    fi
+
+    if [[ -z "$os_PACKAGE" ]]; then
+        GetOSVersion
+    fi
+    if [[ $TRACK_DEPENDS = True && ! "$@" =~ virtualenv ]]; then
+        # TRACK_DEPENDS=True installation creates a circular dependency when
+        # we attempt to install virtualenv into a virualenv, so we must global
+        # that installation.
+        source $DEST/.venv/bin/activate
+        local cmd_pip=$DEST/.venv/bin/pip
+        local sudo_pip="env"
+    else
+        local cmd_pip=$(get_pip_command)
+        local sudo_pip="sudo -H"
+    fi
+
+    local pip_version=$(python -c "import pip; \
+                        print(pip.__version__.strip('.')[0])")
+    if (( pip_version<6 )); then
+        die $LINENO "Currently installed pip version ${pip_version} does not" \
+            "meet minimum requirements (>=6)."
+    fi
+
+    $xtrace
+    $sudo_pip \
+        http_proxy=${http_proxy:-} \
+        https_proxy=${https_proxy:-} \
+        no_proxy=${no_proxy:-} \
+        $cmd_pip install \
+        $@
+
+    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False INSTALL_TESTONLY_PACKAGES)
+    if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
+        local test_req="$@/test-requirements.txt"
+        if [[ -e "$test_req" ]]; then
+            $sudo_pip \
+                http_proxy=${http_proxy:-} \
+                https_proxy=${https_proxy:-} \
+                no_proxy=${no_proxy:-} \
+                $cmd_pip install \
+                -r $test_req
+        fi
+    fi
+}
+
+# should we use this library from their git repo, or should we let it
+# get pulled in via pip dependencies.
+function use_library_from_git {
+    local name=$1
+    local enabled=1
+    [[ ,${LIBS_FROM_GIT}, =~ ,${name}, ]] && enabled=0
+    return $enabled
+}
+
+# setup a library by name. If we are trying to use the library from
+# git, we'll do a git based install, otherwise we'll punt and the
+# library should be installed by a requirements pull from another
+# project.
+function setup_lib {
+    local name=$1
+    local dir=${GITDIR[$name]}
+    setup_install $dir
+}
+
+# setup a library by name in editiable mode. If we are trying to use
+# the library from git, we'll do a git based install, otherwise we'll
+# punt and the library should be installed by a requirements pull from
+# another project.
+#
+# use this for non namespaced libraries
+function setup_dev_lib {
+    local name=$1
+    local dir=${GITDIR[$name]}
+    setup_develop $dir
+}
+
+# this should be used if you want to install globally, all libraries should
+# use this, especially *oslo* ones
+function setup_install {
+    local project_dir=$1
+    setup_package_with_req_sync $project_dir
+}
+
+# this should be used for projects which run services, like all services
+function setup_develop {
+    local project_dir=$1
+    setup_package_with_req_sync $project_dir -e
+}
+
+# determine if a project as specified by directory is in
+# projects.txt. This will not be an exact match because we throw away
+# the namespacing when we clone, but it should be good enough in all
+# practical ways.
+function is_in_projects_txt {
+    local project_dir=$1
+    local project_name=$(basename $project_dir)
+    return grep "/$project_name\$" $REQUIREMENTS_DIR/projects.txt >/dev/null
+}
+
+# ``pip install -e`` the package, which processes the dependencies
+# using pip before running `setup.py develop`
+#
+# Updates the dependencies in project_dir from the
+# openstack/requirements global list before installing anything.
+#
+# Uses globals ``TRACK_DEPENDS``, ``REQUIREMENTS_DIR``, ``UNDO_REQUIREMENTS``
+# setup_develop directory
+function setup_package_with_req_sync {
+    local project_dir=$1
+    local flags=$2
+
+    # Don't update repo if local changes exist
+    # Don't use buggy "git diff --quiet"
+    # ``errexit`` requires us to trap the exit code when the repo is changed
+    local update_requirements=$(cd $project_dir && git diff --exit-code >/dev/null || echo "changed")
+
+    if [[ $update_requirements != "changed" ]]; then
+        if [[ "$REQUIREMENTS_MODE" == "soft" ]]; then
+            if is_in_projects_txt $project_dir; then
+                (cd $REQUIREMENTS_DIR; \
+                    python update.py $project_dir)
+            else
+                # soft update projects not found in requirements project.txt
+                (cd $REQUIREMENTS_DIR; \
+                    python update.py -s $project_dir)
+            fi
+        else
+            (cd $REQUIREMENTS_DIR; \
+                python update.py $project_dir)
+        fi
+    fi
+
+    setup_package $project_dir $flags
+
+    # We've just gone and possibly modified the user's source tree in an
+    # automated way, which is considered bad form if it's a development
+    # tree because we've screwed up their next git checkin. So undo it.
+    #
+    # However... there are some circumstances, like running in the gate
+    # where we really really want the overridden version to stick. So provide
+    # a variable that tells us whether or not we should UNDO the requirements
+    # changes (this will be set to False in the OpenStack ci gate)
+    if [ $UNDO_REQUIREMENTS = "True" ]; then
+        if [[ $update_requirements != "changed" ]]; then
+            (cd $project_dir && git reset --hard)
+        fi
+    fi
+}
+
+# ``pip install -e`` the package, which processes the dependencies
+# using pip before running `setup.py develop`
+# Uses globals ``STACK_USER``
+# setup_develop_no_requirements_update directory
+function setup_package {
+    local project_dir=$1
+    local flags=$2
+
+    pip_install $flags $project_dir
+    # ensure that further actions can do things like setup.py sdist
+    if [[ "$flags" == "-e" ]]; then
+        safe_chown -R $STACK_USER $1/*.egg-info
+    fi
+}
+
+
+# Restore xtrace
+$INC_PY_TRACE
+
+# Local variables:
+# mode: shell-script
+# End:

From c4b871f613b2bb8f29083f4a7200734d1cf3d8b1 Mon Sep 17 00:00:00 2001
From: Maru Newby 
Date: Fri, 30 Jan 2015 22:24:30 +0000
Subject: [PATCH 0344/3421] Add q-l3 conntrack dependency for ubuntu

The conntrack binary is included with conntrackd on rpm-based
distros but needs to be explicitly installed on ubuntu.

Change-Id: I615627c85d6aa5a465355c0ea27148f24d863a01
---
 files/debs/q-l3 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/debs/q-l3 b/files/debs/q-l3
index b98b628f22..106a6a35aa 100644
--- a/files/debs/q-l3
+++ b/files/debs/q-l3
@@ -1,2 +1,3 @@
+conntrack
 conntrackd
 keepalived

From 952fd90ff12e4964a35b63da2ec4226325f8f373 Mon Sep 17 00:00:00 2001
From: Maru Newby 
Date: Fri, 30 Jan 2015 22:27:12 +0000
Subject: [PATCH 0345/3421] Refactor lib/neutron rootwrap conf for reuse

This change separates out the creation and permision setting for
the /etc/neutron so that it can be reused by functional test
setup in rootwrap deployment.

Change-Id: Ib2ad5b21630ac82a3d7ffc7b088600b2168f1ecd
---
 lib/neutron | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 0f49476c4f..b13e31b8cb 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -791,15 +791,20 @@ function cleanup_neutron {
     done
 }
 
-# _configure_neutron_common()
-# Set common config for all neutron server and agents.
-# This MUST be called before other ``_configure_neutron_*`` functions.
-function _configure_neutron_common {
+
+function _create_neutron_conf_dir {
     # Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
     if [[ ! -d $NEUTRON_CONF_DIR ]]; then
         sudo mkdir -p $NEUTRON_CONF_DIR
     fi
     sudo chown $STACK_USER $NEUTRON_CONF_DIR
+}
+
+# _configure_neutron_common()
+# Set common config for all neutron server and agents.
+# This MUST be called before other ``_configure_neutron_*`` functions.
+function _configure_neutron_common {
+    _create_neutron_conf_dir
 
     cp $NEUTRON_DIR/etc/neutron.conf $NEUTRON_CONF
 

From 5bee0cd4ce52098b84dcdada3fbee0bb0add726b Mon Sep 17 00:00:00 2001
From: Martin Falatic 
Date: Fri, 23 Jan 2015 14:10:33 -0800
Subject: [PATCH 0346/3421] Updated supported OS releases listed in stack.sh

Updated the supported OS release versions mentioned in stack.sh to be
consistent with what is listed in doc/source/index.rst

Change-Id: Ie9045927779a063865115e3aff1b92450a104946
Closes-Bug: #1414205
---
 doc/source/index.rst |  2 +-
 stack.sh             | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 7188f6ecf4..0763fb83cb 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -19,7 +19,7 @@ Quick Start
 
 #. Select a Linux Distribution
 
-   Only Ubuntu 14.04 (Trusty), Fedora 20 and CentOS/RHEL 6.5 are
+   Only Ubuntu 14.04 (Trusty), Fedora 20 and CentOS/RHEL 7 are
    documented here. OpenStack also runs and is packaged on other flavors
    of Linux such as OpenSUSE and Debian.
 
diff --git a/stack.sh b/stack.sh
index cda302fd74..eaecea075c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -13,11 +13,11 @@
 # a multi-node developer install.
 
 # To keep this script simple we assume you are running on a recent **Ubuntu**
-# (12.04 Precise or newer) or **Fedora** (F18 or newer) machine.  (It may work
-# on other platforms but support for those platforms is left to those who added
-# them to DevStack.)  It should work in a VM or physical server.  Additionally
-# we maintain a list of ``apt`` and ``rpm`` dependencies and other configuration
-# files in this repo.
+# (14.04 Trusty or newer), **Fedora** (F20 or newer), or **CentOS/RHEL**
+# (7 or newer) machine. (It may work on other platforms but support for those
+# platforms is left to those who added them to DevStack.) It should work in
+# a VM or physical server. Additionally, we maintain a list of ``apt`` and
+# ``rpm`` dependencies and other configuration files in this repo.
 
 # Learn more and get the most recent version at http://devstack.org
 

From 99f5bcc35338aecc0ba1478369970baf1f5013e2 Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Tue, 3 Feb 2015 09:23:39 -0500
Subject: [PATCH 0347/3421] add event pipeline yaml

Ceilometer as added support for an event pipeline to enable
transformations and publishing of events. this patch adds the new
event_pipeline.yaml file

Change-Id: I7018a57e7db3690d72fd7c7d5090e6e61cf73e18
---
 lib/ceilometer | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ceilometer b/lib/ceilometer
index 5d5b987e9e..67a546e63c 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -190,6 +190,7 @@ function configure_ceilometer {
     iniset $CEILOMETER_CONF DEFAULT policy_file $CEILOMETER_CONF_DIR/policy.json
 
     cp $CEILOMETER_DIR/etc/ceilometer/pipeline.yaml $CEILOMETER_CONF_DIR
+    cp $CEILOMETER_DIR/etc/ceilometer/event_pipeline.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/api_paste.ini $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/event_definitions.yaml $CEILOMETER_CONF_DIR
 

From 37da4592c200a54dc8dcf6a549fb634a1d5814ca Mon Sep 17 00:00:00 2001
From: Doug Wiegley 
Date: Fri, 30 Jan 2015 23:30:08 -0700
Subject: [PATCH 0348/3421] Copy neutron service conf files into
 NEUTRON_CONF_DIR

As part of splitting neutron into pieces, one of the steps was splitting
the various bits of configuration into their respective repos. That just
happened, and this change propagates those config files into /etc/neutron
in the same manner that devstack is using for neutron.conf (and which is
done via setup.cfg, like neutron, for regular package installs.)

Required for neutron review: https://review.openstack.org/#/c/151541/

Change-Id: Ic9aec4401925eca9e1678d84662b96d346a911e3
---
 lib/neutron | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index 0f49476c4f..6edba5ba39 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -957,6 +957,9 @@ function _configure_neutron_ceilometer_notifications {
 }
 
 function _configure_neutron_lbaas {
+    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then
+        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR
+    fi
     neutron_agent_lbaas_configure_common
     neutron_agent_lbaas_configure_agent
 }
@@ -967,11 +970,17 @@ function _configure_neutron_metering {
 }
 
 function _configure_neutron_fwaas {
+    if [ -f $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf ]; then
+        cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf $NEUTRON_CONF_DIR
+    fi
     neutron_fwaas_configure_common
     neutron_fwaas_configure_driver
 }
 
 function _configure_neutron_vpn {
+    if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf ]; then
+        cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_CONF_DIR
+    fi
     neutron_vpn_install_agent_packages
     neutron_vpn_configure_common
 }

From 3eeed23751f75d0cf27e11bc73eba9e9ae5e321c Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Fri, 5 Dec 2014 03:30:41 +0000
Subject: [PATCH 0349/3421] Workflow documentation is now in infra-manual

Replace URLs for workflow documentation to appropriate parts of the
OpenStack Project Infrastructure Manual.

Change-Id: Idf519ff362731c106bbd9b63135f8dab4c7b7b92
---
 HACKING.rst                 | 2 +-
 doc/source/contributing.rst | 6 +++---
 doc/source/faq.rst          | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/HACKING.rst b/HACKING.rst
index b7d9a49458..dcde141782 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -20,7 +20,7 @@ in `How To Contribute`__ in the OpenStack wiki.  `DevStack's LaunchPad project`_
 contains the usual links for blueprints, bugs, etc.
 
 __ contribute_
-.. _contribute: http://wiki.openstack.org/HowToContribute
+.. _contribute: http://docs.openstack.org/infra/manual/developers.html
 
 __ lp_
 .. _lp: https://launchpad.net/~devstack
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
index b2a219b596..50c0100578 100644
--- a/doc/source/contributing.rst
+++ b/doc/source/contributing.rst
@@ -3,9 +3,9 @@ Contributing
 ============
 
 DevStack uses the standard OpenStack contribution process as outlined in
-`the OpenStack wiki 'How To
-Contribute' `__. This
-means that you will need to meet the requirements of the Contributors
+`the OpenStack developer
+guide `__. This
+means that you will need to meet the requirements of the Contribututors
 License Agreement (CLA). If you have already done that for another
 OpenStack project you are good to go.
 
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index f10c2eec36..fd9c736736 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -46,8 +46,8 @@ Q: I'd like to help!
     `git.openstack.org `__
     and bug reports go to
     `LaunchPad `__. Contributions
-    follow the usual process as described in the `OpenStack
-    wiki `__. This Sphinx
+    follow the usual process as described in the `developer
+    guide `__. This Sphinx
     documentation is housed in the doc directory.
 Q: Why not use packages?
     A: Unlike packages, DevStack leaves your cloud ready to develop -

From 0413d2db8d55f0d6a32551bc48a8e7d65800a0e2 Mon Sep 17 00:00:00 2001
From: Flavio Fernandes 
Date: Fri, 9 Jan 2015 16:09:12 -0500
Subject: [PATCH 0350/3421] Add param for turning on debug logs on
 opendaylight's net-virt

When looking at issues related to opendaylight and openstack, it
helps to bump up the logs on ovsdb and neutron northbound. This
commit introduces a param for doing that:

ODL_NETVIRT_DEBUG_LOGS=True

Change-Id: I109fc61ddc44255de031341fb41bef8db5f0714f
---
 lib/opendaylight | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lib/opendaylight b/lib/opendaylight
index 2f0f37e34d..6518673524 100644
--- a/lib/opendaylight
+++ b/lib/opendaylight
@@ -72,6 +72,11 @@ ODL_PROVIDER_MAPPINGS=${ODL_PROVIDER_MAPPINGS:-physnet1:eth1}
 # Enable OpenDaylight l3 forwarding
 ODL_L3=${ODL_L3:-False}
 
+# Enable debug logs for odl ovsdb
+ODL_NETVIRT_DEBUG_LOGS=${ODL_NETVIRT_DEBUG_LOGS:-False}
+
+# The logging config file in ODL
+ODL_LOGGING_CONFIG=${ODL_LOGGING_CONFIG:-${ODL_DIR}/${ODL_NAME}/etc/org.ops4j.pax.logging.cfg}
 
 # Entry Points
 # ------------
@@ -111,6 +116,22 @@ function configure_opendaylight {
             echo "ovsdb.l3.fwd.enabled=yes" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
         fi
     fi
+
+    # Configure DEBUG logs for network virtualization in odl, if the user wants it
+    if [ "${ODL_NETVIRT_DEBUG_LOGS}" == "True" ]; then
+        local OVSDB_DEBUG_LOGS=$(cat $ODL_LOGGING_CONFIG | grep ^log4j.logger.org.opendaylight.ovsdb)
+        if [ "${OVSDB_DEBUG_LOGS}" == "" ]; then
+            echo 'log4j.logger.org.opendaylight.ovsdb = TRACE' >> $ODL_LOGGING_CONFIG
+            echo 'log4j.logger.org.opendaylight.ovsdb.lib = INFO' >> $ODL_LOGGING_CONFIG
+            echo 'log4j.logger.org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter = DEBUG' >> $ODL_LOGGING_CONFIG
+            echo 'log4j.logger.org.opendaylight.ovsdb.openstack.netvirt.impl.TenantNetworkManagerImpl = DEBUG' >> $ODL_LOGGING_CONFIG
+            echo 'log4j.logger.org.opendaylight.ovsdb.plugin.md.OvsdbInventoryManager = INFO' >> $ODL_LOGGING_CONFIG
+        fi
+        local ODL_NEUTRON_DEBUG_LOGS=$(cat $ODL_LOGGING_CONFIG | grep ^log4j.logger.org.opendaylight.controller.networkconfig.neutron)
+        if [ "${ODL_NEUTRON_DEBUG_LOGS}" == "" ]; then
+            echo 'log4j.logger.org.opendaylight.controller.networkconfig.neutron = TRACE' >> $ODL_LOGGING_CONFIG
+        fi
+    fi
 }
 
 function configure_ml2_odl {

From 1add6fc222745d6cd4b396fd105fccee3c015e1b Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Tue, 3 Feb 2015 16:24:48 -0500
Subject: [PATCH 0351/3421] Increase the suggested minimum ram to 4gb

Change-Id: I4f098d731693e635ebcc89357d382674c7730201
---
 doc/source/guides/single-vm.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index a41c4e14f1..ab46d91b83 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -15,7 +15,7 @@ Virtual Machine
 ---------------
 
 DevStack should run in any virtual machine running a supported Linux
-release. It will perform best with 2Gb or more of RAM.
+release. It will perform best with 4Gb or more of RAM.
 
 OpenStack Deployment & cloud-init
 ---------------------------------

From 36298eec001f900c00a8ac89143375620af9ce3e Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 4 Feb 2015 10:29:31 +1100
Subject: [PATCH 0352/3421] Add default for YUM

This allows tools/* to use install_packages, etc, without having to
pull in stackrc for the $YUM definition.  Alternative to
Ief944af1ab177638bf818624a216751821e6330b

Change-Id: I7fe37079240e8cabbdffdcae5ad9d21e122e43c2
---
 functions-common | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/functions-common b/functions-common
index 4d1c89ae15..1c114a156d 100644
--- a/functions-common
+++ b/functions-common
@@ -1208,7 +1208,7 @@ function uninstall_package {
     if is_ubuntu; then
         apt_get purge "$@"
     elif is_fedora; then
-        sudo $YUM remove -y "$@" ||:
+        sudo ${YUM:-yum} remove -y "$@" ||:
     elif is_suse; then
         sudo zypper rm "$@"
     else
@@ -1229,7 +1229,7 @@ function yum_install {
     # https://bugzilla.redhat.com/show_bug.cgi?id=965567
     $sudo http_proxy=$http_proxy https_proxy=$https_proxy \
         no_proxy=$no_proxy \
-        $YUM install -y "$@" 2>&1 | \
+        ${YUM:-yum} install -y "$@" 2>&1 | \
         awk '
             BEGIN { fail=0 }
             /No package/ { fail=1 }
@@ -1239,7 +1239,7 @@ function yum_install {
 
     # also ensure we catch a yum failure
     if [[ ${PIPESTATUS[0]} != 0 ]]; then
-        die $LINENO "$YUM install failure"
+        die $LINENO "${YUM:-yum} install failure"
     fi
 }
 

From 58e694e223138dde60fb82f1ca9ebbdbd665ba09 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Wed, 4 Feb 2015 12:45:50 +0100
Subject: [PATCH 0353/3421] Use the site-wide boto.cfg

The boto.cfg in the TEMPEST_DIR is not read by any tool at the momement,
including tempest and euca2ools.

Adding the ssl setings to the site-wide config file.

Change-Id: Ibeab5671ac81e5092da0ee7ec1ecf867f8555082
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 1ae945779d..e534e35fa3 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -65,7 +65,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
 
 
 BOTO_MATERIALS_PATH="$FILES/images/s3-materials/cirros-${CIRROS_VERSION}"
-BOTO_CONF=$TEMPEST_DIR/boto.cfg
+BOTO_CONF=/etc/boto.cfg
 
 # Cinder/Volume variables
 TEMPEST_VOLUME_DRIVER=${TEMPEST_VOLUME_DRIVER:-default}

From d97ee3095eea53ed21da397c6b46c01948bc0e76 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 4 Feb 2015 12:35:39 -0600
Subject: [PATCH 0354/3421] Update minimum bash version

Clarify our position on bash and other shells.

Change-Id: I30e801afa03f8d7235556b0933d0205a30310899
---
 HACKING.rst        |  2 +-
 doc/source/faq.rst | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/HACKING.rst b/HACKING.rst
index dcde141782..b3c82a37a8 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -6,7 +6,7 @@ General
 -------
 
 DevStack is written in UNIX shell script.  It uses a number of bash-isms
-and so is limited to Bash (version 3 and up) and compatible shells.
+and so is limited to Bash (version 4 and up) and compatible shells.
 Shell script was chosen because it best illustrates the steps used to
 set up and interact with OpenStack components.
 
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index fd9c736736..a449f496ee 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -70,6 +70,18 @@ Q: What about Fedora/RHEL/CentOS?
 Q: Are there any differences between Ubuntu and Fedora support?
     A: Neutron is not fully supported prior to Fedora 18 due lack of
     OpenVSwitch packages.
+Q: Why can't I use another shell?
+    A: DevStack now uses some specific bash-ism that require Bash 4, such
+    as associative arrays. Simple compatibility patches have been accepted
+    in the past when they are not complex, at this point no additional
+    compatibility patches will be considered except for shells matching
+    the array functionality as it is very ingrained in the repo and project
+    management.
+Q: But, but, can't I test on OS/X?
+   A: Yes, even you, core developer who complained about this, needs to
+   install bash 4 via homebrew to keep running tests on OS/X.  Get a Real
+   Operating System.   (For most of you who don't know, I am refering to
+   myself.)
 
 Operation and Configuration
 ===========================

From 005b1db5c0f7ba6b20d4eede2b731614bc757cb4 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Wed, 4 Feb 2015 10:53:31 -0500
Subject: [PATCH 0355/3421] Add Service token to conf in single vm
 documentation

This is probably the 3rd time i got bitten by this, So
filing a review :)

Change-Id: Icd0834dda9c7ef806eb0fe976de85130e0220781
---
 doc/source/guides/single-machine.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 17e9b9e153..70287a9037 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -108,6 +108,7 @@ do the following:
     MYSQL_PASSWORD=iheartdatabases
     RABBIT_PASSWORD=flopsymopsy
     SERVICE_PASSWORD=iheartksl
+    SERVICE_TOKEN=xyzpdqlazydog
 
 Run DevStack:
 

From 1a669dce052e45b0e7de74e1613c06f41b6be1ce Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Thu, 5 Feb 2015 11:54:12 +0900
Subject: [PATCH 0356/3421] lib/neutron: Update comments about entry points

Change-Id: Iefb8057f71d4a3589cb3f0b18375779dd3896916
---
 lib/neutron | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 0fb8d00a11..698f6b71b1 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -10,24 +10,25 @@
 
 # ``stack.sh`` calls the entry points in this order:
 #
-# - install_neutron
-# - install_neutronclient
 # - install_neutron_agent_packages
+# - install_neutronclient
+# - install_neutron
 # - install_neutron_third_party
 # - configure_neutron
 # - init_neutron
 # - configure_neutron_third_party
 # - init_neutron_third_party
 # - start_neutron_third_party
-# - create_neutron_cache_dir
 # - create_nova_conf_neutron
 # - start_neutron_service_and_check
+# - check_neutron_third_party_integration
 # - start_neutron_agents
 # - create_neutron_initial_network
 # - setup_neutron_debug
 #
 # ``unstack.sh`` calls the entry points in this order:
 #
+# - teardown_neutron_debug
 # - stop_neutron
 # - stop_neutron_third_party
 # - cleanup_neutron

From e3e9b226d003589028a05cfa10e153eaac5a0349 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 5 Feb 2015 12:34:12 +0000
Subject: [PATCH 0357/3421] Revert "Make neutron the default in devstack"

The simple case of a single interface doesn't work
out of the box, and this is now failing for lots of
people. We need to back up and get that working.

This reverts commit c906bb38851037880f557b15ad30c9b0bb7fa295.

Change-Id: If20df670e06cda2d65028bceb46d257d011cf917
---
 stackrc | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/stackrc b/stackrc
index ce54fae432..2dd56e8104 100644
--- a/stackrc
+++ b/stackrc
@@ -32,11 +32,15 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 # ``disable_service`` functions in ``local.conf``.
 # For example, to enable Swift add this to ``local.conf``:
 #  enable_service s-proxy s-object s-container s-account
-# In order to enable nova-networking add the following settings in
-# `` local.conf ``:
+# In order to enable Neutron (a single node setup) add the following
+# settings in ``local.conf``:
 #  [[local|localrc]]
-#  disable_service q-svc q-agt q-dhcp q-l3 q-meta
-#  enable_service n-net
+#  disable_service n-net
+#  enable_service q-svc
+#  enable_service q-agt
+#  enable_service q-dhcp
+#  enable_service q-l3
+#  enable_service q-meta
 #  # Optional, to enable tempest configuration as part of devstack
 #  enable_service tempest
 function isset {
@@ -50,16 +54,14 @@ function isset {
 
 # this allows us to pass ENABLED_SERVICES
 if ! isset ENABLED_SERVICES ; then
-    # core compute (glance / keystone / nova)
-    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-cond,n-sch,n-xvnc,n-cauth
+    # core compute (glance / keystone / nova (+ nova-network))
+    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-xvnc,n-cauth
     # cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
     # heat
     ENABLED_SERVICES+=,h-eng,h-api,h-api-cfn,h-api-cw
     # dashboard
     ENABLED_SERVICES+=,horizon
-    # neutron
-    ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta
     # additional services
     ENABLED_SERVICES+=,rabbit,tempest,mysql
 fi

From 36891dc1435741b8caf747b8ff82d6b25594f2c5 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Tue, 3 Feb 2015 16:22:44 +0000
Subject: [PATCH 0358/3421] Stop neutron services more explicitly

After an unstack.sh several neutron services are left running. This
change tries to do a better (but not always successful) job of
stopping neutron agents.

stop_process does its own checking to see if a service is enabled
so we don't need to check before calling.

Change-Id: I8becbe9db56121cbc619a6d156b18f6c6d31a6e7
---
 lib/neutron                           | 8 ++++++++
 lib/neutron_plugins/services/metering | 2 +-
 lib/neutron_plugins/services/vpn      | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index 0f49476c4f..ededef50e3 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -749,13 +749,21 @@ function start_neutron_agents {
 # stop_neutron() - Stop running processes (non-screen)
 function stop_neutron {
     if is_service_enabled q-dhcp; then
+        stop_process q-dhcp
         pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
         [ ! -z "$pid" ] && sudo kill -9 $pid
     fi
+
+    stop_process q-svc
+    stop_process q-l3
+
     if is_service_enabled q-meta; then
         sudo pkill -9 -f neutron-ns-metadata-proxy || :
+        stop_process q-meta
     fi
 
+    stop_process q-agt
+
     if is_service_enabled q-lbaas; then
         neutron_lbaas_stop
     fi
diff --git a/lib/neutron_plugins/services/metering b/lib/neutron_plugins/services/metering
index 51123e2ff8..37ba019b98 100644
--- a/lib/neutron_plugins/services/metering
+++ b/lib/neutron_plugins/services/metering
@@ -23,7 +23,7 @@ function neutron_agent_metering_configure_agent {
 }
 
 function neutron_metering_stop {
-    :
+    stop_process q-metering
 }
 
 # Restore xtrace
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index 7e80b5b5f8..5912eab9ca 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -28,6 +28,7 @@ function neutron_vpn_stop {
     if [ -n "$pids" ]; then
         sudo kill $pids
     fi
+    stop_process q-vpn
 }
 
 # Restore xtrace

From 2e17d85d80f647d04054aca1571ef1910f9c2c62 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 28 Jan 2015 06:29:03 -0800
Subject: [PATCH 0359/3421] Document where we are going

Somewhat opinionated document on where we want to be going, should be
an accurate first approximation of what Dean and I have chatted about
over the last few weeks. Hopefully helpful in framing where we are
going.

Change-Id: Ia153af27a08203ffc44e37c7db73e04573d3be9f
---
 FUTURE.rst | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 113 insertions(+)
 create mode 100644 FUTURE.rst

diff --git a/FUTURE.rst b/FUTURE.rst
new file mode 100644
index 0000000000..11bea30f0b
--- /dev/null
+++ b/FUTURE.rst
@@ -0,0 +1,113 @@
+=============
+ Quo Vadimus
+=============
+
+Where are we going?
+
+This is a document in Devstack to outline where we are headed in the
+future. The future might be near or far, but this is where we'd like
+to be.
+
+This is intended to help people contribute, because it will be a
+little clearer if a contribution takes us closer to or further away to
+our end game.
+
+==================
+ Default Services
+==================
+
+Devstack is designed as a development environment first. There are a
+lot of ways to compose the OpenStack services, but we do need one
+default.
+
+That should be the Compute Layer (currently Glance + Nova + Cinder +
+Neutron Core (not advanced services) + Keystone). It should be the
+base building block going forward, and the introduction point of
+people to OpenStack via Devstack.
+
+================
+ Service Howtos
+================
+
+Starting from the base building block all services included in
+OpenStack should have an overview page in the Devstack
+documentation. That should include the following:
+
+- A helpful high level overview of that service
+- What it depends on (both other OpenStack services and other system
+  components)
+- What new daemons are needed to be started, including where they
+  should live
+
+This provides a map for people doing multinode testing to understand
+what portions are control plane, which should live on worker nodes.
+
+Service how to pages will start with an ugly "This team has provided
+no information about this service" until someone does.
+
+===================
+ Included Services
+===================
+
+Devstack doesn't need to eat the world. Given the existence of the
+external devstack plugin architecture, the future direction is to move
+the bulk of the support code out of devstack itself and into external
+plugins.
+
+This will also promote a more clean separation between services.
+
+=============================
+ Included Backends / Drivers
+=============================
+
+Upstream Devstack should only include Open Source backends / drivers,
+it's intent is for Open Source development of OpenStack. Proprietary
+drivers should be supported via external plugins.
+
+Just being Open Source doesn't mean it should be in upstream Devstack
+if it's not required for base development of OpenStack
+components. When in doubt, external plugins should be used.
+
+========================================
+ OpenStack Services vs. System Services
+========================================
+
+ENABLED_SERVICES is currently entirely too overloaded. We should have
+a separation of actual OpenStack services that you have to run (n-cpu,
+g-api) and required backends like mysql and rabbitmq.
+
+===========================
+ Splitting up of Functions
+===========================
+
+The functions-common file has grown over time, and needs to be split
+up into smaller libraries that handle specific domains.
+
+======================
+ Testing of Functions
+======================
+
+Every function in a functions file should get tests. The devstack
+testing framework is young, but we do have some unit tests for the
+tree, and those should be enhanced.
+
+==============================
+ Not Co-Gating with the World
+==============================
+
+As projects spin up functional test jobs, Devstack should not be
+co-gated with every single one of those. The Devstack team has one of
+the fastest turn arounds for blocking bugs of any Open Stack
+project.
+
+Basic service validation should be included as part of Devstack
+installation to mitigate this.
+
+============================
+ Documenting all the things
+============================
+
+Devstack started off as an explanation as much as an install
+script. We would love contributions to that further enhance the
+comments and explanations about what is happening, even if it seems a
+little pedantic at times.

From 75afd6d33c93f510fb9f62abd443eac4131480e6 Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Tue, 20 Jan 2015 17:39:25 +0100
Subject: [PATCH 0360/3421] guides: Notes to setup DevStack with Nested KVM
 Virtualization

Add a document with procedure to configure KVM-based nested
virtualization on the physical host and to configure DevStack (in a VM)
to take advantage of it.

Current topics:

   - Configure nested virt on Intel hosts
   - Configure nested virt on AMD hosts
   - Expose virt extensions to DevStack VM
   - Ensure DevStack VM is using KVM

Change-Id: Ibe6fa482cc0d51183438d99680a0e10d0da652cb
---
 .../guides/devstack-with-nested-kvm.rst       | 139 ++++++++++++++++++
 doc/source/index.rst                          |   8 +
 2 files changed, 147 insertions(+)
 create mode 100644 doc/source/guides/devstack-with-nested-kvm.rst

diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
new file mode 100644
index 0000000000..2538c8d031
--- /dev/null
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -0,0 +1,139 @@
+=======================================================
+Configure DevStack with KVM-based Nested Virtualization
+=======================================================
+
+When using virtualization technologies like KVM, one can take advantage
+of "Nested VMX" (i.e. the ability to run KVM on KVM) so that the VMs in
+cloud (Nova guests) can run relatively faster than with plain QEMU
+emulation.
+
+Kernels shipped with Linux distributions doesn't have this enabled by
+default. This guide outlines the configuration details to enable nested
+virtualization in KVM-based environments. And how to setup DevStack
+(that'll run in a VM) to take advantage of this.
+
+
+Nested Virtualization Configuration
+===================================
+
+Configure Nested KVM for Intel-based Machines
+---------------------------------------------
+
+Procedure to enable nested KVM virtualization on AMD-based machines.
+
+Check if the nested KVM Kernel parameter is enabled:
+
+::
+
+    cat /sys/module/kvm_intel/parameters/nested
+    N
+
+Temporarily remove the KVM intel Kernel module, enable nested
+virtualization to be persistent across reboots and add the Kernel
+module back:
+
+::
+
+    sudo rmmod kvm-intel
+    sudo sh -c "echo 'options kvm-intel nested=y' >> /etc/modprobe.d/dist.conf"
+    sudo modprobe kvm-intel
+
+Ensure the Nested KVM Kernel module parameter for Intel is enabled on
+the host:
+
+::
+
+    cat /sys/module/kvm_intel/parameters/nested
+    Y
+
+    modinfo kvm_intel | grep nested
+    parm:           nested:bool
+
+Start your VM, now it should have KVM capabilities -- you can verify
+that by ensuring `/dev/kvm` character device is present.
+
+
+Configure Nested KVM for AMD-based Machines
+--------------------------------------------
+
+Procedure to enable nested KVM virtualization on AMD-based machines.
+
+Check if the nested KVM Kernel parameter is enabled:
+
+::
+
+    cat /sys/module/kvm_amd/parameters/nested
+    0
+
+
+Temporarily remove the KVM AMD Kernel module, enable nested
+virtualization to be persistent across reboots and add the Kernel module
+back:
+
+::
+
+    sudo rmmod kvm-amd
+    sudo sh -c "echo 'options amd nested=1' >> /etc/modprobe.d/dist.conf"
+    sudo modprobe kvm-amd
+
+Ensure the Nested KVM Kernel module parameter for AMD is enabled on the
+host:
+
+::
+
+    cat /sys/module/kvm_amd/parameters/nested
+    1
+
+    modinfo kvm_amd | grep -i nested
+    parm:           nested:int
+
+To make the above value persistent across reboots, add an entry in
+/etc/modprobe.ddist.conf so it looks as below::
+
+    cat /etc/modprobe.d/dist.conf
+    options kvm-amd nested=y
+
+
+Expose Virtualization Extensions to DevStack VM
+-----------------------------------------------
+
+Edit the VM's libvirt XML configuration via `virsh` utility:
+
+::
+
+    sudo virsh edit devstack-vm
+
+Add the below snippet to expose the host CPU features to the VM:
+
+::
+
+    
+    
+
+
+Ensure DevStack VM is Using KVM
+-------------------------------
+
+Before invoking ``stack.sh`` in the VM, ensure that KVM is enabled. This
+can be verified by checking for the presence of the file `/dev/kvm` in
+your VM. If it is present, DevStack will default to using the config
+attribute `virt_type = kvm` in `/etc/nova.conf`; otherwise, it'll fall
+back to `virt_type=qemu`, i.e. plain QEMU emulation.
+
+Optionally, to explicitly set the type of virtualization, to KVM, by the
+libvirt driver in Nova, the below config attribute can be used in
+DevStack's ``local.conf``:
+
+::
+
+    LIBVIRT_TYPE=kvm
+
+
+Once DevStack is configured succesfully, verify if the Nova instances
+are using KVM by noticing the QEMU CLI invoked by Nova is using the
+parameter `accel=kvm`, e.g.:
+
+::
+
+    ps -ef | grep -i qemu
+    root     29773     1  0 11:24 ?        00:00:00 /usr/bin/qemu-system-x86_64 -machine accel=kvm [. . .]
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 7188f6ecf4..1aaab6e2d6 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -66,6 +66,7 @@ Walk through various setups used by stackers
    guides/single-machine
    guides/multinode-lab
    guides/neutron
+   guides/devstack-with-nested-kvm
 
 All-In-One Single VM
 --------------------
@@ -94,6 +95,13 @@ Building a DevStack cluster with :doc:`Neutron Networking `.
 This guide is meant for building lab environments with a dedicated
 control node and multiple compute nodes.
 
+DevStack with KVM-based Nested Virtualization
+---------------------------------------------
+
+Procedure to setup :doc:`DevStack with KVM-based Nested Virtualization
+`. With this setup, Nova instances
+will be more performant than with plain QEMU emulation.
+
 DevStack Documentation
 ======================
 

From cbfe93bb4861d3129b82984c3aefc658a743d69b Mon Sep 17 00:00:00 2001
From: Maru Newby 
Date: Thu, 5 Feb 2015 00:05:23 +0000
Subject: [PATCH 0361/3421] Add postgresql dev package as testonly neutron dep

The neutron functional job needs to build psycopg2 which has a
dependency on postgresql dev packages.

Change-Id: Ie5c8e2bd02e148d6638f4a4c1fbf6667c30313d5
---
 files/debs/neutron      | 1 +
 files/rpms-suse/neutron | 1 +
 files/rpms/neutron      | 1 +
 3 files changed, 3 insertions(+)

diff --git a/files/debs/neutron b/files/debs/neutron
index 5a59b22b9d..3f4b6d2999 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -6,6 +6,7 @@ iputils-arping
 libmysqlclient-dev  # testonly
 mysql-server #NOPRIME
 sudo
+postgresql-server-dev-all       # testonly
 python-iso8601
 python-paste
 python-routes
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index 50ee145928..66d6e4cad0 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -5,6 +5,7 @@ ebtables
 iptables
 iputils
 mariadb # NOPRIME
+postgresql-devel        # testonly
 python-eventlet
 python-greenlet
 python-iso8601
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 59152d6e93..d11dab7e1a 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -9,6 +9,7 @@ mysql-connector-python
 mysql-devel  # testonly
 mysql-server # NOPRIME
 openvswitch # NOPRIME
+postgresql-devel        # testonly
 python-eventlet
 python-greenlet
 python-iso8601

From f8b4f85aeb7d38db029eb89c28d00082b71eab2b Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 4 Feb 2015 15:46:03 -0500
Subject: [PATCH 0362/3421] implement elasticsearch pkg for devstack

the first implementation of arbitrary installation in tree for
components for elasticsearch.

Change-Id: I88e852ad009735ae77c6d4c19c4f4838c49cc0ad
---
 pkg/elasticsearch.sh | 126 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 126 insertions(+)
 create mode 100755 pkg/elasticsearch.sh

diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
new file mode 100755
index 0000000000..15e1b2b594
--- /dev/null
+++ b/pkg/elasticsearch.sh
@@ -0,0 +1,126 @@
+#!/bin/bash -xe
+
+# basic reference point for things like filecache
+#
+# TODO(sdague): once we have a few of these I imagine the download
+# step can probably be factored out to something nicer
+TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
+FILES=$TOP_DIR/files
+source $TOP_DIR/functions
+
+# Package source and version, all pkg files are expected to have
+# something like this, as well as a way to override them.
+ELASTICSEARCH_VERSION=${ELASTICSEARCH_VERSION:-1.4.2}
+ELASTICSEARCH_BASEURL=${ELASTICSEARCH_BASEURL:-https://download.elasticsearch.org/elasticsearch/elasticsearch}
+
+# Elastic search actual implementation
+function wget_elasticsearch {
+    local file=${1}
+
+    if [ ! -f ${FILES}/${file} ]; then
+        wget $ELASTICSEARCH_BASEURL/${file} -O ${FILES}/${file}
+    fi
+
+    if [ ! -f ${FILES}/${file}.sha1.txt ]; then
+        wget $ELASTICSEARCH_BASEURL/${file}.sha1.txt -O ${FILES}/${file}.sha1.txt
+    fi
+
+    pushd ${FILES};  sha1sum ${file} > ${file}.sha1.gen;  popd
+
+    if ! diff ${FILES}/${file}.sha1.gen ${FILES}/${file}.sha1.txt; then
+        echo "Invalid elasticsearch download. Could not install."
+        return 1
+    fi
+    return 0
+}
+
+function download_elasticsearch {
+    if is_ubuntu; then
+        wget_elasticsearch elasticsearch-${ELASTICSEARCH_VERSION}.deb
+    elif is_fedora; then
+        wget_elasticsearch elasticsearch-${ELASTICSEARCH_VERSION}.noarch.rpm
+    fi
+}
+
+function configure_elasticsearch {
+    # currently a no op
+    ::
+}
+
+function start_elasticsearch {
+    if is_ubuntu; then
+        sudo /etc/init.d/elasticsearch start
+    elif is_fedora; then
+        sudo /bin/systemctl start elasticsearch.service
+    else
+        echo "Unsupported architecture...can not start elasticsearch."
+    fi
+}
+
+function stop_elasticsearch {
+    if is_ubuntu; then
+        sudo /etc/init.d/elasticsearch stop
+    elif is_fedora; then
+        sudo /bin/systemctl stop elasticsearch.service
+    else
+        echo "Unsupported architecture...can not stop elasticsearch."
+    fi
+}
+
+function install_elasticsearch {
+    if is_package_installed elasticsearch; then
+        echo "Note: elasticsearch was already installed."
+        return
+    fi
+    if is_ubuntu; then
+        is_package_installed openjdk-7-jre-headless || install_package openjdk-7-jre-headless
+
+        sudo dpkg -i ${FILES}/elasticsearch-${ELASTICSEARCH_VERSION}.deb
+        sudo update-rc.d elasticsearch defaults 95 10
+    elif is_fedora; then
+        is_package_installed java-1.7.0-openjdk-headless || install_package java-1.7.0-openjdk-headless
+        yum_install ${FILES}/elasticsearch-${ELASTICSEARCH_VERSION}.noarch.rpm
+        sudo /bin/systemctl daemon-reload
+        sudo /bin/systemctl enable elasticsearch.service
+    else
+        echo "Unsupported install of elasticsearch on this architecture."
+    fi
+}
+
+function uninstall_elasticsearch {
+    if is_package_installed elasticsearch; then
+        if is_ubuntu; then
+            sudo apt-get purge elasticsearch
+        elif is_fedora; then
+            sudo yum remove elasticsearch
+        else
+            echo "Unsupported install of elasticsearch on this architecture."
+        fi
+    fi
+}
+
+# The PHASE dispatcher. All pkg files are expected to basically cargo
+# cult the case statement.
+PHASE=$1
+echo "Phase is $PHASE"
+
+case $PHASE in
+    download)
+        download_elasticsearch
+        ;;
+    install)
+        install_elasticsearch
+        ;;
+    configure)
+        configure_elasticsearch
+        ;;
+    start)
+        start_elasticsearch
+        ;;
+    stop)
+        stop_elasticsearch
+        ;;
+    uninstall)
+        uninstall_elasticsearch
+        ;;
+esac

From 0ea8b72a20be9026f025eaa6d9b4277b058aa735 Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Fri, 6 Feb 2015 22:37:53 +0300
Subject: [PATCH 0363/3421] Make EC2 compatible with current AWS CLI.

Nova listens for EC2 calls now at the URL without path -
http://some.server.com:8773/
I was made in review -
https://review.openstack.org/#/c/152496/

So I suggest to change EC2 urls in keystone catalog.

Change-Id: Ia2975ce0f6a30eed6016733e12c98b5f97648307
Closes-Bug: 1417555
---
 files/default_catalog.templates | 6 +++---
 lib/nova                        | 6 +++---
 lib/tempest                     | 2 +-
 tools/create_userrc.sh          | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/files/default_catalog.templates b/files/default_catalog.templates
index a18d38f606..4aab4160c1 100644
--- a/files/default_catalog.templates
+++ b/files/default_catalog.templates
@@ -30,9 +30,9 @@ catalog.RegionOne.volumev2.internalURL = http://%SERVICE_HOST%:8776/v2/$(tenant_
 catalog.RegionOne.volumev2.name = Volume Service V2
 
 
-catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud
-catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin
-catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
+catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/
+catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/
+catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/
 catalog.RegionOne.ec2.name = EC2 Service
 
 
diff --git a/lib/nova b/lib/nova
index 0f4729fb63..f1cf74ff72 100644
--- a/lib/nova
+++ b/lib/nova
@@ -397,9 +397,9 @@ function create_nova_accounts {
                 "ec2" "EC2 Compatibility Layer")
             get_or_create_endpoint $ec2_service \
                 "$REGION_NAME" \
-                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud" \
-                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Admin" \
-                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud"
+                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
+                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
+                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
         fi
     fi
 
diff --git a/lib/tempest b/lib/tempest
index 86f30b4a40..9058fa624e 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -359,7 +359,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions
 
     # boto
-    iniset $TEMPEST_CONFIG boto ec2_url "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/services/Cloud"
+    iniset $TEMPEST_CONFIG boto ec2_url "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
     iniset $TEMPEST_CONFIG boto s3_url "http://$SERVICE_HOST:${S3_SERVICE_PORT:-3333}"
     iniset $TEMPEST_CONFIG boto s3_materials_path "$BOTO_MATERIALS_PATH"
     iniset $TEMPEST_CONFIG boto ari_manifest cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd.manifest.xml
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index b43fd883a3..f067ed1f4b 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -131,7 +131,7 @@ export -n SERVICE_TOKEN SERVICE_ENDPOINT OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
 
 EC2_URL=$(openstack endpoint show -f value -c publicurl ec2 || true)
 if [[ -z $EC2_URL ]]; then
-    EC2_URL=http://localhost:8773/services/Cloud
+    EC2_URL=http://localhost:8773/
 fi
 
 S3_URL=$(openstack endpoint show -f value -c publicurl s3 || true)

From 365421b99a6e76cd3c2e3dbb02638005e456abf8 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 6 Feb 2015 15:27:43 -0500
Subject: [PATCH 0364/3421] isolate unit tests from stackrc HOST_IP check

The HOST_IP check in stackrc is useful for real users, but some cloud
nodes that infra runs don't detect it correctly, and it's not actually
required for unit tests to work right.

Change-Id: Id2aaa713aea91825021e9d8d49d19f3e40a8e6c9
---
 tests/test_ip.sh             | 3 ---
 tests/test_libs_from_pypi.sh | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/test_ip.sh b/tests/test_ip.sh
index e9cbcca4a4..add8d1ae65 100755
--- a/tests/test_ip.sh
+++ b/tests/test_ip.sh
@@ -8,9 +8,6 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 # Import common functions
 source $TOP/functions
 
-# Import configuration
-source $TOP/openrc
-
 
 echo "Testing IP addr functions"
 
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 7e96bae7bb..6e1b515efd 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -17,6 +17,8 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 
 export TOP_DIR=$TOP
 
+# we don't actually care about the HOST_IP
+HOST_IP="don't care"
 # Import common functions
 source $TOP/functions
 source $TOP/stackrc

From 76a08f5a931c9c9a052d8a5bdcd5d99621ec41c0 Mon Sep 17 00:00:00 2001
From: Kyle Mestery 
Date: Fri, 6 Feb 2015 21:43:52 +0000
Subject: [PATCH 0365/3421] Remove OpenDaylight from being in-tree for devstack

Now that we have a patch to make this pluggable [1], lets remove this
from the devstack repository.

[1] https://review.openstack.org/#/c/153700/

Change-Id: Ia23f99476ec16df9cc12f63864189835a09eb644
---
 doc/source/index.rst        |   2 -
 extras.d/80-opendaylight.sh |  76 -------------
 lib/opendaylight            | 215 ------------------------------------
 3 files changed, 293 deletions(-)
 delete mode 100644 extras.d/80-opendaylight.sh
 delete mode 100644 lib/opendaylight

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 0763fb83cb..399d97960d 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -155,7 +155,6 @@ Scripts
 * `lib/ldap `__
 * `lib/neutron `__
 * `lib/nova `__
-* `lib/opendaylight `__
 * `lib/oslo `__
 * `lib/rpc\_backend `__
 * `lib/sahara `__
@@ -176,7 +175,6 @@ Scripts
 * `extras.d/70-trove.sh `__
 * `extras.d/70-tuskar.sh `__
 * `extras.d/70-zaqar.sh `__
-* `extras.d/80-opendaylight.sh `__
 * `extras.d/80-tempest.sh `__
 
 Configuration
diff --git a/extras.d/80-opendaylight.sh b/extras.d/80-opendaylight.sh
deleted file mode 100644
index b673777e3a..0000000000
--- a/extras.d/80-opendaylight.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-# opendaylight.sh - DevStack extras script
-
-if is_service_enabled odl-server odl-compute; then
-    # Initial source
-    [[ "$1" == "source" ]] && source $TOP_DIR/lib/opendaylight
-fi
-
-if is_service_enabled odl-server; then
-    if [[ "$1" == "source" ]]; then
-        # no-op
-        :
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        install_opendaylight
-        configure_opendaylight
-        init_opendaylight
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        configure_ml2_odl
-        # This has to start before Neutron
-        start_opendaylight
-    elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
-        # no-op
-        :
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_opendaylight
-        cleanup_opendaylight
-    fi
-
-    if [[ "$1" == "clean" ]]; then
-        # no-op
-        :
-    fi
-fi
-
-if is_service_enabled odl-compute; then
-    if [[ "$1" == "source" ]]; then
-        # no-op
-        :
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        install_opendaylight-compute
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        if is_service_enabled nova; then
-            create_nova_conf_neutron
-        fi
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        echo_summary "Initializing OpenDaylight"
-        ODL_LOCAL_IP=${ODL_LOCAL_IP:-$HOST_IP}
-        ODL_MGR_PORT=${ODL_MGR_PORT:-6640}
-        read ovstbl <<< $(sudo ovs-vsctl get Open_vSwitch . _uuid)
-        sudo ovs-vsctl set-manager tcp:$ODL_MGR_IP:$ODL_MGR_PORT
-        if [[ -n "$ODL_PROVIDER_MAPPINGS" ]] && [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then
-            sudo ovs-vsctl set Open_vSwitch $ovstbl \
-                other_config:provider_mappings=$ODL_PROVIDER_MAPPINGS
-        fi
-        sudo ovs-vsctl set Open_vSwitch $ovstbl other_config:local_ip=$ODL_LOCAL_IP
-    elif [[ "$1" == "stack" && "$2" == "post-extra" ]]; then
-        # no-op
-        :
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        sudo ovs-vsctl del-manager
-        BRIDGES=$(sudo ovs-vsctl list-br)
-        for bridge in $BRIDGES ; do
-            sudo ovs-vsctl del-controller $bridge
-        done
-
-        stop_opendaylight-compute
-    fi
-
-    if [[ "$1" == "clean" ]]; then
-        # no-op
-        :
-    fi
-fi
diff --git a/lib/opendaylight b/lib/opendaylight
deleted file mode 100644
index 6518673524..0000000000
--- a/lib/opendaylight
+++ /dev/null
@@ -1,215 +0,0 @@
-#!/bin/bash
-#
-# lib/opendaylight
-# Functions to control the configuration and operation of the opendaylight service
-
-# Dependencies:
-#
-# ``functions`` file
-# ``DEST`` must be defined
-# ``STACK_USER`` must be defined
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# - is_opendaylight_enabled
-# - is_opendaylight-compute_enabled
-# - install_opendaylight
-# - install_opendaylight-compute
-# - configure_opendaylight
-# - init_opendaylight
-# - start_opendaylight
-# - stop_opendaylight-compute
-# - stop_opendaylight
-# - cleanup_opendaylight
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# For OVS_BRIDGE and PUBLIC_BRIDGE
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-# Defaults
-# --------
-
-# The IP address of ODL. Set this in local.conf.
-# ODL_MGR_IP=
-ODL_MGR_IP=${ODL_MGR_IP:-$SERVICE_HOST}
-
-# The ODL endpoint URL
-ODL_ENDPOINT=${ODL_ENDPOINT:-http://${ODL_MGR_IP}:8080/controller/nb/v2/neutron}
-
-# The ODL username
-ODL_USERNAME=${ODL_USERNAME:-admin}
-
-# The ODL password
-ODL_PASSWORD=${ODL_PASSWORD:-admin}
-
-# Short name of ODL package
-ODL_NAME=${ODL_NAME:-distribution-karaf-0.2.1-Helium-SR1.1}
-
-# 
-ODL_DIR=$DEST/opendaylight
-
-# The OpenDaylight Package, currently using 'Hydrogen' release
-ODL_PKG=${ODL_PKG:-distribution-karaf-0.2.1-Helium-SR1.1.zip}
-
-# The OpenDaylight URL
-ODL_URL=${ODL_URL:-https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.2.1-Helium-SR1.1/}
-
-# Default arguments for OpenDaylight. This is typically used to set
-# Java memory options.
-# ``ODL_ARGS=Xmx1024m -XX:MaxPermSize=512m``
-ODL_ARGS=${ODL_ARGS:-"-XX:MaxPermSize=384m"}
-
-# How long to pause after ODL starts to let it complete booting
-ODL_BOOT_WAIT=${ODL_BOOT_WAIT:-20}
-
-# The physical provider network to device mapping
-ODL_PROVIDER_MAPPINGS=${ODL_PROVIDER_MAPPINGS:-physnet1:eth1}
-
-# Enable OpenDaylight l3 forwarding
-ODL_L3=${ODL_L3:-False}
-
-# Enable debug logs for odl ovsdb
-ODL_NETVIRT_DEBUG_LOGS=${ODL_NETVIRT_DEBUG_LOGS:-False}
-
-# The logging config file in ODL
-ODL_LOGGING_CONFIG=${ODL_LOGGING_CONFIG:-${ODL_DIR}/${ODL_NAME}/etc/org.ops4j.pax.logging.cfg}
-
-# Entry Points
-# ------------
-
-# Test if OpenDaylight is enabled
-# is_opendaylight_enabled
-function is_opendaylight_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"odl-" ]] && return 0
-    return 1
-}
-
-# cleanup_opendaylight() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_opendaylight {
-    :
-}
-
-# configure_opendaylight() - Set config files, create data dirs, etc
-function configure_opendaylight {
-    # Add odl-ovsdb-openstack if it's not already there
-    local ODLOVSDB=$(cat $ODL_DIR/$ODL_NAME/etc/org.apache.karaf.features.cfg | grep featuresBoot= | grep odl)
-    if [ "$ODLOVSDB" == "" ]; then
-        sed -i '/^featuresBoot=/ s/$/,odl-ovsdb-openstack/' $ODL_DIR/$ODL_NAME/etc/org.apache.karaf.features.cfg
-    fi
-
-    # Configure OpenFlow 1.3 if it's not there
-    local OFLOW13=$(cat $ODL_DIR/$ODL_NAME/etc/custom.properties | grep ^of.version)
-    if [ "$OFLOW13" == "" ]; then
-        echo "ovsdb.of.version=1.3" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
-    fi
-
-    # Configure L3 if the user wants it
-    if [ "${ODL_L3}" == "True" ]; then
-        # Configure L3 FWD if it's not there
-        local L3FWD=$(cat $ODL_DIR/$ODL_NAME/etc/custom.properties | grep ^ovsdb.l3.fwd.enabled)
-        if [ "$L3FWD" == "" ]; then
-            echo "ovsdb.l3.fwd.enabled=yes" >> $ODL_DIR/$ODL_NAME/etc/custom.properties
-        fi
-    fi
-
-    # Configure DEBUG logs for network virtualization in odl, if the user wants it
-    if [ "${ODL_NETVIRT_DEBUG_LOGS}" == "True" ]; then
-        local OVSDB_DEBUG_LOGS=$(cat $ODL_LOGGING_CONFIG | grep ^log4j.logger.org.opendaylight.ovsdb)
-        if [ "${OVSDB_DEBUG_LOGS}" == "" ]; then
-            echo 'log4j.logger.org.opendaylight.ovsdb = TRACE' >> $ODL_LOGGING_CONFIG
-            echo 'log4j.logger.org.opendaylight.ovsdb.lib = INFO' >> $ODL_LOGGING_CONFIG
-            echo 'log4j.logger.org.opendaylight.ovsdb.openstack.netvirt.impl.NeutronL3Adapter = DEBUG' >> $ODL_LOGGING_CONFIG
-            echo 'log4j.logger.org.opendaylight.ovsdb.openstack.netvirt.impl.TenantNetworkManagerImpl = DEBUG' >> $ODL_LOGGING_CONFIG
-            echo 'log4j.logger.org.opendaylight.ovsdb.plugin.md.OvsdbInventoryManager = INFO' >> $ODL_LOGGING_CONFIG
-        fi
-        local ODL_NEUTRON_DEBUG_LOGS=$(cat $ODL_LOGGING_CONFIG | grep ^log4j.logger.org.opendaylight.controller.networkconfig.neutron)
-        if [ "${ODL_NEUTRON_DEBUG_LOGS}" == "" ]; then
-            echo 'log4j.logger.org.opendaylight.controller.networkconfig.neutron = TRACE' >> $ODL_LOGGING_CONFIG
-        fi
-    fi
-}
-
-function configure_ml2_odl {
-    populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_odl url=$ODL_ENDPOINT
-    populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_odl username=$ODL_USERNAME
-    populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_odl password=$ODL_PASSWORD
-}
-
-# init_opendaylight() - Initialize databases, etc.
-function init_opendaylight {
-    # clean up from previous (possibly aborted) runs
-    # create required data files
-    :
-}
-
-# install_opendaylight() - Collect source and prepare
-function install_opendaylight {
-    local _pwd=$(pwd)
-
-    if is_ubuntu; then
-        install_package maven openjdk-7-jre openjdk-7-jdk
-    else
-        yum_install maven java-1.7.0-openjdk
-    fi
-
-    # Download OpenDaylight
-    mkdir -p $ODL_DIR
-    cd $ODL_DIR
-    wget -N $ODL_URL/$ODL_PKG
-    unzip -u $ODL_PKG
-}
-
-# install_opendaylight-compute - Make sure OVS is installed
-function install_opendaylight-compute {
-    # packages are the same as for Neutron OVS agent
-    _neutron_ovs_base_install_agent_packages
-}
-
-# start_opendaylight() - Start running processes, including screen
-function start_opendaylight {
-    if is_ubuntu; then
-        JHOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
-    else
-        JHOME=/usr/lib/jvm/java-1.7.0-openjdk
-    fi
-
-    # The flags to ODL have the following meaning:
-    #   -of13: runs ODL using OpenFlow 1.3 protocol support.
-    #   -virt ovsdb: Runs ODL in "virtualization" mode with OVSDB support
-
-    run_process odl-server "cd $ODL_DIR/$ODL_NAME && JAVA_HOME=$JHOME bin/karaf"
-
-    # Sleep a bit to let OpenDaylight finish starting up
-    sleep $ODL_BOOT_WAIT
-}
-
-# stop_opendaylight() - Stop running processes (non-screen)
-function stop_opendaylight {
-    stop_process odl-server
-}
-
-# stop_opendaylight-compute() - Remove OVS bridges
-function stop_opendaylight-compute {
-    # remove all OVS ports that look like Neutron created ports
-    for port in $(sudo ovs-vsctl list port | grep -o -e tap[0-9a-f\-]* -e q[rg]-[0-9a-f\-]*); do
-        sudo ovs-vsctl del-port ${port}
-    done
-
-    # remove all OVS bridges created by Neutron
-    for bridge in $(sudo ovs-vsctl list-br | grep -o -e ${OVS_BRIDGE} -e ${PUBLIC_BRIDGE}); do
-        sudo ovs-vsctl del-br ${bridge}
-    done
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:

From 4f7e0f27e8e0f37f28f3da311c6f3c8866fb850f Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Fri, 6 Feb 2015 16:16:01 -0800
Subject: [PATCH 0366/3421] Configure sahara to work with other secured
 services

Registering SSL parameters in sahara.conf for all openstack
services.

Change-Id: I63dd8a0f6e7b37cfd8140d2783af04505f29285f
Closes-Bug: #1419195
---
 lib/sahara | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/sahara b/lib/sahara
index 44c06d3c46..f2a506c81b 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -128,6 +128,10 @@ function configure_sahara {
     if is_service_enabled neutron; then
         iniset $SAHARA_CONF_FILE DEFAULT use_neutron true
         iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips true
+
+        if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
+            iniset $SAHARA_CONF_FILE neutron ca_file $SSL_BUNDLE_FILE
+        fi
     else
         iniset $SAHARA_CONF_FILE DEFAULT use_neutron false
         iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips false
@@ -135,10 +139,30 @@ function configure_sahara {
 
     if is_service_enabled heat; then
         iniset $SAHARA_CONF_FILE DEFAULT infrastructure_engine heat
+
+        if is_ssl_enabled_service "heat" || is_service_enabled tls-proxy; then
+            iniset $SAHARA_CONF_FILE heat ca_file $SSL_BUNDLE_FILE
+        fi
     else
         iniset $SAHARA_CONF_FILE DEFAULT infrastructure_engine direct
     fi
 
+    if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
+        iniset $SAHARA_CONF_FILE cinder ca_file $SSL_BUNDLE_FILE
+    fi
+
+    if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
+        iniset $SAHARA_CONF_FILE nova ca_file $SSL_BUNDLE_FILE
+    fi
+
+    if is_ssl_enabled_service "swift" || is_service_enabled tls-proxy; then
+        iniset $SAHARA_CONF_FILE swift ca_file $SSL_BUNDLE_FILE
+    fi
+
+    if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
+        iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE
+    fi
+
     iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG
 
     # Format logging

From 76549e332e51e6bd53d16656433c90e9da8ce8d5 Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Fri, 6 Feb 2015 16:31:31 -0800
Subject: [PATCH 0367/3421] Removed confusing duplication of ca config for
 keystone

More general check is performed at line 157. No need for this one.

Change-Id: I7de820ca2b2954313b1f591ece7785891868cd27
---
 lib/heat | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/lib/heat b/lib/heat
index 58439d67f8..48e2afc5bb 100644
--- a/lib/heat
+++ b/lib/heat
@@ -134,10 +134,6 @@ function configure_heat {
     iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
     iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
 
-    if is_ssl_enabled_service "key"; then
-        iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
-    fi
-
     # ec2authtoken
     iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
 

From 0fc336df89833945457a597ff2a3dfee97517958 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sun, 8 Feb 2015 11:03:02 -0600
Subject: [PATCH 0368/3421] Keystone set debug in config file

Change keystone so that the debug setting is always in the config
file. This way the debug setting is done consistently whether it's
run as keystone-all or in Apache httpd.

Change-Id: I10f091e32b8b12ac71f0e7f613c5d1d3f4a8cbec
---
 lib/keystone | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index d5ccc2f075..1e9db1e760 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -309,8 +309,9 @@ function configure_keystone {
         setup_colorized_logging $KEYSTONE_CONF DEFAULT
     fi
 
+    iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+
     if [ "$KEYSTONE_USE_MOD_WSGI" == "True" ]; then
-        iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
         # Eliminate the %(asctime)s.%(msecs)03d from the log format strings
         iniset $KEYSTONE_CONF DEFAULT logging_context_format_string "%(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s"
         iniset $KEYSTONE_CONF DEFAULT logging_default_format_string "%(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s"
@@ -532,12 +533,8 @@ function start_keystone {
         tail_log key /var/log/$APACHE_NAME/keystone.log
         tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
     else
-        local EXTRA_PARAMS=""
-        if [ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]; then
-            EXTRA_PARAMS="--debug"
-        fi
         # Start Keystone in a screen window
-        run_process key "$KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $EXTRA_PARAMS"
+        run_process key "$KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF"
     fi
 
     echo "Waiting for keystone to start..."

From 85ff5323ff95106eb18c1c6bfd71d75f3980c370 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Wed, 28 Jan 2015 14:28:01 +1000
Subject: [PATCH 0369/3421] Isolate creating service users

The code for creating service users is almost exactly the same. Abstract
this into a function that can be reused and standardized.

Change-Id: I3a4edbff0a928da7ef9b0097a5a8d508fdfab7ff
---
 extras.d/70-tuskar.sh |  6 +-----
 lib/ceilometer        |  7 ++-----
 lib/cinder            |  6 +-----
 lib/glance            |  3 +--
 lib/heat              |  7 +------
 lib/ironic            |  6 +-----
 lib/keystone          | 14 ++++++++++++++
 lib/neutron           |  7 +------
 lib/nova              |  6 +-----
 lib/sahara            |  6 +-----
 lib/swift             | 11 ++++-------
 lib/trove             |  6 +-----
 lib/zaqar             |  6 +-----
 13 files changed, 30 insertions(+), 61 deletions(-)

diff --git a/extras.d/70-tuskar.sh b/extras.d/70-tuskar.sh
index 551916f35a..aa8f46af11 100644
--- a/extras.d/70-tuskar.sh
+++ b/extras.d/70-tuskar.sh
@@ -176,12 +176,8 @@ function stop_tuskar {
 
 # create_tuskar_accounts() - Set up common required tuskar accounts
 function create_tuskar_accounts {
-    # migrated from files/keystone_data.sh
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
 
-    local tuskar_user=$(get_or_create_user "tuskar" "$SERVICE_PASSWORD")
-    get_or_add_user_role $admin_role $tuskar_user $service_tenant
+    create_service_user "tuskar" "admin"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/ceilometer b/lib/ceilometer
index f1617fb9e4..f03bab21fc 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -105,13 +105,10 @@ function is_ceilometer_enabled {
 # SERVICE_TENANT_NAME  ceilometer   ResellerAdmin (if Swift is enabled)
 function create_ceilometer_accounts {
 
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
     # Ceilometer
     if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
-        local ceilometer_user=$(get_or_create_user "ceilometer" "$SERVICE_PASSWORD")
-        get_or_add_user_role $admin_role $ceilometer_user $service_tenant
+
+        create_service_user "ceilometer" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
             local ceilometer_service=$(get_or_create_service "ceilometer" \
diff --git a/lib/cinder b/lib/cinder
index 937689a528..12ba51e49b 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -330,14 +330,10 @@ function configure_cinder {
 # Migrated from keystone_data.sh
 function create_cinder_accounts {
 
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
     # Cinder
     if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
 
-        local cinder_user=$(get_or_create_user "cinder" "$SERVICE_PASSWORD")
-        get_or_add_user_role $admin_role $cinder_user $service_tenant
+        create_service_user "cinder" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/glance b/lib/glance
index bee57a3100..0340c21ee0 100644
--- a/lib/glance
+++ b/lib/glance
@@ -232,8 +232,7 @@ function configure_glance {
 function create_glance_accounts {
     if is_service_enabled g-api; then
 
-        local glance_user=$(get_or_create_user "glance" "$SERVICE_PASSWORD")
-        get_or_add_user_role service $glance_user $SERVICE_TENANT_NAME
+        create_service_user "glance"
 
         # required for swift access
         if is_service_enabled s-proxy; then
diff --git a/lib/heat b/lib/heat
index 58439d67f8..1a57474122 100644
--- a/lib/heat
+++ b/lib/heat
@@ -246,12 +246,7 @@ function stop_heat {
 
 # create_heat_accounts() - Set up common required heat accounts
 function create_heat_accounts {
-    # migrated from files/keystone_data.sh
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
-    local heat_user=$(get_or_create_user "heat" "$SERVICE_PASSWORD")
-    get_or_add_user_role $admin_role $heat_user $service_tenant
+    create_service_user "heat" "admin"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/ironic b/lib/ironic
index fced2949f4..921bcf1a26 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -358,15 +358,11 @@ function create_ironic_cache_dir {
 # service              ironic     admin        # if enabled
 function create_ironic_accounts {
 
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
     # Ironic
     if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
         # Get ironic user if exists
 
-        local ironic_user=$(get_or_create_user "ironic" "$SERVICE_PASSWORD")
-        get_or_add_user_role $admin_role $ironic_user $service_tenant
+        create_service_user "ironic" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/keystone b/lib/keystone
index d5ccc2f075..8ec4d61862 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -414,6 +414,20 @@ function create_keystone_accounts {
     fi
 }
 
+# Create a user that is capable of verifying keystone tokens for use with auth_token middleware.
+#
+# create_service_user  [role]
+#
+# The role defaults to the service role. It is allowed to be provided as optional as historically
+# a lot of projects have configured themselves with the admin or other role here if they are
+# using this user for other purposes beyond simply auth_token middleware.
+function create_service_user {
+    local role=${2:-service}
+
+    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")
+    get_or_add_user_role "$role" "$user" "$SERVICE_TENANT_NAME"
+}
+
 # Configure the service to use the auth token middleware.
 #
 # configure_auth_token_middleware conf_file admin_user signing_dir [section]
diff --git a/lib/neutron b/lib/neutron
index 2c7ec94ad0..0ff8813e3e 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -507,14 +507,9 @@ function create_neutron_cache_dir {
 
 # Migrated from keystone_data.sh
 function create_neutron_accounts {
-
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local service_role=$(openstack role list | awk "/ service / { print \$2 }")
-
     if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
 
-        local neutron_user=$(get_or_create_user "neutron" "$SERVICE_PASSWORD")
-        get_or_add_user_role $service_role $neutron_user $service_tenant
+        create_service_user "neutron"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/nova b/lib/nova
index 0f4729fb63..c760066f15 100644
--- a/lib/nova
+++ b/lib/nova
@@ -353,14 +353,10 @@ function configure_nova {
 # SERVICE_TENANT_NAME  nova         ResellerAdmin (if Swift is enabled)
 function create_nova_accounts {
 
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
     # Nova
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
 
-        local nova_user=$(get_or_create_user "nova" "$SERVICE_PASSWORD")
-        get_or_add_user_role $admin_role $nova_user $service_tenant
+        create_service_user "nova" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/sahara b/lib/sahara
index 44c06d3c46..cb6ecc3be3 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -61,11 +61,7 @@ TEMPEST_SERVICES+=,sahara
 # service     sahara    admin
 function create_sahara_accounts {
 
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
-    local sahara_user=$(get_or_create_user "sahara" "$SERVICE_PASSWORD")
-    get_or_add_user_role $admin_role $sahara_user $service_tenant
+    create_service_user "sahara" "admin"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/swift b/lib/swift
index 683bc17871..d9f750c27f 100644
--- a/lib/swift
+++ b/lib/swift
@@ -601,12 +601,9 @@ function create_swift_accounts {
 
     KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
     local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
 
-    local swift_user=$(get_or_create_user "swift" "$SERVICE_PASSWORD")
-    get_or_add_user_role $admin_role $swift_user $service_tenant
+    create_service_user "swift" "admin"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
@@ -623,7 +620,7 @@ function create_swift_accounts {
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
     SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
-    get_or_add_user_role $admin_role $SWIFT_USER_TEST1 $swift_tenant_test1
+    get_or_add_user_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
 
     local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
@@ -634,7 +631,7 @@ function create_swift_accounts {
 
     local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
-    get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
+    get_or_add_user_role admin $swift_user_test2 $swift_tenant_test2
 
     local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
     die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
@@ -644,7 +641,7 @@ function create_swift_accounts {
 
     local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
-    get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
+    get_or_add_user_role admin $swift_user_test4 $swift_tenant_test4
 }
 
 # init_swift() - Initialize rings
diff --git a/lib/trove b/lib/trove
index 5e6b1b39c3..d32c7765e0 100644
--- a/lib/trove
+++ b/lib/trove
@@ -79,13 +79,9 @@ function setup_trove_logging {
 # service              trove     admin        # if enabled
 
 function create_trove_accounts {
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    local service_role=$(openstack role list | awk "/ admin / { print \$2 }")
-
     if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
 
-        local trove_user=$(get_or_create_user "trove" "$SERVICE_PASSWORD")
-        get_or_add_user_role $service_role $trove_user $service_tenant
+        create_service_user "trove" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/zaqar b/lib/zaqar
index 618ac30534..8b560bb4d5 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -215,11 +215,7 @@ function stop_zaqar {
 }
 
 function create_zaqar_accounts {
-    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-    ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
-
-    local zaqar_user=$(get_or_create_user "zaqar" "$SERVICE_PASSWORD")
-    get_or_add_user_role $ADMIN_ROLE $zaqar_user $service_tenant
+    create_service_user "zaqar" "admin"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 

From b1a153ed71b90345119112700a2a2796198fe072 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Mon, 9 Feb 2015 12:43:12 +0900
Subject: [PATCH 0370/3421] plugins.rst: Fix a typo

Change-Id: I3f85166a1e0f2fea02055dae6871746ad1b8d897
---
 doc/source/plugins.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index d1f73771a3..8bb92ed4b9 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -16,7 +16,7 @@ DevStack using this mechanism.
 The script in ``extras.d`` is expected to be mostly a dispatcher to
 functions in a ``lib/*`` script. The scripts are named with a
 zero-padded two digits sequence number prefix to control the order that
-the scripts are called, and with a suffix of ``.sh``. DevSack reserves
+the scripts are called, and with a suffix of ``.sh``. DevStack reserves
 for itself the sequence numbers 00 through 09 and 90 through 99.
 
 Below is a template that shows handlers for the possible command-line

From 347e30877b12fb9d096bcab50255ba992416bfce Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Sat, 7 Feb 2015 15:15:12 +0000
Subject: [PATCH 0371/3421] XenAPI: Use round-robin mirror for Ubuntu

ANL has discontinued their Ubuntu mirror.  Update the target
to be the official round-robin mirror which should be more stable long-term

Change-Id: I1271301d96a44888f45664537435e31dd38ff30d
---
 tools/xen/xenrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index 0cbf86118d..43a6ce8a77 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -70,8 +70,8 @@ UBUNTU_INST_TEMPLATE_NAME="Ubuntu 14.04 (64-bit) for DevStack"
 # XenServer 6.1 and later or XCP 1.6 or later
 # 11.10 is only really supported with XenServer 6.0.2 and later
 UBUNTU_INST_ARCH="amd64"
-UBUNTU_INST_HTTP_HOSTNAME="mirror.anl.gov"
-UBUNTU_INST_HTTP_DIRECTORY="/pub/ubuntu"
+UBUNTU_INST_HTTP_HOSTNAME="archive.ubuntu.com"
+UBUNTU_INST_HTTP_DIRECTORY="/ubuntu"
 UBUNTU_INST_HTTP_PROXY=""
 UBUNTU_INST_LOCALE="en_US"
 UBUNTU_INST_KEYBOARD="us"

From fa94dfcb17317b192f8a13f2b833dbcae9f7fde4 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 9 Feb 2015 07:50:03 -0500
Subject: [PATCH 0372/3421] remove tuskar

Tuskar server support is proposed as an external plugin here
I67dc8420582a40e18de7d5e00094bccc1184a7f9, we should remove Tuskar
from the main devstack tree.

Change-Id: I93e97e7ae8fd03cabc1245a10588c4474d7e3728
---
 extras.d/70-tuskar.sh | 200 ------------------------------------------
 1 file changed, 200 deletions(-)
 delete mode 100644 extras.d/70-tuskar.sh

diff --git a/extras.d/70-tuskar.sh b/extras.d/70-tuskar.sh
deleted file mode 100644
index aa8f46af11..0000000000
--- a/extras.d/70-tuskar.sh
+++ /dev/null
@@ -1,200 +0,0 @@
-# Install and start the **Tuskar** service
-#
-# To enable, add the following to your localrc
-#
-# enable_service tuskar
-# enable_service tuskar-api
-
-
-if is_service_enabled tuskar; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source, do nothing as functions sourced
-        # are below rather than in lib/tuskar
-        echo_summary "source extras tuskar"
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing Tuskar"
-        install_tuskarclient
-        install_tuskar
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        echo_summary "Configuring Tuskar"
-        configure_tuskar
-        configure_tuskarclient
-
-        if is_service_enabled key; then
-            create_tuskar_accounts
-        fi
-
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        echo_summary "Initializing Tuskar"
-        init_tuskar
-        start_tuskar
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_tuskar
-    fi
-fi
-
-# library code (equivalent to lib/tuskar)
-# ---------
-# - install_tuskarclient
-# - install_tuskar
-# - configure_tuskarclient
-# - configure_tuskar
-# - init_tuskar
-# - start_tuskar
-# - stop_tuskar
-# - cleanup_tuskar
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-# tuskar repos
-TUSKAR_REPO=${TUSKAR_REPO:-${GIT_BASE}/openstack/tuskar.git}
-TUSKAR_BRANCH=${TUSKAR_BRANCH:-master}
-
-TUSKARCLIENT_REPO=${TUSKARCLIENT_REPO:-${GIT_BASE}/openstack/python-tuskarclient.git}
-TUSKARCLIENT_BRANCH=${TUSKARCLIENT_BRANCH:-master}
-
-# set up default directories
-TUSKAR_DIR=$DEST/tuskar
-TUSKARCLIENT_DIR=$DEST/python-tuskarclient
-TUSKAR_AUTH_CACHE_DIR=${TUSKAR_AUTH_CACHE_DIR:-/var/cache/tuskar}
-TUSKAR_STANDALONE=$(trueorfalse False TUSKAR_STANDALONE)
-TUSKAR_CONF_DIR=/etc/tuskar
-TUSKAR_CONF=$TUSKAR_CONF_DIR/tuskar.conf
-TUSKAR_API_HOST=${TUSKAR_API_HOST:-$HOST_IP}
-TUSKAR_API_PORT=${TUSKAR_API_PORT:-8585}
-
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,tuskar
-
-# Functions
-# ---------
-
-# Test if any Tuskar services are enabled
-# is_tuskar_enabled
-function is_tuskar_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"tuskar-" ]] && return 0
-    return 1
-}
-
-# cleanup_tuskar() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_tuskar {
-    sudo rm -rf $TUSKAR_AUTH_CACHE_DIR
-}
-
-# configure_tuskar() - Set config files, create data dirs, etc
-function configure_tuskar {
-    setup_develop $TUSKAR_DIR
-
-    if [[ ! -d $TUSKAR_CONF_DIR ]]; then
-        sudo mkdir -p $TUSKAR_CONF_DIR
-    fi
-    sudo chown $STACK_USER $TUSKAR_CONF_DIR
-    # remove old config files
-    rm -f $TUSKAR_CONF_DIR/tuskar-*.conf
-
-    TUSKAR_POLICY_FILE=$TUSKAR_CONF_DIR/policy.json
-
-    cp $TUSKAR_DIR/etc/tuskar/policy.json $TUSKAR_POLICY_FILE
-    cp $TUSKAR_DIR/etc/tuskar/tuskar.conf.sample $TUSKAR_CONF
-
-    # common options
-    iniset $TUSKAR_CONF database connection `database_connection_url tuskar`
-
-    # logging
-    iniset $TUSKAR_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $TUSKAR_CONF DEFAULT use_syslog $SYSLOG
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        # Add color to logging output
-        setup_colorized_logging $TUSKAR_CONF DEFAULT tenant user
-    fi
-
-    configure_auth_token_middleware $TUSKAR_CONF tuskar $TUSKAR_AUTH_CACHE_DIR
-
-    if is_ssl_enabled_service "key"; then
-        iniset $TUSKAR_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
-    fi
-
-    iniset $TUSKAR_CONF tuskar_api bind_port $TUSKAR_API_PORT
-
-}
-
-# init_tuskar() - Initialize database
-function init_tuskar {
-
-    # (re)create tuskar database
-    recreate_database tuskar
-
-    tuskar-dbsync --config-file $TUSKAR_CONF
-    create_tuskar_cache_dir
-}
-
-# create_tuskar_cache_dir() - Part of the init_tuskar() process
-function create_tuskar_cache_dir {
-    # Create cache dirs
-    sudo mkdir -p $TUSKAR_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $TUSKAR_AUTH_CACHE_DIR
-}
-
-# install_tuskarclient() - Collect source and prepare
-function install_tuskarclient {
-    git_clone $TUSKARCLIENT_REPO $TUSKARCLIENT_DIR $TUSKARCLIENT_BRANCH
-    setup_develop $TUSKARCLIENT_DIR
-}
-
-# configure_tuskarclient() - Set config files, create data dirs, etc
-function configure_tuskarclient {
-    setup_develop $TUSKARCLIENT_DIR
-}
-
-# install_tuskar() - Collect source and prepare
-function install_tuskar {
-    git_clone $TUSKAR_REPO $TUSKAR_DIR $TUSKAR_BRANCH
-}
-
-# start_tuskar() - Start running processes, including screen
-function start_tuskar {
-    run_process tuskar-api "tuskar-api --config-file=$TUSKAR_CONF"
-}
-
-# stop_tuskar() - Stop running processes
-function stop_tuskar {
-    # Kill the screen windows
-    local serv
-    for serv in tuskar-api; do
-        stop_process $serv
-    done
-}
-
-# create_tuskar_accounts() - Set up common required tuskar accounts
-function create_tuskar_accounts {
-
-    create_service_user "tuskar" "admin"
-
-    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-        local tuskar_service=$(get_or_create_service "tuskar" \
-                "management" "Tuskar Management Service")
-        get_or_create_endpoint $tuskar_service \
-            "$REGION_NAME" \
-            "$SERVICE_PROTOCOL://$TUSKAR_API_HOST:$TUSKAR_API_PORT" \
-            "$SERVICE_PROTOCOL://$TUSKAR_API_HOST:$TUSKAR_API_PORT" \
-            "$SERVICE_PROTOCOL://$TUSKAR_API_HOST:$TUSKAR_API_PORT"
-    fi
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:

From b36a13a76a9434daa8257a88a558fb301339970d Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 9 Feb 2015 07:51:53 -0500
Subject: [PATCH 0373/3421] gantt is a dead project, remove it

The gantt source trees are dead projects, we should remove them from
devstack.

Change-Id: I0f271891846d2ad7a7a8edd975cdfb4f08419f0c
---
 extras.d/70-gantt.sh | 31 --------------
 lib/gantt            | 98 --------------------------------------------
 2 files changed, 129 deletions(-)
 delete mode 100644 extras.d/70-gantt.sh
 delete mode 100644 lib/gantt

diff --git a/extras.d/70-gantt.sh b/extras.d/70-gantt.sh
deleted file mode 100644
index ac1efba748..0000000000
--- a/extras.d/70-gantt.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-# gantt.sh - Devstack extras script to install Gantt
-
-if is_service_enabled n-sch; then
-    disable_service gantt
-fi
-
-if is_service_enabled gantt; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source
-        source $TOP_DIR/lib/gantt
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing Gantt"
-        install_gantt
-        cleanup_gantt
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        echo_summary "Configuring Gantt"
-        configure_gantt
-
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        # Initialize gantt
-        init_gantt
-
-        # Start gantt
-        echo_summary "Starting Gantt"
-        start_gantt
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_gantt
-    fi
-fi
diff --git a/lib/gantt b/lib/gantt
deleted file mode 100644
index 5bd28c2823..0000000000
--- a/lib/gantt
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/bash
-#
-# lib/gantt
-# Install and start **Gantt** scheduler service
-
-# Dependencies:
-#
-# - functions
-# - DEST, DATA_DIR, STACK_USER must be defined
-
-# stack.sh
-# ---------
-# - install_gantt
-# - configure_gantt
-# - init_gantt
-# - start_gantt
-# - stop_gantt
-# - cleanup_gantt
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-# Defaults
-# --------
-
-# set up default directories
-GANTT_DIR=$DEST/gantt
-GANTT_STATE_PATH=${GANTT_STATE_PATH:=$DATA_DIR/gantt}
-GANTT_REPO=${GANTT_REPO:-${GIT_BASE}/openstack/gantt.git}
-GANTT_BRANCH=${GANTT_BRANCH:-master}
-
-GANTTCLIENT_DIR=$DEST/python-ganttclient
-GANTTCLIENT_REPO=${GANTT_REPO:-${GIT_BASE}/openstack/python-ganttclient.git}
-GANTTCLIENT_BRANCH=${GANTT_BRANCH:-master}
-
-# eventually we will have a separate gantt config
-# file but for compatibility reasone stick with
-# nova.conf for now
-GANTT_CONF_DIR=${GANTT_CONF_DIR:-/etc/nova}
-GANTT_CONF=$GANTT_CONF_DIR/nova.conf
-
-# Support entry points installation of console scripts
-GANTT_BIN_DIR=$(get_python_exec_prefix)
-
-
-# Functions
-# ---------
-
-# cleanup_gantt() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_gantt {
-    echo "Cleanup Gantt"
-}
-
-# configure_gantt() - Set config files, create data dirs, etc
-function configure_gantt {
-    echo "Configure Gantt"
-}
-
-# init_gantt() - Initialize database and volume group
-function init_gantt {
-    echo "Initialize Gantt"
-}
-
-# install_gantt() - Collect source and prepare
-function install_gantt {
-    git_clone $GANTT_REPO $GANTT_DIR $GANTT_BRANCH
-    setup_develop $GANTT_DIR
-}
-
-# install_ganttclient() - Collect source and prepare
-function install_ganttclient {
-    echo "Install Gantt Client"
-#    git_clone $GANTTCLIENT_REPO $GANTTCLIENT_DIR $GANTTCLIENT_BRANCH
-#    setup_develop $GANTTCLIENT_DIR
-}
-
-# start_gantt() - Start running processes, including screen
-function start_gantt {
-    if is_service_enabled gantt; then
-        run_process gantt "$GANTT_BIN_DIR/gantt-scheduler --config-file $GANTT_CONF"
-    fi
-}
-
-# stop_gantt() - Stop running processes
-function stop_gantt {
-    echo "Stop Gantt"
-    stop_process gantt
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:

From 1368b98669ae9365193f8cd22bdce1c9abdc5499 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 4 Feb 2015 15:28:18 -0800
Subject: [PATCH 0374/3421] Stop installing tempest

We run tempest inside of tox so no nee to install it. By not installing
it we decouple one more thing from the requirements sync.

Without this patch, due to branchless tempest, tempest must work with
master and all stable branch global requirements.

Although installing tempest should work on master, don't install it
anyway to make the user experience more uniform across master and
stable branches.

Note: Long term we can install this inside of a virtualenv
(I92648fffc1ad6af53006a0970722fd15f4e79dc2) but that logic hasn't landed
yet and installing tempest is breaking us. So leave moving this to a
virtualenv for a later patch.

Change-Id: I78d51f04ed01da4ce8aa0e127be028f969d3b4f8
---
 lib/tempest | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 1ae945779d..e416affc46 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -95,7 +95,8 @@ function remove_disabled_extensions {
 
 # configure_tempest() - Set config files, create data dirs, etc
 function configure_tempest {
-    setup_develop $TEMPEST_DIR
+    # install testr since its used to process tempest logs
+    pip_install `grep -h testrepository $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1`
     local image_lines
     local images
     local num_images
@@ -319,7 +320,8 @@ function configure_tempest {
     # Run verify_tempest_config -ur to retrieve enabled extensions on API endpoints
     # NOTE(mtreinish): This must be done after auth settings are added to the tempest config
     local tmp_cfg_file=$(mktemp)
-    $TEMPEST_DIR/tempest/cmd/verify_tempest_config.py -uro $tmp_cfg_file
+    cd $TEMPEST_DIR
+    tox -evenv -- verify-tempest-config -uro $tmp_cfg_file
 
     local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
     if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then

From 00d0da36af934bfdc15a5175e8cac3667e8cd581 Mon Sep 17 00:00:00 2001
From: Wayne Okuma 
Date: Thu, 22 Jan 2015 16:06:41 -0800
Subject: [PATCH 0375/3421] Adds elasticsearch support as a pre-req for the
 glance-index.

Add elastic search pkg installation and start into the glance install
and start paths.

Change-Id: I53fc37225dd606f627c9f967083007613eb1f1bb
Implements: blueprint catalog-index-service
---
 files/debs/general | 1 +
 files/rpms/general | 1 +
 lib/glance         | 9 +++++++--
 3 files changed, 9 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 lib/glance

diff --git a/files/debs/general b/files/debs/general
index e824d239b4..4050191379 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -27,3 +27,4 @@ libyaml-dev
 libffi-dev
 libssl-dev # for pyOpenSSL
 gettext  # used for compiling message catalogs
+openjdk-7-jre-headless  # NOPRIME
diff --git a/files/rpms/general b/files/rpms/general
index 13c8a87780..6f2239196b 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -26,3 +26,4 @@ bc
 libyaml-devel
 gettext  # used for compiling message catalogs
 net-tools
+java-1.7.0-openjdk-headless  # NOPRIME
diff --git a/lib/glance b/lib/glance
old mode 100644
new mode 100755
index 0340c21ee0..c5206d489a
--- a/lib/glance
+++ b/lib/glance
@@ -70,7 +70,6 @@ GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191}
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,glance
 
-
 # Functions
 # ---------
 
@@ -308,6 +307,10 @@ function install_glance {
 
     git_clone $GLANCE_REPO $GLANCE_DIR $GLANCE_BRANCH
     setup_develop $GLANCE_DIR
+    if is_service_enabled g-graffiti; then
+        ${TOP_DIR}/pkg/elasticsearch.sh download
+        ${TOP_DIR}/pkg/elasticsearch.sh install
+    fi
 }
 
 # start_glance() - Start running processes, including screen
@@ -321,6 +324,9 @@ function start_glance {
     run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
     run_process g-api "$GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf"
 
+    if is_service_enabled g-graffiti; then
+        ${TOP_DIR}/pkg/elasticsearch.sh start
+    fi
     echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..."
     if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then
         die $LINENO "g-api did not start"
@@ -334,7 +340,6 @@ function stop_glance {
     stop_process g-reg
 }
 
-
 # Restore xtrace
 $XTRACE
 

From 33127a1287da160676ff337ae980603f8c183006 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 9 Feb 2015 15:17:27 -0500
Subject: [PATCH 0376/3421] update plugin doc

After doing a couple of external plugins I found that basically things
don't work unless you enable_service in the settings file. Document
that as a requirement, and clean up the rest of the docs around the
external plugins to be consistent with that.

Change-Id: I13aee7dbf112ce9663e8338b555a208327f89b61
---
 doc/source/plugins.rst | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 8bb92ed4b9..5d6d3f183d 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -107,19 +107,24 @@ directory. Inside this directory there can be 2 files.
   sourced very early in the process. This is helpful if other plugins
   might depend on this one, and need access to global variables to do
   their work.
+
+  Your settings should include any ``enable_service`` lines required
+  by your plugin. This is especially important if you are kicking off
+  services using ``run_process`` as it only works with enabled
+  services.
+
 - ``plugin.sh`` - the actual plugin. It will be executed by devstack
   during it's run. The run order will be done in the registration
   order for these plugins, and will occur immediately after all in
   tree extras.d dispatch at the phase in question.  The plugin.sh
-  looks like the extras.d dispatcher above **except** it should not
-  include the is_service_enabled conditional. All external plugins are
-  always assumed to be enabled.
+  looks like the extras.d dispatcher above.
 
 Plugins are registered by adding the following to the localrc section
 of ``local.conf``.
 
 They are added in the following format::
 
+  [[local|localrc]]
   enable_plugin   [GITREF]
 
 - ``name`` - an arbitrary name. (ex: glustfs, docker, zaqar, congress)
@@ -129,7 +134,7 @@ They are added in the following format::
 
 An example would be as follows::
 
-  enable_plugin glusterfs https://github.com/sdague/devstack-plugins glusterfs
+  enable_plugin ec2api git://git.openstack.org/stackforge/ec2api
 
 Hypervisor
 ==========

From ebcb8496348fad84053c79a933771ce6063994f8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Tue, 10 Feb 2015 14:16:56 -0500
Subject: [PATCH 0377/3421] Unconfigure the devstack CA when USE_SSL is True

Change-Id: I17cb5e5d93bfe6fc6746ee530f639e2ed42da85a
---
 unstack.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/unstack.sh b/unstack.sh
index bc439e90bf..4364e58a32 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -132,6 +132,9 @@ if is_service_enabled tls-proxy; then
     stop_tls_proxy
     cleanup_CA
 fi
+if [ "$USE_SSL" == "True" ]; then
+    cleanup_CA
+fi
 
 SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*
 

From e1d013f9265a86c00ec02822f2425874fa97769f Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Tue, 10 Feb 2015 14:15:35 -0500
Subject: [PATCH 0378/3421] Set ca_certificates_file in tempest, fix test for
 "keystone"

Configure tempest with the location of the devstack CA bundle.

Fix a conditional that was looking for the "keystone" service
when it should be "key". This affected users who set
USE_SSL=True

Change-Id: I7171d7bd539443dce9f3b1a80274b7861abdcfdb
---
 lib/tempest | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 777d03e0f3..3d9d8bb47e 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -292,6 +292,9 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID
     iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME
     iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
+    if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
+        iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
+    fi
 
     # Image
     # for the gate we want to be able to override this variable so we aren't
@@ -482,7 +485,7 @@ function configure_tempest {
         fi
     done
 
-    if is_ssl_enabled_service "keystone" || is_service_enabled tls-proxy; then
+    if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
         # Use the BOTO_CONFIG environment variable to point to this file
         iniset $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE
         sudo chown $STACK_USER $BOTO_CONF

From 117c6c2048e232660613666b9e606991a5ad32b6 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 10 Feb 2015 07:53:36 -0500
Subject: [PATCH 0379/3421] remove lib/stackforge

Now that we have a working external plugin mechanism stackforge
projects definitely don't need to be directly in devstack. These were
largely unused previously anyway.

Change-Id: I300686b2ac976d9b454404842b3f210fd7c239d9
---
 doc/source/index.rst |  1 -
 lib/stackforge       | 56 --------------------------------------------
 stack.sh             |  6 -----
 stackrc              | 20 ----------------
 unstack.sh           |  1 -
 5 files changed, 84 deletions(-)
 delete mode 100644 lib/stackforge

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 0790d1e7e1..be77dc12a5 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -167,7 +167,6 @@ Scripts
 * `lib/oslo `__
 * `lib/rpc\_backend `__
 * `lib/sahara `__
-* `lib/stackforge `__
 * `lib/swift `__
 * `lib/tempest `__
 * `lib/tls `__
diff --git a/lib/stackforge b/lib/stackforge
deleted file mode 100644
index cc3a689973..0000000000
--- a/lib/stackforge
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-#
-# lib/stackforge
-#
-# Functions to install stackforge libraries that we depend on so
-# that we can try their git versions during devstack gate.
-#
-# This is appropriate for python libraries that release to pypi and are
-# expected to be used beyond OpenStack like, but are requirements
-# for core services in global-requirements.
-#
-#     * wsme
-#     * pecan
-#
-# This is not appropriate for stackforge projects which are early stage
-# OpenStack tools
-
-# Dependencies:
-# ``functions`` file
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# install_stackforge
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-WSME_DIR=$DEST/wsme
-PECAN_DIR=$DEST/pecan
-SQLALCHEMY_MIGRATE_DIR=$DEST/sqlalchemy-migrate
-
-# Entry Points
-# ------------
-
-# install_stackforge() - Collect source and prepare
-function install_stackforge {
-    git_clone $WSME_REPO $WSME_DIR $WSME_BRANCH
-    setup_package $WSME_DIR
-
-    git_clone $PECAN_REPO $PECAN_DIR $PECAN_BRANCH
-    setup_package $PECAN_DIR
-
-    git_clone $SQLALCHEMY_MIGRATE_REPO $SQLALCHEMY_MIGRATE_DIR $SQLALCHEMY_MIGRATE_BRANCH
-    setup_package $SQLALCHEMY_MIGRATE_DIR
-}
-
-# Restore xtrace
-$XTRACE
-
-# Local variables:
-# mode: shell-script
-# End:
diff --git a/stack.sh b/stack.sh
index eaecea075c..3f97919e0e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -500,7 +500,6 @@ source $TOP_DIR/lib/tls
 # Source project function libraries
 source $TOP_DIR/lib/infra
 source $TOP_DIR/lib/oslo
-source $TOP_DIR/lib/stackforge
 source $TOP_DIR/lib/lvm
 source $TOP_DIR/lib/horizon
 source $TOP_DIR/lib/keystone
@@ -699,11 +698,6 @@ install_infra
 # Install oslo libraries that have graduated
 install_oslo
 
-# Install stackforge libraries for testing
-if is_service_enabled stackforge_libs; then
-    install_stackforge
-fi
-
 # Install clients libraries
 install_keystoneclient
 install_glanceclient
diff --git a/stackrc b/stackrc
index ff821401d7..7bb4cc29d9 100644
--- a/stackrc
+++ b/stackrc
@@ -434,26 +434,6 @@ ORC_BRANCH=${ORC_BRANCH:-master}
 TIE_REPO=${TIE_REPO:-${GIT_BASE}/openstack/tripleo-image-elements.git}
 TIE_BRANCH=${TIE_BRANCH:-master}
 
-#################
-#
-#  Additional Libraries
-#
-#################
-
-# stackforge libraries that are used by OpenStack core services
-# wsme
-WSME_REPO=${WSME_REPO:-${GIT_BASE}/stackforge/wsme.git}
-WSME_BRANCH=${WSME_BRANCH:-master}
-
-# pecan
-PECAN_REPO=${PECAN_REPO:-${GIT_BASE}/stackforge/pecan.git}
-PECAN_BRANCH=${PECAN_BRANCH:-master}
-
-# sqlalchemy-migrate
-SQLALCHEMY_MIGRATE_REPO=${SQLALCHEMY_MIGRATE_REPO:-${GIT_BASE}/stackforge/sqlalchemy-migrate.git}
-SQLALCHEMY_MIGRATE_BRANCH=${SQLALCHEMY_MIGRATE_BRANCH:-master}
-
-
 #################
 #
 #  3rd Party Components (non pip installable)
diff --git a/unstack.sh b/unstack.sh
index b8b7f4a130..bc439e90bf 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -54,7 +54,6 @@ source $TOP_DIR/lib/tls
 # Source project function libraries
 source $TOP_DIR/lib/infra
 source $TOP_DIR/lib/oslo
-source $TOP_DIR/lib/stackforge
 source $TOP_DIR/lib/lvm
 source $TOP_DIR/lib/horizon
 source $TOP_DIR/lib/keystone

From e8bc2b82a04f4cca251ed7437f738672107428a3 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Tue, 10 Feb 2015 20:38:56 +1100
Subject: [PATCH 0380/3421] Reduce service user permissions

Most of the services create the service user with the admin permission.
This is unnecessary for token validation and they should be restricted
to only having the service role.

Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b
---
 lib/ceilometer | 2 +-
 lib/cinder     | 2 +-
 lib/ironic     | 2 +-
 lib/nova       | 2 ++
 lib/sahara     | 2 +-
 lib/swift      | 2 +-
 lib/trove      | 2 +-
 lib/zaqar      | 2 +-
 8 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index f03bab21fc..8fff91058c 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -108,7 +108,7 @@ function create_ceilometer_accounts {
     # Ceilometer
     if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
 
-        create_service_user "ceilometer" "admin"
+        create_service_user "ceilometer"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
             local ceilometer_service=$(get_or_create_service "ceilometer" \
diff --git a/lib/cinder b/lib/cinder
index 12ba51e49b..17a0cc3c1a 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -333,7 +333,7 @@ function create_cinder_accounts {
     # Cinder
     if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
 
-        create_service_user "cinder" "admin"
+        create_service_user "cinder"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/ironic b/lib/ironic
index 921bcf1a26..bed816e5c5 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -362,7 +362,7 @@ function create_ironic_accounts {
     if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
         # Get ironic user if exists
 
-        create_service_user "ironic" "admin"
+        create_service_user "ironic"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/nova b/lib/nova
index c760066f15..6a149af322 100644
--- a/lib/nova
+++ b/lib/nova
@@ -356,6 +356,8 @@ function create_nova_accounts {
     # Nova
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
 
+        # NOTE(jamielennox): Nova doesn't need the admin role here, however neutron uses
+        # this service user when notifying nova of changes and that requires the admin role.
         create_service_user "nova" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/sahara b/lib/sahara
index b3ca32f346..db200cca10 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -61,7 +61,7 @@ TEMPEST_SERVICES+=,sahara
 # service     sahara    admin
 function create_sahara_accounts {
 
-    create_service_user "sahara" "admin"
+    create_service_user "sahara"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/swift b/lib/swift
index d9f750c27f..31a1ba1d20 100644
--- a/lib/swift
+++ b/lib/swift
@@ -603,7 +603,7 @@ function create_swift_accounts {
 
     local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
 
-    create_service_user "swift" "admin"
+    create_service_user "swift"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/trove b/lib/trove
index d32c7765e0..e1b307a52f 100644
--- a/lib/trove
+++ b/lib/trove
@@ -81,7 +81,7 @@ function setup_trove_logging {
 function create_trove_accounts {
     if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
 
-        create_service_user "trove" "admin"
+        create_service_user "trove"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
diff --git a/lib/zaqar b/lib/zaqar
index 8b560bb4d5..4a24415248 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -215,7 +215,7 @@ function stop_zaqar {
 }
 
 function create_zaqar_accounts {
-    create_service_user "zaqar" "admin"
+    create_service_user "zaqar"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 

From 9b215db569dcee2e9cd52c3336ba14b73ad05ab0 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Tue, 10 Feb 2015 18:19:57 +1100
Subject: [PATCH 0381/3421] Rename get_or_add_user_role

get_or_add_user_role is specific to adding a role on a project.
Rename it to get_or_add_user_project_role to allow room for adding a
domain specific role function.

Change-Id: I999308098d22be9800578ae67144a3b687fbc3be
---
 functions-common |  6 +++---
 lib/ceilometer   |  2 +-
 lib/glance       |  2 +-
 lib/keystone     | 12 ++++++------
 lib/nova         |  2 +-
 lib/swift        |  8 ++++----
 lib/tempest      |  2 +-
 7 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/functions-common b/functions-common
index d3b3c0c73d..6beb670c6c 100644
--- a/functions-common
+++ b/functions-common
@@ -913,9 +913,9 @@ function get_or_create_role {
     echo $role_id
 }
 
-# Gets or adds user role
-# Usage: get_or_add_user_role   
-function get_or_add_user_role {
+# Gets or adds user role to project
+# Usage: get_or_add_user_project_role   
+function get_or_add_user_project_role {
     # Gets user role id
     local user_role_id=$(openstack role list \
         --user $2 \
diff --git a/lib/ceilometer b/lib/ceilometer
index f03bab21fc..c449ad243d 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -121,7 +121,7 @@ function create_ceilometer_accounts {
         fi
         if is_service_enabled swift; then
             # Ceilometer needs ResellerAdmin role to access swift account stats.
-            get_or_add_user_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
+            get_or_add_user_project_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
         fi
     fi
 }
diff --git a/lib/glance b/lib/glance
index c5206d489a..5bd0b8cdf1 100755
--- a/lib/glance
+++ b/lib/glance
@@ -238,7 +238,7 @@ function create_glance_accounts {
 
             local glance_swift_user=$(get_or_create_user "glance-swift" \
                 "$SERVICE_PASSWORD" "glance-swift@example.com")
-            get_or_add_user_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
+            get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
         fi
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/keystone b/lib/keystone
index 79806b8fd1..2da2d1b4f7 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -365,7 +365,7 @@ function create_keystone_accounts {
     local admin_tenant=$(get_or_create_project "admin")
     local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
     local admin_role=$(get_or_create_role "admin")
-    get_or_add_user_role $admin_role $admin_user $admin_tenant
+    get_or_add_user_project_role $admin_role $admin_user $admin_tenant
 
     # Create service project/role
     get_or_create_project "$SERVICE_TENANT_NAME"
@@ -394,10 +394,10 @@ function create_keystone_accounts {
     local demo_user=$(get_or_create_user "demo" \
         "$ADMIN_PASSWORD" "demo@example.com")
 
-    get_or_add_user_role $member_role $demo_user $demo_tenant
-    get_or_add_user_role $admin_role $admin_user $demo_tenant
-    get_or_add_user_role $another_role $demo_user $demo_tenant
-    get_or_add_user_role $member_role $demo_user $invis_tenant
+    get_or_add_user_project_role $member_role $demo_user $demo_tenant
+    get_or_add_user_project_role $admin_role $admin_user $demo_tenant
+    get_or_add_user_project_role $another_role $demo_user $demo_tenant
+    get_or_add_user_project_role $member_role $demo_user $invis_tenant
 
     get_or_create_group "developers" "default" "openstack developers"
     get_or_create_group "testers" "default"
@@ -426,7 +426,7 @@ function create_service_user {
     local role=${2:-service}
 
     local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")
-    get_or_add_user_role "$role" "$user" "$SERVICE_TENANT_NAME"
+    get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
 }
 
 # Configure the service to use the auth token middleware.
diff --git a/lib/nova b/lib/nova
index c760066f15..801378dd97 100644
--- a/lib/nova
+++ b/lib/nova
@@ -383,7 +383,7 @@ function create_nova_accounts {
         if is_service_enabled swift; then
             # Nova needs ResellerAdmin role to download images when accessing
             # swift through the s3 api.
-            get_or_add_user_role ResellerAdmin nova $SERVICE_TENANT_NAME
+            get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
         fi
 
         # EC2
diff --git a/lib/swift b/lib/swift
index d9f750c27f..194df3330d 100644
--- a/lib/swift
+++ b/lib/swift
@@ -620,18 +620,18 @@ function create_swift_accounts {
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
     SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
-    get_or_add_user_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
+    get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
 
     local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
-    get_or_add_user_role $another_role $swift_user_test3 $swift_tenant_test1
+    get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
 
     local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
 
     local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
-    get_or_add_user_role admin $swift_user_test2 $swift_tenant_test2
+    get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
 
     local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
     die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
@@ -641,7 +641,7 @@ function create_swift_accounts {
 
     local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
-    get_or_add_user_role admin $swift_user_test4 $swift_tenant_test4
+    get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
 }
 
 # init_swift() - Initialize rings
diff --git a/lib/tempest b/lib/tempest
index 777d03e0f3..560ab1b1e8 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -505,7 +505,7 @@ function create_tempest_accounts {
         # between two regular users in separate tenants
         get_or_create_project alt_demo
         get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
-        get_or_add_user_role Member alt_demo alt_demo
+        get_or_add_user_project_role Member alt_demo alt_demo
     fi
 }
 

From 9a413abcd4bb0a7527b37fcaab4a16c9aa7cd938 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 4 Feb 2015 12:44:18 -0500
Subject: [PATCH 0382/3421] add gating up/down script for devstack

This adds the test infrastructure for testing that unstack.sh and
clean.sh do the right thing, and actually stop what's expected. This
is designed to be used in upstream testing to make unstack and clean a
bit more certain.

It includes numerous fixes to make these pass in an errexit
environment with the gate config. The scripts still don't run under
errexit because we don't assume we've handled all possible cleanup safely.

Change-Id: I774dfb2cc934367eef2bb7ea5123197f6da7565b
---
 clean.sh            |  7 +++++--
 gate/updown.sh      | 24 ++++++++++++++++++++++++
 lib/databases/mysql |  3 ---
 lib/dstat           |  5 ++++-
 lib/rpc_backend     |  3 ++-
 lib/sahara          |  2 +-
 unstack.sh          | 12 ++++++++----
 7 files changed, 44 insertions(+), 12 deletions(-)
 create mode 100755 gate/updown.sh

diff --git a/clean.sh b/clean.sh
index edbd04a2d9..50d414c1d9 100755
--- a/clean.sh
+++ b/clean.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 
 # **clean.sh**
 
@@ -83,7 +83,10 @@ if [[ -d $TOP_DIR/extras.d ]]; then
 fi
 
 # Clean projects
-cleanup_cinder
+
+# BUG: cinder tgt doesn't exit cleanly if it's not running.
+cleanup_cinder || /bin/true
+
 cleanup_glance
 cleanup_keystone
 cleanup_nova
diff --git a/gate/updown.sh b/gate/updown.sh
new file mode 100755
index 0000000000..d2d7351a2f
--- /dev/null
+++ b/gate/updown.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -xe
+#
+# An up / down test for gate functional testing
+#
+# Note: this is expected to start running as jenkins
+
+# Step 1: give back sudoers permissions to devstack
+TEMPFILE=`mktemp`
+echo "stack ALL=(root) NOPASSWD:ALL" >$TEMPFILE
+chmod 0440 $TEMPFILE
+sudo chown root:root $TEMPFILE
+sudo mv $TEMPFILE /etc/sudoers.d/51_stack_sh
+
+# TODO: do something to start a guest to create crud that should
+# disappear
+
+# Step 2: unstack
+echo "Running unstack.sh"
+sudo -H -u stack stdbuf -oL -eL bash -ex ./unstack.sh
+
+# Step 3: clean
+echo "Running clean.sh"
+sudo -H -u stack stdbuf -oL -eL bash -ex ./clean.sh
+
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 72c0f82b4a..c8ceec2455 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -28,17 +28,14 @@ function cleanup_database_mysql {
     stop_service $MYSQL
     if is_ubuntu; then
         # Get ruthless with mysql
-        stop_service $MYSQL
         apt_get purge -y mysql* mariadb*
         sudo rm -rf /var/lib/mysql
         sudo rm -rf /etc/mysql
         return
     elif is_fedora; then
-        stop_service mariadb
         uninstall_package mariadb-server
         sudo rm -rf /var/lib/mysql
     elif is_suse; then
-        stop_service mysql
         uninstall_package mysql-community-server
         sudo rm -rf /var/lib/mysql
     else
diff --git a/lib/dstat b/lib/dstat
index 8165e5c5e9..740e48f9e0 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -40,7 +40,10 @@ function start_dstat {
 
 # stop_dstat() stop dstat process
 function stop_dstat {
-    screen_stop dstat
+    # dstat runs as a console, not as a service, and isn't trackable
+    # via the normal mechanisms for devstack. So lets just do a
+    # killall and move on.
+    killall dstat || /bin/true
 }
 
 # Restore xtrace
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 981b80b405..ec821f16c6 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -74,7 +74,8 @@ function cleanup_rpc_backend {
     if is_service_enabled rabbit; then
         # Obliterate rabbitmq-server
         uninstall_package rabbitmq-server
-        sudo killall epmd || sudo killall -9 epmd
+        # in case it's not actually running, /bin/true at the end
+        sudo killall epmd || sudo killall -9 epmd || /bin/true
         if is_ubuntu; then
             # And the Erlang runtime too
             apt_get purge -y erlang*
diff --git a/lib/sahara b/lib/sahara
index 995935aebf..5720c203ea 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -184,7 +184,7 @@ function start_sahara {
 # stop_sahara() - Stop running processes
 function stop_sahara {
     # Kill the Sahara screen windows
-    screen -S $SCREEN_NAME -p sahara -X kill
+    stop_process sahara
 }
 
 
diff --git a/unstack.sh b/unstack.sh
index b8b7f4a130..9a283bafff 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 
 # **unstack.sh**
 
@@ -136,10 +136,13 @@ fi
 
 SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*
 
+# BUG: tgt likes to exit 1 on service stop if everything isn't
+# perfect, we should clean up cinder stop paths.
+
 # Get the iSCSI volumes
 if is_service_enabled cinder; then
-    stop_cinder
-    cleanup_cinder
+    stop_cinder || /bin/true
+    cleanup_cinder || /bin/true
 fi
 
 if [[ -n "$UNSTACK_ALL" ]]; then
@@ -179,4 +182,5 @@ if [[ -n "$SCREEN" ]]; then
     fi
 fi
 
-clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME
+# BUG: maybe it doesn't exist? We should isolate this further down.
+clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME || /bin/true

From 5b9adb60de38584b94596a07fdb7e5ffbe4c9480 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Tue, 10 Feb 2015 08:09:08 +0000
Subject: [PATCH 0383/3421] XenAPI: Move some boot-time functions to
 install-time

The boot-time script (prepare_guest.sh) is one of the less reliable parts
of the install process.  This change enables SSH into the host as well as
reporting of the IP address.  This significantly helps debugging issues
now and enables moving of all other setup code to being executed over SSH.

Change-Id: I1555f1d91353ba8b75e2de4607df33ee20307a6e
---
 tools/xen/devstackubuntu_latecommand.sh | 14 +++++++++++++
 tools/xen/devstackubuntupreseed.cfg     |  7 ++++---
 tools/xen/install_os_domU.sh            | 25 ++++++++++++++++++++++
 tools/xen/prepare_guest.sh              | 15 ++-----------
 tools/xen/prepare_guest_template.sh     | 28 +------------------------
 5 files changed, 46 insertions(+), 43 deletions(-)
 create mode 100644 tools/xen/devstackubuntu_latecommand.sh

diff --git a/tools/xen/devstackubuntu_latecommand.sh b/tools/xen/devstackubuntu_latecommand.sh
new file mode 100644
index 0000000000..2afbe2cdf3
--- /dev/null
+++ b/tools/xen/devstackubuntu_latecommand.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -eux
+
+# Need to set barrier=0 to avoid a Xen bug
+# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/824089
+sed -i -e 's/errors=/barrier=0,errors=/' /etc/fstab
+
+# Allow root to login with a password
+sed -i -e 's/.*PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
+
+# Install the XenServer tools so IP addresses are reported
+wget --no-proxy @XS_TOOLS_URL@ -O /root/tools.deb
+dpkg -i /root/tools.deb
+rm /root/tools.deb
diff --git a/tools/xen/devstackubuntupreseed.cfg b/tools/xen/devstackubuntupreseed.cfg
index 94e6e96625..80f334ba8e 100644
--- a/tools/xen/devstackubuntupreseed.cfg
+++ b/tools/xen/devstackubuntupreseed.cfg
@@ -331,10 +331,11 @@ d-i apt-setup/backports boolean true
 tasksel tasksel/first multiselect openssh-server
 
 # Individual additional packages to install
-#d-i pkgsel/include string openssh-server build-essential
+d-i pkgsel/include string cracklib-runtime curl wget ssh openssh-server tcpdump ethtool git sudo python-netaddr coreutils
+
 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
-#d-i pkgsel/upgrade select none
+d-i pkgsel/upgrade select safe-upgrade
 
 # Language pack selection
 #d-i pkgsel/language-packs multiselect de, en, zh
@@ -467,4 +468,4 @@ xserver-xorg xserver-xorg/config/monitor/mode-list \
 # still a usable /target directory. You can chroot to /target and use it
 # directly, or use the apt-install and in-target commands to easily install
 # packages and run commands in the target system.
-#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
+d-i preseed/late_command string
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 546ead6127..8a0725152f 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -178,12 +178,32 @@ if [ -z "$templateuuid" ]; then
     PRESEED_URL=${PRESEED_URL:-""}
     if [ -z "$PRESEED_URL" ]; then
         PRESEED_URL="${HOST_IP}/devstackubuntupreseed.cfg"
+
         HTTP_SERVER_LOCATION="/opt/xensource/www"
         if [ ! -e $HTTP_SERVER_LOCATION ]; then
             HTTP_SERVER_LOCATION="/var/www/html"
             mkdir -p $HTTP_SERVER_LOCATION
         fi
+
+        # Copy the tools DEB to the XS web server
+        XS_TOOLS_URL="https://github.com/downloads/citrix-openstack/warehouse/xe-guest-utilities_5.6.100-651_amd64.deb"
+        ISO_DIR="/opt/xensource/packages/iso"
+        XS_TOOLS_FILE_NAME="xs-tools.deb"
+        XS_TOOLS_PATH="/root/$XS_TOOLS_FILE_NAME"
+        if [ -e "$ISO_DIR" ]; then
+            TOOLS_ISO=$(ls -1 $ISO_DIR/xs-tools-*.iso | head -1)
+            TMP_DIR=/tmp/temp.$RANDOM
+            mkdir -p $TMP_DIR
+            mount -o loop $TOOLS_ISO $TMP_DIR
+            DEB_FILE=$(ls $TMP_DIR/Linux/*amd64.deb)
+            cp $DEB_FILE $HTTP_SERVER_LOCATION
+            umount $TMP_DIR
+            rmdir $TMP_DIR
+            XS_TOOLS_URL=${HOST_IP}/$(basename $DEB_FILE)
+        fi
+
         cp -f $THIS_DIR/devstackubuntupreseed.cfg $HTTP_SERVER_LOCATION
+        cp -f $THIS_DIR/devstackubuntu_latecommand.sh $HTTP_SERVER_LOCATION/latecommand.sh
 
         sed \
             -e "s,\(d-i mirror/http/hostname string\).*,\1 $UBUNTU_INST_HTTP_HOSTNAME,g" \
@@ -191,7 +211,12 @@ if [ -z "$templateuuid" ]; then
             -e "s,\(d-i mirror/http/proxy string\).*,\1 $UBUNTU_INST_HTTP_PROXY,g" \
             -e "s,\(d-i passwd/root-password password\).*,\1 $GUEST_PASSWORD,g" \
             -e "s,\(d-i passwd/root-password-again password\).*,\1 $GUEST_PASSWORD,g" \
+            -e "s,\(d-i preseed/late_command string\).*,\1 in-target mkdir -p /tmp; in-target wget --no-proxy ${HOST_IP}/latecommand.sh -O /root/latecommand.sh; in-target bash /root/latecommand.sh,g" \
             -i "${HTTP_SERVER_LOCATION}/devstackubuntupreseed.cfg"
+
+        sed \
+            -e "s,@XS_TOOLS_URL@,$XS_TOOLS_URL,g" \
+            -i "${HTTP_SERVER_LOCATION}/latecommand.sh"
     fi
 
     # Update the template
diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh
index 7fe032a064..6de1afc199 100755
--- a/tools/xen/prepare_guest.sh
+++ b/tools/xen/prepare_guest.sh
@@ -16,9 +16,8 @@ set -o xtrace
 
 # Configurable nuggets
 GUEST_PASSWORD="$1"
-XS_TOOLS_PATH="$2"
-STACK_USER="$3"
-DOMZERO_USER="$4"
+STACK_USER="$2"
+DOMZERO_USER="$3"
 
 
 function setup_domzero_user {
@@ -70,16 +69,6 @@ EOF
 
 }
 
-# Install basics
-apt-get update
-apt-get install -y cracklib-runtime curl wget ssh openssh-server tcpdump ethtool
-apt-get install -y git sudo python-netaddr coreutils
-
-# Install XenServer guest utilities
-dpkg -i $XS_TOOLS_PATH
-update-rc.d -f xe-linux-distribution remove
-update-rc.d xe-linux-distribution defaults
-
 # Make a small cracklib dictionary, so that passwd still works, but we don't
 # have the big dictionary.
 mkdir -p /usr/share/cracklib
diff --git a/tools/xen/prepare_guest_template.sh b/tools/xen/prepare_guest_template.sh
index 6cb2ca7099..6cddddaa84 100755
--- a/tools/xen/prepare_guest_template.sh
+++ b/tools/xen/prepare_guest_template.sh
@@ -46,28 +46,6 @@ if [ ! -d $STAGING_DIR/etc ]; then
     exit 1
 fi
 
-# Copy XenServer tools deb into the VM
-ISO_DIR="/opt/xensource/packages/iso"
-XS_TOOLS_FILE_NAME="xs-tools.deb"
-XS_TOOLS_PATH="/root/$XS_TOOLS_FILE_NAME"
-if [ -e "$ISO_DIR" ]; then
-    TOOLS_ISO=$(ls -1 $ISO_DIR/xs-tools-*.iso | head -1)
-    TMP_DIR=/tmp/temp.$RANDOM
-    mkdir -p $TMP_DIR
-    mount -o loop $TOOLS_ISO $TMP_DIR
-    DEB_FILE=$(ls $TMP_DIR/Linux/*amd64.deb)
-    echo "Copying XenServer tools into VM from: $DEB_FILE"
-    cp $DEB_FILE "${STAGING_DIR}${XS_TOOLS_PATH}"
-    umount $TMP_DIR
-    rm -rf $TMP_DIR
-else
-    echo "WARNING: no XenServer tools found, falling back to 5.6 tools"
-    TOOLS_URL="https://github.com/downloads/citrix-openstack/warehouse/xe-guest-utilities_5.6.100-651_amd64.deb"
-    curl --no-sessionid -L -o "$XS_TOOLS_FILE_NAME" $TOOLS_URL
-    cp $XS_TOOLS_FILE_NAME "${STAGING_DIR}${XS_TOOLS_PATH}"
-    rm -rf $XS_TOOLS_FILE_NAME
-fi
-
 # Copy prepare_guest.sh to VM
 mkdir -p $STAGING_DIR/opt/stack/
 cp $TOP_DIR/prepare_guest.sh $STAGING_DIR/opt/stack/prepare_guest.sh
@@ -79,14 +57,10 @@ cp $STAGING_DIR/etc/rc.local $STAGING_DIR/etc/rc.local.preparebackup
 cat <$STAGING_DIR/etc/rc.local
 #!/bin/sh -e
 bash /opt/stack/prepare_guest.sh \\
-    "$GUEST_PASSWORD" "$XS_TOOLS_PATH" "$STACK_USER" "$DOMZERO_USER" \\
+    "$GUEST_PASSWORD" "$STACK_USER" "$DOMZERO_USER" \\
     > /opt/stack/prepare_guest.log 2>&1
 EOF
 
-# Need to set barrier=0 to avoid a Xen bug
-# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/824089
-sed -i -e 's/errors=/barrier=0,errors=/' $STAGING_DIR/etc/fstab
-
 # Update ubuntu repositories
 cat > $STAGING_DIR/etc/apt/sources.list << EOF
 deb http://${UBUNTU_INST_HTTP_HOSTNAME}${UBUNTU_INST_HTTP_DIRECTORY} ${UBUNTU_INST_RELEASE} main restricted

From d1e3ff14b872de704a1b21da7e84a8e5e8d7b756 Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk 
Date: Tue, 10 Feb 2015 17:54:53 +0100
Subject: [PATCH 0384/3421] qpid: plain auth needs cyrus-sasl-plain package

On fedora 21, qpidd cannot authenticate user, because
cyrus-sasl-plain is no more automatically installed.

This change fixes that.

Change-Id: I74452f40723881291b8c7577e5509da1c0e4e6e5
---
 files/rpms/qpid | 2 +-
 lib/rpc_backend | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/files/rpms/qpid b/files/rpms/qpid
index 9e3f10af13..c5e2699fcc 100644
--- a/files/rpms/qpid
+++ b/files/rpms/qpid
@@ -1,4 +1,4 @@
 qpid-proton-c-devel # NOPRIME
 python-qpid-proton # NOPRIME
 cyrus-sasl-lib # NOPRIME
-
+cyrus-sasl-plain # NOPRIME
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 981b80b405..30d300bbad 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -342,6 +342,7 @@ EOF
             install_package sasl2-bin
         elif is_fedora; then
             install_package cyrus-sasl-lib
+            install_package cyrus-sasl-plain
         fi
         local sasl_conf_file=/etc/sasl2/qpidd.conf
         sudo sed -i.bak '/PLAIN/!s/mech_list: /mech_list: PLAIN /' $sasl_conf_file

From 311f48764465d809cbc86f0ea38882a98221f7ec Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 18 Dec 2014 16:31:34 -0600
Subject: [PATCH 0385/3421] Remove deprecated vars

These have been emitting deprecated warnings for over a full release cycle:
Q_AGENT_EXTRA_AGENT_OPTS, Q_AGENT_EXTRA_SRV_OPTS, CINDER_MULTI_LVM_BACKEND

Change-Id: I3aa5cabd6ce3a0072cba08bbca1ad23d4a831219
---
 README.md                             | 15 --------
 lib/cinder                            | 13 ++-----
 lib/neutron_plugins/linuxbridge_agent | 14 --------
 lib/neutron_plugins/ofagent_agent     |  7 ----
 lib/neutron_plugins/openvswitch_agent | 14 --------
 lib/tempest                           |  1 -
 stack.sh                              | 51 ---------------------------
 7 files changed, 3 insertions(+), 112 deletions(-)

diff --git a/README.md b/README.md
index 7eacebdc1e..40060a7cf5 100644
--- a/README.md
+++ b/README.md
@@ -215,21 +215,6 @@ in the near future.  The ``local.conf`` headers for the replacements are:
     [[post-config|/$Q_PLUGIN_CONF_FILE]]
     [linuxbridge]   # or [ovs]
 
-* ``Q_AGENT_EXTRA_AGENT_OPTS``:
-
-    [[post-config|/$Q_PLUGIN_CONF_FILE]]
-    [agent]
-
-* ``Q_AGENT_EXTRA_SRV_OPTS``:
-
-    [[post-config|/$Q_PLUGIN_CONF_FILE]]
-    [linuxbridge]   # or [ovs]
-
-* ``Q_SRV_EXTRA_DEFAULT_OPTS``:
-
-    [[post-config|$NEUTRON_CONF]]
-    [DEFAULT]
-
 Example extra config in `local.conf`:
 
     [[post-config|/$Q_PLUGIN_CONF_FILE]]
diff --git a/lib/cinder b/lib/cinder
index 17a0cc3c1a..0d157dd78e 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -65,21 +65,14 @@ else
 fi
 
 
-# Maintain this here for backward-compatibility with the old configuration
-# DEPRECATED: Use CINDER_ENABLED_BACKENDS instead
-# Support for multi lvm backend configuration (default is no support)
-CINDER_MULTI_LVM_BACKEND=$(trueorfalse False CINDER_MULTI_LVM_BACKEND)
-
 # Default backends
 # The backend format is type:name where type is one of the supported backend
 # types (lvm, nfs, etc) and name is the identifier used in the Cinder
 # configuration and for the volume type name.  Multiple backends are
 # comma-separated.
-if [[ $CINDER_MULTI_LVM_BACKEND == "False" ]]; then
-    CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:${DEFAULT_VOLUME_GROUP_NAME##*-}}
-else
-    CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:${DEFAULT_VOLUME_GROUP_NAME##*-},lvm:cinder}
-fi
+# The old ``CINDER_MULTI_LVM_BACKEND=True`` setting had a default of:
+# CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2}
+CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1}
 
 
 # Should cinder perform secure deletion of volumes?
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index ec17c01612..c9ea1cac28 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -50,20 +50,6 @@ function neutron_plugin_configure_plugin_agent {
     fi
     AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-linuxbridge-agent"
     iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
-    # Define extra "AGENT" configuration options when q-agt is configured by defining
-    # the array ``Q_AGENT_EXTRA_AGENT_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_AGENT_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_AGENT_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE agent ${I/=/ }
-    done
-    # Define extra "LINUX_BRIDGE" configuration options when q-agt is configured by defining
-    # the array ``Q_AGENT_EXTRA_SRV_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_SRV_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_SRV_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE linux_bridge ${I/=/ }
-    done
 }
 
 function neutron_plugin_setup_interface_driver {
diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index 915badc7a0..d38fbebc74 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -84,13 +84,6 @@ function neutron_plugin_configure_plugin_agent {
     AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-ofagent-agent"
 
     iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
-    # Define extra "AGENT" configuration options when q-agt is configured by defining
-    # defining the array ``Q_AGENT_EXTRA_AGENT_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_AGENT_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_AGENT_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE agent ${I/=/ }
-    done
 }
 
 function neutron_plugin_setup_interface_driver {
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 2ab61b0c3e..1d24f3b837 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -104,20 +104,6 @@ function neutron_plugin_configure_plugin_agent {
         iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper "$Q_RR_COMMAND"
     fi
     iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
-    # Define extra "AGENT" configuration options when q-agt is configured by defining
-    # defining the array ``Q_AGENT_EXTRA_AGENT_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_AGENT_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_AGENT_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE agent ${I/=/ }
-    done
-    # Define extra "OVS" configuration options when q-agt is configured by defining
-    # defining the array ``Q_AGENT_EXTRA_SRV_OPTS``.
-    # For Example: ``Q_AGENT_EXTRA_SRV_OPTS=(foo=true bar=2)``
-    for I in "${Q_AGENT_EXTRA_SRV_OPTS[@]}"; do
-        # Replace the first '=' with ' ' for iniset syntax
-        iniset /$Q_PLUGIN_CONF_FILE ovs ${I/=/ }
-    done
 }
 
 function neutron_plugin_setup_interface_driver {
diff --git a/lib/tempest b/lib/tempest
index 5ca217e893..d990b4fd2b 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -29,7 +29,6 @@
 # - ``USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION``
 # - ``DEFAULT_INSTANCE_TYPE``
 # - ``DEFAULT_INSTANCE_USER``
-# - ``CINDER_MULTI_LVM_BACKEND``
 # - ``CINDER_ENABLED_BACKENDS``
 #
 # ``stack.sh`` calls the entry points in this order:
diff --git a/stack.sh b/stack.sh
index 3f97919e0e..19584b9759 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1329,57 +1329,6 @@ if [[ -n "$DEPRECATED_TEXT" ]]; then
     echo_summary "WARNING: $DEPRECATED_TEXT"
 fi
 
-if is_service_enabled neutron; then
-    # TODO(dtroyer): Remove Q_AGENT_EXTRA_AGENT_OPTS after stable/juno branch is cut
-    if [[ -n "$Q_AGENT_EXTRA_AGENT_OPTS" ]]; then
-        echo ""
-        echo_summary "WARNING: Q_AGENT_EXTRA_AGENT_OPTS is used"
-        echo "You are using Q_AGENT_EXTRA_AGENT_OPTS to pass configuration into $NEUTRON_CONF."
-        echo "Please convert that configuration in localrc to a $NEUTRON_CONF section in local.conf:"
-        echo "Q_AGENT_EXTRA_AGENT_OPTS will be removed early in the 'K' development cycle"
-        echo "
-[[post-config|/\$Q_PLUGIN_CONF_FILE]]
-[DEFAULT]
-"
-        for I in "${Q_AGENT_EXTRA_AGENT_OPTS[@]}"; do
-            # Replace the first '=' with ' ' for iniset syntax
-            echo ${I}
-        done
-    fi
-
-    # TODO(dtroyer): Remove Q_AGENT_EXTRA_SRV_OPTS after stable/juno branch is cut
-    if [[ -n "$Q_AGENT_EXTRA_SRV_OPTS" ]]; then
-        echo ""
-        echo_summary "WARNING: Q_AGENT_EXTRA_SRV_OPTS is used"
-        echo "You are using Q_AGENT_EXTRA_SRV_OPTS to pass configuration into $NEUTRON_CONF."
-        echo "Please convert that configuration in localrc to a $NEUTRON_CONF section in local.conf:"
-        echo "Q_AGENT_EXTRA_AGENT_OPTS will be removed early in the 'K' development cycle"
-        echo "
-[[post-config|/\$Q_PLUGIN_CONF_FILE]]
-[DEFAULT]
-"
-        for I in "${Q_AGENT_EXTRA_SRV_OPTS[@]}"; do
-            # Replace the first '=' with ' ' for iniset syntax
-            echo ${I}
-        done
-    fi
-fi
-
-if is_service_enabled cinder; then
-    # TODO(dtroyer): Remove CINDER_MULTI_LVM_BACKEND after stable/juno branch is cut
-    if [[ "$CINDER_MULTI_LVM_BACKEND" = "True" ]]; then
-        echo ""
-        echo_summary "WARNING: CINDER_MULTI_LVM_BACKEND is used"
-        echo "You are using CINDER_MULTI_LVM_BACKEND to configure Cinder's multiple LVM backends"
-        echo "Please convert that configuration in local.conf to use CINDER_ENABLED_BACKENDS."
-        echo "CINDER_MULTI_LVM_BACKEND will be removed early in the 'K' development cycle"
-        echo "
-[[local|localrc]]
-CINDER_ENABLED_BACKENDS=lvm:lvmdriver-1,lvm:lvmdriver-2
-"
-    fi
-fi
-
 # Indicate how long this took to run (bash maintained variable ``SECONDS``)
 echo_summary "stack.sh completed in $SECONDS seconds."
 

From a7c655850c5efec2fdd2f25328e0ed9b84e96362 Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Wed, 11 Feb 2015 17:58:15 +0100
Subject: [PATCH 0386/3421] guides: devstack-with-nested-kvm: Fix typo -
 s/AMD/Intel

In section "Configure Nested KVM for Intel-based Machines", this
sentence:

  Procedure to enable nested KVM virtualization on AMD-based machines.

should (obviously) read as:

  Procedure to enable nested KVM virtualization on Intel-based machines.

Change-Id: I9872a5d20a23f1cce7bf2a79bf29e1b11511b418
---
 doc/source/guides/devstack-with-nested-kvm.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index 2538c8d031..58ec3d3672 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -19,7 +19,7 @@ Nested Virtualization Configuration
 Configure Nested KVM for Intel-based Machines
 ---------------------------------------------
 
-Procedure to enable nested KVM virtualization on AMD-based machines.
+Procedure to enable nested KVM virtualization on Intel-based machines.
 
 Check if the nested KVM Kernel parameter is enabled:
 

From a99e5c9b0e308aa5fa66591e5213243463313ba6 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" 
Date: Wed, 11 Feb 2015 17:25:32 +0000
Subject: [PATCH 0387/3421] Revert "Exit when printing error about database
 config"

This reverts commit 2d7c346f0c8cefe622edc8fed47cc2782aeb9a9b.

Not setting DATABASE_TYPE is not a fatal error since it is
valid to create nodes which only run a subset of services,
and so a database may not be needed.

Change-Id: I7d957e628141ba333b6f38940b39845b18fba4df
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index 3f97919e0e..c8905a7f2f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -584,7 +584,7 @@ function read_password {
 # The available database backends are listed in ``DATABASE_BACKENDS`` after
 # ``lib/database`` is sourced. ``mysql`` is the default.
 
-initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || die $LINENO "No database enabled"
+initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || echo "No database enabled"
 
 
 # Queue Configuration

From 701276a800f97af501de3f4cf9163e48fbcfb562 Mon Sep 17 00:00:00 2001
From: Louis Taylor 
Date: Wed, 11 Feb 2015 19:34:09 +0000
Subject: [PATCH 0388/3421] Enable colorized logging for glance

Extensive QA has found this makes glance 100% more fabulous.

Change-Id: I1cf94096d6bd5033ef0f9e3ed2a77108677581f0
---
 lib/glance | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/glance b/lib/glance
index 5bd0b8cdf1..eb1df2e8ae 100755
--- a/lib/glance
+++ b/lib/glance
@@ -183,6 +183,12 @@ function configure_glance {
         iniset $GLANCE_API_CONF DEFAULT registry_client_protocol https
     fi
 
+    # Format logging
+    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+        setup_colorized_logging $GLANCE_API_CONF DEFAULT "project_id" "user_id"
+        setup_colorized_logging $GLANCE_REGISTRY_CONF DEFAULT "project_id" "user_id"
+    fi
+
     cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
 
     cp -p $GLANCE_DIR/etc/glance-api-paste.ini $GLANCE_API_PASTE_INI

From cdfcd4b88df651a6ac0d95bca8236d0d3ddc5543 Mon Sep 17 00:00:00 2001
From: David Shrewsbury 
Date: Wed, 11 Feb 2015 16:07:40 -0800
Subject: [PATCH 0389/3421] Restore Ironic admin user privilege

Change Id7a9366d2c6a36139240f64371002362dc2d8d3b broke the Ironic gate
by removing admin level privileges. This restores the privilege and adds
a comment to prevent the removal again (hopefully).

Change-Id: Ida1c05d9e429e24d060aef2548fc2a0c225350b8
Closes-Bug: #1421006
---
 lib/ironic | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index bed816e5c5..7ffa6a5caf 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -362,7 +362,8 @@ function create_ironic_accounts {
     if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
         # Get ironic user if exists
 
-        create_service_user "ironic"
+        # NOTE(Shrews): This user MUST have admin level privileges!
+        create_service_user "ironic" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 

From c3c94ca6bc28930de54443713d7b28218c5f8cb3 Mon Sep 17 00:00:00 2001
From: John Griffith 
Date: Wed, 11 Feb 2015 18:55:47 -0700
Subject: [PATCH 0390/3421] Add eval message when setting Cinder lvm.conf

We added an lvm filter for use when using Cinder's
LVM driver that would only scan devices that we have
actually deployed Cinder Volume Groups on.

This patch adds a simple output message to the setup
routine so we can more easily inspect what was found
and what has been set during devstack setup.

Change-Id: Iba5012caffd45dfb5143b6df954eed277445a60e
---
 lib/cinder_backends/lvm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 4b9d8dc950..d83c31a81e 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -77,6 +77,7 @@ function configure_cinder_backend_conf_lvm {
     local line
 
     for pv_info in $(sudo pvs --noheadings -o name,vg_name --separator ';'); do
+        echo_summary "Evaluate PV info for Cinder lvm.conf: $pv_info"
         IFS=';' read pv vg <<< $pv_info
         for line in ${conf_entries}; do
             IFS='=' read label group <<< $line

From 0df75a7288ec0e8e9fa6f861afd7db676a73e6d1 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Thu, 12 Feb 2015 11:59:46 +0000
Subject: [PATCH 0391/3421] XenAPI: Move where os-vpx is set

os-vpx is only true after we know it's not a JEOS we're creating
Move the location we set the os-vpx flag to as we're starting to
prepare the VM for devstack

Change-Id: If736f3a7de171b8090b0bb905e04accb70470a90
---
 tools/xen/install_os_domU.sh        | 1 +
 tools/xen/scripts/install-os-vpx.sh | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 8a0725152f..f28ae97940 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -258,6 +258,7 @@ fi
 #
 # Prepare VM for DevStack
 #
+xe vm-param-set other-config:os-vpx=true uuid="$vm_uuid"
 
 # Install XenServer tools, and other such things
 $THIS_DIR/prepare_guest_template.sh "$GUEST_NAME"
diff --git a/tools/xen/scripts/install-os-vpx.sh b/tools/xen/scripts/install-os-vpx.sh
index b9b65fdce2..1ebbeaf564 100755
--- a/tools/xen/scripts/install-os-vpx.sh
+++ b/tools/xen/scripts/install-os-vpx.sh
@@ -131,5 +131,4 @@ vm_uuid=$(xe_min vm-install template="$TEMPLATE_NAME" new-name-label="$NAME_LABE
 destroy_vifs "$vm_uuid"
 set_auto_start "$vm_uuid"
 create_vif "$vm_uuid"
-xe vm-param-set other-config:os-vpx=true uuid="$vm_uuid"
 xe vm-param-set actions-after-reboot=Destroy uuid="$vm_uuid"

From ae74ed778a2daef5490caa085ee33029e693fc5c Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen 
Date: Thu, 12 Feb 2015 07:33:36 -0800
Subject: [PATCH 0392/3421] Make swift user an admin

This breaks Ironic's use of temp URLs, which the key for the service
account is configured via the Swift user.

Change-Id: I69f6f6eef4ad573f406d64d579a9811c70ac5d28
Closes-Bug: #1421006
---
 lib/swift | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/swift b/lib/swift
index e4d8b5fe19..56baa12445 100644
--- a/lib/swift
+++ b/lib/swift
@@ -603,7 +603,9 @@ function create_swift_accounts {
 
     local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
 
-    create_service_user "swift"
+    # NOTE(jroll): Swift doesn't need the admin role here, however Ironic uses
+    # temp urls, which break when uploaded by a non-admin role
+    create_service_user "swift" "admin"
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 

From 2b564763aafe6466f42bc5cf2ccc47ddf4169986 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 11 Feb 2015 17:01:02 -0600
Subject: [PATCH 0393/3421] Teach pip_install() about virtual envs

Set PIP_VIRTUAL_ENV to install the package(s) into an existing virtual
environment.  This works by simply using the pip command already
in the venv, and not using sudo.

Change-Id: I910e1752e58a666174f83b4f97e547851e66e655
---
 inc/python | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/inc/python b/inc/python
index 0348cb389f..4a107ac8ec 100644
--- a/inc/python
+++ b/inc/python
@@ -31,6 +31,13 @@ function get_pip_command {
 # Get the path to the direcotry where python executables are installed.
 # get_python_exec_prefix
 function get_python_exec_prefix {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    if [[ -z "$os_PACKAGE" ]]; then
+        GetOSVersion
+    fi
+    $xtrace
+
     if is_fedora || is_suse; then
         echo "/usr/bin"
     else
@@ -39,8 +46,8 @@ function get_python_exec_prefix {
 }
 
 # Wrapper for ``pip install`` to set cache and proxy environment variables
-# Uses globals ``INSTALL_TESTONLY_PACKAGES``, ``OFFLINE``, ``TRACK_DEPENDS``,
-# ``*_proxy``
+# Uses globals ``INSTALL_TESTONLY_PACKAGES``, ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
+# ``TRACK_DEPENDS``, ``*_proxy``
 # pip_install package [package ...]
 function pip_install {
     local xtrace=$(set +o | grep xtrace)
@@ -62,8 +69,13 @@ function pip_install {
         local cmd_pip=$DEST/.venv/bin/pip
         local sudo_pip="env"
     else
-        local cmd_pip=$(get_pip_command)
-        local sudo_pip="sudo -H"
+        if [[ -n ${PIP_VIRTUAL_ENV:=} && -d ${PIP_VIRTUAL_ENV} ]]; then
+            local cmd_pip=$PIP_VIRTUAL_ENV/bin/pip
+            local sudo_pip="env"
+        else
+            local cmd_pip=$(get_pip_command)
+            local sudo_pip="sudo -H"
+        fi
     fi
 
     local pip_version=$(python -c "import pip; \
@@ -93,6 +105,7 @@ function pip_install {
                 -r $test_req
         fi
     fi
+    $xtrace
 }
 
 # should we use this library from their git repo, or should we let it

From b9f2e25fa8afb2ea17a89ed76c4fac03689b5f07 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 12 Feb 2015 20:31:58 +0000
Subject: [PATCH 0394/3421] Revert "Remove NoVNC from the default enabled
 services"

Reverting this is probably appropriate because until we can
get Debian/Ubuntu to fix their underlying dependencies.
It's confusing a lot of people that this is no longer
available

This reverts commit 2bfb9af0c952f59287be4ce684b78cfb710a6105.

Change-Id: Id352db9dcd40bfb5eb771dad42cdf04e0ce72313
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index 6881a517d8..15b0951a1a 100644
--- a/stackrc
+++ b/stackrc
@@ -44,7 +44,7 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 # this allows us to pass ENABLED_SERVICES
 if [[ -z "$ENABLED_SERVICES" ]]; then
     # core compute (glance / keystone / nova (+ nova-network))
-    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-xvnc,n-cauth
+    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-novnc,n-xvnc,n-cauth
     # cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
     # heat

From ad61e7f9dd6cd0e19204e0ce5a15c0d7888b752a Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Thu, 12 Feb 2015 15:17:25 -0500
Subject: [PATCH 0395/3421] add ceilometermiddleware lib

middleware in ceilometer has been broken into it's own lib. this
first patch adds the package.

Change-Id: I63795787b909effcc4fcdee7f262207bb59fd8c2
---
 lib/ceilometer               | 9 +++++++++
 stackrc                      | 6 +++++-
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 698e8b07f6..73ab73ca17 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -57,6 +57,7 @@ set +o xtrace
 
 # Set up default directories
 GITDIR["python-ceilometerclient"]=$DEST/python-ceilometerclient
+GITDIR["ceilometermiddleware"]=$DEST/ceilometermiddleware
 
 CEILOMETER_DIR=$DEST/ceilometer
 CEILOMETER_CONF_DIR=/etc/ceilometer
@@ -303,6 +304,14 @@ function install_ceilometerclient {
     fi
 }
 
+# install_ceilometermiddleware() - Collect source and prepare
+function install_ceilometermiddleware {
+    if use_library_from_git "ceilometermiddleware"; then
+        git_clone_by_name "ceilometermiddleware"
+        setup_dev_lib "ceilometermiddleware"
+    fi
+}
+
 # start_ceilometer() - Start running processes, including screen
 function start_ceilometer {
     run_process ceilometer-acentral "ceilometer-agent-central --config-file $CEILOMETER_CONF"
diff --git a/stackrc b/stackrc
index 7bb4cc29d9..a1f05fe66e 100644
--- a/stackrc
+++ b/stackrc
@@ -164,7 +164,7 @@ GIT_BASE=${GIT_BASE:-git://git.openstack.org}
 #
 ##############
 
-# metering service
+# telemetry service
 CEILOMETER_REPO=${CEILOMETER_REPO:-${GIT_BASE}/openstack/ceilometer.git}
 CEILOMETER_BRANCH=${CEILOMETER_BRANCH:-master}
 
@@ -407,6 +407,10 @@ GITBRANCH["keystonemiddleware"]=${KEYSTONEMIDDLEWARE_BRANCH:-master}
 SWIFT3_REPO=${SWIFT3_REPO:-${GIT_BASE}/stackforge/swift3.git}
 SWIFT3_BRANCH=${SWIFT3_BRANCH:-master}
 
+# ceilometer middleware
+GITREPO["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_REPO:-${GIT_BASE}/openstack/ceilometermiddleware.git}
+GITBRANCH["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_BRANCH:-master}
+
 
 ##################
 #
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 6e1b515efd..cce020399c 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -29,7 +29,7 @@ for i in $TOP/lib/*; do
     fi
 done
 
-ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient tooz"
+ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient tooz ceilometermiddleware"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 183a9c0386e2d4c6846e342855e3ecc1df1b0878 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Mon, 26 Jan 2015 13:39:30 +0900
Subject: [PATCH 0396/3421] ofagent: Vendor code split

Install networking-ofagent from StackForge, using DevStack's
external plugins mechanism.

The following line needs to be added to the existing local.conf settings:
    enable_plugin networking-ofagent https://git.openstack.org/stackforge/networking-ofagent

Remove neutron_thirdparty/ryu, as Ryu is installed via
networking-ofagent's requirements.

Change-Id: I12287a47eac4689414f70b517ee37fb98b260e60
Partially-implements: blueprint core-vendor-decomposition
Partial-Bug: #1412653
---
 lib/neutron_plugins/ofagent_agent | 100 +-----------------------------
 lib/neutron_thirdparty/ryu        |  28 ---------
 2 files changed, 2 insertions(+), 126 deletions(-)
 delete mode 100644 lib/neutron_thirdparty/ryu

diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
index d38fbebc74..0bc9bffb55 100644
--- a/lib/neutron_plugins/ofagent_agent
+++ b/lib/neutron_plugins/ofagent_agent
@@ -1,100 +1,4 @@
 #!/bin/bash
-#
-# OpenFlow Agent plugin
-# ----------------------
 
-# Save trace setting
-OFA_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-source $TOP_DIR/lib/neutron_thirdparty/ryu  # for RYU_DIR, install_ryu, etc
-
-function neutron_plugin_create_nova_conf {
-    _neutron_ovs_base_configure_nova_vif_driver
-}
-
-function neutron_plugin_install_agent_packages {
-    _neutron_ovs_base_install_agent_packages
-
-    # This agent uses ryu to talk with switches
-    install_package $(get_packages "ryu")
-    install_ryu
-}
-
-function neutron_plugin_configure_debug_command {
-    _neutron_ovs_base_configure_debug_command
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
-}
-
-function neutron_plugin_configure_l3_agent {
-    _neutron_ovs_base_configure_l3_agent
-    iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
-}
-
-function _neutron_ofagent_configure_firewall_driver {
-    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-    else
-        iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
-    fi
-}
-
-function neutron_plugin_configure_plugin_agent {
-    # Set up integration bridge
-    _neutron_ovs_base_setup_bridge $OVS_BRIDGE
-    _neutron_ofagent_configure_firewall_driver
-
-    # Check a supported openflow version
-    OF_VERSION=`ovs-ofctl --version | grep "OpenFlow versions" | awk '{print $3}' | cut -d':' -f2`
-    if [ `vercmp_numbers "$OF_VERSION" "0x3"` -lt "0" ]; then
-        die $LINENO "This agent requires OpenFlow 1.3+ capable switch."
-    fi
-
-    # Enable tunnel networks if selected
-    if [[ "$OVS_ENABLE_TUNNELING" == "True" ]]; then
-        # Verify tunnels are supported
-        # REVISIT - also check kernel module support for GRE and patch ports
-        OVS_VERSION=`ovs-vsctl --version | head -n 1 | grep -E -o "[0-9]+\.[0-9]+"`
-        if [ `vercmp_numbers "$OVS_VERSION" "1.4"` -lt "0" ]; then
-            die $LINENO "You are running OVS version $OVS_VERSION. OVS 1.4+ is required for tunneling between multiple hosts."
-        fi
-        iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
-    fi
-
-    # Setup physical network bridge mappings.  Override
-    # ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc`` for more
-    # complex physical network configurations.
-    if [[ "$OVS_BRIDGE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$OVS_PHYSICAL_BRIDGE" != "" ]]; then
-        OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE
-
-        # Configure bridge manually with physical interface as port for multi-node
-        sudo ovs-vsctl --no-wait -- --may-exist add-br $OVS_PHYSICAL_BRIDGE
-    fi
-    if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings $OVS_BRIDGE_MAPPINGS
-    fi
-    if [[ "$OFAGENT_PHYSICAL_INTERFACE_MAPPINGS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE agent physical_interface_mappings \
-            $OFAGENT_PHYSICAL_INTERFACE_MAPPINGS
-    fi
-    AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-ofagent-agent"
-
-    iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-    iniset $conf_file DEFAULT ovs_use_veth True
-}
-
-function neutron_plugin_check_adv_test_requirements {
-    is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
-}
-
-# Restore xtrace
-$OFA_XTRACE
+# REVISIT(yamamoto): This file is intentionally left empty
+# in order to keep Q_AGENT=ofagent_agent work.
diff --git a/lib/neutron_thirdparty/ryu b/lib/neutron_thirdparty/ryu
deleted file mode 100644
index 1f78a21fa4..0000000000
--- a/lib/neutron_thirdparty/ryu
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-#
-# Ryu SDN Framework
-# -----------------
-
-# Used by ofagent.
-# TODO(yamamoto): Switch to pip_install once the development was settled
-
-# Save trace setting
-RYU3_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-RYU_DIR=$DEST/ryu
-
-# Make this function idempotent and avoid cloning same repo many times
-# with RECLONE=yes
-_RYU_INSTALLED=${_RYU_INSTALLED:-False}
-function install_ryu {
-    if [[ "$_RYU_INSTALLED" == "False" ]]; then
-        git_clone $RYU_REPO $RYU_DIR $RYU_BRANCH
-        export PYTHONPATH=$RYU_DIR:$PYTHONPATH
-        pip_install $(cat $RYU_DIR/tools/pip-requires)
-        _RYU_INSTALLED=True
-    fi
-}
-
-# Restore xtrace
-$RYU3_XTRACE

From 5ce44cd63b6e2b53f08a6b4b87cb4ab11d1ade26 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 12 Feb 2015 22:18:33 -0600
Subject: [PATCH 0397/3421] Fix is_keystone_enabled()

is_keystone_enabled() was calling is_service_enabled(), which is what called
is_keystone_enabled() in the first place.  Make it work as designed and
also change calls to use the full service name.  Note that this is all
still comptible with the prior usage of 'is_service_enabled key'.

Change-Id: I9c28377ecf074b7996461d2a4ca12d88dfc4d47e
---
 functions-common |  1 -
 lib/keystone     | 12 +++++++++---
 lib/swift        |  4 ++--
 stack.sh         | 12 ++++++------
 unstack.sh       |  2 +-
 5 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/functions-common b/functions-common
index 6beb670c6c..ecaa4d948f 100644
--- a/functions-common
+++ b/functions-common
@@ -1817,7 +1817,6 @@ function is_service_enabled {
         [[ ${service} == "trove" && ${ENABLED_SERVICES} =~ "tr-" ]] && enabled=0
         [[ ${service} == "swift" && ${ENABLED_SERVICES} =~ "s-" ]] && enabled=0
         [[ ${service} == s-* && ${ENABLED_SERVICES} =~ "swift" ]] && enabled=0
-        [[ ${service} == key-* && ${ENABLED_SERVICES} =~ "key" ]] && enabled=0
     done
     $xtrace
     return $enabled
diff --git a/lib/keystone b/lib/keystone
index 2da2d1b4f7..102d188611 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -111,8 +111,17 @@ KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${K
 KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
 KEYSTONE_SERVICE_URI_V3=$KEYSTONE_SERVICE_URI/v3
 
+
 # Functions
 # ---------
+
+# Test if Keystone is enabled
+# is_keystone_enabled
+function is_keystone_enabled {
+    [[ ,${ENABLED_SERVICES}, =~ ,"key", ]] && return 0
+    return 1
+}
+
 # cleanup_keystone() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_keystone {
@@ -576,9 +585,6 @@ function stop_keystone {
     stop_process key
 }
 
-function is_keystone_enabled {
-    return is_service_enabled key
-}
 
 # Restore xtrace
 $XTRACE
diff --git a/lib/swift b/lib/swift
index e4d8b5fe19..2bb6422fd9 100644
--- a/lib/swift
+++ b/lib/swift
@@ -393,7 +393,7 @@ function configure_swift {
         swift_pipeline+=" swift3 s3token "
     fi
 
-    if is_service_enabled key;then
+    if is_service_enabled keystone; then
         swift_pipeline+=" authtoken keystoneauth"
     fi
     swift_pipeline+=" tempauth "
@@ -498,7 +498,7 @@ EOF
     iniset ${testfile} func_test password4 testing4
     iniset ${testfile} func_test domain4 swift_test
 
-    if is_service_enabled key;then
+    if is_service_enabled keystone; then
         iniuncomment ${testfile} func_test auth_version
         local auth_vers=$(iniget ${testfile} func_test auth_version)
         iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
diff --git a/stack.sh b/stack.sh
index 3f97919e0e..da2027662d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -601,7 +601,7 @@ fi
 
 # Keystone
 
-if is_service_enabled key; then
+if is_service_enabled keystone; then
     # The ``SERVICE_TOKEN`` is used to bootstrap the Keystone database.  It is
     # just a string and is not a 'real' Keystone token.
     read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
@@ -725,7 +725,7 @@ else
 fi
 
 
-if is_service_enabled key; then
+if is_service_enabled keystone; then
     if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
         install_keystone
         configure_keystone
@@ -918,7 +918,7 @@ start_dstat
 # Keystone
 # --------
 
-if is_service_enabled key; then
+if is_service_enabled keystone; then
     echo_summary "Starting Keystone"
 
     if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
@@ -1143,7 +1143,7 @@ if is_service_enabled g-reg; then
 fi
 
 # Create an access key and secret key for nova ec2 register image
-if is_service_enabled key && is_service_enabled swift3 && is_service_enabled nova; then
+if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then
     eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret)
     iniset $NOVA_CONF DEFAULT s3_access_key "$access"
     iniset $NOVA_CONF DEFAULT s3_secret_key "$secret"
@@ -1226,7 +1226,7 @@ fi
 # This step also creates certificates for tenants and users,
 # which is helpful in image bundle steps.
 
-if is_service_enabled nova && is_service_enabled key; then
+if is_service_enabled nova && is_service_enabled keystone; then
     USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
 
     if [ -f $SSL_BUNDLE_FILE ]; then
@@ -1314,7 +1314,7 @@ if is_service_enabled horizon; then
 fi
 
 # If Keystone is present you can point ``nova`` cli to this server
-if is_service_enabled key; then
+if is_service_enabled keystone; then
     echo "Keystone is serving at $KEYSTONE_SERVICE_URI/v2.0/"
     echo "Examples on using novaclient command line is in exercise.sh"
     echo "The default users are: admin and demo"
diff --git a/unstack.sh b/unstack.sh
index 4364e58a32..f31b84c9ae 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -112,7 +112,7 @@ if is_service_enabled glance; then
     stop_glance
 fi
 
-if is_service_enabled key; then
+if is_service_enabled keystone; then
     stop_keystone
 fi
 

From 4c20607e0a867fcd877466e1eccab305ff62a03a Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Mon, 16 Feb 2015 21:56:29 +0000
Subject: [PATCH 0398/3421] Don't prepend $DATA_DIR to volume path that already
 has it

Otherwise the test is testing the wrong file.

Change-Id: Ia7dcda8d4f3a1fe87e74f4605a7010b66c38fa14
---
 lib/lvm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/lvm b/lib/lvm
index ed24487c5f..c183f09d04 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -86,7 +86,7 @@ function _create_lvm_volume_group {
     local backing_file=$DATA_DIR/$vg$BACKING_FILE_SUFFIX
     if ! sudo vgs $vg; then
         # Only create if the file doesn't already exists
-        [[ -f $DATA_DIR/$backing_file ]] || truncate -s $size $backing_file
+        [[ -f $backing_file ]] || truncate -s $size $backing_file
         local vg_dev=`sudo losetup -f --show $backing_file`
 
         # Only create volume group if it doesn't already exist

From 230e03af2db04c7f2879e70bc96f850b73294dbe Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Mon, 16 Feb 2015 22:07:00 +0000
Subject: [PATCH 0399/3421] Add admin role back to ceilometer service user

admin is required for the discovery process in the polling agents.

Change-Id: I255184c544c6cc43c832d7c5d19d09b9f43adb10
Closes-Bug: 1422488
---
 lib/ceilometer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 698e8b07f6..c449ad243d 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -108,7 +108,7 @@ function create_ceilometer_accounts {
     # Ceilometer
     if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
 
-        create_service_user "ceilometer"
+        create_service_user "ceilometer" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
             local ceilometer_service=$(get_or_create_service "ceilometer" \

From 236fd078c085446f7239feba61a1f52c81be5c57 Mon Sep 17 00:00:00 2001
From: Brian Hunter 
Date: Thu, 12 Feb 2015 16:14:02 -0500
Subject: [PATCH 0400/3421] define variables for Trove to be used in local.conf

This defines a number of variables for Trove configuration files
and options
In addition to general cleanup within devstack, this also enables
consumers to enable features such as Openstack profiling, without
the need to repeat the hardcoding of these parameters in their
local.conf

Change-Id: Ieaa999ea3ca5c4f7d320416a8d2375c9a1d03d39
closes-bug: #1421403
---
 lib/trove | 83 ++++++++++++++++++++++++++++++-------------------------
 1 file changed, 45 insertions(+), 38 deletions(-)

diff --git a/lib/trove b/lib/trove
index e1b307a52f..d4377186ed 100644
--- a/lib/trove
+++ b/lib/trove
@@ -34,7 +34,13 @@ GITDIR["python-troveclient"]=$DEST/python-troveclient
 
 TROVE_DIR=$DEST/trove
 TROVE_CONF_DIR=/etc/trove
+TROVE_CONF=$TROVE_CONF_DIR/trove.conf
+TROVE_TASKMANAGER_CONF=$TROVE_CONF_DIR/trove-taskmanager.conf
+TROVE_CONDUCTOR_CONF=$TROVE_CONF_DIR/trove-conductor.conf
+TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
+
 TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
+TROVE_LOCAL_API_PASTE_INI=$TROVE_LOCAL_CONF_DIR/api-paste.ini
 TROVE_AUTH_CACHE_DIR=${TROVE_AUTH_CACHE_DIR:-/var/cache/trove}
 TROVE_DATASTORE_TYPE=${TROVE_DATASTORE_TYPE:-"mysql"}
 TROVE_DATASTORE_VERSION=${TROVE_DATASTORE_VERSION:-"5.5"}
@@ -46,6 +52,7 @@ if [[ -d $TROVE_DIR/bin ]]; then
 else
     TROVE_BIN_DIR=$(get_python_exec_prefix)
 fi
+TROVE_MANAGE=$TROVE_BIN_DIR/trove-manage
 
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,trove
@@ -119,48 +126,48 @@ function configure_trove {
     sudo chown -R $STACK_USER: ${TROVE_AUTH_CACHE_DIR}
 
     # Copy api-paste file over to the trove conf dir
-    cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
+    cp $TROVE_LOCAL_API_PASTE_INI $TROVE_API_PASTE_INI
 
     # (Re)create trove conf files
-    rm -f $TROVE_CONF_DIR/trove.conf
-    rm -f $TROVE_CONF_DIR/trove-taskmanager.conf
-    rm -f $TROVE_CONF_DIR/trove-conductor.conf
+    rm -f $TROVE_CONF
+    rm -f $TROVE_TASKMANAGER_CONF
+    rm -f $TROVE_CONDUCTOR_CONF
 
-    iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
-    iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_password $RABBIT_PASSWORD
-    iniset $TROVE_CONF_DIR/trove.conf DEFAULT sql_connection `database_connection_url trove`
-    iniset $TROVE_CONF_DIR/trove.conf DEFAULT default_datastore $TROVE_DATASTORE_TYPE
-    setup_trove_logging $TROVE_CONF_DIR/trove.conf
-    iniset $TROVE_CONF_DIR/trove.conf DEFAULT trove_api_workers "$API_WORKERS"
+    iniset $TROVE_CONF DEFAULT rabbit_userid $RABBIT_USERID
+    iniset $TROVE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
+    iniset $TROVE_CONF DEFAULT sql_connection `database_connection_url trove`
+    iniset $TROVE_CONF DEFAULT default_datastore $TROVE_DATASTORE_TYPE
+    setup_trove_logging $TROVE_CONF
+    iniset $TROVE_CONF DEFAULT trove_api_workers "$API_WORKERS"
 
-    configure_auth_token_middleware $TROVE_CONF_DIR/trove.conf trove $TROVE_AUTH_CACHE_DIR
+    configure_auth_token_middleware $TROVE_CONF trove $TROVE_AUTH_CACHE_DIR
 
     # (Re)create trove taskmanager conf file if needed
     if is_service_enabled tr-tmgr; then
         TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
 
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_userid $RABBIT_USERID
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT nova_proxy_admin_user radmin
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT nova_proxy_admin_tenant_name trove
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
-        iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
-        setup_trove_logging $TROVE_CONF_DIR/trove-taskmanager.conf
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT rabbit_userid $RABBIT_USERID
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT sql_connection `database_connection_url trove`
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_user radmin
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_tenant_name trove
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
+        iniset $TROVE_TASKMANAGER_CONF DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
+        setup_trove_logging $TROVE_TASKMANAGER_CONF
     fi
 
     # (Re)create trove conductor conf file if needed
     if is_service_enabled tr-cond; then
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_userid $RABBIT_USERID
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_tenant_name trove
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
-        iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT control_exchange trove
-        setup_trove_logging $TROVE_CONF_DIR/trove-conductor.conf
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT rabbit_userid $RABBIT_USERID
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT sql_connection `database_connection_url trove`
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_user radmin
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_tenant_name trove
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
+        iniset $TROVE_CONDUCTOR_CONF DEFAULT control_exchange trove
+        setup_trove_logging $TROVE_CONDUCTOR_CONF
     fi
 
     # Set up Guest Agent conf
@@ -197,7 +204,7 @@ function init_trove {
     recreate_database trove
 
     # Initialize the trove database
-    $TROVE_BIN_DIR/trove-manage db_sync
+    $TROVE_MANAGE db_sync
 
     # If no guest image is specified, skip remaining setup
     [ -z "$TROVE_GUEST_IMAGE_URL" ] && return 0
@@ -214,19 +221,19 @@ function init_trove {
     fi
 
     # Now that we have the guest image id, initialize appropriate datastores / datastore versions
-    $TROVE_BIN_DIR/trove-manage datastore_update "$TROVE_DATASTORE_TYPE" ""
-    $TROVE_BIN_DIR/trove-manage datastore_version_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION" "$TROVE_DATASTORE_TYPE" \
+    $TROVE_MANAGE datastore_update "$TROVE_DATASTORE_TYPE" ""
+    $TROVE_MANAGE datastore_version_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION" "$TROVE_DATASTORE_TYPE" \
         "$TROVE_GUEST_IMAGE_ID" "$TROVE_DATASTORE_PACKAGE" 1
-    $TROVE_BIN_DIR/trove-manage datastore_version_update "$TROVE_DATASTORE_TYPE" "inactive_version" "inactive_manager" "$TROVE_GUEST_IMAGE_ID" "" 0
-    $TROVE_BIN_DIR/trove-manage datastore_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION"
-    $TROVE_BIN_DIR/trove-manage datastore_update "Inactive_Datastore" ""
+    $TROVE_MANAGE datastore_version_update "$TROVE_DATASTORE_TYPE" "inactive_version" "inactive_manager" "$TROVE_GUEST_IMAGE_ID" "" 0
+    $TROVE_MANAGE datastore_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION"
+    $TROVE_MANAGE datastore_update "Inactive_Datastore" ""
 }
 
 # start_trove() - Start running processes, including screen
 function start_trove {
-    run_process tr-api "$TROVE_BIN_DIR/trove-api --config-file=$TROVE_CONF_DIR/trove.conf --debug"
-    run_process tr-tmgr "$TROVE_BIN_DIR/trove-taskmanager --config-file=$TROVE_CONF_DIR/trove-taskmanager.conf --debug"
-    run_process tr-cond "$TROVE_BIN_DIR/trove-conductor --config-file=$TROVE_CONF_DIR/trove-conductor.conf --debug"
+    run_process tr-api "$TROVE_BIN_DIR/trove-api --config-file=$TROVE_CONF --debug"
+    run_process tr-tmgr "$TROVE_BIN_DIR/trove-taskmanager --config-file=$TROVE_TASKMANAGER_CONF --debug"
+    run_process tr-cond "$TROVE_BIN_DIR/trove-conductor --config-file=$TROVE_CONDUCTOR_CONF --debug"
 }
 
 # stop_trove() - Stop running processes

From 4abc4d1b6174eb0cd105fec6a6fe51576fbc0045 Mon Sep 17 00:00:00 2001
From: Naohiro Tamura 
Date: Tue, 17 Feb 2015 22:20:19 +0900
Subject: [PATCH 0401/3421] Fix an error message in the neutron script

The $PHYSICAL_NETWORK in the error message should be
$PRIVATE_NETWORK_NAME, because the command just before this error
message refers to $PRIVATE_NETWORK_NAME.

Change-Id: I9a648f8bd0e61abde8e93bc08282c14b35ec06bd
---
 lib/neutron | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index 15a5f00fa0..8d27febf63 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -552,7 +552,7 @@ function create_neutron_initial_network {
         sudo ip link set $PUBLIC_INTERFACE up
     else
         NET_ID=$(neutron net-create --tenant-id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
-        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
+        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $TENANT_ID"
 
         if [[ "$IP_VERSION" =~ 4.* ]]; then
             # Create IPv4 private subnet

From e356d8cff6b972ad9e7fda2ec0c51f89d5a1fd33 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Tue, 17 Feb 2015 15:05:34 +0000
Subject: [PATCH 0402/3421] XenAPI: Recommend using xl console rather than
 vncviewer

Some vncviewers do not support the -via option, so default to suggesting
xl console.  XenCenter continues to be an option for those running
Windows.

Change-Id: I1e53fd33d309e30a60031965e589167dcbacfbbe
---
 tools/xen/install_os_domU.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index f28ae97940..082c27e8f3 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -149,12 +149,10 @@ SNAME_FIRST_BOOT="before_first_boot"
 
 function wait_for_VM_to_halt {
     set +x
-    echo "Waiting for the VM to halt.  Progress in-VM can be checked with vncviewer:"
+    echo "Waiting for the VM to halt.  Progress in-VM can be checked with XenCenter or xl console:"
     mgmt_ip=$(echo $XENAPI_CONNECTION_URL | tr -d -c '1234567890.')
     domid=$(get_domid "$GUEST_NAME")
-    sleep 20 # Wait for the vnc-port to be written
-    port=$(xenstore-read /local/domain/$domid/console/vnc-port)
-    echo "vncviewer -via root@$mgmt_ip localhost:${port:2}"
+    echo "ssh root@$mgmt_ip \"xl console $domid\""
     while true; do
         state=$(xe_min vm-list name-label="$GUEST_NAME" power-state=halted)
         if [ -n "$state" ]; then

From 39282bf769e26d012b179f32286737f1151219fa Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 17 Feb 2015 09:00:57 -0500
Subject: [PATCH 0403/3421] purge all pure python libraries

python libraries should be installed from upstream, not from the
distro, as much as possible. The following is a first attempt at
purging all the python libraries and making it so that they instead
should fall back to the pypi versions.

Libraries which are known to include native code are left behind.

Change-Id: I47b7e787771683c2fc4404e586f11c1a19aac15c
---
 files/debs/general  |  6 ------
 files/debs/glance   |  7 -------
 files/debs/horizon  | 16 ----------------
 files/debs/keystone |  8 --------
 files/debs/n-api    |  2 --
 files/debs/neutron  |  9 ---------
 files/debs/nova     | 15 ---------------
 files/debs/swift    | 11 ++---------
 8 files changed, 2 insertions(+), 72 deletions(-)

diff --git a/files/debs/general b/files/debs/general
index 4050191379..5047c12249 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -1,5 +1,4 @@
 bridge-utils
-pylint
 screen
 unzip
 wget
@@ -10,17 +9,12 @@ graphviz # testonly - docs
 lsof # useful when debugging
 openssh-server
 openssl
-python-virtualenv
-python-unittest2
 iputils-ping
 wget
 curl
 tcpdump
-euca2ools # only for testing client
 tar
-python-cmd2 # dist:precise
 python-dev
-python-mock # testonly
 python2.7
 bc
 libyaml-dev
diff --git a/files/debs/glance b/files/debs/glance
index 8db8145935..9fda6a63d9 100644
--- a/files/debs/glance
+++ b/files/debs/glance
@@ -3,11 +3,4 @@ libpq-dev           # testonly
 libssl-dev          # testonly
 libxml2-dev
 libxslt1-dev        # testonly
-python-eventlet
-python-routes
-python-greenlet
-python-sqlalchemy
-python-pastedeploy
-python-xattr
-python-iso8601
 zlib1g-dev           # testonly
diff --git a/files/debs/horizon b/files/debs/horizon
index f9b7d597dc..1f45b54f7c 100644
--- a/files/debs/horizon
+++ b/files/debs/horizon
@@ -1,19 +1,3 @@
 apache2  # NOPRIME
 libapache2-mod-wsgi  # NOPRIME
-python-beautifulsoup
-python-dateutil
-python-paste
-python-pastedeploy
-python-anyjson
-python-routes
-python-xattr
-python-sqlalchemy
-python-webob
-pylint
-python-eventlet
-python-nose
-python-mox
-python-coverage
-python-cherrypy3 # why?
-python-migrate
 libpcre3-dev  # pyScss
diff --git a/files/debs/keystone b/files/debs/keystone
index d316a4291b..70a56499e9 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -1,15 +1,7 @@
 python-lxml
-python-pastescript
-python-pastedeploy
-python-paste
 sqlite3
-python-pysqlite2
-python-sqlalchemy
 python-mysqldb
 python-mysql.connector
-python-webob
-python-greenlet
-python-routes
 libldap2-dev
 libsasl2-dev
 libkrb5-dev
diff --git a/files/debs/n-api b/files/debs/n-api
index b4372d9361..0928cd56b9 100644
--- a/files/debs/n-api
+++ b/files/debs/n-api
@@ -1,3 +1 @@
-python-dateutil
-msgpack-python
 fping
diff --git a/files/debs/neutron b/files/debs/neutron
index 3f4b6d2999..aa3d7095ca 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -7,17 +7,8 @@ libmysqlclient-dev  # testonly
 mysql-server #NOPRIME
 sudo
 postgresql-server-dev-all       # testonly
-python-iso8601
-python-paste
-python-routes
-python-suds
-python-pastedeploy
-python-greenlet
-python-eventlet
-python-sqlalchemy
 python-mysqldb
 python-mysql.connector
-python-pyudev
 python-qpid # NOPRIME
 dnsmasq-base
 dnsmasq-utils # for dhcp_release only available in dist:precise
diff --git a/files/debs/nova b/files/debs/nova
index 66f29c4baf..0c31385ddd 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -8,7 +8,6 @@ libmysqlclient-dev  # testonly
 mysql-server # NOPRIME
 python-mysqldb
 python-mysql.connector
-python-xattr # needed for glance which is needed for nova --- this shouldn't be here
 python-lxml # needed for glance which is needed for nova --- this shouldn't be here
 gawk
 iptables
@@ -27,22 +26,8 @@ genisoimage # required for config_drive
 rabbitmq-server # NOPRIME
 qpidd # NOPRIME
 socat # used by ajaxterm
-python-mox
-python-paste
-python-migrate
-python-greenlet
 python-libvirt # NOPRIME
 python-libxml2
-python-routes
 python-numpy # used by websockify for spice console
-python-pastedeploy
-python-eventlet
-python-cheetah
-python-tempita
-python-sqlalchemy
-python-suds
-python-lockfile
 python-m2crypto
-python-feedparser
-python-iso8601
 python-qpid # NOPRIME
diff --git a/files/debs/swift b/files/debs/swift
index fd51699238..b32b43985a 100644
--- a/files/debs/swift
+++ b/files/debs/swift
@@ -1,14 +1,7 @@
 curl
 memcached
-python-configobj
-python-coverage
-python-eventlet
-python-greenlet
-python-netifaces
+# NOTE python-nose only exists because of swift functional job, we should probably
+# figure out a more consistent way of installing this from test-requirements.txt instead
 python-nose
-python-pastedeploy
-python-simplejson
-python-webob
-python-xattr
 sqlite3
 xfsprogs

From d5ac7852473a8a34ae097c33ed173d640db80379 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Fri, 6 Feb 2015 19:29:23 -0800
Subject: [PATCH 0404/3421] Add new function get_from_global_requirements

Instead of specifying the version of a library in devstack, use the version from
global-requirements

Add new function get_from_global_requirements and use it
where it makes sense.

Change-Id: I6b2f062761ac05ef72fc6cc9993bc204faf06fa5
---
 inc/python  | 11 +++++++++++
 lib/horizon |  3 +--
 lib/tempest |  3 ++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/inc/python b/inc/python
index 0348cb389f..8da9a13aa5 100644
--- a/inc/python
+++ b/inc/python
@@ -95,6 +95,17 @@ function pip_install {
     fi
 }
 
+# get version of a package from global requirements file
+# get_from_global_requirements 
+function get_from_global_requirements {
+    local package=$1
+    local required_pkg=$(grep -h ${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
+    if [[ $required_pkg == ""  ]]; then
+        die $LINENO "Can't find package $package in requirements"
+    fi
+    echo $required_pkg
+}
+
 # should we use this library from their git repo, or should we let it
 # get pulled in via pip dependencies.
 function use_library_from_git {
diff --git a/lib/horizon b/lib/horizon
index 122d516673..a8e83f9d8f 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -182,8 +182,7 @@ function stop_horizon {
 # NOTE: It can be moved to common functions, but it is only used by compilation
 # of django_openstack_auth catalogs at the moment.
 function _prepare_message_catalog_compilation {
-    local babel_package=$(grep ^Babel $REQUIREMENTS_DIR/global-requirements.txt)
-    pip_install "$babel_package"
+    pip_install $(get_from_global_requirements Babel)
 }
 
 
diff --git a/lib/tempest b/lib/tempest
index 5ca217e893..bb08a05307 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -96,7 +96,8 @@ function remove_disabled_extensions {
 # configure_tempest() - Set config files, create data dirs, etc
 function configure_tempest {
     # install testr since its used to process tempest logs
-    pip_install `grep -h testrepository $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1`
+    pip_install $(get_from_global_requirements testrepository)
+
     local image_lines
     local images
     local num_images

From 606f3478b1ac0021d4e66bf56aaa3b3ea5aba865 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Wed, 18 Feb 2015 13:55:48 +0900
Subject: [PATCH 0405/3421] Remove no longer used definitions for Ryu

Change-Id: Ie6dcf1569aacfa8d20e905d694847594b136fed1
---
 files/debs/ryu      | 1 -
 files/rpms-suse/ryu | 1 -
 files/rpms/ryu      | 1 -
 stackrc             | 4 ----
 4 files changed, 7 deletions(-)
 delete mode 100644 files/debs/ryu
 delete mode 100644 files/rpms-suse/ryu
 delete mode 100644 files/rpms/ryu

diff --git a/files/debs/ryu b/files/debs/ryu
deleted file mode 100644
index 354c1b75d3..0000000000
--- a/files/debs/ryu
+++ /dev/null
@@ -1 +0,0 @@
-python-eventlet
diff --git a/files/rpms-suse/ryu b/files/rpms-suse/ryu
deleted file mode 100644
index 354c1b75d3..0000000000
--- a/files/rpms-suse/ryu
+++ /dev/null
@@ -1 +0,0 @@
-python-eventlet
diff --git a/files/rpms/ryu b/files/rpms/ryu
deleted file mode 100644
index 354c1b75d3..0000000000
--- a/files/rpms/ryu
+++ /dev/null
@@ -1 +0,0 @@
-python-eventlet
diff --git a/stackrc b/stackrc
index 7bbde9941a..19bc19a170 100644
--- a/stackrc
+++ b/stackrc
@@ -450,10 +450,6 @@ IRONIC_PYTHON_AGENT_BRANCH=${IRONIC_PYTHON_AGENT_BRANCH:-master}
 NOVNC_REPO=${NOVNC_REPO:-https://github.com/kanaka/noVNC.git}
 NOVNC_BRANCH=${NOVNC_BRANCH:-master}
 
-# ryu service
-RYU_REPO=${RYU_REPO:-https://github.com/osrg/ryu.git}
-RYU_BRANCH=${RYU_BRANCH:-master}
-
 # a websockets/html5 or flash powered SPICE console for vm instances
 SPICE_REPO=${SPICE_REPO:-http://anongit.freedesktop.org/git/spice/spice-html5.git}
 SPICE_BRANCH=${SPICE_BRANCH:-master}

From d5323979ad247ae247f9b201934cba86f59aeba6 Mon Sep 17 00:00:00 2001
From: Yuki Nishiwaki 
Date: Tue, 17 Feb 2015 19:00:23 +0900
Subject: [PATCH 0406/3421] Change config of keystone_authtoken in lib/ironic

This commit is temporary work-around until Ironic is fixed(bug#1422632)

The reason of creating temporary work-around is following
Ironic re-uses specific values from the keystone_authtoken middleware.
So we should specify admin_user, admin_password and so on instead of username, password.

Change-Id: If8869e16a167eea0af87afda0eabcbb803627db6
Closes-Bug: #1418341 at devstack
---
 lib/ironic | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 7ffa6a5caf..7313d2508e 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -278,7 +278,18 @@ function configure_ironic {
 function configure_ironic_api {
     iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
     iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
-    configure_auth_token_middleware $IRONIC_CONF_FILE ironic $IRONIC_AUTH_CACHE_DIR/api
+
+    # TODO(Yuki Nishiwaki): This is a temporary work-around until Ironic is fixed(bug#1422632).
+    # These codes need to be changed to use the function of configure_auth_token_middleware
+    # after Ironic conforms to the new auth plugin.
+    iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+    iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
+    iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
+    iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
+    iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $IRONIC_CONF_FILE keystone_authtoken cafile $SSL_BUNDLE_FILE
+    iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api
+
     iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT
     iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT
 

From 6b9debaa2476a393d90dae1c33111d4c29d37464 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 18 Feb 2015 11:24:31 -0800
Subject: [PATCH 0407/3421] Stop referring to grizzly

I am pretty sure that won't even work.

Also fix tiny typo in the faq

Change-Id: Ie2e5640b8d4214a271d5af3b652b1a18db010b61
---
 README.md          |  4 ++--
 doc/source/faq.rst | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 40060a7cf5..206ffe098b 100644
--- a/README.md
+++ b/README.md
@@ -25,9 +25,9 @@ in a clean and disposable vm when you are first getting started.
 The DevStack master branch generally points to trunk versions of OpenStack
 components.  For older, stable versions, look for branches named
 stable/[release] in the DevStack repo.  For example, you can do the
-following to create a grizzly OpenStack cloud:
+following to create a juno OpenStack cloud:
 
-    git checkout stable/grizzly
+    git checkout stable/juno
     ./stack.sh
 
 You can also pick specific OpenStack project releases by setting the appropriate
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index a449f496ee..d3b491fdac 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -80,7 +80,7 @@ Q: Why can't I use another shell?
 Q: But, but, can't I test on OS/X?
    A: Yes, even you, core developer who complained about this, needs to
    install bash 4 via homebrew to keep running tests on OS/X.  Get a Real
-   Operating System.   (For most of you who don't know, I am refering to
+   Operating System.   (For most of you who don't know, I am referring to
    myself.)
 
 Operation and Configuration
@@ -118,13 +118,13 @@ Q: How do I run a specific OpenStack milestone?
     ::
 
         [[local|localrc]]
-        GLANCE_BRANCH=stable/grizzly
-        HORIZON_BRANCH=stable/grizzly
-        KEYSTONE_BRANCH=stable/grizzly
-        NOVA_BRANCH=stable/grizzly
-        GLANCE_BRANCH=stable/grizzly
-        NEUTRON_BRANCH=stable/grizzly
-        SWIFT_BRANCH=1.10.0
+        GLANCE_BRANCH=stable/juno
+        HORIZON_BRANCH=stable/juno
+        KEYSTONE_BRANCH=stable/juno
+        NOVA_BRANCH=stable/juno
+        GLANCE_BRANCH=stable/juno
+        NEUTRON_BRANCH=stable/juno
+        SWIFT_BRANCH=2.2.1
 
 Q: Why not use [STRIKEOUT:``tools/pip-requires``]\ ``requirements.txt`` to grab project dependencies?
     [STRIKEOUT:The majority of deployments will use packages to install

From b1d8e8e274f0c220ae19ee3ea1a3b9a533459297 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Mon, 16 Feb 2015 13:58:35 -0600
Subject: [PATCH 0408/3421] Build wheel cache for venvs

Building a bunch of virtual envs later is going to be tedious if we do not
pre-cache certain annoying-to-build packages.

* tools/build_wheels.sh: pre-build some wheels for annoying package installs
* list distro package dependencies in files/*/venv
* list packages to pre-build as wheels in files/venv-requirements.txt
* install database Python modules when setting up the database

Change-Id: Idff1ea69a5ca12ba56098e664dbf6924fe6a2e47
---
 clean.sh                    |  4 ++
 files/debs/devlibs          |  7 ++++
 files/debs/postgresql       |  1 -
 files/rpms-suse/devlibs     |  6 +++
 files/rpms-suse/postgresql  |  1 -
 files/rpms/devlibs          |  8 ++++
 files/rpms/postgresql       |  1 -
 files/venv-requirements.txt | 10 +++++
 lib/databases/mysql         |  3 ++
 lib/databases/postgresql    |  3 ++
 stack.sh                    | 15 ++++++++
 stackrc                     |  5 +++
 tools/build_wheels.sh       | 77 +++++++++++++++++++++++++++++++++++++
 13 files changed, 138 insertions(+), 3 deletions(-)
 create mode 100644 files/debs/devlibs
 delete mode 100644 files/debs/postgresql
 create mode 100644 files/rpms-suse/devlibs
 delete mode 100644 files/rpms-suse/postgresql
 create mode 100644 files/rpms/devlibs
 delete mode 100644 files/rpms/postgresql
 create mode 100644 files/venv-requirements.txt
 create mode 100755 tools/build_wheels.sh

diff --git a/clean.sh b/clean.sh
index 50d414c1d9..fea1230c7b 100755
--- a/clean.sh
+++ b/clean.sh
@@ -119,6 +119,10 @@ if [[ -n "$SCREEN_LOGDIR" ]] && [[ -d "$SCREEN_LOGDIR" ]]; then
     sudo rm -rf $SCREEN_LOGDIR
 fi
 
+# Clean up venvs
+DIRS_TO_CLEAN="$WHEELHOUSE"
+rm -rf $DIRS_TO_CLEAN
+
 # Clean up files
 
 FILES_TO_CLEAN=".localrc.auto docs/files docs/html shocco/ stack-screenrc test*.conf* test.ini*"
diff --git a/files/debs/devlibs b/files/debs/devlibs
new file mode 100644
index 0000000000..0446ceb6b6
--- /dev/null
+++ b/files/debs/devlibs
@@ -0,0 +1,7 @@
+libffi-dev  # pyOpenSSL
+libmysqlclient-dev  # MySQL-python
+libpq-dev  # psycopg2
+libssl-dev  # pyOpenSSL
+libxml2-dev  # lxml
+libxslt1-dev  # lxml
+python-dev  # pyOpenSSL
diff --git a/files/debs/postgresql b/files/debs/postgresql
deleted file mode 100644
index bf19d397cb..0000000000
--- a/files/debs/postgresql
+++ /dev/null
@@ -1 +0,0 @@
-python-psycopg2
diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
new file mode 100644
index 0000000000..11722adf3c
--- /dev/null
+++ b/files/rpms-suse/devlibs
@@ -0,0 +1,6 @@
+libffi-devel  # pyOpenSSL
+libopenssl-devel  # pyOpenSSL
+libxml2-devel  # lxml
+libxslt1-dev  # lxml
+postgresql-devel  # psycopg2
+python-devel  # pyOpenSSL
diff --git a/files/rpms-suse/postgresql b/files/rpms-suse/postgresql
deleted file mode 100644
index bf19d397cb..0000000000
--- a/files/rpms-suse/postgresql
+++ /dev/null
@@ -1 +0,0 @@
-python-psycopg2
diff --git a/files/rpms/devlibs b/files/rpms/devlibs
new file mode 100644
index 0000000000..6010c9fd37
--- /dev/null
+++ b/files/rpms/devlibs
@@ -0,0 +1,8 @@
+libffi-devel  # pyOpenSSL
+libxml2-devel  # lxml
+libxslt1-devel  # lxml
+mariadb-devel  # MySQL-python  f20,f21,rhel7
+mysql-devel  # MySQL-python  rhel6
+openssl-devel  # pyOpenSSL
+postgresql-devel  # psycopg2
+python-devel  # pyOpenSSL
diff --git a/files/rpms/postgresql b/files/rpms/postgresql
deleted file mode 100644
index bf19d397cb..0000000000
--- a/files/rpms/postgresql
+++ /dev/null
@@ -1 +0,0 @@
-python-psycopg2
diff --git a/files/venv-requirements.txt b/files/venv-requirements.txt
new file mode 100644
index 0000000000..3c50061e96
--- /dev/null
+++ b/files/venv-requirements.txt
@@ -0,0 +1,10 @@
+lxml
+MySQL-python
+netifaces
+numpy
+posix-ipc
+psycopg2
+pycrypto
+pyOpenSSL
+PyYAML
+xattr
diff --git a/lib/databases/mysql b/lib/databases/mysql
index c8ceec2455..70073c4c6f 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -151,6 +151,9 @@ EOF
     else
         exit_distro_not_supported "mysql installation"
     fi
+
+    # Install Python client module
+    pip_install MySQL-python
 }
 
 function database_connection_url_mysql {
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index 317e0ebf53..dfda9adbaf 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -100,6 +100,9 @@ EOF
     else
         exit_distro_not_supported "postgresql installation"
     fi
+
+    # Install Python client module
+    pip_install MySQL-python psycopg2
 }
 
 function database_connection_url_postgresql {
diff --git a/stack.sh b/stack.sh
index 753135bc81..49288a7438 100755
--- a/stack.sh
+++ b/stack.sh
@@ -671,6 +671,21 @@ fi
 source $TOP_DIR/tools/fixup_stuff.sh
 
 
+# Virtual Environment
+# -------------------
+
+# Temporary hack for testing
+# This belongs in d-g functions.sh setup_host() or devstack-vm-gate.sh
+if [[ -d /var/cache/pip ]]; then
+    sudo chown -R $STACK_USER:$STACK_USER /var/cache/pip
+fi
+
+# Pre-build some problematic wheels
+if [[ ! -d ${WHEELHOUSE:-} ]]; then
+    source tools/build_wheels.sh
+fi
+
+
 # Extras Pre-install
 # ------------------
 
diff --git a/stackrc b/stackrc
index 386c5d53e3..ee601a9b45 100644
--- a/stackrc
+++ b/stackrc
@@ -112,6 +112,11 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then
     source $RC_DIR/.localrc.auto
 fi
 
+# Configure wheel cache location
+export WHEELHOUSE=${WHEELHOUSE:-$DEST/.wheelhouse}
+export PIP_WHEEL_DIR=${PIP_WHEEL_DIR:-$WHEELHOUSE}
+export PIP_FIND_LINKS=${PIP_FIND_LINKS:-file://$WHEELHOUSE}
+
 # This can be used to turn database query logging on and off
 # (currently only implemented for MySQL backend)
 DATABASE_QUERY_LOGGING=$(trueorfalse True DATABASE_QUERY_LOGGING)
diff --git a/tools/build_wheels.sh b/tools/build_wheels.sh
new file mode 100755
index 0000000000..c87b6dafe6
--- /dev/null
+++ b/tools/build_wheels.sh
@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+#
+# **tools/build_wheels.sh** - Build a cache of Python wheels
+#
+# build_wheels.sh [package [...]]
+#
+# System package prerequisites listed in files/*/devlibs will be installed
+#
+# Builds wheels for all virtual env requirements listed in
+# ``venv-requirements.txt`` plus any supplied on the command line.
+#
+# Assumes ``tools/install_pip.sh`` has been run and a suitable pip/setuptools is available.
+
+# If TOP_DIR is set we're being sourced rather than running stand-alone
+# or in a sub-shell
+if [[ -z "$TOP_DIR" ]]; then
+
+    set -o errexit
+    set -o nounset
+
+    # Keep track of the devstack directory
+    TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
+    FILES=$TOP_DIR/files
+
+    # Import common functions
+    source $TOP_DIR/functions
+
+    GetDistro
+
+    source $TOP_DIR/stackrc
+
+    trap err_trap ERR
+
+fi
+
+# Get additional packages to build
+MORE_PACKAGES="$@"
+
+# Set a fall-back default, assume that since this script is being called
+# package builds are to happen even if WHEELHOUSE is not configured
+export WHEELHOUSE=${WHEELHOUSE:-.wheelhouse}
+
+# Exit on any errors so that errors don't compound
+function err_trap {
+    local r=$?
+    set +o xtrace
+
+    rm -rf $TMP_VENV_PATH
+
+    exit $r
+}
+
+# Get system prereqs
+install_package $(get_packages devlibs)
+
+# Get a modern ``virtualenv``
+pip_install virtualenv
+
+# Prepare the workspace
+TMP_VENV_PATH=$(mktemp -d tmp-venv-XXXX)
+virtualenv $TMP_VENV_PATH
+
+# Install modern pip and wheel
+$TMP_VENV_PATH/bin/pip install -U pip wheel
+
+# VENV_PACKAGES is a list of packages we want to pre-install
+VENV_PACKAGE_FILE=$FILES/venv-requirements.txt
+if [[ -r $VENV_PACKAGE_FILE ]]; then
+    VENV_PACKAGES=$(grep -v '^#' $VENV_PACKAGE_FILE)
+fi
+
+for pkg in ${VENV_PACKAGES,/ } ${MORE_PACKAGES}; do
+    $TMP_VENV_PATH/bin/pip wheel $pkg
+done
+
+# Clean up wheel workspace
+rm -rf $TMP_VENV_PATH

From 20a3dbdfa178f6e916e09f65476b9dfeb4748a4a Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" 
Date: Mon, 16 Feb 2015 13:24:35 +0000
Subject: [PATCH 0409/3421] mysql: disable query logging by default

Having DATABASE_QUERY_LOGGING enabled results in devstack turning
on verbose mysql query logging. This results in a log file
/var/log/mariadb/mariadb-slow.log that grows to 10's of GB in
size in very little time (few weeks if that). Developers never
seem to notice this exists until their host OS runs out of disk
space due to this logfile that is never truncated.

Very few people will ever look at this logged data, so a more
sensible default is False, to make the out of the box setup be
suitable for the majority. Those few people who want to debug
mysql query performance can enable it in local.conf, as will
the devstack gate setup scripts.

Depends-On: I6970d61474528f554134d0aa333cd52b7b20f309
Change-Id: Ia4a366c839ac51623bc1fbee3560dc4d848cce14
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index 7bb4cc29d9..ad2e72d197 100644
--- a/stackrc
+++ b/stackrc
@@ -114,7 +114,7 @@ fi
 
 # This can be used to turn database query logging on and off
 # (currently only implemented for MySQL backend)
-DATABASE_QUERY_LOGGING=$(trueorfalse True DATABASE_QUERY_LOGGING)
+DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
 
 # Set a timeout for git operations.  If git is still running when the
 # timeout expires, the command will be retried up to 3 times.  This is

From b787b684f39eef779e416d5c86941810969ed456 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 18 Feb 2015 15:20:31 -0800
Subject: [PATCH 0410/3421] Add qemu-utils to n-cpu debs

Qemu-utils is needed by nova-cpu, we are hitting issues with this in
multi node testing where fewer services are installed on the second
node.

Change-Id: I4b0a217a252c7862014443230dda2bcced355c93
---
 files/debs/n-cpu | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/debs/n-cpu b/files/debs/n-cpu
index a82304dfe2..534b1c1159 100644
--- a/files/debs/n-cpu
+++ b/files/debs/n-cpu
@@ -1,3 +1,4 @@
+qemu-utils
 # Stuff for diablo volumes
 lvm2
 open-iscsi

From 8c2ce6ea724c9123b8cc5660c6ad52aa8ebf9865 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 18 Feb 2015 14:47:54 -0600
Subject: [PATCH 0411/3421] Virtual environment groundwork

Introduce the tooling to build virtual environments.

* tools/build_venv.sh: build a venv
* introduce lib/stack to house functionality extracted from stack.sh that
  is needed in other places, such as Grenade; start with stack_install_service
  to wrap the venv install mechanics
* declare PROJECT_VENV array to track where project venvs should be installed
* create a venv for each project defined in PROJECT_VENV in stack_install_service()

Change-Id: I508588c0e2541b976dd94569d44b61dd2c35c01c
---
 clean.sh            |  2 +-
 inc/python          |  8 +++++-
 lib/stack           | 29 ++++++++++++++++++++++
 stack.sh            | 21 +++++++++-------
 tools/build_venv.sh | 59 +++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 108 insertions(+), 11 deletions(-)
 create mode 100644 lib/stack
 create mode 100755 tools/build_venv.sh

diff --git a/clean.sh b/clean.sh
index fea1230c7b..4f8c051b53 100755
--- a/clean.sh
+++ b/clean.sh
@@ -120,7 +120,7 @@ if [[ -n "$SCREEN_LOGDIR" ]] && [[ -d "$SCREEN_LOGDIR" ]]; then
 fi
 
 # Clean up venvs
-DIRS_TO_CLEAN="$WHEELHOUSE"
+DIRS_TO_CLEAN="$WHEELHOUSE ${PROJECT_VENV[@]}"
 rm -rf $DIRS_TO_CLEAN
 
 # Clean up files
diff --git a/inc/python b/inc/python
index d9451b4b16..dfc4d63ca4 100644
--- a/inc/python
+++ b/inc/python
@@ -15,6 +15,13 @@ INC_PY_TRACE=$(set +o | grep xtrace)
 set +o xtrace
 
 
+# Global Config Variables
+
+# PROJECT_VENV contains the name of the virtual enviromnet for each
+# project.  A null value installs to the system Python directories.
+declare -A PROJECT_VENV
+
+
 # Python Functions
 # ================
 
@@ -105,7 +112,6 @@ function pip_install {
                 -r $test_req
         fi
     fi
-    $xtrace
 }
 
 # get version of a package from global requirements file
diff --git a/lib/stack b/lib/stack
new file mode 100644
index 0000000000..6ca6c0baf2
--- /dev/null
+++ b/lib/stack
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# lib/stack
+#
+# These functions are code snippets pulled out of stack.sh for easier
+# re-use by Grenade.  They can assume the same environment is available
+# as in the lower part of stack.sh, namely a valid stackrc has been sourced
+# as well as all of the lib/* files for the services have been sourced.
+#
+# For clarity, all functions declared here that came from ``stack.sh``
+# shall be named with the prefix ``stack_``.
+
+
+# Generic service install handles venv creation if confgured for service
+# stack_install_service service
+function stack_install_service {
+    local service=$1
+    if type install_${service} >/dev/null 2>&1; then
+        if [[ -n ${PROJECT_VENV[$service]:-} ]]; then
+            rm -rf ${PROJECT_VENV[$service]}
+            source tools/build_venv.sh ${PROJECT_VENV[$service]}
+            export PIP_VIRTUAL_ENV=${PROJECT_VENV[$service]:-}
+        fi
+        install_${service}
+        if [[ -n ${PROJECT_VENV[$service]:-} ]]; then
+            unset PIP_VIRTUAL_ENV
+        fi
+    fi
+}
diff --git a/stack.sh b/stack.sh
index 49288a7438..0ec7a5e5e5 100755
--- a/stack.sh
+++ b/stack.sh
@@ -94,6 +94,9 @@ source $TOP_DIR/functions
 # Import config functions
 source $TOP_DIR/lib/config
 
+# Import 'public' stack.sh functions
+source $TOP_DIR/lib/stack
+
 # Determine what system we are running on.  This provides ``os_VENDOR``,
 # ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
 # and ``DISTRO``
@@ -742,13 +745,13 @@ fi
 
 if is_service_enabled keystone; then
     if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
-        install_keystone
+        stack_install_service keystone
         configure_keystone
     fi
 fi
 
 if is_service_enabled s-proxy; then
-    install_swift
+    stack_install_service swift
     configure_swift
 
     # swift3 middleware to provide S3 emulation to Swift
@@ -762,23 +765,23 @@ fi
 
 if is_service_enabled g-api n-api; then
     # image catalog service
-    install_glance
+    stack_install_service glance
     configure_glance
 fi
 
 if is_service_enabled cinder; then
-    install_cinder
+    stack_install_service cinder
     configure_cinder
 fi
 
 if is_service_enabled neutron; then
-    install_neutron
+    stack_install_service neutron
     install_neutron_third_party
 fi
 
 if is_service_enabled nova; then
     # compute service
-    install_nova
+    stack_install_service nova
     cleanup_nova
     configure_nova
 fi
@@ -787,19 +790,19 @@ if is_service_enabled horizon; then
     # django openstack_auth
     install_django_openstack_auth
     # dashboard
-    install_horizon
+    stack_install_service horizon
     configure_horizon
 fi
 
 if is_service_enabled ceilometer; then
     install_ceilometerclient
-    install_ceilometer
+    stack_install_service ceilometer
     echo_summary "Configuring Ceilometer"
     configure_ceilometer
 fi
 
 if is_service_enabled heat; then
-    install_heat
+    stack_install_service heat
     install_heat_other
     cleanup_heat
     configure_heat
diff --git a/tools/build_venv.sh b/tools/build_venv.sh
new file mode 100755
index 0000000000..ad9508056b
--- /dev/null
+++ b/tools/build_venv.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+#
+# **tools/build_venv.sh** - Build a Python Virtual Envirnment
+#
+# build_venv.sh venv-path [package [...]]
+#
+# Assumes:
+# - a useful pip is installed
+# - virtualenv will be installed by pip
+# - installs basic common prereq packages that require compilation
+#   to allow quick copying of resulting venv as a baseline
+
+
+VENV_DEST=${1:-.venv}
+shift
+
+MORE_PACKAGES="$@"
+
+# If TOP_DIR is set we're being sourced rather than running stand-alone
+# or in a sub-shell
+if [[ -z "$TOP_DIR" ]]; then
+
+    set -o errexit
+    set -o nounset
+
+    # Keep track of the devstack directory
+    TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
+    FILES=$TOP_DIR/files
+
+    # Import common functions
+    source $TOP_DIR/functions
+
+    GetDistro
+
+    source $TOP_DIR/stackrc
+
+    trap err_trap ERR
+
+fi
+
+# Exit on any errors so that errors don't compound
+function err_trap {
+    local r=$?
+    set +o xtrace
+
+    rm -rf $TMP_VENV_PATH
+
+    exit $r
+}
+
+# Build new venv
+virtualenv $VENV_DEST
+
+# Install modern pip
+$VENV_DEST/bin/pip install -U pip
+
+for pkg in ${MORE_PACKAGES}; do
+    pip_install_venv $VENV_DEST $pkg
+done

From 20b027b79cf628a8be974bc5b9aff17b46c773b3 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Wed, 4 Feb 2015 02:38:13 -0500
Subject: [PATCH 0412/3421] Add oslo.policy to lib/oslo and stackrc

As per the graduation work items, any new libraries should be
added to lib/oslo and stackrc

partially implements bp graduate-policy

Change-Id: Ief8f28715ecff5a602d6d840d736ea07b5e7ff39
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index 31c9d34849..effde90f13 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -31,6 +31,7 @@ GITDIR["oslo.i18n"]=$DEST/oslo.i18n
 GITDIR["oslo.log"]=$DEST/oslo.log
 GITDIR["oslo.messaging"]=$DEST/oslo.messaging
 GITDIR["oslo.middleware"]=$DEST/oslo.middleware
+GITDIR["oslo.policy"]=$DEST/oslo.policy
 GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap
 GITDIR["oslo.serialization"]=$DEST/oslo.serialization
 GITDIR["oslo.utils"]=$DEST/oslo.utils
@@ -65,6 +66,7 @@ function install_oslo {
     _do_install_oslo_lib "oslo.log"
     _do_install_oslo_lib "oslo.messaging"
     _do_install_oslo_lib "oslo.middleware"
+    _do_install_oslo_lib "oslo.policy"
     _do_install_oslo_lib "oslo.rootwrap"
     _do_install_oslo_lib "oslo.serialization"
     _do_install_oslo_lib "oslo.utils"
diff --git a/stackrc b/stackrc
index 42a625baed..96e6a700a0 100644
--- a/stackrc
+++ b/stackrc
@@ -341,6 +341,10 @@ GITBRANCH["oslo.messaging"]=${OSLOMSG_BRANCH:-master}
 GITREPO["oslo.middleware"]=${OSLOMID_REPO:-${GIT_BASE}/openstack/oslo.middleware.git}
 GITBRANCH["oslo.middleware"]=${OSLOMID_BRANCH:-master}
 
+# oslo.policy
+GITREPO["oslo.policy"]=${OSLOPOLICY_REPO:-${GIT_BASE}/openstack/oslo.policy.git}
+GITBRANCH["oslo.policy"]=${OSLOPOLICY_BRANCH:-master}
+
 # oslo.rootwrap
 GITREPO["oslo.rootwrap"]=${OSLORWRAP_REPO:-${GIT_BASE}/openstack/oslo.rootwrap.git}
 GITBRANCH["oslo.rootwrap"]=${OSLORWRAP_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index cce020399c..a2a6cb781c 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -29,7 +29,7 @@ for i in $TOP/lib/*; do
     fi
 done
 
-ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient tooz ceilometermiddleware"
+ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient tooz ceilometermiddleware oslo.policy"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 380d92cc7a0601d89e40d311172e7e3ee4a58640 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Wed, 18 Feb 2015 16:22:06 +0100
Subject: [PATCH 0413/3421] Ensure lvm2-lvmetad service running on Fedora

When the lvm package gets installed the meta service does
not gets started automatically, but it becomes enabled so it would be
running on the next reboot.

The lvm commands are configured to use this service.
In the past this issue just causes warnings in the cinder log,
but now it can lead to a real issue.

It is better to ensure it is really running,
because it speeds up the lvm related commands.

Change-Id: I17fe2c3bcf77a6505ed2b6c824c5b20807beb725
---
 lib/lvm | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/lvm b/lib/lvm
index c183f09d04..39eed00675 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -103,14 +103,17 @@ function _create_lvm_volume_group {
 function init_lvm_volume_group {
     local vg=$1
     local size=$2
-    # Start with a clean volume group
-    _create_lvm_volume_group $vg $size
 
+    # Start the lvmetad and tgtd services
     if is_fedora || is_suse; then
-        # service is not started by default
+        # services is not started by default
+        start_service lvm2-lvmetad
         start_service tgtd
     fi
 
+    # Start with a clean volume group
+    _create_lvm_volume_group $vg $size
+
     # Remove iscsi targets
     sudo tgtadm --op show --mode target | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
 

From 69741a99c783c4113280988d51c3226a7a1613fd Mon Sep 17 00:00:00 2001
From: Mikhail S Medvedev 
Date: Thu, 19 Feb 2015 19:05:19 -0600
Subject: [PATCH 0414/3421] Fix package names that cause f20/f21 breakage

Closes-Bug: #1423720
Change-Id: I8fdea7d24d1ec09885d2a395d4ba656f4194d39f
---
 files/rpms-suse/devlibs | 2 +-
 files/rpms/devlibs      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
index 11722adf3c..dbcd6af95b 100644
--- a/files/rpms-suse/devlibs
+++ b/files/rpms-suse/devlibs
@@ -1,6 +1,6 @@
 libffi-devel  # pyOpenSSL
 libopenssl-devel  # pyOpenSSL
 libxml2-devel  # lxml
-libxslt1-dev  # lxml
+libxslt-dev  # lxml
 postgresql-devel  # psycopg2
 python-devel  # pyOpenSSL
diff --git a/files/rpms/devlibs b/files/rpms/devlibs
index 6010c9fd37..42b7865978 100644
--- a/files/rpms/devlibs
+++ b/files/rpms/devlibs
@@ -1,6 +1,6 @@
 libffi-devel  # pyOpenSSL
 libxml2-devel  # lxml
-libxslt1-devel  # lxml
+libxslt-devel  # lxml
 mariadb-devel  # MySQL-python  f20,f21,rhel7
 mysql-devel  # MySQL-python  rhel6
 openssl-devel  # pyOpenSSL

From aa8d31ac8b6a69b40569f7d906b8217ac6612c2d Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 20 Feb 2015 06:10:48 -0500
Subject: [PATCH 0415/3421] fix missing TOP_DIR which can break sourcing

There were a couple of places where TOP_DIR is missing when we do a
source of content in tools. Given that working directory can change
quite often during devstack, we need to always be explicit here.

Change-Id: I14b5699637d7f5db745bccf116f440cdcbaa8d91
---
 lib/stack | 2 +-
 stack.sh  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/stack b/lib/stack
index 6ca6c0baf2..9a509d8318 100644
--- a/lib/stack
+++ b/lib/stack
@@ -18,7 +18,7 @@ function stack_install_service {
     if type install_${service} >/dev/null 2>&1; then
         if [[ -n ${PROJECT_VENV[$service]:-} ]]; then
             rm -rf ${PROJECT_VENV[$service]}
-            source tools/build_venv.sh ${PROJECT_VENV[$service]}
+            source $TOP_DIR/tools/build_venv.sh ${PROJECT_VENV[$service]}
             export PIP_VIRTUAL_ENV=${PROJECT_VENV[$service]:-}
         fi
         install_${service}
diff --git a/stack.sh b/stack.sh
index 0ec7a5e5e5..6002cf9d17 100755
--- a/stack.sh
+++ b/stack.sh
@@ -685,7 +685,7 @@ fi
 
 # Pre-build some problematic wheels
 if [[ ! -d ${WHEELHOUSE:-} ]]; then
-    source tools/build_wheels.sh
+    source $TOP_DIR/tools/build_wheels.sh
 fi
 
 

From 83e166b707bbce1501146db06e968194f3c7b376 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Wed, 18 Feb 2015 19:01:20 -0500
Subject: [PATCH 0416/3421] Ensure we install tempest-lib from git in tempest's
 tox venv

This commit adds installing tempest-lib from git to the tempest full
job's tox venv. Since by default tempest isn't being installed
globally anymore and when we do run tempest it is normally within a
tox venv that means previously the install from git flag isn't being
taken into account.

Change-Id: I98b0754c4a91690c9402fa2ae2c3e9ba9195d444
---
 lib/tempest | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index d3b40aa361..6177ffe197 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -517,14 +517,23 @@ function install_tempest_lib {
     if use_library_from_git "tempest-lib"; then
         git_clone_by_name "tempest-lib"
         setup_dev_lib "tempest-lib"
+        # NOTE(mtreinish) For testing tempest-lib from git with tempest we need
+        # put the git version of tempest-lib in the tempest job's tox venv
+        export PIP_VIRTUAL_ENV=${PROJECT_VENV["tempest"]}
+        setup_dev_lib "tempest-lib"
+        unset PIP_VIRTUAL_ENV
     fi
 }
 
 # install_tempest() - Collect source and prepare
 function install_tempest {
-    install_tempest_lib
     git_clone $TEMPEST_REPO $TEMPEST_DIR $TEMPEST_BRANCH
     pip_install tox
+    pushd $TEMPEST_DIR
+    tox --notest -efull
+    PROJECT_VENV["tempest"]=${TEMPEST_DIR}/.tox/full
+    install_tempest_lib
+    popd
 }
 
 # init_tempest() - Initialize ec2 images

From 99c463d56df9e82e5f81e695a8e7b97a4a6fdfbc Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 19 Feb 2015 13:05:15 -0600
Subject: [PATCH 0417/3421] Recent virtualenv review cleanups

This is a follow-on to comments in https://review.openstack.org/156356
and https://review.openstack.org/#/c/151513/

* Remove work-around for /var/cache/pip
* Remove WHEELHOUSE setting in tools/build_wheels.sh and use the pip
  default directory '/wheelhouse'
* Remove bogus MySQL-python install
* Removed unused bits and clean up pip commands in from tools/build_venvs.sh

Closes-Bug: #1423720
Change-Id: I0283b0dff9146b1b63bd821358505a93566270c6
---
 files/rpms-suse/devlibs  |  2 +-
 lib/databases/postgresql |  2 +-
 stack.sh                 |  8 +-------
 tools/build_venv.sh      | 19 +++----------------
 tools/build_wheels.sh    |  4 ----
 5 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
index dbcd6af95b..c9238252af 100644
--- a/files/rpms-suse/devlibs
+++ b/files/rpms-suse/devlibs
@@ -1,6 +1,6 @@
 libffi-devel  # pyOpenSSL
 libopenssl-devel  # pyOpenSSL
 libxml2-devel  # lxml
-libxslt-dev  # lxml
+libxslt-devel  # lxml
 postgresql-devel  # psycopg2
 python-devel  # pyOpenSSL
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index dfda9adbaf..e891a08754 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -102,7 +102,7 @@ EOF
     fi
 
     # Install Python client module
-    pip_install MySQL-python psycopg2
+    pip_install psycopg2
 }
 
 function database_connection_url_postgresql {
diff --git a/stack.sh b/stack.sh
index 6002cf9d17..f597f78c36 100755
--- a/stack.sh
+++ b/stack.sh
@@ -677,14 +677,8 @@ source $TOP_DIR/tools/fixup_stuff.sh
 # Virtual Environment
 # -------------------
 
-# Temporary hack for testing
-# This belongs in d-g functions.sh setup_host() or devstack-vm-gate.sh
-if [[ -d /var/cache/pip ]]; then
-    sudo chown -R $STACK_USER:$STACK_USER /var/cache/pip
-fi
-
 # Pre-build some problematic wheels
-if [[ ! -d ${WHEELHOUSE:-} ]]; then
+if [[ -n ${WHEELHOUSE:-} && ! -d ${WHEELHOUSE:-} ]]; then
     source $TOP_DIR/tools/build_wheels.sh
 fi
 
diff --git a/tools/build_venv.sh b/tools/build_venv.sh
index ad9508056b..11d1d35208 100755
--- a/tools/build_venv.sh
+++ b/tools/build_venv.sh
@@ -34,26 +34,13 @@ if [[ -z "$TOP_DIR" ]]; then
 
     source $TOP_DIR/stackrc
 
-    trap err_trap ERR
-
 fi
 
-# Exit on any errors so that errors don't compound
-function err_trap {
-    local r=$?
-    set +o xtrace
-
-    rm -rf $TMP_VENV_PATH
-
-    exit $r
-}
-
 # Build new venv
 virtualenv $VENV_DEST
 
 # Install modern pip
-$VENV_DEST/bin/pip install -U pip
+PIP_VIRTUAL_ENV=$VENV_DEST pip_install -U pip
 
-for pkg in ${MORE_PACKAGES}; do
-    pip_install_venv $VENV_DEST $pkg
-done
+# Install additional packages
+PIP_VIRTUAL_ENV=$VENV_DEST pip_install ${MORE_PACKAGES}
diff --git a/tools/build_wheels.sh b/tools/build_wheels.sh
index c87b6dafe6..31398f9b0e 100755
--- a/tools/build_wheels.sh
+++ b/tools/build_wheels.sh
@@ -36,10 +36,6 @@ fi
 # Get additional packages to build
 MORE_PACKAGES="$@"
 
-# Set a fall-back default, assume that since this script is being called
-# package builds are to happen even if WHEELHOUSE is not configured
-export WHEELHOUSE=${WHEELHOUSE:-.wheelhouse}
-
 # Exit on any errors so that errors don't compound
 function err_trap {
     local r=$?

From 1ffa33210def38e488b8887c69b70faad5965a00 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka 
Date: Fri, 20 Feb 2015 16:23:15 +0100
Subject: [PATCH 0418/3421] Install openstackclient after other services

Let's see whether openstackclient will trigger unneeded version bump for
clients if its installation is put below all other services that are
expected to intall client libraries on proper versions on their own.

Change-Id: Ifa774219b7057112fc794a5e3d93bc963c55ba90
---
 stack.sh | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/stack.sh b/stack.sh
index 0ec7a5e5e5..cf99950e18 100755
--- a/stack.sh
+++ b/stack.sh
@@ -734,14 +734,6 @@ fi
 # Install middleware
 install_keystonemiddleware
 
-# install the OpenStack client, needed for most setup commands
-if use_library_from_git "python-openstackclient"; then
-    git_clone_by_name "python-openstackclient"
-    setup_dev_lib "python-openstackclient"
-else
-    pip_install 'python-openstackclient>=1.0.2'
-fi
-
 
 if is_service_enabled keystone; then
     if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
@@ -816,13 +808,22 @@ if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
     # don't be naive and add to existing line!
 fi
 
-
 # Extras Install
 # --------------
 
 # Phase: install
 run_phase stack install
 
+
+# install the OpenStack client, needed for most setup commands
+if use_library_from_git "python-openstackclient"; then
+    git_clone_by_name "python-openstackclient"
+    setup_dev_lib "python-openstackclient"
+else
+    pip_install 'python-openstackclient>=1.0.2'
+fi
+
+
 if [[ $TRACK_DEPENDS = True ]]; then
     $DEST/.venv/bin/pip freeze > $DEST/requires-post-pip
     if ! diff -Nru $DEST/requires-pre-pip $DEST/requires-post-pip > $DEST/requires.diff; then

From a1701fabcf8593bc8c555154cb2b85ef6fd5bba0 Mon Sep 17 00:00:00 2001
From: Al Miller 
Date: Fri, 20 Feb 2015 08:10:41 -0800
Subject: [PATCH 0419/3421] clean.sh needs to call "run_phase clean" for
 external plugins

Change-Id: I67b970992479e50dc054f8c4a77a20e724e3e305
---
 clean.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/clean.sh b/clean.sh
index 4f8c051b53..ad4525ba62 100755
--- a/clean.sh
+++ b/clean.sh
@@ -76,6 +76,8 @@ fi
 # ==========
 
 # Phase: clean
+run_phase clean
+
 if [[ -d $TOP_DIR/extras.d ]]; then
     for i in $TOP_DIR/extras.d/*.sh; do
         [[ -r $i ]] && source $i clean

From c9b245bb438cdfe1155a86986e3fe2eb83f6f328 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Tue, 10 Feb 2015 14:32:39 -0800
Subject: [PATCH 0420/3421] Optionally install tempest and disable by default

In I78d51f04ed01da4ce8aa0e127be028f969d3b4f8 we turned off installing
tempest because we install it on stable branches where the stable reqs
do not equal the tempest master (branchless) reqs.

Leave this off by default since that is the behaviour we have in the
gate, and make default devstack as similar to the gate as possible. But
add an option to install tempest by default so developers can opt and
reproduce the previous behaviour.

Update the tempest section of the README with how to run tempest tests
and how to install tempest if desired.

Change-Id: Ie4ea7335a57917244873ec54658ca269ab765ce1
---
 README.md   | 10 +++++++++-
 lib/tempest | 14 ++++++++++++--
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 40060a7cf5..28f4c90cda 100644
--- a/README.md
+++ b/README.md
@@ -282,7 +282,15 @@ If tempest has been successfully configured, a basic set of smoke
 tests can be run as follows:
 
     $ cd /opt/stack/tempest
-    $ nosetests tempest/scenario/test_network_basic_ops.py
+    $ tox -efull  tempest.scenario.test_network_basic_ops
+
+By default tempest is downloaded and the config file is generated, but the
+tempest package is not installed in the system's global site-packages (the
+package install includes installing dependences). So tempest won't run
+outside of tox. If you would like to install it add the following to your
+``localrc`` section:
+
+    INSTALL_TEMPEST=True
 
 # DevStack on Xenserver
 
diff --git a/lib/tempest b/lib/tempest
index d3b40aa361..258bb374ee 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -63,6 +63,12 @@ BUILD_INTERVAL=1
 BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
 
 
+# This must be False on stable branches, as master tempest
+# deps do not match stable branch deps. Set this to True to
+# have tempest installed in devstack by default.
+INSTALL_TEMPEST=${INSTALL_TEMPEST:-"False"}
+
+
 BOTO_MATERIALS_PATH="$FILES/images/s3-materials/cirros-${CIRROS_VERSION}"
 BOTO_CONF=/etc/boto.cfg
 
@@ -94,8 +100,12 @@ function remove_disabled_extensions {
 
 # configure_tempest() - Set config files, create data dirs, etc
 function configure_tempest {
-    # install testr since its used to process tempest logs
-    pip_install $(get_from_global_requirements testrepository)
+    if [[ "$INSTALL_TEMPEST" == "True" ]]; then
+        setup_develop $TEMPEST_DIR
+    else
+        # install testr since its used to process tempest logs
+        pip_install $(get_from_global_requirements testrepository)
+    fi
 
     local image_lines
     local images

From b592454e5113b19fba6f6cacfd97bcb8ec11f4f3 Mon Sep 17 00:00:00 2001
From: Flavio Percoco 
Date: Fri, 20 Feb 2015 13:51:22 +0100
Subject: [PATCH 0421/3421] Install python-redis from pip

Following the leads of  I47b7e787771683c2fc4404e586f11c1a19aac15c and as
an attempt to fix a bug blocking Zaqar's gate, this patch installs
python-redis from pypi instead of using the distro package.

Change-Id: Idfef2fe1b41b44c4cba6b6948b621bc44e77659b
---
 files/debs/zaqar-server | 3 +--
 lib/zaqar               | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/files/debs/zaqar-server b/files/debs/zaqar-server
index 32b10179b0..6c2a4d154a 100644
--- a/files/debs/zaqar-server
+++ b/files/debs/zaqar-server
@@ -1,5 +1,4 @@
 python-pymongo
 mongodb-server
 pkg-config
-redis-server # NOPRIME
-python-redis # NOPRIME
\ No newline at end of file
+redis-server # NOPRIME
\ No newline at end of file
diff --git a/lib/zaqar b/lib/zaqar
index 4a24415248..c9321b997f 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -147,13 +147,13 @@ function configure_zaqar {
 function configure_redis {
     if is_ubuntu; then
         install_package redis-server
+        pip_install redis
     elif is_fedora; then
         install_package redis
+        pip_install redis
     else
         exit_distro_not_supported "redis installation"
     fi
-
-    install_package python-redis
 }
 
 function configure_mongodb {

From d5004a380294e05963d4de39007f3336e975fb0f Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Mon, 23 Feb 2015 12:32:05 +0100
Subject: [PATCH 0422/3421] F21 requires redhat-rpm-config for mariadb-devel

As you can see in the f21 job, the python-MYSQL compilation
fails without this library.

At the first look it seams like packaging issue, so
I created bug related to this. [1]
Until the issue is addressed, the redhat-rpm-config will be
considered as build time dev dependency for f21.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1195207

Change-Id: I731828cac912d1b11eaf2269364411c77a57d76c
---
 files/rpms/devlibs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/rpms/devlibs b/files/rpms/devlibs
index 42b7865978..834a4b6cf1 100644
--- a/files/rpms/devlibs
+++ b/files/rpms/devlibs
@@ -6,3 +6,4 @@ mysql-devel  # MySQL-python  rhel6
 openssl-devel  # pyOpenSSL
 postgresql-devel  # psycopg2
 python-devel  # pyOpenSSL
+redhat-rpm-config # MySQL-python rhbz-1195207 f21

From 0fda343c1893527934171c45349ebc63bb2c5b34 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Mon, 23 Feb 2015 14:33:52 +0100
Subject: [PATCH 0423/3421] msgpack-python requires g++

msgpack-python when installed from source requires a C++ compiler
installed on the system, otherwise it falls back to the python
implementation.

Change-Id: Iffe1f90f3a70780be22459c3f7a3cddfe47f01ca
---
 files/debs/general      | 1 +
 files/rpms-suse/general | 1 +
 files/rpms/general      | 1 +
 3 files changed, 3 insertions(+)

diff --git a/files/debs/general b/files/debs/general
index 5047c12249..84d43029ff 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -4,6 +4,7 @@ unzip
 wget
 psmisc
 gcc
+g++
 git
 graphviz # testonly - docs
 lsof # useful when debugging
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 63ef705b64..7f4bbfb1b6 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -4,6 +4,7 @@ ca-certificates-mozilla
 curl
 euca2ools
 gcc
+gcc-c++
 git-core
 graphviz # testonly - docs
 iputils
diff --git a/files/rpms/general b/files/rpms/general
index 6f2239196b..a648214a7b 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -3,6 +3,7 @@ curl
 dbus
 euca2ools # only for testing client
 gcc
+gcc-c++
 git-core
 graphviz # testonly - docs
 openssh-server

From e7b51362fdca995f866d992dc34280da3ea838db Mon Sep 17 00:00:00 2001
From: George Peristerakis 
Date: Fri, 20 Feb 2015 16:28:32 -0500
Subject: [PATCH 0424/3421] Changed the log format for horizon's apache
 configuration

The default apache log format is noisy. Added a custom log format
that matches the other apache log format of projects like keystone

Closes-Bug: #1222900
Change-Id: Id9a8c3a4413c778e009c56ffde6b646b8a120c8b
---
 files/apache-horizon.template | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/files/apache-horizon.template b/files/apache-horizon.template
index bca1251bec..68838985ee 100644
--- a/files/apache-horizon.template
+++ b/files/apache-horizon.template
@@ -28,7 +28,9 @@
             Require all granted
         
     
-
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
     ErrorLog /var/log/%APACHE_NAME%/horizon_error.log
     LogLevel warn
     CustomLog /var/log/%APACHE_NAME%/horizon_access.log combined

From a339efcd676b81804b2d5ab54d4bba8ecaba99b5 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Thu, 4 Dec 2014 16:52:58 +1100
Subject: [PATCH 0425/3421] Create service definition for nova-serialproxy

Nova has the ability to do remote interactive consoles but there is no
easy way to enable this in devstack.  This change defines a service
called n-serial to enable the service.  Documentation is added to a
new guide on nova, describing how to set further options in local.conf

Change-Id: I401d94b2413c62bfae9b90d2214d77bd4cfc15d5
---
 doc/source/guides/nova.rst | 72 ++++++++++++++++++++++++++++++++++++++
 doc/source/index.rst       |  6 ++++
 lib/nova                   |  7 +++-
 3 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 doc/source/guides/nova.rst

diff --git a/doc/source/guides/nova.rst b/doc/source/guides/nova.rst
new file mode 100644
index 0000000000..0d98f4abad
--- /dev/null
+++ b/doc/source/guides/nova.rst
@@ -0,0 +1,72 @@
+=================
+Nova and devstack
+=================
+
+This is a rough guide to various configuration parameters for nova
+running with devstack.
+
+
+nova-serialproxy
+================
+
+In Juno nova implemented a `spec
+`_
+to allow read/write access to the serial console of an instance via
+`nova-serialproxy
+`_.
+
+The service can be enabled by adding ``n-sproxy`` to
+``ENABLED_SERVICES``.  Further options can be enabled via
+``local.conf``, e.g.
+
+::
+
+    [[post-config|$NOVA_CONF]]
+    [serial_console]
+    #
+    # Options defined in nova.cmd.serialproxy
+    #
+
+    # Host on which to listen for incoming requests (string value)
+    #serialproxy_host=0.0.0.0
+
+    # Port on which to listen for incoming requests (integer
+    # value)
+    #serialproxy_port=6083
+
+
+    #
+    # Options defined in nova.console.serial
+    #
+
+    # Enable serial console related features (boolean value)
+    #enabled=false
+    # Do not set this manually.  Instead enable the service as
+    # outlined above.
+
+    # Range of TCP ports to use for serial ports on compute hosts
+    # (string value)
+    #port_range=10000:20000
+
+    # Location of serial console proxy. (string value)
+    #base_url=ws://127.0.0.1:6083/
+
+    # IP address on which instance serial console should listen
+    # (string value)
+    #listen=127.0.0.1
+
+    # The address to which proxy clients (like nova-serialproxy)
+    # should connect (string value)
+    #proxyclient_address=127.0.0.1
+
+
+Enabling the service is enough to be functional for a single machine devstack.
+
+These config options are defined in `nova.console.serial
+`_
+and `nova.cmd.serialproxy
+`_.
+
+For more information on OpenStack configuration see the `OpenStack
+Configuration Reference
+`_
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 855a2d6b2b..10f4355c07 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -67,6 +67,7 @@ Walk through various setups used by stackers
    guides/multinode-lab
    guides/neutron
    guides/devstack-with-nested-kvm
+   guides/nova
 
 All-In-One Single VM
 --------------------
@@ -102,6 +103,11 @@ Procedure to setup :doc:`DevStack with KVM-based Nested Virtualization
 `. With this setup, Nova instances
 will be more performant than with plain QEMU emulation.
 
+Nova and devstack
+--------------------------------
+
+Guide to working with nova features :doc:`Nova and devstack `.
+
 DevStack Documentation
 ======================
 
diff --git a/lib/nova b/lib/nova
index 74a34117bc..e9e78c7bc4 100644
--- a/lib/nova
+++ b/lib/nova
@@ -566,6 +566,10 @@ function create_nova_conf {
     if is_service_enabled tls-proxy; then
         iniset $NOVA_CONF DEFAULT ec2_listen_port $EC2_SERVICE_PORT_INT
     fi
+
+    if is_service_enabled n-sproxy; then
+        iniset $NOVA_CONF serial_console enabled True
+    fi
 }
 
 function init_nova_cells {
@@ -764,6 +768,7 @@ function start_nova_rest {
     run_process n-xvnc "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $api_cell_conf"
     run_process n-spice "$NOVA_BIN_DIR/nova-spicehtml5proxy --config-file $api_cell_conf --web $SPICE_WEB_DIR"
     run_process n-cauth "$NOVA_BIN_DIR/nova-consoleauth --config-file $api_cell_conf"
+    run_process n-sproxy "$NOVA_BIN_DIR/nova-serialproxy --config-file $api_cell_conf"
 
     # Starting the nova-objectstore only if swift3 service is not enabled.
     # Swift will act as s3 objectstore.
@@ -794,7 +799,7 @@ function stop_nova_rest {
     # Kill the nova screen windows
     # Some services are listed here twice since more than one instance
     # of a service may be running in certain configs.
-    for serv in n-api n-crt n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cond n-cell n-cell n-api-meta n-obj; do
+    for serv in n-api n-crt n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cond n-cell n-cell n-api-meta n-obj n-sproxy; do
         stop_process $serv
     done
 }

From b8cf38c05d4c73710bbdf9a14a0a80a90c3bf925 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 24 Feb 2015 13:00:51 +0100
Subject: [PATCH 0426/3421] Remove duplicated isset function

stackrc defines the isset function, but this function is already
declared in functions-common.

The stackrc sources the `functions` which sources the `functions-common`.

Change-Id: I0772c42d049833334107c2e6da3700e544ce094f
---
 stackrc | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/stackrc b/stackrc
index e084d94d7c..2bbe47c613 100644
--- a/stackrc
+++ b/stackrc
@@ -43,14 +43,6 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 #  enable_service q-meta
 #  # Optional, to enable tempest configuration as part of devstack
 #  enable_service tempest
-function isset {
-    local nounset=$(set +o | grep nounset)
-    set +o nounset
-    [[ -n "${!1+x}" ]]
-    result=$?
-    $nounset
-    return $result
-}
 
 # this allows us to pass ENABLED_SERVICES
 if ! isset ENABLED_SERVICES ; then

From ee9064b76293ec8838f7a3a52ed1de45056f6201 Mon Sep 17 00:00:00 2001
From: Joshua Harlow 
Date: Thu, 19 Feb 2015 15:06:23 -0800
Subject: [PATCH 0427/3421] Add debtcollector to lib/oslo and stackrc

Ensure that the debtcollector library is pulled in
like the other oslo libraries so that devstack can
use it where appropriate.

Also fixes 'test_libs_from_pypi.sh' to not have a huge
single line of libraries; and splits it into multiple
lines so the diffs and code can be easily looked at.

Change-Id: I35ab0ed0e20b6092a41ecb3b6f1aaf0a05f5180e
---
 lib/oslo                     |  2 ++
 stackrc                      |  4 ++++
 tests/test_libs_from_pypi.sh | 12 +++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index effde90f13..18cddc193e 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -23,6 +23,7 @@ set +o xtrace
 # Defaults
 # --------
 GITDIR["cliff"]=$DEST/cliff
+GITDIR["debtcollector"]=$DEST/debtcollector
 GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
 GITDIR["oslo.config"]=$DEST/oslo.config
 GITDIR["oslo.context"]=$DEST/oslo.context
@@ -58,6 +59,7 @@ function _do_install_oslo_lib {
 # install_oslo() - Collect source and prepare
 function install_oslo {
     _do_install_oslo_lib "cliff"
+    _do_install_oslo_lib "debtcollector"
     _do_install_oslo_lib "oslo.concurrency"
     _do_install_oslo_lib "oslo.config"
     _do_install_oslo_lib "oslo.context"
diff --git a/stackrc b/stackrc
index e084d94d7c..b2bc970c63 100644
--- a/stackrc
+++ b/stackrc
@@ -314,6 +314,10 @@ GITDIR["python-openstackclient"]=$DEST/python-openstackclient
 GITREPO["cliff"]=${CLIFF_REPO:-${GIT_BASE}/openstack/cliff.git}
 GITBRANCH["cliff"]=${CLIFF_BRANCH:-master}
 
+# debtcollector deprecation framework/helpers
+GITREPO["debtcollector"]=${DEBTCOLLECTOR_REPO:-${GIT_BASE}/openstack/debtcollector.git}
+GITBRANCH["debtcollector"]=${DEBTCOLLECTOR_BRANCH:-master}
+
 # oslo.concurrency
 GITREPO["oslo.concurrency"]=${OSLOCON_REPO:-${GIT_BASE}/openstack/oslo.concurrency.git}
 GITBRANCH["oslo.concurrency"]=${OSLOCON_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index a2a6cb781c..472b0ea4af 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -29,7 +29,17 @@ for i in $TOP/lib/*; do
     fi
 done
 
-ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient python-keystoneclient taskflow oslo.middleware pycadf python-glanceclient python-ironicclient tempest-lib oslo.messaging oslo.log cliff python-heatclient stevedore python-cinderclient glance_store oslo.concurrency oslo.db oslo.vmware keystonemiddleware oslo.serialization python-saharaclient django_openstack_auth python-openstackclient oslo.rootwrap oslo.i18n python-ceilometerclient oslo.utils python-swiftclient python-neutronclient tooz ceilometermiddleware oslo.policy"
+ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient"
+ALL_LIBS+=" python-keystoneclient taskflow oslo.middleware pycadf"
+ALL_LIBS+=" python-glanceclient python-ironicclient tempest-lib"
+ALL_LIBS+=" oslo.messaging oslo.log cliff python-heatclient stevedore"
+ALL_LIBS+=" python-cinderclient glance_store oslo.concurrency oslo.db"
+ALL_LIBS+=" oslo.vmware keystonemiddleware oslo.serialization"
+ALL_LIBS+=" python-saharaclient django_openstack_auth"
+ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
+ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
+ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
+ALL_LIBS+=" debtcollector"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 834b804d3eda9029d3c66db0ab732a76a22ed08b Mon Sep 17 00:00:00 2001
From: "Vigneshvar.A.S" 
Date: Sat, 14 Feb 2015 01:05:55 +0530
Subject: [PATCH 0428/3421] Upgrades pip under virtualenv

The version of pip supported by python-virtualenv has issues in
environment under proxy, hence uninstalling python-virtualenv package
and installing the latest version using pip.

Change-Id: Id749c37ab7fefa96b35f11816b56b9def5ef4b08
Closes-Bug: 1421541
---
 tools/fixup_stuff.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index cc5275fe45..f8edd16ecd 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -123,3 +123,9 @@ if is_fedora; then
     fi
 
 fi
+
+# The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has
+# connection issues under proxy, hence uninstalling python-virtualenv package
+# and installing the latest version using pip.
+uninstall_package python-virtualenv
+pip_install -U virtualenv

From 9826093202b2e05b1481f57fb6ef68f95256631c Mon Sep 17 00:00:00 2001
From: Jaume Devesa 
Date: Wed, 11 Feb 2015 17:20:46 +0000
Subject: [PATCH 0429/3421] Improve MidoNet integration

Since midonet has become open source, we can build it from
external plugin scripts. The way to enable it is using the devstack
plugin approach:

    disable_service n-net
    enable_service q-svc
    enable_service q-dhcp
    enable_service q-meta
    enable_plugin networking-midonet \
        http://github.com/stackforge/networking-midonet
    Q_PLUGIN=midonet

and should download and build the last master branch of midonet.

Change-Id: I795f92f9d3c97b2c35bac712c6edfc032eff345a
---
 lib/neutron_plugins/midonet    | 100 +--------------------------------
 lib/neutron_thirdparty/midonet |  51 -----------------
 2 files changed, 2 insertions(+), 149 deletions(-)
 delete mode 100644 lib/neutron_thirdparty/midonet

diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
index 23ad8b2020..9e72aa0ce9 100644
--- a/lib/neutron_plugins/midonet
+++ b/lib/neutron_plugins/midonet
@@ -1,100 +1,4 @@
 #!/bin/bash
-#
-# Neutron MidoNet plugin
-# ----------------------
 
-MIDONET_DIR=${MIDONET_DIR:-$DEST/midonet}
-MIDONET_API_PORT=${MIDONET_API_PORT:-8080}
-MIDONET_API_URL=${MIDONET_API_URL:-http://localhost:$MIDONET_API_PORT/midonet-api}
-
-# Save trace setting
-MN_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-function is_neutron_ovs_base_plugin {
-    # MidoNet does not use l3-agent
-    # 0 means True here
-    return 1
-}
-
-function neutron_plugin_create_nova_conf {
-    NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
-}
-
-function neutron_plugin_install_agent_packages {
-    :
-}
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/midonet
-    Q_PLUGIN_CONF_FILENAME=midonet.ini
-    Q_PLUGIN_CLASS="neutron.plugins.midonet.plugin.MidonetPluginV2"
-
-    # MidoNet implements LBaaS API in the plugin, not as an LBaaS driver.
-    # In this model, the plugin references the 'neutron_lbaas' module but
-    # does not require starting an LBaaS service.  Devstack, however, clones
-    # 'neutron_lbaas' only if 'lbaas' service is enabled.  To get around this,
-    # always clone 'neutron_lbaas' so that it is made available to the plugin.
-    # Also, discontinue if the 'lbaas' service is enabled.
-    if is_service_enabled q-lbaas; then
-        die $LINENO "LBaaS service should be disabled for the MidoNet plugin"
-    fi
-    git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
-    setup_develop $NEUTRON_LBAAS_DIR
-}
-
-function neutron_plugin_configure_debug_command {
-    :
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    DHCP_DRIVER=${DHCP_DRIVER:-"neutron.plugins.midonet.agent.midonet_driver.DhcpNoOpDriver"}
-    neutron_plugin_setup_interface_driver $Q_DHCP_CONF_FILE
-    iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_driver $DHCP_DRIVER
-    iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces True
-    iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata True
-}
-
-function neutron_plugin_configure_l3_agent {
-    die $LINENO "q-l3 must not be executed with MidoNet plugin!"
-}
-
-function neutron_plugin_configure_plugin_agent {
-    die $LINENO "q-agt must not be executed with MidoNet plugin!"
-}
-
-function neutron_plugin_configure_service {
-    if [[ "$MIDONET_API_URL" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE MIDONET midonet_uri $MIDONET_API_URL
-    fi
-    if [[ "$MIDONET_USERNAME" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE MIDONET username $MIDONET_USERNAME
-    fi
-    if [[ "$MIDONET_PASSWORD" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE MIDONET password $MIDONET_PASSWORD
-    fi
-    if [[ "$MIDONET_PROJECT_ID" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE MIDONET project_id $MIDONET_PROJECT_ID
-    fi
-
-    Q_L3_ENABLED=True
-    Q_L3_ROUTER_PER_TENANT=True
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.MidonetInterfaceDriver
-}
-
-function has_neutron_plugin_security_group {
-    # 0 means True here
-    return 0
-}
-
-function neutron_plugin_check_adv_test_requirements {
-    # 0 means True here
-    return 1
-}
-
-# Restore xtrace
-$MN_XTRACE
+# REVISIT(devvesa): This file is intentionally left empty
+# in order to keep Q_PLUGIN=midonet work.
diff --git a/lib/neutron_thirdparty/midonet b/lib/neutron_thirdparty/midonet
deleted file mode 100644
index 2c82d487e4..0000000000
--- a/lib/neutron_thirdparty/midonet
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/bash
-#
-# MidoNet
-# -------
-
-# This file implements functions required to configure MidoNet as the third-party
-# system used with devstack's Neutron.  To include this file, specify the following
-# variables in localrc:
-#
-# * enable_service midonet
-#
-
-# MidoNet devstack destination dir
-MIDONET_DIR=${MIDONET_DIR:-$DEST/midonet}
-
-# MidoNet client repo
-MIDONET_CLIENT_REPO=${MIDONET_CLIENT_REPO:-https://github.com/midokura/python-midonetclient.git}
-MIDONET_CLIENT_BRANCH=${MIDONET_CLIENT_BRANCH:-master}
-MIDONET_CLIENT_DIR=${MIDONET_CLIENT_DIR:-$MIDONET_DIR/python-midonetclient}
-
-# Save trace setting
-MN3_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-function configure_midonet {
-    :
-}
-
-function init_midonet {
-    :
-}
-
-function install_midonet {
-    git_clone $MIDONET_CLIENT_REPO $MIDONET_CLIENT_DIR $MIDONET_CLIENT_BRANCH
-    export PYTHONPATH=$MIDONET_CLIENT_DIR/src:$PYTHONPATH
-}
-
-function start_midonet {
-    :
-}
-
-function stop_midonet {
-    :
-}
-
-function check_midonet {
-    :
-}
-
-# Restore xtrace
-$MN3_XTRACE

From 99b598887bfb189b38ac3ae97abe0a303bc1063c Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 24 Feb 2015 12:15:21 +0100
Subject: [PATCH 0430/3421] Fedora-21 has openjdk-1.8.0 only

Fedora-21 does not have openjdk-1.7.0 it has only 1.8.0.

This change also fixing the no op statement in the configure.

Change-Id: I6012aeb17b8e8fafa37d48aa29482702fa3491fd
---
 files/rpms/general   | 3 ++-
 pkg/elasticsearch.sh | 8 ++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/files/rpms/general b/files/rpms/general
index a648214a7b..56a933190c 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -27,4 +27,5 @@ bc
 libyaml-devel
 gettext  # used for compiling message catalogs
 net-tools
-java-1.7.0-openjdk-headless  # NOPRIME
+java-1.7.0-openjdk-headless  # NOPRIME rhel7,f20
+java-1.8.0-openjdk-headless  # NOPRIME f21,f22
diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 15e1b2b594..447596a8db 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -44,7 +44,7 @@ function download_elasticsearch {
 
 function configure_elasticsearch {
     # currently a no op
-    ::
+    :
 }
 
 function start_elasticsearch {
@@ -78,7 +78,11 @@ function install_elasticsearch {
         sudo dpkg -i ${FILES}/elasticsearch-${ELASTICSEARCH_VERSION}.deb
         sudo update-rc.d elasticsearch defaults 95 10
     elif is_fedora; then
-        is_package_installed java-1.7.0-openjdk-headless || install_package java-1.7.0-openjdk-headless
+        if [[ "$os_RELEASE" -ge "21" ]]; then
+            is_package_installed java-1.8.0-openjdk-headless || install_package java-1.8.0-openjdk-headless
+        else
+            is_package_installed java-1.7.0-openjdk-headless || install_package java-1.7.0-openjdk-headless
+        fi
         yum_install ${FILES}/elasticsearch-${ELASTICSEARCH_VERSION}.noarch.rpm
         sudo /bin/systemctl daemon-reload
         sudo /bin/systemctl enable elasticsearch.service

From 32ac55abb81293002f2c4a1fb1fda2f109664c92 Mon Sep 17 00:00:00 2001
From: Sergey Reshetnyak 
Date: Wed, 25 Feb 2015 15:54:20 +0300
Subject: [PATCH 0431/3421] Enable CDH and Spark plugin by default in Sahara

Spark and CDH plugins enabled by default in Sahara.
Need to enable these plugins in devstack.

Change-Id: Idb57966c67c3e7da71ae3a408fbd83ba82e4321f
---
 lib/sahara | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/sahara b/lib/sahara
index da4fbcd34f..a84a06f1ce 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -39,7 +39,7 @@ SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
 SAHARA_AUTH_CACHE_DIR=${SAHARA_AUTH_CACHE_DIR:-/var/cache/sahara}
 
-SAHARA_ENABLED_PLUGINS=${SAHARA_ENABLED_PLUGINS:-vanilla,hdp,fake}
+SAHARA_ENABLED_PLUGINS=${SAHARA_ENABLED_PLUGINS:-vanilla,hdp,cdh,spark,fake}
 
 # Support entry points installation of console scripts
 if [[ -d $SAHARA_DIR/bin ]]; then

From 71e82f52bde99b4bf791ea1558f1abf86019a384 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 25 Feb 2015 11:39:18 -0800
Subject: [PATCH 0432/3421] List all CIRROS ARCH images in image_list.sh

image_list.sh is used to make a list of all possible images. Loop over
both x86_64 and i386 instead of just using the default arch of x86_64

For live migration we are starting to use the i386 arch based images and
don't want to cache them like all other images.

Change-Id: I47da72a0e9da3689cb085bb43ac6536094445112
---
 tools/image_list.sh | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/tools/image_list.sh b/tools/image_list.sh
index 0bb49ab007..88c1d09379 100755
--- a/tools/image_list.sh
+++ b/tools/image_list.sh
@@ -9,6 +9,8 @@ source $TOP_DIR/functions
 # dummy in the end position to trigger the fall through case.
 DRIVERS="openvz ironic libvirt vsphere xenserver dummy"
 
+CIRROS_ARCHS="x86_64 i386"
+
 # Extra variables to trigger getting additional images.
 export ENABLED_SERVICES="h-api,tr-api"
 HEAT_FETCHED_TEST_IMAGE="Fedora-i386-20-20131211.1-sda"
@@ -17,12 +19,15 @@ PRECACHE_IMAGES=True
 # Loop over all the virt drivers and collect all the possible images
 ALL_IMAGES=""
 for driver in $DRIVERS; do
-    VIRT_DRIVER=$driver
-    URLS=$(source $TOP_DIR/stackrc && echo $IMAGE_URLS)
-    if [[ ! -z "$ALL_IMAGES" ]]; then
-        ALL_IMAGES+=,
-    fi
-    ALL_IMAGES+=$URLS
+    for arch in $CIRROS_ARCHS; do
+        CIRROS_ARCH=$arch
+        VIRT_DRIVER=$driver
+        URLS=$(source $TOP_DIR/stackrc && echo $IMAGE_URLS)
+        if [[ ! -z "$ALL_IMAGES" ]]; then
+            ALL_IMAGES+=,
+        fi
+        ALL_IMAGES+=$URLS
+    done
 done
 
 # Make a nice list

From 907d41c2623809702b887ada97a87a2e7a23dfba Mon Sep 17 00:00:00 2001
From: Naohiro Tamura 
Date: Thu, 19 Feb 2015 20:57:20 +0900
Subject: [PATCH 0433/3421] Add error checks to provider net and subnet
 creation

Error checks are added to detect provider network and subnet
creation.

Closes-Bug: #1423766
Change-Id: I4d4323d1c3159f84ce3d19924a569b153038d542
---
 lib/neutron | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index 8d27febf63..3804e05271 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -538,13 +538,16 @@ function create_neutron_initial_network {
         die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
         die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
         NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
+        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
 
         if [[ "$IP_VERSION" =~ 4.* ]]; then
             SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+            die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $TENANT_ID"
         fi
 
         if [[ "$IP_VERSION" =~ .*6 ]]; then
             SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+            die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $PROVIDER_SUBNET_NAME_V6 $TENANT_ID"
         fi
 
         sudo ip link set $OVS_PHYSICAL_BRIDGE up

From c08d5470aa797923f613ada052b399e8ddfee54b Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Mon, 23 Feb 2015 15:39:22 +0000
Subject: [PATCH 0434/3421] Fix Ironic for Syslinux >= 5.00

Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone"
anymore, it depends on some c32 modules to work correctly.
See: http://www.syslinux.org/wiki/index.php/Library_modules

Closes-Bug: #1419867
Change-Id: Ia62e980052ece3d5e2abf090b5609dea31f0d6b8
---
 lib/ironic | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 7ffa6a5caf..b39d2cc619 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -238,7 +238,15 @@ function configure_ironic_dirs {
         die $LINENO "PXE boot file $IRONIC_PXE_BOOT_IMAGE not found."
     fi
 
-    cp $IRONIC_PXE_BOOT_IMAGE $IRONIC_TFTPBOOT_DIR
+    # Copy PXE binary
+    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
+        cp $IRONIC_PXE_BOOT_IMAGE $IRONIC_TFTPBOOT_DIR
+    else
+        # Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone" anymore,
+        # it depends on some c32 modules to work correctly.
+        # More info: http://www.syslinux.org/wiki/index.php/Library_modules
+        cp -aR $(dirname $IRONIC_PXE_BOOT_IMAGE)/*.{c32,0} $IRONIC_TFTPBOOT_DIR
+    fi
 }
 
 # configure_ironic() - Set config files, create data dirs, etc

From 15d40a56832baadc65fe5261f5f53ce24ad00e84 Mon Sep 17 00:00:00 2001
From: Andreas Scheuring 
Date: Thu, 26 Feb 2015 09:08:09 +0100
Subject: [PATCH 0435/3421] Add quotation marks to parse string correclty on
 rhel7

Problem:
On rhel7 the lvm.conf filter is generated wrongly

Root Cause:

bash-4.2 (rhel7/centos7) incorrectly splits herestrings
when combined with IFS.  See [1] and [2]

Quoting the argument is a safe work-around

[1] http://stackoverflow.com/questions/20144593/trying-to-split-a-string-into-two-variables
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1196566

Closes-Bug #1425839
Change-Id: Ie82fcd7ef0deacbb6aaf18c5c466a5d5baf52681
---
 lib/cinder_backends/lvm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index d83c31a81e..52fc6fbf63 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -78,9 +78,9 @@ function configure_cinder_backend_conf_lvm {
 
     for pv_info in $(sudo pvs --noheadings -o name,vg_name --separator ';'); do
         echo_summary "Evaluate PV info for Cinder lvm.conf: $pv_info"
-        IFS=';' read pv vg <<< $pv_info
+        IFS=';' read pv vg <<< "$pv_info"
         for line in ${conf_entries}; do
-            IFS='=' read label group <<< $line
+            IFS='=' read label group <<< "$line"
             group=$(echo $group|sed "s/^ *//g")
             if [[ "$vg" == "$group" ]]; then
                 new="\"a$pv/\", "

From db29a7cf0c15b3600bf1363497a1899bdeb1b596 Mon Sep 17 00:00:00 2001
From: Ramy Asselin 
Date: Thu, 26 Feb 2015 14:30:07 -0800
Subject: [PATCH 0436/3421] Fix devstack running behind a proxy

As suggested by dtroyer to resolve wheels not buildings
behind a proxy. Issue introduced in I0283b0dff9146b1b63bd821358505a93566270c6

Change-Id: Ib376469aff73a22ac2bc9d7d5a7f90081004aa8d
Closes-bug: 1426146
---
 tools/build_wheels.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/build_wheels.sh b/tools/build_wheels.sh
index 31398f9b0e..f1740dfbd6 100755
--- a/tools/build_wheels.sh
+++ b/tools/build_wheels.sh
@@ -57,7 +57,7 @@ TMP_VENV_PATH=$(mktemp -d tmp-venv-XXXX)
 virtualenv $TMP_VENV_PATH
 
 # Install modern pip and wheel
-$TMP_VENV_PATH/bin/pip install -U pip wheel
+PIP_VIRTUAL_ENV=$TMP_VENV_PATH pip_install -U pip wheel
 
 # VENV_PACKAGES is a list of packages we want to pre-install
 VENV_PACKAGE_FILE=$FILES/venv-requirements.txt

From b124f4d595cc41b4f20bf935ffd0848448b3713c Mon Sep 17 00:00:00 2001
From: Al Miller 
Date: Tue, 3 Feb 2015 20:18:42 -0800
Subject: [PATCH 0437/3421] Remove LBaaS support from devstack

Devstack support for LBaaS is being migrated to an external
plugin in the neutron-lbaas repository.  The only LBaaS-
specific code that remains in devstack is a hook to support
existing configs that enable q-lbaas.  In that case, load
the external plugin if necessary.

Change-Id: I592f64407ccf1e722b8d9788917879d0236acf0b
Depends-On: I64a94aeeabe6357b5ea7796e34c9306c55c9ae67
---
 functions-common                          | 19 ++++++++
 lib/neutron                               | 53 +++++++----------------
 lib/neutron_plugins/services/loadbalancer | 49 ---------------------
 stackrc                                   |  3 ++
 4 files changed, 38 insertions(+), 86 deletions(-)
 delete mode 100644 lib/neutron_plugins/services/loadbalancer

diff --git a/functions-common b/functions-common
index df69cbad16..267dfe8622 100644
--- a/functions-common
+++ b/functions-common
@@ -1601,6 +1601,25 @@ function enable_plugin {
     GITBRANCH[$name]=$branch
 }
 
+# is_plugin_enabled
+#
+# Has a particular plugin been enabled?
+function is_plugin_enabled {
+    local plugins=$@
+    local plugin
+    local enabled=1
+
+    # short circuit if nothing to do
+    if [[ -z ${DEVSTACK_PLUGINS} ]]; then
+        return $enabled
+    fi
+
+    for plugin in ${plugins}; do
+        [[ ,${DEVSTACK_PLUGINS}, =~ ,${plugin}, ]] && enabled=0
+    done
+    return $enabled
+}
+
 # fetch_plugins
 #
 # clones all plugins
diff --git a/lib/neutron b/lib/neutron
index 3804e05271..2c69830afd 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -100,10 +100,8 @@ IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
 # Set up default directories
 GITDIR["python-neutronclient"]=$DEST/python-neutronclient
 
-
 NEUTRON_DIR=$DEST/neutron
 NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
-NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
 NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 
@@ -116,6 +114,7 @@ fi
 
 NEUTRON_CONF_DIR=/etc/neutron
 NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
+
 export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
 
 # Agent binaries.  Note, binary paths for other agents are set in per-service
@@ -326,12 +325,6 @@ ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
 # Please refer to ``lib/neutron_plugins/README.md`` for details.
 source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
 
-# Agent loadbalancer service plugin functions
-# -------------------------------------------
-
-# Hardcoding for 1 service plugin for now
-source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
-
 # Agent metering service plugin functions
 # -------------------------------------------
 
@@ -358,6 +351,17 @@ fi
 TEMPEST_SERVICES+=,neutron
 
 
+# For backward compatibility, if q-lbaas service is enabled, make sure to load the
+# neutron-lbaas plugin.  This hook should be removed in a future release, perhaps
+# as early as Liberty.
+
+if is_service_enabled q-lbaas; then
+    if ! is_plugin_enabled neutron-lbaas; then
+        DEPRECATED_TEXT+="External plugin neutron-lbaas has been automatically activated, please add the appropriate enable_plugin to your local.conf. This will be removed in the Liberty cycle."
+        enable_plugin "neutron-lbaas" ${NEUTRON_LBAAS_REPO} ${NEUTRON_LBAAS_BRANCH}
+    fi
+fi
+
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
@@ -425,9 +429,7 @@ function configure_neutron {
     iniset_rpc_backend neutron $NEUTRON_CONF DEFAULT
 
     # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
-    if is_service_enabled q-lbaas; then
-        _configure_neutron_lbaas
-    fi
+
     if is_service_enabled q-metering; then
         _configure_neutron_metering
     fi
@@ -605,7 +607,8 @@ function init_neutron {
     recreate_database $Q_DB_NAME
     # Run Neutron db migrations
     $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-    for svc in fwaas lbaas vpnaas; do
+
+    for svc in fwaas vpnaas; do
         if [ "$svc" = "vpnaas" ]; then
             q_svc="q-vpn"
         else
@@ -625,10 +628,6 @@ function install_neutron {
         git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
         setup_develop $NEUTRON_FWAAS_DIR
     fi
-    if is_service_enabled q-lbaas; then
-        git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
-        setup_develop $NEUTRON_LBAAS_DIR
-    fi
     if is_service_enabled q-vpn; then
         git_clone $NEUTRON_VPNAAS_REPO $NEUTRON_VPNAAS_DIR $NEUTRON_VPNAAS_BRANCH
         setup_develop $NEUTRON_VPNAAS_DIR
@@ -672,10 +671,6 @@ function install_neutron_agent_packages {
     if is_service_enabled q-agt q-dhcp q-l3; then
         neutron_plugin_install_agent_packages
     fi
-
-    if is_service_enabled q-lbaas; then
-        neutron_agent_lbaas_install_agent_packages
-    fi
 }
 
 # Start running processes, including screen
@@ -735,10 +730,6 @@ function start_neutron_agents {
         run_process q-domua "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
     fi
 
-    if is_service_enabled q-lbaas; then
-        run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
-    fi
-
     if is_service_enabled q-metering; then
         run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
     fi
@@ -762,9 +753,6 @@ function stop_neutron {
 
     stop_process q-agt
 
-    if is_service_enabled q-lbaas; then
-        neutron_lbaas_stop
-    fi
     if is_service_enabled q-fwaas; then
         neutron_fwaas_stop
     fi
@@ -792,12 +780,11 @@ function cleanup_neutron {
     fi
 
     # delete all namespaces created by neutron
-    for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
+    for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|fip|snat)-[0-9a-f-]*'); do
         sudo ip netns delete ${ns}
     done
 }
 
-
 function _create_neutron_conf_dir {
     # Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
     if [[ ! -d $NEUTRON_CONF_DIR ]]; then
@@ -967,14 +954,6 @@ function _configure_neutron_ceilometer_notifications {
     iniset $NEUTRON_CONF DEFAULT notification_driver messaging
 }
 
-function _configure_neutron_lbaas {
-    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then
-        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR
-    fi
-    neutron_agent_lbaas_configure_common
-    neutron_agent_lbaas_configure_agent
-}
-
 function _configure_neutron_metering {
     neutron_agent_metering_configure_common
     neutron_agent_metering_configure_agent
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
deleted file mode 100644
index f465cc94b4..0000000000
--- a/lib/neutron_plugins/services/loadbalancer
+++ /dev/null
@@ -1,49 +0,0 @@
-# Neutron loadbalancer plugin
-# ---------------------------
-
-# Save trace setting
-LB_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-AGENT_LBAAS_BINARY="$NEUTRON_BIN_DIR/neutron-lbaas-agent"
-LBAAS_PLUGIN=neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin
-
-function neutron_agent_lbaas_install_agent_packages {
-    if is_ubuntu || is_fedora || is_suse; then
-        install_package haproxy
-    fi
-}
-
-function neutron_agent_lbaas_configure_common {
-    _neutron_service_plugin_class_add $LBAAS_PLUGIN
-    _neutron_deploy_rootwrap_filters $NEUTRON_LBAAS_DIR
-}
-
-function neutron_agent_lbaas_configure_agent {
-    LBAAS_AGENT_CONF_PATH=/etc/neutron/services/loadbalancer/haproxy
-    mkdir -p $LBAAS_AGENT_CONF_PATH
-
-    LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini"
-
-    cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME
-
-    # ovs_use_veth needs to be set before the plugin configuration
-    # occurs to allow plugins to override the setting.
-    iniset $LBAAS_AGENT_CONF_FILENAME DEFAULT ovs_use_veth $Q_OVS_USE_VETH
-
-    neutron_plugin_setup_interface_driver $LBAAS_AGENT_CONF_FILENAME
-
-    if is_fedora; then
-        iniset $LBAAS_AGENT_CONF_FILENAME DEFAULT user_group "nobody"
-        iniset $LBAAS_AGENT_CONF_FILENAME haproxy user_group "nobody"
-    fi
-}
-
-function neutron_lbaas_stop {
-    pids=$(ps aux | awk '/haproxy/ { print $2 }')
-    [ ! -z "$pids" ] && sudo kill $pids
-}
-
-# Restore xtrace
-$LB_XTRACE
diff --git a/stackrc b/stackrc
index cb044b8fed..103be6de66 100644
--- a/stackrc
+++ b/stackrc
@@ -198,6 +198,9 @@ NEUTRON_FWAAS_REPO=${NEUTRON_FWAAS_REPO:-${GIT_BASE}/openstack/neutron-fwaas.git
 NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-master}
 
 # neutron lbaas service
+# The neutron-lbaas specific entries are deprecated and replaced by the neutron-lbaas
+# devstack plugin and should be removed in a future release, possibly as soon as Liberty.
+
 NEUTRON_LBAAS_REPO=${NEUTRON_LBAAS_REPO:-${GIT_BASE}/openstack/neutron-lbaas.git}
 NEUTRON_LBAAS_BRANCH=${NEUTRON_LBAAS_BRANCH:-master}
 

From 6fd4720e606ffa91a2db7d0bef1961128014e0ed Mon Sep 17 00:00:00 2001
From: Paul Michali 
Date: Mon, 23 Feb 2015 17:07:48 -0500
Subject: [PATCH 0438/3421] VPNaaS Support for StrongSwan driver.

The StrongSwan driver under development for kilo-3 will replace the
default reference OpenSwan driver.

In the interim though, we need to be able to run functional tests
for both drivers. This change is intending to do the additional
steps that are needed to set up for Strongswan, so that when a
functional test has IPSEC_PACKAGE=strongswan, everything will be
correct.

The intent here is to explicitly set the device driver class in
vpn_agent.ini, so that this will work for when OpenSwan is the
default (currently), when no drivers are specified, and will work
for when StrongSwan is made the default in the code.

For Ubuntu, AppArmor is disabled for charon and stroke.

Note: Both OpenSwan and StrongSwan cannot be installed on the
host at the same time.

Change-Id: Ib8467e24633230d6643d812068e4ed6ffb33f104
Partial-Bug: 1424757
---
 lib/neutron                      |  2 +-
 lib/neutron_plugins/services/vpn | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/neutron b/lib/neutron
index 8d27febf63..2f2c15f4ad 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -931,7 +931,7 @@ function _configure_neutron_l3_agent {
     Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE
 
     if is_service_enabled q-vpn; then
-        cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE
+        neutron_vpn_configure_agent
     fi
 
     cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index 5912eab9ca..4d6a2bf9a0 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -12,6 +12,13 @@ IPSEC_PACKAGE=${IPSEC_PACKAGE:-"openswan"}
 
 function neutron_vpn_install_agent_packages {
     install_package $IPSEC_PACKAGE
+    if is_ubuntu && [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then
+        sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/
+        sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/
+        # NOTE: Due to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1387220
+        # one must use 'sudo start apparmor ACTION=reload' for Ubuntu 14.10
+        restart_service apparmor
+    fi
 }
 
 function neutron_vpn_configure_common {
@@ -19,6 +26,18 @@ function neutron_vpn_configure_common {
     _neutron_deploy_rootwrap_filters $NEUTRON_VPNAAS_DIR
 }
 
+function neutron_vpn_configure_agent {
+    cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE
+    if [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then
+        iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
+        if is_fedora; then
+            iniset $Q_VPN_CONF_FILE strongswan default_config_area /usr/share/strongswan/templates/config/strongswan.d
+        fi
+    else
+        iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver
+    fi
+}
+
 function neutron_vpn_stop {
     local ipsec_data_dir=$DATA_DIR/neutron/ipsec
     local pids

From 1d3a6ec0de8badae58492021e9025f0ef78878b6 Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Wed, 25 Feb 2015 12:38:47 +0000
Subject: [PATCH 0439/3421] Add support for using IPA with iSCSI

This patch is adding a new boolean that can be toggled to indicate
that we should use the IPA ramdisk instead of the normal ramdisk when
deploying a node with the iSCSI methodology. Defaults to False.

Depends-On: Iaabc6ada729461f18d69ee12d01b9f1465944454
Change-Id: If4004078866d833eb946be40b6dfb204aa4a6840
---
 lib/ironic | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 7ffa6a5caf..394d68225a 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -121,6 +121,16 @@ IRONIC_HTTP_DIR=${IRONIC_HTTP_DIR:-$IRONIC_DATA_DIR/httpboot}
 IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$HOST_IP}
 IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-8088}
 
+# NOTE(lucasagomes): This flag is used to differentiate the nodes that
+# uses IPA as their deploy ramdisk from nodes that uses the agent_* drivers
+# (which also uses IPA but depends on Swift Temp URLs to work). At present,
+# all drivers that uses the iSCSI approach for their deployment supports
+# using both, IPA or bash ramdisks for the deployment. In the future we
+# want to remove the support for the bash ramdisk in favor of IPA, once
+# we get there this flag can be removed, and all conditionals that uses
+# it should just run by default.
+IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA=$(trueorfalse False IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA)
+
 # get_pxe_boot_file() - Get the PXE/iPXE boot file path
 function get_pxe_boot_file {
     local relpath=syslinux/pxelinux.0
@@ -162,6 +172,11 @@ function is_deployed_by_agent {
     return 1
 }
 
+function is_deployed_with_ipa_ramdisk {
+    is_deployed_by_agent || [[ "$IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA" == "True" ]] && return 0
+    return 1
+}
+
 # install_ironic() - Collect source and prepare
 function install_ironic {
     # make sure all needed service were enabled
@@ -310,7 +325,11 @@ function configure_ironic_conductor {
     iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
     iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
     if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
-        iniset $IRONIC_CONF_FILE pxe pxe_append_params "nofb nomodeset vga=normal console=ttyS0"
+        local pxe_params="nofb nomodeset vga=normal console=ttyS0"
+        if is_deployed_with_ipa_ramdisk; then
+            pxe_params+=" systemd.journald.forward_to_console=yes"
+        fi
+        iniset $IRONIC_CONF_FILE pxe pxe_append_params "$pxe_params"
     fi
     if is_deployed_by_agent; then
         if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then
@@ -325,9 +344,6 @@ function configure_ironic_conductor {
         iniset $IRONIC_CONF_FILE glance swift_container glance
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
         iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30
-        if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
-            iniset $IRONIC_CONF_FILE agent agent_pxe_append_params "nofb nomodeset vga=normal console=ttyS0 systemd.journald.forward_to_console=yes"
-        fi
     fi
 
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
@@ -698,7 +714,7 @@ function upload_baremetal_ironic_deploy {
         if [ "$IRONIC_BUILD_DEPLOY_RAMDISK" = "True" ]; then
             # we can build them only if we're not offline
             if [ "$OFFLINE" != "True" ]; then
-                if is_deployed_by_agent; then
+                if is_deployed_with_ipa_ramdisk; then
                     build_ipa_coreos_ramdisk $IRONIC_DEPLOY_KERNEL_PATH $IRONIC_DEPLOY_RAMDISK_PATH
                 else
                     ramdisk-image-create $IRONIC_DEPLOY_FLAVOR \
@@ -708,7 +724,7 @@ function upload_baremetal_ironic_deploy {
                 die $LINENO "Deploy kernel+ramdisk files don't exist and cannot be build in OFFLINE mode"
             fi
         else
-            if is_deployed_by_agent; then
+            if is_deployed_with_ipa_ramdisk; then
                 # download the agent image tarball
                 wget "$IRONIC_AGENT_KERNEL_URL" -O $IRONIC_DEPLOY_KERNEL_PATH
                 wget "$IRONIC_AGENT_RAMDISK_URL" -O $IRONIC_DEPLOY_RAMDISK_PATH

From c82c30c55afea76efee63ae48669b457986ab465 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 18 Feb 2015 15:24:40 -0800
Subject: [PATCH 0440/3421] Remove debs for diablo volumes

Diablo is long gone. Remove debs for diablo nova volumes

Original commit that added this: I3e7c412ff125dbadd18b59af55fb7dea9ea17b07

Move open-iscsi requirement over to ironic, (ironic conductor calls
iscsiadm)

libvirt driver uses iscsiadm for iscsi based volume attaches as well.
lvm backend is supported for libvirt driver

Change-Id: I536ba0ebdb6e3fa68f0a82b3027e70d8e2f35085
---
 files/debs/ironic | 1 +
 files/debs/n-cpu  | 4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/files/debs/ironic b/files/debs/ironic
index f6c7b74494..0a906dbffc 100644
--- a/files/debs/ironic
+++ b/files/debs/ironic
@@ -4,6 +4,7 @@ iptables
 ipxe
 libguestfs0
 libvirt-bin
+open-iscsi
 openssh-client
 openvswitch-switch
 openvswitch-datapath-dkms
diff --git a/files/debs/n-cpu b/files/debs/n-cpu
index 534b1c1159..5d5052aa4e 100644
--- a/files/debs/n-cpu
+++ b/files/debs/n-cpu
@@ -1,8 +1,6 @@
 qemu-utils
-# Stuff for diablo volumes
-lvm2
+lvm2 # NOPRIME
 open-iscsi
-open-iscsi-utils # Deprecated since quantal dist:precise
 genisoimage
 sysfsutils
 sg3-utils

From 84c9ceff7baa9711415a6ccfcf03cef24e15be38 Mon Sep 17 00:00:00 2001
From: Peter Stachowski 
Date: Sun, 22 Feb 2015 12:47:00 -0500
Subject: [PATCH 0441/3421] Change the Guest Agent log_dir to /var/log/trove

In trove-integration, a patch was submitted to change the value
of the log_dir variable in the trove-guestagent.conf.sample file.
This should be changed here as well so that devstack uses the same
location.

The devstack trove-guestagent.conf file is created by devstack, not
from the sample file, so it needs to be changed here.

(For reference, an actual trove-guestagent.conf file is created by
the cloud provider implementing Trove, who may or may not use the
sample file provided.)

See: https://review.openstack.org/#/c/157973

Change-Id: I41b8e6fe443a2eff376ffc1f92c2ed90c94530b0
---
 lib/trove | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/trove b/lib/trove
index d4377186ed..080e860f03 100644
--- a/lib/trove
+++ b/lib/trove
@@ -180,7 +180,7 @@ function configure_trove {
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT control_exchange trove
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT ignore_users os_admin
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_dir /tmp/
+    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_dir /var/log/trove/
     iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_file trove-guestagent.log
     setup_trove_logging $TROVE_CONF_DIR/trove-guestagent.conf
 }

From c24b399b7e37480ee57546fee9fab4d4c6b452e0 Mon Sep 17 00:00:00 2001
From: Li Ma 
Date: Sun, 21 Dec 2014 23:51:40 -0800
Subject: [PATCH 0442/3421] Complete the support of MatchMakerRedis driver

MatchMakerRedis is the only tested routing method
for ZeroMQ driver. For others, like MatchMakerLocalhost
and MatchMakerRing, it still takes some time to work
on and completely test.

MatchMakerRedis is enough to run under real-world
deployment.

Change-Id: I3b2e8e68ceebd377479d75bbb8b862ae60cfc826
Partially-Implements: blueprint zeromq
---
 lib/rpc_backend | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 899748c53d..ff22bbf8fa 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -158,9 +158,6 @@ function install_rpc_backend {
         fi
         _configure_qpid
     elif is_service_enabled zeromq; then
-        # NOTE(ewindisch): Redis is not strictly necessary
-        # but there is a matchmaker driver that works
-        # really well & out of the box for multi-node.
         if is_fedora; then
             install_package zeromq python-zmq
             if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
@@ -243,11 +240,15 @@ function iniset_rpc_backend {
     local section=$3
     if is_service_enabled zeromq; then
         iniset $file $section rpc_backend "zmq"
-        iniset $file $section rpc_zmq_matchmaker \
-            oslo_messaging._drivers.matchmaker_redis.MatchMakerRedis
-        # Set MATCHMAKER_REDIS_HOST if running multi-node.
-        MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
-        iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
+        iniset $file $section rpc_zmq_host `hostname`
+        if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
+            iniset $file $section rpc_zmq_matchmaker \
+                oslo.messaging._drivers.matchmaker_redis.MatchMakerRedis
+            MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
+            iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
+        else
+            die $LINENO "Other matchmaker drivers not supported"
+        fi
     elif is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
         # For Qpid use the 'amqp' oslo.messaging transport when AMQP 1.0 is used
         if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then

From a67ef00a6dc303659873bf6e60c8a488e96d0762 Mon Sep 17 00:00:00 2001
From: Noboru Iwamatsu 
Date: Fri, 27 Feb 2015 13:34:12 +0900
Subject: [PATCH 0443/3421] Handle proxy environment variables for epel-release
 install

Use yum_install() to support proxy environment variables when
epel-release package is installed from epel-bootstrap repo.

Change-Id: I45f7a38c6c71bbce07bd0d21c1ac8a75c04113cb
Closes-Bug: 1426221
---
 stack.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/stack.sh b/stack.sh
index 44a07439af..58b4479635 100755
--- a/stack.sh
+++ b/stack.sh
@@ -250,8 +250,10 @@ failovermethod=priority
 enabled=0
 gpgcheck=0
 EOF
-    # bare yum call due to --enablerepo
-    sudo yum --enablerepo=epel-bootstrap -y install epel-release || \
+    # Enable a bootstrap repo.  It is removed after finishing
+    # the epel-release installation.
+    sudo yum-config-manager --enable epel-bootstrap
+    yum_install epel-release || \
         die $LINENO "Error installing EPEL repo, cannot continue"
     # epel rpm has installed it's version
     sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo

From 37a06f017ba6ef38159ee65ac25bdd890ccbd102 Mon Sep 17 00:00:00 2001
From: Telles Nobrega 
Date: Tue, 18 Nov 2014 07:59:10 -0300
Subject: [PATCH 0444/3421] Add data-processing service for Sahara

When registering endpoint with data_processing keystone transforms it
into data-processing. This problem causes sahara to not find the
endpoint afterwards

We need to have two endpoints for correct working tempest and horizon
with devstack. After resolving bug in tempest and horizon need to remove
old data_processing endpoint

Change-Id: I97827d23ffe8a1218abd61e76804b918b1b7cbe0
Partial-bug: #1356053
---
 lib/sahara | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/lib/sahara b/lib/sahara
index a84a06f1ce..9b2e9c406d 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -65,9 +65,25 @@ function create_sahara_accounts {
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-        local sahara_service=$(get_or_create_service "sahara" \
-            "data_processing" "Sahara Data Processing")
-        get_or_create_endpoint $sahara_service \
+        # TODO: remove "data_processing" service when #1356053 will be fixed
+        local sahara_service_old=$(openstack service create \
+            "data_processing" \
+            --name "sahara" \
+            --description "Sahara Data Processing" \
+            -f value -c id
+        )
+        local sahara_service_new=$(openstack service create \
+            "data-processing" \
+            --name "sahara" \
+            --description "Sahara Data Processing" \
+            -f value -c id
+        )
+        get_or_create_endpoint $sahara_service_old \
+            "$REGION_NAME" \
+            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
+            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
+            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
+        get_or_create_endpoint $sahara_service_new \
             "$REGION_NAME" \
             "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
             "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \

From b5ab6468c9784d5f5f21e808034f462d5c9d91b2 Mon Sep 17 00:00:00 2001
From: sridhargaddam 
Date: Tue, 24 Feb 2015 07:23:24 +0000
Subject: [PATCH 0445/3421] Fix curl issue when SERVICE_HOST is defined to IPv6
 address

When SERVICE_HOST is defined to literal IPv6 address
(i.e., [fdf8:f53b:82e4::179]) we will have to include
--globoff option for curl to be able to reach the various
openstack services. Using globoff works for both IPv6 and
IPv4 urls, so its safe to include this option for all curl
statements in devstack.

Closes-Bug: #1424943
Change-Id: I2afc16f2f94d7d7069b0ba61bc8348c03413e4e7
---
 exercises/horizon.sh | 2 +-
 exercises/sahara.sh  | 2 +-
 exercises/zaqar.sh   | 2 +-
 functions            | 4 +++-
 lib/ceilometer       | 2 +-
 lib/keystone         | 2 +-
 6 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/exercises/horizon.sh b/exercises/horizon.sh
index ad08221690..4020580157 100755
--- a/exercises/horizon.sh
+++ b/exercises/horizon.sh
@@ -36,7 +36,7 @@ source $TOP_DIR/exerciserc
 is_service_enabled horizon || exit 55
 
 # can we get the front page
-curl http://$SERVICE_HOST 2>/dev/null | grep -q 'Log In' || die $LINENO "Horizon front page not functioning!"
+$CURL_GET http://$SERVICE_HOST 2>/dev/null | grep -q 'Log In' || die $LINENO "Horizon front page not functioning!"
 
 set +o xtrace
 echo "*********************************************************************"
diff --git a/exercises/sahara.sh b/exercises/sahara.sh
index 867920ed31..2589e28c0c 100755
--- a/exercises/sahara.sh
+++ b/exercises/sahara.sh
@@ -35,7 +35,7 @@ source $TOP_DIR/exerciserc
 
 is_service_enabled sahara || exit 55
 
-curl http://$SERVICE_HOST:8386/ 2>/dev/null | grep -q 'Auth' || die $LINENO "Sahara API isn't functioning!"
+$CURL_GET http://$SERVICE_HOST:8386/ 2>/dev/null | grep -q 'Auth' || die $LINENO "Sahara API isn't functioning!"
 
 set +o xtrace
 echo "*********************************************************************"
diff --git a/exercises/zaqar.sh b/exercises/zaqar.sh
index 6996f346b5..c370b12c85 100755
--- a/exercises/zaqar.sh
+++ b/exercises/zaqar.sh
@@ -35,7 +35,7 @@ source $TOP_DIR/exerciserc
 
 is_service_enabled zaqar-server || exit 55
 
-curl http://$SERVICE_HOST:8888/v1/ 2>/dev/null | grep -q 'queue_name' || die $LINENO "Zaqar API not functioning!"
+$CURL_GET http://$SERVICE_HOST:8888/v1/ 2>/dev/null | grep -q 'queue_name' || die $LINENO "Zaqar API not functioning!"
 
 set +o xtrace
 echo "*********************************************************************"
diff --git a/functions b/functions
index 2f976cfab1..79b2b37b4e 100644
--- a/functions
+++ b/functions
@@ -325,13 +325,15 @@ function use_database {
     fi
 }
 
+#Macro for curl statements. curl requires -g option for literal IPv6 addresses.
+CURL_GET="${CURL_GET:-curl -g}"
 
 # Wait for an HTTP server to start answering requests
 # wait_for_service timeout url
 function wait_for_service {
     local timeout=$1
     local url=$2
-    timeout $timeout sh -c "while ! curl -k --noproxy '*' -s $url >/dev/null; do sleep 1; done"
+    timeout $timeout sh -c "while ! $CURL_GET -k --noproxy '*' -s $url >/dev/null; do sleep 1; done"
 }
 
 
diff --git a/lib/ceilometer b/lib/ceilometer
index f509788ab7..82e9417ba4 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -340,7 +340,7 @@ function start_ceilometer {
     # only die on API if it was actually intended to be turned on
     if is_service_enabled ceilometer-api; then
         echo "Waiting for ceilometer-api to start..."
-        if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy '*' -s http://localhost:8777/v2/ >/dev/null; do sleep 1; done"; then
+        if ! wait_for_service $SERVICE_TIMEOUT $CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/v2/; then
             die $LINENO "ceilometer-api did not start"
         fi
     fi
diff --git a/lib/keystone b/lib/keystone
index 102d188611..0968445dc0 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -564,7 +564,7 @@ function start_keystone {
     # Check that the keystone service is running. Even if the tls tunnel
     # should be enabled, make sure the internal port is checked using
     # unencryted traffic at this point.
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy '*' -k -s $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
+    if ! wait_for_service $SERVICE_TIMEOUT $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/; then
         die $LINENO "keystone did not start"
     fi
 

From 76e724b9f7417a666fcd1a792fbce5e825c1ed56 Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Wed, 11 Feb 2015 18:28:37 -0500
Subject: [PATCH 0446/3421] elasticsearch event support in ceilometer

add support to store events in elasticsearch in ceilometer.

Change-Id: I9c9801d2b83af8332df21f221c2ac8579898d56b
---
 lib/ceilometer       | 31 ++++++++++++++++++++++---------
 pkg/elasticsearch.sh |  9 +++++++++
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index f509788ab7..0779c99115 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -13,21 +13,16 @@
 #
 #   enable_service ceilometer-alarm-notifier ceilometer-alarm-evaluator
 #
-# To ensure events are stored, add the following section to local.conf:
-#
-#   [[post-config|$CEILOMETER_CONF]]
-#   [notification]
-#   store_events=True
-#
 # Several variables set in the localrc section adjust common behaviors
 # of Ceilometer (see within for additional settings):
 #
 #   CEILOMETER_USE_MOD_WSGI:       When True, run the api under mod_wsgi.
 #   CEILOMETER_PIPELINE_INTERVAL:  The number of seconds between pipeline processing
 #                                  runs. Default 600.
-#   CEILOMETER_BACKEND:            The database backend (e.g. 'mysql', 'mongodb')
+#   CEILOMETER_BACKEND:            The database backend (e.g. 'mysql', 'mongodb', 'es')
 #   CEILOMETER_COORDINATION_URL:   The URL for a group membership service provided
 #                                  by tooz.
+#   CEILOMETER_EVENTS:             Enable event collection
 
 
 # Dependencies:
@@ -80,6 +75,7 @@ CEILOMETER_USE_MOD_WSGI=$(trueorfalse False CEILOMETER_USE_MOD_WSGI)
 
 # To enable OSprofiler change value of this variable to "notifications,profiler"
 CEILOMETER_NOTIFICATION_TOPICS=${CEILOMETER_NOTIFICATION_TOPICS:-notifications}
+CEILOMETER_EVENTS=${CEILOMETER_EVENTS:-True}
 
 CEILOMETER_COORDINATION_URL=${CEILOMETER_COORDINATION_URL:-}
 CEILOMETER_PIPELINE_INTERVAL=${CEILOMETER_PIPELINE_INTERVAL:-}
@@ -137,8 +133,10 @@ function _cleanup_ceilometer_apache_wsgi {
 # cleanup_ceilometer() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_ceilometer {
-    if [ "$CEILOMETER_BACKEND" != 'mysql' ] && [ "$CEILOMETER_BACKEND" != 'postgresql' ] ; then
+    if [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
         mongo ceilometer --eval "db.dropDatabase();"
+    elif [ "$CEILOMETER_BACKEND" = 'es' ] ; then
+        curl -XDELETE "localhost:9200/events_*"
     fi
     if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then
         _cleanup_ceilometer_apache_wsgi
@@ -206,11 +204,21 @@ function configure_ceilometer {
 
     configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
 
+    iniset $CEILOMETER_CONF notification store_events $CEILOMETER_EVENTS
+
     if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
         iniset $CEILOMETER_CONF database alarm_connection $(database_connection_url ceilometer)
         iniset $CEILOMETER_CONF database event_connection $(database_connection_url ceilometer)
         iniset $CEILOMETER_CONF database metering_connection $(database_connection_url ceilometer)
         iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS
+    elif [ "$CEILOMETER_BACKEND" = 'es' ] ; then
+        # es is only supported for events. we will use sql for alarming/metering.
+        iniset $CEILOMETER_CONF database alarm_connection $(database_connection_url ceilometer)
+        iniset $CEILOMETER_CONF database event_connection es://localhost:9200
+        iniset $CEILOMETER_CONF database metering_connection $(database_connection_url ceilometer)
+        iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS
+        ${TOP_DIR}/pkg/elasticsearch.sh start
+        cleanup_ceilometer
     else
         iniset $CEILOMETER_CONF database alarm_connection mongodb://localhost:27017/ceilometer
         iniset $CEILOMETER_CONF database event_connection mongodb://localhost:27017/ceilometer
@@ -264,7 +272,7 @@ function init_ceilometer {
     rm -f $CEILOMETER_AUTH_CACHE_DIR/*
 
     if is_service_enabled mysql postgresql; then
-        if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
+        if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] || [ "$CEILOMETER_BACKEND" = 'es' ] ; then
             recreate_database ceilometer
             $CEILOMETER_BIN_DIR/ceilometer-dbsync
         fi
@@ -293,6 +301,11 @@ function install_ceilometer {
     elif echo $CEILOMETER_COORDINATION_URL | grep -q '^redis:'; then
         install_redis
     fi
+
+    if [ "$CEILOMETER_BACKEND" = 'es' ] ; then
+        ${TOP_DIR}/pkg/elasticsearch.sh download
+        ${TOP_DIR}/pkg/elasticsearch.sh install
+    fi
 }
 
 # install_ceilometerclient() - Collect source and prepare
diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 447596a8db..239d6b938e 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -47,11 +47,20 @@ function configure_elasticsearch {
     :
 }
 
+function _check_elasticsearch_ready {
+    # poll elasticsearch to see if it's started
+    if ! wait_for_service 30 http://localhost:9200; then
+        die $LINENO "Maximum timeout reached. Could not connect to ElasticSearch"
+    fi
+}
+
 function start_elasticsearch {
     if is_ubuntu; then
         sudo /etc/init.d/elasticsearch start
+        _check_elasticsearch_ready
     elif is_fedora; then
         sudo /bin/systemctl start elasticsearch.service
+        _check_elasticsearch_ready
     else
         echo "Unsupported architecture...can not start elasticsearch."
     fi

From c4c27232c869633030022b750c2bf0cd65b66d4c Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 3 Mar 2015 09:54:49 +0100
Subject: [PATCH 0447/3421] Use the Member role with horizon

Horizon by default using the _member_ role,
which is considered as a legacy role.

The tools/create_userrc.sh already creates the regular users,
with Member role.

Change-Id: Ibc07a0f28d0729f8a717a54e94fe014853363592
Closes-Bug: #1421616
---
 lib/horizon | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/horizon b/lib/horizon
index a8e83f9d8f..c6e3692d47 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -94,6 +94,7 @@ function init_horizon {
     cp $HORIZON_SETTINGS $local_settings
 
     _horizon_config_set $local_settings "" COMPRESS_OFFLINE True
+    _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\"
 
     _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
     _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""

From 8b5406e228e83e5b83a32f67fe2ea5e49a90016d Mon Sep 17 00:00:00 2001
From: Roey Chen 
Date: Mon, 22 Dec 2014 04:57:22 -0800
Subject: [PATCH 0448/3421] vmware-nsx: Vendor code split

Devstack support is added using Devstack's external plugins:
https://review.openstack.org/#/c/156526

Asside to the environment variables, the following should be added to
local.conf file:

enable_plugin vmware-nsx https://git.openstack.org/stackforge/vmware-nsx

for the nsx plugin:
    Q_PLUGIN=vmware_nsx
    enable_service vmware_nsx

for the nsx_v plugin:
    Q_PLUGIN=vmware_nsx_v

Partially-Implements: blueprint vmware-nsx-v

Change-Id: I4e03d4953bf9b5112ff75a252b61c27fadd04bf1
Signed-off-by: Roey Chen 
---
 lib/neutron_plugins/vmware_nsx    | 143 +-----------------------------
 lib/neutron_plugins/vmware_nsx_v  |  10 +++
 lib/neutron_thirdparty/vmware_nsx |  91 +------------------
 3 files changed, 15 insertions(+), 229 deletions(-)
 create mode 100644 lib/neutron_plugins/vmware_nsx_v

diff --git a/lib/neutron_plugins/vmware_nsx b/lib/neutron_plugins/vmware_nsx
index 4cbedd6de4..b6c1c9c13f 100644
--- a/lib/neutron_plugins/vmware_nsx
+++ b/lib/neutron_plugins/vmware_nsx
@@ -1,147 +1,10 @@
 #!/bin/bash
-#
-# Neutron VMware NSX plugin
-# -------------------------
 
-# Save trace setting
-NSX_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-function setup_integration_bridge {
-    _neutron_ovs_base_setup_bridge $OVS_BRIDGE
-    # Set manager to NSX controller (1st of list)
-    if [[ "$NSX_CONTROLLERS" != "" ]]; then
-        # Get the first controller
-        controllers=(${NSX_CONTROLLERS//,/ })
-        OVS_MGR_IP=${controllers[0]}
-    else
-        die $LINENO "Error - No controller specified. Unable to set a manager for OVS"
-    fi
-    sudo ovs-vsctl set-manager ssl:$OVS_MGR_IP
-}
-
-function is_neutron_ovs_base_plugin {
-    # NSX uses OVS, but not the l3-agent
-    return 0
-}
-
-function neutron_plugin_create_nova_conf {
-    # if n-cpu is enabled, then setup integration bridge
-    if is_service_enabled n-cpu; then
-        setup_integration_bridge
-    fi
-}
-
-function neutron_plugin_install_agent_packages {
-    # VMware NSX Plugin does not run q-agt, but it currently needs dhcp and metadata agents
-    _neutron_ovs_base_install_agent_packages
-}
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/vmware
-    Q_PLUGIN_CONF_FILENAME=nsx.ini
-    Q_PLUGIN_CLASS="neutron.plugins.vmware.plugin.NsxPlugin"
-}
-
-function neutron_plugin_configure_debug_command {
-    sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT external_network_bridge "$PUBLIC_BRIDGE"
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    setup_integration_bridge
-    iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata True
-    iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network True
-    iniset $Q_DHCP_CONF_FILE DEFAULT ovs_use_veth True
-}
-
-function neutron_plugin_configure_l3_agent {
-    # VMware NSX plugin does not run L3 agent
-    die $LINENO "q-l3 should not be executed with VMware NSX plugin!"
-}
-
-function neutron_plugin_configure_plugin_agent {
-    # VMware NSX plugin does not run L2 agent
-    die $LINENO "q-agt must not be executed with VMware NSX plugin!"
-}
-
-function neutron_plugin_configure_service {
-    if [[ "$MAX_LP_PER_BRIDGED_LS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE nsx max_lp_per_bridged_ls $MAX_LP_PER_BRIDGED_LS
-    fi
-    if [[ "$MAX_LP_PER_OVERLAY_LS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE nsx max_lp_per_overlay_ls $MAX_LP_PER_OVERLAY_LS
-    fi
-    if [[ "$FAILOVER_TIME" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE nsx failover_time $FAILOVER_TIME
-    fi
-    if [[ "$CONCURRENT_CONNECTIONS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE nsx concurrent_connections $CONCURRENT_CONNECTIONS
-    fi
-
-    if [[ "$DEFAULT_TZ_UUID" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_tz_uuid $DEFAULT_TZ_UUID
-    else
-        die $LINENO "The VMware NSX plugin won't work without a default transport zone."
-    fi
-    if [[ "$DEFAULT_L3_GW_SVC_UUID" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_l3_gw_service_uuid $DEFAULT_L3_GW_SVC_UUID
-        Q_L3_ENABLED=True
-        Q_L3_ROUTER_PER_TENANT=True
-        iniset /$Q_PLUGIN_CONF_FILE nsx metadata_mode access_network
-    fi
-    if [[ "$DEFAULT_L2_GW_SVC_UUID" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_l2_gw_service_uuid $DEFAULT_L2_GW_SVC_UUID
-    fi
-    # NSX_CONTROLLERS must be a comma separated string
-    if [[ "$NSX_CONTROLLERS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_controllers $NSX_CONTROLLERS
-    else
-        die $LINENO "The VMware NSX plugin needs at least an NSX controller."
-    fi
-    if [[ "$NSX_USER" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_user $NSX_USER
-    fi
-    if [[ "$NSX_PASSWORD" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT nsx_password $NSX_PASSWORD
-    fi
-    if [[ "$NSX_HTTP_TIMEOUT" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT http_timeout $NSX_HTTP_TIMEOUT
-    fi
-    if [[ "$NSX_RETRIES" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT retries $NSX_RETRIES
-    fi
-    if [[ "$NSX_REDIRECTS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE DEFAULT redirects $NSX_REDIRECTS
-    fi
-    if [[ "$AGENT_MODE" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE nsx agent_mode $AGENT_MODE
-        if [[ "$AGENT_MODE" == "agentless" ]]; then
-            if [[ "$DEFAULT_SERVICE_CLUSTER_UUID" != "" ]]; then
-                iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_service_cluster_uuid $DEFAULT_SERVICE_CLUSTER_UUID
-            else
-                die $LINENO "Agentless mode requires a service cluster."
-            fi
-            iniset /$Q_PLUGIN_CONF_FILE nsx_metadata metadata_server_address $Q_META_DATA_IP
-        fi
-    fi
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-}
+# This file is needed so Q_PLUGIN=vmware_nsx will work.
 
+# FIXME(salv-orlando): This function should not be here, but unfortunately
+# devstack calls it before the external plugins are fetched
 function has_neutron_plugin_security_group {
     # 0 means True here
     return 0
 }
-
-function neutron_plugin_check_adv_test_requirements {
-    is_service_enabled q-dhcp && return 0
-}
-
-# Restore xtrace
-$NSX_XTRACE
diff --git a/lib/neutron_plugins/vmware_nsx_v b/lib/neutron_plugins/vmware_nsx_v
new file mode 100644
index 0000000000..3d33c652d1
--- /dev/null
+++ b/lib/neutron_plugins/vmware_nsx_v
@@ -0,0 +1,10 @@
+#!/bin/bash
+#
+# This file is needed so Q_PLUGIN=vmware_nsx_v will work.
+
+# FIXME(salv-orlando): This function should not be here, but unfortunately
+# devstack calls it before the external plugins are fetched
+function has_neutron_plugin_security_group {
+    # 0 means True here
+    return 0
+}
diff --git a/lib/neutron_thirdparty/vmware_nsx b/lib/neutron_thirdparty/vmware_nsx
index 7027a29892..03853a9bf4 100644
--- a/lib/neutron_thirdparty/vmware_nsx
+++ b/lib/neutron_thirdparty/vmware_nsx
@@ -1,89 +1,2 @@
-#!/bin/bash
-#
-# VMware NSX
-# ----------
-
-# This third-party addition can be used to configure connectivity between a DevStack instance
-# and an NSX Gateway in dev/test environments. In order to use this correctly, the following
-# env variables need to be set (e.g. in your localrc file):
-#
-# * enable_service vmware_nsx        --> to execute this third-party addition
-# * PUBLIC_BRIDGE                    --> bridge used for external connectivity, typically br-ex
-# * NSX_GATEWAY_NETWORK_INTERFACE    --> interface used to communicate with the NSX Gateway
-# * NSX_GATEWAY_NETWORK_CIDR         --> CIDR to configure $PUBLIC_BRIDGE, e.g. 172.24.4.211/24
-
-# Save trace setting
-NSX3_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-# This is the interface that connects the Devstack instance
-# to an network that allows it to talk to the gateway for
-# testing purposes
-NSX_GATEWAY_NETWORK_INTERFACE=${NSX_GATEWAY_NETWORK_INTERFACE:-eth2}
-# Re-declare floating range as it's needed also in stop_vmware_nsx, which
-# is invoked by unstack.sh
-FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24}
-
-function configure_vmware_nsx {
-    :
-}
-
-function init_vmware_nsx {
-    if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
-        NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
-        echo "The IP address to set on $PUBLIC_BRIDGE was not specified. "
-        echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
-    fi
-    # Make sure the interface is up, but not configured
-    sudo ip link set $NSX_GATEWAY_NETWORK_INTERFACE up
-    # Save and then flush the IP addresses on the interface
-    addresses=$(ip addr show dev $NSX_GATEWAY_NETWORK_INTERFACE | grep inet | awk {'print $2'})
-    sudo ip addr flush $NSX_GATEWAY_NETWORK_INTERFACE
-    # Use the PUBLIC Bridge to route traffic to the NSX gateway
-    # NOTE(armando-migliaccio): if running in a nested environment this will work
-    # only with mac learning enabled, portsecurity and security profiles disabled
-    # The public bridge might not exist for the NSX plugin if Q_USE_DEBUG_COMMAND is off
-    # Try to create it anyway
-    sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE
-    sudo ovs-vsctl --may-exist add-port $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_INTERFACE
-    nsx_gw_net_if_mac=$(ip link show $NSX_GATEWAY_NETWORK_INTERFACE | awk '/ether/ {print $2}')
-    sudo ip link set address $nsx_gw_net_if_mac dev $PUBLIC_BRIDGE
-    for address in $addresses; do
-        sudo ip addr add dev $PUBLIC_BRIDGE $address
-    done
-    sudo ip addr add dev $PUBLIC_BRIDGE $NSX_GATEWAY_NETWORK_CIDR
-    sudo ip link set $PUBLIC_BRIDGE up
-}
-
-function install_vmware_nsx {
-    :
-}
-
-function start_vmware_nsx {
-    :
-}
-
-function stop_vmware_nsx {
-    if ! is_set NSX_GATEWAY_NETWORK_CIDR; then
-        NSX_GATEWAY_NETWORK_CIDR=$PUBLIC_NETWORK_GATEWAY/${FLOATING_RANGE#*/}
-        echo "The IP address expected on $PUBLIC_BRIDGE was not specified. "
-        echo "Defaulting to "$NSX_GATEWAY_NETWORK_CIDR
-    fi
-    sudo ip addr del $NSX_GATEWAY_NETWORK_CIDR dev $PUBLIC_BRIDGE
-    # Save and then flush remaining addresses on the interface
-    addresses=$(ip addr show dev $PUBLIC_BRIDGE | grep inet | awk {'print $2'})
-    sudo ip addr flush $PUBLIC_BRIDGE
-    # Try to detach physical interface from PUBLIC_BRIDGE
-    sudo ovs-vsctl del-port $NSX_GATEWAY_NETWORK_INTERFACE
-    # Restore addresses on NSX_GATEWAY_NETWORK_INTERFACE
-    for address in $addresses; do
-        sudo ip addr add dev $NSX_GATEWAY_NETWORK_INTERFACE $address
-    done
-}
-
-function check_vmware_nsx {
-    neutron-check-nsx-config $NEUTRON_CONF_DIR/plugins/vmware/nsx.ini
-}
-
-# Restore xtrace
-$NSX3_XTRACE
+# REVISIT(roeyc): this file left empty so that 'enable_service vmware_nsx'
+# continues to work.

From dd4bafd7ef832f6264659af8d63f4db66d32828f Mon Sep 17 00:00:00 2001
From: Peter Stachowski 
Date: Mon, 2 Mar 2015 23:32:04 -0500
Subject: [PATCH 0449/3421] Add guestagent to defined Trove conf variables

When the Trove configuration files were defined in variables, the
guestagent wasn't included. In order for profiling to continue on the
guestagent, its configuration file must be defined as well.
(See https://bugs.launchpad.net/devstack/+bug/1421403)

TROVE_GUESTAGENT_CONF is now defined.

Change-Id: Ie7cb531e2a1eca74100e2466a430e85eaf936263
Closes-Bug: #1427506
---
 lib/trove | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/lib/trove b/lib/trove
index 080e860f03..d77798308b 100644
--- a/lib/trove
+++ b/lib/trove
@@ -37,6 +37,7 @@ TROVE_CONF_DIR=/etc/trove
 TROVE_CONF=$TROVE_CONF_DIR/trove.conf
 TROVE_TASKMANAGER_CONF=$TROVE_CONF_DIR/trove-taskmanager.conf
 TROVE_CONDUCTOR_CONF=$TROVE_CONF_DIR/trove-conductor.conf
+TROVE_GUESTAGENT_CONF=$TROVE_CONF_DIR/trove-guestagent.conf
 TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
 
 TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
@@ -171,18 +172,18 @@ function configure_trove {
     fi
 
     # Set up Guest Agent conf
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_userid $RABBIT_USERID
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_tenant_name trove
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT control_exchange trove
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT ignore_users os_admin
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_dir /var/log/trove/
-    iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_file trove-guestagent.log
-    setup_trove_logging $TROVE_CONF_DIR/trove-guestagent.conf
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT rabbit_userid $RABBIT_USERID
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT rabbit_host $TROVE_HOST_GATEWAY
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT nova_proxy_admin_user radmin
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT nova_proxy_admin_tenant_name trove
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT control_exchange trove
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT ignore_users os_admin
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT log_dir /var/log/trove/
+    iniset $TROVE_GUESTAGENT_CONF DEFAULT log_file trove-guestagent.log
+    setup_trove_logging $TROVE_GUESTAGENT_CONF
 }
 
 # install_troveclient() - Collect source and prepare

From e3ceaedbd7b111c1e8b28510a4eb11e540d4af77 Mon Sep 17 00:00:00 2001
From: Matthew Booth 
Date: Tue, 3 Mar 2015 16:13:31 +0000
Subject: [PATCH 0450/3421] Fix defaulting of REMOTE_CEPH

A typo in lib/ceph was causing REMOTE_CEPH to be defaulted whenever
lib/ceph was sourced, regardless of its existing value. The
`trueorfalse` function takes a variable name as its second argument,
not a value.

Change-Id: Iec846e0b892eaa63a0a2a59aa045bc56d5606af1
---
 lib/ceph | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ceph b/lib/ceph
index a6b8cc8b57..251cfd1449 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -71,7 +71,7 @@ CEPH_REPLICAS=${CEPH_REPLICAS:-1}
 CEPH_REPLICAS_SEQ=$(seq ${CEPH_REPLICAS})
 
 # Connect to an existing Ceph cluster
-REMOTE_CEPH=$(trueorfalse False $REMOTE_CEPH)
+REMOTE_CEPH=$(trueorfalse False REMOTE_CEPH)
 REMOTE_CEPH_ADMIN_KEY_PATH=${REMOTE_CEPH_ADMIN_KEY_PATH:-$CEPH_CONF_DIR/ceph.client.admin.keyring}
 
 

From 0fdf34959eb8f330301adfcd0ab1cfe975b5460c Mon Sep 17 00:00:00 2001
From: Matthew Booth 
Date: Tue, 3 Mar 2015 16:37:35 +0000
Subject: [PATCH 0451/3421] Don't cleanup ceph config when REMOTE_CEPH=True

If REMOTE_CEPH=True then we didn't write the contents of /etc/ceph, so
we shouldn't delete them.

Change-Id: I6291c6562a2864de775b1acb4be0be35b866f30d
---
 lib/ceph | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index 251cfd1449..76747ccd77 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -151,14 +151,14 @@ function cleanup_ceph_embedded {
     if [[ -e ${CEPH_DISK_IMAGE} ]]; then
         sudo rm -f ${CEPH_DISK_IMAGE}
     fi
+
+    # purge ceph config file and keys
+    sudo rm -rf ${CEPH_CONF_DIR}/*
 }
 
 function cleanup_ceph_general {
     undefine_virsh_secret
     uninstall_package ceph ceph-common python-ceph libcephfs1 > /dev/null 2>&1
-
-    # purge ceph config file and keys
-    sudo rm -rf ${CEPH_CONF_DIR}/*
 }
 
 

From aca8a7fd991484a59fc20aadc3cedb339fc55ca5 Mon Sep 17 00:00:00 2001
From: Dan Smith 
Date: Tue, 3 Mar 2015 08:50:27 -0800
Subject: [PATCH 0452/3421] Add support for oslo.versionedobjects

Change-Id: I01dba39259a3b264d4ec2b21db8429d340751979
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/oslo b/lib/oslo
index 18cddc193e..86efb60a4e 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -36,6 +36,7 @@ GITDIR["oslo.policy"]=$DEST/oslo.policy
 GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap
 GITDIR["oslo.serialization"]=$DEST/oslo.serialization
 GITDIR["oslo.utils"]=$DEST/oslo.utils
+GITDIR["oslo.versionedobjects"]=$DEST/oslo.versionedobjects
 GITDIR["oslo.vmware"]=$DEST/oslo.vmware
 GITDIR["pycadf"]=$DEST/pycadf
 GITDIR["stevedore"]=$DEST/stevedore
@@ -72,6 +73,7 @@ function install_oslo {
     _do_install_oslo_lib "oslo.rootwrap"
     _do_install_oslo_lib "oslo.serialization"
     _do_install_oslo_lib "oslo.utils"
+    _do_install_oslo_lib "oslo.versionedobjects"
     _do_install_oslo_lib "oslo.vmware"
     _do_install_oslo_lib "pycadf"
     _do_install_oslo_lib "stevedore"
diff --git a/stackrc b/stackrc
index 103be6de66..30706ebd4a 100644
--- a/stackrc
+++ b/stackrc
@@ -361,6 +361,10 @@ GITBRANCH["oslo.serialization"]=${OSLOSERIALIZATION_BRANCH:-master}
 GITREPO["oslo.utils"]=${OSLOUTILS_REPO:-${GIT_BASE}/openstack/oslo.utils.git}
 GITBRANCH["oslo.utils"]=${OSLOUTILS_BRANCH:-master}
 
+# oslo.versionedobjects
+GITREPO["oslo.versionedobjects"]=${OSLOVERSIONEDOBJECTS_REPO:-${GIT_BASE}/openstack/oslo.versionedobjects.git}
+GITBRANCH["oslo.versionedobjects"]=${OSLOVERSIONEDOBJECTS_BRANCH:-master}
+
 # oslo.vmware
 GITREPO["oslo.vmware"]=${OSLOVMWARE_REPO:-${GIT_BASE}/openstack/oslo.vmware.git}
 GITBRANCH["oslo.vmware"]=${OSLOVMWARE_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 472b0ea4af..0bec584aad 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -34,8 +34,8 @@ ALL_LIBS+=" python-keystoneclient taskflow oslo.middleware pycadf"
 ALL_LIBS+=" python-glanceclient python-ironicclient tempest-lib"
 ALL_LIBS+=" oslo.messaging oslo.log cliff python-heatclient stevedore"
 ALL_LIBS+=" python-cinderclient glance_store oslo.concurrency oslo.db"
-ALL_LIBS+=" oslo.vmware keystonemiddleware oslo.serialization"
-ALL_LIBS+=" python-saharaclient django_openstack_auth"
+ALL_LIBS+=" oslo.versionedobjects oslo.vmware keystonemiddleware"
+ALL_LIBS+=" oslo.serialization python-saharaclient django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"

From 93e682c558f954fa35a00d7cc6a6903e8ed59178 Mon Sep 17 00:00:00 2001
From: Doug Wiegley 
Date: Tue, 3 Mar 2015 10:31:30 -0700
Subject: [PATCH 0453/3421] Revert change to remove lbaas from devstack; it
 breaks grenade.

Change-Id: Ie2adaeb7f27d6d646ca2e6e575fb430b9b74b276
---
 functions-common                          | 19 --------
 lib/neutron                               | 53 ++++++++++++++++-------
 lib/neutron_plugins/services/loadbalancer | 49 +++++++++++++++++++++
 stackrc                                   |  3 --
 4 files changed, 86 insertions(+), 38 deletions(-)
 create mode 100644 lib/neutron_plugins/services/loadbalancer

diff --git a/functions-common b/functions-common
index 267dfe8622..df69cbad16 100644
--- a/functions-common
+++ b/functions-common
@@ -1601,25 +1601,6 @@ function enable_plugin {
     GITBRANCH[$name]=$branch
 }
 
-# is_plugin_enabled
-#
-# Has a particular plugin been enabled?
-function is_plugin_enabled {
-    local plugins=$@
-    local plugin
-    local enabled=1
-
-    # short circuit if nothing to do
-    if [[ -z ${DEVSTACK_PLUGINS} ]]; then
-        return $enabled
-    fi
-
-    for plugin in ${plugins}; do
-        [[ ,${DEVSTACK_PLUGINS}, =~ ,${plugin}, ]] && enabled=0
-    done
-    return $enabled
-}
-
 # fetch_plugins
 #
 # clones all plugins
diff --git a/lib/neutron b/lib/neutron
index a0f9c362f2..a7aabc5909 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -100,8 +100,10 @@ IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
 # Set up default directories
 GITDIR["python-neutronclient"]=$DEST/python-neutronclient
 
+
 NEUTRON_DIR=$DEST/neutron
 NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
+NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
 NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 
@@ -114,7 +116,6 @@ fi
 
 NEUTRON_CONF_DIR=/etc/neutron
 NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
-
 export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
 
 # Agent binaries.  Note, binary paths for other agents are set in per-service
@@ -325,6 +326,12 @@ ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
 # Please refer to ``lib/neutron_plugins/README.md`` for details.
 source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
 
+# Agent loadbalancer service plugin functions
+# -------------------------------------------
+
+# Hardcoding for 1 service plugin for now
+source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
+
 # Agent metering service plugin functions
 # -------------------------------------------
 
@@ -351,17 +358,6 @@ fi
 TEMPEST_SERVICES+=,neutron
 
 
-# For backward compatibility, if q-lbaas service is enabled, make sure to load the
-# neutron-lbaas plugin.  This hook should be removed in a future release, perhaps
-# as early as Liberty.
-
-if is_service_enabled q-lbaas; then
-    if ! is_plugin_enabled neutron-lbaas; then
-        DEPRECATED_TEXT+="External plugin neutron-lbaas has been automatically activated, please add the appropriate enable_plugin to your local.conf. This will be removed in the Liberty cycle."
-        enable_plugin "neutron-lbaas" ${NEUTRON_LBAAS_REPO} ${NEUTRON_LBAAS_BRANCH}
-    fi
-fi
-
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
@@ -429,7 +425,9 @@ function configure_neutron {
     iniset_rpc_backend neutron $NEUTRON_CONF DEFAULT
 
     # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
-
+    if is_service_enabled q-lbaas; then
+        _configure_neutron_lbaas
+    fi
     if is_service_enabled q-metering; then
         _configure_neutron_metering
     fi
@@ -607,8 +605,7 @@ function init_neutron {
     recreate_database $Q_DB_NAME
     # Run Neutron db migrations
     $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-
-    for svc in fwaas vpnaas; do
+    for svc in fwaas lbaas vpnaas; do
         if [ "$svc" = "vpnaas" ]; then
             q_svc="q-vpn"
         else
@@ -628,6 +625,10 @@ function install_neutron {
         git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
         setup_develop $NEUTRON_FWAAS_DIR
     fi
+    if is_service_enabled q-lbaas; then
+        git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
+        setup_develop $NEUTRON_LBAAS_DIR
+    fi
     if is_service_enabled q-vpn; then
         git_clone $NEUTRON_VPNAAS_REPO $NEUTRON_VPNAAS_DIR $NEUTRON_VPNAAS_BRANCH
         setup_develop $NEUTRON_VPNAAS_DIR
@@ -671,6 +672,10 @@ function install_neutron_agent_packages {
     if is_service_enabled q-agt q-dhcp q-l3; then
         neutron_plugin_install_agent_packages
     fi
+
+    if is_service_enabled q-lbaas; then
+        neutron_agent_lbaas_install_agent_packages
+    fi
 }
 
 # Start running processes, including screen
@@ -730,6 +735,10 @@ function start_neutron_agents {
         run_process q-domua "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
     fi
 
+    if is_service_enabled q-lbaas; then
+        run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
+    fi
+
     if is_service_enabled q-metering; then
         run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
     fi
@@ -753,6 +762,9 @@ function stop_neutron {
 
     stop_process q-agt
 
+    if is_service_enabled q-lbaas; then
+        neutron_lbaas_stop
+    fi
     if is_service_enabled q-fwaas; then
         neutron_fwaas_stop
     fi
@@ -780,11 +792,12 @@ function cleanup_neutron {
     fi
 
     # delete all namespaces created by neutron
-    for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|fip|snat)-[0-9a-f-]*'); do
+    for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
         sudo ip netns delete ${ns}
     done
 }
 
+
 function _create_neutron_conf_dir {
     # Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
     if [[ ! -d $NEUTRON_CONF_DIR ]]; then
@@ -954,6 +967,14 @@ function _configure_neutron_ceilometer_notifications {
     iniset $NEUTRON_CONF DEFAULT notification_driver messaging
 }
 
+function _configure_neutron_lbaas {
+    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then
+        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR
+    fi
+    neutron_agent_lbaas_configure_common
+    neutron_agent_lbaas_configure_agent
+}
+
 function _configure_neutron_metering {
     neutron_agent_metering_configure_common
     neutron_agent_metering_configure_agent
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
new file mode 100644
index 0000000000..f465cc94b4
--- /dev/null
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -0,0 +1,49 @@
+# Neutron loadbalancer plugin
+# ---------------------------
+
+# Save trace setting
+LB_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+AGENT_LBAAS_BINARY="$NEUTRON_BIN_DIR/neutron-lbaas-agent"
+LBAAS_PLUGIN=neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin
+
+function neutron_agent_lbaas_install_agent_packages {
+    if is_ubuntu || is_fedora || is_suse; then
+        install_package haproxy
+    fi
+}
+
+function neutron_agent_lbaas_configure_common {
+    _neutron_service_plugin_class_add $LBAAS_PLUGIN
+    _neutron_deploy_rootwrap_filters $NEUTRON_LBAAS_DIR
+}
+
+function neutron_agent_lbaas_configure_agent {
+    LBAAS_AGENT_CONF_PATH=/etc/neutron/services/loadbalancer/haproxy
+    mkdir -p $LBAAS_AGENT_CONF_PATH
+
+    LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini"
+
+    cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME
+
+    # ovs_use_veth needs to be set before the plugin configuration
+    # occurs to allow plugins to override the setting.
+    iniset $LBAAS_AGENT_CONF_FILENAME DEFAULT ovs_use_veth $Q_OVS_USE_VETH
+
+    neutron_plugin_setup_interface_driver $LBAAS_AGENT_CONF_FILENAME
+
+    if is_fedora; then
+        iniset $LBAAS_AGENT_CONF_FILENAME DEFAULT user_group "nobody"
+        iniset $LBAAS_AGENT_CONF_FILENAME haproxy user_group "nobody"
+    fi
+}
+
+function neutron_lbaas_stop {
+    pids=$(ps aux | awk '/haproxy/ { print $2 }')
+    [ ! -z "$pids" ] && sudo kill $pids
+}
+
+# Restore xtrace
+$LB_XTRACE
diff --git a/stackrc b/stackrc
index 103be6de66..cb044b8fed 100644
--- a/stackrc
+++ b/stackrc
@@ -198,9 +198,6 @@ NEUTRON_FWAAS_REPO=${NEUTRON_FWAAS_REPO:-${GIT_BASE}/openstack/neutron-fwaas.git
 NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-master}
 
 # neutron lbaas service
-# The neutron-lbaas specific entries are deprecated and replaced by the neutron-lbaas
-# devstack plugin and should be removed in a future release, possibly as soon as Liberty.
-
 NEUTRON_LBAAS_REPO=${NEUTRON_LBAAS_REPO:-${GIT_BASE}/openstack/neutron-lbaas.git}
 NEUTRON_LBAAS_BRANCH=${NEUTRON_LBAAS_BRANCH:-master}
 

From 802473e45ab897144d81d48164d8342763a119d8 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Wed, 4 Mar 2015 11:14:00 +0100
Subject: [PATCH 0454/3421] Do not install the python-virtualenv on Fedora

The files/rpms/general:python-virtualenv explicitly
installed this package on Fedoras.

This package is not installed on other distros by devstack
by default.

If you stack/unstack the package gets reinstalled,
and confuses the system about the installed virtual-env version.
The uninstall works in CI, but it can be problematic when you do
reinstalls on the same machine.

The uninstall introduced by
834b804d3eda9029d3c66db0ab732a76a22ed08b, this commit deos not
has any reference to the external bug what it supposed to solve.

Related RDO thread started here:
https://www.redhat.com/archives/rdo-list/2015-March/msg00015.html

Change-Id: I4a723f179bdc28d39a4910fb9e3787e9e67c354b
---
 files/rpms/general | 1 -
 1 file changed, 1 deletion(-)

diff --git a/files/rpms/general b/files/rpms/general
index 56a933190c..cf406325e7 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -15,7 +15,6 @@ libxslt-devel
 psmisc
 pylint
 python-unittest2
-python-virtualenv
 python-devel
 screen
 tar

From e2d2d65aa517fdf88cbdd0248d72eb6473bb14c6 Mon Sep 17 00:00:00 2001
From: Zhenzan Zhou 
Date: Sat, 28 Feb 2015 11:13:27 +0800
Subject: [PATCH 0455/3421] Fix ironic port-create deprecated option

A recent ironicclient commit If05d51b09d787ccfbf6f6d35d8e752d42f673601
deprecated --node_uuid, now it should use --node.

Change-Id: Ia97074bd2ce92645ac4b4151824098cb99434117
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index ade889ef75..0c549b6e68 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -600,7 +600,7 @@ function enroll_nodes {
             $node_options \
             | grep " uuid " | get_field 2)
 
-        ironic port-create --address $mac_address --node_uuid $node_id
+        ironic port-create --address $mac_address --node $node_id
 
         total_nodes=$((total_nodes+1))
         total_cpus=$((total_cpus+$ironic_node_cpu))

From ab7df5ea1d4bd579c97bc739d7b9893df1715845 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 4 Mar 2015 16:25:40 -0800
Subject: [PATCH 0456/3421] Add cryptography to list if files to build before
 hand

building this takes 20 seconds or so

Change-Id: I95c71b1d0255c02038006bc743125ff2c49d9da9
---
 files/venv-requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/venv-requirements.txt b/files/venv-requirements.txt
index 3c50061e96..8417b92408 100644
--- a/files/venv-requirements.txt
+++ b/files/venv-requirements.txt
@@ -1,3 +1,4 @@
+cryptography
 lxml
 MySQL-python
 netifaces

From 8c32e0df7bf35e860ce95e5db3c78e5d6dd33ff6 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Wed, 4 Mar 2015 14:53:05 -0800
Subject: [PATCH 0457/3421] Set rootfstype=ramfs for low memory Ironic nodes

When running with low memory (<1024), we need to switch from the default
rootfstype from tmpfs to ramfs to ensure nodes can decompress deployment
ramdisks.

Change-Id: I1b9dd614e592d99b2f59dea899b1ed3859ae0811
---
 lib/ironic | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index bc30cdbeba..325bee9060 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -343,13 +343,24 @@ function configure_ironic_conductor {
     iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
     iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
     iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
+
+    local pxe_params=""
     if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
-        local pxe_params="nofb nomodeset vga=normal console=ttyS0"
+        pxe_params+="nofb nomodeset vga=normal console=ttyS0"
         if is_deployed_with_ipa_ramdisk; then
             pxe_params+=" systemd.journald.forward_to_console=yes"
         fi
+    fi
+    # When booting with less than 1GB, we need to switch from default tmpfs
+    # to ramfs for ramdisks to decompress successfully.
+    if (is_ironic_hardware && [[ "$IRONIC_HW_NODE_RAM" -lt 1024 ]]) ||
+        (! is_ironic_hardware && [[ "$IRONIC_VM_SPECS_RAM" -lt 1024 ]]); then
+        pxe_params+=" rootfstype=ramfs"
+    fi
+    if [[ -n "$pxe_params" ]]; then
         iniset $IRONIC_CONF_FILE pxe pxe_append_params "$pxe_params"
     fi
+
     if is_deployed_by_agent; then
         if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then
             iniset $IRONIC_CONF_FILE glance swift_temp_url_key $SWIFT_TEMPURL_KEY

From 249e36dec6198c1dfd8e4f80d1f0a815fe6f36aa Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Thu, 5 Mar 2015 14:01:45 +1300
Subject: [PATCH 0458/3421] Remove lib/dib

diskimage-builder is a utility rather than a service, and is already
installed in devstack via pip when required.

lib/dib was created to allow an image to be created during a devstack
run for the heat functional tests, however this approach is no longer
being taken and there are no other known uses for lib/dib.

This change removes lib/dib and moves the pip mirror building to
lib/heat so that snapshot pip packages of the heat agent projects can
be made available to servers which the heat functional tests boot.

This also removes tripleo-image-elements, which has never
been utilised, and since images won't be created
during heat functional test runs it is no longer required.

Change-Id: Ic77f841437ea23c0645d3a34d9dd6bfd1ee28714
---
 doc/source/index.rst                |   2 -
 extras.d/40-dib.sh                  |  27 -----
 files/apache-dib-pip-repo.template  |  15 ---
 files/apache-heat-pip-repo.template |  15 +++
 lib/dib                             | 149 ----------------------------
 lib/heat                            |  69 ++++++++-----
 stack.sh                            |   6 +-
 stackrc                             |  10 +-
 8 files changed, 65 insertions(+), 228 deletions(-)
 delete mode 100644 extras.d/40-dib.sh
 delete mode 100644 files/apache-dib-pip-repo.template
 create mode 100644 files/apache-heat-pip-repo.template
 delete mode 100644 lib/dib

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 10f4355c07..cfde99132d 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -158,7 +158,6 @@ Scripts
 * `lib/cinder `__
 * `lib/config `__
 * `lib/database `__
-* `lib/dib `__
 * `lib/dstat `__
 * `lib/glance `__
 * `lib/heat `__
@@ -181,7 +180,6 @@ Scripts
 * `clean.sh `__
 * `run\_tests.sh `__
 
-* `extras.d/40-dib.sh `__
 * `extras.d/50-ironic.sh `__
 * `extras.d/60-ceph.sh `__
 * `extras.d/70-sahara.sh `__
diff --git a/extras.d/40-dib.sh b/extras.d/40-dib.sh
deleted file mode 100644
index fdae01191f..0000000000
--- a/extras.d/40-dib.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-# dib.sh - Devstack extras script to install diskimage-builder
-
-if is_service_enabled dib; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source
-        source $TOP_DIR/lib/dib
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing diskimage-builder"
-        install_dib
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        # no-op
-        :
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        # no-op
-        :
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        # no-op
-        :
-    fi
-
-    if [[ "$1" == "clean" ]]; then
-        # no-op
-        :
-    fi
-fi
diff --git a/files/apache-dib-pip-repo.template b/files/apache-dib-pip-repo.template
deleted file mode 100644
index 5d2379b5bb..0000000000
--- a/files/apache-dib-pip-repo.template
+++ /dev/null
@@ -1,15 +0,0 @@
-Listen %DIB_PIP_REPO_PORT%
-
-
-    DocumentRoot %DIB_PIP_REPO%
-    
-        DirectoryIndex index.html
-        Require all granted
-        Order allow,deny
-        allow from all
-    
-
-    ErrorLog /var/log/%APACHE_NAME%/dib_pip_repo_error.log
-    LogLevel warn
-    CustomLog /var/log/%APACHE_NAME%/dib_pip_repo_access.log combined
-
diff --git a/files/apache-heat-pip-repo.template b/files/apache-heat-pip-repo.template
new file mode 100644
index 0000000000..d88ac3e35a
--- /dev/null
+++ b/files/apache-heat-pip-repo.template
@@ -0,0 +1,15 @@
+Listen %HEAT_PIP_REPO_PORT%
+
+
+    DocumentRoot %HEAT_PIP_REPO%
+    
+        DirectoryIndex index.html
+        Require all granted
+        Order allow,deny
+        allow from all
+    
+
+    ErrorLog /var/log/%APACHE_NAME%/heat_pip_repo_error.log
+    LogLevel warn
+    CustomLog /var/log/%APACHE_NAME%/heat_pip_repo_access.log combined
+
diff --git a/lib/dib b/lib/dib
deleted file mode 100644
index 88d9fd8434..0000000000
--- a/lib/dib
+++ /dev/null
@@ -1,149 +0,0 @@
-#!/bin/bash
-#
-# lib/dib
-# Install and build images with **diskimage-builder**
-
-# Dependencies:
-#
-# - functions
-# - DEST, DATA_DIR must be defined
-
-# stack.sh
-# ---------
-# - install_dib
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-# Defaults
-# --------
-
-# set up default directories
-DIB_DIR=$DEST/diskimage-builder
-TIE_DIR=$DEST/tripleo-image-elements
-
-# NOTE: Setting DIB_APT_SOURCES assumes you will be building
-# Debian/Ubuntu based images. Leave unset for other flavors.
-DIB_APT_SOURCES=${DIB_APT_SOURCES:-""}
-DIB_BUILD_OFFLINE=$(trueorfalse False DIB_BUILD_OFFLINE)
-DIB_IMAGE_CACHE=$DATA_DIR/diskimage-builder/image-create
-DIB_PIP_REPO=$DATA_DIR/diskimage-builder/pip-repo
-DIB_PIP_REPO_PORT=${DIB_PIP_REPO_PORT:-8899}
-
-OCC_DIR=$DEST/os-collect-config
-ORC_DIR=$DEST/os-refresh-config
-OAC_DIR=$DEST/os-apply-config
-
-# Functions
-# ---------
-
-# install_dib() - Collect source and prepare
-function install_dib {
-    pip_install diskimage-builder
-
-    git_clone $TIE_REPO $TIE_DIR $TIE_BRANCH
-    git_clone $OCC_REPO $OCC_DIR $OCC_BRANCH
-    git_clone $ORC_REPO $ORC_DIR $ORC_BRANCH
-    git_clone $OAC_REPO $OAC_DIR $OAC_BRANCH
-    mkdir -p $DIB_IMAGE_CACHE
-}
-
-# build_dib_pip_repo() - Builds a local pip repo from local projects
-function build_dib_pip_repo {
-    local project_dirs=$1
-    local projpath proj package
-
-    rm -rf $DIB_PIP_REPO
-    mkdir -p $DIB_PIP_REPO
-
-    echo "" > $DIB_PIP_REPO/index.html
-    for projpath in $project_dirs; do
-        proj=$(basename $projpath)
-        mkdir -p $DIB_PIP_REPO/$proj
-        pushd $projpath
-        rm -rf dist
-        python setup.py sdist
-        pushd dist
-        package=$(ls *)
-        mv $package $DIB_PIP_REPO/$proj/$package
-        popd
-
-        echo "$package" > $DIB_PIP_REPO/$proj/index.html
-        echo "$proj
        " >> $DIB_PIP_REPO/index.html
-
-        popd
-    done
-
-    echo "" >> $DIB_PIP_REPO/index.html
-
-    local dib_pip_repo_apache_conf=$(apache_site_config_for dib_pip_repo)
-
-    sudo cp $FILES/apache-dib-pip-repo.template $dib_pip_repo_apache_conf
-    sudo sed -e "
-        s|%DIB_PIP_REPO%|$DIB_PIP_REPO|g;
-        s|%DIB_PIP_REPO_PORT%|$DIB_PIP_REPO_PORT|g;
-        s|%APACHE_NAME%|$APACHE_NAME|g;
-    " -i $dib_pip_repo_apache_conf
-    enable_apache_site dib_pip_repo
-}
-
-# disk_image_create_upload() - Creates and uploads a diskimage-builder built image
-function disk_image_create_upload {
-
-    local image_name=$1
-    local image_elements=$2
-    local elements_path=$3
-
-    local image_path=$TOP_DIR/files/$image_name.qcow2
-
-    # Include the apt-sources element in builds if we have an
-    # alternative sources.list specified.
-    if [ -n "$DIB_APT_SOURCES" ]; then
-        if [ ! -e "$DIB_APT_SOURCES" ]; then
-            die $LINENO "DIB_APT_SOURCES set but not found at $DIB_APT_SOURCES"
-        fi
-        local extra_elements="apt-sources"
-    fi
-
-    # Set the local pip repo as the primary index mirror so the
-    # image is built with local packages
-    local pypi_mirror_url=http://$SERVICE_HOST:$DIB_PIP_REPO_PORT/
-    local pypi_mirror_url_1
-
-    if [ -a $HOME/.pip/pip.conf ]; then
-        # Add the current pip.conf index-url as an extra-index-url
-        # in the image build
-        pypi_mirror_url_1=$(iniget $HOME/.pip/pip.conf global index-url)
-    else
-        # If no pip.conf, set upstream pypi as an extra mirror
-        # (this also sets the .pydistutils.cfg index-url)
-        pypi_mirror_url_1=http://pypi.python.org/simple
-    fi
-
-    # The disk-image-create command to run
-    ELEMENTS_PATH=$elements_path \
-    DIB_APT_SOURCES=$DIB_APT_SOURCES \
-    DIB_OFFLINE=$DIB_BUILD_OFFLINE \
-    PYPI_MIRROR_URL=$pypi_mirror_url \
-    PYPI_MIRROR_URL_1=$pypi_mirror_url_1 \
-    disk-image-create -a amd64 $image_elements ${extra_elements:-} \
-        --image-cache $DIB_IMAGE_CACHE \
-        -o $image_path
-
-    local token=$(keystone token-get | grep ' id ' | get_field 2)
-    die_if_not_set $LINENO token "Keystone fail to get token"
-
-    glance --os-auth-token $token --os-image-url http://$GLANCE_HOSTPORT \
-        image-create --name $image_name --is-public True \
-        --container-format=bare --disk-format qcow2 \
-        < $image_path
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/lib/heat b/lib/heat
index c1021639b4..a088e82886 100644
--- a/lib/heat
+++ b/lib/heat
@@ -8,9 +8,7 @@
 #   ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
 
 # Dependencies:
-#
-# - functions
-# - dib (if HEAT_CREATE_TEST_IMAGE=True)
+# (none)
 
 # stack.sh
 # ---------
@@ -37,6 +35,13 @@ GITDIR["python-heatclient"]=$DEST/python-heatclient
 HEAT_DIR=$DEST/heat
 HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
 HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
+OCC_DIR=$DEST/os-collect-config
+ORC_DIR=$DEST/os-refresh-config
+OAC_DIR=$DEST/os-apply-config
+
+HEAT_PIP_REPO=$DATA_DIR/heat-pip-repo
+HEAT_PIP_REPO_PORT=${HEAT_PIP_REPO_PORT:-8899}
+
 HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
 HEAT_STANDALONE=$(trueorfalse False HEAT_STANDALONE)
 HEAT_ENABLE_ADOPT_ABANDON=$(trueorfalse False HEAT_ENABLE_ADOPT_ABANDON)
@@ -47,10 +52,6 @@ HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
 HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
 HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
 HEAT_API_PORT=${HEAT_API_PORT:-8004}
-HEAT_FUNCTIONAL_IMAGE_ELEMENTS=${HEAT_FUNCTIONAL_IMAGE_ELEMENTS:-\
-vm fedora selinux-permissive pypi  os-collect-config os-refresh-config \
-os-apply-config heat-cfntools heat-config heat-config-cfn-init \
-heat-config-puppet heat-config-script}
 
 
 # other default options
@@ -296,22 +297,44 @@ function create_heat_accounts {
     fi
 }
 
-# build_heat_functional_test_image() - Build and upload functional test image
-function build_heat_functional_test_image {
-    if is_service_enabled dib; then
-        build_dib_pip_repo "$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
-        local image_name=heat-functional-tests-image
-
-        # Elements path for tripleo-image-elements and heat-templates software-config
-        local elements_path=$TIE_DIR/elements:$HEAT_TEMPLATES_REPO_DIR/hot/software-config/elements
-
-        disk_image_create_upload "$image_name" "$HEAT_FUNCTIONAL_IMAGE_ELEMENTS" "$elements_path"
-        iniset $TEMPEST_CONFIG orchestration image_ref $image_name
-    else
-        echo "Error, HEAT_CREATE_TEST_IMAGE=True requires dib" >&2
-        echo "Add \"enable_service dib\" to your localrc" >&2
-        exit 1
-    fi
+# build_heat_pip_mirror() - Build a pip mirror containing heat agent projects
+function build_heat_pip_mirror {
+    local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
+    local projpath proj package
+
+    rm -rf $HEAT_PIP_REPO
+    mkdir -p $HEAT_PIP_REPO
+
+    echo "" > $HEAT_PIP_REPO/index.html
+    for projpath in $project_dirs; do
+        proj=$(basename $projpath)
+        mkdir -p $HEAT_PIP_REPO/$proj
+        pushd $projpath
+        rm -rf dist
+        python setup.py sdist
+        pushd dist
+        package=$(ls *)
+        mv $package $HEAT_PIP_REPO/$proj/$package
+        popd
+
+        echo "$package" > $HEAT_PIP_REPO/$proj/index.html
+        echo "$proj
        " >> $HEAT_PIP_REPO/index.html
+
+        popd
+    done
+
+    echo "" >> $HEAT_PIP_REPO/index.html
+
+    local heat_pip_repo_apache_conf=$(apache_site_config_for heat_pip_repo)
+
+    sudo cp $FILES/apache-heat-pip-repo.template $heat_pip_repo_apache_conf
+    sudo sed -e "
+        s|%HEAT_PIP_REPO%|$HEAT_PIP_REPO|g;
+        s|%HEAT_PIP_REPO_PORT%|$HEAT_PIP_REPO_PORT|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+    " -i $heat_pip_repo_apache_conf
+    enable_apache_site heat_pip_repo
+    restart_apache_server
 }
 
 # Restore xtrace
diff --git a/stack.sh b/stack.sh
index 2ac7dfadeb..bf9fc0118e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1227,9 +1227,9 @@ if is_service_enabled heat; then
     init_heat
     echo_summary "Starting Heat"
     start_heat
-    if [ "$HEAT_CREATE_TEST_IMAGE" = "True" ]; then
-        echo_summary "Building Heat functional test image"
-        build_heat_functional_test_image
+    if [ "$HEAT_BUILD_PIP_MIRROR" = "True" ]; then
+        echo_summary "Building Heat pip mirror"
+        build_heat_pip_mirror
     fi
 fi
 
diff --git a/stackrc b/stackrc
index cb044b8fed..efea1e4560 100644
--- a/stackrc
+++ b/stackrc
@@ -419,14 +419,10 @@ GITBRANCH["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_BRANCH:-master}
 
 ##################
 #
-#  TripleO Components
+#  TripleO / Heat Agent Components
 #
 ##################
 
-# diskimage-builder
-DIB_REPO=${DIB_REPO:-${GIT_BASE}/openstack/diskimage-builder.git}
-DIB_BRANCH=${DIB_BRANCH:-master}
-
 # os-apply-config configuration template tool
 OAC_REPO=${OAC_REPO:-${GIT_BASE}/openstack/os-apply-config.git}
 OAC_BRANCH=${OAC_BRANCH:-master}
@@ -439,10 +435,6 @@ OCC_BRANCH=${OCC_BRANCH:-master}
 ORC_REPO=${ORC_REPO:-${GIT_BASE}/openstack/os-refresh-config.git}
 ORC_BRANCH=${ORC_BRANCH:-master}
 
-# Tripleo elements for diskimage-builder images
-TIE_REPO=${TIE_REPO:-${GIT_BASE}/openstack/tripleo-image-elements.git}
-TIE_BRANCH=${TIE_BRANCH:-master}
-
 #################
 #
 #  3rd Party Components (non pip installable)

From cd8824ac04989e625d7f1ae442498383250932a9 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Wed, 4 Mar 2015 16:40:19 -0800
Subject: [PATCH 0459/3421] Pass PIP_FIND_LINKS through sudo to pip

We weren't actually using the wheels since PIP_FIND_LINKS environmental
variable was getting lost during the sudo

Change-Id: I4a89a70df63772a16ee5a8c3f1cd86e9c7bb5242
---
 inc/python | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inc/python b/inc/python
index dfc4d63ca4..d72c3c94d7 100644
--- a/inc/python
+++ b/inc/python
@@ -97,6 +97,7 @@ function pip_install {
         http_proxy=${http_proxy:-} \
         https_proxy=${https_proxy:-} \
         no_proxy=${no_proxy:-} \
+        PIP_FIND_LINKS=$PIP_FIND_LINKS \
         $cmd_pip install \
         $@
 
@@ -108,6 +109,7 @@ function pip_install {
                 http_proxy=${http_proxy:-} \
                 https_proxy=${https_proxy:-} \
                 no_proxy=${no_proxy:-} \
+                PIP_FIND_LINKS=$PIP_FIND_LINKS \
                 $cmd_pip install \
                 -r $test_req
         fi

From 82450a5ebcc050bc4161d99dc5e6d41d7b289a40 Mon Sep 17 00:00:00 2001
From: Baohua Yang 
Date: Thu, 5 Mar 2015 17:14:06 +0800
Subject: [PATCH 0460/3421] Fix typo of setings to settings

The typo happens at the head part, and only one time occurs.

Change-Id: Ic6d3d8e17447066fe5e8ab867b10516dc8f185cc
---
 samples/local.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/local.conf b/samples/local.conf
index 9e0b540250..e4052c21ac 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -3,7 +3,7 @@
 # NOTE: Copy this file to the root ``devstack`` directory for it to
 # work properly.
 
-# ``local.conf`` is a user-maintained setings file that is sourced from ``stackrc``.
+# ``local.conf`` is a user-maintained settings file that is sourced from ``stackrc``.
 # This gives it the ability to override any variables set in ``stackrc``.
 # Also, most of the settings in ``stack.sh`` are written to only be set if no
 # value has already been set; this lets ``local.conf`` effectively override the

From 1340ee72bfefa5a4fd0930cb90987275301280c8 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Fri, 6 Mar 2015 21:11:55 +0000
Subject: [PATCH 0461/3421] XenAPI: Default JEOS VM to only use 1GB RAM

While Devstack needs 4GB RAM (or more!) the JEOS
used as the base for the Devstack VM for XenServer
needs much less.  Allowing the initial install to
use 1GB means we have lower requirements overall

Change-Id: Iecaeeb4db0dffcc43c5532b5d57cb041d47047a6
---
 tools/xen/install_os_domU.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index 082c27e8f3..b49347e09b 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -227,7 +227,7 @@ if [ -z "$templateuuid" ]; then
         -n "$UBUNTU_INST_BRIDGE_OR_NET_NAME" \
         -l "$GUEST_NAME"
 
-    set_vm_memory "$GUEST_NAME" "$OSDOMU_MEM_MB"
+    set_vm_memory "$GUEST_NAME" "1024"
 
     xe vm-start vm="$GUEST_NAME"
 

From 40ce320bb013f850a47d32781dd2f77a4d7927fa Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Fri, 6 Mar 2015 15:33:32 -0800
Subject: [PATCH 0462/3421] Temporarily stop building mumpy wheel

It turns out we aren't actually using this wheel since we are still
installing the deb python-numpy, and building numpy takes several
minutes which is a lot considering we do it on every single dsvm job.

So until we have wheel caching in place, and are actually using the
version we build ourselves, stop wasting time.

Change-Id: I7643c55598e5ecc29ea708c537818b37a8047d4b
---
 files/venv-requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/venv-requirements.txt b/files/venv-requirements.txt
index 8417b92408..e473a2fe02 100644
--- a/files/venv-requirements.txt
+++ b/files/venv-requirements.txt
@@ -2,7 +2,7 @@ cryptography
 lxml
 MySQL-python
 netifaces
-numpy
+#numpy    # slowest wheel by far, stop building until we are actually using the output
 posix-ipc
 psycopg2
 pycrypto

From a3c103be7dd218168fcd9f4d78a113490902a26d Mon Sep 17 00:00:00 2001
From: Akihiro Motoki 
Date: Sun, 8 Mar 2015 15:13:23 +0900
Subject: [PATCH 0463/3421] neutron-nec: Vendor code split

Neutron NEC plugin support is configured using DevStack external
plugin mechanism. The following needs to be added in local.conf:

Q_PLUGIN=nec
enable_plugin networking-nec https://git.openstack.org/stackforge/networking-nec

Also removes lib/neutron_thirdparty/trema and files/debs/trema.
DevStack external plugin for Trema Sliceable Switch is available
and the following is needed to enable it in DevStack.

enable_plugin trema-devstack-plugin https://github.com/nec-openstack/trema-devstack-plugin

Change-Id: If983b986355fcc0118b6e0446b3b295f23b3c40e
---
 files/debs/trema             |  15 -----
 lib/neutron_plugins/nec      | 127 +----------------------------------
 lib/neutron_thirdparty/trema | 119 --------------------------------
 3 files changed, 3 insertions(+), 258 deletions(-)
 delete mode 100644 files/debs/trema
 delete mode 100644 lib/neutron_thirdparty/trema

diff --git a/files/debs/trema b/files/debs/trema
deleted file mode 100644
index f685ca53b4..0000000000
--- a/files/debs/trema
+++ /dev/null
@@ -1,15 +0,0 @@
-# Trema
-make
-ruby1.8
-rubygems1.8
-ruby1.8-dev
-libpcap-dev
-libsqlite3-dev
-libglib2.0-dev
-
-# Sliceable Switch
-sqlite3
-libdbi-perl
-libdbd-sqlite3-perl
-apache2
-libjson-perl
diff --git a/lib/neutron_plugins/nec b/lib/neutron_plugins/nec
index 3b1a25716a..9ea7338696 100644
--- a/lib/neutron_plugins/nec
+++ b/lib/neutron_plugins/nec
@@ -1,131 +1,10 @@
 #!/bin/bash
-#
-# Neutron NEC OpenFlow plugin
-# ---------------------------
 
-# Save trace setting
-NEC_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-# Configuration parameters
-OFC_HOST=${OFC_HOST:-127.0.0.1}
-OFC_PORT=${OFC_PORT:-8888}
-
-OFC_API_HOST=${OFC_API_HOST:-$OFC_HOST}
-OFC_API_PORT=${OFC_API_PORT:-$OFC_PORT}
-OFC_OFP_HOST=${OFC_OFP_HOST:-$OFC_HOST}
-OFC_OFP_PORT=${OFC_OFP_PORT:-6633}
-OFC_DRIVER=${OFC_DRIVER:-trema}
-OFC_RETRY_MAX=${OFC_RETRY_MAX:-0}
-OFC_RETRY_INTERVAL=${OFC_RETRY_INTERVAL:-1}
-
-# Main logic
-# ---------------------------
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-function neutron_plugin_create_nova_conf {
-    _neutron_ovs_base_configure_nova_vif_driver
-}
-
-function neutron_plugin_install_agent_packages {
-    # SKIP_OVS_INSTALL is useful when we want to use Open vSwitch whose
-    # version is different from the version provided by the distribution.
-    if [[ "$SKIP_OVS_INSTALL" = "True" ]]; then
-        echo "You need to install Open vSwitch manually."
-        return
-    fi
-    _neutron_ovs_base_install_agent_packages
-}
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/nec
-    Q_PLUGIN_CONF_FILENAME=nec.ini
-    Q_PLUGIN_CLASS="neutron.plugins.nec.nec_plugin.NECPluginV2"
-}
-
-function neutron_plugin_configure_debug_command {
-    _neutron_ovs_base_configure_debug_command
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    :
-}
-
-function neutron_plugin_configure_l3_agent {
-    _neutron_ovs_base_configure_l3_agent
-}
-
-function _quantum_plugin_setup_bridge {
-    if [[ "$SKIP_OVS_BRIDGE_SETUP" = "True" ]]; then
-        return
-    fi
-    # Set up integration bridge
-    _neutron_ovs_base_setup_bridge $OVS_BRIDGE
-    # Generate datapath ID from HOST_IP
-    local dpid=$(printf "%07d%03d%03d%03d\n" ${HOST_IP//./ })
-    sudo ovs-vsctl --no-wait set Bridge $OVS_BRIDGE other-config:datapath-id=$dpid
-    sudo ovs-vsctl --no-wait set-fail-mode $OVS_BRIDGE secure
-    sudo ovs-vsctl --no-wait set-controller $OVS_BRIDGE tcp:$OFC_OFP_HOST:$OFC_OFP_PORT
-    if [ -n "$OVS_INTERFACE" ]; then
-        sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_BRIDGE $OVS_INTERFACE
-    fi
-    _neutron_setup_ovs_tunnels $OVS_BRIDGE
-}
-
-function neutron_plugin_configure_plugin_agent {
-    _quantum_plugin_setup_bridge
-
-    AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-nec-agent"
-
-    _neutron_ovs_base_configure_firewall_driver
-}
-
-function neutron_plugin_configure_service {
-    iniset $NEUTRON_CONF DEFAULT api_extensions_path neutron/plugins/nec/extensions/
-    iniset /$Q_PLUGIN_CONF_FILE ofc host $OFC_API_HOST
-    iniset /$Q_PLUGIN_CONF_FILE ofc port $OFC_API_PORT
-    iniset /$Q_PLUGIN_CONF_FILE ofc driver $OFC_DRIVER
-    iniset /$Q_PLUGIN_CONF_FILE ofc api_retry_max OFC_RETRY_MAX
-    iniset /$Q_PLUGIN_CONF_FILE ofc api_retry_interval OFC_RETRY_INTERVAL
-
-    _neutron_ovs_base_configure_firewall_driver
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-    iniset $conf_file DEFAULT ovs_use_veth True
-}
-
-# Utility functions
-# ---------------------------
-
-# Setup OVS tunnel manually
-function _neutron_setup_ovs_tunnels {
-    local bridge=$1
-    local id=0
-    GRE_LOCAL_IP=${GRE_LOCAL_IP:-$HOST_IP}
-    if [ -n "$GRE_REMOTE_IPS" ]; then
-        for ip in ${GRE_REMOTE_IPS//:/ }; do
-            if [[ "$ip" == "$GRE_LOCAL_IP" ]]; then
-                continue
-            fi
-            sudo ovs-vsctl --no-wait add-port $bridge gre$id -- \
-                set Interface gre$id type=gre options:remote_ip=$ip
-            id=`expr $id + 1`
-        done
-    fi
-}
+# This file is needed so Q_PLUGIN=nec will work.
 
+# FIXME(amotoki): This function should not be here, but unfortunately
+# devstack calls it before the external plugins are fetched
 function has_neutron_plugin_security_group {
     # 0 means True here
     return 0
 }
-
-function neutron_plugin_check_adv_test_requirements {
-    is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
-}
-
-# Restore xtrace
-$NEC_XTRACE
diff --git a/lib/neutron_thirdparty/trema b/lib/neutron_thirdparty/trema
deleted file mode 100644
index 075f013ded..0000000000
--- a/lib/neutron_thirdparty/trema
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/bin/bash
-#
-# Trema Sliceable Switch
-# ----------------------
-
-# Trema is a Full-Stack OpenFlow Framework in Ruby and C
-# https://github.com/trema/trema
-#
-# Trema Sliceable Switch is an OpenFlow controller which provides
-# virtual layer-2 network slices.
-# https://github.com/trema/apps/wiki
-
-# Trema Sliceable Switch (OpenFlow Controller)
-TREMA_APPS_REPO=${TREMA_APPS_REPO:-https://github.com/trema/apps.git}
-TREMA_APPS_BRANCH=${TREMA_APPS_BRANCH:-master}
-
-# Save trace setting
-TREMA3_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-TREMA_DIR=${TREMA_DIR:-$DEST/trema}
-TREMA_SS_DIR="$TREMA_DIR/apps/sliceable_switch"
-
-TREMA_DATA_DIR=${TREMA_DATA_DIR:-$DATA_DIR/trema}
-TREMA_SS_ETC_DIR=$TREMA_DATA_DIR/sliceable_switch/etc
-TREMA_SS_DB_DIR=$TREMA_DATA_DIR/sliceable_switch/db
-TREMA_SS_SCRIPT_DIR=$TREMA_DATA_DIR/sliceable_switch/script
-TREMA_TMP_DIR=$TREMA_DATA_DIR/trema
-
-TREMA_LOG_LEVEL=${TREMA_LOG_LEVEL:-info}
-
-TREMA_SS_CONFIG=$TREMA_SS_ETC_DIR/sliceable.conf
-TREMA_SS_APACHE_CONFIG=$(apache_site_config_for sliceable_switch)
-
-# configure_trema - Set config files, create data dirs, etc
-function configure_trema {
-    # prepare dir
-    for d in $TREMA_SS_ETC_DIR $TREMA_SS_DB_DIR $TREMA_SS_SCRIPT_DIR; do
-        sudo mkdir -p $d
-        sudo chown -R `whoami` $d
-    done
-    sudo mkdir -p $TREMA_TMP_DIR
-}
-
-# init_trema - Initialize databases, etc.
-function init_trema {
-    local _pwd=$(pwd)
-
-    # Initialize databases for Sliceable Switch
-    cd $TREMA_SS_DIR
-    rm -f filter.db slice.db
-    ./create_tables.sh
-    mv filter.db slice.db $TREMA_SS_DB_DIR
-    # Make sure that apache cgi has write access to the databases
-    sudo chown -R www-data.www-data $TREMA_SS_DB_DIR
-    cd $_pwd
-
-    # Setup HTTP Server for sliceable_switch
-    cp $TREMA_SS_DIR/{Slice.pm,Filter.pm,config.cgi} $TREMA_SS_SCRIPT_DIR
-    sed -i -e "s|/home/sliceable_switch/db|$TREMA_SS_DB_DIR|" \
-        $TREMA_SS_SCRIPT_DIR/config.cgi
-
-    sudo cp $TREMA_SS_DIR/apache/sliceable_switch $TREMA_SS_APACHE_CONFIG
-    sudo sed -i -e "s|/home/sliceable_switch/script|$TREMA_SS_SCRIPT_DIR|" \
-        $TREMA_SS_APACHE_CONFIG
-    # TODO(gabriel-bezerra): use some function from lib/apache to enable these modules
-    sudo a2enmod rewrite actions
-    enable_apache_site sliceable_switch
-
-    cp $TREMA_SS_DIR/sliceable_switch_null.conf $TREMA_SS_CONFIG
-    sed -i -e "s|^\$apps_dir.*$|\$apps_dir = \"$TREMA_DIR/apps\"|" \
-        -e "s|^\$db_dir.*$|\$db_dir = \"$TREMA_SS_DB_DIR\"|" \
-        $TREMA_SS_CONFIG
-}
-
-function gem_install {
-    [[ "$OFFLINE" = "True" ]] && return
-    [ -n "$RUBYGEMS_CMD" ] || get_gem_command
-
-    local pkg=$1
-    $RUBYGEMS_CMD list | grep "^${pkg} " && return
-    sudo $RUBYGEMS_CMD install $pkg
-}
-
-function get_gem_command {
-    # Trema requires ruby 1.8, so gem1.8 is checked first
-    RUBYGEMS_CMD=$(which gem1.8 || which gem)
-    if [ -z "$RUBYGEMS_CMD" ]; then
-        echo "Warning: ruby gems command not found."
-    fi
-}
-
-function install_trema {
-    # Trema
-    gem_install trema
-    # Sliceable Switch
-    git_clone $TREMA_APPS_REPO $TREMA_DIR/apps $TREMA_APPS_BRANCH
-    make -C $TREMA_DIR/apps/topology
-    make -C $TREMA_DIR/apps/flow_manager
-    make -C $TREMA_DIR/apps/sliceable_switch
-}
-
-function start_trema {
-    restart_apache_server
-
-    sudo LOGGING_LEVEL=$TREMA_LOG_LEVEL TREMA_TMP=$TREMA_TMP_DIR \
-        trema run -d -c $TREMA_SS_CONFIG
-}
-
-function stop_trema {
-    sudo TREMA_TMP=$TREMA_TMP_DIR trema killall
-}
-
-function check_trema {
-    :
-}
-
-# Restore xtrace
-$TREMA3_XTRACE

From dc757dd8506b9524defcffcf68dbc443380926a9 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Mon, 9 Mar 2015 14:48:09 +1100
Subject: [PATCH 0464/3421] Configure neutron->nova with identity v3

Use authentication plugins for neutron -> nova communications and
default to using the password plugin, which defaults to using the
v3 Identity API.

Neutron config change: 13427a40768f1a4646520c6b7e3e8c988ce6e18c
Change-Id: If152b97f940286ed08767225b13dedf6ef8c2342
---
 lib/neutron | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index a7aabc5909..e41abafda9 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -871,7 +871,7 @@ function _configure_neutron_common {
     fi
 
     if is_ssl_enabled_service "nova"; then
-        iniset $NEUTRON_CONF DEFAULT nova_ca_certificates_file "$SSL_BUNDLE_FILE"
+        iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
     fi
 
     if is_ssl_enabled_service "neutron"; then
@@ -1045,13 +1045,15 @@ function _configure_neutron_service {
     # Configuration for neutron notifations to nova.
     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
-    iniset $NEUTRON_CONF DEFAULT nova_url "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2"
-    iniset $NEUTRON_CONF DEFAULT nova_region_name $REGION_NAME
-    iniset $NEUTRON_CONF DEFAULT nova_admin_username nova
-    iniset $NEUTRON_CONF DEFAULT nova_admin_password $SERVICE_PASSWORD
-    ADMIN_TENANT_ID=$(openstack project list | awk "/ service / { print \$2 }")
-    iniset $NEUTRON_CONF DEFAULT nova_admin_tenant_id $ADMIN_TENANT_ID
-    iniset $NEUTRON_CONF DEFAULT nova_admin_auth_url  "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
+
+    iniset $NEUTRON_CONF nova auth_plugin password
+    iniset $NEUTRON_CONF nova auth_url $KEYSTONE_AUTH_URI
+    iniset $NEUTRON_CONF nova username nova
+    iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
+    iniset $NEUTRON_CONF nova user_domain_id default
+    iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
+    iniset $NEUTRON_CONF nova project_domain_id default
+    iniset $NEUTRON_CONF nova region_name $REGION_NAME
 
     # Configure plugin
     neutron_plugin_configure_service

From fbb3e773f017e90286f7e988c4167c3758edba45 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 3 Mar 2015 15:08:28 +0100
Subject: [PATCH 0465/3421] Remove the kesytone admin token from swift

The keystone admin token supposed to be used only
for setting up keystone and it should not be used
in any other service config.

Change-Id: Iaa9be1878e89a6bc3a84a0c57fc6f5cecc371d2f
---
 lib/swift | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/swift b/lib/swift
index 8a96615d01..4a63500b54 100644
--- a/lib/swift
+++ b/lib/swift
@@ -441,16 +441,15 @@ function configure_swift {
 
     if is_service_enabled swift3; then
         cat <>${SWIFT_CONFIG_PROXY_SERVER}
-# NOTE(chmou): s3token middleware is not updated yet to use only
-# username and password.
 [filter:s3token]
 paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory
 auth_port = ${KEYSTONE_AUTH_PORT}
 auth_host = ${KEYSTONE_AUTH_HOST}
 auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
 cafile = ${SSL_BUNDLE_FILE}
-auth_token = ${SERVICE_TOKEN}
-admin_token = ${SERVICE_TOKEN}
+admin_user = swift
+admin_tenant_name = ${SERVICE_TENANT_NAME}
+admin_password = ${SERVICE_PASSWORD}
 
 [filter:swift3]
 use = egg:swift3#swift3

From bf2ad7015d068f9a85c01813cea0aa79143b1d0f Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Mon, 9 Mar 2015 15:16:10 -0500
Subject: [PATCH 0466/3421] Move configuration functions into inc/*

* config/INI functions from functions-common to to inc/ini-config
* local.conf meta-config functions from lib/config to inc/meta-config

Change-Id: I00fab724075a693529273878875cfd292d00b18a
---
 doc/source/index.rst                          |   7 +-
 functions                                     |   1 +
 functions-common                              | 199 ----------------
 inc/ini-config                                | 223 ++++++++++++++++++
 lib/config => inc/meta-config                 |  10 +-
 stack.sh                                      |   2 +-
 tests/{test_ini.sh => test_ini_config.sh}     |   4 +-
 tests/{test_config.sh => test_meta_config.sh} |   6 +-
 tools/build_docs.sh                           |   2 +-
 tox.ini                                       |   1 +
 10 files changed, 243 insertions(+), 212 deletions(-)
 create mode 100644 inc/ini-config
 rename lib/config => inc/meta-config (96%)
 rename tests/{test_ini.sh => test_ini_config.sh} (99%)
 rename tests/{test_config.sh => test_meta_config.sh} (99%)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index cfde99132d..bac593de03 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -156,7 +156,6 @@ Scripts
 * `lib/ceilometer `__
 * `lib/ceph `__
 * `lib/cinder `__
-* `lib/config `__
 * `lib/database `__
 * `lib/dstat `__
 * `lib/glance `__
@@ -188,6 +187,12 @@ Scripts
 * `extras.d/70-zaqar.sh `__
 * `extras.d/80-tempest.sh `__
 
+* `inc/ini-config `__
+* `inc/meta-config `__
+* `inc/python `__
+
+* `pkg/elasticsearch.sh `_
+
 Configuration
 -------------
 
diff --git a/functions b/functions
index 79b2b37b4e..9adbfe7cf6 100644
--- a/functions
+++ b/functions
@@ -13,6 +13,7 @@
 # Include the common functions
 FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 source ${FUNC_DIR}/functions-common
+source ${FUNC_DIR}/inc/ini-config
 source ${FUNC_DIR}/inc/python
 
 # Save trace setting
diff --git a/functions-common b/functions-common
index df69cbad16..4739e42e90 100644
--- a/functions-common
+++ b/functions-common
@@ -43,197 +43,6 @@ declare -A GITDIR
 
 TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 
-# Config Functions
-# ================
-
-# Append a new option in an ini file without replacing the old value
-# iniadd config-file section option value1 value2 value3 ...
-function iniadd {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    shift 3
-
-    local values="$(iniget_multiline $file $section $option) $@"
-    iniset_multiline $file $section $option $values
-    $xtrace
-}
-
-# Comment an option in an INI file
-# inicomment config-file section option
-function inicomment {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-
-    sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file"
-    $xtrace
-}
-
-# Get an option from an INI file
-# iniget config-file section option
-function iniget {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    local line
-
-    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
-    echo ${line#*=}
-    $xtrace
-}
-
-# Get a multiple line option from an INI file
-# iniget_multiline config-file section option
-function iniget_multiline {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    local values
-
-    values=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { s/^$option[ \t]*=[ \t]*//gp; }" "$file")
-    echo ${values}
-    $xtrace
-}
-
-# Determinate is the given option present in the INI file
-# ini_has_option config-file section option
-function ini_has_option {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    local line
-
-    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
-    $xtrace
-    [ -n "$line" ]
-}
-
-# Add another config line for a multi-line option.
-# It's normally called after iniset of the same option and assumes
-# that the section already exists.
-#
-# Note that iniset_multiline requires all the 'lines' to be supplied
-# in the argument list. Doing that will cause incorrect configuration
-# if spaces are used in the config values.
-#
-# iniadd_literal config-file section option value
-function iniadd_literal {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    local value=$4
-
-    [[ -z $section || -z $option ]] && return
-
-    # Add it
-    sed -i -e "/^\[$section\]/ a\\
-$option = $value
-" "$file"
-
-    $xtrace
-}
-
-function inidelete {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-
-    [[ -z $section || -z $option ]] && return
-
-    # Remove old values
-    sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
-
-    $xtrace
-}
-
-# Set an option in an INI file
-# iniset config-file section option value
-function iniset {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    local value=$4
-
-    [[ -z $section || -z $option ]] && return
-
-    if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
-        # Add section at the end
-        echo -e "\n[$section]" >>"$file"
-    fi
-    if ! ini_has_option "$file" "$section" "$option"; then
-        # Add it
-        sed -i -e "/^\[$section\]/ a\\
-$option = $value
-" "$file"
-    else
-        local sep=$(echo -ne "\x01")
-        # Replace it
-        sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
-    fi
-    $xtrace
-}
-
-# Set a multiple line option in an INI file
-# iniset_multiline config-file section option value1 value2 valu3 ...
-function iniset_multiline {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-
-    shift 3
-    local values
-    for v in $@; do
-        # The later sed command inserts each new value in the line next to
-        # the section identifier, which causes the values to be inserted in
-        # the reverse order. Do a reverse here to keep the original order.
-        values="$v ${values}"
-    done
-    if ! grep -q "^\[$section\]" "$file"; then
-        # Add section at the end
-        echo -e "\n[$section]" >>"$file"
-    else
-        # Remove old values
-        sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
-    fi
-    # Add new ones
-    for v in $values; do
-        sed -i -e "/^\[$section\]/ a\\
-$option = $v
-" "$file"
-    done
-    $xtrace
-}
-
-# Uncomment an option in an INI file
-# iniuncomment config-file section option
-function iniuncomment {
-    local xtrace=$(set +o | grep xtrace)
-    set +o xtrace
-    local file=$1
-    local section=$2
-    local option=$3
-    sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file"
-    $xtrace
-}
 
 # Normalize config values to True or False
 # Accepts as False: 0 no No NO false False FALSE
@@ -253,14 +62,6 @@ function trueorfalse {
     $xtrace
 }
 
-function isset {
-    nounset=$(set +o | grep nounset)
-    set +o nounset
-    [[ -n "${!1+x}" ]]
-    result=$?
-    $nounset
-    return $result
-}
 
 # Control Functions
 # =================
diff --git a/inc/ini-config b/inc/ini-config
new file mode 100644
index 0000000000..0d6d169f8b
--- /dev/null
+++ b/inc/ini-config
@@ -0,0 +1,223 @@
+#!/bin/bash
+#
+# **inc/ini-config** - Configuration/INI functions
+#
+# Support for manipulating INI-style configuration files
+#
+# These functions have no external dependencies and no side-effects
+
+# Save trace setting
+INC_CONF_TRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Config Functions
+# ================
+
+# Append a new option in an ini file without replacing the old value
+# iniadd config-file section option value1 value2 value3 ...
+function iniadd {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    shift 3
+
+    local values="$(iniget_multiline $file $section $option) $@"
+    iniset_multiline $file $section $option $values
+    $xtrace
+}
+
+# Comment an option in an INI file
+# inicomment config-file section option
+function inicomment {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+
+    sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file"
+    $xtrace
+}
+
+# Get an option from an INI file
+# iniget config-file section option
+function iniget {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local line
+
+    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+    echo ${line#*=}
+    $xtrace
+}
+
+# Get a multiple line option from an INI file
+# iniget_multiline config-file section option
+function iniget_multiline {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local values
+
+    values=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { s/^$option[ \t]*=[ \t]*//gp; }" "$file")
+    echo ${values}
+    $xtrace
+}
+
+# Determinate is the given option present in the INI file
+# ini_has_option config-file section option
+function ini_has_option {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local line
+
+    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+    $xtrace
+    [ -n "$line" ]
+}
+
+# Add another config line for a multi-line option.
+# It's normally called after iniset of the same option and assumes
+# that the section already exists.
+#
+# Note that iniset_multiline requires all the 'lines' to be supplied
+# in the argument list. Doing that will cause incorrect configuration
+# if spaces are used in the config values.
+#
+# iniadd_literal config-file section option value
+function iniadd_literal {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local value=$4
+
+    [[ -z $section || -z $option ]] && return
+
+    # Add it
+    sed -i -e "/^\[$section\]/ a\\
+$option = $value
+" "$file"
+
+    $xtrace
+}
+
+# Remove an option from an INI file
+# inidelete config-file section option
+function inidelete {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+
+    [[ -z $section || -z $option ]] && return
+
+    # Remove old values
+    sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+
+    $xtrace
+}
+
+# Set an option in an INI file
+# iniset config-file section option value
+function iniset {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local value=$4
+
+    [[ -z $section || -z $option ]] && return
+
+    if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
+        # Add section at the end
+        echo -e "\n[$section]" >>"$file"
+    fi
+    if ! ini_has_option "$file" "$section" "$option"; then
+        # Add it
+        sed -i -e "/^\[$section\]/ a\\
+$option = $value
+" "$file"
+    else
+        local sep=$(echo -ne "\x01")
+        # Replace it
+        sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
+    fi
+    $xtrace
+}
+
+# Set a multiple line option in an INI file
+# iniset_multiline config-file section option value1 value2 valu3 ...
+function iniset_multiline {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+
+    shift 3
+    local values
+    for v in $@; do
+        # The later sed command inserts each new value in the line next to
+        # the section identifier, which causes the values to be inserted in
+        # the reverse order. Do a reverse here to keep the original order.
+        values="$v ${values}"
+    done
+    if ! grep -q "^\[$section\]" "$file"; then
+        # Add section at the end
+        echo -e "\n[$section]" >>"$file"
+    else
+        # Remove old values
+        sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+    fi
+    # Add new ones
+    for v in $values; do
+        sed -i -e "/^\[$section\]/ a\\
+$option = $v
+" "$file"
+    done
+    $xtrace
+}
+
+# Uncomment an option in an INI file
+# iniuncomment config-file section option
+function iniuncomment {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file"
+    $xtrace
+}
+
+function isset {
+    nounset=$(set +o | grep nounset)
+    set +o nounset
+    [[ -n "${!1+x}" ]]
+    result=$?
+    $nounset
+    return $result
+}
+
+
+# Restore xtrace
+$INC_CONF_TRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/config b/inc/meta-config
similarity index 96%
rename from lib/config
rename to inc/meta-config
index 31c6fa6e57..c8789bf816 100644
--- a/lib/config
+++ b/inc/meta-config
@@ -1,7 +1,9 @@
 #!/bin/bash
 #
-# lib/config - Configuration file manipulation functions
-
+# **lib/meta-config** - Configuration file manipulation functions
+#
+# Support for DevStack's local.conf meta-config sections
+#
 # These functions have no external dependencies and the following side-effects:
 #
 # CONFIG_AWK_CMD is defined, default is ``awk``
@@ -18,7 +20,7 @@
 # file-name is the destination of the config file
 
 # Save trace setting
-C_XTRACE=$(set +o | grep xtrace)
+INC_META_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -176,7 +178,7 @@ function merge_config_group {
 
 
 # Restore xtrace
-$C_XTRACE
+$INC_META_XTRACE
 
 # Local variables:
 # mode: shell-script
diff --git a/stack.sh b/stack.sh
index bf9fc0118e..2060f2d65a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -92,7 +92,7 @@ LAST_SPINNER_PID=""
 source $TOP_DIR/functions
 
 # Import config functions
-source $TOP_DIR/lib/config
+source $TOP_DIR/inc/meta-config
 
 # Import 'public' stack.sh functions
 source $TOP_DIR/lib/stack
diff --git a/tests/test_ini.sh b/tests/test_ini_config.sh
similarity index 99%
rename from tests/test_ini.sh
rename to tests/test_ini_config.sh
index 106cc9507f..4a0ae33aeb 100755
--- a/tests/test_ini.sh
+++ b/tests/test_ini_config.sh
@@ -4,8 +4,8 @@
 
 TOP=$(cd $(dirname "$0")/.. && pwd)
 
-# Import common functions
-source $TOP/functions
+# Import config functions
+source $TOP/inc/ini-config
 
 
 echo "Testing INI functions"
diff --git a/tests/test_config.sh b/tests/test_meta_config.sh
similarity index 99%
rename from tests/test_config.sh
rename to tests/test_meta_config.sh
index 3252104bf1..9d65280b8c 100755
--- a/tests/test_config.sh
+++ b/tests/test_meta_config.sh
@@ -4,11 +4,9 @@
 
 TOP=$(cd $(dirname "$0")/.. && pwd)
 
-# Import common functions
-source $TOP/functions
-
 # Import config functions
-source $TOP/lib/config
+source $TOP/inc/ini-config
+source $TOP/inc/meta-config
 
 # check_result() tests and reports the result values
 # check_result "actual" "expected"
diff --git a/tools/build_docs.sh b/tools/build_docs.sh
index 929d1e0e6c..2aa0a0ac04 100755
--- a/tools/build_docs.sh
+++ b/tools/build_docs.sh
@@ -81,7 +81,7 @@ for f in $(find . -name .git -prune -o \( -type f -name \*.sh -not -path \*shocc
     mkdir -p $FQ_HTML_BUILD/`dirname $f`;
     $SHOCCO $f > $FQ_HTML_BUILD/$f.html
 done
-for f in $(find functions functions-common lib samples -type f -name \*); do
+for f in $(find functions functions-common inc lib pkg samples -type f -name \*); do
     echo $f
     FILES+="$f "
     mkdir -p $FQ_HTML_BUILD/`dirname $f`;
diff --git a/tox.ini b/tox.ini
index a958ae7ba4..bc84928d95 100644
--- a/tox.ini
+++ b/tox.ini
@@ -20,6 +20,7 @@ commands = bash -c "find {toxinidir}          \
           -name \*.sh -or                     \
           -name \*rc -or                      \
           -name functions\* -or               \
+          -wholename \*/inc/\*                \ # /inc files and
           -wholename \*/lib/\*                \ # /lib files are shell, but
          \)                                   \ #   have no extension
          -print0 | xargs -0 bashate -v"

From 4de0f1cd0ba1541f49eb54a68b32ec7f973c274b Mon Sep 17 00:00:00 2001
From: Takashi NATSUME 
Date: Tue, 10 Mar 2015 14:51:39 +0900
Subject: [PATCH 0467/3421] Fix typo in devstack-with-nested-kvm.rst

'succesfully' has been fixed to 'successfully'.

Change-Id: Ib14b1b8cb612aba759f3fe8b94d35cf47eb9b339
Closes-Bug: #1430149
---
 doc/source/guides/devstack-with-nested-kvm.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index 58ec3d3672..610300be52 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -129,7 +129,7 @@ DevStack's ``local.conf``:
     LIBVIRT_TYPE=kvm
 
 
-Once DevStack is configured succesfully, verify if the Nova instances
+Once DevStack is configured successfully, verify if the Nova instances
 are using KVM by noticing the QEMU CLI invoked by Nova is using the
 parameter `accel=kvm`, e.g.:
 

From 679f395fbbae68b4dfee0edbddff646ff75b5a0d Mon Sep 17 00:00:00 2001
From: Ethan Lynn 
Date: Mon, 9 Mar 2015 23:45:18 +0800
Subject: [PATCH 0468/3421] Set os_region_name for cinder

Region name should be set to nova.conf and cinder.conf so that
cinder volume can work in multiregion env.

Closes-Bug: #1429738
Change-Id: Ib20911c24d8daabc07e6515f4a23a745d77593ff
---
 lib/cinder | 2 ++
 lib/nova   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index 0d157dd78e..19240eec60 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -242,6 +242,8 @@ function configure_cinder {
     # supported.
     iniset $CINDER_CONF DEFAULT enable_v1_api true
 
+    iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME"
+
     if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
         local enabled_backends=""
         local default_name=""
diff --git a/lib/nova b/lib/nova
index e9e78c7bc4..199daeea3d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -544,6 +544,8 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS"
     iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS"
 
+    iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
+
     if [[ "$NOVA_BACKEND" == "LVM" ]]; then
         iniset $NOVA_CONF libvirt images_type "lvm"
         iniset $NOVA_CONF libvirt images_volume_group $DEFAULT_VOLUME_GROUP_NAME

From 360839e0addbd2692ee34333ac06d957cf60b780 Mon Sep 17 00:00:00 2001
From: Ken Chen 
Date: Fri, 27 Feb 2015 14:12:23 +0800
Subject: [PATCH 0469/3421] Remove setting use_floating_ips values

We remove the code to set use_floating_ips. In old code it was set
false if we do not use neutron. However, we cannot deploy clusters
with floating ips by that. So we just use the default value, which
is set True in Sahara.

Closes-Bug: #1426226
Change-Id: Idfcdc5ab776681ddc740dc12035e04da349ea089
---
 lib/sahara | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/sahara b/lib/sahara
index 9b2e9c406d..521b19a4a1 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -139,14 +139,12 @@ function configure_sahara {
 
     if is_service_enabled neutron; then
         iniset $SAHARA_CONF_FILE DEFAULT use_neutron true
-        iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips true
 
         if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
             iniset $SAHARA_CONF_FILE neutron ca_file $SSL_BUNDLE_FILE
         fi
     else
         iniset $SAHARA_CONF_FILE DEFAULT use_neutron false
-        iniset $SAHARA_CONF_FILE DEFAULT use_floating_ips false
     fi
 
     if is_service_enabled heat; then

From db1152c96e8e5a4ce599677f9ee3d556f925d734 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 13 Jan 2015 10:18:49 +1100
Subject: [PATCH 0470/3421] Document use of plugins for gate jobs

Document use of plugins for gate jobs.  See also [1]

[1] http://lists.openstack.org/pipermail/openstack-dev/2015-January/054291.html

Change-Id: I9ed82f5d195511fb612517745f93f2a54475091a
---
 doc/source/plugins.rst | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index d1f73771a3..0217d09457 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -131,6 +131,31 @@ An example would be as follows::
 
   enable_plugin glusterfs https://github.com/sdague/devstack-plugins glusterfs
 
+Plugins for gate jobs
+---------------------
+
+All OpenStack plugins that wish to be used as gate jobs need to exist
+in OpenStack's gerrit. Both ``openstack`` namespace and ``stackforge``
+namespace are fine. This allows testing of the plugin as well as
+provides network isolation against upstream git repository failures
+(which we see often enough to be an issue).
+
+Ideally plugins will be implemented as ``devstack`` directory inside
+the project they are testing. For example, the stackforge/ec2-api
+project has it's pluggin support in it's tree.
+
+In the cases where there is no "project tree" per say (like
+integrating a backend storage configuration such as ceph or glusterfs)
+it's also allowed to build a dedicated
+``stackforge/devstack-plugin-FOO`` project to house the plugin.
+
+Note jobs must not require cloning of repositories during tests.
+Tests must list their repository in the ``PROJECTS`` variable for
+`devstack-gate
+`_
+for the repository to be available to the test.  Further information
+is provided in the project creator's guide.
+
 Hypervisor
 ==========
 

From 7c4ce9edbad6f3c33469d45be832ebea4a46ff70 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 10 Mar 2015 11:32:26 +1100
Subject: [PATCH 0471/3421] Check for new versions of get-pip.py

People can leave their devstack installs around for a long time, and
in the mean time new versions of pip can be released.

The current check does not download a new version if an old one
exists.  We want to check for new versions, but we also don't want the
gate jobs trying this sometimes unreliable fetch.

So add a flag-file that tells devstack if it downloaded get-pip.py
originally.  If so, on each run check for a new version using curl's
"-z" flag to request only files modified since the file's timestamp.

Change-Id: I91734528f02deafabf3d18d968c3abd749751199
Closes-Bug: #1429943
---
 .gitignore           |  2 +-
 tools/install_pip.sh | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 67ab722190..c6900c881c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,7 +14,7 @@ files/*.gz
 files/*.qcow2
 files/images
 files/pip-*
-files/get-pip.py
+files/get-pip.py*
 local.conf
 local.sh
 localrc
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 73d0947320..b7b40c7486 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -42,9 +42,21 @@ function get_versions {
 
 
 function install_get_pip {
-    if [[ ! -r $LOCAL_PIP ]]; then
-        curl --retry 6 --retry-delay 5 -o $LOCAL_PIP $PIP_GET_PIP_URL || \
+    # the openstack gate and others put a cached version of get-pip.py
+    # for this to find, explicitly to avoid download issues.
+    #
+    # However, if devstack *did* download the file, we want to check
+    # for updates; people can leave thier stacks around for a long
+    # time and in the mean-time pip might get upgraded.
+    #
+    # Thus we use curl's "-z" feature to always check the modified
+    # since and only download if a new version is out -- but only if
+    # it seems we downloaded the file originally.
+    if [[ ! -r $LOCAL_PIP || -r $LOCAL_PIP.downloaded ]]; then
+        curl --retry 6 --retry-delay 5 \
+            -z $LOCAL_PIP -o $LOCAL_PIP $PIP_GET_PIP_URL || \
             die $LINENO "Download of get-pip.py failed"
+        touch $LOCAL_PIP.downloaded
     fi
     sudo -H -E python $LOCAL_PIP
 }

From a72a393d658216ec75a59ad5a788e2504fee4b53 Mon Sep 17 00:00:00 2001
From: kieleth 
Date: Tue, 10 Mar 2015 08:47:05 -0700
Subject: [PATCH 0472/3421] Add sudo to yum example

Add sudo to yum example so following along with copy-paste works

Change-Id: I5e64b3d751b55989a353bfe2bb691ea6e51690e3
---
 doc/source/guides/single-machine.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 70287a9037..236ece9c01 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -67,7 +67,7 @@ We'll grab the latest version of DevStack via https:
 
 ::
 
-    sudo apt-get install git -y || yum install -y git
+    sudo apt-get install git -y || sudo yum install -y git
     git clone https://git.openstack.org/openstack-dev/devstack
     cd devstack
 

From b0595235a2374451c3f899fb893ad989a74b04d1 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 11 Mar 2015 12:04:49 +1100
Subject: [PATCH 0473/3421] Don't use packaged unittest2

Let pip install unittest2; pip installation can conflict with the
packaged version.

Change-Id: Iec9b35174ac68ebf713cd7462d7b5a82583d6e22
Partial-Bug: #1430592
---
 files/rpms-suse/general | 1 -
 files/rpms/general      | 1 -
 2 files changed, 2 deletions(-)

diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 7f4bbfb1b6..63cf14bd5b 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -16,7 +16,6 @@ openssl
 psmisc
 python-cmd2 # dist:opensuse-12.3
 python-pylint
-python-unittest2
 screen
 tar
 tcpdump
diff --git a/files/rpms/general b/files/rpms/general
index cf406325e7..eac4ec36a7 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -14,7 +14,6 @@ libxml2-devel
 libxslt-devel
 psmisc
 pylint
-python-unittest2
 python-devel
 screen
 tar

From 4d74e0f49515e23668a9dd955f30939cd03f94b2 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 11 Mar 2015 09:45:59 +1100
Subject: [PATCH 0474/3421] Fail if run in POSIX compatability mode

This is mostly to detect if someone is running the script with "sh
./stack.sh" where sh is the bash-symlink that puts it in POSIX mode
(this can be invoked in other ways, but much less common).

In this case POSIXLY_CORRECT is set; so if we see that, bail out early
before we start hitting syntax errors.

Closes-Bug: #1430535
Change-Id: I7bbc4b0f656df9f6d9da2243c8caeb42d30ace95
---
 stack.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/stack.sh b/stack.sh
index bf9fc0118e..36a9ed46d2 100755
--- a/stack.sh
+++ b/stack.sh
@@ -21,6 +21,13 @@
 
 # Learn more and get the most recent version at http://devstack.org
 
+# check if someone has invoked with "sh"
+if [[ "${POSIXLY_CORRECT}" == "y" ]]; then
+    echo "You appear to be running bash in POSIX compatability mode."
+    echo "devstack uses bash features. \"./stack.sh\" should do the right thing"
+    exit 1
+fi
+
 # Make sure custom grep options don't get in the way
 unset GREP_OPTIONS
 

From 10a8c88cccc43a8a9222b5e414198b105b190a67 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Wed, 11 Mar 2015 16:41:32 +0900
Subject: [PATCH 0475/3421] README.md: Correct the defaults of some of
 Q_ML2_PLUGIN variables

Also, tweak Q_AGENT description and note its default.

Change-Id: Ie24d14f58c09ccd375fd981683dba2efd5211f24
---
 README.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 206ffe098b..2e269762f7 100644
--- a/README.md
+++ b/README.md
@@ -249,14 +249,17 @@ To change this, set the `Q_AGENT` variable to the agent you want to run
     Variable Name                    Notes
     ----------------------------------------------------------------------------
     Q_AGENT                          This specifies which agent to run with the
-                                     ML2 Plugin (either `openvswitch` or `linuxbridge`).
+                                     ML2 Plugin (Typically either `openvswitch`
+                                     or `linuxbridge`).
+                                     Defaults to `openvswitch`.
     Q_ML2_PLUGIN_MECHANISM_DRIVERS   The ML2 MechanismDrivers to load. The default
-                                     is none. Note, ML2 will work with the OVS
-                                     and LinuxBridge agents by default.
+                                     is `openvswitch,linuxbridge`.
     Q_ML2_PLUGIN_TYPE_DRIVERS        The ML2 TypeDrivers to load. Defaults to
                                      all available TypeDrivers.
-    Q_ML2_PLUGIN_GRE_TYPE_OPTIONS    GRE TypeDriver options. Defaults to none.
-    Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS  VXLAN TypeDriver options. Defaults to none.
+    Q_ML2_PLUGIN_GRE_TYPE_OPTIONS    GRE TypeDriver options. Defaults to
+                                     `tunnel_id_ranges=1:1000'.
+    Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS  VXLAN TypeDriver options. Defaults to
+                                     `vni_ranges=1001:2000`
     Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS   VLAN TypeDriver options. Defaults to none.
 
 # Heat

From d28ea9cbcb1db93d6ae925ee6efc8a032a319816 Mon Sep 17 00:00:00 2001
From: Christian Berendt 
Date: Wed, 11 Mar 2015 18:53:33 +0100
Subject: [PATCH 0476/3421] Add package mongodb to files/rpms/zaqar-server

The command mongo, used in lib/zaqar, is part of the package mongodb.
At the moment only mongodb-server is listed in files/rpms/zaqar-server,
mongodb has to be added there.

Change-Id: I60edeae6760addad62b9b61c3dcdecc2ff01cba7
Closes-bug: #1430939
---
 files/rpms/zaqar-server | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/rpms/zaqar-server b/files/rpms/zaqar-server
index 69e8bfa80b..541cefa99d 100644
--- a/files/rpms/zaqar-server
+++ b/files/rpms/zaqar-server
@@ -1,4 +1,5 @@
 selinux-policy-targeted
+mongodb
 mongodb-server
 pymongo
 redis # NOPRIME

From 7ca90cded374685c8c68ea50381220b915eb0b63 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Wed, 4 Mar 2015 17:25:07 -0800
Subject: [PATCH 0477/3421] Allow devstack plugins to specify prereq packages

We offer main devstack components the ability to install their own
system package preqreqs via files/{debs, rpms}/$service.  This adds
similar functionality for plugins, who can now do the same in their
own tree at ./devstack/files/{debs, rpms}/$plugin.

Change-Id: I63af8dc54c75a6e80ca4b2a96c76233a0795aabb
---
 doc/source/plugins.rst   |  21 ++++++
 functions-common         | 153 +++++++++++++++++++++++----------------
 tools/install_prereqs.sh |   2 +
 3 files changed, 115 insertions(+), 61 deletions(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 5d6d3f183d..a9153df0d1 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -154,3 +154,24 @@ functions:
 -  ``start_nova_hypervisor`` - start any external services
 -  ``stop_nova_hypervisor`` - stop any external services
 -  ``cleanup_nova_hypervisor`` - remove transient data and cache
+
+System Packages
+===============
+
+Devstack provides a framework for getting packages installed at an early
+phase of its execution. This packages may be defined in a plugin as files
+that contain new-line separated lists of packages required by the plugin
+
+Supported packaging systems include apt and yum across multiple distributions.
+To enable a plugin to hook into this and install package dependencies, packages
+may be listed at the following locations in the top-level of the plugin
+repository:
+
+- ``./devstack/files/debs/$plugin_name`` - Packages to install when running
+  on Ubuntu, Debian or Linux Mint.
+
+- ``./devstack/files/rpms/$plugin_name`` - Packages to install when running
+  on Red Hat, Fedora, CentOS or XenServer.
+
+- ``./devstack/files/rpms-suse/$plugin_name`` - Packages to install when
+  running on SUSE Linux or openSUSE.
diff --git a/functions-common b/functions-common
index df69cbad16..e791ad79c8 100644
--- a/functions-common
+++ b/functions-common
@@ -973,13 +973,18 @@ function get_or_create_endpoint {
 
 # _get_package_dir
 function _get_package_dir {
+    local base_dir=$1
     local pkg_dir
+
+    if [[ -z "$base_dir" ]]; then
+        base_dir=$FILES
+    fi
     if is_ubuntu; then
-        pkg_dir=$FILES/debs
+        pkg_dir=$base_dir/debs
     elif is_fedora; then
-        pkg_dir=$FILES/rpms
+        pkg_dir=$base_dir/rpms
     elif is_suse; then
-        pkg_dir=$FILES/rpms-suse
+        pkg_dir=$base_dir/rpms-suse
     else
         exit_distro_not_supported "list of packages"
     fi
@@ -1005,6 +1010,59 @@ function apt_get {
         apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@"
 }
 
+function _parse_package_files {
+    local files_to_parse=$@
+
+    if [[ -z "$DISTRO" ]]; then
+        GetDistro
+    fi
+
+    for fname in ${files_to_parse}; do
+        local OIFS line package distros distro
+        [[ -e $fname ]] || continue
+
+        OIFS=$IFS
+        IFS=$'\n'
+        for line in $(<${fname}); do
+            if [[ $line =~ "NOPRIME" ]]; then
+                continue
+            fi
+
+            # Assume we want this package
+            package=${line%#*}
+            inst_pkg=1
+
+            # Look for # dist:xxx in comment
+            if [[ $line =~ (.*)#.*dist:([^ ]*) ]]; then
+                # We are using BASH regexp matching feature.
+                package=${BASH_REMATCH[1]}
+                distros=${BASH_REMATCH[2]}
+                # In bash ${VAR,,} will lowecase VAR
+                # Look for a match in the distro list
+                if [[ ! ${distros,,} =~ ${DISTRO,,} ]]; then
+                    # If no match then skip this package
+                    inst_pkg=0
+                fi
+            fi
+
+            # Look for # testonly in comment
+            if [[ $line =~ (.*)#.*testonly.* ]]; then
+                package=${BASH_REMATCH[1]}
+                # Are we installing test packages? (test for the default value)
+                if [[ $INSTALL_TESTONLY_PACKAGES = "False" ]]; then
+                    # If not installing test packages the skip this package
+                    inst_pkg=0
+                fi
+            fi
+
+            if [[ $inst_pkg = 1 ]]; then
+                echo $package
+            fi
+        done
+        IFS=$OIFS
+    done
+}
+
 # get_packages() collects a list of package names of any type from the
 # prerequisite files in ``files/{debs|rpms}``.  The list is intended
 # to be passed to a package installer such as apt or yum.
@@ -1029,103 +1087,76 @@ function get_packages {
         echo "No package directory supplied"
         return 1
     fi
-    if [[ -z "$DISTRO" ]]; then
-        GetDistro
-    fi
     for service in ${services//,/ }; do
         # Allow individual services to specify dependencies
         if [[ -e ${package_dir}/${service} ]]; then
-            file_to_parse="${file_to_parse} $service"
+            file_to_parse="${file_to_parse} ${package_dir}/${service}"
         fi
         # NOTE(sdague) n-api needs glance for now because that's where
         # glance client is
         if [[ $service == n-api ]]; then
             if [[ ! $file_to_parse =~ nova ]]; then
-                file_to_parse="${file_to_parse} nova"
+                file_to_parse="${file_to_parse} ${package_dir}/nova"
             fi
             if [[ ! $file_to_parse =~ glance ]]; then
-                file_to_parse="${file_to_parse} glance"
+                file_to_parse="${file_to_parse} ${package_dir}/glance"
             fi
         elif [[ $service == c-* ]]; then
             if [[ ! $file_to_parse =~ cinder ]]; then
-                file_to_parse="${file_to_parse} cinder"
+                file_to_parse="${file_to_parse} ${package_dir}/cinder"
             fi
         elif [[ $service == ceilometer-* ]]; then
             if [[ ! $file_to_parse =~ ceilometer ]]; then
-                file_to_parse="${file_to_parse} ceilometer"
+                file_to_parse="${file_to_parse} ${package_dir}/ceilometer"
             fi
         elif [[ $service == s-* ]]; then
             if [[ ! $file_to_parse =~ swift ]]; then
-                file_to_parse="${file_to_parse} swift"
+                file_to_parse="${file_to_parse} ${package_dir}/swift"
             fi
         elif [[ $service == n-* ]]; then
             if [[ ! $file_to_parse =~ nova ]]; then
-                file_to_parse="${file_to_parse} nova"
+                file_to_parse="${file_to_parse} ${package_dir}/nova"
             fi
         elif [[ $service == g-* ]]; then
             if [[ ! $file_to_parse =~ glance ]]; then
-                file_to_parse="${file_to_parse} glance"
+                file_to_parse="${file_to_parse} ${package_dir}/glance"
             fi
         elif [[ $service == key* ]]; then
             if [[ ! $file_to_parse =~ keystone ]]; then
-                file_to_parse="${file_to_parse} keystone"
+                file_to_parse="${file_to_parse} ${package_dir}/keystone"
             fi
         elif [[ $service == q-* ]]; then
             if [[ ! $file_to_parse =~ neutron ]]; then
-                file_to_parse="${file_to_parse} neutron"
+                file_to_parse="${file_to_parse} ${package_dir}/neutron"
             fi
         elif [[ $service == ir-* ]]; then
             if [[ ! $file_to_parse =~ ironic ]]; then
-                file_to_parse="${file_to_parse} ironic"
+                file_to_parse="${file_to_parse} ${package_dir}/ironic"
             fi
         fi
     done
+    echo "$(_parse_package_files $file_to_parse)"
+    $xtrace
+}
 
-    for file in ${file_to_parse}; do
-        local fname=${package_dir}/${file}
-        local OIFS line package distros distro
-        [[ -e $fname ]] || continue
-
-        OIFS=$IFS
-        IFS=$'\n'
-        for line in $(<${fname}); do
-            if [[ $line =~ "NOPRIME" ]]; then
-                continue
-            fi
-
-            # Assume we want this package
-            package=${line%#*}
-            inst_pkg=1
-
-            # Look for # dist:xxx in comment
-            if [[ $line =~ (.*)#.*dist:([^ ]*) ]]; then
-                # We are using BASH regexp matching feature.
-                package=${BASH_REMATCH[1]}
-                distros=${BASH_REMATCH[2]}
-                # In bash ${VAR,,} will lowecase VAR
-                # Look for a match in the distro list
-                if [[ ! ${distros,,} =~ ${DISTRO,,} ]]; then
-                    # If no match then skip this package
-                    inst_pkg=0
-                fi
-            fi
-
-            # Look for # testonly in comment
-            if [[ $line =~ (.*)#.*testonly.* ]]; then
-                package=${BASH_REMATCH[1]}
-                # Are we installing test packages? (test for the default value)
-                if [[ $INSTALL_TESTONLY_PACKAGES = "False" ]]; then
-                    # If not installing test packages the skip this package
-                    inst_pkg=0
-                fi
-            fi
-
-            if [[ $inst_pkg = 1 ]]; then
-                echo $package
-            fi
-        done
-        IFS=$OIFS
+# get_plugin_packages() collects a list of package names of any type from a
+# plugin's prerequisite files in ``$PLUGIN/devstack/files/{debs|rpms}``.  The
+# list is intended to be passed to a package installer such as apt or yum.
+#
+# Only packages required for enabled and collected plugins will included.
+#
+# The same metadata used in the main devstack prerequisite files may be used
+# in these prerequisite files, see get_packages() for more info.
+function get_plugin_packages {
+    local xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local files_to_parse=""
+    local package_dir=""
+    for plugin in ${DEVSTACK_PLUGINS//,/ }; do
+        local package_dir="$(_get_package_dir ${GITDIR[$plugin]}/devstack/files)"
+        files_to_parse+="$package_dir/$plugin"
     done
+    echo "$(_parse_package_files $files_to_parse)"
     $xtrace
 }
 
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 303cc63307..917980ccc5 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -62,6 +62,8 @@ export_proxy_variables
 
 # Install package requirements
 PACKAGES=$(get_packages general $ENABLED_SERVICES)
+PACKAGES="$PACKAGES $(get_plugin_packages)"
+
 if is_ubuntu && echo $PACKAGES | grep -q dkms ; then
     # ensure headers for the running kernel are installed for any DKMS builds
     PACKAGES="$PACKAGES linux-headers-$(uname -r)"

From e32c868f220720079facf462fa11c2bc9737e9c0 Mon Sep 17 00:00:00 2001
From: Flavio Percoco 
Date: Thu, 26 Feb 2015 14:10:05 +0100
Subject: [PATCH 0478/3421] Comment `log_file` for Zaqar

Instead of logging to a file, let it use stdout so we can see the output
in the screen logs.

Change-Id: I0e5e12a6ddc5ad91dd37e97362ac9a5bed238e32
---
 lib/zaqar | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/lib/zaqar b/lib/zaqar
index c9321b997f..79b4c5a2ca 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -37,8 +37,6 @@ ZAQAR_DIR=$DEST/zaqar
 ZAQARCLIENT_DIR=$DEST/python-zaqarclient
 ZAQAR_CONF_DIR=/etc/zaqar
 ZAQAR_CONF=$ZAQAR_CONF_DIR/zaqar.conf
-ZAQAR_API_LOG_DIR=/var/log/zaqar
-ZAQAR_API_LOG_FILE=$ZAQAR_API_LOG_DIR/queues.log
 ZAQAR_AUTH_CACHE_DIR=${ZAQAR_AUTH_CACHE_DIR:-/var/cache/zaqar}
 
 # Support potential entry-points console scripts
@@ -110,14 +108,10 @@ function configure_zaqar {
     [ ! -d $ZAQAR_CONF_DIR ] && sudo mkdir -m 755 -p $ZAQAR_CONF_DIR
     sudo chown $USER $ZAQAR_CONF_DIR
 
-    [ ! -d $ZAQAR_API_LOG_DIR ] &&  sudo mkdir -m 755 -p $ZAQAR_API_LOG_DIR
-    sudo chown $USER $ZAQAR_API_LOG_DIR
-
     iniset $ZAQAR_CONF DEFAULT debug True
     iniset $ZAQAR_CONF DEFAULT verbose True
     iniset $ZAQAR_CONF DEFAULT admin_mode True
     iniset $ZAQAR_CONF DEFAULT use_syslog $SYSLOG
-    iniset $ZAQAR_CONF DEFAULT log_file $ZAQAR_API_LOG_FILE
     iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST
 
     configure_auth_token_middleware $ZAQAR_CONF zaqar $ZAQAR_AUTH_CACHE_DIR

From de77c471f3df400c4c7df724c78dbd7dc771c618 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Wed, 11 Mar 2015 17:15:42 -0700
Subject: [PATCH 0479/3421] Make ironic's service check flexible

We currently assume we are deploying ironic with the rest of
a cloud and assert that glance/neutron/nova are enabled. This
makes it a bit more flexible and allows deploying with only
the minimum required services if desired, and asserts the others
are enabled when we intend on testing nova+ironic integration.

This is required for in-tree python-ironicclient functional tests,
which we aim to run against a minimal devstack deployment.

Change-Id: I99001d151161fa225b97c3ba6b167a61aa9b59fe
---
 lib/ironic                         | 6 +++++-
 lib/nova_plugins/hypervisor-ironic | 4 +---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 0d7c12777c..e530f523f2 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -180,7 +180,11 @@ function is_deployed_with_ipa_ramdisk {
 # install_ironic() - Collect source and prepare
 function install_ironic {
     # make sure all needed service were enabled
-    for srv in nova glance key; do
+    local req_services="mysql rabbit key"
+    if [[ "$VIRT_DRIVER" == "ironic" ]]; then
+        req_services+=" nova glance neutron"
+    fi
+    for srv in $req_services; do
         if ! is_service_enabled "$srv"; then
             die $LINENO "$srv should be enabled for Ironic."
         fi
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 0169d731e8..b9e286d5b6 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -54,9 +54,7 @@ function configure_nova_hypervisor {
 
 # install_nova_hypervisor() - Install external components
 function install_nova_hypervisor {
-    if ! is_service_enabled neutron; then
-        die $LINENO "Neutron should be enabled for usage of the Ironic Nova driver."
-    elif is_ironic_hardware; then
+    if is_ironic_hardware; then
         return
     fi
     install_libvirt

From 41daa208d9f1bcc56c861b7751a51d3ef4b0f3f4 Mon Sep 17 00:00:00 2001
From: Vincent Hou 
Date: Wed, 4 Mar 2015 15:34:41 +0800
Subject: [PATCH 0480/3421] Remove my_ip from cinder.conf

The current issue is that if we deploy c-vol service on a separate
machine, my_ip and SERVICE_HOST will be different, because my_ip is
the machine where c-vol service is running and SERVICE_HOST points
to the machine where the cinder api service is running. If my_ip of
c-vol in cinder.conf is set to the IP of c-api, it will cause the
issue that the volume is unable to attach. The issue can be resolved
by removing my_ip from cinder.conf.

Change-Id: I699c0b5297c60e9f9934f74684abf563f4b0e977
closes-bug: #1428013
---
 lib/cinder | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/cinder b/lib/cinder
index 0d157dd78e..bc8a481ad6 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -228,7 +228,6 @@ function configure_cinder {
     iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $CINDER_CONF DEFAULT verbose True
 
-    iniset $CINDER_CONF DEFAULT my_ip "$CINDER_SERVICE_HOST"
     iniset $CINDER_CONF DEFAULT iscsi_helper tgtadm
     iniset $CINDER_CONF DEFAULT sql_connection `database_connection_url cinder`
     iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI

From cf3b41fa8bfa0f3d8dce897e4ad6ce4c88ac5ab3 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Thu, 12 Mar 2015 13:33:12 +0000
Subject: [PATCH 0481/3421] Shut down ironic services in the modern way

Instead of killing the screen, use stop_process which will
shut the processes when USE_SCREEN is False.

Change-Id: If0f714cb112dbf5fe9e4fdd7291cb4fb1df87f42
---
 lib/ironic | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 0d7c12777c..35b5411cd4 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -482,9 +482,8 @@ function start_ironic_conductor {
 
 # stop_ironic() - Stop running processes
 function stop_ironic {
-    # Kill the Ironic screen windows
-    screen -S $SCREEN_NAME -p ir-api -X kill
-    screen -S $SCREEN_NAME -p ir-cond -X kill
+    stop_process ir-api
+    stop_process ir-cond
 
     # Cleanup the WSGI files
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then

From b1a094d289a53fcbb0d04c0d3fa72707583728bd Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 12 Mar 2015 13:57:11 +0100
Subject: [PATCH 0482/3421] Install rsync-daemon on f22

swift requires to have rsyncd running as service or behind xinetd.
/etc/xinetd.d/rsync is not shipped with f22 and the daemon mode
 requires an additional package.
Adding rsync-daemon as swift dependency for f22 and f23(rawhide).

Change-Id: I33222719cabed59a261ce1b8ddedc457aa03800e
---
 files/rpms/swift | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/rpms/swift b/files/rpms/swift
index 0fcdb0fe27..5789a198e8 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -13,3 +13,4 @@ pyxattr
 sqlite
 xfsprogs
 xinetd
+rsync-daemon # dist:f22,f23

From 23d6d5068752358c1d3bbacc314594b1b50e2fc8 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Fri, 6 Mar 2015 15:24:22 -0800
Subject: [PATCH 0483/3421] Stop using deprecated oslo_concurrency and
 sql_connection config options

As per the logs:
 Option "lock_path" from group "DEFAULT" is deprecated. Use option "lock_path" from group
"oslo_concurrency".

Option "sql_connection" from group "DEFAULT" is deprecated. Use option
"connection" from group "database".

Change-Id: I2109cec07ebee916c9ce0ccd24bd9a47d8d3c688
---
 lib/cinder  | 4 ++--
 lib/ironic  | 2 +-
 lib/nova    | 6 +++---
 lib/tempest | 2 +-
 lib/trove   | 6 +++---
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 0d157dd78e..8ae2581169 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -230,12 +230,12 @@ function configure_cinder {
 
     iniset $CINDER_CONF DEFAULT my_ip "$CINDER_SERVICE_HOST"
     iniset $CINDER_CONF DEFAULT iscsi_helper tgtadm
-    iniset $CINDER_CONF DEFAULT sql_connection `database_connection_url cinder`
+    iniset $CINDER_CONF database connection `database_connection_url cinder`
     iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
     iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf"
     iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.contrib.standard_extensions
     iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
-    iniset $CINDER_CONF DEFAULT lock_path $CINDER_STATE_PATH
+    iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
     iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL
     # NOTE(thingee): Cinder V1 API is deprecated and defaults to off as of
     # Juno. Keep it enabled so we can continue testing while it's still
diff --git a/lib/ironic b/lib/ironic
index bc30cdbeba..a65ea8807b 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -273,7 +273,7 @@ function configure_ironic {
     cp $IRONIC_DIR/etc/ironic/ironic.conf.sample $IRONIC_CONF_FILE
     iniset $IRONIC_CONF_FILE DEFAULT debug True
     inicomment $IRONIC_CONF_FILE DEFAULT log_file
-    iniset $IRONIC_CONF_FILE DEFAULT sql_connection `database_connection_url ironic`
+    iniset $IRONIC_CONF_FILE database connection `database_connection_url ironic`
     iniset $IRONIC_CONF_FILE DEFAULT state_path $IRONIC_STATE_PATH
     iniset $IRONIC_CONF_FILE DEFAULT use_syslog $SYSLOG
     # Configure Ironic conductor, if it was enabled.
diff --git a/lib/nova b/lib/nova
index e9e78c7bc4..81064380c0 100644
--- a/lib/nova
+++ b/lib/nova
@@ -437,7 +437,7 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT s3_host "$SERVICE_HOST"
     iniset $NOVA_CONF DEFAULT s3_port "$S3_SERVICE_PORT"
     iniset $NOVA_CONF DEFAULT my_ip "$HOST_IP"
-    iniset $NOVA_CONF DEFAULT sql_connection `database_connection_url nova`
+    iniset $NOVA_CONF database connection `database_connection_url nova`
     iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x"
     iniset $NOVA_CONF osapi_v3 enabled "True"
 
@@ -471,7 +471,7 @@ function create_nova_conf {
 
     if [ -n "$NOVA_STATE_PATH" ]; then
         iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH"
-        iniset $NOVA_CONF DEFAULT lock_path "$NOVA_STATE_PATH"
+        iniset $NOVA_CONF oslo_concurrency lock_path "$NOVA_STATE_PATH"
     fi
     if [ -n "$NOVA_INSTANCES_PATH" ]; then
         iniset $NOVA_CONF DEFAULT instances_path "$NOVA_INSTANCES_PATH"
@@ -575,7 +575,7 @@ function create_nova_conf {
 function init_nova_cells {
     if is_service_enabled n-cell; then
         cp $NOVA_CONF $NOVA_CELLS_CONF
-        iniset $NOVA_CELLS_CONF DEFAULT sql_connection `database_connection_url $NOVA_CELLS_DB`
+        iniset $NOVA_CELLS_CONF database connection `database_connection_url $NOVA_CELLS_DB`
         iniset $NOVA_CELLS_CONF DEFAULT rabbit_virtual_host child_cell
         iniset $NOVA_CELLS_CONF DEFAULT dhcpbridge_flagfile $NOVA_CELLS_CONF
         iniset $NOVA_CELLS_CONF cells enable True
diff --git a/lib/tempest b/lib/tempest
index f856ce05f9..7464499d43 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -275,7 +275,7 @@ function configure_tempest {
 
     iniset $TEMPEST_CONFIG DEFAULT use_syslog $SYSLOG
     # Oslo
-    iniset $TEMPEST_CONFIG DEFAULT lock_path $TEMPEST_STATE_PATH
+    iniset $TEMPEST_CONFIG oslo_concurrency lock_path $TEMPEST_STATE_PATH
     mkdir -p $TEMPEST_STATE_PATH
     iniset $TEMPEST_CONFIG DEFAULT use_stderr False
     iniset $TEMPEST_CONFIG DEFAULT log_file tempest.log
diff --git a/lib/trove b/lib/trove
index d77798308b..31c3eef5ea 100644
--- a/lib/trove
+++ b/lib/trove
@@ -136,7 +136,7 @@ function configure_trove {
 
     iniset $TROVE_CONF DEFAULT rabbit_userid $RABBIT_USERID
     iniset $TROVE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-    iniset $TROVE_CONF DEFAULT sql_connection `database_connection_url trove`
+    iniset $TROVE_CONF database connection `database_connection_url trove`
     iniset $TROVE_CONF DEFAULT default_datastore $TROVE_DATASTORE_TYPE
     setup_trove_logging $TROVE_CONF
     iniset $TROVE_CONF DEFAULT trove_api_workers "$API_WORKERS"
@@ -149,7 +149,7 @@ function configure_trove {
 
         iniset $TROVE_TASKMANAGER_CONF DEFAULT rabbit_userid $RABBIT_USERID
         iniset $TROVE_TASKMANAGER_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT sql_connection `database_connection_url trove`
+        iniset $TROVE_TASKMANAGER_CONF database connection `database_connection_url trove`
         iniset $TROVE_TASKMANAGER_CONF DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
         iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_user radmin
         iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_tenant_name trove
@@ -162,7 +162,7 @@ function configure_trove {
     if is_service_enabled tr-cond; then
         iniset $TROVE_CONDUCTOR_CONF DEFAULT rabbit_userid $RABBIT_USERID
         iniset $TROVE_CONDUCTOR_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT sql_connection `database_connection_url trove`
+        iniset $TROVE_CONDUCTOR_CONF database connection `database_connection_url trove`
         iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_user radmin
         iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_tenant_name trove
         iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS

From 3011ec75493c456589947567d972c3a3c1f602bb Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Thu, 12 Mar 2015 00:34:06 -0400
Subject: [PATCH 0484/3421] install missing elasticsearch client

elasticsearch client must be explicitly installed as it's an
optional backend requirement. this patch installs the client when
installing elasticsearch

Change-Id: I534cf0c78ab1fe7d309ef5f808bbe7b5422b403e
---
 pkg/elasticsearch.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 239d6b938e..f53c7f2ff2 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -77,6 +77,7 @@ function stop_elasticsearch {
 }
 
 function install_elasticsearch {
+    pip_install elasticsearch
     if is_package_installed elasticsearch; then
         echo "Note: elasticsearch was already installed."
         return

From 6ac97deba6af9ced38f3c0ec93327d352e20c6df Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Thu, 12 Mar 2015 09:03:28 +1100
Subject: [PATCH 0485/3421] Swift use v3 auth_token credentials

The keystonemiddleware 1.5.0 released 2015-03-11 supports configuring
auth plugins from the paste config file. This means that swift can now
use authentication plugins for auth_token middleware.

Change-Id: Icb9f008a57b6f75e0506cbecd0a1e0f28b7dadda
---
 lib/swift | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/lib/swift b/lib/swift
index 8a96615d01..f291d872d4 100644
--- a/lib/swift
+++ b/lib/swift
@@ -415,16 +415,8 @@ function configure_swift {
     # IDs will included in all of its log messages.
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
 
-    # NOTE(jamielennox): swift cannot use the regular configure_auth_token_middleware function because swift
-    # doesn't use oslo.config which is the only way to configure auth plugins with the middleare.
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken identity_uri $KEYSTONE_AUTH_URI
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_URI
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $SSL_BUNDLE_FILE
-    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
+    configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False

From e52f6ca11fc581d5ab3da4200ed0128287ec2d39 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 5 Mar 2015 09:35:52 +1100
Subject: [PATCH 0486/3421] Remove packaged rpm python libraries

Let's just use pip versions

Change-Id: Idf3a3a914b54779172776822710b3e52e751b1d1
---
 files/rpms/ceilometer-collector |  1 -
 files/rpms/cinder               |  1 -
 files/rpms/glance               |  8 --------
 files/rpms/horizon              | 15 ---------------
 files/rpms/ironic               |  1 -
 files/rpms/keystone             | 10 ----------
 files/rpms/ldap                 |  1 -
 files/rpms/n-api                |  1 -
 files/rpms/n-cpu                |  2 +-
 files/rpms/neutron              |  9 ---------
 files/rpms/nova                 | 16 ----------------
 files/rpms/qpid                 |  1 -
 files/rpms/swift                |  9 ---------
 files/rpms/zaqar-server         |  1 -
 14 files changed, 1 insertion(+), 75 deletions(-)

diff --git a/files/rpms/ceilometer-collector b/files/rpms/ceilometer-collector
index 9cf580d22d..b139ed2b6b 100644
--- a/files/rpms/ceilometer-collector
+++ b/files/rpms/ceilometer-collector
@@ -1,4 +1,3 @@
 selinux-policy-targeted
 mongodb-server #NOPRIME
-pymongo # NOPRIME
 mongodb # NOPRIME
diff --git a/files/rpms/cinder b/files/rpms/cinder
index 082a35af32..9f1359f988 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -3,4 +3,3 @@ scsi-target-utils
 qemu-img
 postgresql-devel
 iscsi-initiator-utils
-python-lxml
diff --git a/files/rpms/glance b/files/rpms/glance
index a09b669309..119492a3f8 100644
--- a/files/rpms/glance
+++ b/files/rpms/glance
@@ -3,12 +3,4 @@ libxslt-devel       # testonly
 mysql-devel         # testonly
 openssl-devel       # testonly
 postgresql-devel    # testonly
-python-argparse
-python-eventlet
-python-greenlet
-python-lxml
-python-paste-deploy
-python-routes
-python-sqlalchemy
-pyxattr
 zlib-devel          # testonly
diff --git a/files/rpms/horizon b/files/rpms/horizon
index 585c36cfde..8d7f0371ef 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -2,20 +2,5 @@ Django
 httpd # NOPRIME
 mod_wsgi  # NOPRIME
 pylint
-python-anyjson
-python-BeautifulSoup
-python-coverage
-python-dateutil
-python-eventlet
-python-greenlet
-python-httplib2
-python-migrate
-python-mox
-python-nose
-python-paste
-python-paste-deploy
-python-routes
-python-sqlalchemy
-python-webob
 pyxattr
 pcre-devel  # pyScss
diff --git a/files/rpms/ironic b/files/rpms/ironic
index 0a46314964..2bf8bb370e 100644
--- a/files/rpms/ironic
+++ b/files/rpms/ironic
@@ -8,7 +8,6 @@ libvirt-python
 net-tools
 openssh-clients
 openvswitch
-python-libguestfs
 sgabios
 syslinux
 tftp-server
diff --git a/files/rpms/keystone b/files/rpms/keystone
index 45492e0de6..8074119fdb 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,14 +1,4 @@
 MySQL-python
-python-greenlet
 libxslt-devel
-python-lxml
-python-paste
-python-paste-deploy
-python-paste-script
-python-routes
-python-sqlalchemy
-python-webob
 sqlite
 mod_ssl
-
-# Deps installed via pip for RHEL
diff --git a/files/rpms/ldap b/files/rpms/ldap
index 2f7ab5de46..d89c4cf8c1 100644
--- a/files/rpms/ldap
+++ b/files/rpms/ldap
@@ -1,3 +1,2 @@
 openldap-servers
 openldap-clients
-python-ldap
diff --git a/files/rpms/n-api b/files/rpms/n-api
index 6f59e603b2..0928cd56b9 100644
--- a/files/rpms/n-api
+++ b/files/rpms/n-api
@@ -1,2 +1 @@
-python-dateutil
 fping
diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu
index 32b1546c39..c1a8e8ffa6 100644
--- a/files/rpms/n-cpu
+++ b/files/rpms/n-cpu
@@ -4,4 +4,4 @@ lvm2
 genisoimage
 sysfsutils
 sg3_utils
-python-libguestfs # NOPRIME
+
diff --git a/files/rpms/neutron b/files/rpms/neutron
index d11dab7e1a..c0dee78a48 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -10,15 +10,6 @@ mysql-devel  # testonly
 mysql-server # NOPRIME
 openvswitch # NOPRIME
 postgresql-devel        # testonly
-python-eventlet
-python-greenlet
-python-iso8601
-python-paste
-python-paste-deploy
-python-qpid # NOPRIME
-python-routes
-python-sqlalchemy
-python-suds
 rabbitmq-server # NOPRIME
 qpid-cpp-server        # NOPRIME
 sqlite
diff --git a/files/rpms/nova b/files/rpms/nova
index 557de908f1..527928a581 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -21,22 +21,6 @@ mysql-devel  # testonly
 mysql-server # NOPRIME
 parted
 polkit
-python-cheetah
-python-eventlet
-python-feedparser
-python-greenlet
-python-iso8601
-python-lockfile
-python-migrate
-python-mox
-python-paramiko
-python-paste
-python-paste-deploy
-python-qpid # NOPRIME
-python-routes
-python-sqlalchemy
-python-suds
-python-tempita
 rabbitmq-server # NOPRIME
 qpid-cpp-server # NOPRIME
 sqlite
diff --git a/files/rpms/qpid b/files/rpms/qpid
index c5e2699fcc..41dd2f69f9 100644
--- a/files/rpms/qpid
+++ b/files/rpms/qpid
@@ -1,4 +1,3 @@
 qpid-proton-c-devel # NOPRIME
-python-qpid-proton # NOPRIME
 cyrus-sasl-lib # NOPRIME
 cyrus-sasl-plain # NOPRIME
diff --git a/files/rpms/swift b/files/rpms/swift
index 0fcdb0fe27..accf547ece 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -1,14 +1,5 @@
 curl
 memcached
-python-configobj
-python-coverage
-python-eventlet
-python-greenlet
-python-netifaces
-python-nose
-python-paste-deploy
-python-simplejson
-python-webob
 pyxattr
 sqlite
 xfsprogs
diff --git a/files/rpms/zaqar-server b/files/rpms/zaqar-server
index 541cefa99d..78806fb3f6 100644
--- a/files/rpms/zaqar-server
+++ b/files/rpms/zaqar-server
@@ -3,4 +3,3 @@ mongodb
 mongodb-server
 pymongo
 redis # NOPRIME
-python-redis # NOPRIME

From b6197e6ab0b6085f2b81f7a29fa6a3ea5ec03748 Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Thu, 12 Feb 2015 15:33:35 -0500
Subject: [PATCH 0487/3421] switch to use ceilometermiddleware

swift middleware contained in ceilometer is now deprecated. the
middleware is available in ceilometermiddleware.

Change-Id: I6e41986245f4d95a9385dc7829479ed1199f10ac
---
 lib/ceilometer  | 2 ++
 lib/rpc_backend | 9 +++++++++
 lib/swift       | 6 +++++-
 stack.sh        | 3 +++
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 9db0640940..a464c52b6c 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -322,6 +322,8 @@ function install_ceilometermiddleware {
     if use_library_from_git "ceilometermiddleware"; then
         git_clone_by_name "ceilometermiddleware"
         setup_dev_lib "ceilometermiddleware"
+    else
+        pip_install ceilometermiddleware
     fi
 }
 
diff --git a/lib/rpc_backend b/lib/rpc_backend
index ff22bbf8fa..a399d1757e 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -233,6 +233,15 @@ function restart_rpc_backend {
     fi
 }
 
+# builds transport url string
+function get_transport_url {
+    if is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
+        echo "qpid://$QPID_USERNAME:$QPID_PASSWORD@$QPID_HOST:5672/"
+    elif is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
+        echo "rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672/"
+    fi
+}
+
 # iniset cofiguration
 function iniset_rpc_backend {
     local package=$1
diff --git a/lib/swift b/lib/swift
index 4a63500b54..3decd2f9f0 100644
--- a/lib/swift
+++ b/lib/swift
@@ -378,7 +378,11 @@ function configure_swift {
     # Configure Ceilometer
     if is_service_enabled ceilometer; then
         iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer "set log_level" "WARN"
-        iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer use "egg:ceilometer#swift"
+        iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer paste.filter_factory "ceilometermiddleware.swift:filter_factory"
+        iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer control_exchange "swift"
+        iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer url $(get_transport_url)
+        iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer driver "messaging"
+        iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer topic "notifications"
         SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
     fi
 
diff --git a/stack.sh b/stack.sh
index 2060f2d65a..5c726a3a1c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -739,6 +739,9 @@ if is_service_enabled keystone; then
 fi
 
 if is_service_enabled s-proxy; then
+    if is_service_enabled ceilometer; then
+        install_ceilometermiddleware
+    fi
     stack_install_service swift
     configure_swift
 

From 7b2eaedabf0700a50ddcb32ac54570ea200c616e Mon Sep 17 00:00:00 2001
From: Andrea Frittoli 
Date: Fri, 13 Mar 2015 12:05:49 +0000
Subject: [PATCH 0488/3421] Adding tempest_roles when auth_version is v3

With identity v3 the _member_ role is not added on the projects
automatically for the user when it's created.

Setting _member_ to tempest_roles so that tempest adds the role.

Change-Id: Iaae9286ecc6f019d36261a5c450068a650e24a28
---
 lib/tempest | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index f856ce05f9..fcb0e59937 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -315,6 +315,9 @@ function configure_tempest {
 
     # Auth
     iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
+    if [[ "$TEMPEST_AUTH_VERSION" == "v3" ]]; then
+        iniset $TEMPEST_CONFIG auth tempest_roles "Member"
+    fi
 
     # Compute
     iniset $TEMPEST_CONFIG compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED

From 58065f26b6f35272636174c3b07006255424b9c5 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Sat, 14 Mar 2015 06:13:26 -0700
Subject: [PATCH 0489/3421] Set compute-feature-enabled.preserve_ports=True in
 tempest.conf

Because of branchless Tempest we have to set a compute-feature-enabled
flag to test preserving preexisting ports from Neutron since the code
only works starting in Kilo and won't be backported to stable/juno or
stable/icehouse.

We can remove this flag once juno-eol happens.

Depends-On: I95469e4c2f4aa2bc4e6342860a9c222fb4fa7e16

Related-Bug: #1431724

Change-Id: I214baa3b861e29bedf6bb7b50534ac2286676dd1
---
 lib/tempest | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index f856ce05f9..f9a2da1650 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -349,6 +349,8 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
     iniset $TEMPEST_CONFIG compute-feature-enabled block_migration_for_live_migration ${USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION:-False}
     iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions $compute_api_extensions
+    # TODO(mriedem): Remove the preserve_ports flag when Juno is end of life.
+    iniset $TEMPEST_CONFIG compute-feature-enabled preserve_ports True
 
     # Compute admin
     iniset $TEMPEST_CONFIG "compute-admin" username $ADMIN_USERNAME

From 5dfecc8966912c2f74a4c7ecc85dd5f0b930cd99 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sat, 14 Mar 2015 12:28:59 -0500
Subject: [PATCH 0490/3421] Keystone RPC backend config consistency

lib/keystone was setting up rabbit config directly rather than
using the iniset_rpc_backend function that other projects use.

Change-Id: Ic368f102c808cdbd2e4cbc1ff457cdf17a681332
---
 lib/keystone | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index 0968445dc0..c9433d98fe 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -226,12 +226,7 @@ function configure_keystone {
         iniset $KEYSTONE_CONF assignment driver "keystone.assignment.backends.$KEYSTONE_ASSIGNMENT_BACKEND.Assignment"
     fi
 
-    # Configure rabbitmq credentials
-    if is_service_enabled rabbit; then
-        iniset $KEYSTONE_CONF DEFAULT rabbit_userid $RABBIT_USERID
-        iniset $KEYSTONE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $KEYSTONE_CONF DEFAULT rabbit_host $RABBIT_HOST
-    fi
+    iniset_rpc_backend keystone $KEYSTONE_CONF DEFAULT
 
     # Set the URL advertised in the ``versions`` structure returned by the '/' route
     if is_service_enabled tls-proxy; then

From 2dd110ce8668f6cb7b507928bad972d94656e2d7 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sat, 14 Mar 2015 12:39:14 -0500
Subject: [PATCH 0491/3421] iniset_rpc_backend default section

iniset_rpc_backend should know what section it needs to set the
config options in better than the callers. The config options
have actually been moved to different sections and the options
in the DEFAULT section are deprecated.

Change-Id: I0e07fe03c7812ef8df49e126bf71c57588635639
---
 lib/ceilometer  | 2 +-
 lib/cinder      | 2 +-
 lib/glance      | 4 ++--
 lib/heat        | 2 +-
 lib/ironic      | 2 +-
 lib/keystone    | 2 +-
 lib/neutron     | 2 +-
 lib/nova        | 2 +-
 lib/rpc_backend | 2 +-
 lib/sahara      | 2 +-
 lib/zaqar       | 2 +-
 11 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 9db0640940..e2400833c8 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -169,7 +169,7 @@ function configure_ceilometer {
     [ ! -d $CEILOMETER_API_LOG_DIR ] &&  sudo mkdir -m 755 -p $CEILOMETER_API_LOG_DIR
     sudo chown $STACK_USER $CEILOMETER_API_LOG_DIR
 
-    iniset_rpc_backend ceilometer $CEILOMETER_CONF DEFAULT
+    iniset_rpc_backend ceilometer $CEILOMETER_CONF
 
     iniset $CEILOMETER_CONF DEFAULT notification_topics "$CEILOMETER_NOTIFICATION_TOPICS"
     iniset $CEILOMETER_CONF DEFAULT verbose True
diff --git a/lib/cinder b/lib/cinder
index 880af1fd40..a8f05389b5 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -281,7 +281,7 @@ function configure_cinder {
         iniset $CINDER_CONF DEFAULT use_syslog True
     fi
 
-    iniset_rpc_backend cinder $CINDER_CONF DEFAULT
+    iniset_rpc_backend cinder $CINDER_CONF
 
     if [[ "$CINDER_SECURE_DELETE" == "False" ]]; then
         iniset $CINDER_CONF DEFAULT secure_delete False
diff --git a/lib/glance b/lib/glance
index eb1df2e8ae..8400ca18cc 100755
--- a/lib/glance
+++ b/lib/glance
@@ -112,7 +112,7 @@ function configure_glance {
     if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
         iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
     fi
-    iniset_rpc_backend glance $GLANCE_REGISTRY_CONF DEFAULT
+    iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
 
     cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
     iniset $GLANCE_API_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -125,7 +125,7 @@ function configure_glance {
     if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
         iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
     fi
-    iniset_rpc_backend glance $GLANCE_API_CONF DEFAULT
+    iniset_rpc_backend glance $GLANCE_API_CONF
     if [ "$VIRT_DRIVER" = 'xenserver' ]; then
         iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
         iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso"
diff --git a/lib/heat b/lib/heat
index a088e82886..d713f18269 100644
--- a/lib/heat
+++ b/lib/heat
@@ -105,7 +105,7 @@ function configure_heat {
     cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE
 
     # common options
-    iniset_rpc_backend heat $HEAT_CONF DEFAULT
+    iniset_rpc_backend heat $HEAT_CONF
     iniset $HEAT_CONF DEFAULT heat_metadata_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT
     iniset $HEAT_CONF DEFAULT heat_waitcondition_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1/waitcondition
     iniset $HEAT_CONF DEFAULT heat_watch_server_url http://$HEAT_API_CW_HOST:$HEAT_API_CW_PORT
diff --git a/lib/ironic b/lib/ironic
index 35b5411cd4..2dc95bb435 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -313,7 +313,7 @@ function configure_ironic_api {
     iniset $IRONIC_CONF_FILE keystone_authtoken cafile $SSL_BUNDLE_FILE
     iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api
 
-    iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT
+    iniset_rpc_backend ironic $IRONIC_CONF_FILE
     iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT
 
     cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON
diff --git a/lib/keystone b/lib/keystone
index c9433d98fe..89e9aa1918 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -226,7 +226,7 @@ function configure_keystone {
         iniset $KEYSTONE_CONF assignment driver "keystone.assignment.backends.$KEYSTONE_ASSIGNMENT_BACKEND.Assignment"
     fi
 
-    iniset_rpc_backend keystone $KEYSTONE_CONF DEFAULT
+    iniset_rpc_backend keystone $KEYSTONE_CONF
 
     # Set the URL advertised in the ``versions`` structure returned by the '/' route
     if is_service_enabled tls-proxy; then
diff --git a/lib/neutron b/lib/neutron
index e41abafda9..a31a064063 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -422,7 +422,7 @@ function is_neutron_enabled {
 # Set common config for all neutron server and agents.
 function configure_neutron {
     _configure_neutron_common
-    iniset_rpc_backend neutron $NEUTRON_CONF DEFAULT
+    iniset_rpc_backend neutron $NEUTRON_CONF
 
     # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
     if is_service_enabled q-lbaas; then
diff --git a/lib/nova b/lib/nova
index 199daeea3d..f0490951b7 100644
--- a/lib/nova
+++ b/lib/nova
@@ -537,7 +537,7 @@ function create_nova_conf {
 
     iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST"
     iniset $NOVA_CONF DEFAULT keystone_ec2_url $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
-    iniset_rpc_backend nova $NOVA_CONF DEFAULT
+    iniset_rpc_backend nova $NOVA_CONF
     iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
 
     iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS"
diff --git a/lib/rpc_backend b/lib/rpc_backend
index ff22bbf8fa..32c3e17aa3 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -237,7 +237,7 @@ function restart_rpc_backend {
 function iniset_rpc_backend {
     local package=$1
     local file=$2
-    local section=$3
+    local section=${3:-DEFAULT}
     if is_service_enabled zeromq; then
         iniset $file $section rpc_backend "zmq"
         iniset $file $section rpc_zmq_host `hostname`
diff --git a/lib/sahara b/lib/sahara
index 521b19a4a1..7c22d0f5b9 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -127,7 +127,7 @@ function configure_sahara {
     if is_service_enabled ceilometer; then
         iniset $SAHARA_CONF_FILE DEFAULT enable_notifications "true"
         iniset $SAHARA_CONF_FILE DEFAULT notification_driver "messaging"
-        iniset_rpc_backend sahara $SAHARA_CONF_FILE DEFAULT
+        iniset_rpc_backend sahara $SAHARA_CONF_FILE
     fi
 
     iniset $SAHARA_CONF_FILE DEFAULT verbose True
diff --git a/lib/zaqar b/lib/zaqar
index 79b4c5a2ca..02b69879fe 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -133,7 +133,7 @@ function configure_zaqar {
         iniset $ZAQAR_CONF DEFAULT notification_driver messaging
         iniset $ZAQAR_CONF DEFAULT control_exchange zaqar
     fi
-    iniset_rpc_backend zaqar $ZAQAR_CONF DEFAULT
+    iniset_rpc_backend zaqar $ZAQAR_CONF
 
     cleanup_zaqar
 }

From 1577663f4a7d50542e1c729a3f975af627f6c47b Mon Sep 17 00:00:00 2001
From: Anand Shanmugam 
Date: Sat, 14 Mar 2015 19:24:10 +0530
Subject: [PATCH 0492/3421] Fix Traceback exceptions in g-api and g-reg

The log_context format specified in glance-api and glance-reistry
are causing tracebacks.  This fix changes the
project_id and user_id to tenant and user which are supported
in oslo-context.  This is the format used by other projects

Change-Id: Ifbf268e9765039a0085c9af930dabf8a5cc681b8
Closes-Bug: #1431784
---
 lib/glance | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/glance b/lib/glance
index eb1df2e8ae..26d7960143 100755
--- a/lib/glance
+++ b/lib/glance
@@ -185,8 +185,8 @@ function configure_glance {
 
     # Format logging
     if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        setup_colorized_logging $GLANCE_API_CONF DEFAULT "project_id" "user_id"
-        setup_colorized_logging $GLANCE_REGISTRY_CONF DEFAULT "project_id" "user_id"
+        setup_colorized_logging $GLANCE_API_CONF DEFAULT tenant user
+        setup_colorized_logging $GLANCE_REGISTRY_CONF DEFAULT tenant user
     fi
 
     cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI

From 80cdbc423112f76720f9b8b4cdf19f17815429f8 Mon Sep 17 00:00:00 2001
From: Zhenzan Zhou 
Date: Mon, 16 Mar 2015 12:30:44 +0800
Subject: [PATCH 0493/3421] Make ironic ssh check timeout configurable

On some environments, the current 10s timeout waiting for server
ssh-able is not enough. SSH session was killed before the command
executed by server and then break the whole stack.sh.

Change-Id: I4d842744793455d44a633dee8920a60552e8075e
---
 lib/ironic | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 35b5411cd4..863d023c38 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -63,6 +63,7 @@ IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates}
 IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS)
 IRONIC_ENABLED_DRIVERS=${IRONIC_ENABLED_DRIVERS:-fake,pxe_ssh,pxe_ipmitool}
 IRONIC_SSH_USERNAME=${IRONIC_SSH_USERNAME:-`whoami`}
+IRONIC_SSH_TIMEOUT=${IRONIC_SSH_TIMEOUT:-15}
 IRONIC_SSH_KEY_DIR=${IRONIC_SSH_KEY_DIR:-$IRONIC_DATA_DIR/ssh_keys}
 IRONIC_SSH_KEY_FILENAME=${IRONIC_SSH_KEY_FILENAME:-ironic_key}
 IRONIC_KEY_FILE=${IRONIC_KEY_FILE:-$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME}
@@ -703,7 +704,7 @@ function ironic_ssh_check {
 
 function configure_ironic_auxiliary {
     configure_ironic_ssh_keypair
-    ironic_ssh_check $IRONIC_KEY_FILE $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME 10
+    ironic_ssh_check $IRONIC_KEY_FILE $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME $IRONIC_SSH_TIMEOUT
 }
 
 function build_ipa_coreos_ramdisk {

From 1331a828dab91f2e053cb1a4b78b872af00410c1 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Mon, 16 Mar 2015 10:27:47 +0100
Subject: [PATCH 0494/3421] Add \n at the end of samples/local.conf

Currently if you `cat` the file, the bash prompt will be at a weird
position. And if you programmaticaly add a new line to this file,
the line will be, in fact, appended to the previous line.

Change-Id: I19ba018d9a934f8fdc07cc9bec50a0105f2710f9
---
 samples/local.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/local.conf b/samples/local.conf
index e4052c21ac..63000b65ba 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -98,4 +98,4 @@ SWIFT_DATA_DIR=$DEST/data
 # -------
 
 # Install the tempest test suite
-enable_service tempest
\ No newline at end of file
+enable_service tempest

From cb3ceceda227036c357a1c3173ecbd8c3116b148 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Mon, 16 Mar 2015 10:37:51 -0400
Subject: [PATCH 0495/3421] Set INSTALL_TEMPEST to default true

This commit switches the default value for INSTALL_TEMPEST on master
devstack to be true. Not installing tempest by default on devstack is
confusing for devs and people working with tempest in devstack. The
venv isolation is only really required on stable branches because of
conflicting requirements, however it is not really necessary on master.

Change-Id: I368cb56fd9e0cbf59cefe24a46507d3f58b9a8e3
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index f856ce05f9..85bccb62a0 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -66,7 +66,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
 # This must be False on stable branches, as master tempest
 # deps do not match stable branch deps. Set this to True to
 # have tempest installed in devstack by default.
-INSTALL_TEMPEST=${INSTALL_TEMPEST:-"False"}
+INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"}
 
 
 BOTO_MATERIALS_PATH="$FILES/images/s3-materials/cirros-${CIRROS_VERSION}"

From a3430270f3b652317a85c9eabe76962bd64f4543 Mon Sep 17 00:00:00 2001
From: Andreas Scheuring 
Date: Mon, 9 Mar 2015 16:55:32 +0100
Subject: [PATCH 0496/3421] Support detection of interfaces with non-word chars
 in the name

The current regex only matches host interface names that consits
of "word characters" (regex \w). Intefaces having other special
chars like "-" or "." are not parsed. Examples that are not yet
matched are br-ex (ovs bridge) or enccw0.0.1234 (s390 eth device
name).

In addition it's hard to understand the the regex.

This fix is replacing the regex by a simple awk statement also
matching those names.

In addition the determination of the host_ip_iface was moved
down into the if clause, as it is only used inside.

Change-Id: I3d1b1afa32956e4e8c55c7e68cbafaf8e03e7da2
Closes-Bug: #1429903
---
 functions-common | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 4739e42e90..ed43e20d8d 100644
--- a/functions-common
+++ b/functions-common
@@ -542,11 +542,11 @@ function get_default_host_ip {
     local host_ip_iface=$3
     local host_ip=$4
 
-    # Find the interface used for the default route
-    host_ip_iface=${host_ip_iface:-$(ip route | sed -n '/^default/{ s/.*dev \(\w\+\)\s\+.*/\1/; p; }' | head -1)}
     # Search for an IP unless an explicit is set by ``HOST_IP`` environment variable
     if [ -z "$host_ip" -o "$host_ip" == "dhcp" ]; then
         host_ip=""
+        # Find the interface used for the default route
+        host_ip_iface=${host_ip_iface:-$(ip route | awk '/default/ {print $5}' | head -1)}
         local host_ips=$(LC_ALL=C ip -f inet addr show ${host_ip_iface} | awk '/inet/ {split($2,parts,"/");  print parts[1]}')
         local ip
         for ip in $host_ips; do

From 45e7db0e7a702e7a1cdb1121acd7c2766c664dbc Mon Sep 17 00:00:00 2001
From: Morgan Jones 
Date: Mon, 16 Mar 2015 12:20:32 -0400
Subject: [PATCH 0497/3421] Change datastore version for Mysql datastore

The Replication V2 change to Trove moves the test
datastore from Mysql 5.5 to Mysql 5.6.  This change
reflects that in devstack.

Change-Id: Ibdf32b46c200d3061975d390c872be77d19bc361
Implements: blueprint bp/replication-v2
Closes-bug: #1432686
Depends-On: I8eec708f41e791e3db04a2c7b7c12855118b64ac
---
 lib/trove | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/trove b/lib/trove
index d77798308b..9c2140cfba 100644
--- a/lib/trove
+++ b/lib/trove
@@ -44,8 +44,8 @@ TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
 TROVE_LOCAL_API_PASTE_INI=$TROVE_LOCAL_CONF_DIR/api-paste.ini
 TROVE_AUTH_CACHE_DIR=${TROVE_AUTH_CACHE_DIR:-/var/cache/trove}
 TROVE_DATASTORE_TYPE=${TROVE_DATASTORE_TYPE:-"mysql"}
-TROVE_DATASTORE_VERSION=${TROVE_DATASTORE_VERSION:-"5.5"}
-TROVE_DATASTORE_PACKAGE=${TROVE_DATASTORE_PACKAGE:-"mysql-server-5.5"}
+TROVE_DATASTORE_VERSION=${TROVE_DATASTORE_VERSION:-"5.6"}
+TROVE_DATASTORE_PACKAGE=${TROVE_DATASTORE_PACKAGE:-"mysql-server-5.6"}
 
 # Support entry points installation of console scripts
 if [[ -d $TROVE_DIR/bin ]]; then

From ad13c0a8dacbf5d5d399aa2df99313bb5fb6a39b Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sat, 14 Mar 2015 12:14:31 -0500
Subject: [PATCH 0498/3421] Keystone stop using config refs

 - Rather than using config refs, deployments should be using a tool
   such as chef or puppet to set the options correctly.

 - Config refs have a bug where you can only reference an option in
   the DEFAULT group, which limits the usefulness, and with this
   feature it's impossible to move any config options out of the
   DEFAULT group, luckily this has been ignored anyways since I think
   everyone realizes how broken it is.

Change-Id: I74cae09f9d75177f8efea69e7ae981ed8f14039f
---
 lib/keystone | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index 0968445dc0..4592440248 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -234,13 +234,8 @@ function configure_keystone {
     fi
 
     # Set the URL advertised in the ``versions`` structure returned by the '/' route
-    if is_service_enabled tls-proxy; then
-        iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/"
-        iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/"
-    else
-        iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(public_port)s/"
-        iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(admin_port)s/"
-    fi
+    iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/"
+    iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/"
     iniset $KEYSTONE_CONF DEFAULT admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
 
     # Register SSL certificates if provided

From 2662395fac0c7cf8e842b56987ad0f0cdedc3d5f Mon Sep 17 00:00:00 2001
From: Yuriy Taraday 
Date: Wed, 16 Jul 2014 17:41:53 +0400
Subject: [PATCH 0499/3421] Add rootwrap daemon mode support for Neutron

Daemon mode is turned on by default.

Implements: blueprint rootwrap-daemon-mode
Change-Id: I632df4149e9d7f78cb5a7091dfe4ea8f8ca3ddfa
---
 lib/neutron | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/neutron b/lib/neutron
index e41abafda9..411c6961ce 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -153,6 +153,7 @@ Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
 # RHEL's support for namespaces requires using veths with ovs
 Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}
 Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
+Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON)
 # Meta data IP
 Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
 # Allow Overlapping IP among subnets
@@ -226,6 +227,9 @@ if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
 else
     NEUTRON_ROOTWRAP=$(get_rootwrap_location neutron)
     Q_RR_COMMAND="sudo $NEUTRON_ROOTWRAP $Q_RR_CONF_FILE"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        Q_RR_DAEMON_COMMAND="sudo $NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
+    fi
 fi
 
 
@@ -896,6 +900,9 @@ function _configure_neutron_debug_command {
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
 
     _neutron_setup_interface_driver $NEUTRON_TEST_CONFIG_FILE
 
@@ -910,6 +917,9 @@ function _configure_neutron_dhcp_agent {
     iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
 
     if ! is_service_enabled q-l3; then
         if [[ "$ENABLE_ISOLATED_METADATA" = "True" ]]; then
@@ -943,6 +953,9 @@ function _configure_neutron_l3_agent {
     iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $Q_L3_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $Q_L3_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
 
     _neutron_setup_interface_driver $Q_L3_CONF_FILE
 
@@ -956,6 +969,9 @@ function _configure_neutron_metadata_agent {
     iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
     iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $Q_META_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
 
     # Configures keystone for metadata_agent
     # The third argument "True" sets auth_url needed to communicate with keystone
@@ -1008,6 +1024,9 @@ function _configure_neutron_plugin_agent {
     # Specify the default root helper prior to agent configuration to
     # ensure that an agent's configuration can override the default
     iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset /$Q_PLUGIN_CONF_FILE  agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
     iniset $NEUTRON_CONF DEFAULT verbose True
     iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
 
@@ -1106,16 +1125,21 @@ function _neutron_setup_rootwrap {
     sudo chmod 0644 $Q_RR_CONF_FILE
     # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
     ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
+    ROOTWRAP_DAEMON_SUDOER_CMD="$NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
 
     # Set up the rootwrap sudoers for neutron
     TEMPFILE=`mktemp`
     echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
+    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_DAEMON_SUDOER_CMD" >>$TEMPFILE
     chmod 0440 $TEMPFILE
     sudo chown root:root $TEMPFILE
     sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap
 
     # Update the root_helper
     iniset $NEUTRON_CONF agent root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $NEUTRON_CONF agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
 }
 
 # Configures keystone integration for neutron service and agents

From 6a83c423fc1d788d9e81b58a8659eca1cb84095d Mon Sep 17 00:00:00 2001
From: Eli Qiao 
Date: Tue, 17 Mar 2015 16:54:16 +0800
Subject: [PATCH 0500/3421] Fix pip install error

If we set mutiple proxy (ip or url), pip install will
treat the second proxy as a command.
Add quotation marks around proxy.
expecially for no_proxy

Change-Id: I38ad3f083ba5155cda0e5e2b8f5df64492b7fecd
---
 inc/python | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/python b/inc/python
index d72c3c94d7..229c54009d 100644
--- a/inc/python
+++ b/inc/python
@@ -94,9 +94,9 @@ function pip_install {
 
     $xtrace
     $sudo_pip \
-        http_proxy=${http_proxy:-} \
-        https_proxy=${https_proxy:-} \
-        no_proxy=${no_proxy:-} \
+        http_proxy="${http_proxy:-}" \
+        https_proxy="${https_proxy:-}" \
+        no_proxy="${no_proxy:-}" \
         PIP_FIND_LINKS=$PIP_FIND_LINKS \
         $cmd_pip install \
         $@

From 302389bf8d1d9dfeed9a7c07e8bb4b85fc731028 Mon Sep 17 00:00:00 2001
From: Vitaly Gridnev 
Date: Thu, 12 Mar 2015 14:15:44 +0300
Subject: [PATCH 0501/3421] [SAHARA] Remove copying sahara.conf from base
 config file

Sahara is going to remove sahara.conf.sample because it
is not gated anymore and therefore it gets out of date.
So, we need to remove copying sahara.conf from base config file
sahara.conf.sample

Change-Id: I0ddf36cfc15694dfe41fe695d577199da75ce7f1
---
 lib/sahara | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/sahara b/lib/sahara
index 521b19a4a1..709e90e1bd 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -111,9 +111,6 @@ function configure_sahara {
         cp -p $SAHARA_DIR/etc/sahara/policy.json $SAHARA_CONF_DIR
     fi
 
-    # Copy over sahara configuration file and configure common parameters.
-    cp $SAHARA_DIR/etc/sahara/sahara.conf.sample $SAHARA_CONF_FILE
-
     # Create auth cache dir
     sudo mkdir -p $SAHARA_AUTH_CACHE_DIR
     sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR

From d66bac3f70ce2470be8d19f91b6945483a62328f Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 17 Mar 2015 09:10:01 -0400
Subject: [PATCH 0502/3421] remove horizon exercises

The horizon team keeps changing how the UI is exposed. This exercise
keeps lagging and doesn't really test anything useful any more. Just
delete it.

Change-Id: Id62904868f1d4b39e33d2ad63340b5ee2177fb56
---
 exercises/horizon.sh | 45 --------------------------------------------
 1 file changed, 45 deletions(-)
 delete mode 100755 exercises/horizon.sh

diff --git a/exercises/horizon.sh b/exercises/horizon.sh
deleted file mode 100755
index 4020580157..0000000000
--- a/exercises/horizon.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-
-# **horizon.sh**
-
-# Sanity check that horizon started if enabled
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import configuration
-source $TOP_DIR/openrc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-is_service_enabled horizon || exit 55
-
-# can we get the front page
-$CURL_GET http://$SERVICE_HOST 2>/dev/null | grep -q 'Log In' || die $LINENO "Horizon front page not functioning!"
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
-

From a03ed3762613a70e9f15811bc02a5006c0004f05 Mon Sep 17 00:00:00 2001
From: Thanassis Parathyras 
Date: Thu, 12 Mar 2015 22:15:50 +0200
Subject: [PATCH 0503/3421] Adds documentation for devstack unit tests
 enablement

Closes Bug: 1283214
Closes Bug: 1203723

Change-Id: Iac25185c7cc92ddebd3a22b602f7c8885d009807
---
 doc/source/configuration.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index fe3e2c29bf..7d06658ee2 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -378,6 +378,18 @@ IP Version
       can be configured with any valid IPv6 prefix. The default values make
       use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC 4193.*
 
+Unit tests dependencies install
+-------------------------------
+
+    | *Default: ``INSTALL_TESTONLY_PACKAGES=False``*
+    |  In order to be able to run unit tests with script ``run_test.sh``,
+       the required package dependencies need to be installed.
+       Setting this option as below does the work.
+
+    ::
+
+        INSTALL_TESTONLY_PACKAGES=True
+
 Examples
 ========
 

From 744c2afd6f5a594a5a16144c773436fbca263c4d Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Tue, 16 Dec 2014 12:00:40 +1300
Subject: [PATCH 0504/3421] Allow heat-standalone to work with keystone v3

Heat can now run in standalone mode with the default v3 keystone
backend.

This change removes the installation of the v2 contrib backend.
It also configures saner defaults when HEAT_STANDALONE is True.
Using trusts and a stack-domain will never work in standalone mode
since they both require a service user which doesn't exist in
standalone mode.

Finally, this change prevents heat.conf being populated with service user options
not required by standalone mode.

Configuring the v2 backend may be reintroduced later with a dedicated
flag variable.

Change-Id: I88403e359e5e59e776b25ba1b65fae6fa8a3548e
---
 lib/heat | 83 ++++++++++++++++++++++++++++++--------------------------
 stack.sh |  2 +-
 2 files changed, 45 insertions(+), 40 deletions(-)

diff --git a/lib/heat b/lib/heat
index a088e82886..cef70692c7 100644
--- a/lib/heat
+++ b/lib/heat
@@ -49,13 +49,19 @@ HEAT_CONF_DIR=/etc/heat
 HEAT_CONF=$HEAT_CONF_DIR/heat.conf
 HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
 HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
-HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
 HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
 HEAT_API_PORT=${HEAT_API_PORT:-8004}
 
 
 # other default options
-HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
+if [[ "$HEAT_STANDALONE" = "True" ]]; then
+    # for standalone, use defaults which require no service user
+    HEAT_STACK_DOMAIN=`trueorfalse False $HEAT_STACK_DOMAIN`
+    HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
+else
+    HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
+    HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
+fi
 
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,heat
@@ -77,13 +83,11 @@ function cleanup_heat {
     sudo rm -rf $HEAT_AUTH_CACHE_DIR
     sudo rm -rf $HEAT_ENV_DIR
     sudo rm -rf $HEAT_TEMPLATES_DIR
+    sudo rm -rf $HEAT_CONF_DIR
 }
 
 # configure_heat() - Set config files, create data dirs, etc
 function configure_heat {
-    if [[ "$HEAT_STANDALONE" = "True" ]]; then
-        setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2
-    fi
 
     if [[ ! -d $HEAT_CONF_DIR ]]; then
         sudo mkdir -p $HEAT_CONF_DIR
@@ -127,24 +131,22 @@ function configure_heat {
     # auth plugin setup. This should be fixed in heat.  Heat is also the only
     # service that requires the auth_uri to include a /v2.0. Remove this custom
     # setup when bug #1300246 is resolved.
-    iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
     iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
-    iniset $HEAT_CONF keystone_authtoken admin_user heat
-    iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
-    iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
-    iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
-    iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
-
-    # ec2authtoken
-    iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
-
-    # paste_deploy
     if [[ "$HEAT_STANDALONE" = "True" ]]; then
         iniset $HEAT_CONF paste_deploy flavor standalone
-        iniset $HEAT_CONF DEFAULT keystone_backend heat_keystoneclient_v2.client.KeystoneClientV2
         iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
+    else
+        iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+        iniset $HEAT_CONF keystone_authtoken admin_user heat
+        iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+        iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+        iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
+        iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
     fi
 
+    # ec2authtoken
+    iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
+
     # OpenStack API
     iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
     iniset $HEAT_CONF heat_api workers "$API_WORKERS"
@@ -243,29 +245,32 @@ function stop_heat {
 
 # create_heat_accounts() - Set up common required heat accounts
 function create_heat_accounts {
-    create_service_user "heat" "admin"
-
-    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-        local heat_service=$(get_or_create_service "heat" \
-                "orchestration" "Heat Orchestration Service")
-        get_or_create_endpoint $heat_service \
-            "$REGION_NAME" \
-            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
-            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
-            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
-
-        local heat_cfn_service=$(get_or_create_service "heat-cfn" \
-                "cloudformation" "Heat CloudFormation Service")
-        get_or_create_endpoint $heat_cfn_service \
-            "$REGION_NAME" \
-            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
-            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
-            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
-    fi
+    if [[ "$HEAT_STANDALONE" != "True" ]]; then
+
+        create_service_user "heat" "admin"
+
+        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+
+            local heat_service=$(get_or_create_service "heat" \
+                    "orchestration" "Heat Orchestration Service")
+            get_or_create_endpoint $heat_service \
+                "$REGION_NAME" \
+                "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+                "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
+                "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
+
+            local heat_cfn_service=$(get_or_create_service "heat-cfn" \
+                    "cloudformation" "Heat CloudFormation Service")
+            get_or_create_endpoint $heat_cfn_service \
+                "$REGION_NAME" \
+                "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+                "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
+                "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
+        fi
 
-    # heat_stack_user role is for users created by Heat
-    get_or_create_role "heat_stack_user"
+        # heat_stack_user role is for users created by Heat
+        get_or_create_role "heat_stack_user"
+    fi
 
     if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
         iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
diff --git a/stack.sh b/stack.sh
index eac7eec724..f049782387 100755
--- a/stack.sh
+++ b/stack.sh
@@ -978,7 +978,7 @@ if is_service_enabled keystone; then
         create_swift_accounts
     fi
 
-    if is_service_enabled heat && [[ "$HEAT_STANDALONE" != "True" ]]; then
+    if is_service_enabled heat; then
         create_heat_accounts
     fi
 

From fdf00f27db19f572ac1d8fd3714c5b412556dbf3 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 13 Mar 2015 11:50:02 +1100
Subject: [PATCH 0505/3421] Add defaults for yum proxy variables

Without these defaults, sourcing functions-common with -u turned on
(as say ./tools/build_wheels.sh does) will bail out with unset
variable errors.  Also fix up quoting, and add no_proxy for zypper run

Change-Id: Ideb441634243c1c5ce7db3a375c2d98617e9d1dc
---
 functions-common | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/functions-common b/functions-common
index 4739e42e90..838ca53f6a 100644
--- a/functions-common
+++ b/functions-common
@@ -1019,8 +1019,8 @@ function yum_install {
     # The manual check for missing packages is because yum -y assumes
     # missing packages are OK.  See
     # https://bugzilla.redhat.com/show_bug.cgi?id=965567
-    $sudo http_proxy=$http_proxy https_proxy=$https_proxy \
-        no_proxy=$no_proxy \
+    $sudo http_proxy="${http_proxy:-}" https_proxy="${https_proxy:-}" \
+        no_proxy="${no_proxy:-}" \
         ${YUM:-yum} install -y "$@" 2>&1 | \
         awk '
             BEGIN { fail=0 }
@@ -1042,7 +1042,8 @@ function zypper_install {
     [[ "$OFFLINE" = "True" ]] && return
     local sudo="sudo"
     [[ "$(id -u)" = "0" ]] && sudo="env"
-    $sudo http_proxy=$http_proxy https_proxy=$https_proxy \
+    $sudo http_proxy="${http_proxy:-}" https_proxy="${https_proxy:-}" \
+        no_proxy="${no_proxy:-}" \
         zypper --non-interactive install --auto-agree-with-licenses "$@"
 }
 

From ee78c9e2f6076db2db1b2fc3c1178905de6f7e5d Mon Sep 17 00:00:00 2001
From: Josh Gachnang 
Date: Mon, 16 Mar 2015 23:24:52 -0700
Subject: [PATCH 0506/3421] Add Ironic cleaning network

The cleaning network is where ramdisks will be booted during
the cleaning process. We want to ensure nodes are being properly
cleaned on tear down.

Change-Id: Ic38de10668c97648d073fdf9a3afc59712057849
Implements: bp/implement-cleaning-states
---
 lib/ironic | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/ironic b/lib/ironic
index 35b5411cd4..71f9933d36 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -427,6 +427,11 @@ function create_ironic_accounts {
 
 # init_ironic() - Initialize databases, etc.
 function init_ironic {
+    # Save private network as cleaning network
+    local cleaning_network_uuid
+    cleaning_network_uuid=$(neutron net-list | grep private | get_field 1)
+    iniset $IRONIC_CONF_FILE neutron cleaning_network_uuid ${cleaning_network_uuid}
+
     # (Re)create  ironic database
     recreate_database ironic
 

From 8421c2b9ab5d8242abb7d1bdc20435408db8b802 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Mon, 16 Mar 2015 13:52:19 -0500
Subject: [PATCH 0507/3421] Use install(1) where possible

This eliminated a number of sudo calls by doing the copy/chown/chmod in
a single step and sets a common pattern.

Change-Id: I9c8f48854d5bc443cc187df0948c28b82c4d2838
---
 lib/ceilometer |  9 ++-------
 lib/cinder     | 21 ++++++++-------------
 lib/glance     | 18 +++---------------
 lib/heat       | 16 ++++------------
 lib/ironic     | 17 ++++-------------
 lib/keystone   | 11 +++--------
 lib/neutron    | 20 ++++++--------------
 lib/nova       | 27 ++++++++++-----------------
 lib/sahara     | 10 ++--------
 lib/swift      | 10 ++++------
 lib/tempest    |  8 ++------
 lib/trove      |  5 +----
 lib/zaqar      |  6 ++----
 13 files changed, 51 insertions(+), 127 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 9db0640940..318c5467cf 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -163,11 +163,7 @@ function _config_ceilometer_apache_wsgi {
 
 # configure_ceilometer() - Set config files, create data dirs, etc
 function configure_ceilometer {
-    [ ! -d $CEILOMETER_CONF_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_CONF_DIR
-    sudo chown $STACK_USER $CEILOMETER_CONF_DIR
-
-    [ ! -d $CEILOMETER_API_LOG_DIR ] &&  sudo mkdir -m 755 -p $CEILOMETER_API_LOG_DIR
-    sudo chown $STACK_USER $CEILOMETER_API_LOG_DIR
+    sudo install -d -o $STACK_USER -m 755 $CEILOMETER_CONF_DIR $CEILOMETER_API_LOG_DIR
 
     iniset_rpc_backend ceilometer $CEILOMETER_CONF DEFAULT
 
@@ -267,8 +263,7 @@ function configure_mongodb {
 # init_ceilometer() - Initialize etc.
 function init_ceilometer {
     # Create cache dir
-    sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
     rm -f $CEILOMETER_AUTH_CACHE_DIR/*
 
     if is_service_enabled mysql postgresql; then
diff --git a/lib/cinder b/lib/cinder
index 880af1fd40..51f0163e44 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -174,16 +174,15 @@ function configure_cinder_rootwrap {
     if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then
         sudo rm -rf $CINDER_CONF_DIR/rootwrap.d
     fi
+
     # Deploy filters to /etc/cinder/rootwrap.d
-    sudo mkdir -m 755 $CINDER_CONF_DIR/rootwrap.d
-    sudo cp $CINDER_DIR/etc/cinder/rootwrap.d/*.filters $CINDER_CONF_DIR/rootwrap.d
-    sudo chown -R root:root $CINDER_CONF_DIR/rootwrap.d
-    sudo chmod 644 $CINDER_CONF_DIR/rootwrap.d/*
+    sudo install -d -o root -g root -m 755 $CINDER_CONF_DIR/rootwrap.d
+    sudo install -o root -g root -m 644 $CINDER_DIR/etc/cinder/rootwrap.d/*.filters $CINDER_CONF_DIR/rootwrap.d
+
     # Set up rootwrap.conf, pointing to /etc/cinder/rootwrap.d
-    sudo cp $CINDER_DIR/etc/cinder/rootwrap.conf $CINDER_CONF_DIR/
+    sudo install -o root -g root -m 644 $CINDER_DIR/etc/cinder/rootwrap.conf $CINDER_CONF_DIR
     sudo sed -e "s:^filters_path=.*$:filters_path=$CINDER_CONF_DIR/rootwrap.d:" -i $CINDER_CONF_DIR/rootwrap.conf
-    sudo chown root:root $CINDER_CONF_DIR/rootwrap.conf
-    sudo chmod 0644 $CINDER_CONF_DIR/rootwrap.conf
+
     # Specify rootwrap.conf as first parameter to rootwrap
     ROOTWRAP_CSUDOER_CMD="$cinder_rootwrap $CINDER_CONF_DIR/rootwrap.conf *"
 
@@ -197,10 +196,7 @@ function configure_cinder_rootwrap {
 
 # configure_cinder() - Set config files, create data dirs, etc
 function configure_cinder {
-    if [[ ! -d $CINDER_CONF_DIR ]]; then
-        sudo mkdir -p $CINDER_CONF_DIR
-    fi
-    sudo chown $STACK_USER $CINDER_CONF_DIR
+    sudo install -d -o $STACK_USER -m 755 $CINDER_CONF_DIR
 
     cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
 
@@ -351,8 +347,7 @@ function create_cinder_accounts {
 # create_cinder_cache_dir() - Part of the init_cinder() process
 function create_cinder_cache_dir {
     # Create cache dir
-    sudo mkdir -p $CINDER_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR
     rm -f $CINDER_AUTH_CACHE_DIR/*
 }
 
diff --git a/lib/glance b/lib/glance
index eb1df2e8ae..db3de17232 100755
--- a/lib/glance
+++ b/lib/glance
@@ -90,15 +90,7 @@ function cleanup_glance {
 
 # configure_glance() - Set config files, create data dirs, etc
 function configure_glance {
-    if [[ ! -d $GLANCE_CONF_DIR ]]; then
-        sudo mkdir -p $GLANCE_CONF_DIR
-    fi
-    sudo chown $STACK_USER $GLANCE_CONF_DIR
-
-    if [[ ! -d $GLANCE_METADEF_DIR ]]; then
-        sudo mkdir -p $GLANCE_METADEF_DIR
-    fi
-    sudo chown $STACK_USER $GLANCE_METADEF_DIR
+    sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
 
     # Copy over our glance configurations and update them
     cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
@@ -263,12 +255,8 @@ function create_glance_accounts {
 # create_glance_cache_dir() - Part of the init_glance() process
 function create_glance_cache_dir {
     # Create cache dir
-    sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
-    sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
-    rm -f $GLANCE_AUTH_CACHE_DIR/api/*
-    sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
-    sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
-    rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
+    sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry
+    rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/*
 }
 
 # init_glance() - Initialize databases, etc.
diff --git a/lib/heat b/lib/heat
index a088e82886..d75652ab7b 100644
--- a/lib/heat
+++ b/lib/heat
@@ -85,10 +85,7 @@ function configure_heat {
         setup_develop $HEAT_DIR/contrib/heat_keystoneclient_v2
     fi
 
-    if [[ ! -d $HEAT_CONF_DIR ]]; then
-        sudo mkdir -p $HEAT_CONF_DIR
-    fi
-    sudo chown $STACK_USER $HEAT_CONF_DIR
+    sudo install -d -o $STACK_USER $HEAT_CONF_DIR
     # remove old config files
     rm -f $HEAT_CONF_DIR/heat-*.conf
 
@@ -172,15 +169,11 @@ function configure_heat {
         iniset $HEAT_CONF DEFAULT enable_stack_abandon true
     fi
 
-    # heat environment
-    sudo mkdir -p $HEAT_ENV_DIR
-    sudo chown $STACK_USER $HEAT_ENV_DIR
+    sudo install -d -o $STACK_USER $HEAT_ENV_DIR $HEAT_TEMPLATES_DIR
+
     # copy the default environment
     cp $HEAT_DIR/etc/heat/environment.d/* $HEAT_ENV_DIR/
 
-    # heat template resources.
-    sudo mkdir -p $HEAT_TEMPLATES_DIR
-    sudo chown $STACK_USER $HEAT_TEMPLATES_DIR
     # copy the default templates
     cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/
 
@@ -199,8 +192,7 @@ function init_heat {
 # create_heat_cache_dir() - Part of the init_heat() process
 function create_heat_cache_dir {
     # Create cache dirs
-    sudo mkdir -p $HEAT_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER $HEAT_AUTH_CACHE_DIR
 }
 
 # install_heatclient() - Collect source and prepare
diff --git a/lib/ironic b/lib/ironic
index 35b5411cd4..2fddc54b63 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -233,22 +233,14 @@ function cleanup_ironic {
 # configure_ironic_dirs() - Create all directories required by Ironic and
 # associated services.
 function configure_ironic_dirs {
-    if [[ ! -d $IRONIC_CONF_DIR ]]; then
-        sudo mkdir -p $IRONIC_CONF_DIR
-    fi
+    sudo install -d -o $STACK_USER $IRONIC_CONF_DIR $STACK_USER $IRONIC_DATA_DIR \
+        $IRONIC_STATE_PATH $IRONIC_TFTPBOOT_DIR $IRONIC_TFTPBOOT_DIR/pxelinux.cfg
+    sudo chown -R $STACK_USER:$LIBVIRT_GROUP $IRONIC_TFTPBOOT_DIR
 
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        sudo mkdir -p $IRONIC_HTTP_DIR
-        sudo chown -R $STACK_USER:$LIBVIRT_GROUP $IRONIC_HTTP_DIR
+        sudo install -d -o $STACK_USER -g $LIBVIRT_GROUP $IRONIC_HTTP_DIR
     fi
 
-    sudo mkdir -p $IRONIC_DATA_DIR
-    sudo mkdir -p $IRONIC_STATE_PATH
-    sudo mkdir -p $IRONIC_TFTPBOOT_DIR
-    sudo chown -R $STACK_USER $IRONIC_DATA_DIR $IRONIC_STATE_PATH
-    sudo chown -R $STACK_USER:$LIBVIRT_GROUP $IRONIC_TFTPBOOT_DIR
-    mkdir -p $IRONIC_TFTPBOOT_DIR/pxelinux.cfg
-
     if [ ! -f $IRONIC_PXE_BOOT_IMAGE ]; then
         die $LINENO "PXE boot file $IRONIC_PXE_BOOT_IMAGE not found."
     fi
@@ -267,7 +259,6 @@ function configure_ironic_dirs {
 # configure_ironic() - Set config files, create data dirs, etc
 function configure_ironic {
     configure_ironic_dirs
-    sudo chown $STACK_USER $IRONIC_CONF_DIR
 
     # Copy over ironic configuration file and configure common parameters.
     cp $IRONIC_DIR/etc/ironic/ironic.conf.sample $IRONIC_CONF_FILE
diff --git a/lib/keystone b/lib/keystone
index 0968445dc0..9dfdc608d4 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -175,14 +175,10 @@ function _config_keystone_apache_wsgi {
 
 # configure_keystone() - Set config files, create data dirs, etc
 function configure_keystone {
-    if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
-        sudo mkdir -p $KEYSTONE_CONF_DIR
-    fi
-    sudo chown $STACK_USER $KEYSTONE_CONF_DIR
+    sudo install -d -o $STACK_USER $KEYSTONE_CONF_DIR
 
     if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
-        cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
-        chmod 600 $KEYSTONE_CONF
+        install -m 600 $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
         cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
         if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then
             cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI"
@@ -490,8 +486,7 @@ function init_keystone {
         $KEYSTONE_DIR/bin/keystone-manage pki_setup
 
         # Create cache dir
-        sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
-        sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
+        sudo install -d -o $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
         rm -f $KEYSTONE_AUTH_CACHE_DIR/*
     fi
 }
diff --git a/lib/neutron b/lib/neutron
index e41abafda9..d0463d8089 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -495,8 +495,7 @@ function create_nova_conf_neutron {
 # create_neutron_cache_dir() - Part of the _neutron_setup_keystone() process
 function create_neutron_cache_dir {
     # Create cache dir
-    sudo mkdir -p $NEUTRON_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $NEUTRON_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
     rm -f $NEUTRON_AUTH_CACHE_DIR/*
 }
 
@@ -800,10 +799,7 @@ function cleanup_neutron {
 
 function _create_neutron_conf_dir {
     # Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
-    if [[ ! -d $NEUTRON_CONF_DIR ]]; then
-        sudo mkdir -p $NEUTRON_CONF_DIR
-    fi
-    sudo chown $STACK_USER $NEUTRON_CONF_DIR
+    sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
 }
 
 # _configure_neutron_common()
@@ -1075,10 +1071,8 @@ function _neutron_service_plugin_class_add {
 # _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
 function _neutron_deploy_rootwrap_filters {
     local srcdir=$1
-    mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
-    sudo cp -pr $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
-    sudo chown -R root:root $Q_CONF_ROOTWRAP_D
-    sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
+    sudo install -d -o root -m 755 $Q_CONF_ROOTWRAP_D
+    sudo install -o root -m 644 $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
 }
 
 # _neutron_setup_rootwrap() - configure Neutron's rootwrap
@@ -1097,13 +1091,11 @@ function _neutron_setup_rootwrap {
     # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d``
     # location moved in newer versions, prefer new location
     if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then
-        sudo cp -p $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE
+        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE
     else
-        sudo cp -p $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
+        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
     fi
     sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
-    sudo chown root:root $Q_RR_CONF_FILE
-    sudo chmod 0644 $Q_RR_CONF_FILE
     # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
     ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
 
diff --git a/lib/nova b/lib/nova
index 199daeea3d..e850fe9daf 100644
--- a/lib/nova
+++ b/lib/nova
@@ -232,16 +232,15 @@ function configure_nova_rootwrap {
     if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then
         sudo rm -rf $NOVA_CONF_DIR/rootwrap.d
     fi
+
     # Deploy filters to /etc/nova/rootwrap.d
-    sudo mkdir -m 755 $NOVA_CONF_DIR/rootwrap.d
-    sudo cp $NOVA_DIR/etc/nova/rootwrap.d/*.filters $NOVA_CONF_DIR/rootwrap.d
-    sudo chown -R root:root $NOVA_CONF_DIR/rootwrap.d
-    sudo chmod 644 $NOVA_CONF_DIR/rootwrap.d/*
+    sudo install -d -o root -g root -m 755 $NOVA_CONF_DIR/rootwrap.d
+    sudo install -o root -g root -m 644  $NOVA_DIR/etc/nova/rootwrap.d/*.filters $NOVA_CONF_DIR/rootwrap.d
+
     # Set up rootwrap.conf, pointing to /etc/nova/rootwrap.d
-    sudo cp $NOVA_DIR/etc/nova/rootwrap.conf $NOVA_CONF_DIR/
+    sudo install -o root -g root -m 644 $NOVA_DIR/etc/nova/rootwrap.conf $NOVA_CONF_DIR
     sudo sed -e "s:^filters_path=.*$:filters_path=$NOVA_CONF_DIR/rootwrap.d:" -i $NOVA_CONF_DIR/rootwrap.conf
-    sudo chown root:root $NOVA_CONF_DIR/rootwrap.conf
-    sudo chmod 0644 $NOVA_CONF_DIR/rootwrap.conf
+
     # Specify rootwrap.conf as first parameter to nova-rootwrap
     local rootwrap_sudoer_cmd="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.conf *"
 
@@ -256,10 +255,7 @@ function configure_nova_rootwrap {
 # configure_nova() - Set config files, create data dirs, etc
 function configure_nova {
     # Put config files in ``/etc/nova`` for everyone to find
-    if [[ ! -d $NOVA_CONF_DIR ]]; then
-        sudo mkdir -p $NOVA_CONF_DIR
-    fi
-    sudo chown $STACK_USER $NOVA_CONF_DIR
+    sudo install -d -o $STACK_USER $NOVA_CONF_DIR
 
     cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
 
@@ -318,8 +314,7 @@ function configure_nova {
         # ----------------
 
         # Nova stores each instance in its own directory.
-        sudo mkdir -p $NOVA_INSTANCES_PATH
-        sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
+        sudo install -d -o $STACK_USER $NOVA_INSTANCES_PATH
 
         # You can specify a different disk to be mounted and used for backing the
         # virtual machines.  If there is a partition labeled nova-instances we
@@ -603,8 +598,7 @@ function init_nova_cells {
 # create_nova_cache_dir() - Part of the init_nova() process
 function create_nova_cache_dir {
     # Create cache dir
-    sudo mkdir -p $NOVA_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR
     rm -f $NOVA_AUTH_CACHE_DIR/*
 }
 
@@ -621,8 +615,7 @@ function create_nova_conf_nova_network {
 # create_nova_keys_dir() - Part of the init_nova() process
 function create_nova_keys_dir {
     # Create keys dir
-    sudo mkdir -p ${NOVA_STATE_PATH}/keys
-    sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
+    sudo install -d -o $STACK_USER ${NOVA_STATE_PATH} ${NOVA_STATE_PATH}/keys
 }
 
 # init_nova() - Initialize databases, etc.
diff --git a/lib/sahara b/lib/sahara
index 521b19a4a1..f389326a6f 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -101,11 +101,7 @@ function cleanup_sahara {
 
 # configure_sahara() - Set config files, create data dirs, etc
 function configure_sahara {
-
-    if [[ ! -d $SAHARA_CONF_DIR ]]; then
-        sudo mkdir -p $SAHARA_CONF_DIR
-    fi
-    sudo chown $STACK_USER $SAHARA_CONF_DIR
+    sudo install -d -o $STACK_USER $SAHARA_CONF_DIR
 
     if [[ -f $SAHARA_DIR/etc/sahara/policy.json ]]; then
         cp -p $SAHARA_DIR/etc/sahara/policy.json $SAHARA_CONF_DIR
@@ -115,9 +111,7 @@ function configure_sahara {
     cp $SAHARA_DIR/etc/sahara/sahara.conf.sample $SAHARA_CONF_FILE
 
     # Create auth cache dir
-    sudo mkdir -p $SAHARA_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR
-    sudo chmod 700 $SAHARA_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER -m 700 $SAHARA_AUTH_CACHE_DIR
     rm -rf $SAHARA_AUTH_CACHE_DIR/*
 
     configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR
diff --git a/lib/swift b/lib/swift
index 4a63500b54..9781e862db 100644
--- a/lib/swift
+++ b/lib/swift
@@ -306,8 +306,8 @@ function configure_swift {
     # Make sure to kill all swift processes first
     swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
 
-    sudo mkdir -p ${SWIFT_CONF_DIR}/{object,container,account}-server
-    sudo chown -R ${STACK_USER}: ${SWIFT_CONF_DIR}
+    sudo install -d -o ${STACK_USER} ${SWIFT_CONF_DIR}
+    sudo install -d -o ${STACK_USER} ${SWIFT_CONF_DIR}/{object,container,account}-server
 
     if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then
         # Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed.
@@ -534,8 +534,7 @@ function create_swift_disk {
     # changing the permissions so we can run it as our user.
 
     local user_group=$(id -g ${STACK_USER})
-    sudo mkdir -p ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
-    sudo chown -R ${STACK_USER}:${user_group} ${SWIFT_DATA_DIR}
+    sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
 
     # Create a loopback disk and format it to XFS.
     if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
@@ -675,8 +674,7 @@ function init_swift {
     } && popd >/dev/null
 
     # Create cache dir
-    sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
+    sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR
     rm -f $SWIFT_AUTH_CACHE_DIR/*
 }
 
diff --git a/lib/tempest b/lib/tempest
index f856ce05f9..99cfc5857b 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -170,12 +170,8 @@ function configure_tempest {
 
     # Create tempest.conf from tempest.conf.sample
     # copy every time, because the image UUIDS are going to change
-    if [[ ! -d $TEMPEST_CONFIG_DIR ]]; then
-        sudo mkdir -p $TEMPEST_CONFIG_DIR
-    fi
-    sudo chown $STACK_USER $TEMPEST_CONFIG_DIR
-    cp $TEMPEST_DIR/etc/tempest.conf.sample $TEMPEST_CONFIG
-    chmod 644 $TEMPEST_CONFIG
+    sudo install -d -o $STACK_USER $TEMPEST_CONFIG_DIR
+    install -m 644 $TEMPEST_DIR/etc/tempest.conf.sample $TEMPEST_CONFIG
 
     password=${ADMIN_PASSWORD:-secrete}
 
diff --git a/lib/trove b/lib/trove
index d77798308b..dab6dced54 100644
--- a/lib/trove
+++ b/lib/trove
@@ -121,10 +121,7 @@ function configure_trove {
     setup_develop $TROVE_DIR
 
     # Create the trove conf dir and cache dirs if they don't exist
-    sudo mkdir -p ${TROVE_CONF_DIR}
-    sudo mkdir -p ${TROVE_AUTH_CACHE_DIR}
-    sudo chown -R $STACK_USER: ${TROVE_CONF_DIR}
-    sudo chown -R $STACK_USER: ${TROVE_AUTH_CACHE_DIR}
+    sudo install -d -o $STACK_USER ${TROVE_CONF_DIR} ${TROVE_AUTH_CACHE_DIR}
 
     # Copy api-paste file over to the trove conf dir
     cp $TROVE_LOCAL_API_PASTE_INI $TROVE_API_PASTE_INI
diff --git a/lib/zaqar b/lib/zaqar
index 79b4c5a2ca..5f3f7bb20b 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -105,8 +105,7 @@ function configure_zaqarclient {
 function configure_zaqar {
     setup_develop $ZAQAR_DIR
 
-    [ ! -d $ZAQAR_CONF_DIR ] && sudo mkdir -m 755 -p $ZAQAR_CONF_DIR
-    sudo chown $USER $ZAQAR_CONF_DIR
+    sudo install -d -o $STACK_USER -m 755 $ZAQAR_CONF_DIR
 
     iniset $ZAQAR_CONF DEFAULT debug True
     iniset $ZAQAR_CONF DEFAULT verbose True
@@ -168,8 +167,7 @@ function configure_mongodb {
 # init_zaqar() - Initialize etc.
 function init_zaqar {
     # Create cache dir
-    sudo mkdir -p $ZAQAR_AUTH_CACHE_DIR
-    sudo chown $STACK_USER $ZAQAR_AUTH_CACHE_DIR
+    sudo install -d -o $STACK_USER $ZAQAR_AUTH_CACHE_DIR
     rm -f $ZAQAR_AUTH_CACHE_DIR/*
 }
 

From 199c6048fd209d87c87c0bb40860f4b4b2661a5e Mon Sep 17 00:00:00 2001
From: Pavlo Shchelokovskyy 
Date: Wed, 18 Mar 2015 10:48:47 +0000
Subject: [PATCH 0508/3421] Recreate tox venv for tempest on stack.sh run

Sometimes when certain dependencies are changed, recreating an existing
DevStack fails, as tempest is using an old existing venv for tox run,
where dependencies are not met.

This change should help developers who are reusing
their existing DevStack.
The gate should not be affected as there the vev is freshly created
anyway.

Change-Id: Ic42ba1cb0aa829c5120151d3d8cdafa4efc3ffaa
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index fcb0e59937..655bb08368 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -337,7 +337,7 @@ function configure_tempest {
     # NOTE(mtreinish): This must be done after auth settings are added to the tempest config
     local tmp_cfg_file=$(mktemp)
     cd $TEMPEST_DIR
-    tox -evenv -- verify-tempest-config -uro $tmp_cfg_file
+    tox -revenv -- verify-tempest-config -uro $tmp_cfg_file
 
     local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
     if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then

From 4bf861c76c220a98a3b3165eea5448411d000f3a Mon Sep 17 00:00:00 2001
From: John Griffith 
Date: Tue, 17 Mar 2015 21:07:39 -0600
Subject: [PATCH 0509/3421] Create global_filter to avoid scan of missing devs

A while back I added an lvm.conf file with a device filter setting
to try and clean up the LVM hangs in the gate:
  (commit 0b9e76f280208b5b5ad54bb6fbc4133e63037286)

It turns out this wasn't the real problem, the real problem
is that on an LVS/VGS command LVM  will attempt to open and read
all potential block devices in /dev to see if they have LVM data
on them.  I initially thought the local filter would keep that
from happening, as it turns out the local filter only limits what's
returned AFTER the actual scan process.  In order to keep the scan
from happening at all, either a global_filter needs to be used or
lvmetad needs to be running and enabled.

There are situations in gate tests where /dev/sdX devices are created and
deleted and the result is that we hit situations where LVM tries
to open up devices to check them even if they've been removed.  The
result is we have a blocking open call from LVM that takes approx
60 seconds to time out and fail.

Ubuntu won't have a version of lvmetad until Vivid, so for now
that just leaves the global_filter as an option.

This patch adds the filter routine to the end of stack.sh.  We don't
want to put the routine in lib/cinder_backend/lvm like we had it because
now we have to set the global filter for all LVM commands on the system.
So we put this as one of the last steps in stack.sh and run it if Cinder
is enabled.  This way we can query PV's on the system regardless of what
other services may be running and using LVM and make sure that all of
their devices are added to the filter as well.

Also, make sure we only set this for Ubuntu as Fedora/RHEL variants
utilize lvmetad.

This patch also removes the old change that set the local filter.

DocImpact
Should add this to recommended config for Cinder on systems
that don't have lvmetad, and recommend lvmetad for those that do.

Change-Id: I5d5c48e188cbb9b4208096736807f082bce524e8
Closes-Bug: #1373513
---
 lib/cinder              | 17 -----------------
 lib/cinder_backends/lvm | 31 -------------------------------
 lib/lvm                 | 25 +++++++++++++++++++++++++
 stack.sh                |  9 +++++++++
 4 files changed, 34 insertions(+), 48 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 880af1fd40..958c7f05ac 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -372,15 +372,9 @@ function init_cinder {
 
     if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
         local be be_name be_type
-        local has_lvm=0
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
             be_type=${be%%:*}
             be_name=${be##*:}
-
-            if [[ $be_type == 'lvm' ]]; then
-                has_lvm=1
-            fi
-
             if type init_cinder_backend_${be_type} >/dev/null 2>&1; then
                 # Always init the default volume group for lvm.
                 if [[ "$be_type" == "lvm" ]]; then
@@ -391,17 +385,6 @@ function init_cinder {
         done
     fi
 
-    # Keep it simple, set a marker if there's an LVM backend
-    # use the created VG's to setup lvm filters
-    if [[ $has_lvm == 1 ]]; then
-        # Order matters here, not only obviously to make
-        # sure the VG's are created, but also some distros
-        # do some customizations to lvm.conf on init, we
-        # want to make sure we copy those over
-        sudo cp /etc/lvm/lvm.conf /etc/cinder/lvm.conf
-        configure_cinder_backend_conf_lvm
-    fi
-
     mkdir -p $CINDER_STATE_PATH/volumes
     create_cinder_cache_dir
 }
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 52fc6fbf63..f210578339 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -19,7 +19,6 @@
 # clean_cinder_backend_lvm - called from clean_cinder()
 # configure_cinder_backend_lvm - called from configure_cinder()
 # init_cinder_backend_lvm - called from init_cinder()
-# configure_cinder_backend_conf_lvm - called from configure_cinder()
 
 
 # Save trace setting
@@ -66,36 +65,6 @@ function init_cinder_backend_lvm {
     init_lvm_volume_group $VOLUME_GROUP_NAME-$be_name $VOLUME_BACKING_FILE_SIZE
 }
 
-# configure_cinder_backend_conf_lvm - Sets device filter in /etc/cinder/lvm.conf
-# init_cinder_backend_lvm
-function configure_cinder_backend_conf_lvm {
-    local filter_suffix='"r/.*/" ]'
-    local filter_string="filter = [ "
-    local conf_entries=$(grep volume_group /etc/cinder/cinder.conf | sed "s/ //g")
-    local pv
-    local vg
-    local line
-
-    for pv_info in $(sudo pvs --noheadings -o name,vg_name --separator ';'); do
-        echo_summary "Evaluate PV info for Cinder lvm.conf: $pv_info"
-        IFS=';' read pv vg <<< "$pv_info"
-        for line in ${conf_entries}; do
-            IFS='=' read label group <<< "$line"
-            group=$(echo $group|sed "s/^ *//g")
-            if [[ "$vg" == "$group" ]]; then
-                new="\"a$pv/\", "
-                filter_string=$filter_string$new
-            fi
-        done
-    done
-    filter_string=$filter_string$filter_suffix
-
-    # FIXME(jdg): Possible odd case that the lvm.conf file has been modified
-    # and doesn't have a filter entry to search/replace.  For devstack don't
-    # know that we care, but could consider adding a check and add
-    sudo sed -i "s#^[ \t]*filter.*#    $filter_string#g" /etc/cinder/lvm.conf
-    echo "set LVM filter_strings: $filter_string"
-}
 # Restore xtrace
 $MY_XTRACE
 
diff --git a/lib/lvm b/lib/lvm
index 39eed00675..d0322c76b3 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -138,6 +138,31 @@ function init_default_lvm_volume_group {
     fi
 }
 
+# set_lvm_filter() Gather all devices configured for LVM and
+# use them to build a global device filter
+# set_lvm_filter() Create a device filter
+# and add to /etc/lvm.conf.  Note this uses
+# all current PV's in use by LVM on the
+# system to build it's filter.
+#
+# Usage: set_lvm_filter()
+function set_lvm_filter {
+    local filter_suffix='"r|.*|" ]'
+    local filter_string="global_filter = [ "
+    local pv
+    local vg
+    local line
+
+    for pv_info in $(sudo pvs --noheadings -o name); do
+        pv=$(echo -e "${pv_info}" | sed 's/ //g' | sed 's/\/dev\///g')
+        new="\"a|$pv|\", "
+        filter_string=$filter_string$new
+    done
+    filter_string=$filter_string$filter_suffix
+
+    sudo sed -i "/# global_filter = \[*\]/a\    $global_filter$filter_string" /etc/lvm/lvm.conf
+    echo_summary "set lvm.conf device global_filter to: $filter_string"
+}
 
 # Restore xtrace
 $MY_XTRACE
diff --git a/stack.sh b/stack.sh
index eac7eec724..ee1b985eab 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1316,6 +1316,15 @@ service_check
 # Prepare bash completion for OSC
 openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
 
+# If cinder is configured, set global_filter for PV devices
+if is_service_enabled cinder; then
+    if is_ubuntu; then
+        echo_summary "Configuring lvm.conf global device filter"
+        set_lvm_filter
+    else
+        echo_summary "Skip setting lvm filters for non Ubuntu systems"
+    fi
+fi
 
 # Fin
 # ===

From 16819951038c464d330233d0d3df4173420f14ae Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Wed, 18 Mar 2015 13:45:40 +1300
Subject: [PATCH 0510/3421] Install missing heat agent projects

This change adds the dib-utils repo, and adds git_clone calls for the
required os-*-config projects.

Change-Id: I2641feb0c462d2940f2698515ff62a2ff06c0e70
---
 lib/heat | 7 ++++++-
 stackrc  | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/heat b/lib/heat
index cef70692c7..b8a434bdb7 100644
--- a/lib/heat
+++ b/lib/heat
@@ -36,6 +36,7 @@ HEAT_DIR=$DEST/heat
 HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
 HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
 OCC_DIR=$DEST/os-collect-config
+DIB_UTILS_DIR=$DEST/dib-utils
 ORC_DIR=$DEST/os-refresh-config
 OAC_DIR=$DEST/os-apply-config
 
@@ -224,6 +225,10 @@ function install_heat {
 function install_heat_other {
     git_clone $HEAT_CFNTOOLS_REPO $HEAT_CFNTOOLS_DIR $HEAT_CFNTOOLS_BRANCH
     git_clone $HEAT_TEMPLATES_REPO $HEAT_TEMPLATES_REPO_DIR $HEAT_TEMPLATES_BRANCH
+    git_clone $OAC_REPO $OAC_DIR $OAC_BRANCH
+    git_clone $OCC_REPO $OCC_DIR $OCC_BRANCH
+    git_clone $ORC_REPO $ORC_DIR $ORC_BRANCH
+    git_clone $DIB_UTILS_REPO $DIB_UTILS_DIR $DIB_UTILS_BRANCH
 }
 
 # start_heat() - Start running processes, including screen
@@ -304,7 +309,7 @@ function create_heat_accounts {
 
 # build_heat_pip_mirror() - Build a pip mirror containing heat agent projects
 function build_heat_pip_mirror {
-    local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
+    local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR $DIB_UTILS_DIR"
     local projpath proj package
 
     rm -rf $HEAT_PIP_REPO
diff --git a/stackrc b/stackrc
index 02b12a36a0..f8d9c43c38 100644
--- a/stackrc
+++ b/stackrc
@@ -427,6 +427,10 @@ GITBRANCH["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_BRANCH:-master}
 #
 ##################
 
+# run-parts script required by os-refresh-config
+DIB_UTILS_REPO=${DIB_UTILS_REPO:-${GIT_BASE}/openstack/dib-utils.git}
+DIB_UTILS_BRANCH=${DIB_UTILS_BRANCH:-master}
+
 # os-apply-config configuration template tool
 OAC_REPO=${OAC_REPO:-${GIT_BASE}/openstack/os-apply-config.git}
 OAC_BRANCH=${OAC_BRANCH:-master}

From 886cbb2a86e475a7982df1d98ea8452d0f9873fd Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Wed, 18 Mar 2015 22:03:01 -0400
Subject: [PATCH 0511/3421] Set heat stack role in tempest config to _member_

In kilo heat started to use keystone delegations to perform the needed
operations, as part of this the need to set the explicit role in
devstack for stack management disappeared. However, in tempest as part
of the effort to make credentials configuration more explicit an option
was added to ensure that the users created by tempest have the proper
role set for stack management in the heat tests. This commit sets the
value of this config option in tempest to be the default role _member_
to reflect that there is no separate heat_stack_owner role created
anymore. (which is the tempest default value)

Change-Id: Id98a83f0a716de0fdb5f36d03407364830e8fa5f
---
 lib/tempest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tempest b/lib/tempest
index 9b44f47d57..5f7be3ccb9 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -399,6 +399,7 @@ function configure_tempest {
         fi
         iniset $TEMPEST_CONFIG orchestration instance_type "m1.heat"
         iniset $TEMPEST_CONFIG orchestration build_timeout 900
+        iniset $TEMPEST_CONFIG orchestration stack_owner_role "_member_"
     fi
 
     # Scenario

From 4599fd174c0c10f3a7e51ad6cba5d4c74abac207 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Thu, 12 Mar 2015 21:30:58 -0400
Subject: [PATCH 0512/3421] Add roles when we create groups

We should prime the groups that were created with some roles on
projects. Eventually we can add users directly to the groups
and not have to resort to individual user assignments.

Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af
---
 functions-common | 21 +++++++++++++++++++++
 lib/keystone     | 16 ++++++++++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 4739e42e90..67697671d3 100644
--- a/functions-common
+++ b/functions-common
@@ -728,6 +728,27 @@ function get_or_add_user_project_role {
     echo $user_role_id
 }
 
+# Gets or adds group role to project
+# Usage: get_or_add_group_project_role   
+function get_or_add_group_project_role {
+    # Gets group role id
+    local group_role_id=$(openstack role list \
+        --group $2 \
+        --project $3 \
+        --column "ID" \
+        --column "Name" \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$group_role_id" ]]; then
+        # Adds role to group
+        group_role_id=$(openstack role add \
+            $1 \
+            --group $2 \
+            --project $3 \
+            | grep " id " | get_field 2)
+    fi
+    echo $group_role_id
+}
+
 # Gets or creates service
 # Usage: get_or_create_service   
 function get_or_create_service {
diff --git a/lib/keystone b/lib/keystone
index c9433d98fe..acc8c2c9d0 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -362,6 +362,12 @@ function configure_keystone_extensions {
 # demo                 demo       Member, anotherrole
 # invisible_to_admin   demo       Member
 
+# Group                Users      Roles                 Tenant
+# ------------------------------------------------------------------
+# admins               admin      admin                 admin
+# nonadmin             demo       Member, anotherrole   demo
+
+
 # Migrated from keystone_data.sh
 function create_keystone_accounts {
 
@@ -403,8 +409,14 @@ function create_keystone_accounts {
     get_or_add_user_project_role $another_role $demo_user $demo_tenant
     get_or_add_user_project_role $member_role $demo_user $invis_tenant
 
-    get_or_create_group "developers" "default" "openstack developers"
-    get_or_create_group "testers" "default"
+    local admin_group=$(get_or_create_group "admins" \
+        "default" "openstack admin group")
+    local non_admin_group=$(get_or_create_group "nonadmins" \
+        "default" "non-admin group")
+
+    get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $admin_role $admin_group $admin_tenant
 
     # Keystone
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then

From f26deea6b1d7a91da44979d8c7feaf1ff8970b25 Mon Sep 17 00:00:00 2001
From: yuntongjin 
Date: Sat, 28 Feb 2015 10:50:34 +0800
Subject: [PATCH 0513/3421] create install_default_policy

Recent versions of oslo policy allow the use of a policy.d to break up
policy in a more user understandable way. Nova is going to use this in
Kilo to break out v2 and v2.1 API policy definitions.

This provides a unified helper for installing sample policies. It
makes some assumptions on project directory structure. Porting other
projects to use this can happen in the future.

Change-Id: Iec23b095176332414faf76a9c329f8bb5f3aa6c3
---
 functions-common | 22 ++++++++++++++++++++++
 lib/nova         |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index df69cbad16..8d7db96606 100644
--- a/functions-common
+++ b/functions-common
@@ -787,6 +787,28 @@ function get_field {
     done
 }
 
+# install default policy
+# copy over a default policy.json and policy.d for projects
+function install_default_policy {
+    local project=$1
+    local project_uc=$(echo $1|tr a-z A-Z)
+    local conf_dir="${project_uc}_CONF_DIR"
+    # eval conf dir to get the variable
+    conf_dir="${!conf_dir}"
+    local project_dir="${project_uc}_DIR"
+    # eval project dir to get the variable
+    project_dir="${!project_dir}"
+    local sample_conf_dir="${project_dir}/etc/${project}"
+    local sample_policy_dir="${project_dir}/etc/${project}/policy.d"
+
+    # first copy any policy.json
+    cp -p $sample_conf_dir/policy.json $conf_dir
+    # then optionally copy over policy.d
+    if [[ -d $sample_policy_dir ]]; then
+        cp -r $sample_policy_dir $conf_dir/policy.d
+    fi
+}
+
 # Add a policy to a policy.json file
 # Do nothing if the policy already exists
 # ``policy_add policy_file policy_name policy_permissions``
diff --git a/lib/nova b/lib/nova
index e9e78c7bc4..fe61e83620 100644
--- a/lib/nova
+++ b/lib/nova
@@ -261,7 +261,7 @@ function configure_nova {
     fi
     sudo chown $STACK_USER $NOVA_CONF_DIR
 
-    cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
+    install_default_policy nova
 
     configure_nova_rootwrap
 

From 9ebd65be32357a0554e4e5525037e7f1803077f8 Mon Sep 17 00:00:00 2001
From: Ivan Kolodyazhny 
Date: Sun, 8 Mar 2015 23:51:55 +0200
Subject: [PATCH 0514/3421] Increase Swift disk size up to 2GB if Glance is
 enabled

Minimum Cinder volume size is 1GB so if Swift backend for Glance is only
1GB we can not upload volume to image.

Change-Id: Ifd4cb42bf96367ff3ada0c065fa258fa5ba635d9
---
 lib/swift | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/lib/swift b/lib/swift
index 8a96615d01..5005ba0e10 100644
--- a/lib/swift
+++ b/lib/swift
@@ -64,11 +64,19 @@ if is_service_enabled s-proxy && is_service_enabled swift3; then
     S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
 fi
 
-# DevStack will create a loop-back disk formatted as XFS to store the
-# swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in
-# kilobytes.
-# Default is 1 gigabyte.
-SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=1G
+if is_service_enabled g-api; then
+    # Minimum Cinder volume size is 1G so if Swift backend for Glance is
+    # only 1G we can not upload volume to image.
+    # Increase Swift disk size up to 2G
+    SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=2G
+else
+    # DevStack will create a loop-back disk formatted as XFS to store the
+    # swift data. Set ``SWIFT_LOOPBACK_DISK_SIZE`` to the disk size in
+    # kilobytes.
+    # Default is 1 gigabyte.
+    SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=1G
+fi
+
 # if tempest enabled the default size is 6 Gigabyte.
 if is_service_enabled tempest; then
     SWIFT_LOOPBACK_DISK_SIZE_DEFAULT=${SWIFT_LOOPBACK_DISK_SIZE:-6G}

From 6f3f310848d1134ff73dd23e246ad00f7cd13365 Mon Sep 17 00:00:00 2001
From: Ryan Hsu 
Date: Thu, 19 Mar 2015 16:26:45 -0700
Subject: [PATCH 0515/3421] Fix packages not getting installed if service name
 in base path

Currently, if devstack base path includes the name of a given
service (e.g. nova), then the service's prereq packages will
not be installed. This fix changes the checking the match
against the full path of the package list file rather than the
name of a given service.

Closes-Bug: #1434314
Change-Id: Ie81352ebd5691afc6d0019f71d5b62370e8bb95f
---
 functions-common | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/functions-common b/functions-common
index 875c2e697d..b191f3a2b9 100644
--- a/functions-common
+++ b/functions-common
@@ -918,42 +918,42 @@ function get_packages {
         # NOTE(sdague) n-api needs glance for now because that's where
         # glance client is
         if [[ $service == n-api ]]; then
-            if [[ ! $file_to_parse =~ nova ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/nova ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/nova"
             fi
-            if [[ ! $file_to_parse =~ glance ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/glance ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/glance"
             fi
         elif [[ $service == c-* ]]; then
-            if [[ ! $file_to_parse =~ cinder ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/cinder ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/cinder"
             fi
         elif [[ $service == ceilometer-* ]]; then
-            if [[ ! $file_to_parse =~ ceilometer ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/ceilometer ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/ceilometer"
             fi
         elif [[ $service == s-* ]]; then
-            if [[ ! $file_to_parse =~ swift ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/swift ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/swift"
             fi
         elif [[ $service == n-* ]]; then
-            if [[ ! $file_to_parse =~ nova ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/nova ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/nova"
             fi
         elif [[ $service == g-* ]]; then
-            if [[ ! $file_to_parse =~ glance ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/glance ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/glance"
             fi
         elif [[ $service == key* ]]; then
-            if [[ ! $file_to_parse =~ keystone ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/keystone ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/keystone"
             fi
         elif [[ $service == q-* ]]; then
-            if [[ ! $file_to_parse =~ neutron ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/neutron ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/neutron"
             fi
         elif [[ $service == ir-* ]]; then
-            if [[ ! $file_to_parse =~ ironic ]]; then
+            if [[ ! $file_to_parse =~ $package_dir/ironic ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/ironic"
             fi
         fi

From 6f6e2fd2cc9517b09b98fc45912d21c8574a4f94 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 20 Mar 2015 12:16:28 +1100
Subject: [PATCH 0516/3421] Move contributing into HACKING

contributing.rst doesn't add very much over the extant HACKING.rst, so
move some of the unique bits into HACKING.rst and then link that into
the documentation.

Change-Id: I0530f38eda92f8dd374c0ec224556ace6e679f54
---
 HACKING.rst                 | 54 ++++++++++++++++++---
 doc/source/contributing.rst | 94 -------------------------------------
 doc/source/hacking.rst      |  1 +
 doc/source/index.rst        |  4 +-
 4 files changed, 51 insertions(+), 102 deletions(-)
 delete mode 100644 doc/source/contributing.rst
 create mode 100644 doc/source/hacking.rst

diff --git a/HACKING.rst b/HACKING.rst
index b3c82a37a8..4971db250b 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -25,23 +25,63 @@ __ contribute_
 __ lp_
 .. _lp: https://launchpad.net/~devstack
 
+The `Gerrit review
+queue `__
+is used for all commits.
+
 The primary script in DevStack is ``stack.sh``, which performs the bulk of the
 work for DevStack's use cases.  There is a subscript ``functions`` that contains
 generally useful shell functions and is used by a number of the scripts in
 DevStack.
 
-The ``lib`` directory contains sub-scripts for projects or packages that ``stack.sh``
-sources to perform much of the work related to those projects.  These sub-scripts
-contain configuration defaults and functions to configure, start and stop the project
-or package.  These variables and functions are also used by related projects,
-such as Grenade, to manage a DevStack installation.
-
 A number of additional scripts can be found in the ``tools`` directory that may
 be useful in supporting DevStack installations.  Of particular note are ``info.sh``
 to collect and report information about the installed system, and ``install_prereqs.sh``
 that handles installation of the prerequisite packages for DevStack.  It is
 suitable, for example, to pre-load a system for making a snapshot.
 
+Repo Layout
+-----------
+
+The DevStack repo generally keeps all of the primary scripts at the root
+level.
+
+``doc`` - Contains the Sphinx source for the documentation.
+``tools/build_docs.sh`` is used to generate the HTML versions of the
+DevStack scripts.  A complete doc build can be run with ``tox -edocs``.
+
+``exercises`` - Contains the test scripts used to sanity-check and
+demonstrate some OpenStack functions. These scripts know how to exit
+early or skip services that are not enabled.
+
+``extras.d`` - Contains the dispatch scripts called by the hooks in
+``stack.sh``, ``unstack.sh`` and ``clean.sh``. See :doc:`the plugins
+docs ` for more information.
+
+``files`` - Contains a variety of otherwise lost files used in
+configuring and operating DevStack. This includes templates for
+configuration files and the system dependency information. This is also
+where image files are downloaded and expanded if necessary.
+
+``lib`` - Contains the sub-scripts specific to each project. This is
+where the work of managing a project's services is located. Each
+top-level project (Keystone, Nova, etc) has a file here. Additionally
+there are some for system services and project plugins.  These
+variables and functions are also used by related projects, such as
+Grenade, to manage a DevStack installation.
+
+``samples`` - Contains a sample of the local files not included in the
+DevStack repo.
+
+``tests`` - the DevStack test suite is rather sparse, mostly consisting
+of test of specific fragile functions in the ``functions`` and
+``functions-common`` files.
+
+``tools`` - Contains a collection of stand-alone scripts. While these
+may reference the top-level DevStack configuration they can generally be
+run alone. There are also some sub-directories to support specific
+environments such as XenServer.
+
 
 Scripts
 -------
@@ -249,6 +289,7 @@ Whitespace Rules
 
 Control Structure Rules
 -----------------------
+
 - then should be on the same line as the if
 - do should be on the same line as the for
 
@@ -270,6 +311,7 @@ Example::
 
 Variables and Functions
 -----------------------
+
 - functions should be used whenever possible for clarity
 - functions should use ``local`` variables as much as possible to
   ensure they are isolated from the rest of the environment
diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst
deleted file mode 100644
index 50c0100578..0000000000
--- a/doc/source/contributing.rst
+++ /dev/null
@@ -1,94 +0,0 @@
-============
-Contributing
-============
-
-DevStack uses the standard OpenStack contribution process as outlined in
-`the OpenStack developer
-guide `__. This
-means that you will need to meet the requirements of the Contribututors
-License Agreement (CLA). If you have already done that for another
-OpenStack project you are good to go.
-
-Things To Know
-==============
-
-|
-| **Where Things Are**
-
-The official DevStack repository is located at
-``git://git.openstack.org/openstack-dev/devstack.git``, replicated from
-the repo maintained by Gerrit. GitHub also has a mirror at
-``git://github.com/openstack-dev/devstack.git``.
-
-The `blueprint `__ and `bug
-trackers `__ are on Launchpad. It
-should be noted that DevStack generally does not use these as strongly
-as other projects, but we're trying to change that.
-
-The `Gerrit review
-queue `__
-is, however, used for all commits except for the text of this website.
-That should also change in the near future.
-
-|
-| **HACKING.rst**
-
-Like most OpenStack projects, DevStack includes a ``HACKING.rst`` file
-that describes the layout, style and conventions of the project. Because
-``HACKING.rst`` is in the main DevStack repo it is considered
-authoritative. Much of the content on this page is taken from there.
-
-|
-| **bashate Formatting**
-
-Around the time of the OpenStack Havana release we added a tool to do
-style checking in DevStack similar to what pep8/flake8 do for Python
-projects. It is still \_very\_ simplistic, focusing mostly on stray
-whitespace to help prevent -1 on reviews that are otherwise acceptable.
-Oddly enough it is called ``bashate``. It will be expanded to enforce
-some of the documentation rules in comments that are used in formatting
-the script pages for devstack.org and possibly even simple code
-formatting. Run it on the entire project with ``./run_tests.sh``.
-
-Code
-====
-
-|
-| **Repo Layout**
-
-The DevStack repo generally keeps all of the primary scripts at the root
-level.
-
-``doc`` - Contains the Sphinx source for the documentation.
-``tools/build_docs.sh`` is used to generate the HTML versions of the
-DevStack scripts.  A complete doc build can be run with ``tox -edocs``.
-
-``exercises`` - Contains the test scripts used to sanity-check and
-demonstrate some OpenStack functions. These scripts know how to exit
-early or skip services that are not enabled.
-
-``extras.d`` - Contains the dispatch scripts called by the hooks in
-``stack.sh``, ``unstack.sh`` and ``clean.sh``. See :doc:`the plugins
-docs ` for more information.
-
-``files`` - Contains a variety of otherwise lost files used in
-configuring and operating DevStack. This includes templates for
-configuration files and the system dependency information. This is also
-where image files are downloaded and expanded if necessary.
-
-``lib`` - Contains the sub-scripts specific to each project. This is
-where the work of managing a project's services is located. Each
-top-level project (Keystone, Nova, etc) has a file here. Additionally
-there are some for system services and project plugins.
-
-``samples`` - Contains a sample of the local files not included in the
-DevStack repo.
-
-``tests`` - the DevStack test suite is rather sparse, mostly consisting
-of test of specific fragile functions in the ``functions`` and
-``functions-common`` files.
-
-``tools`` - Contains a collection of stand-alone scripts. While these
-may reference the top-level DevStack configuration they can generally be
-run alone. There are also some sub-directories to support specific
-environments such as XenServer.
diff --git a/doc/source/hacking.rst b/doc/source/hacking.rst
new file mode 100644
index 0000000000..a2bcf4fd67
--- /dev/null
+++ b/doc/source/hacking.rst
@@ -0,0 +1 @@
+.. include:: ../../HACKING.rst
diff --git a/doc/source/index.rst b/doc/source/index.rst
index bac593de03..0ffb15c2a8 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -12,7 +12,7 @@ DevStack - an OpenStack Community Production
    plugins
    faq
    changes
-   contributing
+   hacking
 
 Quick Start
 -----------
@@ -139,7 +139,7 @@ FAQ
 Contributing
 ------------
 
-:doc:`Pitching in to make DevStack a better place `
+:doc:`Pitching in to make DevStack a better place `
 
 Code
 ====

From 5686dbc45dbdc552080592e31bed63b0f201717e Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Mon, 9 Mar 2015 14:27:51 -0500
Subject: [PATCH 0517/3421] Add global venv enable/disable knob

Adds USE_VENV to globally enable/disable use of virtual environments.

ADDITIONAL_VENV_PACKAGES is used to manually add packages that do not
appear in requirements.txt or test-requirements.txt to be installed
into each venv.  Database Python bindings are handled this way when
a dataabse service is enabled.

Change-Id: I9cf298b936fd10c95e2ce5f51aab0d49d4b7f37f
---
 doc/source/configuration.rst | 24 ++++++++++++++++++++++++
 doc/source/index.rst         |  2 ++
 lib/database                 |  5 +++++
 lib/databases/mysql          |  3 +++
 lib/databases/postgresql     |  3 +++
 lib/stack                    | 10 +++++++---
 stack.sh                     |  1 +
 stackrc                      | 10 ++++++++++
 8 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 7d06658ee2..05a21cde5c 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -170,6 +170,30 @@ Libraries from Git
 
       LIBS_FROM_GIT=python-keystoneclient,oslo.config
 
+Virtual Environments
+--------------------
+
+  | *Default: ``USE_VENV=False``*
+  |   Enable the use of Python virtual environments by setting ``USE_VENV``
+      to ``True``.  This will enable the creation of venvs for each project
+      that is defined in the ``PROJECT_VENV`` array.
+
+  | *Default: ``PROJECT_VENV['']='.venv'*
+  |   Each entry in the ``PROJECT_VENV`` array contains the directory name
+      of a venv to be used for the project.  The array index is the project
+      name.  Multiple projects can use the same venv if desired.
+
+  ::
+
+    PROJECT_VENV["glance"]=${GLANCE_DIR}.venv
+
+  | *Default: ``ADDITIONAL_VENV_PACKAGES=""``*
+  |   A comma-separated list of additional packages to be installed into each
+      venv.  Often projects will not have certain packages listed in its
+      ``requirements.txt`` file because they are 'optional' requirements,
+      i.e. only needed for certain configurations.  By default, the enabled
+      databases will have their Python bindings added when they are enabled.
+
 Enable Logging
 --------------
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index bac593de03..d98e573dcc 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -210,6 +210,8 @@ Tools
 -----
 
 * `tools/build\_docs.sh `__
+* `tools/build\_venv.sh `__
+* `tools/build\_wheels.sh `__
 * `tools/create-stack-user.sh `__
 * `tools/create\_userrc.sh `__
 * `tools/fixup\_stuff.sh `__
diff --git a/lib/database b/lib/database
index b114e9e4f6..ff1fafee26 100644
--- a/lib/database
+++ b/lib/database
@@ -109,6 +109,11 @@ function install_database {
     install_database_$DATABASE_TYPE
 }
 
+# Install the database Python packages
+function install_database_python {
+    install_database_python_$DATABASE_TYPE
+}
+
 # Configure and start the database
 function configure_database {
     configure_database_$DATABASE_TYPE
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 70073c4c6f..d548db103e 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -151,9 +151,12 @@ EOF
     else
         exit_distro_not_supported "mysql installation"
     fi
+}
 
+function install_database_python_mysql {
     # Install Python client module
     pip_install MySQL-python
+    ADDITIONAL_VENV_PACKAGES+=",MySQL-python"
 }
 
 function database_connection_url_mysql {
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index e891a08754..a6bcf8c0a2 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -100,9 +100,12 @@ EOF
     else
         exit_distro_not_supported "postgresql installation"
     fi
+}
 
+function install_database_python_postgresql {
     # Install Python client module
     pip_install psycopg2
+    ADDITIONAL_VENV_PACKAGES+=",psycopg2"
 }
 
 function database_connection_url_postgresql {
diff --git a/lib/stack b/lib/stack
index 9a509d8318..11dd87ca28 100644
--- a/lib/stack
+++ b/lib/stack
@@ -16,13 +16,17 @@
 function stack_install_service {
     local service=$1
     if type install_${service} >/dev/null 2>&1; then
-        if [[ -n ${PROJECT_VENV[$service]:-} ]]; then
+        if [[ ${USE_VENV} = True && -n ${PROJECT_VENV[$service]:-} ]]; then
             rm -rf ${PROJECT_VENV[$service]}
-            source $TOP_DIR/tools/build_venv.sh ${PROJECT_VENV[$service]}
+            source $TOP_DIR/tools/build_venv.sh ${PROJECT_VENV[$service]} ${ADDITIONAL_VENV_PACKAGES//,/ }
             export PIP_VIRTUAL_ENV=${PROJECT_VENV[$service]:-}
+
+            # Install other OpenStack prereqs that might come from source repos
+            install_oslo
+            install_keystonemiddleware
         fi
         install_${service}
-        if [[ -n ${PROJECT_VENV[$service]:-} ]]; then
+        if [[ ${USE_VENV} = True && -n ${PROJECT_VENV[$service]:-} ]]; then
             unset PIP_VIRTUAL_ENV
         fi
     fi
diff --git a/stack.sh b/stack.sh
index d83952accc..9d4a2061ef 100755
--- a/stack.sh
+++ b/stack.sh
@@ -702,6 +702,7 @@ install_rpc_backend
 
 if is_service_enabled $DATABASE_BACKENDS; then
     install_database
+    install_database_python
 fi
 
 if is_service_enabled neutron; then
diff --git a/stackrc b/stackrc
index 02b12a36a0..3c4593a27f 100644
--- a/stackrc
+++ b/stackrc
@@ -104,6 +104,16 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then
     source $RC_DIR/.localrc.auto
 fi
 
+# Enable use of Python virtual environments.  Individual project use of
+# venvs are controlled by the PROJECT_VENV array; every project with
+# an entry in the array will be installed into the named venv.
+# By default this will put each project into its own venv.
+USE_VENV=$(trueorfalse False USE_VENV)
+
+# Add packages that need to be installed into a venv but are not in any
+# requirmenets files here, in a comma-separated list
+ADDITIONAL_VENV_PACKAGES=${ADITIONAL_VENV_PACKAGES:-""}
+
 # Configure wheel cache location
 export WHEELHOUSE=${WHEELHOUSE:-$DEST/.wheelhouse}
 export PIP_WHEEL_DIR=${PIP_WHEEL_DIR:-$WHEELHOUSE}

From 7448edb031028af2e26e17bce6373d8f8929570d Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Wed, 11 Mar 2015 20:06:26 -0500
Subject: [PATCH 0518/3421] Keystone use new section for eventlet server
 options

Configuration options that are only relevant when running keystone
under eventlet (rather than Apache httpd) were moved to the
[eventlet_server] and [eventlet_server_ssl] groups in the
keystone.conf file to avoid confusion. This change updates devstack
to use the new non-deprecated group for these options.

Change-Id: I651a278d09f6a3a32b2e96fac87f1e5ea0f18c39
---
 lib/keystone | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index b7acb37931..97307b169b 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -227,21 +227,21 @@ function configure_keystone {
     # Set the URL advertised in the ``versions`` structure returned by the '/' route
     iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/"
     iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/"
-    iniset $KEYSTONE_CONF DEFAULT admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
+    iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
 
     # Register SSL certificates if provided
     if is_ssl_enabled_service key; then
         ensure_certificates KEYSTONE
 
-        iniset $KEYSTONE_CONF ssl enable True
-        iniset $KEYSTONE_CONF ssl certfile $KEYSTONE_SSL_CERT
-        iniset $KEYSTONE_CONF ssl keyfile $KEYSTONE_SSL_KEY
+        iniset $KEYSTONE_CONF eventlet_server_ssl enable True
+        iniset $KEYSTONE_CONF eventlet_server_ssl certfile $KEYSTONE_SSL_CERT
+        iniset $KEYSTONE_CONF eventlet_server_ssl keyfile $KEYSTONE_SSL_KEY
     fi
 
     if is_service_enabled tls-proxy; then
         # Set the service ports for a proxy to take the originals
-        iniset $KEYSTONE_CONF DEFAULT public_port $KEYSTONE_SERVICE_PORT_INT
-        iniset $KEYSTONE_CONF DEFAULT admin_port $KEYSTONE_AUTH_PORT_INT
+        iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
+        iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
     fi
 
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
@@ -317,7 +317,7 @@ function configure_keystone {
 
     iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
 
-    iniset $KEYSTONE_CONF DEFAULT admin_workers "$API_WORKERS"
+    iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
     # Public workers will use the server default, typically number of CPU.
 }
 

From f8ae647f2eabfd06c1006a1c3c92a3ef78578cfa Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Tue, 17 Feb 2015 11:05:06 -0600
Subject: [PATCH 0519/3421] Install Keystone into its own venv

Configure Apache to use the Keystone venv.

Change-Id: I86f1bfdfd800f5b818bfb5c4d2750ff732049107
---
 files/apache-keystone.template |  4 ++--
 lib/keystone                   | 30 ++++++++++++++++++++++++------
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 504dc01d21..1d20af7f90 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -2,7 +2,7 @@ Listen %PUBLICPORT%
 Listen %ADMINPORT%
 
 
-    WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP}
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup keystone-public
     WSGIScriptAlias / %PUBLICWSGI%
     WSGIApplicationGroup %{GLOBAL}
@@ -18,7 +18,7 @@ Listen %ADMINPORT%
 
 
 
-    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP}
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup keystone-admin
     WSGIScriptAlias / %ADMINWSGI%
     WSGIApplicationGroup %{GLOBAL}
diff --git a/lib/keystone b/lib/keystone
index b7acb37931..0f9b512eb7 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -37,8 +37,16 @@ set +o xtrace
 # Set up default directories
 GITDIR["python-keystoneclient"]=$DEST/python-keystoneclient
 GITDIR["keystonemiddleware"]=$DEST/keystonemiddleware
-
 KEYSTONE_DIR=$DEST/keystone
+
+# Keystone virtual environment
+if [[ ${USE_VENV} = True ]]; then
+    PROJECT_VENV["keystone"]=${KEYSTONE_DIR}.venv
+    KEYSTONE_BIN_DIR=${PROJECT_VENV["keystone"]}/bin
+else
+    KEYSTONE_BIN_DIR=$(get_python_exec_prefix)
+fi
+
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
@@ -144,6 +152,7 @@ function _config_keystone_apache_wsgi {
     local keystone_keyfile=""
     local keystone_service_port=$KEYSTONE_SERVICE_PORT
     local keystone_auth_port=$KEYSTONE_AUTH_PORT
+    local venv_path=""
 
     if is_ssl_enabled_service key; then
         keystone_ssl="SSLEngine On"
@@ -154,6 +163,9 @@ function _config_keystone_apache_wsgi {
         keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
         keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
     fi
+    if [[ ${USE_VENV} = True ]]; then
+        venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/python2.7/site-packages"
+    fi
 
     # copy proxy vhost and wsgi file
     sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
@@ -169,7 +181,8 @@ function _config_keystone_apache_wsgi {
         s|%SSLENGINE%|$keystone_ssl|g;
         s|%SSLCERTFILE%|$keystone_certfile|g;
         s|%SSLKEYFILE%|$keystone_keyfile|g;
-        s|%USER%|$STACK_USER|g
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
     " -i $keystone_apache_conf
 }
 
@@ -460,20 +473,20 @@ function init_keystone {
     recreate_database keystone
 
     # Initialize keystone database
-    $KEYSTONE_DIR/bin/keystone-manage db_sync
+    $KEYSTONE_BIN_DIR/keystone-manage db_sync
 
     local extension_value
     for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do
         if [[ -z "${extension_value}" ]]; then
             continue
         fi
-        $KEYSTONE_DIR/bin/keystone-manage db_sync --extension "${extension_value}"
+        $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
     done
 
     if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
         # Set up certificates
         rm -rf $KEYSTONE_CONF_DIR/ssl
-        $KEYSTONE_DIR/bin/keystone-manage pki_setup
+        $KEYSTONE_BIN_DIR/keystone-manage pki_setup
 
         # Create cache dir
         sudo install -d -o $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
@@ -492,9 +505,14 @@ function install_keystoneclient {
 
 # install_keystonemiddleware() - Collect source and prepare
 function install_keystonemiddleware {
+    # install_keystonemiddleware() is called when keystonemiddleware is needed
+    # to provide an opportunity to install it from the source repo
     if use_library_from_git "keystonemiddleware"; then
         git_clone_by_name "keystonemiddleware"
         setup_dev_lib "keystonemiddleware"
+    else
+        # When not installing from repo, keystonemiddleware is still needed...
+        pip_install keystonemiddleware
     fi
 }
 
@@ -542,7 +560,7 @@ function start_keystone {
         tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
     else
         # Start Keystone in a screen window
-        run_process key "$KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF"
+        run_process key "$KEYSTONE_BIN_DIR/keystone-all --config-file $KEYSTONE_CONF"
     fi
 
     echo "Waiting for keystone to start..."

From aed607920542ee27f87f8e5cdb659faf1bde00eb Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Tue, 17 Feb 2015 15:38:16 -0600
Subject: [PATCH 0520/3421] Install Glance into its own venv

Change-Id: Ib46b89dafa1fc81a2d0717150203b848b87ea323
---
 lib/glance | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/glance b/lib/glance
index d16b3456a3..00f07540e8 100755
--- a/lib/glance
+++ b/lib/glance
@@ -31,8 +31,16 @@ set +o xtrace
 # Set up default directories
 GITDIR["python-glanceclient"]=$DEST/python-glanceclient
 GITDIR["glance_store"]=$DEST/glance_store
-
 GLANCE_DIR=$DEST/glance
+
+# Glance virtual environment
+if [[ ${USE_VENV} = True ]]; then
+    PROJECT_VENV["glance"]=${GLANCE_DIR}.venv
+    GLANCE_BIN_DIR=${PROJECT_VENV["glance"]}/bin
+else
+    GLANCE_BIN_DIR=$(get_python_exec_prefix)
+fi
+
 GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
 GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
 GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
@@ -47,13 +55,6 @@ GLANCE_CACHE_CONF=$GLANCE_CONF_DIR/glance-cache.conf
 GLANCE_POLICY_JSON=$GLANCE_CONF_DIR/policy.json
 GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
 
-# Support entry points installation of console scripts
-if [[ -d $GLANCE_DIR/bin ]]; then
-    GLANCE_BIN_DIR=$GLANCE_DIR/bin
-else
-    GLANCE_BIN_DIR=$(get_python_exec_prefix)
-fi
-
 if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then
     GLANCE_SERVICE_PROTOCOL="https"
 fi

From 6aaad5f7239c8e199fde0d1e5fca14f0a77164f2 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 18 Feb 2015 07:09:04 -0600
Subject: [PATCH 0521/3421] Install Cinder into its own venv

rootwrap is horribly called indirectly via PATH.  The choice, other than fixing
such nonsense, is to force the path in sudo.

Change-Id: Idac07455359b347e1c617736a515c2261b56d871
---
 lib/cinder | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 3c3fff3087..be4ef75208 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -39,8 +39,16 @@ fi
 
 # set up default directories
 GITDIR["python-cinderclient"]=$DEST/python-cinderclient
-
 CINDER_DIR=$DEST/cinder
+
+# Cinder virtual environment
+if [[ ${USE_VENV} = True ]]; then
+    PROJECT_VENV["cinder"]=${CINDER_DIR}.venv
+    CINDER_BIN_DIR=${PROJECT_VENV["cinder"]}/bin
+else
+    CINDER_BIN_DIR=$(get_python_exec_prefix)
+fi
+
 CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
 CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
 
@@ -57,13 +65,6 @@ CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
 CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
 CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
-# Support entry points installation of console scripts
-if [[ -d $CINDER_DIR/bin ]]; then
-    CINDER_BIN_DIR=$CINDER_DIR/bin
-else
-    CINDER_BIN_DIR=$(get_python_exec_prefix)
-fi
-
 
 # Default backends
 # The backend format is type:name where type is one of the supported backend
@@ -164,12 +165,11 @@ function cleanup_cinder {
     fi
 }
 
+# Deploy new rootwrap filters files and configure sudo
 # configure_cinder_rootwrap() - configure Cinder's rootwrap
 function configure_cinder_rootwrap {
-    # Set the paths of certain binaries
-    local cinder_rootwrap=$(get_rootwrap_location cinder)
+    local cinder_rootwrap=$CINDER_BIN_DIR/cinder-rootwrap
 
-    # Deploy new rootwrap filters files (owned by root).
     # Wipe any existing rootwrap.d files first
     if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then
         sudo rm -rf $CINDER_CONF_DIR/rootwrap.d
@@ -188,10 +188,17 @@ function configure_cinder_rootwrap {
 
     # Set up the rootwrap sudoers for cinder
     local tempfile=`mktemp`
-    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CSUDOER_CMD" >$tempfile
+    echo "Defaults:$STACK_USER secure_path=$CINDER_BIN_DIR:/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >$tempfile
+    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CSUDOER_CMD" >>$tempfile
     chmod 0440 $tempfile
     sudo chown root:root $tempfile
     sudo mv $tempfile /etc/sudoers.d/cinder-rootwrap
+
+    # So rootwrap and PATH are broken beyond belief.  WTF relies on a SECURE operation
+    # to blindly follow PATH???  We learned that was a bad idea in the 80's!
+    # So to fix this in a venv, we must exploit the very hole we want to close by dropping
+    # a copy of the venv rootwrap binary into /usr/local/bin.
+    #sudo cp -p $cinder_rootwrap /usr/local/bin
 }
 
 # configure_cinder() - Set config files, create data dirs, etc

From 2f6576bfaf7f43d9bf820e3e5ecc0b7fd136ce3c Mon Sep 17 00:00:00 2001
From: Geronimo Orozco 
Date: Thu, 19 Mar 2015 12:08:23 -0600
Subject: [PATCH 0522/3421] Creates SWIFT_DATA_DIR if it does not exist

If SWIFT_DATA_DIR is set on local.conf we need to make sure to create
the directory with proper permissions

Change-Id: If29fa53f01b4c0c8a881ec3734383ecffac334ce
Closes-Bug: 1302893
---
 lib/swift | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/swift b/lib/swift
index af19c68a1b..0fd671160e 100644
--- a/lib/swift
+++ b/lib/swift
@@ -302,6 +302,7 @@ function configure_swift {
     local node_number
     local swift_node_config
     local swift_log_dir
+    local user_group
 
     # Make sure to kill all swift processes first
     swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
@@ -505,10 +506,12 @@ EOF
         fi
     fi
 
+    local user_group=$(id -g ${STACK_USER})
+    sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}
+
     local swift_log_dir=${SWIFT_DATA_DIR}/logs
-    rm -rf ${swift_log_dir}
-    mkdir -p ${swift_log_dir}/hourly
-    sudo chown -R ${STACK_USER}:adm ${swift_log_dir}
+    sudo rm -rf ${swift_log_dir}
+    sudo install -d -o ${STACK_USER} -g adm ${swift_log_dir}/hourly
 
     if [[ $SYSLOG != "False" ]]; then
         sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \

From 10ba751a784f92a78933137f5b1baf09a3daf930 Mon Sep 17 00:00:00 2001
From: Mitsuhiro SHIGEMATSU 
Date: Sat, 21 Mar 2015 06:59:05 +0900
Subject: [PATCH 0523/3421] Fix typo in devstack/stack.sh

Change-Id: Ie13f1ae7fb5a46bb654aa3ab526933107c485b0b
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index d83952accc..0e22804db9 100755
--- a/stack.sh
+++ b/stack.sh
@@ -23,7 +23,7 @@
 
 # check if someone has invoked with "sh"
 if [[ "${POSIXLY_CORRECT}" == "y" ]]; then
-    echo "You appear to be running bash in POSIX compatability mode."
+    echo "You appear to be running bash in POSIX compatibility mode."
     echo "devstack uses bash features. \"./stack.sh\" should do the right thing"
     exit 1
 fi

From c7df4df0b18a50313497bfca31af04e5475f780f Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 20 Mar 2015 12:18:52 +1100
Subject: [PATCH 0524/3421] Add some discussion about review criteria

An attempt to layout some of the ratioanle behind devstack reviews.

Change-Id: I9f4878653b5c746159206cd44b49255d9fdd32ef
---
 HACKING.rst | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/HACKING.rst b/HACKING.rst
index 4971db250b..a40af54b45 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -320,3 +320,48 @@ Variables and Functions
 - function names should_have_underscores, NotCamelCase.
 - functions should be declared as per the regex ^function foo {$
   with code starting on the next line
+
+
+Review Criteria
+===============
+
+There are some broad criteria that will be followed when reviewing
+your change
+
+* **Is it passing tests** -- your change will not be reviewed
+  throughly unless the official CI has run successfully against it.
+
+* **Does this belong in DevStack** -- DevStack reviewers have a
+  default position of "no" but are ready to be convinced by your
+  change.
+
+  For very large changes, you should consider :doc:`the plugins system
+  ` to see if your code is better abstracted from the main
+  repository.
+
+  For smaller changes, you should always consider if the change can be
+  encapsulated by per-user settings in ``local.conf``.  A common example
+  is adding a simple config-option to an ``ini`` file.  Specific flags
+  are not usually required for this, although adding documentation
+  about how to achieve a larger goal (which might include turning on
+  various settings, etc) is always welcome.
+
+* **Work-arounds** -- often things get broken and DevStack can be in a
+  position to fix them.  Work-arounds are fine, but should be
+  presented in the context of fixing the root-cause of the problem.
+  This means it is well-commented in the code and the change-log and
+  mostly likely includes links to changes or bugs that fix the
+  underlying problem.
+
+* **Should this be upstream** -- DevStack generally does not override
+  default choices provided by projects and attempts to not
+  unexpectedly modify behaviour.
+
+* **Context in commit messages** -- DevStack touches many different
+  areas and reviewers need context around changes to make good
+  decisions.  We also always want it to be clear to someone -- perhaps
+  even years from now -- why we were motivated to make a change at the
+  time.
+
+* **Reviewers** -- please see ``MAINTAINERS.rst`` for a list of people
+  that should be added to reviews of various sub-systems.

From ec47bc1d720852ca07f1af2143c2a6c1353e9306 Mon Sep 17 00:00:00 2001
From: Wiekus Beukes 
Date: Thu, 19 Mar 2015 08:20:38 -0700
Subject: [PATCH 0525/3421] Add support for Oracle Linux 7 and later.

Most of the changes revolves around using MySQL rather than MariaDB,
plus enabling the addon repos on public-yum.oracle.com.
The patch just touch the areas where there is a divergence between the
Fedora and Oracle distributions and in all other cases the is_fedora
will result in the correct decision to be made and left as is.

Collapsed the is_suse and is_oraclelinux into a single check in
configure_database_mysql and cleanup_database_mysql

Added Oracle Linux to MAINTAINERS.rst

Rather than duplicating most of the Redhat version check code, added
a check in the block to do the determination if it is Oracle Linux

Change-Id: I5f1f15106329eec67aa008b17847fa44863f243f
---
 MAINTAINERS.rst     |  4 ++++
 functions-common    | 19 +++++++++++++++++--
 lib/databases/mysql | 24 ++++++++++++------------
 stack.sh            |  4 ++++
 4 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index a376eb0428..20e8655d69 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -90,3 +90,7 @@ Zaqar (Marconi)
 
 * Flavio Percoco 
 * Malini Kamalambal 
+
+Oracle Linux
+~~~~~~~~~~~~
+* Wiekus Beukes 
diff --git a/functions-common b/functions-common
index 3dae8147b5..d00d4a7c6f 100644
--- a/functions-common
+++ b/functions-common
@@ -246,6 +246,7 @@ function GetOSVersion {
         # CentOS Linux release 6.0 (Final)
         # Fedora release 16 (Verne)
         # XenServer release 6.2.0-70446c (xenenterprise)
+        # Oracle Linux release 7
         os_CODENAME=""
         for r in "Red Hat" CentOS Fedora XenServer; do
             os_VENDOR=$r
@@ -259,6 +260,9 @@ function GetOSVersion {
             fi
             os_VENDOR=""
         done
+        if [ "$os_VENDOR" = "Red Hat" ] && [[ -r /etc/oracle-release ]]; then
+            os_VENDOR=OracleLinux
+        fi
         os_PACKAGE="rpm"
     elif [[ -r /etc/SuSE-release ]]; then
         for r in openSUSE "SUSE Linux"; do
@@ -310,7 +314,7 @@ function GetDistro {
         fi
     elif [[ "$os_VENDOR" =~ (Red Hat) || \
         "$os_VENDOR" =~ (CentOS) || \
-        "$os_VENDOR" =~ (OracleServer) ]]; then
+        "$os_VENDOR" =~ (OracleLinux) ]]; then
         # Drop the . release as we assume it's compatible
         DISTRO="rhel${os_RELEASE::1}"
     elif [[ "$os_VENDOR" =~ (XenServer) ]]; then
@@ -328,6 +332,17 @@ function is_arch {
     [[ "$(uname -m)" == "$1" ]]
 }
 
+# Determine if current distribution is an Oracle distribution
+# is_oraclelinux
+function is_oraclelinux {
+    if [[ -z "$os_VENDOR" ]]; then
+        GetOSVersion
+    fi
+
+    [ "$os_VENDOR" = "OracleLinux" ]
+}
+
+
 # Determine if current distribution is a Fedora-based distribution
 # (Fedora, RHEL, CentOS, etc).
 # is_fedora
@@ -337,7 +352,7 @@ function is_fedora {
     fi
 
     [ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
-        [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleServer" ]
+        [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ]
 }
 
 
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 70073c4c6f..dabd7d05fe 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -16,7 +16,7 @@ register_database mysql
 
 # Linux distros, thank you for being incredibly consistent
 MYSQL=mysql
-if is_fedora; then
+if is_fedora && ! is_oraclelinux; then
     MYSQL=mariadb
 fi
 
@@ -32,12 +32,12 @@ function cleanup_database_mysql {
         sudo rm -rf /var/lib/mysql
         sudo rm -rf /etc/mysql
         return
+    elif is_suse || is_oraclelinux; then
+        uninstall_package mysql-community-server
+        sudo rm -rf /var/lib/mysql
     elif is_fedora; then
         uninstall_package mariadb-server
         sudo rm -rf /var/lib/mysql
-    elif is_suse; then
-        uninstall_package mysql-community-server
-        sudo rm -rf /var/lib/mysql
     else
         return
     fi
@@ -56,12 +56,12 @@ function configure_database_mysql {
     if is_ubuntu; then
         my_conf=/etc/mysql/my.cnf
         mysql=mysql
+    elif is_suse || is_oraclelinux; then
+        my_conf=/etc/my.cnf
+        mysql=mysql
     elif is_fedora; then
         mysql=mariadb
         my_conf=/etc/my.cnf
-    elif is_suse; then
-        my_conf=/etc/my.cnf
-        mysql=mysql
     else
         exit_distro_not_supported "mysql configuration"
     fi
@@ -140,14 +140,14 @@ EOF
         chmod 0600 $HOME/.my.cnf
     fi
     # Install mysql-server
-    if is_fedora; then
-        install_package mariadb-server
-    elif is_ubuntu; then
-        install_package mysql-server
-    elif is_suse; then
+    if is_suse || is_oraclelinux; then
         if ! is_package_installed mariadb; then
             install_package mysql-community-server
         fi
+    elif is_fedora; then
+        install_package mariadb-server
+    elif is_ubuntu; then
+        install_package mysql-server
     else
         exit_distro_not_supported "mysql installation"
     fi
diff --git a/stack.sh b/stack.sh
index d83952accc..a475aab1b0 100755
--- a/stack.sh
+++ b/stack.sh
@@ -278,6 +278,10 @@ EOF
             die $LINENO "Error installing RDO repo, cannot continue"
     fi
 
+    if is_oraclelinux; then
+        sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56
+    fi
+
 fi
 
 

From a519f429cf3cd90f06dd50b95608ec18f81d400c Mon Sep 17 00:00:00 2001
From: Mahito OGURA 
Date: Mon, 23 Mar 2015 15:19:57 +0900
Subject: [PATCH 0526/3421] Fix unstack.sh to stop stop_dstat when it is
 disabled.

unstack.sh always stop dstat process, however unstack.sh show 'dstat: no process
found' when dstat is disabled.
This patch stop function of stop_dstat, when dstat is disabled.

Change-Id: If9054826bed8a7fedd4f77ef4efef2c0ccd7f16e
Closes-Bug: #1435148
---
 unstack.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/unstack.sh b/unstack.sh
index a6aeec5a25..fdd63fbcd0 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -173,7 +173,9 @@ if is_service_enabled trove; then
     cleanup_trove
 fi
 
-stop_dstat
+if is_service_enabled dstat; then
+    stop_dstat
+fi
 
 # Clean up the remainder of the screen processes
 SCREEN=$(which screen)

From d2287cfb9f4dfac71f14f3374514f5b8c2b0c70b Mon Sep 17 00:00:00 2001
From: Gary Kotton 
Date: Sun, 22 Mar 2015 07:20:06 -0700
Subject: [PATCH 0527/3421] Config driver: use "True" instead of "always"

Commit c12a78b35dc910fa97df888960ef2b9a64557254 has set the
"always" flag to be deprecated in liberty. This moves to using
"True" instead.

Change-Id: Idecf7966968369d2f372abffcab85fbf9aa097c7
---
 lib/nova | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 7fbade0713..502bb35f05 100644
--- a/lib/nova
+++ b/lib/nova
@@ -81,7 +81,7 @@ NOVA_ROOTWRAP=$(get_rootwrap_location nova)
 
 # Option to enable/disable config drive
 # NOTE: Set FORCE_CONFIG_DRIVE="False" to turn OFF config drive
-FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"always"}
+FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"True"}
 
 # Nova supports pluggable schedulers.  The default ``FilterScheduler``
 # should work in most cases.

From 435cd4dc6e4e5bbd0201f85524e21d83a7407719 Mon Sep 17 00:00:00 2001
From: Sergey Reshetnyak 
Date: Sun, 1 Mar 2015 12:44:02 +0300
Subject: [PATCH 0528/3421] Add support running sahara in distributed mode

Sahara supports running in distributed mode. Need to add this ability in
devstack.

Changes:
* configure rpc backend for sahara by default
* added sahara-api service for running api side
* added sahara-eng service for running engine side

Change-Id: I4fb9d5746b08c9b1fee0d283bcf448e47a87089b
---
 lib/sahara | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/sahara b/lib/sahara
index a965f55f68..0651b0a633 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -113,12 +113,13 @@ function configure_sahara {
 
     configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR
 
+    iniset_rpc_backend sahara $SAHARA_CONF_FILE DEFAULT
+
     # Set configuration to send notifications
 
     if is_service_enabled ceilometer; then
         iniset $SAHARA_CONF_FILE DEFAULT enable_notifications "true"
         iniset $SAHARA_CONF_FILE DEFAULT notification_driver "messaging"
-        iniset_rpc_backend sahara $SAHARA_CONF_FILE
     fi
 
     iniset $SAHARA_CONF_FILE DEFAULT verbose True
@@ -203,12 +204,16 @@ function sahara_register_images {
 # start_sahara() - Start running processes, including screen
 function start_sahara {
     run_process sahara "$SAHARA_BIN_DIR/sahara-all --config-file $SAHARA_CONF_FILE"
+    run_process sahara-api "$SAHARA_BIN_DIR/sahara-api --config-file $SAHARA_CONF_FILE"
+    run_process sahara-eng "$SAHARA_BIN_DIR/sahara-engine --config-file $SAHARA_CONF_FILE"
 }
 
 # stop_sahara() - Stop running processes
 function stop_sahara {
     # Kill the Sahara screen windows
     stop_process sahara
+    stop_process sahara-api
+    stop_process sahara-eng
 }
 
 

From 7c57306c33630bd5e8a99b9afbd27b45b1157959 Mon Sep 17 00:00:00 2001
From: Aishwarya Thangappa 
Date: Wed, 18 Feb 2015 01:51:13 -0800
Subject: [PATCH 0529/3421] Added devstack-with-lbaas-v2 installation
 documentation

This document explains the steps to configure Load-Balancer in
kilo.

Change-Id: Ic8c2f3cca80e331b7275f689051c07d863d918ea
Depends-On: I64a94aeeabe6357b5ea7796e34c9306c55c9ae67
---
 doc/source/guides/devstack-with-lbaas-v2.rst | 99 ++++++++++++++++++++
 doc/source/index.rst                         |  1 +
 2 files changed, 100 insertions(+)
 create mode 100644 doc/source/guides/devstack-with-lbaas-v2.rst

diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
new file mode 100644
index 0000000000..f67978310d
--- /dev/null
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -0,0 +1,99 @@
+Configure Load-Balancer in Kilo
+=================================
+
+The Kilo release of OpenStack will support Version 2 of the neutron load balancer. Until now, using OpenStack `LBaaS V2 `_ has required a good understanding of neutron and LBaaS architecture and several manual steps.
+
+
+Phase 1: Create DevStack + 2 nova instances
+--------------------------------------------
+
+First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space, make sure it is updated. Install git and any other developer tools you find useful.
+
+Install devstack
+
+  ::
+
+    git clone https://git.openstack.org/openstack-dev/devstack
+    cd devstack
+
+
+Edit your `local.conf` to look like
+
+  ::
+
+    [[local|localrc]]
+    # Load the external LBaaS plugin.
+    enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas
+
+    # ===== BEGIN localrc =====
+    DATABASE_PASSWORD=password
+    ADMIN_PASSWORD=password
+    SERVICE_PASSWORD=password
+    SERVICE_TOKEN=password
+    RABBIT_PASSWORD=password
+    # Enable Logging
+    LOGFILE=$DEST/logs/stack.sh.log
+    VERBOSE=True
+    LOG_COLOR=True
+    SCREEN_LOGDIR=$DEST/logs
+    # Pre-requisite
+    ENABLED_SERVICES=rabbit,mysql,key
+    # Horizon
+    ENABLED_SERVICES+=,horizon
+    # Nova
+    ENABLED_SERVICES+=,n-api,n-crt,n-obj,n-cpu,n-cond,n-sch
+    IMAGE_URLS+=",https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img"
+    # Glance
+    ENABLED_SERVICES+=,g-api,g-reg
+    # Neutron
+    ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta
+    # Enable LBaaS V2
+    ENABLED_SERVICES+=,q-lbaasv2
+    # Cinder
+    ENABLED_SERVICES+=,c-api,c-vol,c-sch
+    # Tempest
+    ENABLED_SERVICES+=,tempest
+    # ===== END localrc =====
+
+Run stack.sh and do some sanity checks
+
+  ::
+
+    ./stack.sh
+    . ./openrc
+
+    neutron net-list  # should show public and private networks
+
+Create two nova instances that we can use as test http servers:
+
+  ::
+
+    #create nova instances on private network
+    nova boot --image $(nova image-list | awk '/ cirros-0.3.0-x86_64-disk / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node1
+    nova boot --image $(nova image-list | awk '/ cirros-0.3.0-x86_64-disk / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node2
+    nova list # should show the nova instances just created
+
+    #add secgroup rule to allow ssh etc..
+    neutron security-group-rule-create default --protocol icmp
+    neutron security-group-rule-create default --protocol tcp --port-range-min 22 --port-range-max 22
+    neutron security-group-rule-create default --protocol tcp --port-range-min 80 --port-range-max 80
+
+Set up a simple web server on each of these instances. ssh into each instance (username 'cirros', password 'cubswin:)') and run
+
+ ::
+
+    MYIP=$(ifconfig eth0|grep 'inet addr'|awk -F: '{print $2}'| awk '{print $1}')
+    while true; do echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to $MYIP" | sudo nc -l -p 80 ; done&
+
+Phase 2: Create your load balancers
+------------------------------------
+
+ ::
+
+    neutron lbaas-loadbalancer-create --name lb1 private-subnet
+    neutron lbaas-listener-create --loadbalancer lb1 --protocol HTTP --protocol-port 80 --name listener1
+    neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
+    neutron lbaas-member-create  --subnet private-subnet --address 10.0.0.3 --protocol-port 80 pool1
+    neutron lbaas-member-create  --subnet private-subnet --address 10.0.0.5 --protocol-port 80 pool1
+
+Please note here that the "10.0.0.3" and "10.0.0.5" in the above commands are the IPs of the nodes (in my test run-thru, they were actually 10.2 and 10.4), and the address of the created LB will be reported as "vip_address" from the lbaas-loadbalancer-create, and a quick test of that LB is "curl that-lb-ip", which should alternate between showing the IPs of the two nodes.
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 10f4355c07..84ef6fd638 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -68,6 +68,7 @@ Walk through various setups used by stackers
    guides/neutron
    guides/devstack-with-nested-kvm
    guides/nova
+   guides/devstack-with-lbaas-v2
 
 All-In-One Single VM
 --------------------

From d01ff96e3f330684f3f1041ce6e08f729cf4006c Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Mon, 23 Mar 2015 15:05:39 -0700
Subject: [PATCH 0530/3421] Stop using deprecated rabbit related config options

Stop services from throwing the following warning:
  Option "rabbit_password" from group "DEFAULT" is deprecated. Use option
  "rabbit_password" from group "oslo_messaging_rabbit".
Same for rabbit_hosts and rabbit_userid

Change-Id: I7da503ef50b3653b888cb243caa74b4253a495e2
---
 lib/rpc_backend | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 3d4ef762a7..3033cbe08e 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -272,9 +272,9 @@ function iniset_rpc_backend {
         fi
     elif is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
         iniset $file $section rpc_backend "rabbit"
-        iniset $file $section rabbit_hosts $RABBIT_HOST
-        iniset $file $section rabbit_password $RABBIT_PASSWORD
-        iniset $file $section rabbit_userid $RABBIT_USERID
+        iniset $file oslo_messaging_rabbit rabbit_hosts $RABBIT_HOST
+        iniset $file oslo_messaging_rabbit rabbit_password $RABBIT_PASSWORD
+        iniset $file oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
     fi
 }
 

From 0f20ad41f3bb7f674a85b341556386cea492830e Mon Sep 17 00:00:00 2001
From: Li Ma 
Date: Mon, 23 Mar 2015 23:05:15 -0700
Subject: [PATCH 0531/3421] Add pluggability for matchmaker-redis

This commit introduces stevedore to matchmaker-redis:

https://review.openstack.org/#/c/161615/

Change-Id: I547157c02c9e0536add6949910a911540f27fb2d
---
 lib/rpc_backend | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 3d4ef762a7..8a4a0908cd 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -251,8 +251,7 @@ function iniset_rpc_backend {
         iniset $file $section rpc_backend "zmq"
         iniset $file $section rpc_zmq_host `hostname`
         if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-            iniset $file $section rpc_zmq_matchmaker \
-                oslo.messaging._drivers.matchmaker_redis.MatchMakerRedis
+            iniset $file $section rpc_zmq_matchmaker "redis"
             MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
             iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
         else

From 16e0656bd0def2ea37b9020109aa9cdf8146e89b Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Thu, 19 Mar 2015 15:32:20 -0700
Subject: [PATCH 0532/3421] Until we prebuild wheels don't build wheels for deb
 installed libs

Until we have the ability to prebuild wheels so we don't spend time
compiling them during devstack runs, stop building wheels for libraries
that we still install from deb packages.

Long term we want to move away from using deb packages to install python
packages and use wheels. But until the wheel building logic is in place
so we don't have to compile wheels on each devstack run, don't waste
time compiling python libraries that we just use the packaged version of
anyway.

Change-Id: I962e2cfff223f7ab8efd5766ee0ef22229ab27bf
---
 files/venv-requirements.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/files/venv-requirements.txt b/files/venv-requirements.txt
index e473a2fe02..73d05793ce 100644
--- a/files/venv-requirements.txt
+++ b/files/venv-requirements.txt
@@ -1,10 +1,11 @@
+# Once we can prebuild wheels before a devstack run, uncomment the skipped libraries
 cryptography
-lxml
+# lxml # still install from from packages
 MySQL-python
-netifaces
+# netifaces # still install from packages
 #numpy    # slowest wheel by far, stop building until we are actually using the output
 posix-ipc
-psycopg2
+# psycopg # still install from packages
 pycrypto
 pyOpenSSL
 PyYAML

From 668749ae8582bd19e22bb1d0ec46cf3a18cc1bf0 Mon Sep 17 00:00:00 2001
From: Peter Stachowski 
Date: Tue, 24 Mar 2015 18:00:29 +0000
Subject: [PATCH 0533/3421] Allow external ENV setup for conf files

In order to keep redstack in synch with devstack, the conf files
referenced within devstack need to be able to be declared externally.

This change allows *_CONF values to be specified, and uses the
original values as defaults.

Change-Id: Ic67f6347b92b05619103a77e9f7ea80a299a6869
---
 lib/trove | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/trove b/lib/trove
index 4c5a438fb8..5dd4f23611 100644
--- a/lib/trove
+++ b/lib/trove
@@ -33,12 +33,12 @@ fi
 GITDIR["python-troveclient"]=$DEST/python-troveclient
 
 TROVE_DIR=$DEST/trove
-TROVE_CONF_DIR=/etc/trove
-TROVE_CONF=$TROVE_CONF_DIR/trove.conf
-TROVE_TASKMANAGER_CONF=$TROVE_CONF_DIR/trove-taskmanager.conf
-TROVE_CONDUCTOR_CONF=$TROVE_CONF_DIR/trove-conductor.conf
-TROVE_GUESTAGENT_CONF=$TROVE_CONF_DIR/trove-guestagent.conf
-TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
+TROVE_CONF_DIR=${TROVE_CONF_DIR:-/etc/trove}
+TROVE_CONF=${TROVE_CONF:-$TROVE_CONF_DIR/trove.conf}
+TROVE_TASKMANAGER_CONF=${TROVE_TASKMANAGER_CONF:-$TROVE_CONF_DIR/trove-taskmanager.conf}
+TROVE_CONDUCTOR_CONF=${TROVE_CONDUCTOR_CONF:-$TROVE_CONF_DIR/trove-conductor.conf}
+TROVE_GUESTAGENT_CONF=${TROVE_GUESTAGENT_CONF:-$TROVE_CONF_DIR/trove-guestagent.conf}
+TROVE_API_PASTE_INI=${TROVE_API_PASTE_INI:-$TROVE_CONF_DIR/api-paste.ini}
 
 TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
 TROVE_LOCAL_API_PASTE_INI=$TROVE_LOCAL_CONF_DIR/api-paste.ini

From 89983b6dfe15e8e83f390e9870cc3ddfbf2b8243 Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Wed, 18 Mar 2015 11:12:15 +1300
Subject: [PATCH 0534/3421] Do not download Fedora cloud image for heat

Tempest can now do all heat tests with cirros, and heat functional
tests now load a custom test image from tarballs.o.o, so devstack
no longer needs to register the fedora cloud image.

Depends-On: I6041b8d6e7e9422f6e220d7aef0ca38857085e4b
Change-Id: I9b3ea2c157b96dee139a24f0fa6f68f6764a7d67
---
 stackrc | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/stackrc b/stackrc
index f8d9c43c38..5b2ed70584 100644
--- a/stackrc
+++ b/stackrc
@@ -560,18 +560,6 @@ case "$VIRT_DRIVER" in
         IMAGE_URLS=${IMAGE_URLS:-"http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz"};;
 esac
 
-# Use 64bit fedora image if heat is enabled
-if [[ "$ENABLED_SERVICES" =~ 'h-api' ]]; then
-    case "$VIRT_DRIVER" in
-        libvirt|ironic)
-            HEAT_CFN_IMAGE_URL=${HEAT_CFN_IMAGE_URL:-"https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"}
-            IMAGE_URLS+=",$HEAT_CFN_IMAGE_URL"
-            ;;
-        *)
-            ;;
-    esac
-fi
-
 # Trove needs a custom image for its work
 if [[ "$ENABLED_SERVICES" =~ 'tr-api' ]]; then
     case "$VIRT_DRIVER" in
@@ -584,17 +572,6 @@ if [[ "$ENABLED_SERVICES" =~ 'tr-api' ]]; then
     esac
 fi
 
-# Staging Area for New Images, have them here for at least 24hrs for nodepool
-# to cache them otherwise the failure rates in the gate are too high
-PRECACHE_IMAGES=$(trueorfalse False PRECACHE_IMAGES)
-if [[ "$PRECACHE_IMAGES" == "True" ]]; then
-    # staging in update for nodepool
-    IMAGE_URL="https://download.fedoraproject.org/pub/alt/openstack/20/x86_64/Fedora-x86_64-20-20140618-sda.qcow2"
-    if ! [[ "$IMAGE_URLS"  =~ "$IMAGE_URL" ]]; then
-        IMAGE_URLS+=",$IMAGE_URL"
-    fi
-fi
-
 # 10Gb default volume backing file size
 VOLUME_BACKING_FILE_SIZE=${VOLUME_BACKING_FILE_SIZE:-10250M}
 

From 51c48d4c801fecce9d2486ce956a2602eb8a0ea9 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 25 Mar 2015 06:26:03 +1100
Subject: [PATCH 0535/3421] Add a note on default values of globals

Add a note on default values of globals in plugin settings

Change-Id: I0d5d3a7e0597abe7e2401f8bae30ccc5682eab03
---
 doc/source/plugins.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 5a610634b4..c4ed2285cb 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -113,6 +113,11 @@ directory. Inside this directory there can be 2 files.
   services using ``run_process`` as it only works with enabled
   services.
 
+  Be careful to allow users to override global-variables for
+  customizing their environment.  Usually it is best to provide a
+  default value only if the variable is unset or empty; e.g. in bash
+  syntax ``FOO=${FOO:-default}``.
+
 - ``plugin.sh`` - the actual plugin. It will be executed by devstack
   during it's run. The run order will be done in the registration
   order for these plugins, and will occur immediately after all in

From 93b2100c983e1c271a8d51aa7f4755a6445be6a8 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 20 Feb 2015 11:45:21 -0500
Subject: [PATCH 0536/3421] Support for single interface Neutron networking
 with OVS

When running Neutron on a single node that only has a single interface,
the following operations are required:

    * Remove the IP address from the physical interface
    * Add the interface to the OVS physical bridge
    * Add the IP address from the physical interface to the OVS bridge
    * Update the routing table

The reverse is done on cleanup.

In order run Neutron on a single interface, the $PUBLIC_INTERFACE and
$OVS_PHYSICAL_BRIDGE variables must be set.

Co-Authored-By: Brian Haley 

Change-Id: Ie35cb537bb670c4773598b8db29877fb8a12ff50
---
 lib/neutron | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 411c6961ce..dc9a339f5b 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -780,9 +780,41 @@ function stop_neutron {
     fi
 }
 
+# _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
+# on startup, or back to the public interface on cleanup
+function _move_neutron_addresses_route {
+    local from_intf=$1
+    local to_intf=$2
+    local add_ovs_port=$3
+
+    if [[ -n "$from_intf" && -n "$to_intf" ]]; then
+        # Remove the primary IP address from $from_intf and add it to $to_intf,
+        # along with the default route, if it exists.  Also, when called
+        # on configure we will also add $from_intf as a port on $to_intf,
+        # assuming it is an OVS bridge.
+
+        local IP_BRD=$(ip -4 a s dev $from_intf | awk '/inet/ { print $2, $3, $4; exit }')
+        local DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
+        local ADD_OVS_PORT=""
+
+        if [ "$DEFAULT_ROUTE_GW" != "" ]; then
+            ADD_DEFAULT_ROUTE="sudo ip r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
+        fi
+
+        if [[ "$add_ovs_port" == "True" ]]; then
+            ADD_OVS_PORT="sudo ovs-vsctl add-port $to_intf $from_intf"
+        fi
+
+        sudo ip addr del $IP_BRD dev $from_intf; sudo ip addr add $IP_BRD dev $to_intf; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
+    fi
+}
+
 # cleanup_neutron() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_neutron {
+
+    _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False
+
     if is_provider_network && is_ironic_hardware; then
         for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
             sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
@@ -960,6 +992,8 @@ function _configure_neutron_l3_agent {
     _neutron_setup_interface_driver $Q_L3_CONF_FILE
 
     neutron_plugin_configure_l3_agent
+
+    _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True
 }
 
 function _configure_neutron_metadata_agent {
@@ -1235,8 +1269,10 @@ function _neutron_configure_router_v4 {
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local cidr_len=${FLOATING_RANGE#*/}
-            sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
-            sudo ip link set $ext_gw_interface up
+            if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" ]]; then
+                sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
+                sudo ip link set $ext_gw_interface up
+            fi
             ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
             die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
             sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP

From eeb7bda510ad29dce7bfc5eb8aed9b6fe25efea1 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 25 Mar 2015 11:55:32 -0400
Subject: [PATCH 0537/3421] eliminate TEST_ONLY differentiation

devstack is a development and test environment, but by default we were
only installing the runtime dependencies. We should install all the
testing required packages as well.

Change-Id: I7c95927b9daad15766aac9d1276b10ca62efb24c
---
 files/debs/general      |  2 +-
 files/debs/glance       | 10 +++++-----
 files/debs/neutron      |  6 +++---
 files/debs/nova         |  2 +-
 files/debs/trove        |  2 +-
 files/rpms-suse/general |  2 +-
 files/rpms-suse/neutron |  4 ++--
 files/rpms-suse/trove   |  2 +-
 files/rpms/general      |  2 +-
 files/rpms/glance       | 12 ++++++------
 files/rpms/neutron      |  6 +++---
 files/rpms/nova         |  2 +-
 files/rpms/trove        |  2 +-
 functions-common        | 10 ----------
 inc/python              | 23 +++++++++++------------
 stackrc                 |  3 ---
 16 files changed, 38 insertions(+), 52 deletions(-)

diff --git a/files/debs/general b/files/debs/general
index 84d43029ff..5f10a20fc3 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -6,7 +6,7 @@ psmisc
 gcc
 g++
 git
-graphviz # testonly - docs
+graphviz # needed for docs
 lsof # useful when debugging
 openssh-server
 openssl
diff --git a/files/debs/glance b/files/debs/glance
index 9fda6a63d9..37877a85c2 100644
--- a/files/debs/glance
+++ b/files/debs/glance
@@ -1,6 +1,6 @@
-libmysqlclient-dev  # testonly
-libpq-dev           # testonly
-libssl-dev          # testonly
+libmysqlclient-dev
+libpq-dev
+libssl-dev
 libxml2-dev
-libxslt1-dev        # testonly
-zlib1g-dev           # testonly
+libxslt1-dev
+zlib1g-dev
diff --git a/files/debs/neutron b/files/debs/neutron
index aa3d7095ca..2d69a71c3a 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -1,12 +1,12 @@
-acl     # testonly
+acl
 ebtables
 iptables
 iputils-ping
 iputils-arping
-libmysqlclient-dev  # testonly
+libmysqlclient-dev
 mysql-server #NOPRIME
 sudo
-postgresql-server-dev-all       # testonly
+postgresql-server-dev-all
 python-mysqldb
 python-mysql.connector
 python-qpid # NOPRIME
diff --git a/files/debs/nova b/files/debs/nova
index 0c31385ddd..9d9acde3e9 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -4,7 +4,7 @@ conntrack
 kpartx
 parted
 iputils-arping
-libmysqlclient-dev  # testonly
+libmysqlclient-dev
 mysql-server # NOPRIME
 python-mysqldb
 python-mysql.connector
diff --git a/files/debs/trove b/files/debs/trove
index 09dcee8104..96f8f29277 100644
--- a/files/debs/trove
+++ b/files/debs/trove
@@ -1 +1 @@
-libxslt1-dev   # testonly
+libxslt1-dev
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 63cf14bd5b..2219426141 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -6,7 +6,7 @@ euca2ools
 gcc
 gcc-c++
 git-core
-graphviz # testonly - docs
+graphviz # docs
 iputils
 libopenssl-devel # to rebuild pyOpenSSL if needed
 lsof # useful when debugging
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index 66d6e4cad0..d278363e98 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -1,11 +1,11 @@
-acl     # testonly
+acl
 dnsmasq
 dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
 ebtables
 iptables
 iputils
 mariadb # NOPRIME
-postgresql-devel        # testonly
+postgresql-devel
 python-eventlet
 python-greenlet
 python-iso8601
diff --git a/files/rpms-suse/trove b/files/rpms-suse/trove
index 09dcee8104..96f8f29277 100644
--- a/files/rpms-suse/trove
+++ b/files/rpms-suse/trove
@@ -1 +1 @@
-libxslt1-dev   # testonly
+libxslt1-dev
diff --git a/files/rpms/general b/files/rpms/general
index eac4ec36a7..d74ecc6e98 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -5,7 +5,7 @@ euca2ools # only for testing client
 gcc
 gcc-c++
 git-core
-graphviz # testonly - docs
+graphviz # needed only for docs
 openssh-server
 openssl
 openssl-devel # to rebuild pyOpenSSL if needed
diff --git a/files/rpms/glance b/files/rpms/glance
index 119492a3f8..479194f918 100644
--- a/files/rpms/glance
+++ b/files/rpms/glance
@@ -1,6 +1,6 @@
-libxml2-devel       # testonly
-libxslt-devel       # testonly
-mysql-devel         # testonly
-openssl-devel       # testonly
-postgresql-devel    # testonly
-zlib-devel          # testonly
+libxml2-devel
+libxslt-devel
+mysql-devel
+openssl-devel
+postgresql-devel
+zlib-devel
diff --git a/files/rpms/neutron b/files/rpms/neutron
index c0dee78a48..8292e7bffe 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -1,15 +1,15 @@
 MySQL-python
-acl     # testonly
+acl
 dnsmasq # for q-dhcp
 dnsmasq-utils # for dhcp_release
 ebtables
 iptables
 iputils
 mysql-connector-python
-mysql-devel  # testonly
+mysql-devel
 mysql-server # NOPRIME
 openvswitch # NOPRIME
-postgresql-devel        # testonly
+postgresql-devel
 rabbitmq-server # NOPRIME
 qpid-cpp-server        # NOPRIME
 sqlite
diff --git a/files/rpms/nova b/files/rpms/nova
index 527928a581..ebd667454a 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -17,7 +17,7 @@ libxml2-python
 numpy # needed by websockify for spice console
 m2crypto
 mysql-connector-python
-mysql-devel  # testonly
+mysql-devel
 mysql-server # NOPRIME
 parted
 polkit
diff --git a/files/rpms/trove b/files/rpms/trove
index c5cbdea012..e7bbd43cd6 100644
--- a/files/rpms/trove
+++ b/files/rpms/trove
@@ -1 +1 @@
-libxslt-devel   # testonly
+libxslt-devel
diff --git a/functions-common b/functions-common
index f96da5b799..48e400dfb1 100644
--- a/functions-common
+++ b/functions-common
@@ -883,16 +883,6 @@ function _parse_package_files {
                 fi
             fi
 
-            # Look for # testonly in comment
-            if [[ $line =~ (.*)#.*testonly.* ]]; then
-                package=${BASH_REMATCH[1]}
-                # Are we installing test packages? (test for the default value)
-                if [[ $INSTALL_TESTONLY_PACKAGES = "False" ]]; then
-                    # If not installing test packages the skip this package
-                    inst_pkg=0
-                fi
-            fi
-
             if [[ $inst_pkg = 1 ]]; then
                 echo $package
             fi
diff --git a/inc/python b/inc/python
index 229c54009d..2d76081a52 100644
--- a/inc/python
+++ b/inc/python
@@ -101,18 +101,17 @@ function pip_install {
         $cmd_pip install \
         $@
 
-    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False INSTALL_TESTONLY_PACKAGES)
-    if [[ "$INSTALL_TESTONLY_PACKAGES" == "True" ]]; then
-        local test_req="$@/test-requirements.txt"
-        if [[ -e "$test_req" ]]; then
-            $sudo_pip \
-                http_proxy=${http_proxy:-} \
-                https_proxy=${https_proxy:-} \
-                no_proxy=${no_proxy:-} \
-                PIP_FIND_LINKS=$PIP_FIND_LINKS \
-                $cmd_pip install \
-                -r $test_req
-        fi
+    # Also install test requirements
+    local test_req="$@/test-requirements.txt"
+    if [[ -e "$test_req" ]]; then
+        echo "Installing test-requirements for $test_req"
+        $sudo_pip \
+            http_proxy=${http_proxy:-} \
+            https_proxy=${https_proxy:-} \
+            no_proxy=${no_proxy:-} \
+            PIP_FIND_LINKS=$PIP_FIND_LINKS \
+            $cmd_pip install \
+            -r $test_req
     fi
 }
 
diff --git a/stackrc b/stackrc
index f8d9c43c38..a13f82a889 100644
--- a/stackrc
+++ b/stackrc
@@ -615,9 +615,6 @@ USE_SCREEN=${SCREEN_DEV:-$USE_SCREEN}
 # Set default screen name
 SCREEN_NAME=${SCREEN_NAME:-stack}
 
-# Do not install packages tagged with 'testonly' by default
-INSTALL_TESTONLY_PACKAGES=${INSTALL_TESTONLY_PACKAGES:-False}
-
 # Undo requirements changes by global requirements
 UNDO_REQUIREMENTS=${UNDO_REQUIREMENTS:-True}
 

From 72f026b60d350ede39e22e08b8f7f286fd0d2633 Mon Sep 17 00:00:00 2001
From: "Andrea Frittoli (andreaf)" 
Date: Wed, 25 Mar 2015 17:24:24 -0400
Subject: [PATCH 0538/3421] Always defines tempest_roles as Member

Because tests might force the auth version to v3, we always need
to have Member in the list of roles.

Change-Id: I06fd043e1b31ae0e5e33f4dcf898fb58f2907267
---
 lib/tempest | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index fcb0e59937..7535fa6596 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -315,9 +315,7 @@ function configure_tempest {
 
     # Auth
     iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
-    if [[ "$TEMPEST_AUTH_VERSION" == "v3" ]]; then
-        iniset $TEMPEST_CONFIG auth tempest_roles "Member"
-    fi
+    iniset $TEMPEST_CONFIG auth tempest_roles "Member"
 
     # Compute
     iniset $TEMPEST_CONFIG compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED

From 85c98b3e18b132d99c569626e1b747eafa59f7c6 Mon Sep 17 00:00:00 2001
From: Alessandro Pilotti 
Date: Thu, 26 Mar 2015 00:14:05 +0100
Subject: [PATCH 0539/3421] Revert "Support for single interface Neutron
 networking with OVS"

This patch is causing blocking failures in some 3rd party CIs.
The issue can be tracked to the fact that the PUBLIC_INTERFACE
interface might have no address assigned.

This reverts commit 93b2100c983e1c271a8d51aa7f4755a6445be6a8.

Partial-Bug: #1436607
Change-Id: I0943aa542b911fbcebb100543e0adbb38159b233
---
 lib/neutron | 40 ++--------------------------------------
 1 file changed, 2 insertions(+), 38 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 89ed3ccea0..5ff39212fc 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -779,41 +779,9 @@ function stop_neutron {
     fi
 }
 
-# _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
-# on startup, or back to the public interface on cleanup
-function _move_neutron_addresses_route {
-    local from_intf=$1
-    local to_intf=$2
-    local add_ovs_port=$3
-
-    if [[ -n "$from_intf" && -n "$to_intf" ]]; then
-        # Remove the primary IP address from $from_intf and add it to $to_intf,
-        # along with the default route, if it exists.  Also, when called
-        # on configure we will also add $from_intf as a port on $to_intf,
-        # assuming it is an OVS bridge.
-
-        local IP_BRD=$(ip -4 a s dev $from_intf | awk '/inet/ { print $2, $3, $4; exit }')
-        local DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
-        local ADD_OVS_PORT=""
-
-        if [ "$DEFAULT_ROUTE_GW" != "" ]; then
-            ADD_DEFAULT_ROUTE="sudo ip r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
-        fi
-
-        if [[ "$add_ovs_port" == "True" ]]; then
-            ADD_OVS_PORT="sudo ovs-vsctl add-port $to_intf $from_intf"
-        fi
-
-        sudo ip addr del $IP_BRD dev $from_intf; sudo ip addr add $IP_BRD dev $to_intf; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
-    fi
-}
-
 # cleanup_neutron() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_neutron {
-
-    _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False
-
     if is_provider_network && is_ironic_hardware; then
         for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
             sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
@@ -988,8 +956,6 @@ function _configure_neutron_l3_agent {
     _neutron_setup_interface_driver $Q_L3_CONF_FILE
 
     neutron_plugin_configure_l3_agent
-
-    _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True
 }
 
 function _configure_neutron_metadata_agent {
@@ -1261,10 +1227,8 @@ function _neutron_configure_router_v4 {
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local cidr_len=${FLOATING_RANGE#*/}
-            if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" ]]; then
-                sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
-                sudo ip link set $ext_gw_interface up
-            fi
+            sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
+            sudo ip link set $ext_gw_interface up
             ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
             die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
             sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP

From 5a9739a4cae7957a24898fb11562559be2916121 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 25 Mar 2015 11:33:51 -0500
Subject: [PATCH 0540/3421] Rename lib/neutron to lib/neutron-legacy

Preparing to refactor lib/neutron to support Neutron as the default
network config.  lib/neutron will be renamed internally and refined
to support a couple of specific configurations.

Change-Id: I0d3773d14c4c636a4b915734784e7241f4d15474
---
 clean.sh                         |    2 +-
 doc/source/index.rst             |    2 +-
 exercises/boot_from_volume.sh    |    2 +-
 exercises/euca.sh                |    2 +-
 exercises/floating_ips.sh        |    2 +-
 exercises/neutron-adv-test.sh    |    2 +-
 exercises/volumes.sh             |    2 +-
 lib/neutron                      | 1468 +-----------------------------
 lib/neutron-legacy               | 1467 +++++++++++++++++++++++++++++
 lib/neutron_plugins/README.md    |    2 +-
 lib/neutron_thirdparty/README.md |    2 +-
 stack.sh                         |    2 +-
 unstack.sh                       |    2 +-
 13 files changed, 1479 insertions(+), 1478 deletions(-)
 mode change 100755 => 120000 lib/neutron
 create mode 100755 lib/neutron-legacy

diff --git a/clean.sh b/clean.sh
index ad4525ba62..035489c045 100755
--- a/clean.sh
+++ b/clean.sh
@@ -49,7 +49,7 @@ source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ironic
 source $TOP_DIR/lib/trove
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 537f6570a2..b7012379cb 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -166,7 +166,7 @@ Scripts
 * `lib/ironic `__
 * `lib/keystone `__
 * `lib/ldap `__
-* `lib/neutron `__
+* `lib/neutron-legacy `__
 * `lib/nova `__
 * `lib/oslo `__
 * `lib/rpc\_backend `__
diff --git a/exercises/boot_from_volume.sh b/exercises/boot_from_volume.sh
index a2ae275b04..aa348307af 100755
--- a/exercises/boot_from_volume.sh
+++ b/exercises/boot_from_volume.sh
@@ -32,7 +32,7 @@ source $TOP_DIR/functions
 
 # Import project functions
 source $TOP_DIR/lib/cinder
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 
 # Import configuration
 source $TOP_DIR/openrc
diff --git a/exercises/euca.sh b/exercises/euca.sh
index f9c47523e6..df5e233b8d 100755
--- a/exercises/euca.sh
+++ b/exercises/euca.sh
@@ -37,7 +37,7 @@ source $TOP_DIR/eucarc
 source $TOP_DIR/exerciserc
 
 # Import project functions
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 
 # If nova api is not enabled we exit with exitcode 55 so that
 # the exercise is skipped
diff --git a/exercises/floating_ips.sh b/exercises/floating_ips.sh
index 57f48e08b2..59444e1ebd 100755
--- a/exercises/floating_ips.sh
+++ b/exercises/floating_ips.sh
@@ -31,7 +31,7 @@ source $TOP_DIR/functions
 source $TOP_DIR/openrc
 
 # Import project functions
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 
 # Import exercise configuration
 source $TOP_DIR/exerciserc
diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index 5b3281b16a..9230587817 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -49,7 +49,7 @@ source $TOP_DIR/functions
 source $TOP_DIR/openrc
 
 # Import neutron functions
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 
 # If neutron is not enabled we exit with exitcode 55, which means exercise is skipped.
 neutron_plugin_check_adv_test_requirements || exit 55
diff --git a/exercises/volumes.sh b/exercises/volumes.sh
index 504fba1a04..3ac2016254 100755
--- a/exercises/volumes.sh
+++ b/exercises/volumes.sh
@@ -32,7 +32,7 @@ source $TOP_DIR/openrc
 
 # Import project functions
 source $TOP_DIR/lib/cinder
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 
 # Import exercise configuration
 source $TOP_DIR/exerciserc
diff --git a/lib/neutron b/lib/neutron
deleted file mode 100755
index 5ff39212fc..0000000000
--- a/lib/neutron
+++ /dev/null
@@ -1,1467 +0,0 @@
-#!/bin/bash
-#
-# lib/neutron
-# functions - functions specific to neutron
-
-# Dependencies:
-# ``functions`` file
-# ``DEST`` must be defined
-# ``STACK_USER`` must be defined
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# - install_neutron_agent_packages
-# - install_neutronclient
-# - install_neutron
-# - install_neutron_third_party
-# - configure_neutron
-# - init_neutron
-# - configure_neutron_third_party
-# - init_neutron_third_party
-# - start_neutron_third_party
-# - create_nova_conf_neutron
-# - start_neutron_service_and_check
-# - check_neutron_third_party_integration
-# - start_neutron_agents
-# - create_neutron_initial_network
-# - setup_neutron_debug
-#
-# ``unstack.sh`` calls the entry points in this order:
-#
-# - teardown_neutron_debug
-# - stop_neutron
-# - stop_neutron_third_party
-# - cleanup_neutron
-
-# Functions in lib/neutron are classified into the following categories:
-#
-# - entry points (called from stack.sh or unstack.sh)
-# - internal functions
-# - neutron exercises
-# - 3rd party programs
-
-
-# Neutron Networking
-# ------------------
-
-# Make sure that neutron is enabled in ``ENABLED_SERVICES``.  If you want
-# to run Neutron on this host, make sure that q-svc is also in
-# ``ENABLED_SERVICES``.
-#
-# See "Neutron Network Configuration" below for additional variables
-# that must be set in localrc for connectivity across hosts with
-# Neutron.
-#
-# With Neutron networking the NETWORK_MANAGER variable is ignored.
-
-# Settings
-# --------
-
-# Timeout value in seconds to wait for IPv6 gateway configuration
-GATEWAY_TIMEOUT=30
-
-
-# Neutron Network Configuration
-# -----------------------------
-
-# Subnet IP version
-IP_VERSION=${IP_VERSION:-4}
-# Validate IP_VERSION
-if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
-    die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
-fi
-# Gateway and subnet defaults, in case they are not customized in localrc
-NETWORK_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
-PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
-PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"}
-PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}
-
-if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
-    Q_PROTOCOL="https"
-fi
-
-# Generate 40-bit IPv6 Global ID to comply with RFC 4193
-IPV6_GLOBAL_ID=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
-
-# IPv6 gateway and subnet defaults, in case they are not customized in localrc
-IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}
-IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
-IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
-IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
-FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
-IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-fd$IPV6_GLOBAL_ID::1}
-IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-fe80:cafe:cafe::/64}
-IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-fe80:cafe:cafe::2}
-# IPV6_ROUTER_GW_IP must be defined when IP_VERSION=4+6 as it cannot be
-# obtained conventionally until the l3-agent has support for dual-stack
-# TODO (john-davidge) Remove once l3-agent supports dual-stack
-IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
-
-# Set up default directories
-GITDIR["python-neutronclient"]=$DEST/python-neutronclient
-
-
-NEUTRON_DIR=$DEST/neutron
-NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
-NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
-NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
-
-# Support entry points installation of console scripts
-if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
-    NEUTRON_BIN_DIR=$NEUTRON_DIR/bin
-else
-    NEUTRON_BIN_DIR=$(get_python_exec_prefix)
-fi
-
-NEUTRON_CONF_DIR=/etc/neutron
-NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
-export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
-
-# Agent binaries.  Note, binary paths for other agents are set in per-service
-# scripts in lib/neutron_plugins/services/
-AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent"
-AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}
-AGENT_META_BINARY="$NEUTRON_BIN_DIR/neutron-metadata-agent"
-
-# Agent config files. Note, plugin-specific Q_PLUGIN_CONF_FILE is set and
-# loaded from per-plugin  scripts in lib/neutron_plugins/
-Q_DHCP_CONF_FILE=$NEUTRON_CONF_DIR/dhcp_agent.ini
-Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
-Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
-Q_VPN_CONF_FILE=$NEUTRON_CONF_DIR/vpn_agent.ini
-Q_META_CONF_FILE=$NEUTRON_CONF_DIR/metadata_agent.ini
-
-# Default name for Neutron database
-Q_DB_NAME=${Q_DB_NAME:-neutron}
-# Default Neutron Plugin
-Q_PLUGIN=${Q_PLUGIN:-ml2}
-# Default Neutron Port
-Q_PORT=${Q_PORT:-9696}
-# Default Neutron Internal Port when using TLS proxy
-Q_PORT_INT=${Q_PORT_INT:-19696}
-# Default Neutron Host
-Q_HOST=${Q_HOST:-$SERVICE_HOST}
-# Default protocol
-Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}
-# Default admin username
-Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
-# Default auth strategy
-Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
-# Use namespace or not
-Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
-# RHEL's support for namespaces requires using veths with ovs
-Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}
-Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
-Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON)
-# Meta data IP
-Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
-# Allow Overlapping IP among subnets
-Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
-# Use neutron-debug command
-Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
-# The name of the default q-l3 router
-Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
-# nova vif driver that all plugins should use
-NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
-Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
-Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
-VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
-VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
-# Specify if the initial private and external networks should be created
-NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
-
-## Provider Network Information
-PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
-
-# Use flat providernet for public network
-#
-# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network
-# for external interface of neutron l3-agent.  In that case,
-# PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value
-# used for the network.  In case of ofagent, you should add the
-# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS.
-# For openvswitch agent, you should add the corresponding entry to
-# your OVS_BRIDGE_MAPPINGS.
-#
-# eg.  (ofagent)
-#    Q_USE_PROVIDERNET_FOR_PUBLIC=True
-#    Q_USE_PUBLIC_VETH=True
-#    PUBLIC_PHYSICAL_NETWORK=public
-#    OFAGENT_PHYSICAL_INTERFACE_MAPPINGS=public:veth-pub-int
-#
-# eg.  (openvswitch agent)
-#    Q_USE_PROVIDERNET_FOR_PUBLIC=True
-#    PUBLIC_PHYSICAL_NETWORK=public
-#    OVS_BRIDGE_MAPPINGS=public:br-ex
-Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-False}
-PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public}
-
-# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of
-# PUBLIC_BRIDGE.  This is intended to be used with
-# Q_USE_PROVIDERNET_FOR_PUBLIC=True.
-Q_USE_PUBLIC_VETH=${Q_USE_PUBLIC_VETH:-False}
-Q_PUBLIC_VETH_EX=${Q_PUBLIC_VETH_EX:-veth-pub-ex}
-Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int}
-
-# The next two variables are configured by plugin
-# e.g.  _configure_neutron_l3_agent or lib/neutron_plugins/*
-#
-# The plugin supports L3.
-Q_L3_ENABLED=${Q_L3_ENABLED:-False}
-# L3 routers exist per tenant
-Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-False}
-
-# List of config file names in addition to the main plugin config file
-# See _configure_neutron_common() for details about setting it up
-declare -a Q_PLUGIN_EXTRA_CONF_FILES
-
-# List of (optional) config files for VPN device drivers to use with
-# the neutron-q-vpn agent
-declare -a Q_VPN_EXTRA_CONF_FILES
-
-
-Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
-if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
-    Q_RR_COMMAND="sudo"
-else
-    NEUTRON_ROOTWRAP=$(get_rootwrap_location neutron)
-    Q_RR_COMMAND="sudo $NEUTRON_ROOTWRAP $Q_RR_CONF_FILE"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        Q_RR_DAEMON_COMMAND="sudo $NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
-    fi
-fi
-
-
-# Distributed Virtual Router (DVR) configuration
-# Can be:
-# - ``legacy``   - No DVR functionality
-# - ``dvr_snat`` - Controller or single node DVR
-# - ``dvr``      - Compute node in multi-node DVR
-#
-Q_DVR_MODE=${Q_DVR_MODE:-legacy}
-if [[ "$Q_DVR_MODE" != "legacy" ]]; then
-    Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population
-fi
-
-# Provider Network Configurations
-# --------------------------------
-
-# The following variables control the Neutron ML2 plugins' allocation
-# of tenant networks and availability of provider networks. If these
-# are not configured in ``localrc``, tenant networks will be local to
-# the host (with no remote connectivity), and no physical resources
-# will be available for the allocation of provider networks.
-
-# To disable tunnels (GRE or VXLAN) for tenant networks,
-# set to False in ``local.conf``.
-# GRE tunnels are only supported by the openvswitch.
-ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True}
-
-# If using GRE tunnels for tenant networks, specify the range of
-# tunnel IDs from which tenant networks are allocated. Can be
-# overriden in ``localrc`` in necesssary.
-TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
-
-# To use VLANs for tenant networks, set to True in localrc. VLANs
-# are supported by the ML2 plugins, requiring additional configuration
-# described below.
-ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False}
-
-# If using VLANs for tenant networks, set in ``localrc`` to specify
-# the range of VLAN VIDs from which tenant networks are
-# allocated. An external network switch must be configured to
-# trunk these VLANs between hosts for multi-host connectivity.
-#
-# Example: ``TENANT_VLAN_RANGE=1000:1999``
-TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-}
-
-# If using VLANs for tenant networks, or if using flat or VLAN
-# provider networks, set in ``localrc`` to the name of the physical
-# network, and also configure ``OVS_PHYSICAL_BRIDGE`` for the
-# openvswitch agent or ``LB_PHYSICAL_INTERFACE`` for the linuxbridge
-# agent, as described below.
-#
-# Example: ``PHYSICAL_NETWORK=default``
-PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}
-
-# With the openvswitch agent, if using VLANs for tenant networks,
-# or if using flat or VLAN provider networks, set in ``localrc`` to
-# the name of the OVS bridge to use for the physical network. The
-# bridge will be created if it does not already exist, but a
-# physical interface must be manually added to the bridge as a
-# port for external connectivity.
-#
-# Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
-OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}
-
-# With the linuxbridge agent, if using VLANs for tenant networks,
-# or if using flat or VLAN provider networks, set in ``localrc`` to
-# the name of the network interface to use for the physical
-# network.
-#
-# Example: ``LB_PHYSICAL_INTERFACE=eth1``
-LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}
-
-# When Neutron tunnels are enabled it is needed to specify the
-# IP address of the end point in the local server. This IP is set
-# by default to the same IP address that the HOST IP.
-# This variable can be used to specify a different end point IP address
-# Example: ``TUNNEL_ENDPOINT_IP=1.1.1.1``
-TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-$HOST_IP}
-
-# With the openvswitch plugin, set to True in ``localrc`` to enable
-# provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False.
-#
-# Example: ``OVS_ENABLE_TUNNELING=True``
-OVS_ENABLE_TUNNELING=${OVS_ENABLE_TUNNELING:-$ENABLE_TENANT_TUNNELS}
-
-# Use DHCP agent for providing metadata service in the case of
-# without L3 agent (No Route Agent), set to True in localrc.
-ENABLE_ISOLATED_METADATA=${ENABLE_ISOLATED_METADATA:-False}
-
-# Add a static route as dhcp option, so the request to 169.254.169.254
-# will be able to reach through a route(DHCP agent)
-# This option require ENABLE_ISOLATED_METADATA = True
-ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
-# Neutron plugin specific functions
-# ---------------------------------
-
-# Please refer to ``lib/neutron_plugins/README.md`` for details.
-source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
-
-# Agent loadbalancer service plugin functions
-# -------------------------------------------
-
-# Hardcoding for 1 service plugin for now
-source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
-
-# Agent metering service plugin functions
-# -------------------------------------------
-
-# Hardcoding for 1 service plugin for now
-source $TOP_DIR/lib/neutron_plugins/services/metering
-
-# VPN service plugin functions
-# -------------------------------------------
-# Hardcoding for 1 service plugin for now
-source $TOP_DIR/lib/neutron_plugins/services/vpn
-
-# Firewall Service Plugin functions
-# ---------------------------------
-source $TOP_DIR/lib/neutron_plugins/services/firewall
-
-# Use security group or not
-if has_neutron_plugin_security_group; then
-    Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
-else
-    Q_USE_SECGROUP=False
-fi
-
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,neutron
-
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Functions
-# ---------
-
-function _determine_config_server {
-    local cfg_file
-    local opts="--config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
-    for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
-        opts+=" --config-file /$cfg_file"
-    done
-    echo "$opts"
-}
-
-function _determine_config_vpn {
-    local cfg_file
-    local opts="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE --config-file=$Q_VPN_CONF_FILE"
-    if is_service_enabled q-fwaas; then
-        opts+=" --config-file $Q_FWAAS_CONF_FILE"
-    fi
-    for cfg_file in ${Q_VPN_EXTRA_CONF_FILES[@]}; do
-        opts+=" --config-file $cfg_file"
-    done
-    echo "$opts"
-
-}
-
-function _determine_config_l3 {
-    local opts="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
-    if is_service_enabled q-fwaas; then
-        opts+=" --config-file $Q_FWAAS_CONF_FILE"
-    fi
-    echo "$opts"
-}
-
-# For services and agents that require it, dynamically construct a list of
-# --config-file arguments that are passed to the binary.
-function determine_config_files {
-    local opts=""
-    case "$1" in
-        "neutron-server") opts="$(_determine_config_server)" ;;
-        "neutron-vpn-agent") opts="$(_determine_config_vpn)" ;;
-        "neutron-l3-agent") opts="$(_determine_config_l3)" ;;
-    esac
-    if [ -z "$opts" ] ; then
-        die $LINENO "Could not determine config files for $1."
-    fi
-    echo "$opts"
-}
-
-# Test if any Neutron services are enabled
-# is_neutron_enabled
-function is_neutron_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"q-" ]] && return 0
-    return 1
-}
-
-# configure_neutron()
-# Set common config for all neutron server and agents.
-function configure_neutron {
-    _configure_neutron_common
-    iniset_rpc_backend neutron $NEUTRON_CONF
-
-    # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
-    if is_service_enabled q-lbaas; then
-        _configure_neutron_lbaas
-    fi
-    if is_service_enabled q-metering; then
-        _configure_neutron_metering
-    fi
-    if is_service_enabled q-vpn; then
-        _configure_neutron_vpn
-    fi
-    if is_service_enabled q-fwaas; then
-        _configure_neutron_fwaas
-    fi
-    if is_service_enabled q-agt q-svc; then
-        _configure_neutron_service
-    fi
-    if is_service_enabled q-agt; then
-        _configure_neutron_plugin_agent
-    fi
-    if is_service_enabled q-dhcp; then
-        _configure_neutron_dhcp_agent
-    fi
-    if is_service_enabled q-l3; then
-        _configure_neutron_l3_agent
-    fi
-    if is_service_enabled q-meta; then
-        _configure_neutron_metadata_agent
-    fi
-
-    if [[ "$Q_DVR_MODE" != "legacy" ]]; then
-        _configure_dvr
-    fi
-    if is_service_enabled ceilometer; then
-        _configure_neutron_ceilometer_notifications
-    fi
-
-    _configure_neutron_debug_command
-}
-
-function create_nova_conf_neutron {
-    iniset $NOVA_CONF DEFAULT network_api_class "nova.network.neutronv2.api.API"
-    iniset $NOVA_CONF neutron admin_username "$Q_ADMIN_USERNAME"
-    iniset $NOVA_CONF neutron admin_password "$SERVICE_PASSWORD"
-    iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
-    iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
-    iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
-    iniset $NOVA_CONF neutron region_name "$REGION_NAME"
-    iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT"
-
-    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
-        LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
-        iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
-        iniset $NOVA_CONF DEFAULT security_group_api neutron
-    fi
-
-    # set NOVA_VIF_DRIVER and optionally set options in nova_conf
-    neutron_plugin_create_nova_conf
-
-    iniset $NOVA_CONF libvirt vif_driver "$NOVA_VIF_DRIVER"
-    iniset $NOVA_CONF DEFAULT linuxnet_interface_driver "$LINUXNET_VIF_DRIVER"
-    if is_service_enabled q-meta; then
-        iniset $NOVA_CONF neutron service_metadata_proxy "True"
-    fi
-
-    iniset $NOVA_CONF DEFAULT vif_plugging_is_fatal "$VIF_PLUGGING_IS_FATAL"
-    iniset $NOVA_CONF DEFAULT vif_plugging_timeout "$VIF_PLUGGING_TIMEOUT"
-}
-
-# create_neutron_cache_dir() - Part of the _neutron_setup_keystone() process
-function create_neutron_cache_dir {
-    # Create cache dir
-    sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
-    rm -f $NEUTRON_AUTH_CACHE_DIR/*
-}
-
-# create_neutron_accounts() - Set up common required neutron accounts
-
-# Tenant               User       Roles
-# ------------------------------------------------------------------
-# service              neutron    admin        # if enabled
-
-# Migrated from keystone_data.sh
-function create_neutron_accounts {
-    if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
-
-        create_service_user "neutron"
-
-        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-            local neutron_service=$(get_or_create_service "neutron" \
-                "network" "Neutron Service")
-            get_or_create_endpoint $neutron_service \
-                "$REGION_NAME" \
-                "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
-                "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
-                "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
-        fi
-    fi
-}
-
-function create_neutron_initial_network {
-    TENANT_ID=$(openstack project list | grep " demo " | get_field 1)
-    die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for demo"
-
-    # Allow drivers that need to create an initial network to do so here
-    if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
-        neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
-    fi
-
-    if is_provider_network; then
-        die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
-        die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
-        NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
-        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
-
-        if [[ "$IP_VERSION" =~ 4.* ]]; then
-            SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
-            die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $TENANT_ID"
-        fi
-
-        if [[ "$IP_VERSION" =~ .*6 ]]; then
-            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
-            die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $PROVIDER_SUBNET_NAME_V6 $TENANT_ID"
-        fi
-
-        sudo ip link set $OVS_PHYSICAL_BRIDGE up
-        sudo ip link set br-int up
-        sudo ip link set $PUBLIC_INTERFACE up
-    else
-        NET_ID=$(neutron net-create --tenant-id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
-        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $TENANT_ID"
-
-        if [[ "$IP_VERSION" =~ 4.* ]]; then
-            # Create IPv4 private subnet
-            SUBNET_ID=$(_neutron_create_private_subnet_v4)
-        fi
-
-        if [[ "$IP_VERSION" =~ .*6 ]]; then
-            # Create IPv6 private subnet
-            IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6)
-        fi
-    fi
-
-    if [[ "$Q_L3_ENABLED" == "True" ]]; then
-        # Create a router, and add the private subnet as one of its interfaces
-        if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
-            # create a tenant-owned router.
-            ROUTER_ID=$(neutron router-create --tenant-id $TENANT_ID $Q_ROUTER_NAME | grep ' id ' | get_field 2)
-            die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $TENANT_ID $Q_ROUTER_NAME"
-        else
-            # Plugin only supports creating a single router, which should be admin owned.
-            ROUTER_ID=$(neutron router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
-            die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
-        fi
-
-        # Create an external network, and a subnet. Configure the external network as router gw
-        if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
-            EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
-        else
-            EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
-        fi
-        die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
-
-        if [[ "$IP_VERSION" =~ 4.* ]]; then
-            # Configure router for IPv4 public access
-            _neutron_configure_router_v4
-        fi
-
-        if [[ "$IP_VERSION" =~ .*6 ]]; then
-            # Configure router for IPv6 public access
-            _neutron_configure_router_v6
-        fi
-    fi
-}
-
-# init_neutron() - Initialize databases, etc.
-function init_neutron {
-    recreate_database $Q_DB_NAME
-    # Run Neutron db migrations
-    $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-    for svc in fwaas lbaas vpnaas; do
-        if [ "$svc" = "vpnaas" ]; then
-            q_svc="q-vpn"
-        else
-            q_svc="q-$svc"
-        fi
-        if is_service_enabled $q_svc; then
-            $NEUTRON_BIN_DIR/neutron-db-manage --service $svc --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-        fi
-    done
-}
-
-# install_neutron() - Collect source and prepare
-function install_neutron {
-    git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
-    setup_develop $NEUTRON_DIR
-    if is_service_enabled q-fwaas; then
-        git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
-        setup_develop $NEUTRON_FWAAS_DIR
-    fi
-    if is_service_enabled q-lbaas; then
-        git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
-        setup_develop $NEUTRON_LBAAS_DIR
-    fi
-    if is_service_enabled q-vpn; then
-        git_clone $NEUTRON_VPNAAS_REPO $NEUTRON_VPNAAS_DIR $NEUTRON_VPNAAS_BRANCH
-        setup_develop $NEUTRON_VPNAAS_DIR
-    fi
-
-    if [ "$VIRT_DRIVER" == 'xenserver' ]; then
-        local dom0_ip
-        dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)
-
-        local ssh_dom0
-        ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
-
-        # Find where the plugins should go in dom0
-        local xen_functions
-        xen_functions=$(cat $TOP_DIR/tools/xen/functions)
-        local plugin_dir
-        plugin_dir=$($ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location")
-
-        # install neutron plugins to dom0
-        tar -czf - -C $NEUTRON_DIR/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
-            $ssh_dom0 "tar -xzf - -C $plugin_dir && chmod a+x $plugin_dir/*"
-    fi
-}
-
-# install_neutronclient() - Collect source and prepare
-function install_neutronclient {
-    if use_library_from_git "python-neutronclient"; then
-        git_clone_by_name "python-neutronclient"
-        setup_dev_lib "python-neutronclient"
-        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-neutronclient"]}/tools/,/etc/bash_completion.d/}neutron.bash_completion
-    fi
-}
-
-# install_neutron_agent_packages() - Collect source and prepare
-function install_neutron_agent_packages {
-    # radvd doesn't come with the OS. Install it if the l3 service is enabled.
-    if is_service_enabled q-l3; then
-        install_package radvd
-    fi
-    # install packages that are specific to plugin agent(s)
-    if is_service_enabled q-agt q-dhcp q-l3; then
-        neutron_plugin_install_agent_packages
-    fi
-
-    if is_service_enabled q-lbaas; then
-        neutron_agent_lbaas_install_agent_packages
-    fi
-}
-
-# Start running processes, including screen
-function start_neutron_service_and_check {
-    local cfg_file_options="$(determine_config_files neutron-server)"
-    local service_port=$Q_PORT
-    local service_protocol=$Q_PROTOCOL
-    if is_service_enabled tls-proxy; then
-        service_port=$Q_PORT_INT
-        service_protocol="http"
-    fi
-    # Start the Neutron service
-    run_process q-svc "python $NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
-    echo "Waiting for Neutron to start..."
-    if is_ssl_enabled_service "neutron"; then
-        ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
-    fi
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port; do sleep 1; done"; then
-        die $LINENO "Neutron did not start"
-    fi
-    # Start proxy if enabled
-    if is_service_enabled tls-proxy; then
-        start_tls_proxy '*' $Q_PORT $Q_HOST $Q_PORT_INT &
-    fi
-}
-
-# Start running processes, including screen
-function start_neutron_agents {
-    # Start up the neutron agents if enabled
-    run_process q-agt "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
-    run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
-
-    if is_provider_network; then
-        sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
-        sudo ip link set $OVS_PHYSICAL_BRIDGE up
-        sudo ip link set br-int up
-        sudo ip link set $PUBLIC_INTERFACE up
-        if is_ironic_hardware; then
-            for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
-                sudo ip addr del $IP dev $PUBLIC_INTERFACE
-                sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
-            done
-            sudo route add -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
-        fi
-    fi
-
-    if is_service_enabled q-vpn; then
-        run_process q-vpn "$AGENT_VPN_BINARY $(determine_config_files neutron-vpn-agent)"
-    else
-        run_process q-l3 "python $AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"
-    fi
-
-    run_process q-meta "python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
-
-    if [ "$VIRT_DRIVER" = 'xenserver' ]; then
-        # For XenServer, start an agent for the domU openvswitch
-        run_process q-domua "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
-    fi
-
-    if is_service_enabled q-lbaas; then
-        run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
-    fi
-
-    if is_service_enabled q-metering; then
-        run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
-    fi
-}
-
-# stop_neutron() - Stop running processes (non-screen)
-function stop_neutron {
-    if is_service_enabled q-dhcp; then
-        stop_process q-dhcp
-        pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
-        [ ! -z "$pid" ] && sudo kill -9 $pid
-    fi
-
-    stop_process q-svc
-    stop_process q-l3
-
-    if is_service_enabled q-meta; then
-        sudo pkill -9 -f neutron-ns-metadata-proxy || :
-        stop_process q-meta
-    fi
-
-    stop_process q-agt
-
-    if is_service_enabled q-lbaas; then
-        neutron_lbaas_stop
-    fi
-    if is_service_enabled q-fwaas; then
-        neutron_fwaas_stop
-    fi
-    if is_service_enabled q-vpn; then
-        neutron_vpn_stop
-    fi
-    if is_service_enabled q-metering; then
-        neutron_metering_stop
-    fi
-}
-
-# cleanup_neutron() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_neutron {
-    if is_provider_network && is_ironic_hardware; then
-        for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
-            sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
-            sudo ip addr add $IP dev $PUBLIC_INTERFACE
-        done
-        sudo route del -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
-    fi
-
-    if is_neutron_ovs_base_plugin; then
-        neutron_ovs_base_cleanup
-    fi
-
-    # delete all namespaces created by neutron
-    for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
-        sudo ip netns delete ${ns}
-    done
-}
-
-
-function _create_neutron_conf_dir {
-    # Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
-    sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
-}
-
-# _configure_neutron_common()
-# Set common config for all neutron server and agents.
-# This MUST be called before other ``_configure_neutron_*`` functions.
-function _configure_neutron_common {
-    _create_neutron_conf_dir
-
-    cp $NEUTRON_DIR/etc/neutron.conf $NEUTRON_CONF
-
-    # Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
-    # For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
-    # For addition plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH``,
-    # ``Q_PLUGIN_EXTRA_CONF_FILES``.  For example:
-    #
-    #    ``Q_PLUGIN_EXTRA_CONF_FILES=(file1, file2)``
-    neutron_plugin_configure_common
-
-    if [[ "$Q_PLUGIN_CONF_PATH" == '' || "$Q_PLUGIN_CONF_FILENAME" == '' || "$Q_PLUGIN_CLASS" == '' ]]; then
-        die $LINENO "Neutron plugin not set.. exiting"
-    fi
-
-    # If needed, move config file from ``$NEUTRON_DIR/etc/neutron`` to ``NEUTRON_CONF_DIR``
-    mkdir -p /$Q_PLUGIN_CONF_PATH
-    Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
-    cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
-
-    iniset $NEUTRON_CONF database connection `database_connection_url $Q_DB_NAME`
-    iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron
-    iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
-    # If addition config files are set, make sure their path name is set as well
-    if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
-        die $LINENO "Neutron additional plugin config not set.. exiting"
-    fi
-
-    # If additional config files exist, copy them over to neutron configuration
-    # directory
-    if [[ $Q_PLUGIN_EXTRA_CONF_PATH != '' ]]; then
-        local f
-        for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do
-            Q_PLUGIN_EXTRA_CONF_FILES[$f]=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]}
-        done
-    fi
-
-    if [ "$VIRT_DRIVER" = 'fake' ]; then
-        # Disable arbitrary limits
-        iniset $NEUTRON_CONF quotas quota_network -1
-        iniset $NEUTRON_CONF quotas quota_subnet -1
-        iniset $NEUTRON_CONF quotas quota_port -1
-        iniset $NEUTRON_CONF quotas quota_security_group -1
-        iniset $NEUTRON_CONF quotas quota_security_group_rule -1
-    fi
-
-    # Format logging
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
-    else
-        # Show user_name and project_name by default like in nova
-        iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
-    fi
-
-    if is_service_enabled tls-proxy; then
-        # Set the service port for a proxy to take the original
-        iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
-    fi
-
-    if is_ssl_enabled_service "nova"; then
-        iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
-    fi
-
-    if is_ssl_enabled_service "neutron"; then
-        ensure_certificates NEUTRON
-
-        iniset $NEUTRON_CONF DEFAULT use_ssl True
-        iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT"
-        iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY"
-    fi
-
-    _neutron_setup_rootwrap
-}
-
-function _configure_neutron_debug_command {
-    if [[ "$Q_USE_DEBUG_COMMAND" != "True" ]]; then
-        return
-    fi
-
-    cp $NEUTRON_DIR/etc/l3_agent.ini $NEUTRON_TEST_CONFIG_FILE
-
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper "$Q_RR_COMMAND"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
-    fi
-
-    _neutron_setup_interface_driver $NEUTRON_TEST_CONFIG_FILE
-
-    neutron_plugin_configure_debug_command
-}
-
-function _configure_neutron_dhcp_agent {
-
-    cp $NEUTRON_DIR/etc/dhcp_agent.ini $Q_DHCP_CONF_FILE
-
-    iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
-    iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
-    fi
-
-    if ! is_service_enabled q-l3; then
-        if [[ "$ENABLE_ISOLATED_METADATA" = "True" ]]; then
-            iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata $ENABLE_ISOLATED_METADATA
-            iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network $ENABLE_METADATA_NETWORK
-        else
-            if [[ "$ENABLE_METADATA_NETWORK" = "True" ]]; then
-                die "$LINENO" "Enable isolated metadata is a must for metadata network"
-            fi
-        fi
-    fi
-
-    _neutron_setup_interface_driver $Q_DHCP_CONF_FILE
-
-    neutron_plugin_configure_dhcp_agent
-}
-
-function _configure_neutron_l3_agent {
-    local cfg_file
-    Q_L3_ENABLED=True
-    # for l3-agent, only use per tenant router if we have namespaces
-    Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE
-
-    if is_service_enabled q-vpn; then
-        neutron_vpn_configure_agent
-    fi
-
-    cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
-
-    iniset $Q_L3_CONF_FILE DEFAULT verbose True
-    iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $Q_L3_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $Q_L3_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
-    fi
-
-    _neutron_setup_interface_driver $Q_L3_CONF_FILE
-
-    neutron_plugin_configure_l3_agent
-}
-
-function _configure_neutron_metadata_agent {
-    cp $NEUTRON_DIR/etc/metadata_agent.ini $Q_META_CONF_FILE
-
-    iniset $Q_META_CONF_FILE DEFAULT verbose True
-    iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
-    iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $Q_META_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
-    fi
-
-    # Configures keystone for metadata_agent
-    # The third argument "True" sets auth_url needed to communicate with keystone
-    _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True
-
-}
-
-function _configure_neutron_ceilometer_notifications {
-    iniset $NEUTRON_CONF DEFAULT notification_driver messaging
-}
-
-function _configure_neutron_lbaas {
-    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then
-        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR
-    fi
-    neutron_agent_lbaas_configure_common
-    neutron_agent_lbaas_configure_agent
-}
-
-function _configure_neutron_metering {
-    neutron_agent_metering_configure_common
-    neutron_agent_metering_configure_agent
-}
-
-function _configure_neutron_fwaas {
-    if [ -f $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf ]; then
-        cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf $NEUTRON_CONF_DIR
-    fi
-    neutron_fwaas_configure_common
-    neutron_fwaas_configure_driver
-}
-
-function _configure_neutron_vpn {
-    if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf ]; then
-        cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_CONF_DIR
-    fi
-    neutron_vpn_install_agent_packages
-    neutron_vpn_configure_common
-}
-
-function _configure_dvr {
-    iniset $NEUTRON_CONF DEFAULT router_distributed True
-    iniset $Q_L3_CONF_FILE DEFAULT agent_mode $Q_DVR_MODE
-}
-
-
-# _configure_neutron_plugin_agent() - Set config files for neutron plugin agent
-# It is called when q-agt is enabled.
-function _configure_neutron_plugin_agent {
-    # Specify the default root helper prior to agent configuration to
-    # ensure that an agent's configuration can override the default
-    iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE  agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
-    fi
-    iniset $NEUTRON_CONF DEFAULT verbose True
-    iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-
-    # Configure agent for plugin
-    neutron_plugin_configure_plugin_agent
-}
-
-# _configure_neutron_service() - Set config files for neutron service
-# It is called when q-svc is enabled.
-function _configure_neutron_service {
-    Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
-    Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
-
-    cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
-    cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
-
-    # allow neutron user to administer neutron to match neutron account
-    sed -i 's/"context_is_admin":  "role:admin"/"context_is_admin":  "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
-
-    # Update either configuration file with plugin
-    iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
-
-    if [[ $Q_SERVICE_PLUGIN_CLASSES != '' ]]; then
-        iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
-    fi
-
-    iniset $NEUTRON_CONF DEFAULT verbose True
-    iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $NEUTRON_CONF DEFAULT policy_file $Q_POLICY_FILE
-    iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
-
-    iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
-    _neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
-
-    # Configuration for neutron notifations to nova.
-    iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
-    iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
-
-    iniset $NEUTRON_CONF nova auth_plugin password
-    iniset $NEUTRON_CONF nova auth_url $KEYSTONE_AUTH_URI
-    iniset $NEUTRON_CONF nova username nova
-    iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
-    iniset $NEUTRON_CONF nova user_domain_id default
-    iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
-    iniset $NEUTRON_CONF nova project_domain_id default
-    iniset $NEUTRON_CONF nova region_name $REGION_NAME
-
-    # Configure plugin
-    neutron_plugin_configure_service
-}
-
-# Utility Functions
-#------------------
-
-# _neutron_service_plugin_class_add() - add service plugin class
-function _neutron_service_plugin_class_add {
-    local service_plugin_class=$1
-    if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
-        Q_SERVICE_PLUGIN_CLASSES=$service_plugin_class
-    elif [[ ! ,${Q_SERVICE_PLUGIN_CLASSES}, =~ ,${service_plugin_class}, ]]; then
-        Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$service_plugin_class"
-    fi
-}
-
-# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
-function _neutron_deploy_rootwrap_filters {
-    local srcdir=$1
-    sudo install -d -o root -m 755 $Q_CONF_ROOTWRAP_D
-    sudo install -o root -m 644 $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
-}
-
-# _neutron_setup_rootwrap() - configure Neutron's rootwrap
-function _neutron_setup_rootwrap {
-    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
-        return
-    fi
-    # Wipe any existing ``rootwrap.d`` files first
-    Q_CONF_ROOTWRAP_D=$NEUTRON_CONF_DIR/rootwrap.d
-    if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
-        sudo rm -rf $Q_CONF_ROOTWRAP_D
-    fi
-
-    _neutron_deploy_rootwrap_filters $NEUTRON_DIR
-
-    # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d``
-    # location moved in newer versions, prefer new location
-    if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then
-        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE
-    else
-        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
-    fi
-    sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
-    # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
-    ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
-    ROOTWRAP_DAEMON_SUDOER_CMD="$NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
-
-    # Set up the rootwrap sudoers for neutron
-    TEMPFILE=`mktemp`
-    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
-    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_DAEMON_SUDOER_CMD" >>$TEMPFILE
-    chmod 0440 $TEMPFILE
-    sudo chown root:root $TEMPFILE
-    sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap
-
-    # Update the root_helper
-    iniset $NEUTRON_CONF agent root_helper "$Q_RR_COMMAND"
-    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $NEUTRON_CONF agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
-    fi
-}
-
-# Configures keystone integration for neutron service and agents
-function _neutron_setup_keystone {
-    local conf_file=$1
-    local section=$2
-    local use_auth_url=$3
-
-    # Configures keystone for metadata_agent
-    # metadata_agent needs auth_url to communicate with keystone
-    if [[ "$use_auth_url" == "True" ]]; then
-        iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
-    fi
-
-    create_neutron_cache_dir
-    configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
-}
-
-function _neutron_setup_interface_driver {
-
-    # ovs_use_veth needs to be set before the plugin configuration
-    # occurs to allow plugins to override the setting.
-    iniset $1 DEFAULT ovs_use_veth $Q_OVS_USE_VETH
-
-    neutron_plugin_setup_interface_driver $1
-}
-
-# Create private IPv4 subnet
-function _neutron_create_private_subnet_v4 {
-    local subnet_params="--tenant-id $TENANT_ID "
-    subnet_params+="--ip_version 4 "
-    subnet_params+="--gateway $NETWORK_GATEWAY "
-    subnet_params+="--name $PRIVATE_SUBNET_NAME "
-    subnet_params+="$NET_ID $FIXED_RANGE"
-    local subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
-    die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $TENANT_ID"
-    echo $subnet_id
-}
-
-# Create private IPv6 subnet
-function _neutron_create_private_subnet_v6 {
-    die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
-    die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
-    local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
-    local subnet_params="--tenant-id $TENANT_ID "
-    subnet_params+="--ip_version 6 "
-    subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
-    subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
-    subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
-    local ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
-    die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $TENANT_ID"
-    echo $ipv6_subnet_id
-}
-
-# Create public IPv4 subnet
-function _neutron_create_public_subnet_v4 {
-    local subnet_params+="--ip_version 4 "
-    subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
-    subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
-    subnet_params+="--name $PUBLIC_SUBNET_NAME "
-    subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
-    subnet_params+="-- --enable_dhcp=False"
-    local id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
-    die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
-    echo $id_and_ext_gw_ip
-}
-
-# Create public IPv6 subnet
-function _neutron_create_public_subnet_v6 {
-    local subnet_params="--ip_version 6 "
-    subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
-    subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
-    subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
-    subnet_params+="-- --enable_dhcp=False"
-    local ipv6_id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
-    die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
-    echo $ipv6_id_and_ext_gw_ip
-}
-
-# Configure neutron router for IPv4 public access
-function _neutron_configure_router_v4 {
-    neutron router-interface-add $ROUTER_ID $SUBNET_ID
-    # Create a public subnet on the external network
-    local id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
-    local ext_gw_ip=$(echo $id_and_ext_gw_ip  | get_field 2)
-    PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
-    # Configure the external network as the default router gateway
-    neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
-
-    # This logic is specific to using the l3-agent for layer 3
-    if is_service_enabled q-l3; then
-        # Configure and enable public bridge
-        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
-            local cidr_len=${FLOATING_RANGE#*/}
-            sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
-            sudo ip link set $ext_gw_interface up
-            ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
-            die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
-            sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
-        fi
-        _neutron_set_router_id
-    fi
-}
-
-# Configure neutron router for IPv6 public access
-function _neutron_configure_router_v6 {
-    neutron router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
-    # Create a public subnet on the external network
-    local ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
-    local ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
-    local ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
-
-    # If the external network has not already been set as the default router
-    # gateway when configuring an IPv4 public subnet, do so now
-    if [[ "$IP_VERSION" == "6" ]]; then
-        neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
-    fi
-
-    # This logic is specific to using the l3-agent for layer 3
-    if is_service_enabled q-l3; then
-        local ipv6_router_gw_port
-        # Ensure IPv6 forwarding is enabled on the host
-        sudo sysctl -w net.ipv6.conf.all.forwarding=1
-        # Configure and enable public bridge
-        if [[ "$IP_VERSION" = "6" ]]; then
-            # Override global IPV6_ROUTER_GW_IP with the true value from neutron
-            IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
-            die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
-            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
-            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
-        else
-            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
-            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
-        fi
-
-        # The ovs_base_configure_l3_agent function flushes the public
-        # bridge's ip addresses, so turn IPv6 support in the host off
-        # and then on to recover the public bridge's link local address
-        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=1
-        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=0
-        if ! ip -6 addr show dev $PUBLIC_BRIDGE | grep 'scope global'; then
-            # Create an IPv6 ULA address for PUBLIC_BRIDGE if one is not present
-            IPV6_BRIDGE_ULA=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
-            sudo ip -6 addr add fd$IPV6_BRIDGE_ULA::1 dev $PUBLIC_BRIDGE
-        fi
-
-        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
-            local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
-
-            # Define router_ns based on whether DVR is enabled
-            local router_ns=qrouter
-            if [[ "$Q_DVR_MODE" == "dvr_snat" ]]; then
-                router_ns=snat
-            fi
-
-            # Configure interface for public bridge
-            sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
-
-            # Wait until layer 3 agent has configured the gateway port on
-            # the public bridge, then add gateway address to the interface
-            # TODO (john-davidge) Remove once l3-agent supports dual-stack
-            if [[ "$IP_VERSION" == "4+6" ]]; then
-                if ! timeout $GATEWAY_TIMEOUT sh -c "until sudo ip netns exec $router_ns-$ROUTER_ID ip addr show qg-${ipv6_router_gw_port:0:11} | grep $ROUTER_GW_IP; do sleep 1; done"; then
-                    die $LINENO "Timeout retrieving ROUTER_GW_IP"
-                fi
-                # Configure the gateway port with the public IPv6 adress
-                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 addr add $IPV6_ROUTER_GW_IP/$ipv6_cidr_len dev qg-${ipv6_router_gw_port:0:11}
-                # Add a default IPv6 route to the neutron router as the
-                # l3-agent does not add one in the dual-stack case
-                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 route replace default via $ipv6_ext_gw_ip dev qg-${ipv6_router_gw_port:0:11}
-            fi
-            sudo ip -6 route add $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
-        fi
-        _neutron_set_router_id
-    fi
-}
-
-# Explicitly set router id in l3 agent configuration
-function _neutron_set_router_id {
-    if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
-        iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
-    fi
-}
-
-# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
-function _neutron_get_ext_gw_interface {
-    if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
-        echo $Q_PUBLIC_VETH_EX
-    else
-        # Disable in-band as we are going to use local port
-        # to communicate with VMs
-        sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
-            other_config:disable-in-band=true
-        echo $PUBLIC_BRIDGE
-    fi
-}
-
-# Functions for Neutron Exercises
-#--------------------------------
-
-function delete_probe {
-    local from_net="$1"
-    net_id=`_get_net_id $from_net`
-    probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
-    neutron-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
-}
-
-function setup_neutron_debug {
-    if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
-        public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
-        neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
-        private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
-        neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
-    fi
-}
-
-function teardown_neutron_debug {
-    delete_probe $PUBLIC_NETWORK_NAME
-    delete_probe $PRIVATE_NETWORK_NAME
-}
-
-function _get_net_id {
-    neutron --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
-}
-
-function _get_probe_cmd_prefix {
-    local from_net="$1"
-    net_id=`_get_net_id $from_net`
-    probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
-    echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
-}
-
-function _ping_check_neutron {
-    local from_net=$1
-    local ip=$2
-    local timeout_sec=$3
-    local expected=${4:-"True"}
-    local check_command=""
-    probe_cmd=`_get_probe_cmd_prefix $from_net`
-    if [[ "$expected" = "True" ]]; then
-        check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
-    else
-        check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
-    fi
-    if ! timeout $timeout_sec sh -c "$check_command"; then
-        if [[ "$expected" = "True" ]]; then
-            die $LINENO "[Fail] Couldn't ping server"
-        else
-            die $LINENO "[Fail] Could ping server"
-        fi
-    fi
-}
-
-# ssh check
-function _ssh_check_neutron {
-    local from_net=$1
-    local key_file=$2
-    local ip=$3
-    local user=$4
-    local timeout_sec=$5
-    local probe_cmd = ""
-    probe_cmd=`_get_probe_cmd_prefix $from_net`
-    if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success; do sleep 1; done"; then
-        die $LINENO "server didn't become ssh-able!"
-    fi
-}
-
-# Neutron 3rd party programs
-#---------------------------
-
-# please refer to ``lib/neutron_thirdparty/README.md`` for details
-NEUTRON_THIRD_PARTIES=""
-for f in $TOP_DIR/lib/neutron_thirdparty/*; do
-    third_party=$(basename $f)
-    if is_service_enabled $third_party; then
-        source $TOP_DIR/lib/neutron_thirdparty/$third_party
-        NEUTRON_THIRD_PARTIES="$NEUTRON_THIRD_PARTIES,$third_party"
-    fi
-done
-
-function _neutron_third_party_do {
-    for third_party in ${NEUTRON_THIRD_PARTIES//,/ }; do
-        ${1}_${third_party}
-    done
-}
-
-# configure_neutron_third_party() - Set config files, create data dirs, etc
-function configure_neutron_third_party {
-    _neutron_third_party_do configure
-}
-
-# init_neutron_third_party() - Initialize databases, etc.
-function init_neutron_third_party {
-    _neutron_third_party_do init
-}
-
-# install_neutron_third_party() - Collect source and prepare
-function install_neutron_third_party {
-    _neutron_third_party_do install
-}
-
-# start_neutron_third_party() - Start running processes, including screen
-function start_neutron_third_party {
-    _neutron_third_party_do start
-}
-
-# stop_neutron_third_party - Stop running processes (non-screen)
-function stop_neutron_third_party {
-    _neutron_third_party_do stop
-}
-
-# check_neutron_third_party_integration() - Check that third party integration is sane
-function check_neutron_third_party_integration {
-    _neutron_third_party_do check
-}
-
-function is_provider_network {
-    if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ] && [ "$Q_L3_ENABLED" == "False" ]; then
-        return 0
-    fi
-    return 1
-}
-
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/lib/neutron b/lib/neutron
new file mode 120000
index 0000000000..00cd72273e
--- /dev/null
+++ b/lib/neutron
@@ -0,0 +1 @@
+neutron-legacy
\ No newline at end of file
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
new file mode 100755
index 0000000000..5ff39212fc
--- /dev/null
+++ b/lib/neutron-legacy
@@ -0,0 +1,1467 @@
+#!/bin/bash
+#
+# lib/neutron
+# functions - functions specific to neutron
+
+# Dependencies:
+# ``functions`` file
+# ``DEST`` must be defined
+# ``STACK_USER`` must be defined
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - install_neutron_agent_packages
+# - install_neutronclient
+# - install_neutron
+# - install_neutron_third_party
+# - configure_neutron
+# - init_neutron
+# - configure_neutron_third_party
+# - init_neutron_third_party
+# - start_neutron_third_party
+# - create_nova_conf_neutron
+# - start_neutron_service_and_check
+# - check_neutron_third_party_integration
+# - start_neutron_agents
+# - create_neutron_initial_network
+# - setup_neutron_debug
+#
+# ``unstack.sh`` calls the entry points in this order:
+#
+# - teardown_neutron_debug
+# - stop_neutron
+# - stop_neutron_third_party
+# - cleanup_neutron
+
+# Functions in lib/neutron are classified into the following categories:
+#
+# - entry points (called from stack.sh or unstack.sh)
+# - internal functions
+# - neutron exercises
+# - 3rd party programs
+
+
+# Neutron Networking
+# ------------------
+
+# Make sure that neutron is enabled in ``ENABLED_SERVICES``.  If you want
+# to run Neutron on this host, make sure that q-svc is also in
+# ``ENABLED_SERVICES``.
+#
+# See "Neutron Network Configuration" below for additional variables
+# that must be set in localrc for connectivity across hosts with
+# Neutron.
+#
+# With Neutron networking the NETWORK_MANAGER variable is ignored.
+
+# Settings
+# --------
+
+# Timeout value in seconds to wait for IPv6 gateway configuration
+GATEWAY_TIMEOUT=30
+
+
+# Neutron Network Configuration
+# -----------------------------
+
+# Subnet IP version
+IP_VERSION=${IP_VERSION:-4}
+# Validate IP_VERSION
+if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
+    die $LINENO "IP_VERSION must be either 4, 6, or 4+6"
+fi
+# Gateway and subnet defaults, in case they are not customized in localrc
+NETWORK_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
+PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
+PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"}
+PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"}
+
+if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
+    Q_PROTOCOL="https"
+fi
+
+# Generate 40-bit IPv6 Global ID to comply with RFC 4193
+IPV6_GLOBAL_ID=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
+
+# IPv6 gateway and subnet defaults, in case they are not customized in localrc
+IPV6_RA_MODE=${IPV6_RA_MODE:-slaac}
+IPV6_ADDRESS_MODE=${IPV6_ADDRESS_MODE:-slaac}
+IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
+IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
+FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
+IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-fd$IPV6_GLOBAL_ID::1}
+IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-fe80:cafe:cafe::/64}
+IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-fe80:cafe:cafe::2}
+# IPV6_ROUTER_GW_IP must be defined when IP_VERSION=4+6 as it cannot be
+# obtained conventionally until the l3-agent has support for dual-stack
+# TODO (john-davidge) Remove once l3-agent supports dual-stack
+IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
+
+# Set up default directories
+GITDIR["python-neutronclient"]=$DEST/python-neutronclient
+
+
+NEUTRON_DIR=$DEST/neutron
+NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
+NEUTRON_LBAAS_DIR=$DEST/neutron-lbaas
+NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
+NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
+
+# Support entry points installation of console scripts
+if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
+    NEUTRON_BIN_DIR=$NEUTRON_DIR/bin
+else
+    NEUTRON_BIN_DIR=$(get_python_exec_prefix)
+fi
+
+NEUTRON_CONF_DIR=/etc/neutron
+NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
+export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
+
+# Agent binaries.  Note, binary paths for other agents are set in per-service
+# scripts in lib/neutron_plugins/services/
+AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent"
+AGENT_L3_BINARY=${AGENT_L3_BINARY:-"$NEUTRON_BIN_DIR/neutron-l3-agent"}
+AGENT_META_BINARY="$NEUTRON_BIN_DIR/neutron-metadata-agent"
+
+# Agent config files. Note, plugin-specific Q_PLUGIN_CONF_FILE is set and
+# loaded from per-plugin  scripts in lib/neutron_plugins/
+Q_DHCP_CONF_FILE=$NEUTRON_CONF_DIR/dhcp_agent.ini
+Q_L3_CONF_FILE=$NEUTRON_CONF_DIR/l3_agent.ini
+Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini
+Q_VPN_CONF_FILE=$NEUTRON_CONF_DIR/vpn_agent.ini
+Q_META_CONF_FILE=$NEUTRON_CONF_DIR/metadata_agent.ini
+
+# Default name for Neutron database
+Q_DB_NAME=${Q_DB_NAME:-neutron}
+# Default Neutron Plugin
+Q_PLUGIN=${Q_PLUGIN:-ml2}
+# Default Neutron Port
+Q_PORT=${Q_PORT:-9696}
+# Default Neutron Internal Port when using TLS proxy
+Q_PORT_INT=${Q_PORT_INT:-19696}
+# Default Neutron Host
+Q_HOST=${Q_HOST:-$SERVICE_HOST}
+# Default protocol
+Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}
+# Default admin username
+Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
+# Default auth strategy
+Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
+# Use namespace or not
+Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
+# RHEL's support for namespaces requires using veths with ovs
+Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}
+Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
+Q_USE_ROOTWRAP_DAEMON=$(trueorfalse True Q_USE_ROOTWRAP_DAEMON)
+# Meta data IP
+Q_META_DATA_IP=${Q_META_DATA_IP:-$SERVICE_HOST}
+# Allow Overlapping IP among subnets
+Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
+# Use neutron-debug command
+Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
+# The name of the default q-l3 router
+Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
+# nova vif driver that all plugins should use
+NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
+Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
+Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
+VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
+VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
+# Specify if the initial private and external networks should be created
+NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
+
+## Provider Network Information
+PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
+
+# Use flat providernet for public network
+#
+# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network
+# for external interface of neutron l3-agent.  In that case,
+# PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value
+# used for the network.  In case of ofagent, you should add the
+# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS.
+# For openvswitch agent, you should add the corresponding entry to
+# your OVS_BRIDGE_MAPPINGS.
+#
+# eg.  (ofagent)
+#    Q_USE_PROVIDERNET_FOR_PUBLIC=True
+#    Q_USE_PUBLIC_VETH=True
+#    PUBLIC_PHYSICAL_NETWORK=public
+#    OFAGENT_PHYSICAL_INTERFACE_MAPPINGS=public:veth-pub-int
+#
+# eg.  (openvswitch agent)
+#    Q_USE_PROVIDERNET_FOR_PUBLIC=True
+#    PUBLIC_PHYSICAL_NETWORK=public
+#    OVS_BRIDGE_MAPPINGS=public:br-ex
+Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-False}
+PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public}
+
+# If Q_USE_PUBLIC_VETH=True, create and use a veth pair instead of
+# PUBLIC_BRIDGE.  This is intended to be used with
+# Q_USE_PROVIDERNET_FOR_PUBLIC=True.
+Q_USE_PUBLIC_VETH=${Q_USE_PUBLIC_VETH:-False}
+Q_PUBLIC_VETH_EX=${Q_PUBLIC_VETH_EX:-veth-pub-ex}
+Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int}
+
+# The next two variables are configured by plugin
+# e.g.  _configure_neutron_l3_agent or lib/neutron_plugins/*
+#
+# The plugin supports L3.
+Q_L3_ENABLED=${Q_L3_ENABLED:-False}
+# L3 routers exist per tenant
+Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-False}
+
+# List of config file names in addition to the main plugin config file
+# See _configure_neutron_common() for details about setting it up
+declare -a Q_PLUGIN_EXTRA_CONF_FILES
+
+# List of (optional) config files for VPN device drivers to use with
+# the neutron-q-vpn agent
+declare -a Q_VPN_EXTRA_CONF_FILES
+
+
+Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
+if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
+    Q_RR_COMMAND="sudo"
+else
+    NEUTRON_ROOTWRAP=$(get_rootwrap_location neutron)
+    Q_RR_COMMAND="sudo $NEUTRON_ROOTWRAP $Q_RR_CONF_FILE"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        Q_RR_DAEMON_COMMAND="sudo $NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
+    fi
+fi
+
+
+# Distributed Virtual Router (DVR) configuration
+# Can be:
+# - ``legacy``   - No DVR functionality
+# - ``dvr_snat`` - Controller or single node DVR
+# - ``dvr``      - Compute node in multi-node DVR
+#
+Q_DVR_MODE=${Q_DVR_MODE:-legacy}
+if [[ "$Q_DVR_MODE" != "legacy" ]]; then
+    Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population
+fi
+
+# Provider Network Configurations
+# --------------------------------
+
+# The following variables control the Neutron ML2 plugins' allocation
+# of tenant networks and availability of provider networks. If these
+# are not configured in ``localrc``, tenant networks will be local to
+# the host (with no remote connectivity), and no physical resources
+# will be available for the allocation of provider networks.
+
+# To disable tunnels (GRE or VXLAN) for tenant networks,
+# set to False in ``local.conf``.
+# GRE tunnels are only supported by the openvswitch.
+ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True}
+
+# If using GRE tunnels for tenant networks, specify the range of
+# tunnel IDs from which tenant networks are allocated. Can be
+# overriden in ``localrc`` in necesssary.
+TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
+
+# To use VLANs for tenant networks, set to True in localrc. VLANs
+# are supported by the ML2 plugins, requiring additional configuration
+# described below.
+ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False}
+
+# If using VLANs for tenant networks, set in ``localrc`` to specify
+# the range of VLAN VIDs from which tenant networks are
+# allocated. An external network switch must be configured to
+# trunk these VLANs between hosts for multi-host connectivity.
+#
+# Example: ``TENANT_VLAN_RANGE=1000:1999``
+TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-}
+
+# If using VLANs for tenant networks, or if using flat or VLAN
+# provider networks, set in ``localrc`` to the name of the physical
+# network, and also configure ``OVS_PHYSICAL_BRIDGE`` for the
+# openvswitch agent or ``LB_PHYSICAL_INTERFACE`` for the linuxbridge
+# agent, as described below.
+#
+# Example: ``PHYSICAL_NETWORK=default``
+PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-}
+
+# With the openvswitch agent, if using VLANs for tenant networks,
+# or if using flat or VLAN provider networks, set in ``localrc`` to
+# the name of the OVS bridge to use for the physical network. The
+# bridge will be created if it does not already exist, but a
+# physical interface must be manually added to the bridge as a
+# port for external connectivity.
+#
+# Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
+OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-}
+
+# With the linuxbridge agent, if using VLANs for tenant networks,
+# or if using flat or VLAN provider networks, set in ``localrc`` to
+# the name of the network interface to use for the physical
+# network.
+#
+# Example: ``LB_PHYSICAL_INTERFACE=eth1``
+LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}
+
+# When Neutron tunnels are enabled it is needed to specify the
+# IP address of the end point in the local server. This IP is set
+# by default to the same IP address that the HOST IP.
+# This variable can be used to specify a different end point IP address
+# Example: ``TUNNEL_ENDPOINT_IP=1.1.1.1``
+TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-$HOST_IP}
+
+# With the openvswitch plugin, set to True in ``localrc`` to enable
+# provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False.
+#
+# Example: ``OVS_ENABLE_TUNNELING=True``
+OVS_ENABLE_TUNNELING=${OVS_ENABLE_TUNNELING:-$ENABLE_TENANT_TUNNELS}
+
+# Use DHCP agent for providing metadata service in the case of
+# without L3 agent (No Route Agent), set to True in localrc.
+ENABLE_ISOLATED_METADATA=${ENABLE_ISOLATED_METADATA:-False}
+
+# Add a static route as dhcp option, so the request to 169.254.169.254
+# will be able to reach through a route(DHCP agent)
+# This option require ENABLE_ISOLATED_METADATA = True
+ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
+# Neutron plugin specific functions
+# ---------------------------------
+
+# Please refer to ``lib/neutron_plugins/README.md`` for details.
+source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
+
+# Agent loadbalancer service plugin functions
+# -------------------------------------------
+
+# Hardcoding for 1 service plugin for now
+source $TOP_DIR/lib/neutron_plugins/services/loadbalancer
+
+# Agent metering service plugin functions
+# -------------------------------------------
+
+# Hardcoding for 1 service plugin for now
+source $TOP_DIR/lib/neutron_plugins/services/metering
+
+# VPN service plugin functions
+# -------------------------------------------
+# Hardcoding for 1 service plugin for now
+source $TOP_DIR/lib/neutron_plugins/services/vpn
+
+# Firewall Service Plugin functions
+# ---------------------------------
+source $TOP_DIR/lib/neutron_plugins/services/firewall
+
+# Use security group or not
+if has_neutron_plugin_security_group; then
+    Q_USE_SECGROUP=${Q_USE_SECGROUP:-True}
+else
+    Q_USE_SECGROUP=False
+fi
+
+# Tell Tempest this project is present
+TEMPEST_SERVICES+=,neutron
+
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Functions
+# ---------
+
+function _determine_config_server {
+    local cfg_file
+    local opts="--config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
+    for cfg_file in ${Q_PLUGIN_EXTRA_CONF_FILES[@]}; do
+        opts+=" --config-file /$cfg_file"
+    done
+    echo "$opts"
+}
+
+function _determine_config_vpn {
+    local cfg_file
+    local opts="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE --config-file=$Q_VPN_CONF_FILE"
+    if is_service_enabled q-fwaas; then
+        opts+=" --config-file $Q_FWAAS_CONF_FILE"
+    fi
+    for cfg_file in ${Q_VPN_EXTRA_CONF_FILES[@]}; do
+        opts+=" --config-file $cfg_file"
+    done
+    echo "$opts"
+
+}
+
+function _determine_config_l3 {
+    local opts="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE"
+    if is_service_enabled q-fwaas; then
+        opts+=" --config-file $Q_FWAAS_CONF_FILE"
+    fi
+    echo "$opts"
+}
+
+# For services and agents that require it, dynamically construct a list of
+# --config-file arguments that are passed to the binary.
+function determine_config_files {
+    local opts=""
+    case "$1" in
+        "neutron-server") opts="$(_determine_config_server)" ;;
+        "neutron-vpn-agent") opts="$(_determine_config_vpn)" ;;
+        "neutron-l3-agent") opts="$(_determine_config_l3)" ;;
+    esac
+    if [ -z "$opts" ] ; then
+        die $LINENO "Could not determine config files for $1."
+    fi
+    echo "$opts"
+}
+
+# Test if any Neutron services are enabled
+# is_neutron_enabled
+function is_neutron_enabled {
+    [[ ,${ENABLED_SERVICES} =~ ,"q-" ]] && return 0
+    return 1
+}
+
+# configure_neutron()
+# Set common config for all neutron server and agents.
+function configure_neutron {
+    _configure_neutron_common
+    iniset_rpc_backend neutron $NEUTRON_CONF
+
+    # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
+    if is_service_enabled q-lbaas; then
+        _configure_neutron_lbaas
+    fi
+    if is_service_enabled q-metering; then
+        _configure_neutron_metering
+    fi
+    if is_service_enabled q-vpn; then
+        _configure_neutron_vpn
+    fi
+    if is_service_enabled q-fwaas; then
+        _configure_neutron_fwaas
+    fi
+    if is_service_enabled q-agt q-svc; then
+        _configure_neutron_service
+    fi
+    if is_service_enabled q-agt; then
+        _configure_neutron_plugin_agent
+    fi
+    if is_service_enabled q-dhcp; then
+        _configure_neutron_dhcp_agent
+    fi
+    if is_service_enabled q-l3; then
+        _configure_neutron_l3_agent
+    fi
+    if is_service_enabled q-meta; then
+        _configure_neutron_metadata_agent
+    fi
+
+    if [[ "$Q_DVR_MODE" != "legacy" ]]; then
+        _configure_dvr
+    fi
+    if is_service_enabled ceilometer; then
+        _configure_neutron_ceilometer_notifications
+    fi
+
+    _configure_neutron_debug_command
+}
+
+function create_nova_conf_neutron {
+    iniset $NOVA_CONF DEFAULT network_api_class "nova.network.neutronv2.api.API"
+    iniset $NOVA_CONF neutron admin_username "$Q_ADMIN_USERNAME"
+    iniset $NOVA_CONF neutron admin_password "$SERVICE_PASSWORD"
+    iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
+    iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
+    iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
+    iniset $NOVA_CONF neutron region_name "$REGION_NAME"
+    iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT"
+
+    if [[ "$Q_USE_SECGROUP" == "True" ]]; then
+        LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
+        iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
+        iniset $NOVA_CONF DEFAULT security_group_api neutron
+    fi
+
+    # set NOVA_VIF_DRIVER and optionally set options in nova_conf
+    neutron_plugin_create_nova_conf
+
+    iniset $NOVA_CONF libvirt vif_driver "$NOVA_VIF_DRIVER"
+    iniset $NOVA_CONF DEFAULT linuxnet_interface_driver "$LINUXNET_VIF_DRIVER"
+    if is_service_enabled q-meta; then
+        iniset $NOVA_CONF neutron service_metadata_proxy "True"
+    fi
+
+    iniset $NOVA_CONF DEFAULT vif_plugging_is_fatal "$VIF_PLUGGING_IS_FATAL"
+    iniset $NOVA_CONF DEFAULT vif_plugging_timeout "$VIF_PLUGGING_TIMEOUT"
+}
+
+# create_neutron_cache_dir() - Part of the _neutron_setup_keystone() process
+function create_neutron_cache_dir {
+    # Create cache dir
+    sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
+    rm -f $NEUTRON_AUTH_CACHE_DIR/*
+}
+
+# create_neutron_accounts() - Set up common required neutron accounts
+
+# Tenant               User       Roles
+# ------------------------------------------------------------------
+# service              neutron    admin        # if enabled
+
+# Migrated from keystone_data.sh
+function create_neutron_accounts {
+    if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
+
+        create_service_user "neutron"
+
+        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+
+            local neutron_service=$(get_or_create_service "neutron" \
+                "network" "Neutron Service")
+            get_or_create_endpoint $neutron_service \
+                "$REGION_NAME" \
+                "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
+                "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
+                "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/"
+        fi
+    fi
+}
+
+function create_neutron_initial_network {
+    TENANT_ID=$(openstack project list | grep " demo " | get_field 1)
+    die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for demo"
+
+    # Allow drivers that need to create an initial network to do so here
+    if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
+        neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
+    fi
+
+    if is_provider_network; then
+        die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
+        die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
+        NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
+        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
+
+        if [[ "$IP_VERSION" =~ 4.* ]]; then
+            SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+            die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $TENANT_ID"
+        fi
+
+        if [[ "$IP_VERSION" =~ .*6 ]]; then
+            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+            die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $PROVIDER_SUBNET_NAME_V6 $TENANT_ID"
+        fi
+
+        sudo ip link set $OVS_PHYSICAL_BRIDGE up
+        sudo ip link set br-int up
+        sudo ip link set $PUBLIC_INTERFACE up
+    else
+        NET_ID=$(neutron net-create --tenant-id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
+        die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $TENANT_ID"
+
+        if [[ "$IP_VERSION" =~ 4.* ]]; then
+            # Create IPv4 private subnet
+            SUBNET_ID=$(_neutron_create_private_subnet_v4)
+        fi
+
+        if [[ "$IP_VERSION" =~ .*6 ]]; then
+            # Create IPv6 private subnet
+            IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6)
+        fi
+    fi
+
+    if [[ "$Q_L3_ENABLED" == "True" ]]; then
+        # Create a router, and add the private subnet as one of its interfaces
+        if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
+            # create a tenant-owned router.
+            ROUTER_ID=$(neutron router-create --tenant-id $TENANT_ID $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+            die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $TENANT_ID $Q_ROUTER_NAME"
+        else
+            # Plugin only supports creating a single router, which should be admin owned.
+            ROUTER_ID=$(neutron router-create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+            die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
+        fi
+
+        # Create an external network, and a subnet. Configure the external network as router gw
+        if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
+            EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True --provider:network_type=flat --provider:physical_network=${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
+        else
+            EXT_NET_ID=$(neutron net-create "$PUBLIC_NETWORK_NAME" -- --router:external=True | grep ' id ' | get_field 2)
+        fi
+        die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
+
+        if [[ "$IP_VERSION" =~ 4.* ]]; then
+            # Configure router for IPv4 public access
+            _neutron_configure_router_v4
+        fi
+
+        if [[ "$IP_VERSION" =~ .*6 ]]; then
+            # Configure router for IPv6 public access
+            _neutron_configure_router_v6
+        fi
+    fi
+}
+
+# init_neutron() - Initialize databases, etc.
+function init_neutron {
+    recreate_database $Q_DB_NAME
+    # Run Neutron db migrations
+    $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+    for svc in fwaas lbaas vpnaas; do
+        if [ "$svc" = "vpnaas" ]; then
+            q_svc="q-vpn"
+        else
+            q_svc="q-$svc"
+        fi
+        if is_service_enabled $q_svc; then
+            $NEUTRON_BIN_DIR/neutron-db-manage --service $svc --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+        fi
+    done
+}
+
+# install_neutron() - Collect source and prepare
+function install_neutron {
+    git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
+    setup_develop $NEUTRON_DIR
+    if is_service_enabled q-fwaas; then
+        git_clone $NEUTRON_FWAAS_REPO $NEUTRON_FWAAS_DIR $NEUTRON_FWAAS_BRANCH
+        setup_develop $NEUTRON_FWAAS_DIR
+    fi
+    if is_service_enabled q-lbaas; then
+        git_clone $NEUTRON_LBAAS_REPO $NEUTRON_LBAAS_DIR $NEUTRON_LBAAS_BRANCH
+        setup_develop $NEUTRON_LBAAS_DIR
+    fi
+    if is_service_enabled q-vpn; then
+        git_clone $NEUTRON_VPNAAS_REPO $NEUTRON_VPNAAS_DIR $NEUTRON_VPNAAS_BRANCH
+        setup_develop $NEUTRON_VPNAAS_DIR
+    fi
+
+    if [ "$VIRT_DRIVER" == 'xenserver' ]; then
+        local dom0_ip
+        dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)
+
+        local ssh_dom0
+        ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
+
+        # Find where the plugins should go in dom0
+        local xen_functions
+        xen_functions=$(cat $TOP_DIR/tools/xen/functions)
+        local plugin_dir
+        plugin_dir=$($ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location")
+
+        # install neutron plugins to dom0
+        tar -czf - -C $NEUTRON_DIR/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
+            $ssh_dom0 "tar -xzf - -C $plugin_dir && chmod a+x $plugin_dir/*"
+    fi
+}
+
+# install_neutronclient() - Collect source and prepare
+function install_neutronclient {
+    if use_library_from_git "python-neutronclient"; then
+        git_clone_by_name "python-neutronclient"
+        setup_dev_lib "python-neutronclient"
+        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-neutronclient"]}/tools/,/etc/bash_completion.d/}neutron.bash_completion
+    fi
+}
+
+# install_neutron_agent_packages() - Collect source and prepare
+function install_neutron_agent_packages {
+    # radvd doesn't come with the OS. Install it if the l3 service is enabled.
+    if is_service_enabled q-l3; then
+        install_package radvd
+    fi
+    # install packages that are specific to plugin agent(s)
+    if is_service_enabled q-agt q-dhcp q-l3; then
+        neutron_plugin_install_agent_packages
+    fi
+
+    if is_service_enabled q-lbaas; then
+        neutron_agent_lbaas_install_agent_packages
+    fi
+}
+
+# Start running processes, including screen
+function start_neutron_service_and_check {
+    local cfg_file_options="$(determine_config_files neutron-server)"
+    local service_port=$Q_PORT
+    local service_protocol=$Q_PROTOCOL
+    if is_service_enabled tls-proxy; then
+        service_port=$Q_PORT_INT
+        service_protocol="http"
+    fi
+    # Start the Neutron service
+    run_process q-svc "python $NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
+    echo "Waiting for Neutron to start..."
+    if is_ssl_enabled_service "neutron"; then
+        ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
+    fi
+    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port; do sleep 1; done"; then
+        die $LINENO "Neutron did not start"
+    fi
+    # Start proxy if enabled
+    if is_service_enabled tls-proxy; then
+        start_tls_proxy '*' $Q_PORT $Q_HOST $Q_PORT_INT &
+    fi
+}
+
+# Start running processes, including screen
+function start_neutron_agents {
+    # Start up the neutron agents if enabled
+    run_process q-agt "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
+    run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
+
+    if is_provider_network; then
+        sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
+        sudo ip link set $OVS_PHYSICAL_BRIDGE up
+        sudo ip link set br-int up
+        sudo ip link set $PUBLIC_INTERFACE up
+        if is_ironic_hardware; then
+            for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
+                sudo ip addr del $IP dev $PUBLIC_INTERFACE
+                sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
+            done
+            sudo route add -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+        fi
+    fi
+
+    if is_service_enabled q-vpn; then
+        run_process q-vpn "$AGENT_VPN_BINARY $(determine_config_files neutron-vpn-agent)"
+    else
+        run_process q-l3 "python $AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"
+    fi
+
+    run_process q-meta "python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
+
+    if [ "$VIRT_DRIVER" = 'xenserver' ]; then
+        # For XenServer, start an agent for the domU openvswitch
+        run_process q-domua "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
+    fi
+
+    if is_service_enabled q-lbaas; then
+        run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
+    fi
+
+    if is_service_enabled q-metering; then
+        run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
+    fi
+}
+
+# stop_neutron() - Stop running processes (non-screen)
+function stop_neutron {
+    if is_service_enabled q-dhcp; then
+        stop_process q-dhcp
+        pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
+        [ ! -z "$pid" ] && sudo kill -9 $pid
+    fi
+
+    stop_process q-svc
+    stop_process q-l3
+
+    if is_service_enabled q-meta; then
+        sudo pkill -9 -f neutron-ns-metadata-proxy || :
+        stop_process q-meta
+    fi
+
+    stop_process q-agt
+
+    if is_service_enabled q-lbaas; then
+        neutron_lbaas_stop
+    fi
+    if is_service_enabled q-fwaas; then
+        neutron_fwaas_stop
+    fi
+    if is_service_enabled q-vpn; then
+        neutron_vpn_stop
+    fi
+    if is_service_enabled q-metering; then
+        neutron_metering_stop
+    fi
+}
+
+# cleanup_neutron() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_neutron {
+    if is_provider_network && is_ironic_hardware; then
+        for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
+            sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
+            sudo ip addr add $IP dev $PUBLIC_INTERFACE
+        done
+        sudo route del -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+    fi
+
+    if is_neutron_ovs_base_plugin; then
+        neutron_ovs_base_cleanup
+    fi
+
+    # delete all namespaces created by neutron
+    for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
+        sudo ip netns delete ${ns}
+    done
+}
+
+
+function _create_neutron_conf_dir {
+    # Put config files in ``NEUTRON_CONF_DIR`` for everyone to find
+    sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
+}
+
+# _configure_neutron_common()
+# Set common config for all neutron server and agents.
+# This MUST be called before other ``_configure_neutron_*`` functions.
+function _configure_neutron_common {
+    _create_neutron_conf_dir
+
+    cp $NEUTRON_DIR/etc/neutron.conf $NEUTRON_CONF
+
+    # Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
+    # For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
+    # For addition plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH``,
+    # ``Q_PLUGIN_EXTRA_CONF_FILES``.  For example:
+    #
+    #    ``Q_PLUGIN_EXTRA_CONF_FILES=(file1, file2)``
+    neutron_plugin_configure_common
+
+    if [[ "$Q_PLUGIN_CONF_PATH" == '' || "$Q_PLUGIN_CONF_FILENAME" == '' || "$Q_PLUGIN_CLASS" == '' ]]; then
+        die $LINENO "Neutron plugin not set.. exiting"
+    fi
+
+    # If needed, move config file from ``$NEUTRON_DIR/etc/neutron`` to ``NEUTRON_CONF_DIR``
+    mkdir -p /$Q_PLUGIN_CONF_PATH
+    Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
+    cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
+
+    iniset $NEUTRON_CONF database connection `database_connection_url $Q_DB_NAME`
+    iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron
+    iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
+    # If addition config files are set, make sure their path name is set as well
+    if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
+        die $LINENO "Neutron additional plugin config not set.. exiting"
+    fi
+
+    # If additional config files exist, copy them over to neutron configuration
+    # directory
+    if [[ $Q_PLUGIN_EXTRA_CONF_PATH != '' ]]; then
+        local f
+        for (( f=0; $f < ${#Q_PLUGIN_EXTRA_CONF_FILES[@]}; f+=1 )); do
+            Q_PLUGIN_EXTRA_CONF_FILES[$f]=$Q_PLUGIN_EXTRA_CONF_PATH/${Q_PLUGIN_EXTRA_CONF_FILES[$f]}
+        done
+    fi
+
+    if [ "$VIRT_DRIVER" = 'fake' ]; then
+        # Disable arbitrary limits
+        iniset $NEUTRON_CONF quotas quota_network -1
+        iniset $NEUTRON_CONF quotas quota_subnet -1
+        iniset $NEUTRON_CONF quotas quota_port -1
+        iniset $NEUTRON_CONF quotas quota_security_group -1
+        iniset $NEUTRON_CONF quotas quota_security_group_rule -1
+    fi
+
+    # Format logging
+    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+        setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
+    else
+        # Show user_name and project_name by default like in nova
+        iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
+    fi
+
+    if is_service_enabled tls-proxy; then
+        # Set the service port for a proxy to take the original
+        iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
+    fi
+
+    if is_ssl_enabled_service "nova"; then
+        iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
+    fi
+
+    if is_ssl_enabled_service "neutron"; then
+        ensure_certificates NEUTRON
+
+        iniset $NEUTRON_CONF DEFAULT use_ssl True
+        iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT"
+        iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY"
+    fi
+
+    _neutron_setup_rootwrap
+}
+
+function _configure_neutron_debug_command {
+    if [[ "$Q_USE_DEBUG_COMMAND" != "True" ]]; then
+        return
+    fi
+
+    cp $NEUTRON_DIR/etc/l3_agent.ini $NEUTRON_TEST_CONFIG_FILE
+
+    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
+    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
+    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
+    iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
+
+    _neutron_setup_interface_driver $NEUTRON_TEST_CONFIG_FILE
+
+    neutron_plugin_configure_debug_command
+}
+
+function _configure_neutron_dhcp_agent {
+
+    cp $NEUTRON_DIR/etc/dhcp_agent.ini $Q_DHCP_CONF_FILE
+
+    iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
+    iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
+    iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
+
+    if ! is_service_enabled q-l3; then
+        if [[ "$ENABLE_ISOLATED_METADATA" = "True" ]]; then
+            iniset $Q_DHCP_CONF_FILE DEFAULT enable_isolated_metadata $ENABLE_ISOLATED_METADATA
+            iniset $Q_DHCP_CONF_FILE DEFAULT enable_metadata_network $ENABLE_METADATA_NETWORK
+        else
+            if [[ "$ENABLE_METADATA_NETWORK" = "True" ]]; then
+                die "$LINENO" "Enable isolated metadata is a must for metadata network"
+            fi
+        fi
+    fi
+
+    _neutron_setup_interface_driver $Q_DHCP_CONF_FILE
+
+    neutron_plugin_configure_dhcp_agent
+}
+
+function _configure_neutron_l3_agent {
+    local cfg_file
+    Q_L3_ENABLED=True
+    # for l3-agent, only use per tenant router if we have namespaces
+    Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE
+
+    if is_service_enabled q-vpn; then
+        neutron_vpn_configure_agent
+    fi
+
+    cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
+
+    iniset $Q_L3_CONF_FILE DEFAULT verbose True
+    iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
+    iniset $Q_L3_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $Q_L3_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
+
+    _neutron_setup_interface_driver $Q_L3_CONF_FILE
+
+    neutron_plugin_configure_l3_agent
+}
+
+function _configure_neutron_metadata_agent {
+    cp $NEUTRON_DIR/etc/metadata_agent.ini $Q_META_CONF_FILE
+
+    iniset $Q_META_CONF_FILE DEFAULT verbose True
+    iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
+    iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $Q_META_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
+
+    # Configures keystone for metadata_agent
+    # The third argument "True" sets auth_url needed to communicate with keystone
+    _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True
+
+}
+
+function _configure_neutron_ceilometer_notifications {
+    iniset $NEUTRON_CONF DEFAULT notification_driver messaging
+}
+
+function _configure_neutron_lbaas {
+    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then
+        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR
+    fi
+    neutron_agent_lbaas_configure_common
+    neutron_agent_lbaas_configure_agent
+}
+
+function _configure_neutron_metering {
+    neutron_agent_metering_configure_common
+    neutron_agent_metering_configure_agent
+}
+
+function _configure_neutron_fwaas {
+    if [ -f $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf ]; then
+        cp $NEUTRON_FWAAS_DIR/etc/neutron_fwaas.conf $NEUTRON_CONF_DIR
+    fi
+    neutron_fwaas_configure_common
+    neutron_fwaas_configure_driver
+}
+
+function _configure_neutron_vpn {
+    if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf ]; then
+        cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_CONF_DIR
+    fi
+    neutron_vpn_install_agent_packages
+    neutron_vpn_configure_common
+}
+
+function _configure_dvr {
+    iniset $NEUTRON_CONF DEFAULT router_distributed True
+    iniset $Q_L3_CONF_FILE DEFAULT agent_mode $Q_DVR_MODE
+}
+
+
+# _configure_neutron_plugin_agent() - Set config files for neutron plugin agent
+# It is called when q-agt is enabled.
+function _configure_neutron_plugin_agent {
+    # Specify the default root helper prior to agent configuration to
+    # ensure that an agent's configuration can override the default
+    iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset /$Q_PLUGIN_CONF_FILE  agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
+    iniset $NEUTRON_CONF DEFAULT verbose True
+    iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+
+    # Configure agent for plugin
+    neutron_plugin_configure_plugin_agent
+}
+
+# _configure_neutron_service() - Set config files for neutron service
+# It is called when q-svc is enabled.
+function _configure_neutron_service {
+    Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
+    Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
+
+    cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
+    cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
+
+    # allow neutron user to administer neutron to match neutron account
+    sed -i 's/"context_is_admin":  "role:admin"/"context_is_admin":  "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
+
+    # Update either configuration file with plugin
+    iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
+
+    if [[ $Q_SERVICE_PLUGIN_CLASSES != '' ]]; then
+        iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
+    fi
+
+    iniset $NEUTRON_CONF DEFAULT verbose True
+    iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $NEUTRON_CONF DEFAULT policy_file $Q_POLICY_FILE
+    iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
+
+    iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
+    _neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
+
+    # Configuration for neutron notifations to nova.
+    iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
+    iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
+
+    iniset $NEUTRON_CONF nova auth_plugin password
+    iniset $NEUTRON_CONF nova auth_url $KEYSTONE_AUTH_URI
+    iniset $NEUTRON_CONF nova username nova
+    iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
+    iniset $NEUTRON_CONF nova user_domain_id default
+    iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
+    iniset $NEUTRON_CONF nova project_domain_id default
+    iniset $NEUTRON_CONF nova region_name $REGION_NAME
+
+    # Configure plugin
+    neutron_plugin_configure_service
+}
+
+# Utility Functions
+#------------------
+
+# _neutron_service_plugin_class_add() - add service plugin class
+function _neutron_service_plugin_class_add {
+    local service_plugin_class=$1
+    if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
+        Q_SERVICE_PLUGIN_CLASSES=$service_plugin_class
+    elif [[ ! ,${Q_SERVICE_PLUGIN_CLASSES}, =~ ,${service_plugin_class}, ]]; then
+        Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$service_plugin_class"
+    fi
+}
+
+# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
+function _neutron_deploy_rootwrap_filters {
+    local srcdir=$1
+    sudo install -d -o root -m 755 $Q_CONF_ROOTWRAP_D
+    sudo install -o root -m 644 $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
+}
+
+# _neutron_setup_rootwrap() - configure Neutron's rootwrap
+function _neutron_setup_rootwrap {
+    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
+        return
+    fi
+    # Wipe any existing ``rootwrap.d`` files first
+    Q_CONF_ROOTWRAP_D=$NEUTRON_CONF_DIR/rootwrap.d
+    if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
+        sudo rm -rf $Q_CONF_ROOTWRAP_D
+    fi
+
+    _neutron_deploy_rootwrap_filters $NEUTRON_DIR
+
+    # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d``
+    # location moved in newer versions, prefer new location
+    if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then
+        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE
+    else
+        sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
+    fi
+    sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
+    # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
+    ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
+    ROOTWRAP_DAEMON_SUDOER_CMD="$NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"
+
+    # Set up the rootwrap sudoers for neutron
+    TEMPFILE=`mktemp`
+    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
+    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_DAEMON_SUDOER_CMD" >>$TEMPFILE
+    chmod 0440 $TEMPFILE
+    sudo chown root:root $TEMPFILE
+    sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap
+
+    # Update the root_helper
+    iniset $NEUTRON_CONF agent root_helper "$Q_RR_COMMAND"
+    if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
+        iniset $NEUTRON_CONF agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+    fi
+}
+
+# Configures keystone integration for neutron service and agents
+function _neutron_setup_keystone {
+    local conf_file=$1
+    local section=$2
+    local use_auth_url=$3
+
+    # Configures keystone for metadata_agent
+    # metadata_agent needs auth_url to communicate with keystone
+    if [[ "$use_auth_url" == "True" ]]; then
+        iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
+    fi
+
+    create_neutron_cache_dir
+    configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
+}
+
+function _neutron_setup_interface_driver {
+
+    # ovs_use_veth needs to be set before the plugin configuration
+    # occurs to allow plugins to override the setting.
+    iniset $1 DEFAULT ovs_use_veth $Q_OVS_USE_VETH
+
+    neutron_plugin_setup_interface_driver $1
+}
+
+# Create private IPv4 subnet
+function _neutron_create_private_subnet_v4 {
+    local subnet_params="--tenant-id $TENANT_ID "
+    subnet_params+="--ip_version 4 "
+    subnet_params+="--gateway $NETWORK_GATEWAY "
+    subnet_params+="--name $PRIVATE_SUBNET_NAME "
+    subnet_params+="$NET_ID $FIXED_RANGE"
+    local subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
+    die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $TENANT_ID"
+    echo $subnet_id
+}
+
+# Create private IPv6 subnet
+function _neutron_create_private_subnet_v6 {
+    die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
+    die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
+    local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
+    local subnet_params="--tenant-id $TENANT_ID "
+    subnet_params+="--ip_version 6 "
+    subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
+    subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
+    subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
+    local ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
+    die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $TENANT_ID"
+    echo $ipv6_subnet_id
+}
+
+# Create public IPv4 subnet
+function _neutron_create_public_subnet_v4 {
+    local subnet_params+="--ip_version 4 "
+    subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
+    subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
+    subnet_params+="--name $PUBLIC_SUBNET_NAME "
+    subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
+    subnet_params+="-- --enable_dhcp=False"
+    local id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+    die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
+    echo $id_and_ext_gw_ip
+}
+
+# Create public IPv6 subnet
+function _neutron_create_public_subnet_v6 {
+    local subnet_params="--ip_version 6 "
+    subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
+    subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
+    subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
+    subnet_params+="-- --enable_dhcp=False"
+    local ipv6_id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+    die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
+    echo $ipv6_id_and_ext_gw_ip
+}
+
+# Configure neutron router for IPv4 public access
+function _neutron_configure_router_v4 {
+    neutron router-interface-add $ROUTER_ID $SUBNET_ID
+    # Create a public subnet on the external network
+    local id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
+    local ext_gw_ip=$(echo $id_and_ext_gw_ip  | get_field 2)
+    PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
+    # Configure the external network as the default router gateway
+    neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
+
+    # This logic is specific to using the l3-agent for layer 3
+    if is_service_enabled q-l3; then
+        # Configure and enable public bridge
+        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
+            local cidr_len=${FLOATING_RANGE#*/}
+            sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
+            sudo ip link set $ext_gw_interface up
+            ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
+            die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
+            sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
+        fi
+        _neutron_set_router_id
+    fi
+}
+
+# Configure neutron router for IPv6 public access
+function _neutron_configure_router_v6 {
+    neutron router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
+    # Create a public subnet on the external network
+    local ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
+    local ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
+    local ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
+
+    # If the external network has not already been set as the default router
+    # gateway when configuring an IPv4 public subnet, do so now
+    if [[ "$IP_VERSION" == "6" ]]; then
+        neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
+    fi
+
+    # This logic is specific to using the l3-agent for layer 3
+    if is_service_enabled q-l3; then
+        local ipv6_router_gw_port
+        # Ensure IPv6 forwarding is enabled on the host
+        sudo sysctl -w net.ipv6.conf.all.forwarding=1
+        # Configure and enable public bridge
+        if [[ "$IP_VERSION" = "6" ]]; then
+            # Override global IPV6_ROUTER_GW_IP with the true value from neutron
+            IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
+            die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
+            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
+            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
+        else
+            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
+            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
+        fi
+
+        # The ovs_base_configure_l3_agent function flushes the public
+        # bridge's ip addresses, so turn IPv6 support in the host off
+        # and then on to recover the public bridge's link local address
+        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=1
+        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=0
+        if ! ip -6 addr show dev $PUBLIC_BRIDGE | grep 'scope global'; then
+            # Create an IPv6 ULA address for PUBLIC_BRIDGE if one is not present
+            IPV6_BRIDGE_ULA=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
+            sudo ip -6 addr add fd$IPV6_BRIDGE_ULA::1 dev $PUBLIC_BRIDGE
+        fi
+
+        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
+            local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
+
+            # Define router_ns based on whether DVR is enabled
+            local router_ns=qrouter
+            if [[ "$Q_DVR_MODE" == "dvr_snat" ]]; then
+                router_ns=snat
+            fi
+
+            # Configure interface for public bridge
+            sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
+
+            # Wait until layer 3 agent has configured the gateway port on
+            # the public bridge, then add gateway address to the interface
+            # TODO (john-davidge) Remove once l3-agent supports dual-stack
+            if [[ "$IP_VERSION" == "4+6" ]]; then
+                if ! timeout $GATEWAY_TIMEOUT sh -c "until sudo ip netns exec $router_ns-$ROUTER_ID ip addr show qg-${ipv6_router_gw_port:0:11} | grep $ROUTER_GW_IP; do sleep 1; done"; then
+                    die $LINENO "Timeout retrieving ROUTER_GW_IP"
+                fi
+                # Configure the gateway port with the public IPv6 adress
+                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 addr add $IPV6_ROUTER_GW_IP/$ipv6_cidr_len dev qg-${ipv6_router_gw_port:0:11}
+                # Add a default IPv6 route to the neutron router as the
+                # l3-agent does not add one in the dual-stack case
+                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 route replace default via $ipv6_ext_gw_ip dev qg-${ipv6_router_gw_port:0:11}
+            fi
+            sudo ip -6 route add $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
+        fi
+        _neutron_set_router_id
+    fi
+}
+
+# Explicitly set router id in l3 agent configuration
+function _neutron_set_router_id {
+    if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
+        iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
+    fi
+}
+
+# Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
+function _neutron_get_ext_gw_interface {
+    if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
+        echo $Q_PUBLIC_VETH_EX
+    else
+        # Disable in-band as we are going to use local port
+        # to communicate with VMs
+        sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
+            other_config:disable-in-band=true
+        echo $PUBLIC_BRIDGE
+    fi
+}
+
+# Functions for Neutron Exercises
+#--------------------------------
+
+function delete_probe {
+    local from_net="$1"
+    net_id=`_get_net_id $from_net`
+    probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
+    neutron-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
+}
+
+function setup_neutron_debug {
+    if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
+        public_net_id=`_get_net_id $PUBLIC_NETWORK_NAME`
+        neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $public_net_id
+        private_net_id=`_get_net_id $PRIVATE_NETWORK_NAME`
+        neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-create --device-owner compute $private_net_id
+    fi
+}
+
+function teardown_neutron_debug {
+    delete_probe $PUBLIC_NETWORK_NAME
+    delete_probe $PRIVATE_NETWORK_NAME
+}
+
+function _get_net_id {
+    neutron --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD net-list | grep $1 | awk '{print $2}'
+}
+
+function _get_probe_cmd_prefix {
+    local from_net="$1"
+    net_id=`_get_net_id $from_net`
+    probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
+    echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
+}
+
+function _ping_check_neutron {
+    local from_net=$1
+    local ip=$2
+    local timeout_sec=$3
+    local expected=${4:-"True"}
+    local check_command=""
+    probe_cmd=`_get_probe_cmd_prefix $from_net`
+    if [[ "$expected" = "True" ]]; then
+        check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
+    else
+        check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
+    fi
+    if ! timeout $timeout_sec sh -c "$check_command"; then
+        if [[ "$expected" = "True" ]]; then
+            die $LINENO "[Fail] Couldn't ping server"
+        else
+            die $LINENO "[Fail] Could ping server"
+        fi
+    fi
+}
+
+# ssh check
+function _ssh_check_neutron {
+    local from_net=$1
+    local key_file=$2
+    local ip=$3
+    local user=$4
+    local timeout_sec=$5
+    local probe_cmd = ""
+    probe_cmd=`_get_probe_cmd_prefix $from_net`
+    if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success; do sleep 1; done"; then
+        die $LINENO "server didn't become ssh-able!"
+    fi
+}
+
+# Neutron 3rd party programs
+#---------------------------
+
+# please refer to ``lib/neutron_thirdparty/README.md`` for details
+NEUTRON_THIRD_PARTIES=""
+for f in $TOP_DIR/lib/neutron_thirdparty/*; do
+    third_party=$(basename $f)
+    if is_service_enabled $third_party; then
+        source $TOP_DIR/lib/neutron_thirdparty/$third_party
+        NEUTRON_THIRD_PARTIES="$NEUTRON_THIRD_PARTIES,$third_party"
+    fi
+done
+
+function _neutron_third_party_do {
+    for third_party in ${NEUTRON_THIRD_PARTIES//,/ }; do
+        ${1}_${third_party}
+    done
+}
+
+# configure_neutron_third_party() - Set config files, create data dirs, etc
+function configure_neutron_third_party {
+    _neutron_third_party_do configure
+}
+
+# init_neutron_third_party() - Initialize databases, etc.
+function init_neutron_third_party {
+    _neutron_third_party_do init
+}
+
+# install_neutron_third_party() - Collect source and prepare
+function install_neutron_third_party {
+    _neutron_third_party_do install
+}
+
+# start_neutron_third_party() - Start running processes, including screen
+function start_neutron_third_party {
+    _neutron_third_party_do start
+}
+
+# stop_neutron_third_party - Stop running processes (non-screen)
+function stop_neutron_third_party {
+    _neutron_third_party_do stop
+}
+
+# check_neutron_third_party_integration() - Check that third party integration is sane
+function check_neutron_third_party_integration {
+    _neutron_third_party_do check
+}
+
+function is_provider_network {
+    if [ "$Q_USE_PROVIDER_NETWORKING" == "True" ] && [ "$Q_L3_ENABLED" == "False" ]; then
+        return 0
+    fi
+    return 1
+}
+
+
+# Restore xtrace
+$XTRACE
+
+# Tell emacs to use shell-script-mode
+## Local variables:
+## mode: shell-script
+## End:
diff --git a/lib/neutron_plugins/README.md b/lib/neutron_plugins/README.md
index 7192a051b4..4b220d3377 100644
--- a/lib/neutron_plugins/README.md
+++ b/lib/neutron_plugins/README.md
@@ -13,7 +13,7 @@ Plugin specific configuration variables should be in this file.
 
 functions
 ---------
-``lib/neutron`` calls the following functions when the ``$Q_PLUGIN`` is enabled
+``lib/neutron-legacy`` calls the following functions when the ``$Q_PLUGIN`` is enabled
 
 * ``neutron_plugin_create_nova_conf`` :
   set ``NOVA_VIF_DRIVER`` and optionally set options in nova_conf
diff --git a/lib/neutron_thirdparty/README.md b/lib/neutron_thirdparty/README.md
index 5655e0bf60..905ae776a8 100644
--- a/lib/neutron_thirdparty/README.md
+++ b/lib/neutron_thirdparty/README.md
@@ -10,7 +10,7 @@ Third party program specific configuration variables should be in this file.
 
 functions
 ---------
-``lib/neutron`` calls the following functions when the ```` is enabled
+``lib/neutron-legacy`` calls the following functions when the ```` is enabled
 
 functions to be implemented
 * ``configure_``:
diff --git a/stack.sh b/stack.sh
index 9d6230332e..9069367fa0 100755
--- a/stack.sh
+++ b/stack.sh
@@ -525,7 +525,7 @@ source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
 
diff --git a/unstack.sh b/unstack.sh
index fdd63fbcd0..a66370b1e9 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -63,7 +63,7 @@ source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
-source $TOP_DIR/lib/neutron
+source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
 

From 93b906d53ee457b3768c755615fc7c2395d26c85 Mon Sep 17 00:00:00 2001
From: Angus Salkeld 
Date: Thu, 26 Mar 2015 12:53:51 +1000
Subject: [PATCH 0541/3421] Always set the Heat deferred auth method

Otherwise in standalone mode we use the new default of "trusts"
which won't work.

Change-Id: If18db711faf7810217af0a89d1e38590a94d8e5b
Closes-bug: 1436631
---
 lib/heat | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/heat b/lib/heat
index c7abd3bb1c..0930776a58 100644
--- a/lib/heat
+++ b/lib/heat
@@ -124,6 +124,8 @@ function configure_heat {
         setup_colorized_logging $HEAT_CONF DEFAULT tenant user
     fi
 
+    iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
+
     # NOTE(jamielennox): heat re-uses specific values from the
     # keystone_authtoken middleware group and so currently fails when using the
     # auth plugin setup. This should be fixed in heat.  Heat is also the only
@@ -269,10 +271,6 @@ function create_heat_accounts {
         get_or_create_role "heat_stack_user"
     fi
 
-    if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
-        iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
-    fi
-
     if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
         # Note we have to pass token/endpoint here because the current endpoint and
         # version negotiation in OSC means just --os-identity-api-version=3 won't work

From d9de1199bd3f79fc7b71e933970c6f14afa8d310 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 26 Mar 2015 09:25:02 +0100
Subject: [PATCH 0542/3421] Print kernel version

Adding `uname -a` to stack.sh to make easy to see from the devstack logs
what was the actually running kernel version.

Change-Id: I0068504bf055a588b155b0a60215440d365bf53e
---
 stack.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/stack.sh b/stack.sh
index 9069367fa0..79f8fa3a7f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -89,6 +89,9 @@ if [[ $EUID -eq 0 ]]; then
     exit 1
 fi
 
+# Print the kernel version
+uname -a
+
 # Prepare the environment
 # -----------------------
 

From 7ced150f8c70e1acaa4b83c25d3c9271cdb512c3 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Mon, 23 Mar 2015 15:51:54 -0400
Subject: [PATCH 0543/3421] Add variable to indicated if Tempest should have
 admin

This commit adds a new flag, TEMPEST_HAS_ADMIN, to enable or disable
setting admin credentials in the tempest config file. This allows for
devstack / tempest configurations where tempest doesn't have admin to
ensure it would work in public cloud scenarios.

Change-Id: Id983417801e4b276334fb9e700f2c8e6ab78f9ba
---
 lib/tempest | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 4ece349159..2ec353bce8 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -175,6 +175,10 @@ function configure_tempest {
 
     password=${ADMIN_PASSWORD:-secrete}
 
+    # Do we want to make a configuration where Tempest has admin on
+    # the cloud. We don't always want to so that we can ensure Tempest
+    # would work on a public cloud.
+    TEMPEST_HAS_ADMIN=$(trueorfalse True TEMPEST_HAS_ADMIN)
     # See files/keystone_data.sh and stack.sh where admin, demo and alt_demo
     # user and tenant are set up...
     ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
@@ -292,11 +296,13 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG identity alt_username $ALT_USERNAME
     iniset $TEMPEST_CONFIG identity alt_password "$password"
     iniset $TEMPEST_CONFIG identity alt_tenant_name $ALT_TENANT_NAME
-    iniset $TEMPEST_CONFIG identity admin_username $ADMIN_USERNAME
-    iniset $TEMPEST_CONFIG identity admin_password "$password"
-    iniset $TEMPEST_CONFIG identity admin_tenant_name $ADMIN_TENANT_NAME
-    iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID
-    iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME
+    if [[ "$TEMPEST_HAS_ADMIN" == "True" ]]; then
+        iniset $TEMPEST_CONFIG identity admin_username $ADMIN_USERNAME
+        iniset $TEMPEST_CONFIG identity admin_password "$password"
+        iniset $TEMPEST_CONFIG identity admin_tenant_name $ADMIN_TENANT_NAME
+        iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID
+        iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME
+    fi
     iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
     if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
         iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
@@ -310,6 +316,9 @@ function configure_tempest {
     fi
 
     # Auth
+    #
+    #
+    TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}
     iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
     iniset $TEMPEST_CONFIG auth tempest_roles "Member"
 

From 1bd79596c3c5f62cbbef92558156401447a9b5d3 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 24 Feb 2015 14:06:56 +0100
Subject: [PATCH 0544/3421] Move back isset to the functions-common

isset function was moved to config file related functions by accident,
this change also simplfies the isset in a bash >=4.2 way.

All supported distro has at least bash 4.2. (RHEL6 used 4.1)

Change-Id: Id644b46ff9cdbe18cde46e96aa72764e1c8653ac
---
 functions-common   |  3 +++
 inc/ini-config     | 10 ----------
 tests/functions.sh | 17 +++++++++++++++++
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/functions-common b/functions-common
index 48e400dfb1..56fa64a990 100644
--- a/functions-common
+++ b/functions-common
@@ -62,6 +62,9 @@ function trueorfalse {
     $xtrace
 }
 
+function isset {
+    [[ -v "$1" ]]
+}
 
 # Control Functions
 # =================
diff --git a/inc/ini-config b/inc/ini-config
index 0d6d169f8b..26401f3917 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -205,16 +205,6 @@ function iniuncomment {
     $xtrace
 }
 
-function isset {
-    nounset=$(set +o | grep nounset)
-    set +o nounset
-    [[ -n "${!1+x}" ]]
-    result=$?
-    $nounset
-    return $result
-}
-
-
 # Restore xtrace
 $INC_CONF_TRACE
 
diff --git a/tests/functions.sh b/tests/functions.sh
index 874d02230d..126080f1e3 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -196,3 +196,20 @@ if is_ubuntu; then
         echo "is_package_installed() on deleted package failed"
     fi
 fi
+
+# test isset function
+echo  "Testing isset()"
+you_should_not_have_this_variable=42
+
+if isset "you_should_not_have_this_variable"; then
+    echo "OK"
+else
+    echo "\"you_should_not_have_this_variable\" not declared. failed"
+fi
+
+unset you_should_not_have_this_variable
+if isset "you_should_not_have_this_variable"; then
+    echo "\"you_should_not_have_this_variable\" looks like declared variable. failed"
+else
+    echo "OK"
+fi

From 0fc946ddc805989adb68c1e836e86b51d1f011cf Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Mon, 23 Mar 2015 16:38:30 -0400
Subject: [PATCH 0545/3421] Remove the compute-admin section from tempest
 config

This commit removes the compute-admin section from the tempest config
file that devstack generates. These options have been removed from
the tempest config and aren't being used, so there is no reason to
keep them around.

Change-Id: I7500fe3b329b913c60fa505a5230db4a5d35d7f1
---
 lib/tempest | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 2ec353bce8..11e9ac4fa1 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -358,11 +358,6 @@ function configure_tempest {
     # TODO(mriedem): Remove the preserve_ports flag when Juno is end of life.
     iniset $TEMPEST_CONFIG compute-feature-enabled preserve_ports True
 
-    # Compute admin
-    iniset $TEMPEST_CONFIG "compute-admin" username $ADMIN_USERNAME
-    iniset $TEMPEST_CONFIG "compute-admin" password "$password"
-    iniset $TEMPEST_CONFIG "compute-admin" tenant_name $ADMIN_TENANT_NAME
-
     # Network
     iniset $TEMPEST_CONFIG network api_version 2.0
     iniset $TEMPEST_CONFIG network tenant_networks_reachable "$tenant_networks_reachable"

From 00e16a9d53905f309655172d8a2b1cbcfc1cbfa5 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 20 Feb 2015 11:45:21 -0500
Subject: [PATCH 0546/3421] Support for single interface Neutron networking
 with OVS

When running Neutron on a single node that only has a single interface,
the following operations are required:

    * Remove the IP address from the physical interface
    * Add the interface to the OVS physical bridge
    * Add the IP address from the physical interface to the OVS bridge
    * Update the routing table

The reverse is done on cleanup.

In order run Neutron on a single interface, the $PUBLIC_INTERFACE and
$OVS_PHYSICAL_BRIDGE variables must be set.

Co-Authored-By: Brian Haley 
Change-Id: I71e2594288bae1a71dc2c8c3fb350b913dbd5e2c
---
 lib/neutron-legacy | 42 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 5ff39212fc..e9a3926b28 100755
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -779,9 +779,41 @@ function stop_neutron {
     fi
 }
 
+# _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
+# on startup, or back to the public interface on cleanup
+function _move_neutron_addresses_route {
+    local from_intf=$1
+    local to_intf=$2
+    local add_ovs_port=$3
+
+    if [[ -n "$from_intf" && -n "$to_intf" ]]; then
+        # Remove the primary IP address from $from_intf and add it to $to_intf,
+        # along with the default route, if it exists.  Also, when called
+        # on configure we will also add $from_intf as a port on $to_intf,
+        # assuming it is an OVS bridge.
+
+        local IP_BRD=$(ip -4 a s dev $from_intf | awk '/inet/ { print $2, $3, $4; exit }')
+        local DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
+        local ADD_OVS_PORT=""
+
+        if [ "$DEFAULT_ROUTE_GW" != "" ]; then
+            ADD_DEFAULT_ROUTE="sudo ip r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
+        fi
+
+        if [[ "$add_ovs_port" == "True" ]]; then
+            ADD_OVS_PORT="sudo ovs-vsctl add-port $to_intf $from_intf"
+        fi
+
+        sudo ip addr del $IP_BRD dev $from_intf; sudo ip addr add $IP_BRD dev $to_intf; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
+    fi
+}
+
 # cleanup_neutron() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_neutron {
+
+    _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False
+
     if is_provider_network && is_ironic_hardware; then
         for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
             sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
@@ -956,6 +988,10 @@ function _configure_neutron_l3_agent {
     _neutron_setup_interface_driver $Q_L3_CONF_FILE
 
     neutron_plugin_configure_l3_agent
+
+    if [[ $(ip -4 a s dev "$PUBLIC_INTERFACE" | grep -c 'inet') != 0 ]]; then
+        _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True
+    fi
 }
 
 function _configure_neutron_metadata_agent {
@@ -1227,8 +1263,10 @@ function _neutron_configure_router_v4 {
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local cidr_len=${FLOATING_RANGE#*/}
-            sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
-            sudo ip link set $ext_gw_interface up
+            if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" ]]; then
+                sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
+                sudo ip link set $ext_gw_interface up
+            fi
             ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
             die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
             sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP

From ebdd9ac5b41da372c0276a507451ea9878be7dda Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Wed, 4 Mar 2015 12:35:14 +0000
Subject: [PATCH 0547/3421] Provide an option to force pip --upgrade

Make it possible for someone to config

  PIP_UPGRADE=True

in local.conf and thus force pip_install calls to upgrade. In
automated testing this is probably a bad idea, but in manual testing
or situations where devstack is being used to spin up proof of
concepts having the option to use the latest and greatest Python
modules is a useful way of exploring the health of the ecosystem.

To help with visibility of the setting, and section has been added
in configuration.rst near other similar settings.

Change-Id: I484c954f1e1f05ed02c0b08e8e4a9c18558c05ef
---
 doc/source/configuration.rst | 15 +++++++++++++++
 inc/python                   | 12 +++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 7d06658ee2..79d911c91d 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -247,6 +247,21 @@ A clean install every time
 
         RECLONE=yes
 
+Upgrade packages installed by pip
+---------------------------------
+
+    | *Default: ``PIP_UPGRADE=""``*
+    |  By default ``stack.sh`` only installs Python packages if no version
+       is currently installed or the current version does not match a specified
+       requirement. If ``PIP_UPGRADE`` is set to ``True`` then existing required
+       Python packages will be upgraded to the most recent version that
+       matches requirements.
+    |
+
+    ::
+
+        PIP_UPGRADE=True
+
 Swift
 -----
 
diff --git a/inc/python b/inc/python
index 2d76081a52..d00eb0cd1f 100644
--- a/inc/python
+++ b/inc/python
@@ -54,17 +54,23 @@ function get_python_exec_prefix {
 
 # Wrapper for ``pip install`` to set cache and proxy environment variables
 # Uses globals ``INSTALL_TESTONLY_PACKAGES``, ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
-# ``TRACK_DEPENDS``, ``*_proxy``
+# ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``
 # pip_install package [package ...]
 function pip_install {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local upgrade=""
     local offline=${OFFLINE:-False}
     if [[ "$offline" == "True" || -z "$@" ]]; then
         $xtrace
         return
     fi
 
+    PIP_UPGRADE=$(trueorfalse False PIP_UPGRADE)
+    if [[ "$PIP_UPGRADE" = "True" ]] ; then
+        upgrade="--upgrade"
+    fi
+
     if [[ -z "$os_PACKAGE" ]]; then
         GetOSVersion
     fi
@@ -98,7 +104,7 @@ function pip_install {
         https_proxy="${https_proxy:-}" \
         no_proxy="${no_proxy:-}" \
         PIP_FIND_LINKS=$PIP_FIND_LINKS \
-        $cmd_pip install \
+        $cmd_pip install $upgrade \
         $@
 
     # Also install test requirements
@@ -110,7 +116,7 @@ function pip_install {
             https_proxy=${https_proxy:-} \
             no_proxy=${no_proxy:-} \
             PIP_FIND_LINKS=$PIP_FIND_LINKS \
-            $cmd_pip install \
+            $cmd_pip install $upgrade \
             -r $test_req
     fi
 }

From 6e275e170c042794560c9b2c442a32c3de55566e Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 26 Mar 2015 05:54:28 -0400
Subject: [PATCH 0548/3421] provide an override-defaults phase

during the glusterfs integration it was seen that plugins might need
to set new defaults on projects before the project files load. Create
a new override-defaults phase for that.

Intentionally not adding to the documentation yet until we're sure
this works right in the glusterfs case.

Reported-By: Deepak C Shetty 
Change-Id: I13c961b19bdcc1a99e9a7068fe91bbaac787e948
---
 functions-common | 29 +++++++++++++++++++++++++++++
 stack.sh         |  4 ++++
 unstack.sh       |  4 ++++
 3 files changed, 37 insertions(+)

diff --git a/functions-common b/functions-common
index 48e400dfb1..9bad981ab1 100644
--- a/functions-common
+++ b/functions-common
@@ -1501,6 +1501,33 @@ function load_plugin_settings {
     done
 }
 
+# plugin_override_defaults
+#
+# Run an extremely early setting phase for plugins that allows default
+# overriding of services.
+function plugin_override_defaults {
+    local plugins="${DEVSTACK_PLUGINS}"
+    local plugin
+
+    # short circuit if nothing to do
+    if [[ -z $plugins ]]; then
+        return
+    fi
+
+    echo "Overriding Configuration Defaults"
+    for plugin in ${plugins//,/ }; do
+        local dir=${GITDIR[$plugin]}
+        # source any overrides
+        if [[ -f $dir/devstack/override-defaults ]]; then
+            # be really verbose that an override is happening, as it
+            # may not be obvious if things fail later.
+            echo "$plugin has overriden the following defaults"
+            cat $dir/devstack/override-defaults
+            source $dir/devstack/override-defaults
+        fi
+    done
+}
+
 # run_plugins
 #
 # Run the devstack/plugin.sh in all the plugin directories. These are
@@ -1530,6 +1557,8 @@ function run_phase {
     # the source phase corresponds to settings loading in plugins
     if [[ "$mode" == "source" ]]; then
         load_plugin_settings
+    elif [[ "$mode" == "override_defaults" ]]; then
+        plugin_override_defaults
     else
         run_plugins $mode $phase
     fi
diff --git a/stack.sh b/stack.sh
index 9069367fa0..a9deba7ff6 100755
--- a/stack.sh
+++ b/stack.sh
@@ -507,6 +507,10 @@ fi
 # Configure Projects
 # ==================
 
+# Plugin Phase 0: override_defaults - allow pluggins to override
+# defaults before other services are run
+run_phase override_defaults
+
 # Import apache functions
 source $TOP_DIR/lib/apache
 
diff --git a/unstack.sh b/unstack.sh
index a66370b1e9..c45af7400c 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -45,6 +45,10 @@ fi
 # Configure Projects
 # ==================
 
+# Plugin Phase 0: override_defaults - allow pluggins to override
+# defaults before other services are run
+run_phase override_defaults
+
 # Import apache functions
 source $TOP_DIR/lib/apache
 

From c70605d1013296d0127ad38d8c53a69ed982e647 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Mon, 26 Jan 2015 15:44:47 +0100
Subject: [PATCH 0549/3421] Add lioadm cinder iscsi helper support

The Linux-IO is a modern way of handling targets.
Per the IRC discussions lioadm as default
seams like a better default for everyone, for now it will be
optional, but the tgtadm admin support expected to be removed when
lioadm works well with all CI (including third party).

Change-Id: Ia54c59914c1d3ff2ef5f00ecf819426bc448d0a9
---
 files/debs/cinder       |  2 +-
 files/rpms-suse/cinder  |  2 +-
 files/rpms/cinder       |  2 +-
 lib/cinder              | 95 ++++++++++++++++++++++-------------------
 lib/cinder_backends/lvm |  2 +-
 lib/lvm                 | 11 +++--
 6 files changed, 63 insertions(+), 51 deletions(-)

diff --git a/files/debs/cinder b/files/debs/cinder
index 7819c31655..51908eb27b 100644
--- a/files/debs/cinder
+++ b/files/debs/cinder
@@ -1,4 +1,4 @@
-tgt
+tgt # NOPRIME
 lvm2
 qemu-utils
 libpq-dev
diff --git a/files/rpms-suse/cinder b/files/rpms-suse/cinder
index 55078da27c..3fd03cc9be 100644
--- a/files/rpms-suse/cinder
+++ b/files/rpms-suse/cinder
@@ -1,5 +1,5 @@
 lvm2
-tgt
+tgt # NOPRIME
 qemu-tools
 python-devel
 postgresql-devel
diff --git a/files/rpms/cinder b/files/rpms/cinder
index 9f1359f988..a88503b8bc 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -1,5 +1,5 @@
 lvm2
-scsi-target-utils
+scsi-target-utils # NOPRIME
 qemu-img
 postgresql-devel
 iscsi-initiator-utils
diff --git a/lib/cinder b/lib/cinder
index ef68d8d643..f257afcdb6 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -88,6 +88,8 @@ CINDER_SECURE_DELETE=$(trueorfalse True CINDER_SECURE_DELETE)
 # https://bugs.launchpad.net/cinder/+bug/1180976
 CINDER_PERIODIC_INTERVAL=${CINDER_PERIODIC_INTERVAL:-60}
 
+CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
+
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,cinder
 
@@ -125,31 +127,35 @@ function is_cinder_enabled {
 function cleanup_cinder {
     # ensure the volume group is cleared up because fails might
     # leave dead volumes in the group
-    local targets=$(sudo tgtadm --op show --mode target)
-    if [ $? -ne 0 ]; then
-        # If tgt driver isn't running this won't work obviously
-        # So check the response and restart if need be
-        echo "tgtd seems to be in a bad state, restarting..."
-        if is_ubuntu; then
-            restart_service tgt
-        else
-            restart_service tgtd
+    if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
+        local targets=$(sudo tgtadm --op show --mode target)
+        if [ $? -ne 0 ]; then
+            # If tgt driver isn't running this won't work obviously
+            # So check the response and restart if need be
+            echo "tgtd seems to be in a bad state, restarting..."
+            if is_ubuntu; then
+                restart_service tgt
+            else
+                restart_service tgtd
+            fi
+            targets=$(sudo tgtadm --op show --mode target)
         fi
-        targets=$(sudo tgtadm --op show --mode target)
-    fi
 
-    if [[ -n "$targets" ]]; then
-        local iqn_list=( $(grep --no-filename -r iqn $SCSI_PERSIST_DIR | sed 's///') )
-        for i in "${iqn_list[@]}"; do
-            echo removing iSCSI target: $i
-            sudo tgt-admin --delete $i
-        done
-    fi
+        if [[ -n "$targets" ]]; then
+            local iqn_list=( $(grep --no-filename -r iqn $SCSI_PERSIST_DIR | sed 's///') )
+            for i in "${iqn_list[@]}"; do
+                echo removing iSCSI target: $i
+                sudo tgt-admin --delete $i
+            done
+        fi
 
-    if is_ubuntu; then
-        stop_service tgt
+        if is_ubuntu; then
+            stop_service tgt
+        else
+            stop_service tgtd
+        fi
     else
-        stop_service tgtd
+        sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
     fi
 
     if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
@@ -224,7 +230,7 @@ function configure_cinder {
     iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $CINDER_CONF DEFAULT verbose True
 
-    iniset $CINDER_CONF DEFAULT iscsi_helper tgtadm
+    iniset $CINDER_CONF DEFAULT iscsi_helper "$CINDER_ISCSI_HELPER"
     iniset $CINDER_CONF database connection `database_connection_url cinder`
     iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
     iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf"
@@ -388,6 +394,13 @@ function init_cinder {
 function install_cinder {
     git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
     setup_develop $CINDER_DIR
+    if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
+        if is_fedora; then
+            install_package scsi-target-utils
+        else
+            install_package tgt
+        fi
+    fi
 }
 
 # install_cinderclient() - Collect source and prepare
@@ -415,21 +428,23 @@ function start_cinder {
         service_port=$CINDER_SERVICE_PORT_INT
         service_protocol="http"
     fi
-    if is_service_enabled c-vol; then
-        # Delete any old stack.conf
-        sudo rm -f /etc/tgt/conf.d/stack.conf
-        _configure_tgt_for_config_d
-        if is_ubuntu; then
-            sudo service tgt restart
-        elif is_fedora || is_suse; then
-            restart_service tgtd
-        else
-            # note for other distros: unstack.sh also uses the tgt/tgtd service
-            # name, and would need to be adjusted too
-            exit_distro_not_supported "restarting tgt"
+    if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
+        if is_service_enabled c-vol; then
+            # Delete any old stack.conf
+            sudo rm -f /etc/tgt/conf.d/stack.conf
+            _configure_tgt_for_config_d
+            if is_ubuntu; then
+                sudo service tgt restart
+            elif is_fedora || is_suse; then
+                restart_service tgtd
+            else
+                # note for other distros: unstack.sh also uses the tgt/tgtd service
+                # name, and would need to be adjusted too
+                exit_distro_not_supported "restarting tgt"
+            fi
+            # NOTE(gfidente): ensure tgtd is running in debug mode
+            sudo tgtadm --mode system --op update --name debug --value on
         fi
-        # NOTE(gfidente): ensure tgtd is running in debug mode
-        sudo tgtadm --mode system --op update --name debug --value on
     fi
 
     run_process c-api "$CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
@@ -459,14 +474,6 @@ function stop_cinder {
     for serv in c-api c-bak c-sch c-vol; do
         stop_process $serv
     done
-
-    if is_service_enabled c-vol; then
-        if is_ubuntu; then
-            stop_service tgt
-        else
-            stop_service tgtd
-        fi
-    fi
 }
 
 # create_volume_types() - Create Cinder's configured volume types
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index f210578339..d369c0c840 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -49,7 +49,7 @@ function configure_cinder_backend_lvm {
     iniset $CINDER_CONF $be_name volume_backend_name $be_name
     iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMVolumeDriver"
     iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
-    iniset $CINDER_CONF $be_name iscsi_helper "tgtadm"
+    iniset $CINDER_CONF $be_name iscsi_helper "$CINDER_ISCSI_HELPER"
 
     if [[ "$CINDER_SECURE_DELETE" == "False" ]]; then
         iniset $CINDER_CONF $be_name volume_clear none
diff --git a/lib/lvm b/lib/lvm
index d0322c76b3..519e82c806 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -108,15 +108,20 @@ function init_lvm_volume_group {
     if is_fedora || is_suse; then
         # services is not started by default
         start_service lvm2-lvmetad
-        start_service tgtd
+        if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
+            start_service tgtd
+        fi
     fi
 
     # Start with a clean volume group
     _create_lvm_volume_group $vg $size
 
     # Remove iscsi targets
-    sudo tgtadm --op show --mode target | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
-
+    if [ "$CINDER_ISCSI_HELPER" = "lioadm" ]; then
+        sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
+    else
+        sudo tgtadm --op show --mode target | grep Target | cut -f3 -d ' ' | sudo xargs -n1 tgt-admin --delete || true
+    fi
     _clean_lvm_volume_group $vg
 }
 

From 4533eeec1fe4834ced0996fc8f9c8487dcd31d45 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Tue, 17 Feb 2015 16:25:38 -0600
Subject: [PATCH 0550/3421] Install Nova into its own venv

Install a couple of optional feature prereqs in hypervisor plugins.

rootwrap is horribly called indirectly via PATH.  The choice, other than fixing
such nonsense, is to force the path in sudo.

TODO:
* python guestfs isn't in pypi, need to specifically install it to not
  use the distro package

Change-Id: Iad9a66d8a937fd0b0d1874005588c702e3d75e04
---
 files/debs/general                 |  1 +
 files/rpms/general                 |  1 +
 lib/nova                           | 52 ++++++++++++++++++++++--------
 lib/nova_plugins/functions-libvirt | 14 ++++----
 4 files changed, 48 insertions(+), 20 deletions(-)

diff --git a/files/debs/general b/files/debs/general
index 84d43029ff..87a6c7cb31 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -23,3 +23,4 @@ libffi-dev
 libssl-dev # for pyOpenSSL
 gettext  # used for compiling message catalogs
 openjdk-7-jre-headless  # NOPRIME
+pkg-config
diff --git a/files/rpms/general b/files/rpms/general
index eac4ec36a7..81cc7891be 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -12,6 +12,7 @@ openssl-devel # to rebuild pyOpenSSL if needed
 libffi-devel
 libxml2-devel
 libxslt-devel
+pkgconfig
 psmisc
 pylint
 python-devel
diff --git a/lib/nova b/lib/nova
index 32dea77fbf..d3bf2a8ec1 100644
--- a/lib/nova
+++ b/lib/nova
@@ -32,9 +32,16 @@ set +o xtrace
 
 # Set up default directories
 GITDIR["python-novaclient"]=$DEST/python-novaclient
+NOVA_DIR=$DEST/nova
 
+# Nova virtual environment
+if [[ ${USE_VENV} = True ]]; then
+    PROJECT_VENV["nova"]=${NOVA_DIR}.venv
+    NOVA_BIN_DIR=${PROJECT_VENV["nova"]}/bin
+else
+    NOVA_BIN_DIR=$(get_python_exec_prefix)
+fi
 
-NOVA_DIR=$DEST/nova
 NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
 # INSTANCES_PATH is the previous name for this
 NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
@@ -69,16 +76,6 @@ NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}
 EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}
 
-# Support entry points installation of console scripts
-if [[ -d $NOVA_DIR/bin ]]; then
-    NOVA_BIN_DIR=$NOVA_DIR/bin
-else
-    NOVA_BIN_DIR=$(get_python_exec_prefix)
-fi
-
-# Set the paths of certain binaries
-NOVA_ROOTWRAP=$(get_rootwrap_location nova)
-
 # Option to enable/disable config drive
 # NOTE: Set FORCE_CONFIG_DRIVE="False" to turn OFF config drive
 FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"always"}
@@ -225,9 +222,11 @@ function cleanup_nova {
     #fi
 }
 
+# Deploy new rootwrap filters files and configure sudo
 # configure_nova_rootwrap() - configure Nova's rootwrap
 function configure_nova_rootwrap {
-    # Deploy new rootwrap filters files (owned by root).
+    nova_rootwrap=$NOVA_BIN_DIR/nova-rootwrap
+
     # Wipe any existing rootwrap.d files first
     if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then
         sudo rm -rf $NOVA_CONF_DIR/rootwrap.d
@@ -242,14 +241,21 @@ function configure_nova_rootwrap {
     sudo sed -e "s:^filters_path=.*$:filters_path=$NOVA_CONF_DIR/rootwrap.d:" -i $NOVA_CONF_DIR/rootwrap.conf
 
     # Specify rootwrap.conf as first parameter to nova-rootwrap
-    local rootwrap_sudoer_cmd="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.conf *"
+    local rootwrap_sudoer_cmd="$nova_rootwrap $NOVA_CONF_DIR/rootwrap.conf *"
 
     # Set up the rootwrap sudoers for nova
     local tempfile=`mktemp`
-    echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd" >$tempfile
+    echo "Defaults:$STACK_USER secure_path=$NOVA_BIN_DIR:/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >$tempfile
+    echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd" >>$tempfile
     chmod 0440 $tempfile
     sudo chown root:root $tempfile
     sudo mv $tempfile /etc/sudoers.d/nova-rootwrap
+
+    # So rootwrap and PATH are broken beyond belief.  WTF relies on a SECURE operation
+    # to blindly follow PATH???  We learned that was a bad idea in the 80's!
+    # So to fix this in a venv, we must exploit the very hole we want to close by dropping
+    # a copy of the venv rootwrap binary into /usr/local/bin.
+    #sudo cp -p $nova_rootwrap /usr/local/bin
 }
 
 # configure_nova() - Set config files, create data dirs, etc
@@ -696,6 +702,10 @@ function start_nova_api {
         service_protocol="http"
     fi
 
+    # Hack to set the path for rootwrap
+    local old_path=$PATH
+    export PATH=$NOVA_BIN_DIR:$PATH
+
     run_process n-api "$NOVA_BIN_DIR/nova-api"
     echo "Waiting for nova-api to start..."
     if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then
@@ -707,10 +717,16 @@ function start_nova_api {
         start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT &
         start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT &
     fi
+
+    export PATH=$old_path
 }
 
 # start_nova_compute() - Start the compute process
 function start_nova_compute {
+    # Hack to set the path for rootwrap
+    local old_path=$PATH
+    export PATH=$NOVA_BIN_DIR:$PATH
+
     if is_service_enabled n-cell; then
         local compute_cell_conf=$NOVA_CELLS_CONF
     else
@@ -738,10 +754,16 @@ function start_nova_compute {
         fi
         run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf"
     fi
+
+    export PATH=$old_path
 }
 
 # start_nova() - Start running processes, including screen
 function start_nova_rest {
+    # Hack to set the path for rootwrap
+    local old_path=$PATH
+    export PATH=$NOVA_BIN_DIR:$PATH
+
     local api_cell_conf=$NOVA_CONF
     if is_service_enabled n-cell; then
         local compute_cell_conf=$NOVA_CELLS_CONF
@@ -769,6 +791,8 @@ function start_nova_rest {
     # Swift will act as s3 objectstore.
     is_service_enabled swift3 || \
         run_process n-obj "$NOVA_BIN_DIR/nova-objectstore --config-file $api_cell_conf"
+
+    export PATH=$old_path
 }
 
 function start_nova {
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 4d617e8b5e..60707cf859 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -21,14 +21,16 @@ DEBUG_LIBVIRT=$(trueorfalse False DEBUG_LIBVIRT)
 function install_libvirt {
     if is_ubuntu; then
         install_package qemu-kvm
-        install_package libvirt-bin
-        install_package python-libvirt
-        install_package python-guestfs
+        install_package libvirt-bin libvirt-dev
+        pip_install libvirt-python
+        install_package libguestfs0
+        #install_package python-guestfs
+        #pip_install 
     elif is_fedora || is_suse; then
         install_package kvm
-        install_package libvirt
-        install_package libvirt-python
-        install_package python-libguestfs
+        install_package libvirt libvirt-devel
+        pip_install libvirt-python
+        #install_package python-libguestfs
     fi
 
     # Restart firewalld after install of libvirt to avoid a problem

From fab7880bcd98ff8d64e1389aac073b79728e77e5 Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Thu, 26 Mar 2015 13:03:49 -0700
Subject: [PATCH 0551/3421] lib/ironic: Do not check for database or message
 queue

Only check for OpenStack services, not specific database or
messaging backends.

Change-Id: I7960718defa3f521d1c2128d8523e8ee9328da64
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index b99e3255d5..a7738bc14e 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -181,7 +181,7 @@ function is_deployed_with_ipa_ramdisk {
 # install_ironic() - Collect source and prepare
 function install_ironic {
     # make sure all needed service were enabled
-    local req_services="mysql rabbit key"
+    local req_services="key"
     if [[ "$VIRT_DRIVER" == "ironic" ]]; then
         req_services+=" nova glance neutron"
     fi

From 11cf7b64a78d225d7ba84b86597a934d0417ad3c Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Fri, 27 Mar 2015 09:08:53 +1300
Subject: [PATCH 0552/3421] iptables rule for heat pip mirror

This is required for guest VMs to reach http://$HOST_IP:8899

Change-Id: I814c682fb02974ae05dfbe5e212409cdd11d16ac
---
 lib/heat | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/heat b/lib/heat
index c7abd3bb1c..a27691fab2 100644
--- a/lib/heat
+++ b/lib/heat
@@ -337,6 +337,7 @@ function build_heat_pip_mirror {
     " -i $heat_pip_repo_apache_conf
     enable_apache_site heat_pip_repo
     restart_apache_server
+    sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $HEAT_PIP_REPO_PORT -j ACCEPT || true
 }
 
 # Restore xtrace

From 41d6f858be8431975762e65db470929c72b8f2a8 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 25 Mar 2015 22:42:46 -0500
Subject: [PATCH 0553/3421] Clean up additional INSTALL_TESTONLY_PACKAGES bits

The original removal is in https://review.openstack.org/#/c/167669/

Change-Id: I3c59f040523d2cd1453465e80280955218880634
---
 doc/source/configuration.rst | 12 ------------
 functions-common             |  2 --
 inc/python                   |  2 +-
 3 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 2af69c6b5e..a0d0840263 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -417,18 +417,6 @@ IP Version
       can be configured with any valid IPv6 prefix. The default values make
       use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC 4193.*
 
-Unit tests dependencies install
--------------------------------
-
-    | *Default: ``INSTALL_TESTONLY_PACKAGES=False``*
-    |  In order to be able to run unit tests with script ``run_test.sh``,
-       the required package dependencies need to be installed.
-       Setting this option as below does the work.
-
-    ::
-
-        INSTALL_TESTONLY_PACKAGES=True
-
 Examples
 ========
 
diff --git a/functions-common b/functions-common
index 9bad981ab1..0f80e98f43 100644
--- a/functions-common
+++ b/functions-common
@@ -909,8 +909,6 @@ function get_packages {
     local file_to_parse=""
     local service=""
 
-    INSTALL_TESTONLY_PACKAGES=$(trueorfalse False INSTALL_TESTONLY_PACKAGES)
-
     if [[ -z "$package_dir" ]]; then
         echo "No package directory supplied"
         return 1
diff --git a/inc/python b/inc/python
index d00eb0cd1f..39684b6fc5 100644
--- a/inc/python
+++ b/inc/python
@@ -53,7 +53,7 @@ function get_python_exec_prefix {
 }
 
 # Wrapper for ``pip install`` to set cache and proxy environment variables
-# Uses globals ``INSTALL_TESTONLY_PACKAGES``, ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
+# Uses globals ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
 # ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``
 # pip_install package [package ...]
 function pip_install {

From 909fa8f49e0e253009be1299a4a067a22d80bb9b Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Fri, 27 Mar 2015 10:56:16 +0900
Subject: [PATCH 0554/3421] Fix Q_USE_PUBLIC_VETH regression

A recently merged change Ie35cb537bb670c4773598b8db29877fb8a12ff50
and I71e2594288bae1a71dc2c8c3fb350b913dbd5e2c broke Q_USE_PUBLIC_VETH.
This commit fixes the regression.

Closes-Bug: #1436637
Change-Id: I1447bf98607143ba4954ce5ec3ed94010320baa5
---
 lib/neutron-legacy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e9a3926b28..d3dd8dd33e 100755
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1263,7 +1263,7 @@ function _neutron_configure_router_v4 {
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local cidr_len=${FLOATING_RANGE#*/}
-            if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" ]]; then
+            if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && ( $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" || $Q_USE_PUBLIC_VETH == "True" ) ]]; then
                 sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
                 sudo ip link set $ext_gw_interface up
             fi

From 9e98f9435ec36f2fffed0ac368befd520f07e0e1 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 27 Mar 2015 14:43:14 +1100
Subject: [PATCH 0555/3421] Install packaged pyOpenSSL

pyOpenSSL has done a rewrite of itself in Python.  This may be good
for many reasons, but memory usage is not one of them.  It just about
doubles the size of at least swift, which usually consumes about 6% of
a CI testing vm's 8gb RAM.  This is enough to push centos hosts into
OOM conditions and then everything falls apart.

The distro packages of pyOpenSSL are the older C-based versions, which
doesn't bring in the kitchen sink of cffi & pycparser.

Change-Id: Icd4100da1d5cbdb82017da046b00b9397813c2f2
---
 files/rpms/general | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/rpms/general b/files/rpms/general
index d74ecc6e98..64329a4086 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -27,3 +27,4 @@ gettext  # used for compiling message catalogs
 net-tools
 java-1.7.0-openjdk-headless  # NOPRIME rhel7,f20
 java-1.8.0-openjdk-headless  # NOPRIME f21,f22
+pyOpenSSL # version in pip uses too much memory
\ No newline at end of file

From bba4742e8cbdc577121bf1010f5fe307c958cd15 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Sat, 28 Mar 2015 13:37:26 -0500
Subject: [PATCH 0556/3421] Add parent id to worlddump output

Helpful in tracking down some process-doesn't-die problems.

Change-Id: I146910403879c9a85d644bd07a53830ea17ca77d
---
 tools/worlddump.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 9a62c0dfbb..8dd455c274 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -66,7 +66,7 @@ def process_list():
 Process Listing
 ===============
 """
-    psraw = os.popen("ps auxw").read()
+    psraw = os.popen("ps axo user,ppid,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,args").read()
     print psraw
 
 

From 3bb5a6f445f4938f1edca3c649aa22ff4ef8e5c3 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Sat, 28 Mar 2015 10:27:43 -0500
Subject: [PATCH 0557/3421] Remove symlink for lib/neutron compat

Depends-On: I146910403879c9a85d644bd07a53830ea17ca77d
Change-Id: Ia25331fc74fd26df347024a8314bc4c6ed54428e
---
 lib/neutron | 1 -
 1 file changed, 1 deletion(-)
 delete mode 120000 lib/neutron

diff --git a/lib/neutron b/lib/neutron
deleted file mode 120000
index 00cd72273e..0000000000
--- a/lib/neutron
+++ /dev/null
@@ -1 +0,0 @@
-neutron-legacy
\ No newline at end of file

From dc97cb71e85fc807d2cce6f054c785922d322eb9 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Sat, 28 Mar 2015 08:20:50 -0500
Subject: [PATCH 0558/3421] Mostly docs cleanups

Fix documentation build errors and RST formatting

Change-Id: Id93153400c5b069dd9d772381558c7085f64c207
---
 exercise.sh                        |  10 +-
 functions                          |   6 +-
 functions-common                   |   4 +-
 gate/updown.sh                     |   2 +-
 lib/ceilometer                     |  33 +++--
 lib/dstat                          |   2 +-
 lib/horizon                        |   2 +-
 lib/ironic                         |   6 +-
 lib/lvm                            |   8 +-
 lib/nova                           |  21 ++--
 lib/oslo                           |   7 +-
 lib/rpc_backend                    |   5 +-
 lib/stack                          |   9 +-
 lib/swift                          |  47 ++++----
 lib/tempest                        |  60 +++++-----
 lib/tls                            |  15 +--
 lib/trove                          |   4 +-
 run_tests.sh                       |   5 +-
 samples/local.conf                 |   3 +-
 samples/local.sh                   |   7 +-
 stack.sh                           | 185 +++++++++++++++--------------
 stackrc                            |  39 +++---
 tools/build_docs.sh                |   6 +-
 tools/build_venv.sh                |   9 +-
 tools/build_wheels.sh              |  11 +-
 tools/create-stack-user.sh         |   2 +-
 tools/fixup_stuff.sh               |  12 +-
 tools/image_list.sh                |   2 +-
 tools/info.sh                      |   4 +-
 tools/install_pip.sh               |  10 +-
 tools/install_prereqs.sh           |   6 +-
 tools/ironic/scripts/create-node   |   4 +-
 tools/ironic/scripts/setup-network |   4 +-
 tools/outfilter.py                 |  14 +--
 unstack.sh                         |   2 +-
 35 files changed, 284 insertions(+), 282 deletions(-)

diff --git a/exercise.sh b/exercise.sh
index ce694fba66..19c9d80451 100755
--- a/exercise.sh
+++ b/exercise.sh
@@ -2,7 +2,7 @@
 
 # **exercise.sh**
 
-# Keep track of the current devstack directory.
+# Keep track of the current DevStack directory.
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 
 # Import common functions
@@ -14,11 +14,11 @@ source $TOP_DIR/stackrc
 # Run everything in the exercises/ directory that isn't explicitly disabled
 
 # comma separated list of script basenames to skip
-# to refrain from exercising euca.sh use SKIP_EXERCISES=euca
+# to refrain from exercising euca.sh use ``SKIP_EXERCISES=euca``
 SKIP_EXERCISES=${SKIP_EXERCISES:-""}
 
 # comma separated list of script basenames to run
-# to run only euca.sh use RUN_EXERCISES=euca
+# to run only euca.sh use ``RUN_EXERCISES=euca``
 basenames=${RUN_EXERCISES:-""}
 
 EXERCISE_DIR=$TOP_DIR/exercises
@@ -27,7 +27,7 @@ if [[ -z "${basenames}" ]]; then
     # Locate the scripts we should run
     basenames=$(for b in `ls $EXERCISE_DIR/*.sh`; do basename $b .sh; done)
 else
-    # If RUN_EXERCISES was specified, ignore SKIP_EXERCISES.
+    # If ``RUN_EXERCISES`` was specified, ignore ``SKIP_EXERCISES``.
     SKIP_EXERCISES=
 fi
 
@@ -56,7 +56,7 @@ for script in $basenames; do
     fi
 done
 
-# output status of exercise run
+# Output status of exercise run
 echo "====================================================================="
 for script in $skips; do
     echo SKIP $script
diff --git a/functions b/functions
index 9adbfe7cf6..5bc8456281 100644
--- a/functions
+++ b/functions
@@ -439,7 +439,7 @@ function check_path_perm_sanity {
             echo "*** DEST path element"
             echo "***    ${rebuilt_path}"
             echo "*** appears to have 0700 permissions."
-            echo "*** This is very likely to cause fatal issues for devstack daemons."
+            echo "*** This is very likely to cause fatal issues for DevStack daemons."
 
             if [[ -n "$SKIP_PATH_SANITY" ]]; then
                 return
@@ -526,8 +526,8 @@ function setup_colorized_logging {
 }
 
 # These functions are provided for basic fall-back functionality for
-# projects that include parts of devstack (grenade).  stack.sh will
-# override these with more specific versions for devstack (with fancy
+# projects that include parts of DevStack (Grenade).  stack.sh will
+# override these with more specific versions for DevStack (with fancy
 # spinners, etc).  We never override an existing version
 if ! function_exists echo_summary; then
     function echo_summary {
diff --git a/functions-common b/functions-common
index 0f80e98f43..f1aca29b30 100644
--- a/functions-common
+++ b/functions-common
@@ -971,7 +971,7 @@ function get_packages {
 #
 # Only packages required for enabled and collected plugins will included.
 #
-# The same metadata used in the main devstack prerequisite files may be used
+# The same metadata used in the main DevStack prerequisite files may be used
 # in these prerequisite files, see get_packages() for more info.
 function get_plugin_packages {
     local xtrace=$(set +o | grep xtrace)
@@ -1471,7 +1471,7 @@ function fetch_plugins {
         return
     fi
 
-    echo "Fetching devstack plugins"
+    echo "Fetching DevStack plugins"
     for plugin in ${plugins//,/ }; do
         git_clone_by_name $plugin
     done
diff --git a/gate/updown.sh b/gate/updown.sh
index d2d7351a2f..f46385cfe1 100755
--- a/gate/updown.sh
+++ b/gate/updown.sh
@@ -4,7 +4,7 @@
 #
 # Note: this is expected to start running as jenkins
 
-# Step 1: give back sudoers permissions to devstack
+# Step 1: give back sudoers permissions to DevStack
 TEMPFILE=`mktemp`
 echo "stack ALL=(root) NOPASSWD:ALL" >$TEMPFILE
 chmod 0440 $TEMPFILE
diff --git a/lib/ceilometer b/lib/ceilometer
index 7b2215c3d3..81353093b2 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -4,7 +4,7 @@
 # Install and start **Ceilometer** service
 
 # To enable a minimal set of Ceilometer services, add the following to the
-# localrc section of local.conf:
+# ``localrc`` section of ``local.conf``:
 #
 #   enable_service ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector ceilometer-api
 #
@@ -17,14 +17,11 @@
 # of Ceilometer (see within for additional settings):
 #
 #   CEILOMETER_USE_MOD_WSGI:       When True, run the api under mod_wsgi.
-#   CEILOMETER_PIPELINE_INTERVAL:  The number of seconds between pipeline processing
-#                                  runs. Default 600.
-#   CEILOMETER_BACKEND:            The database backend (e.g. 'mysql', 'mongodb', 'es')
-#   CEILOMETER_COORDINATION_URL:   The URL for a group membership service provided
-#                                  by tooz.
+#   CEILOMETER_PIPELINE_INTERVAL:  Seconds between pipeline processing runs. Default 600.
+#   CEILOMETER_BACKEND:            Database backend (e.g. 'mysql', 'mongodb', 'es')
+#   CEILOMETER_COORDINATION_URL:   URL for group membership service provided by tooz.
 #   CEILOMETER_EVENTS:             Enable event collection
 
-
 # Dependencies:
 #
 # - functions
@@ -94,7 +91,7 @@ function is_ceilometer_enabled {
     return 1
 }
 
-# create_ceilometer_accounts() - Set up common required ceilometer accounts
+# create_ceilometer_accounts() - Set up common required Ceilometer accounts
 #
 # Project              User         Roles
 # ------------------------------------------------------------------
@@ -117,14 +114,14 @@ function create_ceilometer_accounts {
                 "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
         fi
         if is_service_enabled swift; then
-            # Ceilometer needs ResellerAdmin role to access swift account stats.
+            # Ceilometer needs ResellerAdmin role to access Swift account stats.
             get_or_add_user_project_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
         fi
     fi
 }
 
 
-# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+# _cleanup_keystone_apache_wsgi() - Remove WSGI files, disable and remove Apache vhost file
 function _cleanup_ceilometer_apache_wsgi {
     sudo rm -f $CEILOMETER_WSGI_DIR/*
     sudo rm -f $(apache_site_config_for ceilometer)
@@ -149,7 +146,7 @@ function _config_ceilometer_apache_wsgi {
     local ceilometer_apache_conf=$(apache_site_config_for ceilometer)
     local apache_version=$(get_apache_version)
 
-    # copy proxy vhost and wsgi file
+    # Copy proxy vhost and wsgi file
     sudo cp $CEILOMETER_DIR/ceilometer/api/app.wsgi $CEILOMETER_WSGI_DIR/app
 
     sudo cp $FILES/apache-ceilometer.template $ceilometer_apache_conf
@@ -189,9 +186,9 @@ function configure_ceilometer {
         sed -i "s/interval:.*/interval: ${CEILOMETER_PIPELINE_INTERVAL}/" $CEILOMETER_CONF_DIR/pipeline.yaml
     fi
 
-    # the compute and central agents need these credentials in order to
-    # call out to other services' public APIs
-    # the alarm evaluator needs these options to call ceilometer APIs
+    # The compute and central agents need these credentials in order to
+    # call out to other services' public APIs.
+    # The alarm evaluator needs these options to call ceilometer APIs
     iniset $CEILOMETER_CONF service_credentials os_username ceilometer
     iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
     iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
@@ -237,7 +234,7 @@ function configure_ceilometer {
 }
 
 function configure_mongodb {
-    # server package is the same on all
+    # Server package is the same on all
     local packages=mongodb-server
 
     if is_fedora; then
@@ -250,13 +247,13 @@ function configure_mongodb {
     install_package ${packages}
 
     if is_fedora; then
-        # ensure smallfiles selected to minimize freespace requirements
+        # Ensure smallfiles is selected to minimize freespace requirements
         sudo sed -i '/--smallfiles/!s/OPTIONS=\"/OPTIONS=\"--smallfiles /' /etc/sysconfig/mongod
 
         restart_service mongod
     fi
 
-    # give mongodb time to start-up
+    # Give mongodb time to start-up
     sleep 5
 }
 
@@ -347,7 +344,7 @@ function start_ceilometer {
         run_process ceilometer-acompute "ceilometer-agent-compute --config-file $CEILOMETER_CONF"
     fi
 
-    # only die on API if it was actually intended to be turned on
+    # Only die on API if it was actually intended to be turned on
     if is_service_enabled ceilometer-api; then
         echo "Waiting for ceilometer-api to start..."
         if ! wait_for_service $SERVICE_TIMEOUT $CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/v2/; then
diff --git a/lib/dstat b/lib/dstat
index 740e48f9e0..c8faa6578c 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -41,7 +41,7 @@ function start_dstat {
 # stop_dstat() stop dstat process
 function stop_dstat {
     # dstat runs as a console, not as a service, and isn't trackable
-    # via the normal mechanisms for devstack. So lets just do a
+    # via the normal mechanisms for DevStack. So lets just do a
     # killall and move on.
     killall dstat || /bin/true
 }
diff --git a/lib/horizon b/lib/horizon
index c6e3692d47..63a9d0fe46 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -129,7 +129,7 @@ function init_horizon {
     fi
     enable_apache_site horizon
 
-    # Remove old log files that could mess with how devstack detects whether Horizon
+    # Remove old log files that could mess with how DevStack detects whether Horizon
     # has been successfully started (see start_horizon() and functions::screen_it())
     # and run_process
     sudo rm -f /var/log/$APACHE_NAME/horizon_*
diff --git a/lib/ironic b/lib/ironic
index a7738bc14e..fcf1a543a9 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -53,7 +53,7 @@ IRONIC_HW_EPHEMERAL_DISK=${IRONIC_HW_EPHEMERAL_DISK:-0}
 # The file is composed of multiple lines, each line includes four field
 # separated by white space: IPMI address, MAC address, IPMI username
 # and IPMI password.
-# An example:
+#
 #   192.168.110.107 00:1e:67:57:50:4c root otc123
 IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info}
 
@@ -99,10 +99,10 @@ IRONIC_AGENT_KERNEL_URL=${IRONIC_AGENT_KERNEL_URL:-http://tarballs.openstack.org
 IRONIC_AGENT_RAMDISK_URL=${IRONIC_AGENT_RAMDISK_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz}
 
 # Which deploy driver to use - valid choices right now
-# are 'pxe_ssh', 'pxe_ipmitool', 'agent_ssh' and 'agent_ipmitool'.
+# are ``pxe_ssh``, ``pxe_ipmitool``, ``agent_ssh`` and ``agent_ipmitool``.
 IRONIC_DEPLOY_DRIVER=${IRONIC_DEPLOY_DRIVER:-pxe_ssh}
 
-#TODO(agordeev): replace 'ubuntu' with host distro name getting
+# TODO(agordeev): replace 'ubuntu' with host distro name getting
 IRONIC_DEPLOY_FLAVOR=${IRONIC_DEPLOY_FLAVOR:-ubuntu $IRONIC_DEPLOY_ELEMENT}
 
 # Support entry points installation of console scripts
diff --git a/lib/lvm b/lib/lvm
index d0322c76b3..6c59937b0c 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -1,3 +1,5 @@
+#!/bin/bash
+#
 # lib/lvm
 # Configure the default LVM volume group used by Cinder and Nova
 
@@ -32,8 +34,8 @@ DEFAULT_VOLUME_GROUP_NAME=$VOLUME_GROUP_NAME-default
 BACKING_FILE_SUFFIX=-backing-file
 
 
-# Entry Points
-# ------------
+# Functions
+# ---------
 
 # _clean_lvm_volume_group removes all default LVM volumes
 #
@@ -52,7 +54,7 @@ function _clean_lvm_volume_group {
 function _clean_lvm_backing_file {
     local backing_file=$1
 
-    # if the backing physical device is a loop device, it was probably setup by devstack
+    # If the backing physical device is a loop device, it was probably setup by DevStack
     if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
         local vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
         sudo losetup -d $vg_dev
diff --git a/lib/nova b/lib/nova
index 8e1b2f7b9d..385da4e44b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -55,8 +55,9 @@ NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
 
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
 # NOVA_API_VERSION valid options
-#   - default - setup API end points as nova does out of the box
-#   - v21default - make v21 the default on /v2
+# - default - setup API end points as nova does out of the box
+# - v21default - make v21 the default on /v2
+#
 # NOTE(sdague): this is for transitional testing of the Nova v21 API.
 # Expect to remove in L or M.
 NOVA_API_VERSION=${NOVA_API_VERSION-default}
@@ -77,7 +78,7 @@ EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}
 EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}
 
 # Option to enable/disable config drive
-# NOTE: Set FORCE_CONFIG_DRIVE="False" to turn OFF config drive
+# NOTE: Set ``FORCE_CONFIG_DRIVE="False"`` to turn OFF config drive
 FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"True"}
 
 # Nova supports pluggable schedulers.  The default ``FilterScheduler``
@@ -89,11 +90,11 @@ QEMU_CONF=/etc/libvirt/qemu.conf
 # Set default defaults here as some hypervisor drivers override these
 PUBLIC_INTERFACE_DEFAULT=br100
 FLAT_NETWORK_BRIDGE_DEFAULT=br100
-# set the GUEST_INTERFACE_DEFAULT to some interface on the box so that
-# the default isn't completely crazy. This will match eth*, em*, or
-# the new p* interfaces, then basically picks the first
+# Set ``GUEST_INTERFACE_DEFAULT`` to some interface on the box so that
+# the default isn't completely crazy. This will match ``eth*``, ``em*``, or
+# the new ``p*`` interfaces, then basically picks the first
 # alphabetically. It's probably wrong, however it's less wrong than
-# always using 'eth0' which doesn't exist on new Linux distros at all.
+# always using ``eth0`` which doesn't exist on new Linux distros at all.
 GUEST_INTERFACE_DEFAULT=$(ip link \
     | grep 'state UP' \
     | awk '{print $2}' \
@@ -101,8 +102,8 @@ GUEST_INTERFACE_DEFAULT=$(ip link \
     | grep ^[ep] \
     | head -1)
 
-# $NOVA_VNC_ENABLED can be used to forcibly enable vnc configuration.
-# In multi-node setups allows compute hosts to not run n-novnc.
+# ``NOVA_VNC_ENABLED`` can be used to forcibly enable VNC configuration.
+# In multi-node setups allows compute hosts to not run ``n-novnc``.
 NOVA_VNC_ENABLED=$(trueorfalse False NOVA_VNC_ENABLED)
 
 # Get hypervisor configuration
@@ -144,7 +145,7 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
 # running the VM - removing a SPOF and bandwidth bottleneck.
 MULTI_HOST=$(trueorfalse False MULTI_HOST)
 
-# ``NOVA_ALLOW_MOVE_TO_SAME_HOST` can be set to False in multi node devstack,
+# ``NOVA_ALLOW_MOVE_TO_SAME_HOST`` can be set to False in multi node DevStack,
 # where there are at least two nova-computes.
 NOVA_ALLOW_MOVE_TO_SAME_HOST=$(trueorfalse True NOVA_ALLOW_MOVE_TO_SAME_HOST)
 
diff --git a/lib/oslo b/lib/oslo
index 86efb60a4e..d9688a01cd 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -2,7 +2,7 @@
 #
 # lib/oslo
 #
-# Functions to install oslo libraries from git
+# Functions to install **Oslo** libraries from git
 #
 # We need this to handle the fact that projects would like to use
 # pre-released versions of oslo libraries.
@@ -46,8 +46,9 @@ GITDIR["tooz"]=$DEST/tooz
 # Support entry points installation of console scripts
 OSLO_BIN_DIR=$(get_python_exec_prefix)
 
-# Entry Points
-# ------------
+
+# Functions
+# ---------
 
 function _do_install_oslo_lib {
     local name=$1
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 3033cbe08e..d82af6de6e 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -1,8 +1,7 @@
 #!/bin/bash
 #
 # lib/rpc_backend
-# Interface for interactig with different rpc backend
-# rpc backend settings
+# Interface for interactig with different RPC backends
 
 # Dependencies:
 #
@@ -27,10 +26,10 @@ RPC_MESSAGING_PROTOCOL=${RPC_MESSAGING_PROTOCOL:-0.9}
 # messaging server as a service, which it really isn't for multi host
 QPID_HOST=${QPID_HOST:-}
 
+
 # Functions
 # ---------
 
-
 # Make sure we only have one rpc backend enabled.
 # Also check the specified rpc backend is available on your platform.
 function check_rpc_backend {
diff --git a/lib/stack b/lib/stack
index 11dd87ca28..47e8ce2a22 100644
--- a/lib/stack
+++ b/lib/stack
@@ -2,15 +2,18 @@
 #
 # lib/stack
 #
-# These functions are code snippets pulled out of stack.sh for easier
+# These functions are code snippets pulled out of ``stack.sh`` for easier
 # re-use by Grenade.  They can assume the same environment is available
-# as in the lower part of stack.sh, namely a valid stackrc has been sourced
-# as well as all of the lib/* files for the services have been sourced.
+# as in the lower part of ``stack.sh``, namely a valid stackrc has been sourced
+# as well as all of the ``lib/*`` files for the services have been sourced.
 #
 # For clarity, all functions declared here that came from ``stack.sh``
 # shall be named with the prefix ``stack_``.
 
 
+# Functions
+# ---------
+
 # Generic service install handles venv creation if confgured for service
 # stack_install_service service
 function stack_install_service {
diff --git a/lib/swift b/lib/swift
index 28ef7de1f1..07068bb104 100644
--- a/lib/swift
+++ b/lib/swift
@@ -38,7 +38,6 @@ fi
 # Set up default directories
 GITDIR["python-swiftclient"]=$DEST/python-swiftclient
 
-
 SWIFT_DIR=$DEST/swift
 SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
 SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
@@ -59,7 +58,7 @@ SWIFT_DISK_IMAGE=${SWIFT_DATA_DIR}/drives/images/swift.img
 SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-/etc/swift}
 
 if is_service_enabled s-proxy && is_service_enabled swift3; then
-    # If we are using swift3, we can default the s3 port to swift instead
+    # If we are using ``swift3``, we can default the S3 port to swift instead
     # of nova-objectstore
     S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
 fi
@@ -137,11 +136,12 @@ ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012}
 SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False}
 SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY:-}
 
+# Toggle for deploying Swift under HTTPD + mod_wsgi
+SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
+
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,swift
 
-# Toggle for deploying Swift under HTTPD + mod_wsgi
-SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
 
 # Functions
 # ---------
@@ -303,7 +303,6 @@ function generate_swift_config_services {
     sed -i -e "s,#[ ]*recon_cache_path .*,recon_cache_path = ${SWIFT_DATA_DIR}/cache," ${swift_node_config}
 }
 
-
 # configure_swift() - Set config files, create data dirs and loop image
 function configure_swift {
     local swift_pipeline="${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH}"
@@ -374,12 +373,9 @@ function configure_swift {
         iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT key_file "$SWIFT_SSL_KEY"
     fi
 
-    # Devstack is commonly run in a small slow environment, so bump the
-    # timeouts up.
-    # node_timeout is how long between read operations a node takes to
-    # respond to the proxy server
-    # conn_timeout is all about how long it takes a connect() system call to
-    # return
+    # DevStack is commonly run in a small slow environment, so bump the timeouts up.
+    # ``node_timeout`` is the node read operation response time to the proxy server
+    # ``conn_timeout`` is how long it takes a connect() system call to return
     iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server node_timeout 120
     iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server conn_timeout 20
 
@@ -394,10 +390,10 @@ function configure_swift {
         SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
     fi
 
-    # Restrict the length of auth tokens in the swift proxy-server logs.
+    # Restrict the length of auth tokens in the Swift ``proxy-server`` logs.
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:proxy-logging reveal_sensitive_prefix ${SWIFT_LOG_TOKEN_LENGTH}
 
-    # By default Swift will be installed with keystone and tempauth middleware
+    # By default Swift will be installed with Keystone and tempauth middleware
     # and add the swift3 middleware if its configured for it. The token for
     # tempauth would be prefixed with the reseller_prefix setting `TEMPAUTH_` the
     # token for keystoneauth would have the standard reseller_prefix `AUTH_`
@@ -413,17 +409,13 @@ function configure_swift {
     sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
     sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
 
-
     iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
 
-
-
     # Configure Crossdomain
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:crossdomain use "egg:swift#crossdomain"
 
-
-    # This causes the authtoken middleware to use the same python logging
-    # adapter provided by the swift proxy-server, so that request transaction
+    # Configure authtoken middleware to use the same Python logging
+    # adapter provided by the Swift ``proxy-server``, so that request transaction
     # IDs will included in all of its log messages.
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
 
@@ -436,7 +428,7 @@ function configure_swift {
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use "egg:swift#keystoneauth"
     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
 
-    # Configure Tempauth. In the sample config file, Keystoneauth is commented
+    # Configure Tempauth. In the sample config file Keystoneauth is commented
     # out. Make sure we uncomment Tempauth after we uncomment Keystoneauth
     # otherwise, this code also sets the reseller_prefix for Keystoneauth.
     iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
@@ -579,7 +571,8 @@ function create_swift_disk {
         sudo chown -R ${STACK_USER}: ${node}
     done
 }
-# create_swift_accounts() - Set up standard swift accounts and extra
+
+# create_swift_accounts() - Set up standard Swift accounts and extra
 # one for tests we do this by attaching all words in the account name
 # since we want to make it compatible with tempauth which use
 # underscores for separators.
@@ -593,9 +586,9 @@ function create_swift_disk {
 # swifttenanttest4   swiftusertest4     admin          swift_test
 
 function create_swift_accounts {
-    # Defines specific passwords used by tools/create_userrc.sh
-    # As these variables are used by create_userrc.sh, they must be exported
-    # The _password suffix is expected by create_userrc.sh
+    # Defines specific passwords used by ``tools/create_userrc.sh``
+    # As these variables are used by ``create_userrc.sh,`` they must be exported
+    # The _password suffix is expected by ``create_userrc.sh``.
     export swiftusertest1_password=testing
     export swiftusertest2_password=testing2
     export swiftusertest3_password=testing3
@@ -725,8 +718,8 @@ function start_swift {
 
     # By default with only one replica we are launching the proxy,
     # container, account and object server in screen in foreground and
-    # other services in background. If we have SWIFT_REPLICAS set to something
-    # greater than one we first spawn all the swift services then kill the proxy
+    # other services in background. If we have ``SWIFT_REPLICAS`` set to something
+    # greater than one we first spawn all the Swift services then kill the proxy
     # service so we can run it in foreground in screen.  ``swift-init ...
     # {stop|restart}`` exits with '1' if no servers are running, ignore it just
     # in case
@@ -762,7 +755,7 @@ function stop_swift {
         swift-init --run-dir=${SWIFT_DATA_DIR}/run rest stop && return 0
     fi
 
-    # screen normally killed by unstack.sh
+    # screen normally killed by ``unstack.sh``
     if type -p swift-init >/dev/null; then
         swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
     fi
diff --git a/lib/tempest b/lib/tempest
index 8672a14338..d86ee27fd0 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -62,13 +62,11 @@ BUILD_INTERVAL=1
 # The default is set to 196 seconds.
 BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
 
-
 # This must be False on stable branches, as master tempest
 # deps do not match stable branch deps. Set this to True to
-# have tempest installed in devstack by default.
+# have tempest installed in DevStack by default.
 INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"}
 
-
 BOTO_MATERIALS_PATH="$FILES/images/s3-materials/cirros-${CIRROS_VERSION}"
 BOTO_CONF=/etc/boto.cfg
 
@@ -83,6 +81,7 @@ TEMPEST_STORAGE_PROTOCOL=${TEMPEST_STORAGE_PROTOCOL:-$TEMPEST_DEFAULT_STORAGE_PR
 IPV6_ENABLED=$(trueorfalse True IPV6_ENABLED)
 IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True IPV6_SUBNET_ATTRIBUTES_ENABLED)
 
+
 # Functions
 # ---------
 
@@ -168,8 +167,8 @@ function configure_tempest {
         esac
     fi
 
-    # Create tempest.conf from tempest.conf.sample
-    # copy every time, because the image UUIDS are going to change
+    # Create ``tempest.conf`` from ``tempest.conf.sample``
+    # Copy every time because the image UUIDS are going to change
     sudo install -d -o $STACK_USER $TEMPEST_CONFIG_DIR
     install -m 644 $TEMPEST_DIR/etc/tempest.conf.sample $TEMPEST_CONFIG
 
@@ -179,8 +178,8 @@ function configure_tempest {
     # the cloud. We don't always want to so that we can ensure Tempest
     # would work on a public cloud.
     TEMPEST_HAS_ADMIN=$(trueorfalse True TEMPEST_HAS_ADMIN)
-    # See files/keystone_data.sh and stack.sh where admin, demo and alt_demo
-    # user and tenant are set up...
+
+    # See ``lib/keystone`` where these users and tenants are set up
     ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
     ADMIN_TENANT_NAME=${ADMIN_TENANT_NAME:-admin}
     ADMIN_DOMAIN_NAME=${ADMIN_DOMAIN_NAME:-Default}
@@ -191,13 +190,13 @@ function configure_tempest {
     ADMIN_TENANT_ID=$(openstack project list | awk "/ admin / { print \$2 }")
 
     if is_service_enabled nova; then
-        # If the ``DEFAULT_INSTANCE_TYPE`` not declared, use the new behavior
-        # Tempest creates instane types for himself
+        # If ``DEFAULT_INSTANCE_TYPE`` is not declared, use the new behavior
+        # Tempest creates its own instance types
         if  [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
             available_flavors=$(nova flavor-list)
             if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
                 if is_arch "ppc64"; then
-                    # qemu needs at least 128MB of memory to boot on ppc64
+                    # Qemu needs at least 128MB of memory to boot on ppc64
                     nova flavor-create m1.nano 42 128 0 1
                 else
                     nova flavor-create m1.nano 42 64 0 1
@@ -214,8 +213,7 @@ function configure_tempest {
             fi
             flavor_ref_alt=84
         else
-            # Check Nova for existing flavors and, if set, look for the
-            # ``DEFAULT_INSTANCE_TYPE`` and use that.
+            # Check Nova for existing flavors, if ``DEFAULT_INSTANCE_TYPE`` is set use it.
             boto_instance_type=$DEFAULT_INSTANCE_TYPE
             flavor_lines=`nova flavor-list`
             IFS=$'\r\n'
@@ -240,8 +238,8 @@ function configure_tempest {
             flavor_ref=${flavors[0]}
             flavor_ref_alt=$flavor_ref
 
-            # ensure flavor_ref and flavor_ref_alt have different values
-            # some resize instance in tempest tests depends on this.
+            # Ensure ``flavor_ref`` and ``flavor_ref_alt`` have different values.
+            # Some resize instance in tempest tests depends on this.
             for f in ${flavors[@]:1}; do
                 if [[ $f -ne $flavor_ref ]]; then
                     flavor_ref_alt=$f
@@ -266,7 +264,7 @@ function configure_tempest {
         public_network_id=$(neutron net-list | grep $PUBLIC_NETWORK_NAME | \
             awk '{print $2}')
         if [ "$Q_USE_NAMESPACE" == "False" ]; then
-            # If namespaces are disabled, devstack will create a single
+            # If namespaces are disabled, DevStack will create a single
             # public router that tempest should be configured to use.
             public_router_id=$(neutron router-list | awk "/ $Q_ROUTER_NAME / \
                 { print \$2 }")
@@ -274,6 +272,7 @@ function configure_tempest {
     fi
 
     iniset $TEMPEST_CONFIG DEFAULT use_syslog $SYSLOG
+
     # Oslo
     iniset $TEMPEST_CONFIG oslo_concurrency lock_path $TEMPEST_STATE_PATH
     mkdir -p $TEMPEST_STATE_PATH
@@ -309,15 +308,13 @@ function configure_tempest {
     fi
 
     # Image
-    # for the gate we want to be able to override this variable so we aren't
-    # doing an HTTP fetch over the wide internet for this test
+    # We want to be able to override this variable in the gate to avoid
+    # doing an external HTTP fetch for this test.
     if [[ ! -z "$TEMPEST_HTTP_IMAGE" ]]; then
         iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE
     fi
 
     # Auth
-    #
-    #
     TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}
     iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
     iniset $TEMPEST_CONFIG auth tempest_roles "Member"
@@ -336,7 +333,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
 
     # Compute Features
-    # Run verify_tempest_config -ur to retrieve enabled extensions on API endpoints
+    # Run ``verify_tempest_config -ur`` to retrieve enabled extensions on API endpoints
     # NOTE(mtreinish): This must be done after auth settings are added to the tempest config
     local tmp_cfg_file=$(mktemp)
     cd $TEMPEST_DIR
@@ -417,11 +414,11 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG scenario large_ops_number ${TEMPEST_LARGE_OPS_NUMBER:-0}
 
     # Telemetry
-    # Ceilometer API optimization happened in juno that allows to run more tests in tempest.
+    # Ceilometer API optimization happened in Juno that allows to run more tests in tempest.
     # Once Tempest retires support for icehouse this flag can be removed.
     iniset $TEMPEST_CONFIG telemetry too_slow_to_test "False"
 
-    # Object storage
+    # Object Store
     local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"}
     if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then
         # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
@@ -445,7 +442,7 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG volume-feature-enabled backup False
     fi
 
-    # Using CINDER_ENABLED_BACKENDS
+    # Using ``CINDER_ENABLED_BACKENDS``
     if [[ -n "$CINDER_ENABLED_BACKENDS" ]] && [[ $CINDER_ENABLED_BACKENDS =~ .*,.* ]]; then
         iniset $TEMPEST_CONFIG volume-feature-enabled multi_backend "True"
         local i=1
@@ -470,7 +467,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG dashboard dashboard_url "http://$SERVICE_HOST/"
     iniset $TEMPEST_CONFIG dashboard login_url "http://$SERVICE_HOST/auth/login/"
 
-    # cli
+    # CLI
     iniset $TEMPEST_CONFIG cli cli_dir $NOVA_BIN_DIR
 
     # Baremetal
@@ -495,7 +492,7 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG compute-feature-enabled suspend False
     fi
 
-    # service_available
+    # ``service_available``
     for service in ${TEMPEST_SERVICES//,/ }; do
         if is_service_enabled $service ; then
             iniset $TEMPEST_CONFIG service_available $service "True"
@@ -505,7 +502,7 @@ function configure_tempest {
     done
 
     if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
-        # Use the BOTO_CONFIG environment variable to point to this file
+        # Use the ``BOTO_CONFIG`` environment variable to point to this file
         iniset $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE
         sudo chown $STACK_USER $BOTO_CONF
     fi
@@ -520,7 +517,6 @@ function configure_tempest {
 # ------------------------------------------------------------------
 # alt_demo             alt_demo     Member
 
-# Migrated from keystone_data.sh
 function create_tempest_accounts {
     if is_service_enabled tempest; then
         # Tempest has some tests that validate various authorization checks
@@ -531,13 +527,13 @@ function create_tempest_accounts {
     fi
 }
 
-# install_tempest_lib() - Collect source, prepare, and install tempest-lib
+# install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
 function install_tempest_lib {
     if use_library_from_git "tempest-lib"; then
         git_clone_by_name "tempest-lib"
         setup_dev_lib "tempest-lib"
-        # NOTE(mtreinish) For testing tempest-lib from git with tempest we need
-        # put the git version of tempest-lib in the tempest job's tox venv
+        # NOTE(mtreinish) For testing ``tempest-lib`` from git with Tempest we need to
+        # put the git version of ``tempest-lib`` in the Tempest job's tox venv
         export PIP_VIRTUAL_ENV=${PROJECT_VENV["tempest"]}
         setup_dev_lib "tempest-lib"
         unset PIP_VIRTUAL_ENV
@@ -555,7 +551,7 @@ function install_tempest {
     popd
 }
 
-# init_tempest() - Initialize ec2 images
+# init_tempest() - Initialize EC2 images
 function init_tempest {
     local base_image_name=cirros-${CIRROS_VERSION}-${CIRROS_ARCH}
     # /opt/stack/devstack/files/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec
@@ -564,7 +560,7 @@ function init_tempest {
     local ramdisk="$image_dir/${base_image_name}-initrd"
     local disk_image="$image_dir/${base_image_name}-blank.img"
     if is_service_enabled nova; then
-        # if the cirros uec downloaded and the system is uec capable
+        # If the CirrOS uec downloaded and the system is UEC capable
         if [ -f "$kernel" -a -f "$ramdisk" -a -f "$disk_image" -a  "$VIRT_DRIVER" != "openvz" \
             -a \( "$LIBVIRT_TYPE" != "lxc" -o "$VIRT_DRIVER" != "libvirt" \) ]; then
             echo "Prepare aki/ari/ami Images"
diff --git a/lib/tls b/lib/tls
index 677895b9b2..09f1c2dfdd 100644
--- a/lib/tls
+++ b/lib/tls
@@ -32,6 +32,7 @@
 # - is_ssl_enabled_service
 # - enable_mod_ssl
 
+
 # Defaults
 # --------
 
@@ -92,7 +93,6 @@ function create_CA_base {
     cp /dev/null $ca_dir/index.txt
 }
 
-
 # Create a new CA configuration file
 # create_CA_config ca-dir common-name
 function create_CA_config {
@@ -248,7 +248,6 @@ function init_cert {
     fi
 }
 
-
 # make_cert creates and signs a new certificate with the given commonName and CA
 # make_cert ca-dir cert-name "common-name" ["alt-name" ...]
 function make_cert {
@@ -287,7 +286,6 @@ function make_cert {
     fi
 }
 
-
 # Make an intermediate CA to sign everything else
 # make_int_CA ca-dir signing-ca-dir
 function make_int_CA {
@@ -362,17 +360,16 @@ function is_ssl_enabled_service {
     return 1
 }
 
-
 # Ensure that the certificates for a service are in place. This function does
 # not check that a service is SSL enabled, this should already have been
 # completed.
 #
 # The function expects to find a certificate, key and CA certificate in the
-# variables {service}_SSL_CERT, {service}_SSL_KEY and {service}_SSL_CA. For
-# example for keystone this would be KEYSTONE_SSL_CERT, KEYSTONE_SSL_KEY and
-# KEYSTONE_SSL_CA.
+# variables ``{service}_SSL_CERT``, ``{service}_SSL_KEY`` and ``{service}_SSL_CA``. For
+# example for keystone this would be ``KEYSTONE_SSL_CERT``, ``KEYSTONE_SSL_KEY`` and
+# ``KEYSTONE_SSL_CA``.
 #
-# If it does not find these certificates then the devstack-issued server
+# If it does not find these certificates then the DevStack-issued server
 # certificate, key and CA certificate will be associated with the service.
 #
 # If only some of the variables are provided then the function will quit.
@@ -437,14 +434,12 @@ function start_tls_proxy {
 # Cleanup Functions
 # =================
 
-
 # Stops all stud processes. This should be done only after all services
 # using tls configuration are down.
 function stop_tls_proxy {
     killall stud
 }
 
-
 # Remove CA along with configuration, as well as the local server certificate
 function cleanup_CA {
     rm -rf "$DATA_DIR/CA" "$DEVSTACK_CERT"
diff --git a/lib/trove b/lib/trove
index 5dd4f23611..b0a96100c2 100644
--- a/lib/trove
+++ b/lib/trove
@@ -21,6 +21,7 @@
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
+
 # Defaults
 # --------
 if is_service_enabled neutron; then
@@ -80,7 +81,7 @@ function setup_trove_logging {
     fi
 }
 
-# create_trove_accounts() - Set up common required trove accounts
+# create_trove_accounts() - Set up common required Trove accounts
 
 # Tenant               User       Roles
 # ------------------------------------------------------------------
@@ -115,7 +116,6 @@ function cleanup_trove {
     rm -fr $TROVE_CONF_DIR/*
 }
 
-
 # configure_trove() - Set config files, create data dirs, etc
 function configure_trove {
     setup_develop $TROVE_DIR
diff --git a/run_tests.sh b/run_tests.sh
index 3ba7e1023d..c6b7da64c0 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -11,9 +11,8 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-#
-#
-# this runs a series of unit tests for devstack to ensure it's functioning
+
+# This runs a series of unit tests for DevStack to ensure it's functioning
 
 PASSES=""
 FAILURES=""
diff --git a/samples/local.conf b/samples/local.conf
index 63000b65ba..bd0cd9c0db 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -1,7 +1,6 @@
 # Sample ``local.conf`` for user-configurable variables in ``stack.sh``
 
-# NOTE: Copy this file to the root ``devstack`` directory for it to
-# work properly.
+# NOTE: Copy this file to the root DevStack directory for it to work properly.
 
 # ``local.conf`` is a user-maintained settings file that is sourced from ``stackrc``.
 # This gives it the ability to override any variables set in ``stackrc``.
diff --git a/samples/local.sh b/samples/local.sh
index 664cb663fe..634f6ddb17 100755
--- a/samples/local.sh
+++ b/samples/local.sh
@@ -3,15 +3,14 @@
 # Sample ``local.sh`` for user-configurable tasks to run automatically
 # at the successful conclusion of ``stack.sh``.
 
-# NOTE: Copy this file to the root ``devstack`` directory for it to
-# work properly.
+# NOTE: Copy this file to the root DevStack directory for it to work properly.
 
 # This is a collection of some of the things we have found to be useful to run
 # after ``stack.sh`` to tweak the OpenStack configuration that DevStack produces.
 # These should be considered as samples and are unsupported DevStack code.
 
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 
 # Import common functions
@@ -50,7 +49,7 @@ if is_service_enabled nova; then
     source $TOP_DIR/openrc admin admin
 
     # Name of new flavor
-    # set in ``localrc`` with ``DEFAULT_INSTANCE_TYPE=m1.micro``
+    # set in ``local.conf`` with ``DEFAULT_INSTANCE_TYPE=m1.micro``
     MI_NAME=m1.micro
 
     # Create micro flavor if not present
diff --git a/stack.sh b/stack.sh
index 090d527328..8ab82348f3 100755
--- a/stack.sh
+++ b/stack.sh
@@ -16,18 +16,11 @@
 # (14.04 Trusty or newer), **Fedora** (F20 or newer), or **CentOS/RHEL**
 # (7 or newer) machine. (It may work on other platforms but support for those
 # platforms is left to those who added them to DevStack.) It should work in
-# a VM or physical server. Additionally, we maintain a list of ``apt`` and
+# a VM or physical server. Additionally, we maintain a list of ``deb`` and
 # ``rpm`` dependencies and other configuration files in this repo.
 
 # Learn more and get the most recent version at http://devstack.org
 
-# check if someone has invoked with "sh"
-if [[ "${POSIXLY_CORRECT}" == "y" ]]; then
-    echo "You appear to be running bash in POSIX compatibility mode."
-    echo "devstack uses bash features. \"./stack.sh\" should do the right thing"
-    exit 1
-fi
-
 # Make sure custom grep options don't get in the way
 unset GREP_OPTIONS
 
@@ -44,7 +37,7 @@ umask 022
 # Not all distros have sbin in PATH for regular users.
 PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 
 # Check for uninitialized variables, a big cause of bugs
@@ -53,6 +46,10 @@ if [[ -n "$NOUNSET" ]]; then
     set -o nounset
 fi
 
+
+# Configuration
+# =============
+
 # Sanity Checks
 # -------------
 
@@ -61,7 +58,7 @@ if [[ -r $TOP_DIR/.stackenv ]]; then
     rm $TOP_DIR/.stackenv
 fi
 
-# ``stack.sh`` keeps the list of ``apt`` and ``rpm`` dependencies and config
+# ``stack.sh`` keeps the list of ``deb`` and ``rpm`` dependencies, config
 # templates and other useful files in the ``files`` subdirectory
 FILES=$TOP_DIR/files
 if [ ! -d $FILES ]; then
@@ -69,12 +66,23 @@ if [ ! -d $FILES ]; then
 fi
 
 # ``stack.sh`` keeps function libraries here
+# Make sure ``$TOP_DIR/inc`` directory is present
+if [ ! -d $TOP_DIR/inc ]; then
+    die $LINENO "missing devstack/inc"
+fi
+
+# ``stack.sh`` keeps project libraries here
 # Make sure ``$TOP_DIR/lib`` directory is present
 if [ ! -d $TOP_DIR/lib ]; then
     die $LINENO "missing devstack/lib"
 fi
 
-# Check if run as root
+# Check if run in POSIX shell
+if [[ "${POSIXLY_CORRECT}" == "y" ]]; then
+    echo "You are running POSIX compatibility mode, DevStack requires bash 4.2 or newer."
+    exit 1
+fi
+
 # OpenStack is designed to be run as a non-root user; Horizon will fail to run
 # as **root** since Apache will not serve content from **root** user).
 # ``stack.sh`` must not be run as **root**.  It aborts and suggests one course of
@@ -89,8 +97,6 @@ if [[ $EUID -eq 0 ]]; then
     exit 1
 fi
 
-# Print the kernel version
-uname -a
 
 # Prepare the environment
 # -----------------------
@@ -112,6 +118,7 @@ source $TOP_DIR/lib/stack
 # and ``DISTRO``
 GetDistro
 
+
 # Global Settings
 # ---------------
 
@@ -134,7 +141,6 @@ if [[ -r $TOP_DIR/local.conf ]]; then
     done
 fi
 
-
 # ``stack.sh`` is customizable by setting environment variables.  Override a
 # default setting via export::
 #
@@ -145,18 +151,20 @@ fi
 #
 #     DATABASE_PASSWORD=simple ./stack.sh
 #
-# Persistent variables can be placed in a ``localrc`` file::
+# Persistent variables can be placed in a ``local.conf`` file::
 #
+#     [[local|localrc]]
 #     DATABASE_PASSWORD=anothersecret
 #     DATABASE_USER=hellaroot
 #
 # We try to have sensible defaults, so you should be able to run ``./stack.sh``
-# in most cases.  ``localrc`` is not distributed with DevStack and will never
+# in most cases.  ``local.conf`` is not distributed with DevStack and will never
 # be overwritten by a DevStack update.
 #
 # DevStack distributes ``stackrc`` which contains locations for the OpenStack
 # repositories, branches to configure, and other configuration defaults.
-# ``stackrc`` sources ``localrc`` to allow you to safely override those settings.
+# ``stackrc`` sources the ``localrc`` section of ``local.conf`` to allow you to
+# safely override those settings.
 
 if [[ ! -r $TOP_DIR/stackrc ]]; then
     die $LINENO "missing $TOP_DIR/stackrc - did you grab more than just stack.sh?"
@@ -188,34 +196,27 @@ fi
 # Make sure the proxy config is visible to sub-processes
 export_proxy_variables
 
-# Remove services which were negated in ENABLED_SERVICES
+# Remove services which were negated in ``ENABLED_SERVICES``
 # using the "-" prefix (e.g., "-rabbit") instead of
 # calling disable_service().
 disable_negated_services
 
-# Look for obsolete stuff
-# if [[ ,${ENABLED_SERVICES}, =~ ,"swift", ]]; then
-#     echo "FATAL: 'swift' is not supported as a service name"
-#     echo "FATAL: Use the actual swift service names to enable them as required:"
-#     echo "FATAL: s-proxy s-object s-container s-account"
-#     exit 1
-# fi
 
 # Configure sudo
 # --------------
 
-# We're not **root**, make sure ``sudo`` is available
+# We're not as **root** so make sure ``sudo`` is available
 is_package_installed sudo || install_package sudo
 
 # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
 sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
     echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
 
-# Set up devstack sudoers
+# Set up DevStack sudoers
 TEMPFILE=`mktemp`
 echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
-# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
-# see them by forcing PATH
+# Some binaries might be under ``/sbin`` or ``/usr/sbin``, so make sure sudo will
+# see them by forcing ``PATH``
 echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
 echo "Defaults:$STACK_USER !requiretty" >> $TEMPFILE
 chmod 0440 $TEMPFILE
@@ -226,7 +227,7 @@ sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
 # Configure Distro Repositories
 # -----------------------------
 
-# For debian/ubuntu make apt attempt to retry network ops on it's own
+# For Debian/Ubuntu make apt attempt to retry network ops on it's own
 if is_ubuntu; then
     echo 'APT::Acquire::Retries "20";' | sudo tee /etc/apt/apt.conf.d/80retry  >/dev/null
 fi
@@ -237,7 +238,7 @@ fi
 if is_fedora && [[ $DISTRO == "rhel7" ]]; then
     # RHEL requires EPEL for many Open Stack dependencies
 
-    # note we always remove and install latest -- some environments
+    # NOTE: We always remove and install latest -- some environments
     # use snapshot images, and if EPEL version updates they break
     # unless we update them to latest version.
     if sudo yum repolist enabled epel | grep -q 'epel'; then
@@ -248,7 +249,7 @@ if is_fedora && [[ $DISTRO == "rhel7" ]]; then
     # repo, then removes itself (as epel-release installed the
     # "real" repo).
     #
-    # you would think that rather than this, you could use
+    # You would think that rather than this, you could use
     # $releasever directly in .repo file we create below.  However
     # RHEL gives a $releasever of "6Server" which breaks the path;
     # see https://bugzilla.redhat.com/show_bug.cgi?id=1150759
@@ -265,7 +266,7 @@ EOF
     sudo yum-config-manager --enable epel-bootstrap
     yum_install epel-release || \
         die $LINENO "Error installing EPEL repo, cannot continue"
-    # epel rpm has installed it's version
+    # EPEL rpm has installed it's version
     sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo
 
     # ... and also optional to be enabled
@@ -300,7 +301,7 @@ sudo mkdir -p $DEST
 safe_chown -R $STACK_USER $DEST
 safe_chmod 0755 $DEST
 
-# a basic test for $DEST path permissions (fatal on error unless skipped)
+# Basic test for ``$DEST`` path permissions (fatal on error unless skipped)
 check_path_perm_sanity ${DEST}
 
 # Destination path for service data
@@ -488,6 +489,9 @@ set -o errexit
 # an error.  It is also useful for following along as the install occurs.
 set -o xtrace
 
+# Print the kernel version
+uname -a
+
 # Reset the bundle of CA certificates
 SSL_BUNDLE_FILE="$DATA_DIR/ca-bundle.pem"
 rm -f $SSL_BUNDLE_FILE
@@ -500,7 +504,7 @@ source $TOP_DIR/lib/rpc_backend
 # and the specified rpc backend is available on your platform.
 check_rpc_backend
 
-# Service to enable with SSL if USE_SSL is True
+# Service to enable with SSL if ``USE_SSL`` is True
 SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron"
 
 if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then
@@ -514,7 +518,7 @@ fi
 # defaults before other services are run
 run_phase override_defaults
 
-# Import apache functions
+# Import Apache functions
 source $TOP_DIR/lib/apache
 
 # Import TLS functions
@@ -598,8 +602,9 @@ function read_password {
 
 
 # Database Configuration
+# ----------------------
 
-# To select between database backends, add the following to ``localrc``:
+# To select between database backends, add the following to ``local.conf``:
 #
 #    disable_service mysql
 #    enable_service postgresql
@@ -611,9 +616,10 @@ initialize_database_backends && echo "Using $DATABASE_TYPE database backend" ||
 
 
 # Queue Configuration
+# -------------------
 
 # Rabbit connection info
-# In multi node devstack, second node needs RABBIT_USERID, but rabbit
+# In multi node DevStack, second node needs ``RABBIT_USERID``, but rabbit
 # isn't enabled.
 RABBIT_USERID=${RABBIT_USERID:-stackrabbit}
 if is_service_enabled rabbit; then
@@ -623,6 +629,7 @@ fi
 
 
 # Keystone
+# --------
 
 if is_service_enabled keystone; then
     # The ``SERVICE_TOKEN`` is used to bootstrap the Keystone database.  It is
@@ -634,14 +641,14 @@ if is_service_enabled keystone; then
     read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
 
     # Keystone can now optionally install OpenLDAP by enabling the ``ldap``
-    # service in ``localrc`` (e.g. ``enable_service ldap``).
+    # service in ``local.conf`` (e.g. ``enable_service ldap``).
     # To clean out the Keystone contents in OpenLDAP set ``KEYSTONE_CLEAR_LDAP``
-    # to ``yes`` (e.g. ``KEYSTONE_CLEAR_LDAP=yes``) in ``localrc``.  To enable the
+    # to ``yes`` (e.g. ``KEYSTONE_CLEAR_LDAP=yes``) in ``local.conf``.  To enable the
     # Keystone Identity Driver (``keystone.identity.backends.ldap.Identity``)
     # set ``KEYSTONE_IDENTITY_BACKEND`` to ``ldap`` (e.g.
-    # ``KEYSTONE_IDENTITY_BACKEND=ldap``) in ``localrc``.
+    # ``KEYSTONE_IDENTITY_BACKEND=ldap``) in ``local.conf``.
 
-    # only request ldap password if the service is enabled
+    # Only request LDAP password if the service is enabled
     if is_service_enabled ldap; then
         read_password LDAP_PASSWORD "ENTER A PASSWORD TO USE FOR LDAP"
     fi
@@ -649,6 +656,7 @@ fi
 
 
 # Swift
+# -----
 
 if is_service_enabled s-proxy; then
     # We only ask for Swift Hash if we have enabled swift service.
@@ -672,14 +680,14 @@ fi
 echo_summary "Installing package prerequisites"
 source $TOP_DIR/tools/install_prereqs.sh
 
-# Configure an appropriate python environment
+# Configure an appropriate Python environment
 if [[ "$OFFLINE" != "True" ]]; then
     PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/install_pip.sh
 fi
 
 TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 
-# Install python packages into a virtualenv so that we can track them
+# Install Python packages into a virtualenv so that we can track them
 if [[ $TRACK_DEPENDS = True ]]; then
     echo_summary "Installing Python packages into a virtualenv $DEST/.venv"
     pip_install -U virtualenv
@@ -728,10 +736,10 @@ echo_summary "Installing OpenStack project source"
 # Install required infra support libraries
 install_infra
 
-# Install oslo libraries that have graduated
+# Install Oslo libraries
 install_oslo
 
-# Install clients libraries
+# Install client libraries
 install_keystoneclient
 install_glanceclient
 install_cinderclient
@@ -749,7 +757,6 @@ fi
 # Install middleware
 install_keystonemiddleware
 
-
 if is_service_enabled keystone; then
     if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
         stack_install_service keystone
@@ -766,7 +773,7 @@ if is_service_enabled s-proxy; then
 
     # swift3 middleware to provide S3 emulation to Swift
     if is_service_enabled swift3; then
-        # replace the nova-objectstore port by the swift port
+        # Replace the nova-objectstore port by the swift port
         S3_SERVICE_PORT=8080
         git_clone $SWIFT3_REPO $SWIFT3_DIR $SWIFT3_BRANCH
         setup_develop $SWIFT3_DIR
@@ -774,23 +781,25 @@ if is_service_enabled s-proxy; then
 fi
 
 if is_service_enabled g-api n-api; then
-    # image catalog service
+    # Image catalog service
     stack_install_service glance
     configure_glance
 fi
 
 if is_service_enabled cinder; then
+    # Block volume service
     stack_install_service cinder
     configure_cinder
 fi
 
 if is_service_enabled neutron; then
+    # Network service
     stack_install_service neutron
     install_neutron_third_party
 fi
 
 if is_service_enabled nova; then
-    # compute service
+    # Compute service
     stack_install_service nova
     cleanup_nova
     configure_nova
@@ -822,18 +831,18 @@ if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
     configure_CA
     init_CA
     init_cert
-    # Add name to /etc/hosts
-    # don't be naive and add to existing line!
+    # Add name to ``/etc/hosts``.
+    # Don't be naive and add to existing line!
 fi
 
+
 # Extras Install
 # --------------
 
 # Phase: install
 run_phase stack install
 
-
-# install the OpenStack client, needed for most setup commands
+# Install the OpenStack client, needed for most setup commands
 if use_library_from_git "python-openstackclient"; then
     git_clone_by_name "python-openstackclient"
     setup_dev_lib "python-openstackclient"
@@ -841,7 +850,6 @@ else
     pip_install 'python-openstackclient>=1.0.2'
 fi
 
-
 if [[ $TRACK_DEPENDS = True ]]; then
     $DEST/.venv/bin/pip freeze > $DEST/requires-post-pip
     if ! diff -Nru $DEST/requires-pre-pip $DEST/requires-post-pip > $DEST/requires.diff; then
@@ -934,7 +942,7 @@ if [[ "$USE_SCREEN" == "True" ]]; then
     screen -r $SCREEN_NAME -X setenv PROMPT_COMMAND /bin/true
 fi
 
-# Clear screen rc file
+# Clear ``screenrc`` file
 SCREENRC=$TOP_DIR/$SCREEN_NAME-screenrc
 if [[ -e $SCREENRC ]]; then
     rm -f $SCREENRC
@@ -943,14 +951,16 @@ fi
 # Initialize the directory for service status check
 init_service_check
 
+
+# Start Services
+# ==============
+
 # Dstat
-# -------
+# -----
 
 # A better kind of sysstat, with the top process per time slice
 start_dstat
 
-# Start Services
-# ==============
 
 # Keystone
 # --------
@@ -972,7 +982,7 @@ if is_service_enabled keystone; then
         SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
     fi
 
-    # Setup OpenStackclient token-flow auth
+    # Setup OpenStackClient token-endpoint auth
     export OS_TOKEN=$SERVICE_TOKEN
     export OS_URL=$SERVICE_ENDPOINT
 
@@ -994,10 +1004,10 @@ if is_service_enabled keystone; then
         create_heat_accounts
     fi
 
-    # Begone token-flow auth
+    # Begone token auth
     unset OS_TOKEN OS_URL
 
-    # Set up password-flow auth creds now that keystone is bootstrapped
+    # Set up password auth credentials now that Keystone is bootstrapped
     export OS_AUTH_URL=$SERVICE_ENDPOINT
     export OS_TENANT_NAME=admin
     export OS_USERNAME=admin
@@ -1042,7 +1052,7 @@ if is_service_enabled neutron; then
     echo_summary "Configuring Neutron"
 
     configure_neutron
-    # Run init_neutron only on the node hosting the neutron API server
+    # Run init_neutron only on the node hosting the Neutron API server
     if is_service_enabled $DATABASE_BACKENDS && is_service_enabled q-svc; then
         init_neutron
     fi
@@ -1118,6 +1128,7 @@ if is_service_enabled nova; then
     init_nova_cells
 fi
 
+
 # Extras Configuration
 # ====================
 
@@ -1128,7 +1139,7 @@ run_phase stack post-config
 # Local Configuration
 # ===================
 
-# Apply configuration from local.conf if it exists for layer 2 services
+# Apply configuration from ``local.conf`` if it exists for layer 2 services
 # Phase: post-config
 merge_config_group $TOP_DIR/local.conf post-config
 
@@ -1150,18 +1161,16 @@ if is_service_enabled glance; then
     start_glance
 fi
 
+
 # Install Images
 # ==============
 
-# Upload an image to glance.
+# Upload an image to Glance.
 #
-# The default image is cirros, a small testing image which lets you login as **root**
-# cirros has a ``cloud-init`` analog supporting login via keypair and sending
+# The default image is CirrOS, a small testing image which lets you login as **root**
+# CirrOS has a ``cloud-init`` analog supporting login via keypair and sending
 # scripts as userdata.
-# See https://help.ubuntu.com/community/CloudInit for more on cloud-init
-#
-# Override ``IMAGE_URLS`` with a comma-separated list of UEC images.
-#  * **precise**: http://uec-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64.tar.gz
+# See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
 
 if is_service_enabled g-reg; then
     TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
@@ -1179,7 +1188,7 @@ if is_service_enabled g-reg; then
     done
 fi
 
-# Create an access key and secret key for nova ec2 register image
+# Create an access key and secret key for Nova EC2 register image
 if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then
     eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret)
     iniset $NOVA_CONF DEFAULT s3_access_key "$access"
@@ -1242,7 +1251,7 @@ if is_service_enabled ceilometer; then
     start_ceilometer
 fi
 
-# Configure and launch heat engine, api and metadata
+# Configure and launch Heat engine, api and metadata
 if is_service_enabled heat; then
     # Initialize heat
     echo_summary "Configuring Heat"
@@ -1287,30 +1296,34 @@ for i in BASE_SQL_CONN ENABLED_SERVICES HOST_IP LOGFILE \
 done
 
 
-# Local Configuration
-# ===================
+# Wrapup configuration
+# ====================
+
+# local.conf extra
+# ----------------
 
-# Apply configuration from local.conf if it exists for layer 2 services
+# Apply configuration from ``local.conf`` if it exists for layer 2 services
 # Phase: extra
 merge_config_group $TOP_DIR/local.conf extra
 
 
 # Run extras
-# ==========
+# ----------
 
 # Phase: extra
 run_phase stack extra
 
-# Local Configuration
-# ===================
 
-# Apply configuration from local.conf if it exists for layer 2 services
+# local.conf post-extra
+# ---------------------
+
+# Apply late configuration from ``local.conf`` if it exists for layer 2 services
 # Phase: post-extra
 merge_config_group $TOP_DIR/local.conf post-extra
 
 
 # Run local script
-# ================
+# ----------------
 
 # Run ``local.sh`` if it exists to perform user-managed tasks
 if [[ -x $TOP_DIR/local.sh ]]; then
@@ -1338,6 +1351,7 @@ if is_service_enabled cinder; then
     fi
 fi
 
+
 # Fin
 # ===
 
@@ -1354,11 +1368,12 @@ fi
 
 
 # Using the cloud
-# ---------------
+# ===============
 
 echo ""
 echo ""
 echo ""
+echo "This is your host ip: $HOST_IP"
 
 # If you installed Horizon on this server you should be able
 # to access the site using your browser.
@@ -1368,15 +1383,11 @@ fi
 
 # If Keystone is present you can point ``nova`` cli to this server
 if is_service_enabled keystone; then
-    echo "Keystone is serving at $KEYSTONE_SERVICE_URI/v2.0/"
-    echo "Examples on using novaclient command line is in exercise.sh"
+    echo "Keystone is serving at $KEYSTONE_SERVICE_URI/"
     echo "The default users are: admin and demo"
     echo "The password: $ADMIN_PASSWORD"
 fi
 
-# Echo ``HOST_IP`` - useful for ``build_uec.sh``, which uses dhcp to give the instance an address
-echo "This is your host ip: $HOST_IP"
-
 # Warn that a deprecated feature was used
 if [[ -n "$DEPRECATED_TEXT" ]]; then
     echo_summary "WARNING: $DEPRECATED_TEXT"
diff --git a/stackrc b/stackrc
index 143298c347..c27ead3c24 100644
--- a/stackrc
+++ b/stackrc
@@ -5,7 +5,7 @@
 # Find the other rc files
 RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 
-# Source required devstack functions and globals
+# Source required DevStack functions and globals
 source $RC_DIR/functions
 
 # Destination path for installation
@@ -41,20 +41,20 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 #  enable_service q-dhcp
 #  enable_service q-l3
 #  enable_service q-meta
-#  # Optional, to enable tempest configuration as part of devstack
+#  # Optional, to enable tempest configuration as part of DevStack
 #  enable_service tempest
 
-# this allows us to pass ENABLED_SERVICES
+# This allows us to pass ``ENABLED_SERVICES``
 if ! isset ENABLED_SERVICES ; then
-    # core compute (glance / keystone / nova (+ nova-network))
+    # Compute (Glance / Keystone / Nova (+ nova-network))
     ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-novnc,n-xvnc,n-cauth
-    # cinder
+    # Cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
-    # heat
+    # Heat
     ENABLED_SERVICES+=,h-eng,h-api,h-api-cfn,h-api-cw
-    # dashboard
+    # Dashboard
     ENABLED_SERVICES+=,horizon
-    # additional services
+    # Additional services
     ENABLED_SERVICES+=,rabbit,tempest,mysql
 fi
 
@@ -79,7 +79,7 @@ ENABLE_HTTPD_MOD_WSGI_SERVICES=True
 # Tell Tempest which services are available.  The default is set here as
 # Tempest falls late in the configuration sequence.  This differs from
 # ``ENABLED_SERVICES`` in that the project names are used here rather than
-# the service names, i.e.: TEMPEST_SERVICES="key,glance,nova"
+# the service names, i.e.: ``TEMPEST_SERVICES="key,glance,nova"``
 TEMPEST_SERVICES=""
 
 # Set the default Nova APIs to enable
@@ -145,6 +145,7 @@ GIT_TIMEOUT=${GIT_TIMEOUT:-0}
 #   but pass through any extras)
 REQUIREMENTS_MODE=${REQUIREMENTS_MODE:-strict}
 
+
 # Repositories
 # ------------
 
@@ -155,16 +156,17 @@ GIT_BASE=${GIT_BASE:-git://git.openstack.org}
 # Which libraries should we install from git instead of using released
 # versions on pypi?
 #
-# By default devstack is now installing libraries from pypi instead of
+# By default DevStack is now installing libraries from pypi instead of
 # from git repositories by default. This works great if you are
 # developing server components, but if you want to develop libraries
-# and see them live in devstack you need to tell devstack it should
+# and see them live in DevStack you need to tell DevStack it should
 # install them from git.
 #
 # ex: LIBS_FROM_GIT=python-keystoneclient,oslo.config
 #
 # Will install those 2 libraries from git, the rest from pypi.
 
+
 ##############
 #
 #  OpenStack Server Components
@@ -231,6 +233,7 @@ SWIFT_BRANCH=${SWIFT_BRANCH:-master}
 TROVE_REPO=${TROVE_REPO:-${GIT_BASE}/openstack/trove.git}
 TROVE_BRANCH=${TROVE_BRANCH:-master}
 
+
 ##############
 #
 #  Testing Components
@@ -306,6 +309,7 @@ GITBRANCH["python-openstackclient"]=${OPENSTACKCLIENT_BRANCH:-master}
 # this doesn't exist in a lib file, so set it here
 GITDIR["python-openstackclient"]=$DEST/python-openstackclient
 
+
 ###################
 #
 #  Oslo Libraries
@@ -396,6 +400,7 @@ GITBRANCH["tooz"]=${TOOZ_BRANCH:-master}
 GITREPO["pbr"]=${PBR_REPO:-${GIT_BASE}/openstack-dev/pbr.git}
 GITBRANCH["pbr"]=${PBR_BRANCH:-master}
 
+
 ##################
 #
 #  Libraries managed by OpenStack programs (non oslo)
@@ -453,6 +458,7 @@ OCC_BRANCH=${OCC_BRANCH:-master}
 ORC_REPO=${ORC_REPO:-${GIT_BASE}/openstack/os-refresh-config.git}
 ORC_BRANCH=${ORC_BRANCH:-master}
 
+
 #################
 #
 #  3rd Party Components (non pip installable)
@@ -474,7 +480,6 @@ SPICE_REPO=${SPICE_REPO:-http://anongit.freedesktop.org/git/spice/spice-html5.gi
 SPICE_BRANCH=${SPICE_BRANCH:-master}
 
 
-
 # Nova hypervisor configuration.  We default to libvirt with **kvm** but will
 # drop back to **qemu** if we are unable to load the kvm module.  ``stack.sh`` can
 # also install an **LXC**, **OpenVZ** or **XenAPI** based system.  If xenserver-core
@@ -641,7 +646,7 @@ ENABLE_DEBUG_LOG_LEVEL=$(trueorfalse True ENABLE_DEBUG_LOG_LEVEL)
 
 # Set fixed and floating range here so we can make sure not to use addresses
 # from either range when attempting to guess the IP to use for the host.
-# Note that setting FIXED_RANGE may be necessary when running DevStack
+# Note that setting ``FIXED_RANGE`` may be necessary when running DevStack
 # in an OpenStack cloud that uses either of these address ranges internally.
 FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.0/24}
 FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}
@@ -669,9 +674,10 @@ LOG_COLOR=$(trueorfalse True LOG_COLOR)
 # Set to 0 to disable shallow cloning
 GIT_DEPTH=${GIT_DEPTH:-0}
 
-# Use native SSL for servers in SSL_ENABLED_SERVICES
+# Use native SSL for servers in ``SSL_ENABLED_SERVICES``
 USE_SSL=$(trueorfalse False USE_SSL)
 
+
 # Following entries need to be last items in file
 
 # Compatibility bits required by other callers like Grenade
@@ -693,7 +699,6 @@ USE_SSL=$(trueorfalse False USE_SSL)
 # For compat, if SCREEN_LOGDIR is set, it will be used to create back-compat symlinks to the LOGDIR
 # symlinks to SCREEN_LOGDIR (compat)
 
-
 # Set up new logging defaults
 if [[ -z "${LOGDIR:-}" ]]; then
     default_logdir=$DEST/logs
@@ -718,8 +723,8 @@ if [[ -z "${LOGDIR:-}" ]]; then
     unset default_logdir logfile
 fi
 
-# LOGDIR is always set at this point so it is not useful as a 'enable' for service logs
-# SCREEN_LOGDIR may be set, it is useful to enable the compat symlinks
+# ``LOGDIR`` is always set at this point so it is not useful as a 'enable' for service logs
+# ``SCREEN_LOGDIR`` may be set, it is useful to enable the compat symlinks
 
 # Local variables:
 # mode: shell-script
diff --git a/tools/build_docs.sh b/tools/build_docs.sh
index 2aa0a0ac04..fda86c05cd 100755
--- a/tools/build_docs.sh
+++ b/tools/build_docs.sh
@@ -2,8 +2,8 @@
 
 # **build_docs.sh** - Build the docs for DevStack
 #
-# - Install shocco if not found on PATH and INSTALL_SHOCCO is set
-# - Clone MASTER_REPO branch MASTER_BRANCH
+# - Install shocco if not found on ``PATH`` and ``INSTALL_SHOCCO`` is set
+# - Clone ``MASTER_REPO`` branch ``MASTER_BRANCH``
 # - Re-creates ``doc/build/html`` directory from existing repo + new generated script docs
 
 # Usage:
@@ -16,7 +16,7 @@
 
 HTML_BUILD=doc/build/html
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 
 # Uses this shocco branch: https://github.com/dtroyer/shocco/tree/rst_support
diff --git a/tools/build_venv.sh b/tools/build_venv.sh
index 11d1d35208..cfa39a82e0 100755
--- a/tools/build_venv.sh
+++ b/tools/build_venv.sh
@@ -4,11 +4,12 @@
 #
 # build_venv.sh venv-path [package [...]]
 #
+# Installs basic common prereq packages that require compilation
+# to allow quick copying of resulting venv as a baseline
+#
 # Assumes:
 # - a useful pip is installed
 # - virtualenv will be installed by pip
-# - installs basic common prereq packages that require compilation
-#   to allow quick copying of resulting venv as a baseline
 
 
 VENV_DEST=${1:-.venv}
@@ -16,14 +17,14 @@ shift
 
 MORE_PACKAGES="$@"
 
-# If TOP_DIR is set we're being sourced rather than running stand-alone
+# If ``TOP_DIR`` is set we're being sourced rather than running stand-alone
 # or in a sub-shell
 if [[ -z "$TOP_DIR" ]]; then
 
     set -o errexit
     set -o nounset
 
-    # Keep track of the devstack directory
+    # Keep track of the DevStack directory
     TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
     FILES=$TOP_DIR/files
 
diff --git a/tools/build_wheels.sh b/tools/build_wheels.sh
index f1740dfbd6..c57568fa64 100755
--- a/tools/build_wheels.sh
+++ b/tools/build_wheels.sh
@@ -4,21 +4,22 @@
 #
 # build_wheels.sh [package [...]]
 #
-# System package prerequisites listed in files/*/devlibs will be installed
+# System package prerequisites listed in ``files/*/devlibs`` will be installed
 #
 # Builds wheels for all virtual env requirements listed in
 # ``venv-requirements.txt`` plus any supplied on the command line.
 #
-# Assumes ``tools/install_pip.sh`` has been run and a suitable pip/setuptools is available.
+# Assumes:
+# - ``tools/install_pip.sh`` has been run and a suitable ``pip/setuptools`` is available.
 
-# If TOP_DIR is set we're being sourced rather than running stand-alone
+# If ``TOP_DIR`` is set we're being sourced rather than running stand-alone
 # or in a sub-shell
 if [[ -z "$TOP_DIR" ]]; then
 
     set -o errexit
     set -o nounset
 
-    # Keep track of the devstack directory
+    # Keep track of the DevStack directory
     TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
     FILES=$TOP_DIR/files
 
@@ -59,7 +60,7 @@ virtualenv $TMP_VENV_PATH
 # Install modern pip and wheel
 PIP_VIRTUAL_ENV=$TMP_VENV_PATH pip_install -U pip wheel
 
-# VENV_PACKAGES is a list of packages we want to pre-install
+# ``VENV_PACKAGES`` is a list of packages we want to pre-install
 VENV_PACKAGE_FILE=$FILES/venv-requirements.txt
 if [[ -r $VENV_PACKAGE_FILE ]]; then
     VENV_PACKAGES=$(grep -v '^#' $VENV_PACKAGE_FILE)
diff --git a/tools/create-stack-user.sh b/tools/create-stack-user.sh
index 9c29ecd901..b49164b22a 100755
--- a/tools/create-stack-user.sh
+++ b/tools/create-stack-user.sh
@@ -17,7 +17,7 @@
 
 set -o errexit
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 
 # Import common functions
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index f8edd16ecd..2efb4e0987 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -17,7 +17,7 @@
 #   - uninstall firewalld (f20 only)
 
 
-# If TOP_DIR is set we're being sourced rather than running stand-alone
+# If ``TOP_DIR`` is set we're being sourced rather than running stand-alone
 # or in a sub-shell
 if [[ -z "$TOP_DIR" ]]; then
     set -o errexit
@@ -27,7 +27,7 @@ if [[ -z "$TOP_DIR" ]]; then
     TOOLS_DIR=$(cd $(dirname "$0") && pwd)
     TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
 
-    # Change dir to top of devstack
+    # Change dir to top of DevStack
     cd $TOP_DIR
 
     # Import common functions
@@ -38,7 +38,7 @@ fi
 
 # Keystone Port Reservation
 # -------------------------
-# Reserve and prevent $KEYSTONE_AUTH_PORT and $KEYSTONE_AUTH_PORT_INT from
+# Reserve and prevent ``KEYSTONE_AUTH_PORT`` and ``KEYSTONE_AUTH_PORT_INT`` from
 # being used as ephemeral ports by the system. The default(s) are 35357 and
 # 35358 which are in the Linux defined ephemeral port range (in disagreement
 # with the IANA ephemeral port range). This is a workaround for bug #1253482
@@ -47,9 +47,9 @@ fi
 # exception into the Kernel for the Keystone AUTH ports.
 keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
 
-# only do the reserved ports when available, on some system (like containers)
+# Only do the reserved ports when available, on some system (like containers)
 # where it's not exposed we are almost pretty sure these ports would be
-# exclusive for our devstack.
+# exclusive for our DevStack.
 if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
     # Get any currently reserved ports, strip off leading whitespace
     reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
@@ -59,7 +59,7 @@ if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
         sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
     else
         # If there are currently reserved ports, keep those and also reserve the
-        # keystone specific ports. Duplicate reservations are merged into a single
+        # Keystone specific ports. Duplicate reservations are merged into a single
         # reservation (or range) automatically by the kernel.
         sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
     fi
diff --git a/tools/image_list.sh b/tools/image_list.sh
index 88c1d09379..204280704e 100755
--- a/tools/image_list.sh
+++ b/tools/image_list.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 
 source $TOP_DIR/functions
diff --git a/tools/info.sh b/tools/info.sh
index a8f9544073..433206e8ae 100755
--- a/tools/info.sh
+++ b/tools/info.sh
@@ -2,7 +2,7 @@
 
 # **info.sh**
 
-# Produce a report on the state of devstack installs
+# Produce a report on the state of DevStack installs
 #
 # Output fields are separated with '|' chars
 # Output types are git,localrc,os,pip,pkg:
@@ -14,7 +14,7 @@
 #   pkg||
 
 function usage {
-    echo "$0 - Report on the devstack configuration"
+    echo "$0 - Report on the DevStack configuration"
     echo ""
     echo "Usage: $0"
     exit 1
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index b7b40c7486..0f7c962b2b 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -16,7 +16,7 @@ set -o xtrace
 TOOLS_DIR=$(cd $(dirname "$0") && pwd)
 TOP_DIR=`cd $TOOLS_DIR/..; pwd`
 
-# Change dir to top of devstack
+# Change dir to top of DevStack
 cd $TOP_DIR
 
 # Import common functions
@@ -42,11 +42,11 @@ function get_versions {
 
 
 function install_get_pip {
-    # the openstack gate and others put a cached version of get-pip.py
+    # The OpenStack gate and others put a cached version of get-pip.py
     # for this to find, explicitly to avoid download issues.
     #
-    # However, if devstack *did* download the file, we want to check
-    # for updates; people can leave thier stacks around for a long
+    # However, if DevStack *did* download the file, we want to check
+    # for updates; people can leave their stacks around for a long
     # time and in the mean-time pip might get upgraded.
     #
     # Thus we use curl's "-z" feature to always check the modified
@@ -74,7 +74,7 @@ function configure_pypi_alternative_url {
         touch $PIP_CONFIG_FILE
     fi
     if ! ini_has_option "$PIP_CONFIG_FILE" "global" "index-url"; then
-        #it means that the index-url does not exist
+        # It means that the index-url does not exist
         iniset "$PIP_CONFIG_FILE" "global" "index-url" "$PYPI_OVERRIDE"
     fi
 
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 917980ccc5..a07e58d3e6 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -18,10 +18,10 @@ while getopts ":f" opt; do
     esac
 done
 
-# If TOP_DIR is set we're being sourced rather than running stand-alone
+# If ``TOP_DIR`` is set we're being sourced rather than running stand-alone
 # or in a sub-shell
 if [[ -z "$TOP_DIR" ]]; then
-    # Keep track of the devstack directory
+    # Keep track of the DevStack directory
     TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 
     # Import common functions
@@ -65,7 +65,7 @@ PACKAGES=$(get_packages general $ENABLED_SERVICES)
 PACKAGES="$PACKAGES $(get_plugin_packages)"
 
 if is_ubuntu && echo $PACKAGES | grep -q dkms ; then
-    # ensure headers for the running kernel are installed for any DKMS builds
+    # Ensure headers for the running kernel are installed for any DKMS builds
     PACKAGES="$PACKAGES linux-headers-$(uname -r)"
 fi
 
diff --git a/tools/ironic/scripts/create-node b/tools/ironic/scripts/create-node
index 25b53d47f3..b018acddc9 100755
--- a/tools/ironic/scripts/create-node
+++ b/tools/ironic/scripts/create-node
@@ -6,13 +6,13 @@
 
 set -ex
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 
 NAME=$1
 CPU=$2
 MEM=$(( 1024 * $3 ))
-# extra G to allow fuzz for partition table : flavor size and registered size
+# Extra G to allow fuzz for partition table : flavor size and registered size
 # need to be different to actual size.
 DISK=$(( $4 + 1))
 
diff --git a/tools/ironic/scripts/setup-network b/tools/ironic/scripts/setup-network
index e326bf8ccd..83308ed416 100755
--- a/tools/ironic/scripts/setup-network
+++ b/tools/ironic/scripts/setup-network
@@ -9,7 +9,7 @@ set -exu
 
 LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"}
 
-# Keep track of the devstack directory
+# Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 BRIDGE_SUFFIX=${1:-''}
 BRIDGE_NAME=brbm$BRIDGE_SUFFIX
@@ -19,7 +19,7 @@ export VIRSH_DEFAULT_CONNECT_URI="$LIBVIRT_CONNECT_URI"
 # Only add bridge if missing
 (sudo ovs-vsctl list-br | grep ${BRIDGE_NAME}$) || sudo ovs-vsctl add-br ${BRIDGE_NAME}
 
-# remove bridge before replacing it.
+# Remove bridge before replacing it.
 (virsh net-list | grep "${BRIDGE_NAME} ") && virsh net-destroy ${BRIDGE_NAME}
 (virsh net-list --inactive  | grep "${BRIDGE_NAME} ") && virsh net-undefine ${BRIDGE_NAME}
 
diff --git a/tools/outfilter.py b/tools/outfilter.py
index 9686a387c2..f82939be1d 100755
--- a/tools/outfilter.py
+++ b/tools/outfilter.py
@@ -14,8 +14,8 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-# This is an output filter to filter and timestamp the logs from grenade and
-# devstack. Largely our awk filters got beyond the complexity level which were
+# This is an output filter to filter and timestamp the logs from Grenade and
+# DevStack. Largely our awk filters got beyond the complexity level which were
 # sustainable, so this provides us much more control in a single place.
 #
 # The overhead of running python should be less than execing `date` a million
@@ -32,7 +32,7 @@
 
 def get_options():
     parser = argparse.ArgumentParser(
-        description='Filter output by devstack and friends')
+        description='Filter output by DevStack and friends')
     parser.add_argument('-o', '--outfile',
                         help='Output file for content',
                         default=None)
@@ -52,7 +52,7 @@ def main():
     if opts.outfile:
         outfile = open(opts.outfile, 'a', 0)
 
-    # otherwise fileinput reprocess args as files
+    # Otherwise fileinput reprocess args as files
     sys.argv = []
     while True:
         line = sys.stdin.readline()
@@ -63,9 +63,9 @@ def main():
         if skip_line(line):
             continue
 
-        # this prevents us from nesting date lines, because
-        # we'd like to pull this in directly in grenade and not double
-        # up on devstack lines
+        # This prevents us from nesting date lines, because
+        # we'd like to pull this in directly in Grenade and not double
+        # up on DevStack lines
         if HAS_DATE.search(line) is None:
             now = datetime.datetime.utcnow()
             line = ("%s | %s" % (
diff --git a/unstack.sh b/unstack.sh
index c45af7400c..30981fd3c6 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -19,7 +19,7 @@ while getopts ":a" opt; do
     esac
 done
 
-# Keep track of the current devstack directory.
+# Keep track of the current DevStack directory.
 TOP_DIR=$(cd $(dirname "$0") && pwd)
 FILES=$TOP_DIR/files
 

From 32d6bc6ad1f5d857c8e34e15001f8eb8666c601c Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Sun, 29 Mar 2015 14:16:44 -0500
Subject: [PATCH 0559/3421] Add inc/rootwrap

Rootwrap shouldn't be a unique snowflake.  Plus the binaries tend
to be called assuming PATH will find them.  Not so with venvs
so we need to work around that brokenness.

Configure Cinder and Nova to use configure_rootwrap().

Change-Id: I8ee1f66014875caf20a2d14ff6ef3672673ba85a
---
 functions    |  1 +
 inc/rootwrap | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 lib/cinder   | 38 +-------------------------
 lib/nova     | 38 +-------------------------
 4 files changed, 80 insertions(+), 74 deletions(-)
 create mode 100644 inc/rootwrap

diff --git a/functions b/functions
index 5bc8456281..4dc20e7f23 100644
--- a/functions
+++ b/functions
@@ -15,6 +15,7 @@ FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 source ${FUNC_DIR}/functions-common
 source ${FUNC_DIR}/inc/ini-config
 source ${FUNC_DIR}/inc/python
+source ${FUNC_DIR}/inc/rootwrap
 
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
diff --git a/inc/rootwrap b/inc/rootwrap
new file mode 100644
index 0000000000..bac8e1e86c
--- /dev/null
+++ b/inc/rootwrap
@@ -0,0 +1,77 @@
+#!/bin/bash
+#
+# **inc/rootwrap** - Rootwrap functions
+#
+# Handle rootwrap's foibles
+
+# Uses: ``STACK_USER``
+# Defines: ``SUDO_SECURE_PATH_FILE``
+
+# Save trace setting
+INC_ROOT_TRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+# Accumulate all additions to sudo's ``secure_path`` in one file read last
+# so they all work in a venv configuration
+SUDO_SECURE_PATH_FILE=${SUDO_SECURE_PATH_FILE:-/etc/sudoers.d/zz-secure-path}
+
+# Add a directory to the common sudo ``secure_path``
+# add_sudo_secure_path dir
+function add_sudo_secure_path {
+    local dir=$1
+    local line
+
+    # This is pretty simplistic for now - assume only the first line is used
+    if [[ -r SUDO_SECURE_PATH_FILE ]]; then
+        line=$(head -1 $SUDO_SECURE_PATH_FILE)
+    else
+        line="Defaults:$STACK_USER secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin"
+    fi
+
+    # Only add ``dir`` if it is not already present
+    if [[ $line =~ $dir ]]; then
+        echo "${line}:$dir" | sudo tee $SUDO_SECURE_PATH_FILE
+        sudo chmod 400 $SUDO_SECURE_PATH_FILE
+        sudo chown root:root $SUDO_SECURE_PATH_FILE
+    fi
+}
+
+# Configure rootwrap
+# Make a load of assumptions otherwise we'll have 6 arguments
+# configure_rootwrap project bin conf-src-dir
+function configure_rootwrap {
+    local project=$1                    # xx
+    local rootwrap_bin=$2               # /opt/stack/xx.venv/bin/xx-rootwrap
+    local rootwrap_conf_src_dir=$3      # /opt/stack/xx/etc/xx
+
+    # Start fresh with rootwrap filters
+    sudo rm -rf /etc/${project}/rootwrap.d
+    sudo install -d -o root -g root -m 755 /etc/${project}/rootwrap.d
+    sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.d/*.filters /etc/${project}/rootwrap.d
+
+    # Set up rootwrap.conf, pointing to /etc/*/rootwrap.d
+    sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf
+    sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
+
+    # Specify rootwrap.conf as first parameter to rootwrap
+    rootwrap_sudo_cmd="$rootwrap_bin /etc/${project}/rootwrap.conf *"
+
+    # Set up the rootwrap sudoers
+    local tempfile=$(mktemp)
+    echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >$tempfile
+    chmod 0440 $tempfile
+    sudo chown root:root $tempfile
+    sudo mv $tempfile /etc/sudoers.d/${project}-rootwrap
+
+    # Add bin dir to sudo's secure_path because rootwrap is being called
+    # without a path because BROKEN.
+    add_sudo_secure_path $(dirname $rootwrap_bin)
+}
+
+
+# Restore xtrace
+$INC_ROOT_TRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/cinder b/lib/cinder
index 27fd692292..de41bc5f79 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -171,42 +171,6 @@ function cleanup_cinder {
     fi
 }
 
-# Deploy new rootwrap filters files and configure sudo
-# configure_cinder_rootwrap() - configure Cinder's rootwrap
-function configure_cinder_rootwrap {
-    local cinder_rootwrap=$CINDER_BIN_DIR/cinder-rootwrap
-
-    # Wipe any existing rootwrap.d files first
-    if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then
-        sudo rm -rf $CINDER_CONF_DIR/rootwrap.d
-    fi
-
-    # Deploy filters to /etc/cinder/rootwrap.d
-    sudo install -d -o root -g root -m 755 $CINDER_CONF_DIR/rootwrap.d
-    sudo install -o root -g root -m 644 $CINDER_DIR/etc/cinder/rootwrap.d/*.filters $CINDER_CONF_DIR/rootwrap.d
-
-    # Set up rootwrap.conf, pointing to /etc/cinder/rootwrap.d
-    sudo install -o root -g root -m 644 $CINDER_DIR/etc/cinder/rootwrap.conf $CINDER_CONF_DIR
-    sudo sed -e "s:^filters_path=.*$:filters_path=$CINDER_CONF_DIR/rootwrap.d:" -i $CINDER_CONF_DIR/rootwrap.conf
-
-    # Specify rootwrap.conf as first parameter to rootwrap
-    ROOTWRAP_CSUDOER_CMD="$cinder_rootwrap $CINDER_CONF_DIR/rootwrap.conf *"
-
-    # Set up the rootwrap sudoers for cinder
-    local tempfile=`mktemp`
-    echo "Defaults:$STACK_USER secure_path=$CINDER_BIN_DIR:/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >$tempfile
-    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CSUDOER_CMD" >>$tempfile
-    chmod 0440 $tempfile
-    sudo chown root:root $tempfile
-    sudo mv $tempfile /etc/sudoers.d/cinder-rootwrap
-
-    # So rootwrap and PATH are broken beyond belief.  WTF relies on a SECURE operation
-    # to blindly follow PATH???  We learned that was a bad idea in the 80's!
-    # So to fix this in a venv, we must exploit the very hole we want to close by dropping
-    # a copy of the venv rootwrap binary into /usr/local/bin.
-    #sudo cp -p $cinder_rootwrap /usr/local/bin
-}
-
 # configure_cinder() - Set config files, create data dirs, etc
 function configure_cinder {
     sudo install -d -o $STACK_USER -m 755 $CINDER_CONF_DIR
@@ -215,7 +179,7 @@ function configure_cinder {
 
     rm -f $CINDER_CONF
 
-    configure_cinder_rootwrap
+    configure_rootwrap cinder $CINDER_BIN_DIR/cinder-rootwrap $CINDER_DIR/etc/cinder
 
     cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI
 
diff --git a/lib/nova b/lib/nova
index 385da4e44b..807dfceeae 100644
--- a/lib/nova
+++ b/lib/nova
@@ -223,42 +223,6 @@ function cleanup_nova {
     #fi
 }
 
-# Deploy new rootwrap filters files and configure sudo
-# configure_nova_rootwrap() - configure Nova's rootwrap
-function configure_nova_rootwrap {
-    nova_rootwrap=$NOVA_BIN_DIR/nova-rootwrap
-
-    # Wipe any existing rootwrap.d files first
-    if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then
-        sudo rm -rf $NOVA_CONF_DIR/rootwrap.d
-    fi
-
-    # Deploy filters to /etc/nova/rootwrap.d
-    sudo install -d -o root -g root -m 755 $NOVA_CONF_DIR/rootwrap.d
-    sudo install -o root -g root -m 644  $NOVA_DIR/etc/nova/rootwrap.d/*.filters $NOVA_CONF_DIR/rootwrap.d
-
-    # Set up rootwrap.conf, pointing to /etc/nova/rootwrap.d
-    sudo install -o root -g root -m 644 $NOVA_DIR/etc/nova/rootwrap.conf $NOVA_CONF_DIR
-    sudo sed -e "s:^filters_path=.*$:filters_path=$NOVA_CONF_DIR/rootwrap.d:" -i $NOVA_CONF_DIR/rootwrap.conf
-
-    # Specify rootwrap.conf as first parameter to nova-rootwrap
-    local rootwrap_sudoer_cmd="$nova_rootwrap $NOVA_CONF_DIR/rootwrap.conf *"
-
-    # Set up the rootwrap sudoers for nova
-    local tempfile=`mktemp`
-    echo "Defaults:$STACK_USER secure_path=$NOVA_BIN_DIR:/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >$tempfile
-    echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd" >>$tempfile
-    chmod 0440 $tempfile
-    sudo chown root:root $tempfile
-    sudo mv $tempfile /etc/sudoers.d/nova-rootwrap
-
-    # So rootwrap and PATH are broken beyond belief.  WTF relies on a SECURE operation
-    # to blindly follow PATH???  We learned that was a bad idea in the 80's!
-    # So to fix this in a venv, we must exploit the very hole we want to close by dropping
-    # a copy of the venv rootwrap binary into /usr/local/bin.
-    #sudo cp -p $nova_rootwrap /usr/local/bin
-}
-
 # configure_nova() - Set config files, create data dirs, etc
 function configure_nova {
     # Put config files in ``/etc/nova`` for everyone to find
@@ -266,7 +230,7 @@ function configure_nova {
 
     install_default_policy nova
 
-    configure_nova_rootwrap
+    configure_rootwrap nova $NOVA_BIN_DIR/nova-rootwrap $NOVA_DIR/etc/nova
 
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
         # Get the sample configuration file in place

From e929fdd47e31919bb8e30d2300e3c8e43b1bb9cc Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Mon, 30 Mar 2015 15:11:11 +1100
Subject: [PATCH 0560/3421] Remove keystone public/admin_endpoint options

The public_endpoint and admin_endpoint options are used to set the base
hostname when listing versions. If they are not provided then the
response will use the same hostname as the request was made with - which
is almost always what you actually want.

This means devstack will respond correctly to a version list when behind
a floating IP for example.

Change-Id: Idc48b9d7bee9751deb24d730fdc560b163f39dfe
---
 lib/keystone | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index 1e39ab6bc2..1d12583b42 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -237,9 +237,6 @@ function configure_keystone {
 
     iniset_rpc_backend keystone $KEYSTONE_CONF
 
-    # Set the URL advertised in the ``versions`` structure returned by the '/' route
-    iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/"
-    iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/"
     iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
 
     # Register SSL certificates if provided

From 5f2eb6dade5f3b19b8905b97d8e4018b5e068321 Mon Sep 17 00:00:00 2001
From: James Polley 
Date: Mon, 30 Mar 2015 17:36:26 +1100
Subject: [PATCH 0561/3421] Add a target for, and link to, minimal config docs

Reading through the docs for the first time, the reader encounters an
instruction to provide a minimal configuration, with a link that they'd
expect to tell them how to do this.

At present the link actually takes them to the top of
configuration.html, where they read some history about how devstack's
configuration has changed over time.

This is interesting and important and should be in the docs - but in my
opinion a link about setting up a minimal configuration would be more
useful if it takes me to a place that tells them about a minimal
configuration.

To get this, I've had to an an explicit link target into
configuration.rst. I'm not hugely keen on this approach, as I don't
think it scales well. I'd be open to suggestions about other
approaches. The only idea I've had so far though is to simply move the
minimal configuration section right to the top of the page, so that a
link to the doc is a link to the minimal config - the historical
information could be moved to its own topic somewhere further down the doc.

Change-Id: I231ca1b7f17b55f09a4e058dab8ee433893f737e
---
 doc/source/configuration.rst | 2 ++
 doc/source/index.rst         | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index a0d0840263..1cc7083bb4 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -95,6 +95,8 @@ Also note that the ``localrc`` section is sourced as a shell script
 fragment and MUST conform to the shell requirements, specifically no
 whitespace around ``=`` (equals).
 
+.. _minimal-configuration:
+
 Minimal Configuration
 =====================
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index c31287cd57..4435b495ae 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -41,8 +41,7 @@ Quick Start
 
 #. Configure
 
-   We recommend at least a :doc:`minimal
-   configuration ` be set up.
+   We recommend at least a :ref:`minimal-configuration` be set up.
 
 #. Start the install
 

From 0c04c12b3f91638560544e2b56a2994ac8015557 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Mon, 30 Mar 2015 18:15:19 +0200
Subject: [PATCH 0562/3421] Swift PyEClib build requires 'make'

PyEClib was introduced recently to swift-master. It tries
to build liberasurecode which requires the `make` binary.

Change-Id: I8acfed4f7b46a29eac36f6acbe1d66e7fff800db
---
 files/debs/swift | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/debs/swift b/files/debs/swift
index b32b43985a..0089d27fee 100644
--- a/files/debs/swift
+++ b/files/debs/swift
@@ -1,4 +1,5 @@
 curl
+make
 memcached
 # NOTE python-nose only exists because of swift functional job, we should probably
 # figure out a more consistent way of installing this from test-requirements.txt instead

From 206c596d693d429cbbfa738e4e0a397c646d77c1 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 30 Mar 2015 13:56:11 -0400
Subject: [PATCH 0563/3421] add back python-guestfs

This is needed otherwise we fall back to the nbd code path which is
super hacky. This shouldn't have been deleted for the venv path.

Change-Id: If5cb6cb4944bd0ed3548d53c98443b76725d1c0c
---
 lib/nova_plugins/functions-libvirt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 60707cf859..edcf73ebe2 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -24,13 +24,13 @@ function install_libvirt {
         install_package libvirt-bin libvirt-dev
         pip_install libvirt-python
         install_package libguestfs0
-        #install_package python-guestfs
+        install_package python-guestfs
         #pip_install 
     elif is_fedora || is_suse; then
         install_package kvm
         install_package libvirt libvirt-devel
         pip_install libvirt-python
-        #install_package python-libguestfs
+        install_package python-libguestfs
     fi
 
     # Restart firewalld after install of libvirt to avoid a problem

From 84ee55b3ee3630945792fa849d793a6d71d2364d Mon Sep 17 00:00:00 2001
From: Adam Gandelman 
Date: Mon, 30 Mar 2015 14:25:27 -0700
Subject: [PATCH 0564/3421] Set fixed_network_name in Tempest config

This previously defatuled to 'private' and aligned with devstack's
defaults but it has since been updated to 'None'.  This sets the config
value according to devstack's.

Change-Id: I3f480d5480521a93992bedfe602eb20a4999263d
Closes-bug: #1438415
---
 lib/tempest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tempest b/lib/tempest
index b3a4c7b6e3..3f33512cf6 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -331,6 +331,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute flavor_ref $flavor_ref
     iniset $TEMPEST_CONFIG compute flavor_ref_alt $flavor_ref_alt
     iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
+    iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
 
     # Compute Features
     # Run ``verify_tempest_config -ur`` to retrieve enabled extensions on API endpoints

From f3d52335e728995209feec1c9813d341c2690cb7 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Sat, 28 Mar 2015 10:14:47 -0500
Subject: [PATCH 0565/3421] Add basic Makefile

There are a couple of targets in here that some might find useful in
doing DevStack testing in multiple remote VMs.

There are some of the usual boring targets too, like stack and unstack,
that do exactly what you would expect.

Change-Id: I7974cac4cc527bacf6f183ac1f344428b05f2fdc
---
 Makefile | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 Makefile

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..082aff21d2
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,104 @@
+# DevStack Makefile of Sanity
+
+# Interesting targets:
+# ds-remote - Create a Git remote for use by ds-push and ds-pull targets
+#             DS_REMOTE_URL must be set on the command line
+#
+# ds-push - Merge a list of branches taken from .ds-test and push them
+#           to the ds-remote repo in ds-test branch
+#
+# ds-pull - Pull the remote ds-test branch into a fresh local branch
+#
+# refresh - Performs a sequence of unstack, refresh and stack
+
+# Duplicated from stackrc for now
+DEST=/opt/stack
+WHEELHOUSE=$(DEST)/.wheelhouse
+
+all:
+	echo "This just saved you from a terrible mistake!"
+
+# Do Some Work
+stack:
+	./stack.sh
+
+unstack:
+	./unstack.sh
+
+wheels:
+	WHEELHOUSE=$(WHEELHOUSE) tools/build-wheels.sh
+
+docs:
+	tox -edocs
+
+# Just run the shocco source formatting build
+docs-build:
+	INSTALL_SHOCCO=True tools/build_docs.sh
+
+# Just run the Sphinx docs build
+docs-rst:
+	python setup.py build_sphinx
+
+# Run the bashate test
+bashate:
+	tox -ebashate
+
+# Run the function tests
+test:
+	tests/test_ini_config.sh
+	tests/test_meta_config.sh
+	tests/test_ip.sh
+	tests/test_refs.sh
+
+# Spiff up the place a bit
+clean:
+	./clean.sh
+	rm -rf accrc doc/build test*-e *.egg-info
+
+# Clean out the cache too
+realclean: clean
+	rm -rf files/cirros*.tar.gz files/Fedora*.qcow2 $(WHEELHOUSE)
+
+# Repo stuffs
+
+pull:
+	git pull
+
+
+# These repo targets are used to maintain a branch in a remote repo that
+# consists of one or more local branches merged and pushed to the remote.
+# This is most useful for iterative testing on multiple or remote servers
+# while keeping the working repo local.
+#
+# It requires:
+# * a remote pointing to a remote repo, often GitHub is used for this
+# * a branch name to be used on the remote
+# * a local file containing the list of local branches to be merged into
+#   the remote branch
+
+GIT_REMOTE_NAME=ds-test
+GIT_REMOTE_BRANCH=ds-test
+
+# Push the current branch to a remote named ds-test
+ds-push:
+	git checkout master
+	git branch -D $(GIT_REMOTE_BRANCH) || true
+	git checkout -b $(GIT_REMOTE_BRANCH)
+	for i in $(shell cat .$(GIT_REMOTE_BRANCH) | grep -v "^#" | grep "[^ ]"); do \
+	  git merge --no-edit $$i; \
+	done
+	git push -f $(GIT_REMOTE_NAME) HEAD:$(GIT_REMOTE_BRANCH)
+
+# Pull the ds-test branch
+ds-pull:
+	git checkout master
+	git branch -D $(GIT_REMOTE_BRANCH) || true
+	git pull $(GIT_REMOTE_NAME) $(GIT_REMOTE_BRANCH)
+	git checkout $(GIT_REMOTE_BRANCH)
+
+# Add the remote - set DS_REMOTE_URL=htps://example.com/ on the command line
+ds-remote:
+	git remote add $(GIT_REMOTE_NAME) $(DS_REMOTE_URL)
+
+# Refresh the current DevStack checkout nd re-initialize
+refresh: unstack ds-pull stack

From ae7b4f9b9e811f2c0abfb4f7f4e85dd91ca1c2b3 Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Tue, 31 Mar 2015 20:49:15 +0200
Subject: [PATCH 0566/3421] functions-libvirt: Enable 'qemu_monitor' logging
 filter for libvirt

A lot of libvirt interactions with QEMU are via the QEMU monitor
console, which allows you to either query or modify the state of a
virtual machine. Spefici examples include: querying the status of live
block operations, live snapshot operations, live migration, etc.

Enabling the 'qemu_monitor' log filter allows us to capture precisely
what commands libvirt is sending to QEMU.

Note that the log level was intentionally set to '1' (i.e. debug) for
this specific filter, because (a) it's not extremely verbose, (b) when
something breaks, it's helpful to have the exact sequence of
interactions between libvirt and QEMU.

Change-Id: Iba95b6bd7c9f197c8d48c7d978f538e50d4e31fa
---
 lib/nova_plugins/functions-libvirt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index edcf73ebe2..05ef605b04 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -99,9 +99,9 @@ EOF
             # source file paths, not relative paths. This screws with the matching
             # of '1:libvirt' making everything turn on. So use libvirt.c for now.
             # This will have to be re-visited when Ubuntu ships libvirt >= 1.2.3
-            local log_filters="1:libvirt.c 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util"
+            local log_filters="1:libvirt.c 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor"
         else
-            local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util"
+            local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor"
         fi
         local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
         if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then

From edd60481682bf2cca061f94f113835922cd79709 Mon Sep 17 00:00:00 2001
From: Clark Boylan 
Date: Fri, 27 Mar 2015 09:19:57 -0700
Subject: [PATCH 0567/3421] Update libvirt cpu map before starting nova

We are trying to get a working 64bit qemu cpu model in the gate for nova
live migration testing. It appears that we need to make this change
prior to nova starting.

Make the change in configure_libvirt() to handle this along with the
other libvirt config updates. This allows us to restart the libvirt
service once. This function calls a python tool which parses and updates
the XML if necessary.

Change-Id: I00667713bfba67ab8cedbcb1660ff94d4f4bcc07
---
 lib/nova_plugins/functions-libvirt | 12 +++-
 tools/cpu_map_update.py            | 89 ++++++++++++++++++++++++++++++
 2 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100755 tools/cpu_map_update.py

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 4d617e8b5e..763afaf596 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -110,10 +110,18 @@ EOF
         fi
     fi
 
+    # Update the libvirt cpu map with a gate64 cpu model. This enables nova
+    # live migration for 64bit guest OSes on heterogenous cloud "hardware".
+    if [[ -f /usr/share/libvirt/cpu_map.xml ]] ; then
+        sudo $TOP_DIR/tools/cpu_map_update.py /usr/share/libvirt/cpu_map.xml
+    fi
+
     # libvirt detects various settings on startup, as we potentially changed
     # the system configuration (modules, filesystems), we need to restart
-    # libvirt to detect those changes.
-    restart_service $LIBVIRT_DAEMON
+    # libvirt to detect those changes. Use a stop start as otherwise the new
+    # cpu_map is not loaded properly on some systems (Ubuntu).
+    stop_service $LIBVIRT_DAEMON
+    start_service $LIBVIRT_DAEMON
 }
 
 
diff --git a/tools/cpu_map_update.py b/tools/cpu_map_update.py
new file mode 100755
index 0000000000..1938793114
--- /dev/null
+++ b/tools/cpu_map_update.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This small script updates the libvirt CPU map to add a gate64 cpu model
+# that can be used to enable a common 64bit capable feature set across
+# devstack nodes so that features like nova live migration work.
+
+import sys
+import xml.etree.ElementTree as ET
+from xml.dom import minidom
+
+
+def update_cpu_map(tree):
+    root = tree.getroot()
+    cpus = root#.find("cpus")
+    x86 = None
+    for arch in cpus.findall("arch"):
+        if arch.get("name") == "x86":
+            x86 = arch
+            break
+    if x86 is not None:
+        # Create a gate64 cpu model that is core2duo less monitor and pse36
+        gate64 = ET.SubElement(x86, "model")
+        gate64.set("name", "gate64")
+        ET.SubElement(gate64, "vendor").set("name", "Intel")
+        ET.SubElement(gate64, "feature").set("name", "fpu")
+        ET.SubElement(gate64, "feature").set("name", "de")
+        ET.SubElement(gate64, "feature").set("name", "pse")
+        ET.SubElement(gate64, "feature").set("name", "tsc")
+        ET.SubElement(gate64, "feature").set("name", "msr")
+        ET.SubElement(gate64, "feature").set("name", "pae")
+        ET.SubElement(gate64, "feature").set("name", "mce")
+        ET.SubElement(gate64, "feature").set("name", "cx8")
+        ET.SubElement(gate64, "feature").set("name", "apic")
+        ET.SubElement(gate64, "feature").set("name", "sep")
+        ET.SubElement(gate64, "feature").set("name", "pge")
+        ET.SubElement(gate64, "feature").set("name", "cmov")
+        ET.SubElement(gate64, "feature").set("name", "pat")
+        ET.SubElement(gate64, "feature").set("name", "mmx")
+        ET.SubElement(gate64, "feature").set("name", "fxsr")
+        ET.SubElement(gate64, "feature").set("name", "sse")
+        ET.SubElement(gate64, "feature").set("name", "sse2")
+        ET.SubElement(gate64, "feature").set("name", "vme")
+        ET.SubElement(gate64, "feature").set("name", "mtrr")
+        ET.SubElement(gate64, "feature").set("name", "mca")
+        ET.SubElement(gate64, "feature").set("name", "clflush")
+        ET.SubElement(gate64, "feature").set("name", "pni")
+        ET.SubElement(gate64, "feature").set("name", "nx")
+        ET.SubElement(gate64, "feature").set("name", "ssse3")
+        ET.SubElement(gate64, "feature").set("name", "syscall")
+        ET.SubElement(gate64, "feature").set("name", "lm")
+
+
+def format_xml(root):
+    # Adapted from http://pymotw.com/2/xml/etree/ElementTree/create.html
+    # thank you dhellmann
+    rough_string = ET.tostring(root, encoding="UTF-8")
+    dom_parsed = minidom.parseString(rough_string)
+    return dom_parsed.toprettyxml("  ", encoding="UTF-8")
+
+
+def main():
+    if len(sys.argv) != 2:
+        raise Exception("Must pass path to cpu_map.xml to update")
+    cpu_map = sys.argv[1]
+    tree = ET.parse(cpu_map)
+    for model in tree.getroot().iter("model"):
+        if model.get("name") == "gate64":
+            # gate64 model is already present
+            return
+    update_cpu_map(tree)
+    pretty_xml = format_xml(tree.getroot())
+    with open(cpu_map, 'w') as f:
+        f.write(pretty_xml)
+
+
+if __name__ == "__main__":
+    main()

From d3cfb82c65ae7f85b9d92e1245b1d81792a5641b Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Wed, 1 Apr 2015 11:30:57 +0200
Subject: [PATCH 0568/3421] functions-libvirt: Enable DEBUG_LIBVIRT config
 attribute by default

Enabling it by default because:

  - This allows you to get the relevant logs right away when something
    in the libvirt code path fails, without having to submit another
    change and keep doing a 'recheck' to re-run the CI check/gate jobs
    until you hit the bug.

  - The libvirt log filters specified in the function
    'configure_libvirt' are much more _selective_ and not a catch-all
    debug option where you end up with the unhelpful situation of having
    to find a "specific piece of hay in a haystack"[1].

FWIW, I always have it enabled in local test environments, and I don't
see the resulting libvirtd.log growing beyond a couple of MB for
three-four days of usage.

[1] http://lists.openstack.org/pipermail/openstack-dev/2014-January/024414.html

Change-Id: I5e0b35446075b419fe473e1db8d0bfedd7009741
---
 lib/nova_plugins/functions-libvirt | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 05ef605b04..1a8e0e4e75 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -14,8 +14,11 @@ set +o xtrace
 # Defaults
 # --------
 
-# if we should turn on massive libvirt debugging
-DEBUG_LIBVIRT=$(trueorfalse False DEBUG_LIBVIRT)
+# Turn on selective debug log filters for libvirt.
+# (NOTE: Enabling this by default, because the log filters enabled in
+# 'configure_libvirt' function further below are _selective_ and not
+# extremely verbose.)
+DEBUG_LIBVIRT=$(trueorfalse True DEBUG_LIBVIRT)
 
 # Installs required distro-specific libvirt packages.
 function install_libvirt {

From 279cfe75198c723519f1fb361b2bff3c641c6cef Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 1 Apr 2015 07:33:55 -0400
Subject: [PATCH 0569/3421] minimize the default services

This changes the default service list in devstack to minimize what is
running out of the box, so that it's likelihood of working in a 4G vm
is much higher.

This removes heat from the default enabled service list.

It drops the ec2 only needed n-obj and n-crt services.

It drops all the alternative consoles (xvnc, consoleauth). novnc is
fine for libvirt which is the default.

It adds dstat, because that's turned out to be so useful in debugging
things.

Change-Id: I84457260dff6f42a5c6ebcc2c60fb6e01aec9567
---
 stackrc | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/stackrc b/stackrc
index c27ead3c24..0d8f059c1b 100644
--- a/stackrc
+++ b/stackrc
@@ -46,16 +46,18 @@ REGION_NAME=${REGION_NAME:-RegionOne}
 
 # This allows us to pass ``ENABLED_SERVICES``
 if ! isset ENABLED_SERVICES ; then
-    # Compute (Glance / Keystone / Nova (+ nova-network))
-    ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,n-sch,n-novnc,n-xvnc,n-cauth
+    # Keystone - nothing works without keystone
+    ENABLED_SERVICES=key
+    # Nova - services to support libvirt based openstack clouds
+    ENABLED_SERVICES=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc
+    # Glance services needed for Nova
+    ENABLED_SERVICES=,g-api,g-reg
     # Cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
-    # Heat
-    ENABLED_SERVICES+=,h-eng,h-api,h-api-cfn,h-api-cw
     # Dashboard
     ENABLED_SERVICES+=,horizon
     # Additional services
-    ENABLED_SERVICES+=,rabbit,tempest,mysql
+    ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat
 fi
 
 # SQLAlchemy supports multiple database drivers for each database server

From ba1c56bf5e292df74b17eebdc998c74428c925a7 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 1 Apr 2015 07:40:10 -0400
Subject: [PATCH 0570/3421] remove extraneous +x bits from lib files

2 files had execute bits set on them, fix as a cleanup. These files
should not be directly executed.

Change-Id: Ic0fdb85d77a3b47ef777524faf4fcdb0d8cedece
---
 lib/glance         | 0
 lib/neutron-legacy | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 lib/glance
 mode change 100755 => 100644 lib/neutron-legacy

diff --git a/lib/glance b/lib/glance
old mode 100755
new mode 100644
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
old mode 100755
new mode 100644

From 6c0da09b00fcfa8c4a9d34fb2ed08f6c704ed06e Mon Sep 17 00:00:00 2001
From: Jay Faulkner 
Date: Thu, 26 Mar 2015 15:19:32 -0700
Subject: [PATCH 0571/3421] Prepare devstack for Ironic cleaning testing

This patch changes the two config options required for Ironic to
successfully test cleaning in devstack.

First, we disable erase_devices clean step. Erase devices in VMs
ends up running shred on the drives for the agent driver, which is
incredibly slow and completely unneeded in devstack.

Additionally, we allow Ironic more time to complete the unprovision
after the nova instance is deleted. This time is spend in the CLEANING
state to clean up the node.

This is related to the Ironic blueprint "implement-cleaning-states".

Change-Id: I77081165a80491da3e66d8a4554b6d71fc3d9353
---
 lib/ironic  | 1 +
 lib/tempest | 1 +
 2 files changed, 2 insertions(+)

diff --git a/lib/ironic b/lib/ironic
index b99e3255d5..9651ec3189 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -370,6 +370,7 @@ function configure_ironic_conductor {
         iniset $IRONIC_CONF_FILE glance swift_container glance
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
         iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30
+        iniset $IRONIC_CONF_FILE agent agent_erase_devices_priority 0
     fi
 
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
diff --git a/lib/tempest b/lib/tempest
index 8672a14338..c981c2ba74 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -476,6 +476,7 @@ function configure_tempest {
     # Baremetal
     if [ "$VIRT_DRIVER" = "ironic" ] ; then
         iniset $TEMPEST_CONFIG baremetal driver_enabled True
+        iniset $TEMPEST_CONFIG baremetal unprovision_timeout 300
         iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
         iniset $TEMPEST_CONFIG compute-feature-enabled console_output False
         iniset $TEMPEST_CONFIG compute-feature-enabled interface_attach False

From d2cb234be4b5e6d70635fc7578d951a42a41cc4a Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Thu, 2 Apr 2015 11:08:24 -0400
Subject: [PATCH 0572/3421] Set qcow image file location with right cirros
 version

This commit ensures we also set the qcow image location in the
tempest config when we update qcow version. The tempest config has
a default value for img_file (which is incorrect) but before we can
remove the defaults in tempest we need to ensure devstack is using
it properly first. The only reason the tests weren't failing here is
because tempest falls back to using uec images (which devstack was
correctly setting config for) if qcow isn't found. The img_dir was
also hardcoded assuming a uec image, however if qcow is intended to be
used you'll need to be able to override that, which is added as
part of this commit.

Change-Id: I05af346b3c9be9560dc8846dd1f437cfbb2d5005
---
 lib/tempest | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 3f33512cf6..7d7cf11469 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -401,10 +401,12 @@ function configure_tempest {
     fi
 
     # Scenario
-    iniset $TEMPEST_CONFIG scenario img_dir "$FILES/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec"
+    SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
+    iniset $TEMPEST_CONFIG scenario img_dir $SCENARIO_IMAGE_DIR
     iniset $TEMPEST_CONFIG scenario ami_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-blank.img"
     iniset $TEMPEST_CONFIG scenario ari_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd"
     iniset $TEMPEST_CONFIG scenario aki_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-vmlinuz"
+    iniset $TEMPEST_CONFIG scenario img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img"
 
     # Large Ops Number
     iniset $TEMPEST_CONFIG scenario large_ops_number ${TEMPEST_LARGE_OPS_NUMBER:-0}

From 7cc3907ff1070858af2fcc8dd2d5b480f83022b6 Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Mon, 30 Mar 2015 20:49:22 +0300
Subject: [PATCH 0573/3421] install euca2ools for tempest preparation

euca-bundle-image can be run only if euca2ools is installed.
but now it doesn't installed and several tests for EC2 doesn't run.

Change-Id: Ib3824052d5f4155d3cb5c0ef6fe334d44de5153c
---
 lib/tempest | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 3f33512cf6..d8692dcce9 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -562,6 +562,8 @@ function init_tempest {
             echo "Prepare aki/ari/ami Images"
             mkdir -p $BOTO_MATERIALS_PATH
             ( #new namespace
+                # euca2ools should be installed to call euca-* commands
+                is_package_installed euca2ools || install_package euca2ools
                 # tenant:demo ; user: demo
                 source $TOP_DIR/accrc/demo/demo
                 euca-bundle-image -r ${CIRROS_ARCH} -i "$kernel" --kernel true -d "$BOTO_MATERIALS_PATH"

From 40e652af0e40203e870d6d4c3b8d77176ef8785d Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Thu, 2 Apr 2015 22:39:59 +0300
Subject: [PATCH 0574/3421] Use ec2 and s3 urls from keystone catalog

In current implemetation these two urls are defined from Nova
definitions. And urls point to nova. But standalone EC2API
project has another urls that are defined in keystone catalog
in plugin setup.
I suggest to use urls from catalog to be able to test
stackforge/ec2-api by current tempest.

Change-Id: Ibec8c36a8c2fc7ea3d8fab57819adae5f7378045
---
 lib/tempest | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 3f33512cf6..9f7e62608c 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -271,6 +271,15 @@ function configure_tempest {
         fi
     fi
 
+    EC2_URL=$(openstack endpoint show -f value -c publicurl ec2 || true)
+    if [[ -z $EC2_URL ]]; then
+        EC2_URL="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
+    fi
+    S3_URL=$(openstack endpoint show -f value -c publicurl s3 || true)
+    if [[ -z $S3_URL ]]; then
+        S3_URL="http://$SERVICE_HOST:${S3_SERVICE_PORT:-3333}"
+    fi
+
     iniset $TEMPEST_CONFIG DEFAULT use_syslog $SYSLOG
 
     # Oslo
@@ -375,8 +384,8 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions
 
     # boto
-    iniset $TEMPEST_CONFIG boto ec2_url "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
-    iniset $TEMPEST_CONFIG boto s3_url "http://$SERVICE_HOST:${S3_SERVICE_PORT:-3333}"
+    iniset $TEMPEST_CONFIG boto ec2_url "$EC2_URL"
+    iniset $TEMPEST_CONFIG boto s3_url "$S3_URL"
     iniset $TEMPEST_CONFIG boto s3_materials_path "$BOTO_MATERIALS_PATH"
     iniset $TEMPEST_CONFIG boto ari_manifest cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd.manifest.xml
     iniset $TEMPEST_CONFIG boto ami_manifest cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-blank.img.manifest.xml

From b58e22d170cc01467adf9cbb191aeb9351317f37 Mon Sep 17 00:00:00 2001
From: Andrew Laski 
Date: Thu, 2 Apr 2015 17:56:43 -0400
Subject: [PATCH 0575/3421] If cells enabled create a fixed network in the API
 cell

Now that tempest is querying for a network before making server create
calls the fixed network needs to be known by the API cell.  Server
creates should work for networks defined in both databases, but defining
a new network via the API will continue to not work.

Change-Id: I32461add0d20940a55385c8b34cd493e2561615e
---
 stack.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/stack.sh b/stack.sh
index 8ab82348f3..adcaa219cc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1214,6 +1214,9 @@ if is_service_enabled q-svc; then
 elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-net; then
     NM_CONF=${NOVA_CONF}
     if is_service_enabled n-cell; then
+        # Create a small network in the API cell
+        $NOVA_BIN_DIR/nova-manage --config-file $NM_CONF network create "$PRIVATE_NETWORK_NAME" $FIXED_RANGE 1 $FIXED_NETWORK_SIZE $NETWORK_CREATE_ARGS
+        # Everything else should go in the child cell
         NM_CONF=${NOVA_CELLS_CONF}
     fi
 

From db02bbf107ff0a9f0ffcf3dc8a9b9219ccd7a2c0 Mon Sep 17 00:00:00 2001
From: Raman Budny 
Date: Tue, 31 Mar 2015 13:09:09 +0300
Subject: [PATCH 0576/3421] Fixes ovs-vsctl add port issue

Setup of OVS may fail, if ports that are added,
are already exist. Add "--may-exist" directive to OVS
add-port command to prevent this behaviour.

Change-Id: I2280be9a63a4a6fbc747b5e32b602697b555ffa8
Closes-Bug: #1394162
---
 lib/neutron-legacy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index d3dd8dd33e..c6d9296fba 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -801,7 +801,7 @@ function _move_neutron_addresses_route {
         fi
 
         if [[ "$add_ovs_port" == "True" ]]; then
-            ADD_OVS_PORT="sudo ovs-vsctl add-port $to_intf $from_intf"
+            ADD_OVS_PORT="sudo ovs-vsctl --may-exist add-port $to_intf $from_intf"
         fi
 
         sudo ip addr del $IP_BRD dev $from_intf; sudo ip addr add $IP_BRD dev $to_intf; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE

From 72a3312904d9a97a99929bf1001a6fef4d8bfa00 Mon Sep 17 00:00:00 2001
From: Sushil Kumar 
Date: Fri, 3 Apr 2015 09:28:50 +0000
Subject: [PATCH 0577/3421] Fixes devstack stackrc

One of the earlier patchset while updating stackrc
missed on adding "+=" while adding multiple services.

Closes-Bug: #1439983
Change-Id: I74f788e15b7da05a93fc8d99c562e51386b65053
---
 stackrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index 0d8f059c1b..abedb001d1 100644
--- a/stackrc
+++ b/stackrc
@@ -49,9 +49,9 @@ if ! isset ENABLED_SERVICES ; then
     # Keystone - nothing works without keystone
     ENABLED_SERVICES=key
     # Nova - services to support libvirt based openstack clouds
-    ENABLED_SERVICES=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc
+    ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc
     # Glance services needed for Nova
-    ENABLED_SERVICES=,g-api,g-reg
+    ENABLED_SERVICES+=,g-api,g-reg
     # Cinder
     ENABLED_SERVICES+=,c-sch,c-api,c-vol
     # Dashboard

From 5e5a29cc8c83b3f9032de2482987bb9989422b7b Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 3 Apr 2015 08:52:29 -0400
Subject: [PATCH 0578/3421] fix bashate target

there was a missing -or which meant we weren't running this on most of
the files in the repository.

Change-Id: If926afc8f12f6beb80d7a9af7c787b3dcc360a89
---
 tox.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index bc84928d95..279dcd4f66 100644
--- a/tox.ini
+++ b/tox.ini
@@ -20,7 +20,7 @@ commands = bash -c "find {toxinidir}          \
           -name \*.sh -or                     \
           -name \*rc -or                      \
           -name functions\* -or               \
-          -wholename \*/inc/\*                \ # /inc files and
+          -wholename \*/inc/\* -or            \ # /inc files and
           -wholename \*/lib/\*                \ # /lib files are shell, but
          \)                                   \ #   have no extension
          -print0 | xargs -0 bashate -v"

From a79e1011ca15bee9d1f326270e516edeab6a5257 Mon Sep 17 00:00:00 2001
From: Dane LeBlanc 
Date: Thu, 26 Mar 2015 14:48:07 -0400
Subject: [PATCH 0579/3421] Remove unused IPv6 setup from DevStack neutron
 script

With the implementation of dual-stack gateway support
as part of the Neutron multiple-ipv6-prefixes
blueprint, some of the code in the IPv6 setup in the
DevStack neutron legacy script must be removed. This
code had been added temporarily, with a TODO note
indicating that this code should be removed when
the Neutron L3 agent is modified to support
dual-stack.

Without this change, DevStack will fail to configure
the Neutron router gateway interface (there will be
no external connectivity) whenever IP_VERSION is set
to '4+6' in localrc/local.conf, since
first DevStack and later the Neutron L3 agent will be
trying to ADD the IPv6 address to the router gateway
interface.

This change also includes a modification of the
default prefix to be used for the public IPv6
subnet. The new value (2001:df8::/64) is a special
reserved prefix that will be treated as non-routable
external to the OpenStack instance.

Change-Id: I85fe68782bc54f28f3e14aa4a1d042cb15959dac
Partially-implements: blueprint multiple-ipv6-prefixes
---
 lib/neutron-legacy | 46 ++++++----------------------------------------
 1 file changed, 6 insertions(+), 40 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c6d9296fba..8eb9e62a90 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -57,9 +57,6 @@
 # Settings
 # --------
 
-# Timeout value in seconds to wait for IPv6 gateway configuration
-GATEWAY_TIMEOUT=30
-
 
 # Neutron Network Configuration
 # -----------------------------
@@ -90,12 +87,9 @@ IPV6_PUBLIC_SUBNET_NAME=${IPV6_PUBLIC_SUBNET_NAME:-ipv6-public-subnet}
 IPV6_PRIVATE_SUBNET_NAME=${IPV6_PRIVATE_SUBNET_NAME:-ipv6-private-subnet}
 FIXED_RANGE_V6=${FIXED_RANGE_V6:-fd$IPV6_GLOBAL_ID::/64}
 IPV6_PRIVATE_NETWORK_GATEWAY=${IPV6_PRIVATE_NETWORK_GATEWAY:-fd$IPV6_GLOBAL_ID::1}
-IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-fe80:cafe:cafe::/64}
-IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-fe80:cafe:cafe::2}
-# IPV6_ROUTER_GW_IP must be defined when IP_VERSION=4+6 as it cannot be
-# obtained conventionally until the l3-agent has support for dual-stack
-# TODO (john-davidge) Remove once l3-agent supports dual-stack
-IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-fe80:cafe:cafe::1}
+IPV6_PUBLIC_RANGE=${IPV6_PUBLIC_RANGE:-2001:db8::/64}
+IPV6_PUBLIC_NETWORK_GATEWAY=${IPV6_PUBLIC_NETWORK_GATEWAY:-2001:db8::2}
+IPV6_ROUTER_GW_IP=${IPV6_ROUTER_GW_IP:-2001:db8::1}
 
 # Set up default directories
 GITDIR["python-neutronclient"]=$DEST/python-neutronclient
@@ -1291,20 +1285,12 @@ function _neutron_configure_router_v6 {
 
     # This logic is specific to using the l3-agent for layer 3
     if is_service_enabled q-l3; then
-        local ipv6_router_gw_port
         # Ensure IPv6 forwarding is enabled on the host
         sudo sysctl -w net.ipv6.conf.all.forwarding=1
         # Configure and enable public bridge
-        if [[ "$IP_VERSION" = "6" ]]; then
-            # Override global IPV6_ROUTER_GW_IP with the true value from neutron
-            IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
-            die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
-            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
-            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
-        else
-            ipv6_router_gw_port=`neutron port-list -c id -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $1; }' | awk -F ' | ' '{ print $2; }'`
-            die_if_not_set $LINENO ipv6_router_gw_port "Failure retrieving ipv6_router_gw_port"
-        fi
+        # Override global IPV6_ROUTER_GW_IP with the true value from neutron
+        IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
+        die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
 
         # The ovs_base_configure_l3_agent function flushes the public
         # bridge's ip addresses, so turn IPv6 support in the host off
@@ -1321,28 +1307,8 @@ function _neutron_configure_router_v6 {
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
 
-            # Define router_ns based on whether DVR is enabled
-            local router_ns=qrouter
-            if [[ "$Q_DVR_MODE" == "dvr_snat" ]]; then
-                router_ns=snat
-            fi
-
             # Configure interface for public bridge
             sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
-
-            # Wait until layer 3 agent has configured the gateway port on
-            # the public bridge, then add gateway address to the interface
-            # TODO (john-davidge) Remove once l3-agent supports dual-stack
-            if [[ "$IP_VERSION" == "4+6" ]]; then
-                if ! timeout $GATEWAY_TIMEOUT sh -c "until sudo ip netns exec $router_ns-$ROUTER_ID ip addr show qg-${ipv6_router_gw_port:0:11} | grep $ROUTER_GW_IP; do sleep 1; done"; then
-                    die $LINENO "Timeout retrieving ROUTER_GW_IP"
-                fi
-                # Configure the gateway port with the public IPv6 adress
-                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 addr add $IPV6_ROUTER_GW_IP/$ipv6_cidr_len dev qg-${ipv6_router_gw_port:0:11}
-                # Add a default IPv6 route to the neutron router as the
-                # l3-agent does not add one in the dual-stack case
-                sudo ip netns exec $router_ns-$ROUTER_ID ip -6 route replace default via $ipv6_ext_gw_ip dev qg-${ipv6_router_gw_port:0:11}
-            fi
             sudo ip -6 route add $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
         fi
         _neutron_set_router_id

From bcef63ed4306ac8cbfac5c68c828b10e129c3475 Mon Sep 17 00:00:00 2001
From: Andrew McDermott 
Date: Wed, 1 Apr 2015 15:47:36 +0000
Subject: [PATCH 0580/3421] Update qemu package name for Ubuntu aarch64

The qemu-system package, and not qemu-kvm, should be installed on either
trusty- or utopic-based ARMv8 (aarch64) Ubuntu releases. Additionally,
libguestfs is not available so that is not installed.

No changes are required for vivid.

Change-Id: Id9dc1fc465bd7acab17c991c292fb531016758ad
Signed-off-by: Andrew McDermott 
---
 lib/nova_plugins/functions-libvirt | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 lib/nova_plugins/functions-libvirt

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
old mode 100644
new mode 100755
index fa3666eff7..d4a07688cd
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -23,11 +23,15 @@ DEBUG_LIBVIRT=$(trueorfalse True DEBUG_LIBVIRT)
 # Installs required distro-specific libvirt packages.
 function install_libvirt {
     if is_ubuntu; then
-        install_package qemu-kvm
+        if is_arch "aarch64" && [[ ${DISTRO} =~ (trusty|utopic) ]]; then
+            install_package qemu-system
+        else
+            install_package qemu-kvm
+            install_package libguestfs0
+            install_package python-guestfs
+        fi
         install_package libvirt-bin libvirt-dev
         pip_install libvirt-python
-        install_package libguestfs0
-        install_package python-guestfs
         #pip_install 
     elif is_fedora || is_suse; then
         install_package kvm

From 33ba738b052cd642f7ea2e6c2196e193be14122f Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Mon, 6 Apr 2015 10:25:54 -0700
Subject: [PATCH 0581/3421] Revert "List all CIRROS ARCH images in
 image_list.sh"

This reverts commit 71e82f52bde99b4bf791ea1558f1abf86019a384.

aioppcu now uses x86_64 so no need to list the i386 images for caching.

Change-Id: If500367c8bf3fdb4590c866e007ecd7de1ab5781
Depends-On: I839e1c724821ba2624beddb5233eda24b50c149f
---
 tools/image_list.sh | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/tools/image_list.sh b/tools/image_list.sh
index 204280704e..a27635effd 100755
--- a/tools/image_list.sh
+++ b/tools/image_list.sh
@@ -9,8 +9,6 @@ source $TOP_DIR/functions
 # dummy in the end position to trigger the fall through case.
 DRIVERS="openvz ironic libvirt vsphere xenserver dummy"
 
-CIRROS_ARCHS="x86_64 i386"
-
 # Extra variables to trigger getting additional images.
 export ENABLED_SERVICES="h-api,tr-api"
 HEAT_FETCHED_TEST_IMAGE="Fedora-i386-20-20131211.1-sda"
@@ -19,15 +17,12 @@ PRECACHE_IMAGES=True
 # Loop over all the virt drivers and collect all the possible images
 ALL_IMAGES=""
 for driver in $DRIVERS; do
-    for arch in $CIRROS_ARCHS; do
-        CIRROS_ARCH=$arch
-        VIRT_DRIVER=$driver
-        URLS=$(source $TOP_DIR/stackrc && echo $IMAGE_URLS)
-        if [[ ! -z "$ALL_IMAGES" ]]; then
-            ALL_IMAGES+=,
-        fi
-        ALL_IMAGES+=$URLS
-    done
+    VIRT_DRIVER=$driver
+    URLS=$(source $TOP_DIR/stackrc && echo $IMAGE_URLS)
+    if [[ ! -z "$ALL_IMAGES" ]]; then
+        ALL_IMAGES+=,
+    fi
+    ALL_IMAGES+=$URLS
 done
 
 # Make a nice list

From 8c6276ea0a2332f5210fc1f16399281c083520cd Mon Sep 17 00:00:00 2001
From: Raseel Bhagat 
Date: Tue, 7 Apr 2015 03:15:45 +0530
Subject: [PATCH 0582/3421] Added libxml2-dev package as a pre-requisite when
 installing tempest. This is required so that devstack can be installed on
 vanilla Ubuntu systems.

Closes-Bug: 1225395

Change-Id: Id9116e00e18c23e8e6391d8aa652c04d8bdb86c3
---
 files/debs/tempest | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/files/debs/tempest b/files/debs/tempest
index f244e4e783..bb095297e0 100644
--- a/files/debs/tempest
+++ b/files/debs/tempest
@@ -1 +1,2 @@
-libxslt1-dev
\ No newline at end of file
+libxml2-dev
+libxslt1-dev

From 0089035504a97fca58cb2383f62ccbb4e6108820 Mon Sep 17 00:00:00 2001
From: Yuki Nishiwaki 
Date: Sun, 29 Mar 2015 23:35:39 +0900
Subject: [PATCH 0583/3421] Assurance status of rabbitmq is running

I changed it so that rabbitmq always restart.

Current devstack don't restart rabbitmq in case of ubuntu. Because
rabbitmq is running at default.
But this approach have the following bug.
If rabbitmq is already installed and not running ,  stack.sh will
fail.
So I change it so that rabbitmq always restart.

Closes-bug: #1030798
Change-Id: Ie45446d3817b2f15631f03b2af84749fe936c67b
---
 lib/rpc_backend | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 3033cbe08e..3d8fd2bd3e 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -201,10 +201,7 @@ function restart_rpc_backend {
 
             [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
 
-            if is_fedora || is_suse; then
-                # service is not started by default
-                restart_service rabbitmq-server
-            fi
+            restart_service rabbitmq-server
 
             rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD" || rc=$?
             if [ $rc -ne 0 ]; then

From 7b9341e1789b31786d10f27a3a3c825fe44bb506 Mon Sep 17 00:00:00 2001
From: Bharat Kumar Kobagana 
Date: Mon, 30 Mar 2015 11:58:10 +0530
Subject: [PATCH 0584/3421] Clone external plugins before overriding defaults

This patch clones external plugin repositories before overriding
default configuration parameters.

Closes-Bug: 1441058
Change-Id: Ie14fcb897cb40b1604bfb5869baa0dec58e51bce
---
 stack.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/stack.sh b/stack.sh
index adcaa219cc..5331beb9b7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -514,6 +514,9 @@ fi
 # Configure Projects
 # ==================
 
+# Clone all external plugins
+fetch_plugins
+
 # Plugin Phase 0: override_defaults - allow pluggins to override
 # defaults before other services are run
 run_phase override_defaults
@@ -540,9 +543,6 @@ source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
 
-# Clone all external plugins
-fetch_plugins
-
 # Extras Source
 # --------------
 

From 97aa81d905ce73054747a56a4ba0d93c308d23a5 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Tue, 7 Apr 2015 16:23:53 -0400
Subject: [PATCH 0585/3421] Fix docs about heat in devtack

In 279cfe75198c723519f1fb361b2bff3c641c6cef, we disabled heat by default.
So fixing the README to reflect that.

Change-Id: I3da257158b37e235eed1c78e0c4df432caeefa1d
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 53de970763..039ce3e548 100644
--- a/README.md
+++ b/README.md
@@ -264,10 +264,10 @@ To change this, set the `Q_AGENT` variable to the agent you want to run
 
 # Heat
 
-Heat is enabled by default (see `stackrc` file). To disable it explicitly
+Heat is disabled by default (see `stackrc` file). To enable it explicitly
 you'll need the following settings in your `localrc` section:
 
-    disable_service heat h-api h-api-cfn h-api-cw h-eng
+    enable_service heat h-api h-api-cfn h-api-cw h-eng
 
 Heat can also run in standalone mode, and be configured to orchestrate
 on an external OpenStack cloud. To launch only Heat in standalone mode

From 60996b1b60c3efb1376b9f0d659acebd05c47f09 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 8 Apr 2015 09:06:49 -0400
Subject: [PATCH 0586/3421] introduce pip_install_gr

This creates a new pip_install_gr that installs from global
requirements allowed versions. Now that stable branches are getting
capped all of devstack needs to be fixed to do things like this.

Change-Id: I8fd0ef2bfc544ca2576fab09d3018f760b8848fe
---
 inc/python                            | 14 +++++++++++++-
 lib/ceilometer                        |  3 +++
 lib/databases/mysql                   |  2 +-
 lib/databases/postgresql              |  2 +-
 lib/horizon                           |  2 +-
 lib/ironic                            |  4 ++--
 lib/keystone                          |  2 +-
 lib/ldap                              |  2 +-
 lib/nova_plugins/functions-libvirt    |  6 +++---
 lib/nova_plugins/hypervisor-xenserver |  2 +-
 lib/rpc_backend                       |  2 +-
 lib/tempest                           |  2 +-
 lib/zaqar                             |  4 ++--
 pkg/elasticsearch.sh                  |  2 +-
 stack.sh                              |  2 +-
 15 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/inc/python b/inc/python
index 39684b6fc5..c7cbb52884 100644
--- a/inc/python
+++ b/inc/python
@@ -52,6 +52,18 @@ function get_python_exec_prefix {
     fi
 }
 
+# Wrapper for ``pip install`` that only installs versions of libraries
+# from the global-requirements specification.
+#
+# Uses globals ``REQUIREMENTS_DIR``
+#
+# pip_install_gr packagename
+function pip_install_gr {
+    local name=$1
+    local clean_name=$(get_from_global_requirements $name)
+    pip_install $clean_name
+}
+
 # Wrapper for ``pip install`` to set cache and proxy environment variables
 # Uses globals ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
 # ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``
@@ -125,7 +137,7 @@ function pip_install {
 # get_from_global_requirements 
 function get_from_global_requirements {
     local package=$1
-    local required_pkg=$(grep -h ${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
+    local required_pkg=$(grep -h ^${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
     if [[ $required_pkg == ""  ]]; then
         die $LINENO "Can't find package $package in requirements"
     fi
diff --git a/lib/ceilometer b/lib/ceilometer
index 81353093b2..dba92ba542 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -315,6 +315,9 @@ function install_ceilometermiddleware {
         git_clone_by_name "ceilometermiddleware"
         setup_dev_lib "ceilometermiddleware"
     else
+        # BUG: this should be a pip_install_gr except it was never
+        # included in global-requirements. Needs to be fixed by
+        # https://bugs.launchpad.net/ceilometer/+bug/1441655
         pip_install ceilometermiddleware
     fi
 }
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 310817b69a..1b9a08199f 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -155,7 +155,7 @@ EOF
 
 function install_database_python_mysql {
     # Install Python client module
-    pip_install MySQL-python
+    pip_install_gr MySQL-python
     ADDITIONAL_VENV_PACKAGES+=",MySQL-python"
 }
 
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index a6bcf8c0a2..e087a1e0d4 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -104,7 +104,7 @@ EOF
 
 function install_database_python_postgresql {
     # Install Python client module
-    pip_install psycopg2
+    pip_install_gr psycopg2
     ADDITIONAL_VENV_PACKAGES+=",psycopg2"
 }
 
diff --git a/lib/horizon b/lib/horizon
index 63a9d0fe46..f953f5cc01 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -183,7 +183,7 @@ function stop_horizon {
 # NOTE: It can be moved to common functions, but it is only used by compilation
 # of django_openstack_auth catalogs at the moment.
 function _prepare_message_catalog_compilation {
-    pip_install $(get_from_global_requirements Babel)
+    pip_install_gr Babel
 }
 
 
diff --git a/lib/ironic b/lib/ironic
index c8481ab992..7afed052e9 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -206,7 +206,7 @@ function install_ironicclient {
         sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ironicclient"]}/tools/,/etc/bash_completion.d/}ironic.bash_completion
     else
         # nothing actually "requires" ironicclient, so force instally from pypi
-        pip_install python-ironicclient
+        pip_install_gr python-ironicclient
     fi
 }
 
@@ -729,7 +729,7 @@ function upload_baremetal_ironic_deploy {
 
     # install diskimage-builder
     if [[ $(type -P ramdisk-image-create) == "" ]]; then
-        pip_install diskimage_builder
+        pip_install_gr "diskimage-builder"
     fi
 
     if [ -z "$IRONIC_DEPLOY_KERNEL" -o -z "$IRONIC_DEPLOY_RAMDISK" ]; then
diff --git a/lib/keystone b/lib/keystone
index 7b41812fca..31659f4338 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -524,7 +524,7 @@ function install_keystonemiddleware {
         setup_dev_lib "keystonemiddleware"
     else
         # When not installing from repo, keystonemiddleware is still needed...
-        pip_install keystonemiddleware
+        pip_install_gr keystonemiddleware
     fi
 }
 
diff --git a/lib/ldap b/lib/ldap
index d69d3f84a5..d2dbc3b728 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -142,7 +142,7 @@ function install_ldap {
         sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
     fi
 
-    pip_install ldappool
+    pip_install_gr ldappool
 
     rm -rf $tmp_ldap_dir
 }
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index d4a07688cd..04da5e2b60 100755
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -31,12 +31,12 @@ function install_libvirt {
             install_package python-guestfs
         fi
         install_package libvirt-bin libvirt-dev
-        pip_install libvirt-python
-        #pip_install 
+        pip_install_gr libvirt-python
+        #pip_install_gr 
     elif is_fedora || is_suse; then
         install_package kvm
         install_package libvirt libvirt-devel
-        pip_install libvirt-python
+        pip_install_gr libvirt-python
         install_package python-libguestfs
     fi
 
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index 4d0ec898ad..efce383222 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -94,7 +94,7 @@ CRONTAB
 
 # install_nova_hypervisor() - Install external components
 function install_nova_hypervisor {
-    pip_install xenapi
+    pip_install_gr xenapi
 }
 
 # start_nova_hypervisor - Start any required external services
diff --git a/lib/rpc_backend b/lib/rpc_backend
index cc083de449..2b7c6cbc64 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -141,7 +141,7 @@ function install_rpc_backend {
         # TODO(kgiusti) can remove once python qpid bindings are
         # available on all supported platforms _and_ pyngus is added
         # to the requirements.txt file in oslo.messaging
-        pip_install pyngus
+        pip_install_gr pyngus
     fi
 
     if is_service_enabled rabbit; then
diff --git a/lib/tempest b/lib/tempest
index e8e9e0b239..cd8fbd725f 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -103,7 +103,7 @@ function configure_tempest {
         setup_develop $TEMPEST_DIR
     else
         # install testr since its used to process tempest logs
-        pip_install $(get_from_global_requirements testrepository)
+        pip_install_gr testrepository
     fi
 
     local image_lines
diff --git a/lib/zaqar b/lib/zaqar
index 34f1915025..8d51910896 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -140,10 +140,10 @@ function configure_zaqar {
 function configure_redis {
     if is_ubuntu; then
         install_package redis-server
-        pip_install redis
+        pip_install_gr redis
     elif is_fedora; then
         install_package redis
-        pip_install redis
+        pip_install_gr redis
     else
         exit_distro_not_supported "redis installation"
     fi
diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index f53c7f2ff2..29dc22fb88 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -77,7 +77,7 @@ function stop_elasticsearch {
 }
 
 function install_elasticsearch {
-    pip_install elasticsearch
+    pip_install_gr elasticsearch
     if is_package_installed elasticsearch; then
         echo "Note: elasticsearch was already installed."
         return
diff --git a/stack.sh b/stack.sh
index adcaa219cc..69b76a9e19 100755
--- a/stack.sh
+++ b/stack.sh
@@ -847,7 +847,7 @@ if use_library_from_git "python-openstackclient"; then
     git_clone_by_name "python-openstackclient"
     setup_dev_lib "python-openstackclient"
 else
-    pip_install 'python-openstackclient>=1.0.2'
+    pip_install_gr python-openstackclient
 fi
 
 if [[ $TRACK_DEPENDS = True ]]; then

From 9860876f5dbb07826b680143a4e111ad580053fe Mon Sep 17 00:00:00 2001
From: Amrith Kumar 
Date: Wed, 8 Apr 2015 15:37:58 -0400
Subject: [PATCH 0587/3421] perform install_infra sooner in stack.sh

The install_infra() call needs to be done earlier since
pip_install_gr() depends on it. Also the fact that python module names
are supposed to be lower case but some use camel case is a problem
(for example with XenAPI).

Change-Id: I7012d77134fa0d9c746d87e837934e7dcb337e5c
Closes-Bug: #1441820
---
 inc/python | 2 +-
 stack.sh   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/inc/python b/inc/python
index c7cbb52884..3d329b59a9 100644
--- a/inc/python
+++ b/inc/python
@@ -137,7 +137,7 @@ function pip_install {
 # get_from_global_requirements 
 function get_from_global_requirements {
     local package=$1
-    local required_pkg=$(grep -h ^${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
+    local required_pkg=$(grep -i -h ^${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
     if [[ $required_pkg == ""  ]]; then
         die $LINENO "Can't find package $package in requirements"
     fi
diff --git a/stack.sh b/stack.sh
index 69b76a9e19..9ecc49c7ca 100755
--- a/stack.sh
+++ b/stack.sh
@@ -714,6 +714,9 @@ fi
 # Extras Pre-install
 # ------------------
 
+# Install required infra support libraries
+install_infra
+
 # Phase: pre-install
 run_phase stack pre-install
 
@@ -733,9 +736,6 @@ fi
 
 echo_summary "Installing OpenStack project source"
 
-# Install required infra support libraries
-install_infra
-
 # Install Oslo libraries
 install_oslo
 

From fcc3f6ee986c1166c001774052c05b5d974593ea Mon Sep 17 00:00:00 2001
From: Clark Laughlin 
Date: Tue, 7 Apr 2015 16:31:47 +0000
Subject: [PATCH 0588/3421] Add support for arm64 images

This patch enables proper support for arm64 images by disabling VNC support
and adding several properties to the image in glance that are necessary to
boot correctly:
  hw_cdrom_bus=virtio
  hw_machine_type=virt
  os_command_line='console=ttyAMA0'

Change-Id: I68c9a5e0e083af2f92875c3bdf70df750f6e4d8f
---
 functions                           | 4 ++++
 lib/nova_plugins/hypervisor-libvirt | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/functions b/functions
index 4dc20e7f23..2078db1e7c 100644
--- a/functions
+++ b/functions
@@ -287,6 +287,10 @@ function upload_image {
         img_property="--property hw_cdrom_bus=scsi"
     fi
 
+    if is_arch "aarch64"; then
+        img_property="--property hw_machine_type=virt --property hw_cdrom_bus=virtio --property os_command_line='console=ttyAMA0'"
+    fi
+
     if [ "$container_format" = "bare" ]; then
         if [ "$unpack" = "zcat" ]; then
             openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 4d1eb6cdcb..a6a87f9164 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -54,6 +54,12 @@ function configure_nova_hypervisor {
         iniset $NOVA_CONF DEFAULT vnc_enabled "false"
     fi
 
+    # arm64-specific configuration
+    if is_arch "aarch64"; then
+        # arm64 architecture currently does not support graphical consoles.
+        iniset $NOVA_CONF DEFAULT vnc_enabled "false"
+    fi
+
     ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
     if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
         # When libguestfs is available for file injection, enable using

From 4d7ee095a18af9e834202e92534d2ba7a0b371c5 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 7 Apr 2015 10:40:49 -0400
Subject: [PATCH 0589/3421] Make screen sleep time configurable

the sleep 3 in screen_it was added to make devstack pass in the gate
with exceptionally slow test cloud nodes. In the gate we now bypass
the screen path entirely. However the sleep 3 remains and can add a
couple minutes delay into local development runs.

We're not sure yet how low this can safely be tuned, so step 1 is to
make it configurable, then get devstack team members to try various
options to see what works.

Change-Id: I0e6476176fc8589efc4e40e78c2231f704d14e45
---
 functions-common | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index f442211a61..f8543c1f98 100644
--- a/functions-common
+++ b/functions-common
@@ -1256,8 +1256,13 @@ function screen_process {
 
     # sleep to allow bash to be ready to be send the command - we are
     # creating a new window in screen and then sends characters, so if
-    # bash isn't running by the time we send the command, nothing happens
-    sleep 3
+    # bash isn't running by the time we send the command, nothing
+    # happens.  This sleep was added originally to handle gate runs
+    # where we needed this to be at least 3 seconds to pass
+    # consistently on slow clouds. Now this is configurable so that we
+    # can determine a reasonable value for the local case which should
+    # be much smaller.
+    sleep ${SCREEN_SLEEP:-3}
 
     NL=`echo -ne '\015'`
     # This fun command does the following:

From 7cf7a8f88f05a6e6994dfb2ff3a6643d21c3048e Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk 
Date: Thu, 9 Apr 2015 11:46:56 +0200
Subject: [PATCH 0590/3421] rpc: Allow to configure the rabbitmq heartbeat

For testing we can need to disable or change the rate of the heartbeat
Currently we have to set the value manually in each componments or
to write multiple [[post-config|$_CONF]] section in local.conf.

This change will allow to configure all componments at once with only two
lines.

Also, we don't set default values to continue to use oslo.messaging
defaults.

Change-Id: Ieaca60ca1cd6d7455b66ce490a9b023df431e9c3
---
 lib/rpc_backend | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 2b7c6cbc64..288987cdf0 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -273,6 +273,12 @@ function iniset_rpc_backend {
         iniset $file oslo_messaging_rabbit rabbit_hosts $RABBIT_HOST
         iniset $file oslo_messaging_rabbit rabbit_password $RABBIT_PASSWORD
         iniset $file oslo_messaging_rabbit rabbit_userid $RABBIT_USERID
+        if [ -n "$RABBIT_HEARTBEAT_TIMEOUT_THRESHOLD" ]; then
+            iniset $file oslo_messaging_rabbit heartbeat_timeout_threshold $RABBIT_HEARTBEAT_TIMEOUT_THRESHOLD
+        fi
+        if [ -n "$RABBIT_HEARTBEAT_RATE" ]; then
+            iniset $file oslo_messaging_rabbit heartbeat_rate $RABBIT_HEARTBEAT_RATE
+        fi
     fi
 }
 

From d394e59b5c43d6dc7107c3ee31cbb0bb07300d13 Mon Sep 17 00:00:00 2001
From: melanie witt 
Date: Wed, 8 Apr 2015 23:02:59 +0000
Subject: [PATCH 0591/3421] Specify network UUID for network create with cells

When the n-cell service is enabled, we create networks in both the
API cell and the child cell. Recent changes to tempest have tests
querying networks from the API and passing them for a server create.
In order for this to work in cells, the UUIDs for the network in
the API cell and the child cell must match, else the network won't
be found in the child.

This change adds the --uuid option to the nova-manage network create
command for cells only.

Related-Bug: #1441931

Depends-On: Ib29e632b09905f557a7a6910d58207ed91cdc047

Change-Id: Ib5933b1405c0761ff727e04cda0c502a826c8eaf
---
 stack.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/stack.sh b/stack.sh
index 69b76a9e19..c795dfcf90 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1214,6 +1214,10 @@ if is_service_enabled q-svc; then
 elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-net; then
     NM_CONF=${NOVA_CONF}
     if is_service_enabled n-cell; then
+        # Both cells should have the same network uuid for server create
+        if [[ ! "$NETWORK_CREATE_ARGS" =~ "--uuid" ]]; then
+            NETWORK_CREATE_ARGS="$NETWORK_CREATE_ARGS --uuid $(uuidgen)"
+        fi
         # Create a small network in the API cell
         $NOVA_BIN_DIR/nova-manage --config-file $NM_CONF network create "$PRIVATE_NETWORK_NAME" $FIXED_RANGE 1 $FIXED_NETWORK_SIZE $NETWORK_CREATE_ARGS
         # Everything else should go in the child cell

From c2dc95add6e46829f1705041c1d9dddab9b360d3 Mon Sep 17 00:00:00 2001
From: armando-migliaccio 
Date: Wed, 8 Apr 2015 23:32:17 -0700
Subject: [PATCH 0592/3421] Avoid flushing br-ex during stacking

This operation seems vestigial, as it was added to the code when stack.sh
did not have a robust cleanup procedure. These days, unstack.sh does destroy
all bridges, therefore during subsequent stack.sh runs (or even initially, from
a clean environment), the flush operation has become superfluous.

Its removal has also been deemeded necessary to enable certain multi-node
cloud deployments, like the one available in OpenStack infra [1].

[1] https://review.openstack.org/#/c/158525/

Change-Id: I6b4e5b82958e6d29dd450f1c4c9513f6a9e5053a
---
 lib/neutron_plugins/ovs_base | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 2997c6c25a..51999c60e4 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -93,11 +93,8 @@ function _neutron_ovs_base_configure_l3_agent {
         sudo ip link set $Q_PUBLIC_VETH_EX up
         sudo ip addr flush dev $Q_PUBLIC_VETH_EX
     else
-        # --no-wait causes a race condition if $PUBLIC_BRIDGE is not up when ip addr flush is called
         sudo ovs-vsctl -- --may-exist add-br $PUBLIC_BRIDGE
         sudo ovs-vsctl br-set-external-id $PUBLIC_BRIDGE bridge-id $PUBLIC_BRIDGE
-        # ensure no IP is configured on the public bridge
-        sudo ip addr flush dev $PUBLIC_BRIDGE
     fi
 }
 

From 13a95a2dc1b429e5aa11148612b0f867fb75f1b0 Mon Sep 17 00:00:00 2001
From: Ghe Rivero 
Date: Thu, 9 Apr 2015 10:23:58 +0200
Subject: [PATCH 0593/3421] Add ironic files to .gitignore

Add pxe booting related files to the .gitignore list

Change-Id: I08cfc98bcdd89f6a9a922f86c86551b661d69fff
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index c6900c881c..76ad830a5e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@ files/*.qcow2
 files/images
 files/pip-*
 files/get-pip.py*
+files/ir-deploy*
 local.conf
 local.sh
 localrc

From f5b550ee2959a30f7e07271e596cee1d7346aa50 Mon Sep 17 00:00:00 2001
From: melanie witt 
Date: Fri, 10 Apr 2015 22:20:07 +0000
Subject: [PATCH 0594/3421] Prevent setting tempest fixed_network_name for
 cells

Instead of creating a network in both the API cell and child cell,
let tempest use the old behavior of not querying networks from the
API for testing server create.

Change-Id: I9809d2b2e796ff1a5ea7e4f25bbeb21bd4817a72
---
 lib/tempest | 4 +++-
 stack.sh    | 7 -------
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index cd8fbd725f..dc5fb5130a 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -340,7 +340,9 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute flavor_ref $flavor_ref
     iniset $TEMPEST_CONFIG compute flavor_ref_alt $flavor_ref_alt
     iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
-    iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
+    if ! is_service_enabled n-cell; then
+        iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
+    fi
 
     # Compute Features
     # Run ``verify_tempest_config -ur`` to retrieve enabled extensions on API endpoints
diff --git a/stack.sh b/stack.sh
index 5cdcbdf9d8..7a5cbcc1fc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1214,13 +1214,6 @@ if is_service_enabled q-svc; then
 elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-net; then
     NM_CONF=${NOVA_CONF}
     if is_service_enabled n-cell; then
-        # Both cells should have the same network uuid for server create
-        if [[ ! "$NETWORK_CREATE_ARGS" =~ "--uuid" ]]; then
-            NETWORK_CREATE_ARGS="$NETWORK_CREATE_ARGS --uuid $(uuidgen)"
-        fi
-        # Create a small network in the API cell
-        $NOVA_BIN_DIR/nova-manage --config-file $NM_CONF network create "$PRIVATE_NETWORK_NAME" $FIXED_RANGE 1 $FIXED_NETWORK_SIZE $NETWORK_CREATE_ARGS
-        # Everything else should go in the child cell
         NM_CONF=${NOVA_CELLS_CONF}
     fi
 

From 93d09c24e35611cc7fc1ef8e6796d177d460fecc Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Sat, 11 Apr 2015 18:45:09 -0400
Subject: [PATCH 0595/3421] Setting LOGFILE to a file in root directory wipes
 everything

clean.sh picks the parent of LOGFILE and wipes it clean! So if you
set it to a log file in the users root directory, you lose everything

We should delete just the LOGFILE and cleanup LOGDIR and SCREEN_LOGDIR if
they are explicitly set.

Change-Id: I45745427dcaed3dcf0b78cc9ed680833d9d555e8
---
 clean.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/clean.sh b/clean.sh
index 035489c045..fa7d56fbac 100755
--- a/clean.sh
+++ b/clean.sh
@@ -114,9 +114,16 @@ sudo rm -f /etc/tgt/conf.d/*
 cleanup_rpc_backend
 cleanup_database
 
-# Clean out data, logs and status
-LOGDIR=$(dirname "$LOGFILE")
-sudo rm -rf $DATA_DIR $LOGDIR $DEST/status
+# Clean out data and status
+sudo rm -rf $DATA_DIR $DEST/status
+
+# Clean out the log file and log directories
+if [[ -n "$LOGFILE" ]] && [[ -f "$LOGFILE" ]]; then
+    sudo rm -f $LOGFILE
+fi
+if [[ -n "$LOGDIR" ]] && [[ -d "$LOGDIR" ]]; then
+    sudo rm -rf $LOGDIR
+fi
 if [[ -n "$SCREEN_LOGDIR" ]] && [[ -d "$SCREEN_LOGDIR" ]]; then
     sudo rm -rf $SCREEN_LOGDIR
 fi

From 8768ee39c4775b656304169e18acce3c3c0dd095 Mon Sep 17 00:00:00 2001
From: Pavlo Shchelokovskyy 
Date: Sun, 12 Apr 2015 10:23:08 +0000
Subject: [PATCH 0596/3421] Ignore *.img images in files folder

Some (qcow) images have .img file name extension (e.g. Cirros).
Ignore such files in files/ folder too (as we already do
with .qcow2 and .gz images).

Change-Id: Iac8593b65205e25fd3f94244a136c584d9af8eab
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index c6900c881c..afc221ffa6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@ doc/files
 doc/build
 files/*.gz
 files/*.qcow2
+files/*.img
 files/images
 files/pip-*
 files/get-pip.py*

From e53e15845144533debc48b32620d420d9f0ece4e Mon Sep 17 00:00:00 2001
From: Daniel Gonzalez 
Date: Tue, 7 Apr 2015 16:44:54 +0200
Subject: [PATCH 0597/3421] Fix readme for multi-node setup

The readme currently states that a compute node in a multi-node setup
requires the glance-api service to be enabled. But actually
the glance-api service is only required on the controller node where
glance-registry is running.
Running the glance-api service on a node without glance-registry will
even lead to a failure of glance-api, as the glance cache directory
will not be created without enabling glance-registry.

Change-Id: Ie92533f3333f3fe3e2d747762e60f2f42a233e79
Closes-bug: #1441198
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 53de970763..faf2d93de7 100644
--- a/README.md
+++ b/README.md
@@ -333,7 +333,7 @@ will balance VMs across hosts:
 You can then run many compute nodes, each of which should have a `stackrc`
 which includes the following, with the IP address of the above controller node:
 
-    ENABLED_SERVICES=n-cpu,rabbit,g-api,neutron,q-agt
+    ENABLED_SERVICES=n-cpu,rabbit,neutron,q-agt
     SERVICE_HOST=[IP of controller node]
     MYSQL_HOST=$SERVICE_HOST
     RABBIT_HOST=$SERVICE_HOST

From 9a808922c194929bff88bdc7dca4f8e2431de1a4 Mon Sep 17 00:00:00 2001
From: Peter Stachowski 
Date: Wed, 8 Apr 2015 19:48:09 +0000
Subject: [PATCH 0598/3421] Use openstack CLI instead of keystone

When running './stack.sh' messages are output stating that
the keystone CLI has been deprecated. These calls should be
replaced to ones utilizing the openstack CLI program instead.

Documentation examples were also updated to reflect the new syntax.

Change-Id: Ib20b8940e317d150e5f6febb618e20bd85d13f8b
Closes-Bug: #1441340
---
 doc/source/eucarc.rst               |  6 +++---
 doc/source/guides/multinode-lab.rst | 26 +++++++++++++-------------
 eucarc                              |  4 ++--
 exercises/client-args.sh            |  2 +-
 lib/ironic                          |  2 +-
 stack.sh                            |  2 +-
 tools/upload_image.sh               |  2 +-
 7 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/doc/source/eucarc.rst b/doc/source/eucarc.rst
index 1284b8883b..c2ecbc6732 100644
--- a/doc/source/eucarc.rst
+++ b/doc/source/eucarc.rst
@@ -13,7 +13,7 @@ EC2\_URL
 
     ::
 
-        EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+        EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
 
 S3\_URL
     Set the S3 endpoint for euca2ools. The endpoint is extracted from
@@ -21,14 +21,14 @@ S3\_URL
 
     ::
 
-        export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+        export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
 
 EC2\_ACCESS\_KEY, EC2\_SECRET\_KEY
     Create EC2 credentials for the current tenant:user in Keystone.
 
     ::
 
-        CREDS=$(keystone ec2-credentials-create)
+        CREDS=$(openstack ec2 credentials create)
         export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
         export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
 
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index ff81c93975..d963243fa8 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -229,10 +229,10 @@ Additional Users
 ----------------
 
 DevStack creates two OpenStack users (``admin`` and ``demo``) and two
-tenants (also ``admin`` and ``demo``). ``admin`` is exactly what it
+projects (also ``admin`` and ``demo``). ``admin`` is exactly what it
 sounds like, a privileged administrative account that is a member of
-both the ``admin`` and ``demo`` tenants. ``demo`` is a normal user
-account that is only a member of the ``demo`` tenant. Creating
+both the ``admin`` and ``demo`` projects. ``demo`` is a normal user
+account that is only a member of the ``demo`` project. Creating
 additional OpenStack users can be done through the dashboard, sometimes
 it is easier to do them in bulk from a script, especially since they get
 blown away every time ``stack.sh`` runs. The following steps are ripe
@@ -243,21 +243,21 @@ for scripting:
     # Get admin creds
     . openrc admin admin
 
-    # List existing tenants
-    keystone tenant-list
+    # List existing projects
+    openstack project list
 
     # List existing users
-    keystone user-list
+    openstack user list
 
-    # Add a user and tenant
+    # Add a user and project
     NAME=bob
     PASSWORD=BigSecrete
-    TENANT=$NAME
-    keystone tenant-create --name=$NAME
-    keystone user-create --name=$NAME --pass=$PASSWORD
-    keystone user-role-add --user-id= --tenant-id= --role-id=
-    # member-role-id comes from the existing member role created by stack.sh
-    # keystone role-list
+    PROJECT=$NAME
+    openstack project create $PROJECT
+    openstack user create $NAME --password=$PASSWORD --project $PROJECT
+    openstack role add Member --user $NAME --project $PROJECT
+    # The Member role is created by stack.sh
+    # openstack role list
 
 Swift
 -----
diff --git a/eucarc b/eucarc
index 343f4ccde2..1e672bd932 100644
--- a/eucarc
+++ b/eucarc
@@ -19,7 +19,7 @@ RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 source $RC_DIR/openrc
 
 # Set the ec2 url so euca2ools works
-export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
+export EC2_URL=$(openstack catalog show ec2 | awk '/ publicURL: / { print $4 }')
 
 # Create EC2 credentials for the current user
 CREDS=$(openstack ec2 credentials create)
@@ -29,7 +29,7 @@ export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
 # Euca2ools Certificate stuff for uploading bundles
 # See exercises/bundle.sh to see how to get certs using nova cli
 NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
-export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
+export S3_URL=$(openstack catalog show s3 | awk '/ publicURL: / { print $4 }')
 export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
 export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
 export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
diff --git a/exercises/client-args.sh b/exercises/client-args.sh
index 2f85d98d8f..c33ef44e9a 100755
--- a/exercises/client-args.sh
+++ b/exercises/client-args.sh
@@ -69,7 +69,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
         STATUS_KEYSTONE="Skipped"
     else
         echo -e "\nTest Keystone"
-        if keystone $TENANT_ARG $ARGS catalog --service identity; then
+        if openstack $TENANT_ARG $ARGS catalog show identity; then
             STATUS_KEYSTONE="Succeeded"
         else
             STATUS_KEYSTONE="Failed"
diff --git a/lib/ironic b/lib/ironic
index 7afed052e9..4ac0100410 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -765,7 +765,7 @@ function upload_baremetal_ironic_deploy {
         fi
     fi
 
-    local token=$(keystone token-get | grep ' id ' | get_field 2)
+    local token=$(openstack token issue -c id -f value)
     die_if_not_set $LINENO token "Keystone fail to get token"
 
     # load them into glance
diff --git a/stack.sh b/stack.sh
index 9ecc49c7ca..af44feb901 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1173,7 +1173,7 @@ fi
 # See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
 
 if is_service_enabled g-reg; then
-    TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
+    TOKEN=$(openstack token issue -c id -f value)
     die_if_not_set $LINENO TOKEN "Keystone fail to get token"
 
     echo_summary "Uploading images"
diff --git a/tools/upload_image.sh b/tools/upload_image.sh
index 5d23f31b9c..19c6b71976 100755
--- a/tools/upload_image.sh
+++ b/tools/upload_image.sh
@@ -32,7 +32,7 @@ if [[ -z "$1" ]]; then
 fi
 
 # Get a token to authenticate to glance
-TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
+TOKEN=$(openstack token issue -c id -f value)
 die_if_not_set $LINENO TOKEN "Keystone fail to get token"
 
 # Glance connection info.  Note the port must be specified.

From e6843e5ea1d97c194536d1fc54e909ef9aa3740c Mon Sep 17 00:00:00 2001
From: ajmiller 
Date: Sat, 11 Apr 2015 09:52:48 -0700
Subject: [PATCH 0599/3421] clean.sh needs to load plugin settings.

Change-Id: Id957f585d2aa93075b138d462d6076d2d70d450e
---
 clean.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/clean.sh b/clean.sh
index 035489c045..78f4cbf500 100755
--- a/clean.sh
+++ b/clean.sh
@@ -76,6 +76,7 @@ fi
 # ==========
 
 # Phase: clean
+load_plugin_settings
 run_phase clean
 
 if [[ -d $TOP_DIR/extras.d ]]; then

From c00d2a53136d4d37a519829c4c9cad668fa69a44 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 9 Apr 2015 19:57:13 +1000
Subject: [PATCH 0600/3421] run dstat with run_process

It is not clear to me why this can't use run_process?  Currently we
end up with two log-files both with the same thing

- dstat.txt.gz which comes from the "tee" and is symlinked into
  SCREEN_LOGDIR, so gets picked-up by the gate scripts
- screen-dstat.txt.gz which comes from screen_it

Change-Id: I00b9e09b8d44f72ff14e69dc6e4a4bd5e2a0439e
---
 lib/dstat | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/lib/dstat b/lib/dstat
index c8faa6578c..4b22752ced 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -16,34 +16,16 @@
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-
-# Defaults
-# --------
-# for DSTAT logging
-DSTAT_FILE=${DSTAT_FILE:-"dstat.log"}
-
-
 # start_dstat() - Start running processes, including screen
 function start_dstat {
     # A better kind of sysstat, with the top process per time slice
     DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
-    if [[ -n ${LOGDIR} ]]; then
-        screen_it dstat "cd $TOP_DIR; dstat $DSTAT_OPTS | tee $LOGDIR/$DSTAT_FILE"
-        if [[ -n ${SCREEN_LOGDIR} && ${SCREEN_LOGDIR} != ${LOGDIR} ]]; then
-            # Drop the backward-compat symlink
-            ln -sf $LOGDIR/$DSTAT_FILE ${SCREEN_LOGDIR}/$DSTAT_FILE
-        fi
-    else
-        screen_it dstat "dstat $DSTAT_OPTS"
-    fi
+    run_process dstat "dstat $DSTAT_OPTS"
 }
 
 # stop_dstat() stop dstat process
 function stop_dstat {
-    # dstat runs as a console, not as a service, and isn't trackable
-    # via the normal mechanisms for DevStack. So lets just do a
-    # killall and move on.
-    killall dstat || /bin/true
+    stop_process dstat
 }
 
 # Restore xtrace

From 5ccbd0ae0fd9d8caace3a9e0533b9c7a2f0ff579 Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Fri, 6 Feb 2015 16:22:12 -0800
Subject: [PATCH 0601/3421] Switching Sahara to https in case of USE_SSL=True

Sahara will work over https in case if USE_SSL is set.

Note, this patch requires https://review.openstack.org/#/c/145383/
which is not merged yet.

Change-Id: I9e0069cfe72323a069a4205ca2f882c7a3ad17e0
Closes-Bug: #1419162
---
 lib/sahara | 11 +++++++++++
 stack.sh   |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/sahara b/lib/sahara
index 0651b0a633..6a3a5180bf 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -33,6 +33,9 @@ SAHARA_DIR=$DEST/sahara
 SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara}
 SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf
 
+if is_ssl_enabled_service "sahara"; then
+    SAHARA_SERVICE_PROTOCOL="https"
+fi
 SAHARA_SERVICE_HOST=${SAHARA_SERVICE_HOST:-$SERVICE_HOST}
 SAHARA_SERVICE_PORT=${SAHARA_SERVICE_PORT:-8386}
 SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
@@ -165,6 +168,14 @@ function configure_sahara {
         iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE
     fi
 
+    # Register SSL certificates if provided
+    if is_ssl_enabled_service sahara; then
+        ensure_certificates SAHARA
+
+        iniset $SAHARA_CONF_FILE ssl cert_file "$SAHARA_SSL_CERT"
+        iniset $SAHARA_CONF_FILE ssl key_file "$SAHARA_SSL_KEY"
+    fi
+
     iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG
 
     # Format logging
diff --git a/stack.sh b/stack.sh
index 5cdcbdf9d8..a9d958de5e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -505,7 +505,7 @@ source $TOP_DIR/lib/rpc_backend
 check_rpc_backend
 
 # Service to enable with SSL if ``USE_SSL`` is True
-SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron"
+SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron,sahara"
 
 if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then
     die $LINENO "tls-proxy and SSL are mutually exclusive"

From 0479d37878ee96a1a4f3fc37dce341d782bb6cfd Mon Sep 17 00:00:00 2001
From: Andrew Lazarev 
Date: Mon, 9 Feb 2015 16:51:25 -0800
Subject: [PATCH 0602/3421] Added support of sahara with tls-proxy service

Now devstack will configure tls-proxy for sahara as well as for
other openstack services.

Change-Id: I7b0f2f0773cd3619a33cac66d40f3d0ce0f5432c
Closes-Bug: #1419163
---
 lib/sahara | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/lib/sahara b/lib/sahara
index 6a3a5180bf..6d4e8648bf 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -33,11 +33,12 @@ SAHARA_DIR=$DEST/sahara
 SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara}
 SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf
 
-if is_ssl_enabled_service "sahara"; then
+if is_ssl_enabled_service "sahara" || is_service_enabled tls-proxy; then
     SAHARA_SERVICE_PROTOCOL="https"
 fi
 SAHARA_SERVICE_HOST=${SAHARA_SERVICE_HOST:-$SERVICE_HOST}
 SAHARA_SERVICE_PORT=${SAHARA_SERVICE_PORT:-8386}
+SAHARA_SERVICE_PORT_INT=${SAHARA_SERVICE_PORT_INT:-18386}
 SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
 SAHARA_AUTH_CACHE_DIR=${SAHARA_AUTH_CACHE_DIR:-/var/cache/sahara}
@@ -183,6 +184,11 @@ function configure_sahara {
         setup_colorized_logging $SAHARA_CONF_FILE DEFAULT
     fi
 
+    if is_service_enabled tls-proxy; then
+        # Set the service port for a proxy to take the original
+        iniset $SAHARA_CONF DEFAULT port $SAHARA_SERVICE_PORT_INT
+    fi
+
     recreate_database sahara
     $SAHARA_BIN_DIR/sahara-db-manage --config-file $SAHARA_CONF_FILE upgrade head
 }
@@ -214,9 +220,26 @@ function sahara_register_images {
 
 # start_sahara() - Start running processes, including screen
 function start_sahara {
+    local service_port=$SAHARA_SERVICE_PORT
+    local service_protocol=$SAHARA_SERVICE_PROTOCOL
+    if is_service_enabled tls-proxy; then
+        service_port=$SAHARA_SERVICE_PORT_INT
+        service_protocol="http"
+    fi
+
     run_process sahara "$SAHARA_BIN_DIR/sahara-all --config-file $SAHARA_CONF_FILE"
     run_process sahara-api "$SAHARA_BIN_DIR/sahara-api --config-file $SAHARA_CONF_FILE"
     run_process sahara-eng "$SAHARA_BIN_DIR/sahara-engine --config-file $SAHARA_CONF_FILE"
+
+    echo "Waiting for Sahara to start..."
+    if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SAHARA_SERVICE_HOST:$service_port; then
+        die $LINENO "Sahara did not start"
+    fi
+
+    # Start proxies if enabled
+    if is_service_enabled tls-proxy; then
+        start_tls_proxy '*' $SAHARA_SERVICE_PORT $SAHARA_SERVICE_HOST $SAHARA_SERVICE_PORT_INT &
+    fi
 }
 
 # stop_sahara() - Stop running processes

From 73af846ca064f214828c9833ab83561be53a1be4 Mon Sep 17 00:00:00 2001
From: Thiago Paiva 
Date: Tue, 14 Apr 2015 16:57:22 -0300
Subject: [PATCH 0603/3421] Fixing n-crt removal from stackrc

The commit 279cfe75198c723519f1fb361b2bff3c641c6cef removed the n-crt
service from the default devstack setup. As such, the stack.sh script
begun to thrown the following error when trying to "nova x509-create-cert":

  ERROR (ClientException): The server has either erred or is incapable of
  performing the requested operation. (HTTP 500)

This patches reintroduces the n-crt as a default service.

Change-Id: Id9695a37e1c6df567f2c86baa4475225adcfb0ee
Closes-bug: #1441007
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index abedb001d1..0b93d32358 100644
--- a/stackrc
+++ b/stackrc
@@ -49,7 +49,7 @@ if ! isset ENABLED_SERVICES ; then
     # Keystone - nothing works without keystone
     ENABLED_SERVICES=key
     # Nova - services to support libvirt based openstack clouds
-    ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc
+    ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt
     # Glance services needed for Nova
     ENABLED_SERVICES+=,g-api,g-reg
     # Cinder

From c39f6405254b100fbfc0f2471bf85b74aafa3282 Mon Sep 17 00:00:00 2001
From: Lianhao Lu 
Date: Tue, 24 Mar 2015 12:36:00 +0800
Subject: [PATCH 0604/3421] Added ceilometer-agent-ipmi support

Enable devstack to start ceilometer-agent-ipmi.

Change-Id: Ia5f4c78760415a50f329fc2f1cf2f20be2e3c221
Closes-Bug: #1410614
---
 lib/ceilometer | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index dba92ba542..3a4a4fb167 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -13,6 +13,26 @@
 #
 #   enable_service ceilometer-alarm-notifier ceilometer-alarm-evaluator
 #
+# To enable Ceilometer to collect the IPMI based meters, further add to the
+# localrc section of local.conf:
+#
+#   enable_service ceilometer-aipmi
+#
+# NOTE: Currently, there are two ways to get the IPMI based meters in
+# OpenStack. One way is to configure Ironic conductor to report those meters
+# for the nodes managed by Ironic and to have Ceilometer notification
+# agent to collect them. Ironic by default does NOT enable that reporting
+# functionality. So in order to do so, users need to set the option of
+# conductor.send_sensor_data to true in the ironic.conf configuration file
+# for the Ironic conductor service, and also enable the
+# ceilometer-anotification service.
+#
+# The other way is to use Ceilometer ipmi agent only to get the IPMI based
+# meters. To avoid duplicated meters, users need to make sure to set the
+# option of conductor.send_sensor_data to false in the ironic.conf
+# configuration file if the node on which Ceilometer ipmi agent is running
+# is also managed by Ironic.
+#
 # Several variables set in the localrc section adjust common behaviors
 # of Ceilometer (see within for additional settings):
 #
@@ -231,6 +251,11 @@ function configure_ceilometer {
         iniset $CEILOMETER_CONF api pecan_debug "False"
         _config_ceilometer_apache_wsgi
     fi
+
+    if is_service_enabled ceilometer-aipmi; then
+        # Configure rootwrap for the ipmi agent
+        configure_rootwrap ceilometer $CEILOMETER_BIN_DIR/ceilometer-rootwrap $CEILOMETER_DIR/etc/ceilometer
+    fi
 }
 
 function configure_mongodb {
@@ -327,6 +352,7 @@ function start_ceilometer {
     run_process ceilometer-acentral "ceilometer-agent-central --config-file $CEILOMETER_CONF"
     run_process ceilometer-anotification "ceilometer-agent-notification --config-file $CEILOMETER_CONF"
     run_process ceilometer-collector "ceilometer-collector --config-file $CEILOMETER_CONF"
+    run_process ceilometer-aipmi "ceilometer-agent-ipmi --config-file $CEILOMETER_CONF"
 
     if [[ "$CEILOMETER_USE_MOD_WSGI" == "False" ]]; then
         run_process ceilometer-api "ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
@@ -366,7 +392,7 @@ function stop_ceilometer {
         restart_apache_server
     fi
     # Kill the ceilometer screen windows
-    for serv in ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do
+    for serv in ceilometer-acompute ceilometer-acentral ceilometer-aipmi ceilometer-anotification ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do
         stop_process $serv
     done
 }

From 37b779c3bc40bbd72cb2f55d15d5b2d43a3bb03d Mon Sep 17 00:00:00 2001
From: Lianhao Lu 
Date: Wed, 15 Apr 2015 10:27:06 +0800
Subject: [PATCH 0605/3421] Acknowledge API_WORKERS in glance-registry

Change-Id: Ifaf671439480719255c07673b54dc49c0c2ca4f6
Closes-Bug: #1444231
---
 lib/glance | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/glance b/lib/glance
index 578c88ab22..a15e1e722a 100644
--- a/lib/glance
+++ b/lib/glance
@@ -100,6 +100,7 @@ function configure_glance {
     local dburl=`database_connection_url glance`
     iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
     iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
+    iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS"
     iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
     configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
     if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then

From b28b27082c63bc701b4cad8f9c686ba2c1880e6e Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 16 Apr 2015 08:43:43 +1000
Subject: [PATCH 0606/3421] Append command to screenrc after we update it

If a group is specified we modify the command to run under "sg".  This
currently isn't reflected in screenrc so rejoining fails

Change-Id: I5c18ba664a6ae9ba9aaa4439a9086bc85085cd75
Closes-Bug: #1444267
---
 functions-common | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/functions-common b/functions-common
index f8543c1f98..24a462ac21 100644
--- a/functions-common
+++ b/functions-common
@@ -1235,9 +1235,6 @@ function screen_process {
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
     USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
-    # Append the process to the screen rc file
-    screen_rc "$name" "$command"
-
     screen -S $SCREEN_NAME -X screen -t $name
 
     local real_logfile="${LOGDIR}/${name}.log.${CURRENT_LOG_TIME}"
@@ -1277,6 +1274,10 @@ function screen_process {
     if [[ -n "$group" ]]; then
         command="sg $group '$command'"
     fi
+
+    # Append the process to the screen rc file
+    screen_rc "$name" "$command"
+
     screen -S $SCREEN_NAME -p $name -X stuff "$command & echo \$! >$SERVICE_DIR/$SCREEN_NAME/${name}.pid; fg || echo \"$name failed to start\" | tee \"$SERVICE_DIR/$SCREEN_NAME/${name}.failure\"$NL"
 }
 

From cae97da9c7786990acb12c43f691483f549a2945 Mon Sep 17 00:00:00 2001
From: Shilla Saebi 
Date: Thu, 16 Apr 2015 13:58:56 -0400
Subject: [PATCH 0607/3421] doc changes to devstack overview.rst

changed to comply with doc conventions
When referring to services, use "Compute," "Image service"
and "Identity" instead of "nova," "glance," and "keystone."
Use the project names like "nova" and "keystone"
glance is officially Image service not storage
removed extra .

Change-Id: I39457c20dc2ede775fe3f3c63077133fbb6c917b
---
 doc/source/overview.rst | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index 23ccf27d0a..d245035a1a 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -7,7 +7,7 @@ and alternative platforms and support services. That evolution has grown
 well beyond what was originally intended and the majority of
 configuration combinations are rarely, if ever, tested. DevStack is not
 a general OpenStack installer and was never meant to be everything to
-everyone..
+everyone.
 
 Below is a list of what is specifically is supported (read that as
 "tested") going forward.
@@ -58,7 +58,7 @@ Web Server
 OpenStack Network
 -----------------
 
-*Default to Nova Network, optionally use Neutron*
+*Defaults to nova network, optionally use neutron*
 
 -  Nova Network: FlatDHCP
 -  Neutron: A basic configuration approximating the original FlatDHCP
@@ -67,10 +67,10 @@ OpenStack Network
 Services
 --------
 
-The default services configured by DevStack are Identity (Keystone),
-Object Storage (Swift), Image Storage (Glance), Block Storage (Cinder),
-Compute (Nova), Network (Nova), Dashboard (Horizon), Orchestration
-(Heat)
+The default services configured by DevStack are Identity (keystone),
+Object Storage (swift), Image Service (glance), Block Storage (cinder),
+Compute (nova), Networking (nova), Dashboard (horizon), Orchestration
+(heat)
 
 Additional services not included directly in DevStack can be tied in to
 ``stack.sh`` using the :doc:`plugin mechanism ` to call

From dd62293591fd1e822f59754cece645639a4d2d2c Mon Sep 17 00:00:00 2001
From: Wayne Okuma 
Date: Tue, 31 Mar 2015 00:28:39 -0700
Subject: [PATCH 0608/3421] Catalog Index Service - glance devstack

Implements: blueprint catalog-index-service

The changes to lib/glance incorporate the new g-search service.
The g-search service is optional.
To enable it add the following line to devstack/local.conf:
enable_service g-search

In addition to deploying g-search, the changes will also populate a
search type of keystone service and adds in appropriate endpoints.

Change-Id: I0272d56bc2e50e8174db78bd449f65f60f7f4000
---
 lib/glance           | 92 ++++++++++++++++++++++++++++++++++++++------
 pkg/elasticsearch.sh |  2 +
 2 files changed, 83 insertions(+), 11 deletions(-)

diff --git a/lib/glance b/lib/glance
index 578c88ab22..5a96a61d18 100644
--- a/lib/glance
+++ b/lib/glance
@@ -49,8 +49,10 @@ GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
 GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
 GLANCE_REGISTRY_CONF=$GLANCE_CONF_DIR/glance-registry.conf
 GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf
+GLANCE_SEARCH_CONF=$GLANCE_CONF_DIR/glance-search.conf
 GLANCE_REGISTRY_PASTE_INI=$GLANCE_CONF_DIR/glance-registry-paste.ini
 GLANCE_API_PASTE_INI=$GLANCE_CONF_DIR/glance-api-paste.ini
+GLANCE_SEARCH_PASTE_INI=$GLANCE_CONF_DIR/glance-search-paste.ini
 GLANCE_CACHE_CONF=$GLANCE_CONF_DIR/glance-cache.conf
 GLANCE_POLICY_JSON=$GLANCE_CONF_DIR/policy.json
 GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
@@ -67,6 +69,9 @@ GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT}
 GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191}
 GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191}
+GLANCE_SEARCH_PORT=${GLANCE_SEARCH_PORT:-9393}
+GLANCE_SEARCH_PORT_INT=${GLANCE_SEARCH_PORT_INT:-19393}
+GLANCE_SEARCH_HOSTPORT=${GLANCE_SEARCH_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SEARCH_PORT}
 
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,glance
@@ -87,6 +92,10 @@ function cleanup_glance {
     # kill instances (nova)
     # delete image files (glance)
     sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR
+
+    if is_service_enabled g-search; then
+        ${TOP_DIR}/pkg/elasticsearch.sh stop
+    fi
 }
 
 # configure_glance() - Set config files, create data dirs, etc
@@ -218,14 +227,38 @@ function configure_glance {
         iniset $GLANCE_API_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
         iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
     fi
+
+    # Configure search
+    if is_service_enabled g-search; then
+        cp $GLANCE_DIR/etc/glance-search.conf $GLANCE_SEARCH_CONF
+        iniset $GLANCE_SEARCH_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+        inicomment $GLANCE_SEARCH_CONF DEFAULT log_file
+        iniset $GLANCE_SEARCH_CONF DEFAULT use_syslog $SYSLOG
+        iniset $GLANCE_SEARCH_CONF DEFAULT sql_connection $dburl
+        iniset $GLANCE_SEARCH_CONF paste_deploy flavor keystone
+        configure_auth_token_middleware $GLANCE_SEARCH_CONF glance $GLANCE_AUTH_CACHE_DIR/search
+
+        if is_service_enabled tls-proxy; then
+            iniset $GLANCE_SEARCH_CONF DEFAULT bind_port $GLANCE_SEARCH_PORT_INT
+        fi
+        # Register SSL certificates if provided
+        if is_ssl_enabled_service glance; then
+            ensure_certificates GLANCE
+            iniset $GLANCE_SEARCH_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
+            iniset $GLANCE_SEARCH_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
+        fi
+
+        cp $GLANCE_DIR/etc/glance-search-paste.ini $GLANCE_SEARCH_PASTE_INI
+    fi
 }
 
 # create_glance_accounts() - Set up common required glance accounts
 
-# Project              User         Roles
-# ------------------------------------------------------------------
-# SERVICE_TENANT_NAME  glance       service
-# SERVICE_TENANT_NAME  glance-swift ResellerAdmin (if Swift is enabled)
+# Project              User            Roles
+# ---------------------------------------------------------------------
+# SERVICE_TENANT_NAME  glance          service
+# SERVICE_TENANT_NAME  glance-swift    ResellerAdmin (if Swift is enabled)
+# SERVICE_TENANT_NAME  glance-search   search (if Search is enabled)
 
 function create_glance_accounts {
     if is_service_enabled g-api; then
@@ -251,13 +284,27 @@ function create_glance_accounts {
                 "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT"
         fi
     fi
+
+    # Add glance-search service and endpoints
+    if is_service_enabled g-search; then
+        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
+            local glance_search_service=$(get_or_create_service "glance-search" \
+                "search" "EXPERIMENTAL - Glance Graffiti Search Service")
+
+            get_or_create_endpoint $glance_search_service \
+                "$REGION_NAME" \
+                "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
+                "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
+                "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT"
+        fi
+    fi
 }
 
 # create_glance_cache_dir() - Part of the init_glance() process
 function create_glance_cache_dir {
     # Create cache dir
-    sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry
-    rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/*
+    sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search
+    rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/*
 }
 
 # init_glance() - Initialize databases, etc.
@@ -280,6 +327,12 @@ function init_glance {
     $GLANCE_BIN_DIR/glance-manage db_load_metadefs
 
     create_glance_cache_dir
+
+    # Init glance search by exporting found metadefs/images to elasticsearch
+    if is_service_enabled g-search; then
+        ${TOP_DIR}/pkg/elasticsearch.sh start
+        $GLANCE_BIN_DIR/glance-index
+    fi
 }
 
 # install_glanceclient() - Collect source and prepare
@@ -301,11 +354,13 @@ function install_glance {
     fi
 
     git_clone $GLANCE_REPO $GLANCE_DIR $GLANCE_BRANCH
-    setup_develop $GLANCE_DIR
-    if is_service_enabled g-graffiti; then
+
+    if is_service_enabled g-search; then
         ${TOP_DIR}/pkg/elasticsearch.sh download
         ${TOP_DIR}/pkg/elasticsearch.sh install
     fi
+
+    setup_develop $GLANCE_DIR
 }
 
 # start_glance() - Start running processes, including screen
@@ -314,18 +369,29 @@ function start_glance {
     if is_service_enabled tls-proxy; then
         start_tls_proxy '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT &
         start_tls_proxy '*' $GLANCE_REGISTRY_PORT $GLANCE_SERVICE_HOST $GLANCE_REGISTRY_PORT_INT &
+
+        # Handle g-search
+        if is_service_enabled g-search; then
+            start_tls_proxy '*' $GLANCE_SEARCH_PORT $GLANCE_SERVICE_HOST $GLANCE_SEARCH_PORT_INT &
+        fi
     fi
 
     run_process g-reg "$GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
     run_process g-api "$GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf"
 
-    if is_service_enabled g-graffiti; then
-        ${TOP_DIR}/pkg/elasticsearch.sh start
-    fi
     echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..."
     if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then
         die $LINENO "g-api did not start"
     fi
+
+    # Start g-search after g-reg/g-api
+    if is_service_enabled g-search; then
+        run_process g-search "$GLANCE_BIN_DIR/glance-search --config-file=$GLANCE_CONF_DIR/glance-search.conf"
+        echo "Waiting for g-search ($GLANCE_SEARCH_HOSTPORT) to start..."
+        if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT; then
+            die $LINENO "g-search did not start"
+        fi
+    fi
 }
 
 # stop_glance() - Stop running processes
@@ -333,6 +399,10 @@ function stop_glance {
     # Kill the Glance screen windows
     stop_process g-api
     stop_process g-reg
+
+    if is_service_enabled g-search; then
+        stop_process g-search
+    fi
 }
 
 # Restore xtrace
diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 29dc22fb88..79f67a0179 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -7,6 +7,8 @@
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 FILES=$TOP_DIR/files
 source $TOP_DIR/functions
+DEST=${DEST:-/opt/stack}
+source $TOP_DIR/lib/infra
 
 # Package source and version, all pkg files are expected to have
 # something like this, as well as a way to override them.

From 1cb809d8ef81931ea0b1f15619b7e830281f2556 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 12:55:38 +1000
Subject: [PATCH 0609/3421] Add "passed" and "failed" functions

Add two generic "passed" and "failed" functions to the unittest
helper.  Also keep a count of passed and failed tests.  Later changes
will use these functions to ensure they exit with a correct return
code.

Change-Id: I8574dcb1447b04fcda3d72df0bf8605cf7488d3c
---
 tests/unittest.sh | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/tests/unittest.sh b/tests/unittest.sh
index 435cc3a58b..69f19b7dae 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -14,8 +14,30 @@
 
 # we always start with no errors
 ERROR=0
+PASS=0
 FAILED_FUNCS=""
 
+function passed {
+    local lineno=$(caller 0 | awk '{print $1}')
+    local function=$(caller 0 | awk '{print $2}')
+    local msg="$1"
+    if [ -z "$msg" ]; then
+        msg="OK"
+    fi
+    PASS=$((PASS+1))
+    echo $function:L$lineno $msg
+}
+
+function failed {
+    local lineno=$(caller 0 | awk '{print $1}')
+    local function=$(caller 0 | awk '{print $2}')
+    local msg="$1"
+    FAILED_FUNCS+="$function:L$lineno\n"
+    echo "ERROR: $function:L$lineno!"
+    echo "   $msg"
+    ERROR=$((ERROR+1))
+}
+
 function assert_equal {
     local lineno=`caller 0 | awk '{print $1}'`
     local function=`caller 0 | awk '{print $2}'`
@@ -24,16 +46,20 @@ function assert_equal {
         FAILED_FUNCS+="$function:L$lineno\n"
         echo "ERROR: $1 != $2 in $function:L$lineno!"
         echo "  $msg"
-        ERROR=1
+        ERROR=$((ERROR+1))
     else
+        PASS=$((PASS+1))
         echo "$function:L$lineno - ok"
     fi
 }
 
 function report_results {
-    if [[ $ERROR -eq 1 ]]; then
-        echo "Tests FAILED"
-        echo $FAILED_FUNCS
+    echo "$PASS Tests PASSED"
+    if [[ $ERROR -gt 1 ]]; then
+        echo
+        echo "The following $ERROR tests FAILED"
+        echo -e "$FAILED_FUNCS"
+        echo "---"
         exit 1
     fi
 }

From f56348bcb2c736b9e66ebfe20c1f118cfc96b9f6 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 12:58:56 +1000
Subject: [PATCH 0610/3421] Use unittest help in test_ip.sh

Use the unittest helper to track test runs and correctly exit with a
failure code if there is a problem

Change-Id: Ie62f354a8cd3b8fd5986e6943a073f7955fb55ba
---
 tests/test_ip.sh | 79 +++++++++++++++++++++++++-----------------------
 1 file changed, 41 insertions(+), 38 deletions(-)

diff --git a/tests/test_ip.sh b/tests/test_ip.sh
index add8d1ae65..c53e80de36 100755
--- a/tests/test_ip.sh
+++ b/tests/test_ip.sh
@@ -8,108 +8,111 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 # Import common functions
 source $TOP/functions
 
+source $TOP/tests/unittest.sh
 
 echo "Testing IP addr functions"
 
 if [[ $(cidr2netmask 4) == 240.0.0.0 ]]; then
-    echo "cidr2netmask(): /4...OK"
+    passed "cidr2netmask(): /4...OK"
 else
-    echo "cidr2netmask(): /4...failed"
+    failed "cidr2netmask(): /4...failed"
 fi
 if [[ $(cidr2netmask 8) == 255.0.0.0 ]]; then
-    echo "cidr2netmask(): /8...OK"
+    passed "cidr2netmask(): /8...OK"
 else
-    echo "cidr2netmask(): /8...failed"
+    failed "cidr2netmask(): /8...failed"
 fi
 if [[ $(cidr2netmask 12) == 255.240.0.0 ]]; then
-    echo "cidr2netmask(): /12...OK"
+    passed "cidr2netmask(): /12...OK"
 else
-    echo "cidr2netmask(): /12...failed"
+    failed "cidr2netmask(): /12...failed"
 fi
 if [[ $(cidr2netmask 16) == 255.255.0.0 ]]; then
-    echo "cidr2netmask(): /16...OK"
+    passed "cidr2netmask(): /16...OK"
 else
-    echo "cidr2netmask(): /16...failed"
+    failed "cidr2netmask(): /16...failed"
 fi
 if [[ $(cidr2netmask 20) == 255.255.240.0 ]]; then
-    echo "cidr2netmask(): /20...OK"
+    passed "cidr2netmask(): /20...OK"
 else
-    echo "cidr2netmask(): /20...failed"
+    failed "cidr2netmask(): /20...failed"
 fi
 if [[ $(cidr2netmask 24) == 255.255.255.0 ]]; then
-    echo "cidr2netmask(): /24...OK"
+    passed "cidr2netmask(): /24...OK"
 else
-    echo "cidr2netmask(): /24...failed"
+    failed "cidr2netmask(): /24...failed"
 fi
 if [[ $(cidr2netmask 28) == 255.255.255.240 ]]; then
-    echo "cidr2netmask(): /28...OK"
+    passed "cidr2netmask(): /28...OK"
 else
-    echo "cidr2netmask(): /28...failed"
+    failed "cidr2netmask(): /28...failed"
 fi
 if [[ $(cidr2netmask 30) == 255.255.255.252 ]]; then
-    echo "cidr2netmask(): /30...OK"
+    passed "cidr2netmask(): /30...OK"
 else
-    echo "cidr2netmask(): /30...failed"
+    failed "cidr2netmask(): /30...failed"
 fi
 if [[ $(cidr2netmask 32) == 255.255.255.255 ]]; then
-    echo "cidr2netmask(): /32...OK"
+    passed "cidr2netmask(): /32...OK"
 else
-    echo "cidr2netmask(): /32...failed"
+    failed "cidr2netmask(): /32...failed"
 fi
 
 if [[ $(maskip 169.254.169.254 240.0.0.0) == 160.0.0.0 ]]; then
-    echo "maskip(): /4...OK"
+    passed "maskip(): /4...OK"
 else
-    echo "maskip(): /4...failed"
+    failed "maskip(): /4...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.0.0.0) == 169.0.0.0 ]]; then
-    echo "maskip(): /8...OK"
+    passed "maskip(): /8...OK"
 else
-    echo "maskip(): /8...failed"
+    failed "maskip(): /8...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.240.0.0) == 169.240.0.0 ]]; then
-    echo "maskip(): /12...OK"
+    passed "maskip(): /12...OK"
 else
-    echo "maskip(): /12...failed"
+    failed "maskip(): /12...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.255.0.0) == 169.254.0.0 ]]; then
-    echo "maskip(): /16...OK"
+    passed "maskip(): /16...OK"
 else
-    echo "maskip(): /16...failed"
+    failed "maskip(): /16...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.255.240.0) == 169.254.160.0 ]]; then
-    echo "maskip(): /20...OK"
+    passed "maskip(): /20...OK"
 else
-    echo "maskip(): /20...failed"
+    failed "maskip(): /20...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.255.255.0) == 169.254.169.0 ]]; then
-    echo "maskip(): /24...OK"
+    passed "maskip(): /24...OK"
 else
-    echo "maskip(): /24...failed"
+    failed "maskip(): /24...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.255.255.240) == 169.254.169.240 ]]; then
-    echo "maskip(): /28...OK"
+    passed "maskip(): /28...OK"
 else
-    echo "maskip(): /28...failed"
+    failed "maskip(): /28...failed"
 fi
 if [[ $(maskip 169.254.169.254 255.255.255.255) == 169.254.169.254 ]]; then
-    echo "maskip(): /32...OK"
+    passed "maskip(): /32...OK"
 else
-    echo "maskip(): /32...failed"
+    failed "maskip(): /32...failed"
 fi
 
 for mask in 8 12 16 20 24 26 28; do
     echo -n "address_in_net(): in /$mask..."
     if address_in_net 10.10.10.1 10.10.10.0/$mask; then
-        echo "OK"
+        passed "OK"
     else
-        echo "address_in_net() failed on /$mask"
+        failed "address_in_net() failed on /$mask"
     fi
 
     echo -n "address_in_net(): not in /$mask..."
     if ! address_in_net 10.10.10.1 11.11.11.0/$mask; then
-        echo "OK"
+        passed "OK"
     else
-        echo "address_in_net() failed on /$mask"
+        failed "address_in_net() failed on /$mask"
     fi
 done
+
+report_results

From fcdca05de55b9ecec2b66f0cccb88ee01beebbd0 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 13:02:49 +1000
Subject: [PATCH 0611/3421] Fix return of test_ini_config & test_meta_config

Convert test_ini_config to use the "passed / failed" functions in
unittest.sh.  test_meta_config wraps everything into a function; it's
not work unrolling this so just make sure it exits with non-zero if a
test fails.

Change-Id: I9e9883fdad42358255383eede9121b1d361799c8
---
 tests/test_ini_config.sh  | 99 ++++++++++++++++++++-------------------
 tests/test_meta_config.sh |  1 +
 2 files changed, 53 insertions(+), 47 deletions(-)

diff --git a/tests/test_ini_config.sh b/tests/test_ini_config.sh
index 4a0ae33aeb..b2529ac4c9 100755
--- a/tests/test_ini_config.sh
+++ b/tests/test_ini_config.sh
@@ -7,6 +7,9 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 # Import config functions
 source $TOP/inc/ini-config
 
+source $TOP/tests/unittest.sh
+
+set -e
 
 echo "Testing INI functions"
 
@@ -70,86 +73,86 @@ echo -n "iniset: test missing attribute argument: "
 iniset test.ini aaa
 NO_ATTRIBUTE=$(cat test.ini)
 if [[ "$BEFORE" == "$NO_ATTRIBUTE" ]]; then
-    echo "OK"
+    passed
 else
-    echo "failed"
+    failed "failed"
 fi
 
 echo -n "iniset: test missing section argument: "
 iniset test.ini
 NO_SECTION=$(cat test.ini)
 if [[ "$BEFORE" == "$NO_SECTION" ]]; then
-    echo "OK"
+    passed
 else
-    echo "failed"
+    failed "failed"
 fi
 
 # Test with spaces
 
 VAL=$(iniget test.ini aaa handlers)
 if [[ "$VAL" == "aa, bb" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 iniset test.ini aaa handlers "11, 22"
 
 VAL=$(iniget test.ini aaa handlers)
 if [[ "$VAL" == "11, 22" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # Test with spaces in section header
 
 VAL=$(iniget test.ini " ccc " spaces)
 if [[ "$VAL" == "yes" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 iniset test.ini "b b" opt_ion 42
 
 VAL=$(iniget test.ini "b b" opt_ion)
 if [[ "$VAL" == "42" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # Test without spaces, end of file
 
 VAL=$(iniget test.ini bbb handlers)
 if [[ "$VAL" == "ee,ff" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 iniset test.ini bbb handlers "33,44"
 
 VAL=$(iniget test.ini bbb handlers)
 if [[ "$VAL" == "33,44" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # test empty option
 if ini_has_option test.ini ddd empty; then
-    echo "OK: ddd.empty present"
+    passed "OK: ddd.empty present"
 else
-    echo "ini_has_option failed: ddd.empty not found"
+    failed "ini_has_option failed: ddd.empty not found"
 fi
 
 # test non-empty option
 if ini_has_option test.ini bbb handlers; then
-    echo "OK: bbb.handlers present"
+    passed "OK: bbb.handlers present"
 else
-    echo "ini_has_option failed: bbb.handlers not found"
+    failed "ini_has_option failed: bbb.handlers not found"
 fi
 
 # test changing empty option
@@ -157,9 +160,9 @@ iniset test.ini ddd empty "42"
 
 VAL=$(iniget test.ini ddd empty)
 if [[ "$VAL" == "42" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # test pipe in option
@@ -167,9 +170,9 @@ iniset test.ini aaa handlers "a|b"
 
 VAL=$(iniget test.ini aaa handlers)
 if [[ "$VAL" == "a|b" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # test space in option
@@ -177,51 +180,51 @@ iniset test.ini aaa handlers "a b"
 
 VAL="$(iniget test.ini aaa handlers)"
 if [[ "$VAL" == "a b" ]]; then
-    echo "OK: $VAL"
+    passed "OK: $VAL"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # Test section not exist
 
 VAL=$(iniget test.ini zzz handlers)
 if [[ -z "$VAL" ]]; then
-    echo "OK: zzz not present"
+    passed "OK: zzz not present"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 iniset test.ini zzz handlers "999"
 
 VAL=$(iniget test.ini zzz handlers)
 if [[ -n "$VAL" ]]; then
-    echo "OK: zzz not present"
+    passed "OK: zzz not present"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # Test option not exist
 
 VAL=$(iniget test.ini aaa debug)
 if [[ -z "$VAL" ]]; then
-    echo "OK aaa.debug not present"
+    passed "OK aaa.debug not present"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 if ! ini_has_option test.ini aaa debug; then
-    echo "OK aaa.debug not present"
+    passed "OK aaa.debug not present"
 else
-    echo "ini_has_option failed: aaa.debug"
+    failed "ini_has_option failed: aaa.debug"
 fi
 
 iniset test.ini aaa debug "999"
 
 VAL=$(iniget test.ini aaa debug)
 if [[ -n "$VAL" ]]; then
-    echo "OK aaa.debug present"
+    passed "OK aaa.debug present"
 else
-    echo "iniget failed: $VAL"
+    failed "iniget failed: $VAL"
 fi
 
 # Test comments
@@ -230,9 +233,9 @@ inicomment test.ini aaa handlers
 
 VAL=$(iniget test.ini aaa handlers)
 if [[ -z "$VAL" ]]; then
-    echo "OK"
+    passed "OK"
 else
-    echo "inicomment failed: $VAL"
+    failed "inicomment failed: $VAL"
 fi
 
 # Test multiple line iniset/iniget
@@ -242,25 +245,25 @@ VAL=$(iniget_multiline test.ini eee multi)
 if [[ "$VAL" == "bar1 bar2" ]]; then
     echo "OK: iniset_multiline"
 else
-    echo "iniset_multiline failed: $VAL"
+    failed "iniset_multiline failed: $VAL"
 fi
 
 # Test iniadd with exiting values
 iniadd test.ini eee multi bar3
 VAL=$(iniget_multiline test.ini eee multi)
 if [[ "$VAL" == "bar1 bar2 bar3" ]]; then
-    echo "OK: iniadd"
+    passed "OK: iniadd"
 else
-    echo "iniadd failed: $VAL"
+    failed "iniadd failed: $VAL"
 fi
 
 # Test iniadd with non-exiting values
 iniadd test.ini eee non-multi foobar1 foobar2
 VAL=$(iniget_multiline test.ini eee non-multi)
 if [[ "$VAL" == "foobar1 foobar2" ]]; then
-    echo "OK: iniadd with non-exiting value"
+    passed "OK: iniadd with non-exiting value"
 else
-    echo "iniadd with non-exsting failed: $VAL"
+    failed "iniadd with non-exsting failed: $VAL"
 fi
 
 # Test inidelete
@@ -276,20 +279,22 @@ for x in $del_cases; do
     inidelete test.ini $x a
     VAL=$(iniget_multiline test.ini $x a)
     if [ -z "$VAL" ]; then
-        echo "OK: inidelete $x"
+        passed "OK: inidelete $x"
     else
-        echo "inidelete $x failed: $VAL"
+        failed "inidelete $x failed: $VAL"
     fi
     if [ "$x" = "del_separate_options" -o \
         "$x" = "del_missing_option" -o \
         "$x" = "del_missing_option_multi" ]; then
         VAL=$(iniget_multiline test.ini $x b)
         if [ "$VAL" = "c" -o "$VAL" = "c d" ]; then
-            echo "OK: inidelete other_options $x"
+            passed "OK: inidelete other_options $x"
         else
-            echo "inidelete other_option $x failed: $VAL"
+            failed "inidelete other_option $x failed: $VAL"
         fi
     fi
 done
 
 rm test.ini
+
+report_results
diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh
index 9d65280b8c..3ec65bf9b0 100755
--- a/tests/test_meta_config.sh
+++ b/tests/test_meta_config.sh
@@ -17,6 +17,7 @@ function check_result {
         echo "OK"
     else
         echo -e "failed: $actual != $expected\n"
+        exit 1
     fi
 }
 

From 9b0ebc44f413edac87e52d23e8852ca7c52cb091 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 13:06:47 +1000
Subject: [PATCH 0612/3421] Move function.sh to test_functions.sh

run_tests.sh runs tests starting with test_*

The existing test_functions.sh is really testing true/false.  Move
that to test_truefalse.sh

Then move functions.sh to test_functions.sh.  This will ensure it is
run during unit testing from run-tests.sh

Change-Id: I959ac38c946da1fb47458b8c4f09157f74f0e644
---
 tests/functions.sh      | 215 -------------------------------------
 tests/test_functions.sh | 229 +++++++++++++++++++++++++++++++++++-----
 tests/test_truefalse.sh |  34 ++++++
 3 files changed, 239 insertions(+), 239 deletions(-)
 delete mode 100755 tests/functions.sh
 create mode 100755 tests/test_truefalse.sh

diff --git a/tests/functions.sh b/tests/functions.sh
deleted file mode 100755
index 126080f1e3..0000000000
--- a/tests/functions.sh
+++ /dev/null
@@ -1,215 +0,0 @@
-#!/usr/bin/env bash
-
-# Tests for DevStack functions
-
-TOP=$(cd $(dirname "$0")/.. && pwd)
-
-# Import common functions
-source $TOP/functions
-
-# Import configuration
-source $TOP/openrc
-
-
-echo "Testing die_if_not_set()"
-
-bash -cx "source $TOP/functions; X=`echo Y && true`; die_if_not_set X 'not OK'"
-if [[ $? != 0 ]]; then
-    echo "die_if_not_set [X='Y' true] Failed"
-else
-    echo 'OK'
-fi
-
-bash -cx "source $TOP/functions; X=`true`; die_if_not_set X 'OK'"
-if [[ $? = 0 ]]; then
-    echo "die_if_not_set [X='' true] Failed"
-fi
-
-bash -cx "source $TOP/functions; X=`echo Y && false`; die_if_not_set X 'not OK'"
-if [[ $? != 0 ]]; then
-    echo "die_if_not_set [X='Y' false] Failed"
-else
-    echo 'OK'
-fi
-
-bash -cx "source $TOP/functions; X=`false`; die_if_not_set X 'OK'"
-if [[ $? = 0 ]]; then
-    echo "die_if_not_set [X='' false] Failed"
-fi
-
-
-# Enabling/disabling services
-
-echo "Testing enable_service()"
-
-function test_enable_service {
-    local start="$1"
-    local add="$2"
-    local finish="$3"
-
-    ENABLED_SERVICES="$start"
-    enable_service $add
-    if [ "$ENABLED_SERVICES" = "$finish" ]; then
-        echo "OK: $start + $add -> $ENABLED_SERVICES"
-    else
-        echo "changing $start to $finish with $add failed: $ENABLED_SERVICES"
-    fi
-}
-
-test_enable_service '' a 'a'
-test_enable_service 'a' b 'a,b'
-test_enable_service 'a,b' c 'a,b,c'
-test_enable_service 'a,b' c 'a,b,c'
-test_enable_service 'a,b,' c 'a,b,c'
-test_enable_service 'a,b' c,d 'a,b,c,d'
-test_enable_service 'a,b' "c d" 'a,b,c,d'
-test_enable_service 'a,b,c' c 'a,b,c'
-
-test_enable_service 'a,b,-c' c 'a,b'
-test_enable_service 'a,b,c' -c 'a,b'
-
-function test_disable_service {
-    local start="$1"
-    local del="$2"
-    local finish="$3"
-
-    ENABLED_SERVICES="$start"
-    disable_service "$del"
-    if [ "$ENABLED_SERVICES" = "$finish" ]; then
-        echo "OK: $start - $del -> $ENABLED_SERVICES"
-    else
-        echo "changing $start to $finish with $del failed: $ENABLED_SERVICES"
-    fi
-}
-
-echo "Testing disable_service()"
-test_disable_service 'a,b,c' a 'b,c'
-test_disable_service 'a,b,c' b 'a,c'
-test_disable_service 'a,b,c' c 'a,b'
-
-test_disable_service 'a,b,c' a 'b,c'
-test_disable_service 'b,c' b 'c'
-test_disable_service 'c' c ''
-test_disable_service '' d ''
-
-test_disable_service 'a,b,c,' c 'a,b'
-test_disable_service 'a,b' c 'a,b'
-
-
-echo "Testing disable_all_services()"
-ENABLED_SERVICES=a,b,c
-disable_all_services
-
-if [[ -z "$ENABLED_SERVICES" ]]; then
-    echo "OK"
-else
-    echo "disabling all services FAILED: $ENABLED_SERVICES"
-fi
-
-echo "Testing disable_negated_services()"
-
-
-function test_disable_negated_services {
-    local start="$1"
-    local finish="$2"
-
-    ENABLED_SERVICES="$start"
-    disable_negated_services
-    if [ "$ENABLED_SERVICES" = "$finish" ]; then
-        echo "OK: $start + $add -> $ENABLED_SERVICES"
-    else
-        echo "changing $start to $finish failed: $ENABLED_SERVICES"
-    fi
-}
-
-test_disable_negated_services '-a' ''
-test_disable_negated_services '-a,a' ''
-test_disable_negated_services '-a,-a' ''
-test_disable_negated_services 'a,-a' ''
-test_disable_negated_services 'b,a,-a' 'b'
-test_disable_negated_services 'a,b,-a' 'b'
-test_disable_negated_services 'a,-a,b' 'b'
-
-
-echo "Testing is_package_installed()"
-
-if [[ -z "$os_PACKAGE" ]]; then
-    GetOSVersion
-fi
-
-if [[ "$os_PACKAGE" = "deb" ]]; then
-    is_package_installed dpkg
-    VAL=$?
-elif [[ "$os_PACKAGE" = "rpm" ]]; then
-    is_package_installed rpm
-    VAL=$?
-else
-    VAL=1
-fi
-if [[ "$VAL" -eq 0 ]]; then
-    echo "OK"
-else
-    echo "is_package_installed() on existing package failed"
-fi
-
-if [[ "$os_PACKAGE" = "deb" ]]; then
-    is_package_installed dpkg bash
-    VAL=$?
-elif [[ "$os_PACKAGE" = "rpm" ]]; then
-    is_package_installed rpm bash
-    VAL=$?
-else
-    VAL=1
-fi
-if [[ "$VAL" -eq 0 ]]; then
-    echo "OK"
-else
-    echo "is_package_installed() on more than one existing package failed"
-fi
-
-is_package_installed zzzZZZzzz
-VAL=$?
-if [[ "$VAL" -ne 0 ]]; then
-    echo "OK"
-else
-    echo "is_package_installed() on non-existing package failed"
-fi
-
-# test against removed package...was a bug on Ubuntu
-if is_ubuntu; then
-    PKG=cowsay
-    if ! (dpkg -s $PKG >/dev/null 2>&1); then
-        # it was never installed...set up the condition
-        sudo apt-get install -y cowsay >/dev/null 2>&1
-    fi
-    if (dpkg -s $PKG >/dev/null 2>&1); then
-        # remove it to create the 'un' status
-        sudo dpkg -P $PKG >/dev/null 2>&1
-    fi
-
-    # now test the installed check on a deleted package
-    is_package_installed $PKG
-    VAL=$?
-    if [[ "$VAL" -ne 0 ]]; then
-        echo "OK"
-    else
-        echo "is_package_installed() on deleted package failed"
-    fi
-fi
-
-# test isset function
-echo  "Testing isset()"
-you_should_not_have_this_variable=42
-
-if isset "you_should_not_have_this_variable"; then
-    echo "OK"
-else
-    echo "\"you_should_not_have_this_variable\" not declared. failed"
-fi
-
-unset you_should_not_have_this_variable
-if isset "you_should_not_have_this_variable"; then
-    echo "\"you_should_not_have_this_variable\" looks like declared variable. failed"
-else
-    echo "OK"
-fi
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index e57948a407..126080f1e3 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -1,34 +1,215 @@
 #!/usr/bin/env bash
 
-# Tests for DevStack meta-config functions
+# Tests for DevStack functions
 
 TOP=$(cd $(dirname "$0")/.. && pwd)
 
 # Import common functions
 source $TOP/functions
-source $TOP/tests/unittest.sh
-
-function test_truefalse {
-    local one=1
-    local captrue=True
-    local lowtrue=true
-    local abrevtrue=t
-    local zero=0
-    local capfalse=False
-    local lowfalse=false
-    local abrevfalse=f
-    for against in True False; do
-        for name in one captrue lowtrue abrevtrue; do
-            assert_equal "True" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
-        done
-    done
-    for against in True False; do
-        for name in zero capfalse lowfalse abrevfalse; do
-            assert_equal "False" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
-        done
-    done
+
+# Import configuration
+source $TOP/openrc
+
+
+echo "Testing die_if_not_set()"
+
+bash -cx "source $TOP/functions; X=`echo Y && true`; die_if_not_set X 'not OK'"
+if [[ $? != 0 ]]; then
+    echo "die_if_not_set [X='Y' true] Failed"
+else
+    echo 'OK'
+fi
+
+bash -cx "source $TOP/functions; X=`true`; die_if_not_set X 'OK'"
+if [[ $? = 0 ]]; then
+    echo "die_if_not_set [X='' true] Failed"
+fi
+
+bash -cx "source $TOP/functions; X=`echo Y && false`; die_if_not_set X 'not OK'"
+if [[ $? != 0 ]]; then
+    echo "die_if_not_set [X='Y' false] Failed"
+else
+    echo 'OK'
+fi
+
+bash -cx "source $TOP/functions; X=`false`; die_if_not_set X 'OK'"
+if [[ $? = 0 ]]; then
+    echo "die_if_not_set [X='' false] Failed"
+fi
+
+
+# Enabling/disabling services
+
+echo "Testing enable_service()"
+
+function test_enable_service {
+    local start="$1"
+    local add="$2"
+    local finish="$3"
+
+    ENABLED_SERVICES="$start"
+    enable_service $add
+    if [ "$ENABLED_SERVICES" = "$finish" ]; then
+        echo "OK: $start + $add -> $ENABLED_SERVICES"
+    else
+        echo "changing $start to $finish with $add failed: $ENABLED_SERVICES"
+    fi
+}
+
+test_enable_service '' a 'a'
+test_enable_service 'a' b 'a,b'
+test_enable_service 'a,b' c 'a,b,c'
+test_enable_service 'a,b' c 'a,b,c'
+test_enable_service 'a,b,' c 'a,b,c'
+test_enable_service 'a,b' c,d 'a,b,c,d'
+test_enable_service 'a,b' "c d" 'a,b,c,d'
+test_enable_service 'a,b,c' c 'a,b,c'
+
+test_enable_service 'a,b,-c' c 'a,b'
+test_enable_service 'a,b,c' -c 'a,b'
+
+function test_disable_service {
+    local start="$1"
+    local del="$2"
+    local finish="$3"
+
+    ENABLED_SERVICES="$start"
+    disable_service "$del"
+    if [ "$ENABLED_SERVICES" = "$finish" ]; then
+        echo "OK: $start - $del -> $ENABLED_SERVICES"
+    else
+        echo "changing $start to $finish with $del failed: $ENABLED_SERVICES"
+    fi
+}
+
+echo "Testing disable_service()"
+test_disable_service 'a,b,c' a 'b,c'
+test_disable_service 'a,b,c' b 'a,c'
+test_disable_service 'a,b,c' c 'a,b'
+
+test_disable_service 'a,b,c' a 'b,c'
+test_disable_service 'b,c' b 'c'
+test_disable_service 'c' c ''
+test_disable_service '' d ''
+
+test_disable_service 'a,b,c,' c 'a,b'
+test_disable_service 'a,b' c 'a,b'
+
+
+echo "Testing disable_all_services()"
+ENABLED_SERVICES=a,b,c
+disable_all_services
+
+if [[ -z "$ENABLED_SERVICES" ]]; then
+    echo "OK"
+else
+    echo "disabling all services FAILED: $ENABLED_SERVICES"
+fi
+
+echo "Testing disable_negated_services()"
+
+
+function test_disable_negated_services {
+    local start="$1"
+    local finish="$2"
+
+    ENABLED_SERVICES="$start"
+    disable_negated_services
+    if [ "$ENABLED_SERVICES" = "$finish" ]; then
+        echo "OK: $start + $add -> $ENABLED_SERVICES"
+    else
+        echo "changing $start to $finish failed: $ENABLED_SERVICES"
+    fi
 }
 
-test_truefalse
+test_disable_negated_services '-a' ''
+test_disable_negated_services '-a,a' ''
+test_disable_negated_services '-a,-a' ''
+test_disable_negated_services 'a,-a' ''
+test_disable_negated_services 'b,a,-a' 'b'
+test_disable_negated_services 'a,b,-a' 'b'
+test_disable_negated_services 'a,-a,b' 'b'
+
+
+echo "Testing is_package_installed()"
+
+if [[ -z "$os_PACKAGE" ]]; then
+    GetOSVersion
+fi
+
+if [[ "$os_PACKAGE" = "deb" ]]; then
+    is_package_installed dpkg
+    VAL=$?
+elif [[ "$os_PACKAGE" = "rpm" ]]; then
+    is_package_installed rpm
+    VAL=$?
+else
+    VAL=1
+fi
+if [[ "$VAL" -eq 0 ]]; then
+    echo "OK"
+else
+    echo "is_package_installed() on existing package failed"
+fi
+
+if [[ "$os_PACKAGE" = "deb" ]]; then
+    is_package_installed dpkg bash
+    VAL=$?
+elif [[ "$os_PACKAGE" = "rpm" ]]; then
+    is_package_installed rpm bash
+    VAL=$?
+else
+    VAL=1
+fi
+if [[ "$VAL" -eq 0 ]]; then
+    echo "OK"
+else
+    echo "is_package_installed() on more than one existing package failed"
+fi
+
+is_package_installed zzzZZZzzz
+VAL=$?
+if [[ "$VAL" -ne 0 ]]; then
+    echo "OK"
+else
+    echo "is_package_installed() on non-existing package failed"
+fi
+
+# test against removed package...was a bug on Ubuntu
+if is_ubuntu; then
+    PKG=cowsay
+    if ! (dpkg -s $PKG >/dev/null 2>&1); then
+        # it was never installed...set up the condition
+        sudo apt-get install -y cowsay >/dev/null 2>&1
+    fi
+    if (dpkg -s $PKG >/dev/null 2>&1); then
+        # remove it to create the 'un' status
+        sudo dpkg -P $PKG >/dev/null 2>&1
+    fi
+
+    # now test the installed check on a deleted package
+    is_package_installed $PKG
+    VAL=$?
+    if [[ "$VAL" -ne 0 ]]; then
+        echo "OK"
+    else
+        echo "is_package_installed() on deleted package failed"
+    fi
+fi
+
+# test isset function
+echo  "Testing isset()"
+you_should_not_have_this_variable=42
+
+if isset "you_should_not_have_this_variable"; then
+    echo "OK"
+else
+    echo "\"you_should_not_have_this_variable\" not declared. failed"
+fi
 
-report_results
+unset you_should_not_have_this_variable
+if isset "you_should_not_have_this_variable"; then
+    echo "\"you_should_not_have_this_variable\" looks like declared variable. failed"
+else
+    echo "OK"
+fi
diff --git a/tests/test_truefalse.sh b/tests/test_truefalse.sh
new file mode 100755
index 0000000000..e57948a407
--- /dev/null
+++ b/tests/test_truefalse.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Tests for DevStack meta-config functions
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP/functions
+source $TOP/tests/unittest.sh
+
+function test_truefalse {
+    local one=1
+    local captrue=True
+    local lowtrue=true
+    local abrevtrue=t
+    local zero=0
+    local capfalse=False
+    local lowfalse=false
+    local abrevfalse=f
+    for against in True False; do
+        for name in one captrue lowtrue abrevtrue; do
+            assert_equal "True" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
+        done
+    done
+    for against in True False; do
+        for name in zero capfalse lowfalse abrevfalse; do
+            assert_equal "False" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
+        done
+    done
+}
+
+test_truefalse
+
+report_results

From 9b845da478ae2fb65ac63de95f6005ecacbb52ce Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 13:10:33 +1000
Subject: [PATCH 0613/3421] Fix die_if_not_set tests

The "die_if_not_set" test has the LINENO as a positional argument.
The existing tests are not passing this in, so they are failing.

Along with this, remove the "-x" from the invocation and hide the
output of the tests that are expected to fail to avoid confusion.

Change-Id: Ibf6b9d7bb72b9f92831e1a90292ff8b0bec7faea
---
 tests/test_functions.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index 126080f1e3..4d0237afb7 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -13,26 +13,26 @@ source $TOP/openrc
 
 echo "Testing die_if_not_set()"
 
-bash -cx "source $TOP/functions; X=`echo Y && true`; die_if_not_set X 'not OK'"
+bash -c "source $TOP/functions; X=`echo Y && true`; die_if_not_set $LINENO X 'not OK'"
 if [[ $? != 0 ]]; then
     echo "die_if_not_set [X='Y' true] Failed"
 else
     echo 'OK'
 fi
 
-bash -cx "source $TOP/functions; X=`true`; die_if_not_set X 'OK'"
+bash -c "source $TOP/functions; X=`true`; die_if_not_set $LINENO X 'OK'" > /dev/null 2>&1
 if [[ $? = 0 ]]; then
     echo "die_if_not_set [X='' true] Failed"
 fi
 
-bash -cx "source $TOP/functions; X=`echo Y && false`; die_if_not_set X 'not OK'"
+bash -c "source $TOP/functions; X=`echo Y && false`; die_if_not_set $LINENO X 'not OK'"
 if [[ $? != 0 ]]; then
     echo "die_if_not_set [X='Y' false] Failed"
 else
     echo 'OK'
 fi
 
-bash -cx "source $TOP/functions; X=`false`; die_if_not_set X 'OK'"
+bash -c "source $TOP/functions; X=`false`; die_if_not_set $LINENO X 'OK'" > /dev/null 2>&1
 if [[ $? = 0 ]]; then
     echo "die_if_not_set [X='' false] Failed"
 fi

From 09f4ad227976eb95d70045b67d0f724294cf7e22 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 13:13:04 +1000
Subject: [PATCH 0614/3421] Convert test_functions.sh to use unittest helpers

This currently does not exit with any failure code when tests are
failing.  Convert it to use the helper functions from unittest.sh so
it correctly reports failures.

Change-Id: I2062d9c00ebffcc98ba75a12f480e4dd728ee080
---
 tests/test_functions.sh | 55 ++++++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index 4d0237afb7..a7914f7a1b 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -10,31 +10,32 @@ source $TOP/functions
 # Import configuration
 source $TOP/openrc
 
+source $TOP/tests/unittest.sh
 
 echo "Testing die_if_not_set()"
 
 bash -c "source $TOP/functions; X=`echo Y && true`; die_if_not_set $LINENO X 'not OK'"
 if [[ $? != 0 ]]; then
-    echo "die_if_not_set [X='Y' true] Failed"
+    failed "die_if_not_set [X='Y' true] Failed"
 else
-    echo 'OK'
+    passed 'OK'
 fi
 
 bash -c "source $TOP/functions; X=`true`; die_if_not_set $LINENO X 'OK'" > /dev/null 2>&1
 if [[ $? = 0 ]]; then
-    echo "die_if_not_set [X='' true] Failed"
+    failed "die_if_not_set [X='' true] Failed"
 fi
 
 bash -c "source $TOP/functions; X=`echo Y && false`; die_if_not_set $LINENO X 'not OK'"
 if [[ $? != 0 ]]; then
-    echo "die_if_not_set [X='Y' false] Failed"
+    failed "die_if_not_set [X='Y' false] Failed"
 else
-    echo 'OK'
+    passed 'OK'
 fi
 
 bash -c "source $TOP/functions; X=`false`; die_if_not_set $LINENO X 'OK'" > /dev/null 2>&1
 if [[ $? = 0 ]]; then
-    echo "die_if_not_set [X='' false] Failed"
+    failed "die_if_not_set [X='' false] Failed"
 fi
 
 
@@ -50,9 +51,9 @@ function test_enable_service {
     ENABLED_SERVICES="$start"
     enable_service $add
     if [ "$ENABLED_SERVICES" = "$finish" ]; then
-        echo "OK: $start + $add -> $ENABLED_SERVICES"
+        passed "OK: $start + $add -> $ENABLED_SERVICES"
     else
-        echo "changing $start to $finish with $add failed: $ENABLED_SERVICES"
+        failed "changing $start to $finish with $add failed: $ENABLED_SERVICES"
     fi
 }
 
@@ -76,9 +77,9 @@ function test_disable_service {
     ENABLED_SERVICES="$start"
     disable_service "$del"
     if [ "$ENABLED_SERVICES" = "$finish" ]; then
-        echo "OK: $start - $del -> $ENABLED_SERVICES"
+        passed "OK: $start - $del -> $ENABLED_SERVICES"
     else
-        echo "changing $start to $finish with $del failed: $ENABLED_SERVICES"
+        failed "changing $start to $finish with $del failed: $ENABLED_SERVICES"
     fi
 }
 
@@ -101,9 +102,9 @@ ENABLED_SERVICES=a,b,c
 disable_all_services
 
 if [[ -z "$ENABLED_SERVICES" ]]; then
-    echo "OK"
+    passed "OK"
 else
-    echo "disabling all services FAILED: $ENABLED_SERVICES"
+    failed "disabling all services FAILED: $ENABLED_SERVICES"
 fi
 
 echo "Testing disable_negated_services()"
@@ -116,9 +117,9 @@ function test_disable_negated_services {
     ENABLED_SERVICES="$start"
     disable_negated_services
     if [ "$ENABLED_SERVICES" = "$finish" ]; then
-        echo "OK: $start + $add -> $ENABLED_SERVICES"
+        passed "OK: $start + $add -> $ENABLED_SERVICES"
     else
-        echo "changing $start to $finish failed: $ENABLED_SERVICES"
+        failed "changing $start to $finish failed: $ENABLED_SERVICES"
     fi
 }
 
@@ -147,9 +148,9 @@ else
     VAL=1
 fi
 if [[ "$VAL" -eq 0 ]]; then
-    echo "OK"
+    passed "OK"
 else
-    echo "is_package_installed() on existing package failed"
+    failed "is_package_installed() on existing package failed"
 fi
 
 if [[ "$os_PACKAGE" = "deb" ]]; then
@@ -162,17 +163,17 @@ else
     VAL=1
 fi
 if [[ "$VAL" -eq 0 ]]; then
-    echo "OK"
+    passed "OK"
 else
-    echo "is_package_installed() on more than one existing package failed"
+    failed "is_package_installed() on more than one existing package failed"
 fi
 
 is_package_installed zzzZZZzzz
 VAL=$?
 if [[ "$VAL" -ne 0 ]]; then
-    echo "OK"
+    passed "OK"
 else
-    echo "is_package_installed() on non-existing package failed"
+    failed "is_package_installed() on non-existing package failed"
 fi
 
 # test against removed package...was a bug on Ubuntu
@@ -191,9 +192,9 @@ if is_ubuntu; then
     is_package_installed $PKG
     VAL=$?
     if [[ "$VAL" -ne 0 ]]; then
-        echo "OK"
+        passed "OK"
     else
-        echo "is_package_installed() on deleted package failed"
+        failed "is_package_installed() on deleted package failed"
     fi
 fi
 
@@ -202,14 +203,16 @@ echo  "Testing isset()"
 you_should_not_have_this_variable=42
 
 if isset "you_should_not_have_this_variable"; then
-    echo "OK"
+    passed "OK"
 else
-    echo "\"you_should_not_have_this_variable\" not declared. failed"
+    failed "\"you_should_not_have_this_variable\" not declared. failed"
 fi
 
 unset you_should_not_have_this_variable
 if isset "you_should_not_have_this_variable"; then
-    echo "\"you_should_not_have_this_variable\" looks like declared variable. failed"
+    failed "\"you_should_not_have_this_variable\" looks like declared variable."
 else
-    echo "OK"
+    passed "OK"
 fi
+
+report_results

From 9b64bbf06eab19534e58a1b7af1757e427e6b3b6 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 13:16:24 +1000
Subject: [PATCH 0615/3421] Remove old comment in run_tests.sh

The scope of this has expanded to run everything in ./tests

Change-Id: I640b0a8b7aa578ddd24dd3e58d5b2a1e09fe0284
---
 run_tests.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/run_tests.sh b/run_tests.sh
index c6b7da64c0..a9a3d0bb48 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -17,8 +17,6 @@
 PASSES=""
 FAILURES=""
 
-# Test that no one is trying to land crazy refs as branches
-
 for testfile in tests/test_*.sh; do
     $testfile
     if [[ $? -eq 0 ]]; then

From fa3e8412864a92715c296c6ed5e3828dd4bb2205 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 17 Apr 2015 11:53:40 +1000
Subject: [PATCH 0616/3421] Create config file in merge_config_file

Change If132a94e53545d9134859aa508da7b9819ede2f8 introduced a small
regression; it added an "inidelete" which looks in the config file to
delete rows.

However, at least for the test-case, the config file isn't created
yet.  The end result is that the test fails but we don't notice.

 2015-04-17 00:55:03.169 | merge_config_file test-multiline: sed: can't read test-multiline.conf: No such file or directory
 2015-04-17 00:55:03.195 | OK

So fix this up by creating the config-file if it isn't there.

Also, add "-e" to the test file so we catch things like this in the
future.

Change-Id: I43a4ecc247f19cccf51d5931dfb687adbd23d6b1
---
 inc/meta-config           | 8 ++++++++
 tests/test_meta_config.sh | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/inc/meta-config b/inc/meta-config
index c8789bf816..e5f902d1dd 100644
--- a/inc/meta-config
+++ b/inc/meta-config
@@ -86,6 +86,14 @@ function merge_config_file {
     local matchgroup=$2
     local configfile=$3
 
+    # note, configfile might be a variable (note the iniset, etc
+    # created in the mega-awk below is "eval"ed too, so we just leave
+    # it alone.
+    local real_configfile=$(eval echo $configfile)
+    if [ ! -f $real_configfile ]; then
+        touch $real_configfile
+    fi
+
     get_meta_section $file $matchgroup $configfile | \
     $CONFIG_AWK_CMD -v configfile=$configfile '
         BEGIN {
diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh
index 3ec65bf9b0..a04c081854 100755
--- a/tests/test_meta_config.sh
+++ b/tests/test_meta_config.sh
@@ -8,6 +8,8 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 source $TOP/inc/ini-config
 source $TOP/inc/meta-config
 
+set -e
+
 # check_result() tests and reports the result values
 # check_result "actual" "expected"
 function check_result {

From af9bf8663b43a2cc80f2c3adb09b8aa3641f99ab Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 16 Apr 2015 08:58:32 -0400
Subject: [PATCH 0617/3421] refactor ping_check

Encapsulate all the neutron specific things you have to do ping a
neutron guest into a separate script. Refactor the main ping_check so
all logic is contained within it.

Change-Id: Ic79d8e3a2473b978551a5635a11dba07e1020bb2
---
 exercises/boot_from_volume.sh |  2 +-
 exercises/euca.sh             |  2 +-
 exercises/floating_ips.sh     |  6 ++--
 exercises/neutron-adv-test.sh |  2 +-
 exercises/volumes.sh          |  2 +-
 functions                     | 61 ++++++++++++++++----------------
 lib/neutron-legacy            | 21 -----------
 tools/ping_neutron.sh         | 65 +++++++++++++++++++++++++++++++++++
 8 files changed, 104 insertions(+), 57 deletions(-)
 create mode 100755 tools/ping_neutron.sh

diff --git a/exercises/boot_from_volume.sh b/exercises/boot_from_volume.sh
index aa348307af..d520b9bbbf 100755
--- a/exercises/boot_from_volume.sh
+++ b/exercises/boot_from_volume.sh
@@ -182,7 +182,7 @@ IP=$(get_instance_ip $VM_UUID $PRIVATE_NETWORK_NAME)
 die_if_not_set $LINENO IP "Failure retrieving IP address"
 
 # Private IPs can be pinged in single node deployments
-ping_check "$PRIVATE_NETWORK_NAME" $IP $BOOT_TIMEOUT
+ping_check $IP $BOOT_TIMEOUT "$PRIVATE_NETWORK_NAME"
 
 # Clean up
 # --------
diff --git a/exercises/euca.sh b/exercises/euca.sh
index df5e233b8d..c2957e222b 100755
--- a/exercises/euca.sh
+++ b/exercises/euca.sh
@@ -142,7 +142,7 @@ else
         die $LINENO "Failure authorizing rule in $SECGROUP"
 
     # Test we can ping our floating ip within ASSOCIATE_TIMEOUT seconds
-    ping_check "$PUBLIC_NETWORK_NAME" $FLOATING_IP $ASSOCIATE_TIMEOUT
+    ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME"
 
     # Revoke pinging
     euca-revoke -P icmp -s 0.0.0.0/0 -t -1:-1 $SECGROUP || \
diff --git a/exercises/floating_ips.sh b/exercises/floating_ips.sh
index 59444e1ebd..4b72a0073f 100755
--- a/exercises/floating_ips.sh
+++ b/exercises/floating_ips.sh
@@ -139,7 +139,7 @@ IP=$(get_instance_ip $VM_UUID $PRIVATE_NETWORK_NAME)
 die_if_not_set $LINENO IP "Failure retrieving IP address"
 
 # Private IPs can be pinged in single node deployments
-ping_check "$PRIVATE_NETWORK_NAME" $IP $BOOT_TIMEOUT
+ping_check $IP $BOOT_TIMEOUT "$PRIVATE_NETWORK_NAME"
 
 # Floating IPs
 # ------------
@@ -158,7 +158,7 @@ nova add-floating-ip $VM_UUID $FLOATING_IP || \
     die $LINENO "Failure adding floating IP $FLOATING_IP to $VM_NAME"
 
 # Test we can ping our floating IP within ASSOCIATE_TIMEOUT seconds
-ping_check "$PUBLIC_NETWORK_NAME" $FLOATING_IP $ASSOCIATE_TIMEOUT
+ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME"
 
 if ! is_service_enabled neutron; then
     # Allocate an IP from second floating pool
@@ -182,7 +182,7 @@ fi
 # FIXME (anthony): make xs support security groups
 if [ "$VIRT_DRIVER" != "ironic" -a "$VIRT_DRIVER" != "xenserver" -a "$VIRT_DRIVER" != "openvz" ]; then
     # Test we can aren't able to ping our floating ip within ASSOCIATE_TIMEOUT seconds
-    ping_check "$PUBLIC_NETWORK_NAME" $FLOATING_IP $ASSOCIATE_TIMEOUT Fail
+    ping_check $FLOATING_IP $ASSOCIATE_TIMEOUT "$PUBLIC_NETWORK_NAME" Fail
 fi
 
 # Clean up
diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index 9230587817..04892b0e93 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -281,7 +281,7 @@ function ping_ip {
     local VM_NAME=$1
     local NET_NAME=$2
     IP=$(get_instance_ip $VM_NAME $NET_NAME)
-    ping_check $NET_NAME $IP $BOOT_TIMEOUT
+    ping_check $IP $BOOT_TIMEOUT $NET_NAME
 }
 
 function check_vm {
diff --git a/exercises/volumes.sh b/exercises/volumes.sh
index 3ac2016254..f95c81fdf1 100755
--- a/exercises/volumes.sh
+++ b/exercises/volumes.sh
@@ -143,7 +143,7 @@ IP=$(get_instance_ip $VM_UUID $PRIVATE_NETWORK_NAME)
 die_if_not_set $LINENO IP "Failure retrieving IP address"
 
 # Private IPs can be pinged in single node deployments
-ping_check "$PRIVATE_NETWORK_NAME" $IP $BOOT_TIMEOUT
+ping_check $IP $BOOT_TIMEOUT "$PRIVATE_NETWORK_NAME"
 
 # Volumes
 # -------
diff --git a/functions b/functions
index 4dc20e7f23..339779c338 100644
--- a/functions
+++ b/functions
@@ -340,39 +340,42 @@ function wait_for_service {
 
 
 # ping check
-# Uses globals ``ENABLED_SERVICES``
-# ping_check from-net ip boot-timeout expected
+# Uses globals ``ENABLED_SERVICES``, ``TOP_DIR``, ``MULTI_HOST``, ``PRIVATE_NETWORK``
+# ping_check  [boot-timeout] [from_net] [expected]
 function ping_check {
-    if is_service_enabled neutron; then
-        _ping_check_neutron  "$1" $2 $3 $4
-        return
+    local ip=$1
+    local timeout=${2:-30}
+    local from_net=${3:-""}
+    local expected=${4:-True}
+    local op="!"
+    local failmsg="[Fail] Couldn't ping server"
+    local ping_cmd="ping"
+
+    # if we don't specify a from_net we're expecting things to work
+    # fine from our local box.
+    if [[ -n "$from_net" ]]; then
+        if is_service_enabled neutron; then
+            ping_cmd="$TOP_DIR/tools/ping_neutron.sh $from_net"
+        elif [[ "$MULTI_HOST" = "True" && "$from_net" = "$PRIVATE_NETWORK_NAME" ]]; then
+            # there is no way to address the multihost / private case, bail here for compatibility.
+            # TODO: remove this cruft and redo code to handle this at the caller level.
+            return
+        fi
     fi
-    _ping_check_novanet "$1" $2 $3 $4
-}
 
-# ping check for nova
-# Uses globals ``MULTI_HOST``, ``PRIVATE_NETWORK``
-function _ping_check_novanet {
-    local from_net=$1
-    local ip=$2
-    local boot_timeout=$3
-    local expected=${4:-"True"}
-    local check_command=""
-    MULTI_HOST=$(trueorfalse False MULTI_HOST)
-    if [[ "$MULTI_HOST" = "True" && "$from_net" = "$PRIVATE_NETWORK_NAME" ]]; then
-        return
+    # inverse the logic if we're testing no connectivity
+    if [[ "$expected" != "True" ]]; then
+        op=""
+        failmsg="[Fail] Could ping server"
     fi
-    if [[ "$expected" = "True" ]]; then
-        check_command="while ! ping -c1 -w1 $ip; do sleep 1; done"
-    else
-        check_command="while ping -c1 -w1 $ip; do sleep 1; done"
-    fi
-    if ! timeout $boot_timeout sh -c "$check_command"; then
-        if [[ "$expected" = "True" ]]; then
-            die $LINENO "[Fail] Couldn't ping server"
-        else
-            die $LINENO "[Fail] Could ping server"
-        fi
+
+    # Because we've transformed this command so many times, print it
+    # out at the end.
+    local check_command="while $op $ping_cmd -c1 -w1 $ip; do sleep 1; done"
+    echo "Checking connectivity with $check_command"
+
+    if ! timeout $timeout sh -c "$check_command"; then
+        die $LINENO $failmsg
     fi
 }
 
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c6d9296fba..80e78d5db6 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1404,27 +1404,6 @@ function _get_probe_cmd_prefix {
     echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
 }
 
-function _ping_check_neutron {
-    local from_net=$1
-    local ip=$2
-    local timeout_sec=$3
-    local expected=${4:-"True"}
-    local check_command=""
-    probe_cmd=`_get_probe_cmd_prefix $from_net`
-    if [[ "$expected" = "True" ]]; then
-        check_command="while ! $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
-    else
-        check_command="while $probe_cmd ping -w 1 -c 1 $ip; do sleep 1; done"
-    fi
-    if ! timeout $timeout_sec sh -c "$check_command"; then
-        if [[ "$expected" = "True" ]]; then
-            die $LINENO "[Fail] Couldn't ping server"
-        else
-            die $LINENO "[Fail] Could ping server"
-        fi
-    fi
-}
-
 # ssh check
 function _ssh_check_neutron {
     local from_net=$1
diff --git a/tools/ping_neutron.sh b/tools/ping_neutron.sh
new file mode 100755
index 0000000000..d36b7f60c8
--- /dev/null
+++ b/tools/ping_neutron.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Ping a neutron guest using a network namespace probe
+
+set -o errexit
+set -o pipefail
+
+TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
+
+# This *must* be run as the admin tenant
+source $TOP_DIR/openrc admin admin
+
+function usage {
+    cat - < [ping args]
+
+This provides a wrapper to ping neutron guests that are on isolated
+tenant networks that the caller can't normally reach. It does so by
+creating a network namespace probe.
+
+It takes arguments like ping, except the first arg must be the network
+name.
+
+Note: in environments with duplicate network names, the results are
+non deterministic.
+
+This should *really* be in the neutron cli.
+
+EOF
+    exit 1
+}
+
+NET_NAME=$1
+
+if [[ -z "$NET_NAME" ]]; then
+    echo "Error: net_name is required"
+    usage
+fi
+
+REMANING_ARGS="${@:2}"
+
+# BUG: with duplicate network names, this fails pretty hard.
+NET_ID=$(neutron net-list $NET_NAME | grep "$NET_NAME" | awk '{print $2}')
+PROBE_ID=$(neutron-debug probe-list -c id -c network_id | grep "$NET_ID" | awk '{print $2}' | head -n 1)
+
+# This runs a command inside the specific netns
+NET_NS_CMD="ip netns exec qprobe-$PROBE_ID"
+
+PING_CMD="sudo $NET_NS_CMD ping $REMAING_ARGS"
+echo "Running $PING_CMD"
+$PING_CMD

From 645114b7133bc70fb52f9f0c3f841766595358c8 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Tue, 3 Mar 2015 10:56:03 -0500
Subject: [PATCH 0618/3421] Set DevStack to dual stack by default in Kilo+

This patch sets DevStack to run in dual stack networking, with both IPv4
and IPv6 networking configured. This change is required for dual stack
testing at the gate.

A different patch was created against devstack-gate to make this the
default, but the Juno branch of Neutron is missing required fixes to the
L3 agent that are present in Kilo. This was the suggested alternative.

Related-change: I3d416275f77913769b98e77f7e47bed17fc4d1cc

Co-Authored-By: Henry Gessau 
Co-Authored-By: Andrew Boik 

Depends-On: Ib66a9109cc1c7999474daca5970d0af1f70886e4
Depends-On: I0f9ea98cb84aa72cb1505fb9ff8ac61561cc1376
Depends-On: I85fe68782bc54f28f3e14aa4a1d042cb15959dac
Depends-On: I9395834f673038dc23b25eaeefe14895fe154e0e

Change-Id: If0e0b818355e4cb1338f7fa72af5e81e24361574
---
 lib/neutron-legacy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c6d9296fba..bad2001608 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -65,7 +65,7 @@ GATEWAY_TIMEOUT=30
 # -----------------------------
 
 # Subnet IP version
-IP_VERSION=${IP_VERSION:-4}
+IP_VERSION=${IP_VERSION:-"4+6"}
 # Validate IP_VERSION
 if [[ $IP_VERSION != "4" ]] && [[ $IP_VERSION != "6" ]] && [[ $IP_VERSION != "4+6" ]]; then
     die $LINENO "IP_VERSION must be either 4, 6, or 4+6"

From 95b994d54815027904504cf173451cd87fd99c66 Mon Sep 17 00:00:00 2001
From: John Griffith 
Date: Sat, 18 Apr 2015 11:20:15 -0600
Subject: [PATCH 0619/3421] Add logging config to cinder.conf

Part of the effort to clean up the Cinder logs is to use
the resource tag in the log format.  We also want to have
some consistency with other projects in how we do logging.

This change adds the logging format to cinder.conf similar to
what Nova and others use, and most importantly turns on the use
of the resource tag that's in olso_log.

We're slowly cleaning up the logging in Cinder by doing things
like replacing "Delete volume %(volume_id)s compoleted" with
("Delete volume completed successfully.", resource=volume)

It woudl be good to have these picked up as we transition so we're
not missing info.  Also, there's sure to be cases where "volume"
isn't a valid dbref and we find issues that need fixed.

Change-Id: I193637fea14d97183f6a9782f37d8edcf929e0c4
---
 lib/cinder | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index de41bc5f79..6439903953 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -264,6 +264,9 @@ function configure_cinder {
     # Format logging
     if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
         setup_colorized_logging $CINDER_CONF DEFAULT "project_id" "user_id"
+    else
+        # Set req-id, project-name and resource in log format
+        iniset $CINDER_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(project_name)s] %(resource)s%(message)s"
     fi
 
     if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then

From 71e4e6f601381494e640f424876bad0f92b6dc9b Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Mon, 16 Mar 2015 16:33:01 -0400
Subject: [PATCH 0620/3421] ceilometer: add tempest option to test events

event support in Ceilometer was implemented in Kilo. to enable
tests in tempest, we add an option to run tests only on Kilo+
branch.

Change-Id: Ia4a73b7df343e31e6301f8314490fd42a01b7cd0
---
 lib/tempest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tempest b/lib/tempest
index f856ce05f9..06413f7110 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -411,6 +411,7 @@ function configure_tempest {
     # Ceilometer API optimization happened in juno that allows to run more tests in tempest.
     # Once Tempest retires support for icehouse this flag can be removed.
     iniset $TEMPEST_CONFIG telemetry too_slow_to_test "False"
+    iniset $TEMPEST_CONFIG telemetry-feature-enabled events "True"
 
     # Object storage
     local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"}

From 72a8be60cd6b6efd32ebe2d81346ece48434510f Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 9 Apr 2015 13:51:23 +1000
Subject: [PATCH 0621/3421] Add a peak memory tracker to dstat

We can see at-a-glance memory usage during the run with dstat but we
have no way to break that down into an overview of where memory is
going.

This adds a peer-service to dstat that records snapshots of the system
during peak memory usage.  It checks periodically if there is less
memory available than before and, if so, records the running processes
and vm overview.

The intent is to add logic into the verify-pipeline jobs to use this
report and send statistics on peak memory usage to statsd [1].  We can
then build a picture of memory-usage growth over time.  This type of
report would have allowed better insight into issues such as
introduced by Idf3a3a914b54779172776822710b3e52e751b1d1 where
memory-usage jumped dramatically after switching to pip versions of
libraries.  Tracking details of memory usage is going to be an
important part of future development.

[1] http://graphite.openstack.org/

Change-Id: I4b0a8f382dcaa09331987ab84a68546ec29cbc18
---
 lib/dstat                |  6 +++
 tools/peakmem_tracker.sh | 96 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 102 insertions(+)
 create mode 100755 tools/peakmem_tracker.sh

diff --git a/lib/dstat b/lib/dstat
index 4b22752ced..f11bfa55c0 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -21,11 +21,17 @@ function start_dstat {
     # A better kind of sysstat, with the top process per time slice
     DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
     run_process dstat "dstat $DSTAT_OPTS"
+
+    # To enable peakmem_tracker add:
+    #    enable_service peakmem_tracker
+    # to your localrc
+    run_process peakmem_tracker "$TOP_DIR/tools/peakmem_tracker.sh"
 }
 
 # stop_dstat() stop dstat process
 function stop_dstat {
     stop_process dstat
+    stop_process peakmem_tracker
 }
 
 # Restore xtrace
diff --git a/tools/peakmem_tracker.sh b/tools/peakmem_tracker.sh
new file mode 100755
index 0000000000..0d5728a538
--- /dev/null
+++ b/tools/peakmem_tracker.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -o errexit
+
+# time to sleep between checks
+SLEEP_TIME=20
+
+# MemAvailable is the best estimation and has built-in heuristics
+# around reclaimable memory.  However, it is not available until 3.14
+# kernel (i.e. Ubuntu LTS Trusty misses it).  In that case, we fall
+# back to free+buffers+cache as the available memory.
+USE_MEM_AVAILBLE=0
+if grep -q '^MemAvailable:' /proc/meminfo; then
+    USE_MEM_AVAILABLE=1
+fi
+
+function get_mem_available {
+    if [[ $USE_MEM_AVAILABLE -eq 1 ]]; then
+        awk '/^MemAvailable:/ {print $2}' /proc/meminfo
+    else
+        awk '/^MemFree:/ {free=$2}
+            /^Buffers:/ {buffers=$2}
+            /^Cached:/  {cached=$2}
+            END { print free+buffers+cached }' /proc/meminfo
+    fi
+}
+
+# whenever we see less memory available than last time, dump the
+# snapshot of current usage; i.e. checking the latest entry in the
+# file will give the peak-memory usage
+function tracker {
+    local low_point=$(get_mem_available)
+    while [ 1 ]; do
+
+        local mem_available=$(get_mem_available)
+
+        if [[ $mem_available -lt $low_point ]]; then
+            low_point=$mem_available
+            echo "[[["
+            date
+            echo "---"
+            # always available greppable output; given difference in
+            # meminfo output as described above...
+            echo "peakmem_tracker low_point: $mem_available"
+            echo "---"
+            cat /proc/meminfo
+            echo "---"
+            # would hierarchial view be more useful (-H)?  output is
+            # not sorted by usage then, however, and the first
+            # question is "what's using up the memory"
+            #
+            # there are a lot of kernel threads, especially on a 8-cpu
+            # system.  do a best-effort removal to improve
+            # signal/noise ratio of output.
+            ps --sort=-pmem -eo pid:10,pmem:6,rss:15,ppid:10,cputime:10,nlwp:8,wchan:25,args:100 |
+                grep -v ']$'
+            echo "]]]"
+        fi
+
+        sleep $SLEEP_TIME
+    done
+}
+
+function usage {
+    echo "Usage: $0 [-x] [-s N]" 1>&2
+    exit 1
+}
+
+while getopts ":s:x" opt; do
+    case $opt in
+        s)
+            SLEEP_TIME=$OPTARG
+            ;;
+        x)
+            set -o xtrace
+            ;;
+        *)
+            usage
+            ;;
+    esac
+done
+shift $((OPTIND-1))
+
+tracker

From a80cb815fff0b625718550a2f19a0be08c1af6a1 Mon Sep 17 00:00:00 2001
From: Morgan Fainberg 
Date: Thu, 12 Mar 2015 17:55:51 -0700
Subject: [PATCH 0622/3421] Add response time to keystone access log

Add the response time to keystone's access log for each request. This
will be the last element in the log-line and will be represented in
microseconds.

Change-Id: I19204369af5cdf06df2237550c350dfb3ffc995d
---
 files/apache-keystone.template | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1d20af7f90..0b914e2b8f 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -1,5 +1,6 @@
 Listen %PUBLICPORT%
 Listen %ADMINPORT%
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
 
 
     WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
@@ -11,7 +12,7 @@ Listen %ADMINPORT%
       ErrorLogFormat "%{cu}t %M"
     
     ErrorLog /var/log/%APACHE_NAME%/keystone.log
-    CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined
+    CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
@@ -27,7 +28,7 @@ Listen %ADMINPORT%
       ErrorLogFormat "%{cu}t %M"
     
     ErrorLog /var/log/%APACHE_NAME%/keystone.log
-    CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined
+    CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%

From 8f5fe871a45585fdbc72aacca6f8528b1f4d328d Mon Sep 17 00:00:00 2001
From: Ramakrishnan G 
Date: Fri, 17 Apr 2015 12:48:39 +0000
Subject: [PATCH 0623/3421] Fix issue with ml2 plugin on using provider network

This commit fixes the issue that ml2 plugin
sets 'flat_networks' in ml2 configuration file as
empty.  The value of 'flat_networks' need to be set
as the name of the physical network that was specified
in the localrc file (or it's default value).

Change-Id: Ib4c31f6576da57534b36aefebd1ca8cd397c6c1a
---
 lib/neutron_plugins/ml2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index e3b2c4dd28..abe6ea70f5 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -89,7 +89,7 @@ function neutron_plugin_configure_service {
 
     # Allow for setup the flat type network
     if [[ -z "$Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS" && -n "$PHYSICAL_NETWORK" ]]; then
-            Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS="flat_networks=$Q_ML2_FLAT_PHYSNET_OPTIONS"
+            Q_ML2_PLUGIN_FLAT_TYPE_OPTIONS="flat_networks=$PHYSICAL_NETWORK"
     fi
     # REVISIT(rkukura): Setting firewall_driver here for
     # neutron.agent.securitygroups_rpc.is_firewall_enabled() which is

From 2ed09d88fb2847fe8ec813bf518dd945d8d813fa Mon Sep 17 00:00:00 2001
From: Shilla Saebi 
Date: Tue, 21 Apr 2015 15:02:13 -0400
Subject: [PATCH 0624/3421] made several changes to guides to comply to doc
 conventions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

“Speed not required” is not a sentence
Gb should be GB
added a , after floating IPs
fixed sentence around “To implement a true multi-node test of Swift
since it did not make sense
removed extra underline line after Machines
removed capitalization of service names to comply with docs conventions
https://wiki.openstack.org/wiki/Documentation/Conventions
changed to DevStack for consistency throughout
Change-Id: I531bf6b2bad62fbf9d1417b2b1ce06de3715e0f0
---
 .../guides/devstack-with-nested-kvm.rst       |  4 +--
 doc/source/guides/multinode-lab.rst           | 16 ++++++------
 doc/source/guides/neutron.rst                 | 26 +++++++++----------
 doc/source/guides/nova.rst                    |  8 +++---
 doc/source/guides/single-vm.rst               |  8 +++---
 5 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index 610300be52..b35492ea17 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -54,7 +54,7 @@ that by ensuring `/dev/kvm` character device is present.
 
 
 Configure Nested KVM for AMD-based Machines
---------------------------------------------
+-------------------------------------------
 
 Procedure to enable nested KVM virtualization on AMD-based machines.
 
@@ -121,7 +121,7 @@ attribute `virt_type = kvm` in `/etc/nova.conf`; otherwise, it'll fall
 back to `virt_type=qemu`, i.e. plain QEMU emulation.
 
 Optionally, to explicitly set the type of virtualization, to KVM, by the
-libvirt driver in Nova, the below config attribute can be used in
+libvirt driver in nova, the below config attribute can be used in
 DevStack's ``local.conf``:
 
 ::
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index d963243fa8..b2617c9f17 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -262,17 +262,17 @@ for scripting:
 Swift
 -----
 
-Swift requires a significant amount of resources and is disabled by
-default in DevStack. The support in DevStack is geared toward a minimal
-installation but can be used for testing. To implement a true multi-node
-test of Swift required more than DevStack provides. Enabling it is as
+Swift, OpenStack Object Storage, requires a significant amount of resources
+and is disabled by default in DevStack. The support in DevStack is geared 
+toward a minimal installation but can be used for testing. To implement a
+true multi-node test of swift, additional steps will be required. Enabling it is as
 simple as enabling the ``swift`` service in ``local.conf``:
 
 ::
 
     enable_service s-proxy s-object s-container s-account
 
-Swift will put its data files in ``SWIFT_DATA_DIR`` (default
+Swift, OpenStack Object Storage, will put its data files in ``SWIFT_DATA_DIR`` (default
 ``/opt/stack/data/swift``). The size of the data 'partition' created
 (really a loop-mounted file) is set by ``SWIFT_LOOPBACK_DISK_SIZE``. The
 Swift config files are located in ``SWIFT_CONF_DIR`` (default
@@ -334,14 +334,14 @@ After making changes to the repository or branch, if ``RECLONE`` is not
 set in ``localrc`` it may be necessary to remove the corresponding
 directory from ``/opt/stack`` to force git to re-clone the repository.
 
-For example, to pull Nova from a proposed release candidate in the
-primary Nova repository:
+For example, to pull nova, OpenStack Compute, from a proposed release candidate
+in the primary nova repository:
 
 ::
 
     NOVA_BRANCH=rc-proposed
 
-To pull Glance from an experimental fork:
+To pull glance, OpenStack Image service, from an experimental fork:
 
 ::
 
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 95cde9699a..3030c7b5f2 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -1,14 +1,14 @@
 ======================================
-Using DevStack with Neutron Networking
+Using DevStack with neutron Networking
 ======================================
 
-This guide will walk you through using OpenStack Neutron with the ML2
+This guide will walk you through using OpenStack neutron with the ML2
 plugin and the Open vSwitch mechanism driver.
 
 Network Interface Configuration
 ===============================
 
-To use Neutron, it is suggested that two network interfaces be present
+To use neutron, it is suggested that two network interfaces be present
 in the host operating system.
 
 The first interface, eth0 is used for the OpenStack management (API,
@@ -62,7 +62,7 @@ connectivity.
 Disabling Next Generation Firewall Tools
 ========================================
 
-Devstack does not properly operate with modern firewall tools.  Specifically
+DevStack does not properly operate with modern firewall tools.  Specifically
 it will appear as if the guest VM can access the external network via ICMP,
 but UDP and TCP packets will not be delivered to the guest VM.  The root cause
 of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
@@ -96,13 +96,13 @@ disable ufw if it was enabled, do the following:
 Neutron Networking with Open vSwitch
 ====================================
 
-Configuring Neutron networking in DevStack is very similar to
+Configuring neutron, OpenStack Networking in DevStack is very similar to
 configuring `nova-network` - many of the same configuration variables
 (like `FIXED_RANGE` and `FLOATING_RANGE`) used by `nova-network` are
-used by Neutron, which is intentional.
+used by neutron, which is intentional.
 
 The only difference is the disabling of `nova-network` in your
-local.conf, and the enabling of the Neutron components.
+local.conf, and the enabling of the neutron components.
 
 
 Configuration
@@ -134,16 +134,16 @@ in a real setup FLOATING_RANGE would be a public IP address range.
 Neutron Networking with Open vSwitch and Provider Networks
 ==========================================================
 
-In some instances, it is desirable to use Neutron's provider
+In some instances, it is desirable to use neutron's provider
 networking extension, so that networks that are configured on an
-external router can be utilized by Neutron, and instances created via
+external router can be utilized by neutron, and instances created via
 Nova can attach to the network managed by the external router.
 
 For example, in some lab environments, a hardware router has been
 pre-configured by another party, and an OpenStack developer has been
 given a VLAN tag and IP address range, so that instances created via
 DevStack will use the external router for L3 connectivity, as opposed
-to the Neutron L3 service.
+to the neutron L3 service.
 
 
 Service Configuration
@@ -152,8 +152,8 @@ Service Configuration
 **Control Node**
 
 In this example, the control node will run the majority of the
-OpenStack API and management services (Keystone, Glance,
-Nova, Neutron, etc..)
+OpenStack API and management services (keystone, glance,
+nova, neutron)
 
 
 **Compute Nodes**
@@ -226,4 +226,4 @@ DevStack will automatically add the network interface defined in
 For example, with the above  configuration, a bridge is
 created, named `br-ex` which is managed by Open vSwitch, and the
 second interface on the compute node, `eth1` is attached to the
-bridge, to forward traffic sent by guest vms.
+bridge, to forward traffic sent by guest VMs.
diff --git a/doc/source/guides/nova.rst b/doc/source/guides/nova.rst
index 0d98f4abad..a91e0d194c 100644
--- a/doc/source/guides/nova.rst
+++ b/doc/source/guides/nova.rst
@@ -1,15 +1,15 @@
 =================
-Nova and devstack
+Nova and DevStack
 =================
 
 This is a rough guide to various configuration parameters for nova
-running with devstack.
+running with DevStack.
 
 
 nova-serialproxy
 ================
 
-In Juno nova implemented a `spec
+In Juno, nova implemented a `spec
 `_
 to allow read/write access to the serial console of an instance via
 `nova-serialproxy
@@ -60,7 +60,7 @@ The service can be enabled by adding ``n-sproxy`` to
     #proxyclient_address=127.0.0.1
 
 
-Enabling the service is enough to be functional for a single machine devstack.
+Enabling the service is enough to be functional for a single machine DevStack.
 
 These config options are defined in `nova.console.serial
 `_
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index ab46d91b83..c2ce1a34a0 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -3,10 +3,10 @@ All-In-One Single VM
 ====================
 
 Use the cloud to build the cloud! Use your cloud to launch new versions
-of OpenStack in about 5 minutes. When you break it, start over! The VMs
+of OpenStack in about 5 minutes. If you break it, start over! The VMs
 launched in the cloud will be slow as they are running in QEMU
 (emulation), but their primary use is testing OpenStack development and
-operation. Speed not required.
+operation.
 
 Prerequisites Cloud & Image
 ===========================
@@ -15,7 +15,7 @@ Virtual Machine
 ---------------
 
 DevStack should run in any virtual machine running a supported Linux
-release. It will perform best with 4Gb or more of RAM.
+release. It will perform best with 4GB or more of RAM.
 
 OpenStack Deployment & cloud-init
 ---------------------------------
@@ -88,7 +88,7 @@ Using OpenStack
 ---------------
 
 At this point you should be able to access the dashboard. Launch VMs and
-if you give them floating IPs access those VMs from other machines on
+if you give them floating IPs, access those VMs from other machines on
 your network.
 
 One interesting use case is for developers working on a VM on their

From fad7b43abece71ccee09bf0a3b729c72e81d9465 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 21 Apr 2015 13:32:11 -0400
Subject: [PATCH 0625/3421] testr requires python's gdbm

Debian/Ubuntu have *helpfully* removed gdbm from the base python
package and put it into another package, which is not dragged in by
installing python. Testr doesn't function without this.

We should ensure this always gets installed.

Depends-On: If48a8444b02ee1e105bc1d9ce78a0489ea0c405b

Change-Id: I85a0ffe5ee384e055e78fd3164c27d42a86bc39d
---
 files/debs/general | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/debs/general b/files/debs/general
index c27b77de18..146052643c 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -17,6 +17,7 @@ tcpdump
 tar
 python-dev
 python2.7
+python-gdbm # needed for testr
 bc
 libyaml-dev
 libffi-dev

From 74a85b0f2954f96eeda876ec8fc8f43017aa8a82 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Wed, 22 Apr 2015 18:02:39 +0000
Subject: [PATCH 0626/3421] Set policy_file in the oslo_policy group

policy_file in DEFAULT is deprecated

Change-Id: I6698a810d5e6c395a18aed8066e61f8c4bae2408
---
 lib/ceilometer     | 2 +-
 lib/ironic         | 2 +-
 lib/neutron-legacy | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 3a4a4fb167..9abdbfe286 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -195,7 +195,7 @@ function configure_ceilometer {
 
     # Install the policy file for the API server
     cp $CEILOMETER_DIR/etc/ceilometer/policy.json $CEILOMETER_CONF_DIR
-    iniset $CEILOMETER_CONF DEFAULT policy_file $CEILOMETER_CONF_DIR/policy.json
+    iniset $CEILOMETER_CONF oslo_policy policy_file $CEILOMETER_CONF_DIR/policy.json
 
     cp $CEILOMETER_DIR/etc/ceilometer/pipeline.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/event_pipeline.yaml $CEILOMETER_CONF_DIR
diff --git a/lib/ironic b/lib/ironic
index 4ac0100410..4a37f0aafa 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -296,7 +296,7 @@ function configure_ironic {
 # API specific configuration.
 function configure_ironic_api {
     iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
-    iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
+    iniset $IRONIC_CONF_FILE oslo_policy policy_file $IRONIC_POLICY_JSON
 
     # TODO(Yuki Nishiwaki): This is a temporary work-around until Ironic is fixed(bug#1422632).
     # These codes need to be changed to use the function of configure_auth_token_middleware
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 3072d0a0ed..ac1cd0ffc2 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1081,7 +1081,7 @@ function _configure_neutron_service {
 
     iniset $NEUTRON_CONF DEFAULT verbose True
     iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $NEUTRON_CONF DEFAULT policy_file $Q_POLICY_FILE
+    iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
     iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
 
     iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY

From 2796a82ab48107d4445c03938e037e60dd1bbfa9 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 15 Apr 2015 08:59:04 +1000
Subject: [PATCH 0627/3421] Fix negated services with common prefix

The current sed matching mixes up common-prefix matching;
e.g. "-q-lbaas,q-lbaasv2" is changed into just "v2"

This is more verbose, but I think more reliable.  See also
Ib50f782824f89ae4eb9787f11d42416704babd90.

Change-Id: I3faad0841834e24acc811c05015625cf7f848b19
---
 functions-common        | 32 ++++++++++++++++++++++++++++----
 tests/test_functions.sh | 10 +++++++++-
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/functions-common b/functions-common
index 24a462ac21..e6af662069 100644
--- a/functions-common
+++ b/functions-common
@@ -1621,14 +1621,38 @@ function disable_all_services {
 # Uses global ``ENABLED_SERVICES``
 # disable_negated_services
 function disable_negated_services {
-    local tmpsvcs="${ENABLED_SERVICES}"
+    local to_remove=""
+    local remaining=""
+    local enabled=""
     local service
-    for service in ${tmpsvcs//,/ }; do
+
+    # build up list of services that should be removed; i.e. they
+    # begin with "-"
+    for service in ${ENABLED_SERVICES//,/ }; do
         if [[ ${service} == -* ]]; then
-            tmpsvcs=$(echo ${tmpsvcs}|sed -r "s/(,)?(-)?${service#-}(,)?/,/g")
+            to_remove+=",${service#-}"
+        else
+            remaining+=",${service}"
         fi
     done
-    ENABLED_SERVICES=$(_cleanup_service_list "$tmpsvcs")
+
+    # go through the service list.  if this service appears in the "to
+    # be removed" list, drop it
+    for service in ${remaining//,/ }; do
+        local remove
+        local add=1
+        for remove in ${to_remove//,/ }; do
+            if [[ ${remove} == ${service} ]]; then
+                add=0
+                break
+            fi
+        done
+        if [[ $add == 1 ]]; then
+            enabled="${enabled},$service"
+        fi
+    done
+
+    ENABLED_SERVICES=$(_cleanup_service_list "$enabled")
 }
 
 # disable_service() removes the services passed as argument to the
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index a7914f7a1b..4ebb00085e 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -130,7 +130,15 @@ test_disable_negated_services 'a,-a' ''
 test_disable_negated_services 'b,a,-a' 'b'
 test_disable_negated_services 'a,b,-a' 'b'
 test_disable_negated_services 'a,-a,b' 'b'
-
+test_disable_negated_services 'a,aa,-a' 'aa'
+test_disable_negated_services 'aa,-a' 'aa'
+test_disable_negated_services 'a_a, -a_a' ''
+test_disable_negated_services 'a-b, -a-b' ''
+test_disable_negated_services 'a-b, b, -a-b' 'b'
+test_disable_negated_services 'a,-a,av2,b' 'av2,b'
+test_disable_negated_services 'a,aa,-a' 'aa'
+test_disable_negated_services 'a,av2,-a,a' 'av2'
+test_disable_negated_services 'a,-a,av2' 'av2'
 
 echo "Testing is_package_installed()"
 

From 2c5d462d910ba505df44d884f8cf9d6df9252b37 Mon Sep 17 00:00:00 2001
From: Robert Li 
Date: Tue, 21 Apr 2015 15:48:22 -0400
Subject: [PATCH 0628/3421] Add /usr/local/bin to exec_dirs in rootwrap.conf

devstack installs neutron utilities into /usr/local/bin such as
neutron-keepalived-state-change and neutron-ns-metadata-proxy.
In stead of adding individual filters to allow them to run from that
directory, this patch adds /usr/local/bin into exec_dirs.

Please also refer to I3abd1c173121dc8abb5738d1879db8ac9a98b690 for
discussion on the approach to fix the bug.

Change-Id: Iade8b5b09bb53018485c85f8372fb94dbc2ad2da
Closes-Bug: 1435971
---
 lib/neutron-legacy | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 3072d0a0ed..9f26239010 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1145,6 +1145,8 @@ function _neutron_setup_rootwrap {
         sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
     fi
     sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
+    sudo sed -e 's:^exec_dirs=\(.*\)$:exec_dirs=\1,/usr/local/bin:' -i $Q_RR_CONF_FILE
+
     # Specify ``rootwrap.conf`` as first parameter to neutron-rootwrap
     ROOTWRAP_SUDOER_CMD="$NEUTRON_ROOTWRAP $Q_RR_CONF_FILE *"
     ROOTWRAP_DAEMON_SUDOER_CMD="$NEUTRON_ROOTWRAP-daemon $Q_RR_CONF_FILE"

From 6cdb2e0f1a2c2429587f1e9187344cb26eb31812 Mon Sep 17 00:00:00 2001
From: Dan Smith 
Date: Thu, 23 Apr 2015 09:12:59 -0700
Subject: [PATCH 0629/3421] Remove the lvm.conf filter during cleanup

This avoids us leaving the filter in the global lvm config. Without cleaning
this up, we can hit some failures to run stack.sh because devices are excluded
that we need to be able to see. This resets it to what it was before when
we do a cleanup.

Also, do this before we add the line, so we don't add multiple lines on
successive runs.

Closes-bug: #1437998
Change-Id: Idbf8a06b723f79ef16a7c175ee77a8c25f813244
---
 lib/cinder_backends/lvm |  1 +
 lib/lvm                 | 10 +++++++++-
 unstack.sh              |  1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index d369c0c840..35ad209db7 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -39,6 +39,7 @@ function cleanup_cinder_backend_lvm {
 
     # Campsite rule: leave behind a volume group at least as clean as we found it
     clean_lvm_volume_group $VOLUME_GROUP_NAME-$be_name
+    clean_lvm_filter
 }
 
 # configure_cinder_backend_lvm - Set config files, create data dirs, etc
diff --git a/lib/lvm b/lib/lvm
index 54976a36cd..1fe2683e65 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -145,6 +145,13 @@ function init_default_lvm_volume_group {
     fi
 }
 
+# clean_lvm_filter() Remove the filter rule set in set_lvm_filter()
+#
+# Usage: clean_lvm_filter()
+function clean_lvm_filter {
+    sudo sed -i "s/^.*# from devstack$//" /etc/lvm/lvm.conf
+}
+
 # set_lvm_filter() Gather all devices configured for LVM and
 # use them to build a global device filter
 # set_lvm_filter() Create a device filter
@@ -154,7 +161,7 @@ function init_default_lvm_volume_group {
 #
 # Usage: set_lvm_filter()
 function set_lvm_filter {
-    local filter_suffix='"r|.*|" ]'
+    local filter_suffix='"r|.*|" ]  # from devstack'
     local filter_string="global_filter = [ "
     local pv
     local vg
@@ -167,6 +174,7 @@ function set_lvm_filter {
     done
     filter_string=$filter_string$filter_suffix
 
+    clean_lvm_filter
     sudo sed -i "/# global_filter = \[*\]/a\    $global_filter$filter_string" /etc/lvm/lvm.conf
     echo_summary "set lvm.conf device global_filter to: $filter_string"
 }
diff --git a/unstack.sh b/unstack.sh
index 30981fd3c6..ed7e6175ca 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -192,3 +192,4 @@ fi
 
 # BUG: maybe it doesn't exist? We should isolate this further down.
 clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME || /bin/true
+clean_lvm_filter

From 2443c37c1dc2b62bb4c423357f3cae33b6e92762 Mon Sep 17 00:00:00 2001
From: Yalei Wang 
Date: Fri, 24 Apr 2015 10:58:52 +0800
Subject: [PATCH 0630/3421] Add n-cauth into defalut services

n-cauth work with n-novnc to provide the vnc service for VMs.

Change-Id: Ia5c53aaaf7fe4f881d525a31b097b167fdb8e5c8
Closes-Bug: #1447774
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index 0b93d32358..2a49ea5ef5 100644
--- a/stackrc
+++ b/stackrc
@@ -49,7 +49,7 @@ if ! isset ENABLED_SERVICES ; then
     # Keystone - nothing works without keystone
     ENABLED_SERVICES=key
     # Nova - services to support libvirt based openstack clouds
-    ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt
+    ENABLED_SERVICES+=,n-api,n-cpu,n-net,n-cond,n-sch,n-novnc,n-crt,n-cauth
     # Glance services needed for Nova
     ENABLED_SERVICES+=,g-api,g-reg
     # Cinder

From e4af92987a882dc2f7bb48527d0bcdbaa2427d4a Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 28 Apr 2015 08:57:57 -0400
Subject: [PATCH 0631/3421] fix warn function

The warn function was putting content into a side log file which made
it kind of hard to keep an eye on when warnings were actually being
issued. Let's just get this into the main output stream.

The calling of the warn function in git_timed was also incorrect, so
the output would not have been what we expected. This solves that as
well.

This will hopefully give us trackable data about how often we need to
recover from git clone errors.

Change-Id: Iee0d2df7fb788a4d34044d29ab10afdcafb9bb5a
---
 functions-common | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/functions-common b/functions-common
index 24a462ac21..a3b8b92f5f 100644
--- a/functions-common
+++ b/functions-common
@@ -174,10 +174,7 @@ function warn {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local msg="[WARNING] ${BASH_SOURCE[2]}:$1 $2"
-    echo $msg 1>&2;
-    if [[ -n ${LOGDIR} ]]; then
-        echo $msg >> "${LOGDIR}/error.log"
-    fi
+    echo $msg
     $xtrace
     return $exitcode
 }
@@ -509,7 +506,7 @@ function git_timed {
         fi
 
         count=$(($count + 1))
-        warn "timeout ${count} for git call: [git $@]"
+        warn $LINENO "timeout ${count} for git call: [git $@]"
         if [ $count -eq 3 ]; then
             die $LINENO "Maximum of 3 git retries reached"
         fi

From 7efba991f78667c19d13431524c95f77660781c5 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 28 Apr 2015 13:15:22 -0400
Subject: [PATCH 0632/3421] don't source openrc

There is actually no reason why we need openrc for these tests, don't
source it as it prevents some ip math errors from randomly killing
tests.

Change-Id: Iface7c21898d92e14e840379938b25844cd85565
---
 tests/test_functions.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index a7914f7a1b..f8e2c9e2e4 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -7,9 +7,6 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 # Import common functions
 source $TOP/functions
 
-# Import configuration
-source $TOP/openrc
-
 source $TOP/tests/unittest.sh
 
 echo "Testing die_if_not_set()"

From 6e137abbfe66837bc7456425472b53d067591d24 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 29 Apr 2015 08:22:24 -0400
Subject: [PATCH 0633/3421] clean up logging around run_process

We do a bunch of exec magic unwind in run_process that leads to a lot
of confusing lines in the logs under xtrace. Instead, disable xtrace
through these parts to ensure that the flow at the end of the day
makes more sense.

Change-Id: I91e02465240e704a1a0c0036f5073c0295be018e
---
 functions-common | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/functions-common b/functions-common
index a3b8b92f5f..f2e7076ccf 100644
--- a/functions-common
+++ b/functions-common
@@ -1137,6 +1137,10 @@ function zypper_install {
 # the command.
 # _run_process service "command-line" [group]
 function _run_process {
+    # disable tracing through the exec redirects, it's just confusing in the logs.
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+
     local service=$1
     local command="$2"
     local group=$3
@@ -1160,6 +1164,9 @@ function _run_process {
         export PYTHONUNBUFFERED=1
     fi
 
+    # reenable xtrace before we do *real* work
+    $xtrace
+
     # Run under ``setsid`` to force the process to become a session and group leader.
     # The pid saved can be used with pkill -g to get the entire process group.
     if [[ -n "$group" ]]; then

From 8d558c8c270c36a78aeb23f16da084508916a89e Mon Sep 17 00:00:00 2001
From: sridhargaddam 
Date: Mon, 4 May 2015 14:04:16 +0000
Subject: [PATCH 0634/3421] Set local_ip only when TENANT_TUNNELS are enabled

In an installation with VLAN tenant networks, devstack should
not configure the local_ip (which is applicable only when
tenant_tunnels are used). This is causing failures in Neutron
for an IPv6 only setup. This patch addresses this issue, but
configuring the local_ip only when TENANT_TUNNELS are enabled.

Related-Bug: #1447693
Change-Id: I0e2a2d8b6ce0ad87f6c0d318ac522dbab50d44ee
---
 lib/neutron_plugins/ml2 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index abe6ea70f5..88537774b7 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -104,8 +104,10 @@ function neutron_plugin_configure_service {
         iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
     fi
 
-    # Since we enable the tunnel TypeDrivers, also enable a local_ip
-    iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
+    if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then
+        # Set local_ip if TENANT_TUNNELS are enabled.
+        iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
+    fi
 
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS
 

From dfcc3871c022516330b6afb6c74751ac42a87480 Mon Sep 17 00:00:00 2001
From: Joe D'Andrea 
Date: Wed, 29 Apr 2015 15:39:17 -0400
Subject: [PATCH 0635/3421] cinder setup now refers to CINDER_VOLUME_CLEAR and
 volume_clear

CINDER_SECURE_DELETE previously iniset volume_clear to none as a
side effect, however secure_delete is not documented in cinder.
Now using CINDER_VOLUME_CLEAR outright. CINDER_SECURE_DELETE is
supported but now deprecated.

Change-Id: Ic8694cf16654c23b27d23853a9f06ddf1050fa93
Closes-Bug: #1450159
---
 lib/cinder | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 6439903953..eb0e1d7600 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -77,9 +77,20 @@ CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1}
 
 
 # Should cinder perform secure deletion of volumes?
-# Defaults to true, can be set to False to avoid this bug when testing:
+# Defaults to zero. Can also be set to none or shred.
+# This was previously CINDER_SECURE_DELETE (True or False).
+# Equivalents using CINDER_VOLUME_CLEAR are zero and none, respectively.
+# Set to none to avoid this bug when testing:
 # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1023755
-CINDER_SECURE_DELETE=$(trueorfalse True CINDER_SECURE_DELETE)
+if [[ -n $CINDER_SECURE_DELETE ]]; then
+    CINDER_SECURE_DELETE=$(trueorfalse True CINDER_SECURE_DELETE)
+    if [[ $CINDER_SECURE_DELETE == "False" ]]; then
+        CINDER_VOLUME_CLEAR_DEFAULT="none"
+    fi
+    DEPRECATED_TEXT="$DEPRECATED_TEXT\nConfigure secure Cinder volume deletion using CINDER_VOLUME_CLEAR instead of CINDER_SECURE_DELETE.\n"
+fi
+CINDER_VOLUME_CLEAR=${CINDER_VOLUME_CLEAR:-${CINDER_VOLUME_CLEAR_DEFAULT:-zero}}
+CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')
 
 # Cinder reports allocations back to the scheduler on periodic intervals
 # it turns out we can get an "out of space" issue when we run tests too
@@ -256,9 +267,8 @@ function configure_cinder {
 
     iniset_rpc_backend cinder $CINDER_CONF
 
-    if [[ "$CINDER_SECURE_DELETE" == "False" ]]; then
-        iniset $CINDER_CONF DEFAULT secure_delete False
-        iniset $CINDER_CONF DEFAULT volume_clear none
+    if [[ "$CINDER_VOLUME_CLEAR" == "none" ]] || [[ "$CINDER_VOLUME_CLEAR" == "zero" ]] || [[ "$CINDER_VOLUME_CLEAR" == "shred" ]]; then
+        iniset $CINDER_CONF DEFAULT volume_clear $CINDER_VOLUME_CLEAR
     fi
 
     # Format logging

From d5537c1dc835413f1911ab797e3007d85322eace Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Thu, 30 Apr 2015 21:10:48 -0400
Subject: [PATCH 0636/3421] Add toggle to run Nova API and EC2-API under
 Apache2

Inspired by keystone and rcbops-cookbooks's nova scripts,
this review adds apache2 templates for two of the Nova
services. Also add code in lib/nova to switch between
the old and new ways to these two services. The patch
depends on the Nova review mentioned below as the two
scripts that are needed will be in Nova's repository.

TODO for later would be to switch on NOVA_USE_MOD_WSGI
when ENABLE_HTTPD_MOD_WSGI_SERVICES is switched on.

Related Nova blueprint:
https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2

Depends-On: Idd7d3d1b3cc5770cdecea7afe6db3c89d5b2c0d0
Change-Id: I9fc0c601db2776d3e9084be84065e728e3f5d414
---
 README.md                          |   4 ++
 files/apache-nova-api.template     |  16 +++++
 files/apache-nova-ec2-api.template |  16 +++++
 lib/nova                           | 101 ++++++++++++++++++++++++++++-
 4 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 files/apache-nova-api.template
 create mode 100644 files/apache-nova-ec2-api.template

diff --git a/README.md b/README.md
index 04f5fd9711..9853c3d88d 100644
--- a/README.md
+++ b/README.md
@@ -149,6 +149,10 @@ Example (Keystone):
 
     KEYSTONE_USE_MOD_WSGI="True"
 
+Example (Nova):
+
+    NOVA_USE_MOD_WSGI="True"
+
 Example (Swift):
 
     SWIFT_USE_MOD_WSGI="True"
diff --git a/files/apache-nova-api.template b/files/apache-nova-api.template
new file mode 100644
index 0000000000..70ccedddc8
--- /dev/null
+++ b/files/apache-nova-api.template
@@ -0,0 +1,16 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess nova-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup nova-api
+    WSGIScriptAlias / %PUBLICWSGI%
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/nova-api.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
\ No newline at end of file
diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template
new file mode 100644
index 0000000000..ae4cf94a38
--- /dev/null
+++ b/files/apache-nova-ec2-api.template
@@ -0,0 +1,16 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess nova-ec2-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup nova-ec2-api
+    WSGIScriptAlias / %PUBLICWSGI%
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
\ No newline at end of file
diff --git a/lib/nova b/lib/nova
index 807dfceeae..768346a983 100644
--- a/lib/nova
+++ b/lib/nova
@@ -16,6 +16,7 @@
 #
 # - install_nova
 # - configure_nova
+# - _config_nova_apache_wsgi
 # - create_nova_conf
 # - init_nova
 # - start_nova
@@ -62,6 +63,15 @@ NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
 # Expect to remove in L or M.
 NOVA_API_VERSION=${NOVA_API_VERSION-default}
 
+if is_suse; then
+    NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/srv/www/htdocs/nova}
+else
+    NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/var/www/nova}
+fi
+
+# Toggle for deploying Nova-API under HTTPD + mod_wsgi
+NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False}
+
 if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
     NOVA_SERVICE_PROTOCOL="https"
     EC2_SERVICE_PROTOCOL="https"
@@ -223,6 +233,64 @@ function cleanup_nova {
     #fi
 }
 
+# _cleanup_nova_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+function _cleanup_nova_apache_wsgi {
+    sudo rm -f $NOVA_WSGI_DIR/*
+    sudo rm -f $(apache_site_config_for nova-api)
+    sudo rm -f $(apache_site_config_for nova-ec2-api)
+}
+
+# _config_nova_apache_wsgi() - Set WSGI config files of Keystone
+function _config_nova_apache_wsgi {
+    sudo mkdir -p $NOVA_WSGI_DIR
+
+    local nova_apache_conf=$(apache_site_config_for nova-api)
+    local nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
+    local nova_ssl=""
+    local nova_certfile=""
+    local nova_keyfile=""
+    local nova_api_port=$NOVA_SERVICE_PORT
+    local nova_ec2_api_port=$EC2_SERVICE_PORT
+    local venv_path=""
+
+    if is_ssl_enabled_service nova-api; then
+        nova_ssl="SSLEngine On"
+        nova_certfile="SSLCertificateFile $NOVA_SSL_CERT"
+        nova_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
+    fi
+    if [[ ${USE_VENV} = True ]]; then
+        venv_path="python-path=${PROJECT_VENV["nova"]}/lib/python2.7/site-packages"
+    fi
+
+    # copy proxy vhost and wsgi helper files
+    sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api
+    sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api
+
+    sudo cp $FILES/apache-nova-api.template $nova_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$nova_api_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-api|g;
+        s|%SSLENGINE%|$nova_ssl|g;
+        s|%SSLCERTFILE%|$nova_certfile|g;
+        s|%SSLKEYFILE%|$nova_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $nova_apache_conf
+
+    sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$nova_ec2_api_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-ec2-api|g;
+        s|%SSLENGINE%|$nova_ssl|g;
+        s|%SSLCERTFILE%|$nova_certfile|g;
+        s|%SSLKEYFILE%|$nova_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $nova_ec2_apache_conf
+}
+
 # configure_nova() - Set config files, create data dirs, etc
 function configure_nova {
     # Put config files in ``/etc/nova`` for everyone to find
@@ -453,12 +521,16 @@ function create_nova_conf {
         iniset $NOVA_CONF DEFAULT force_config_drive "$FORCE_CONFIG_DRIVE"
     fi
     # Format logging
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$NOVA_USE_MOD_WSGI" == "False" ]  ; then
         setup_colorized_logging $NOVA_CONF DEFAULT
     else
         # Show user_name and project_name instead of user_id and project_id
         iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
     fi
+    if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+        _config_nova_apache_wsgi
+    fi
+
     if is_service_enabled ceilometer; then
         iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
         iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
@@ -655,6 +727,13 @@ function install_nova {
     git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
     setup_develop $NOVA_DIR
     sudo install -D -m 0644 -o $STACK_USER {$NOVA_DIR/tools/,/etc/bash_completion.d/}nova-manage.bash_completion
+
+    if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+        install_apache_wsgi
+        if is_ssl_enabled_service "nova-api"; then
+            enable_mod_ssl
+        fi
+    fi
 }
 
 # start_nova_api() - Start the API process ahead of other things
@@ -671,7 +750,18 @@ function start_nova_api {
     local old_path=$PATH
     export PATH=$NOVA_BIN_DIR:$PATH
 
-    run_process n-api "$NOVA_BIN_DIR/nova-api"
+    # If the site is not enabled then we are in a grenade scenario
+    local enabled_site_file=$(apache_site_config_for nova-api)
+    if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+        enable_apache_site nova-api
+        enable_apache_site nova-ec2-api
+        restart_apache_server
+        tail_log nova /var/log/$APACHE_NAME/nova-api.log
+        tail_log nova /var/log/$APACHE_NAME/nova-ec2-api.log
+    else
+        run_process n-api "$NOVA_BIN_DIR/nova-api"
+    fi
+
     echo "Waiting for nova-api to start..."
     if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then
         die $LINENO "nova-api did not start"
@@ -780,6 +870,13 @@ function stop_nova_compute {
 }
 
 function stop_nova_rest {
+    if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+        disable_apache_site nova-api
+        disable_apache_site nova-ec2-api
+        restart_apache_server
+    else
+        stop_process n-api
+    fi
     # Kill the nova screen windows
     # Some services are listed here twice since more than one instance
     # of a service may be running in certain configs.

From ee3d2a8ece24efe8ee8b0304c133574967eb60d3 Mon Sep 17 00:00:00 2001
From: Gregory Haynes 
Date: Tue, 5 May 2015 22:14:24 +0000
Subject: [PATCH 0637/3421] Import xattr with sudo early on

xattr fails to import due to being unable to build cffi bindings unless
it is imported as root beforehand.

Depends-On: I6a9d64277974933ae9b7bbe2a40b8a0eb0fa8c6a

Change-Id: I835e55bbafc7e0640987e6f3c8ee0c873f875ee0
Closes-Bug: #1451992
---
 stack.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/stack.sh b/stack.sh
index e5ee0dc03f..3925bb0ccf 100755
--- a/stack.sh
+++ b/stack.sh
@@ -708,6 +708,12 @@ source $TOP_DIR/tools/fixup_stuff.sh
 # Pre-build some problematic wheels
 if [[ -n ${WHEELHOUSE:-} && ! -d ${WHEELHOUSE:-} ]]; then
     source $TOP_DIR/tools/build_wheels.sh
+
+    # Due to https://bugs.launchpad.net/swift/+bug/1451992 we have to import
+    # this package with root once so the CFFI bindings can be built. We have
+    # to therefore install it so we can import it.
+    pip_install xattr
+    sudo python -c "import xattr"
 fi
 
 

From e8a2fa431b4b432c5a05da0cab6c4af5999e5aee Mon Sep 17 00:00:00 2001
From: Cyril Roelandt 
Date: Wed, 6 May 2015 17:30:48 +0200
Subject: [PATCH 0638/3421] lib/swift: the s3_token middleware should be
 provided by keystonemiddleware

Recently, keystoneclient.middleware has been moved from keystoneclient to
keystonemiddleware. The latter should be used.

Change-Id: Ib9489a21b988b32fc17399c08eeb60862efae034
Closes-Bug: #1452315
---
 lib/swift | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/swift b/lib/swift
index 456dde4c8d..820042d972 100644
--- a/lib/swift
+++ b/lib/swift
@@ -439,7 +439,7 @@ function configure_swift {
     if is_service_enabled swift3; then
         cat <>${SWIFT_CONFIG_PROXY_SERVER}
 [filter:s3token]
-paste.filter_factory = keystoneclient.middleware.s3_token:filter_factory
+paste.filter_factory = keystonemiddleware.s3_token:filter_factory
 auth_port = ${KEYSTONE_AUTH_PORT}
 auth_host = ${KEYSTONE_AUTH_HOST}
 auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}

From 5a59ac7d43bb10a5bbc912b94edea19e1009b675 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 6 May 2015 09:48:54 -0400
Subject: [PATCH 0639/3421] create a more generic work around for cffi & wheels

This is an attempt to fix the cffi vs. wheels bug in a more generic
way by just ensuring that pip has installed cffi with a pip understood
version into the venv before we try to do any builds.

Related-Bug: #1451992

Change-Id: Ibc58668c53933033405b40f79b0e9ffc73a01a6f
---
 stack.sh              |  6 ------
 tools/build_wheels.sh | 12 ++++++++++++
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/stack.sh b/stack.sh
index 3925bb0ccf..e5ee0dc03f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -708,12 +708,6 @@ source $TOP_DIR/tools/fixup_stuff.sh
 # Pre-build some problematic wheels
 if [[ -n ${WHEELHOUSE:-} && ! -d ${WHEELHOUSE:-} ]]; then
     source $TOP_DIR/tools/build_wheels.sh
-
-    # Due to https://bugs.launchpad.net/swift/+bug/1451992 we have to import
-    # this package with root once so the CFFI bindings can be built. We have
-    # to therefore install it so we can import it.
-    pip_install xattr
-    sudo python -c "import xattr"
 fi
 
 
diff --git a/tools/build_wheels.sh b/tools/build_wheels.sh
index c57568fa64..14c2999c8f 100755
--- a/tools/build_wheels.sh
+++ b/tools/build_wheels.sh
@@ -60,6 +60,18 @@ virtualenv $TMP_VENV_PATH
 # Install modern pip and wheel
 PIP_VIRTUAL_ENV=$TMP_VENV_PATH pip_install -U pip wheel
 
+# BUG: cffi has a lot of issues. It has no stable ABI, if installed
+# code is built with a different ABI than the one that's detected at
+# load time, it tries to compile on the fly for the new ABI in the
+# install location (which will probably be /usr and not
+# writable). Also cffi is often included via setup_requires by
+# packages, which have different install rules (allowing betas) than
+# pip has.
+#
+# Because of this we must pip install cffi into the venv to build
+# wheels.
+PIP_VIRTUAL_ENV=$TMP_VENV_PATH pip_install_gr cffi
+
 # ``VENV_PACKAGES`` is a list of packages we want to pre-install
 VENV_PACKAGE_FILE=$FILES/venv-requirements.txt
 if [[ -r $VENV_PACKAGE_FILE ]]; then

From 52a3bebcfcb09ec2b78d0357f1a074458ab04053 Mon Sep 17 00:00:00 2001
From: Clint Byrum 
Date: Tue, 5 May 2015 15:00:03 -0700
Subject: [PATCH 0640/3421] Do not set OS_CACERT if there is no CA cert

In openrc, if we set OS_CACERT, some things will expect it to be there
in pre-flight checks. But it may very well be missing. This "fails
closed" because if we find the file, we try to use it, but if we don't
find the file, and the user thought we should be using it, we'll just
not be able to verify the server's name, and the libs will fail on that.

Change-Id: Ia5d06afa74bc645c2f19711cfa37e57a377c329b
Closes-Bug: #1452036
---
 openrc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/openrc b/openrc
index aec8a2a642..64faa58a3a 100644
--- a/openrc
+++ b/openrc
@@ -78,8 +78,14 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
 #
 export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
 
-# Set the pointer to our CA certificate chain.  Harmless if TLS is not used.
-export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}
+# Set OS_CACERT to a default CA certificate chain if it exists.
+if [[ ! -v OS_CACERT ]] ; then
+    DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
+    # If the file does not exist, this may confuse preflight sanity checks
+    if [ -e $DEFAULT_OS_CACERT ] ; then
+        export OS_CACERT=$DEFAULT_OS_CACERT
+    fi
+fi
 
 # Currently novaclient needs you to specify the *compute api* version.  This
 # needs to match the config of your catalog returned by Keystone.

From 168b7c226cd17fa75eecc0e6ce4c81d001747f78 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 7 May 2015 08:57:28 -0400
Subject: [PATCH 0641/3421] dump iptables in the worlddump

If we fail during devstack / grenade runs, it would be nice to have
the map of iptables that are currently active as well. This makes it
handy to start figuring out what's going on when test servers don't
ping.

Change-Id: Ia31736ef2cb0221586d30c089473dfdc1db90e23
---
 tools/worlddump.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 8dd455c274..cb32510526 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -61,6 +61,17 @@ def disk_space():
     print dfraw
 
 
+def iptables_dump():
+    tables = ['filter', 'nat', 'mangle']
+    print """
+IP Tables Dump
+===============
+"""
+    for table in tables:
+        print os.popen("sudo iptables --line-numbers -L -nv -t %s"
+                       % table).read()
+
+
 def process_list():
     print """
 Process Listing
@@ -79,6 +90,7 @@ def main():
         os.dup2(f.fileno(), sys.stdout.fileno())
         disk_space()
         process_list()
+        iptables_dump()
 
 
 if __name__ == '__main__':

From 9fd75f57fd8bdbd1926b1942462d439f9e496204 Mon Sep 17 00:00:00 2001
From: Jens Rosenboom 
Date: Mon, 23 Mar 2015 11:45:00 +0100
Subject: [PATCH 0642/3421] Update default cirros version

Update the default CIRROS_VERSION to 0.3.4, which has better support
for IPv6 and some other bugfixes.

Co-Authored-By: Scott Moser 
Change-Id: I03ee6e1403680fb6c421225a7cadaf8a82edf702
Depends-On: Iac9f108d947ff4a51f99c6e8ad9d1ac5b32c000a
---
 stackrc             | 2 +-
 tools/xen/README.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index abedb001d1..076efc17b4 100644
--- a/stackrc
+++ b/stackrc
@@ -536,7 +536,7 @@ esac
 #IMAGE_URLS="http://smoser.brickies.net/ubuntu/ttylinux-uec/ttylinux-uec-amd64-11.2_2.6.35-15_1.tar.gz" # old ttylinux-uec image
 #IMAGE_URLS="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image
 
-CIRROS_VERSION=${CIRROS_VERSION:-"0.3.2"}
+CIRROS_VERSION=${CIRROS_VERSION:-"0.3.4"}
 CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"}
 
 # Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
diff --git a/tools/xen/README.md b/tools/xen/README.md
index c8f47be393..61694e9616 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -97,7 +97,7 @@ Of course, use real passwords if this machine is exposed.
     # Download a vhd and a uec image
     IMAGE_URLS="\
     https://github.com/downloads/citrix-openstack/warehouse/cirros-0.3.0-x86_64-disk.vhd.tgz,\
-    http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-uec.tar.gz"
+    http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-uec.tar.gz"
 
     # Explicitly set virt driver
     VIRT_DRIVER=xenserver

From d4c89289f9d4bf88c065dca85a46c9b08464b56c Mon Sep 17 00:00:00 2001
From: Waldemar Znoinski 
Date: Thu, 7 May 2015 17:14:21 +0100
Subject: [PATCH 0643/3421] Set datapath to $OVS_DATAPATH_TYPE for bridges

This change extends devstack to configure the br-ex,
br- and Xenserver's br-$GUEST_INTERFACE_DEFAULT
datapaths when OVS_DATAPATH_TYPE is set.

Change-Id: I71e590de86e7526e8423140463752d6b3ad14214
Closes-Bug: #1416444
---
 lib/neutron_plugins/openvswitch_agent |  4 ++--
 lib/neutron_plugins/ovs_base          | 18 +++++++++++++-----
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 1d24f3b837..2a05e2dcfa 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -59,7 +59,7 @@ function neutron_plugin_configure_plugin_agent {
         OVS_BRIDGE_MAPPINGS=$PHYSICAL_NETWORK:$OVS_PHYSICAL_BRIDGE
 
         # Configure bridge manually with physical interface as port for multi-node
-        sudo ovs-vsctl --no-wait -- --may-exist add-br $OVS_PHYSICAL_BRIDGE
+        _neutron_ovs_base_add_bridge $OVS_PHYSICAL_BRIDGE
     fi
     if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
         iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings $OVS_BRIDGE_MAPPINGS
@@ -92,7 +92,7 @@ function neutron_plugin_configure_plugin_agent {
         # Set up domU's L2 agent:
 
         # Create a bridge "br-$GUEST_INTERFACE_DEFAULT"
-        sudo ovs-vsctl --no-wait -- --may-exist add-br "br-$GUEST_INTERFACE_DEFAULT"
+        _neutron_ovs_base_add_bridge "br-$GUEST_INTERFACE_DEFAULT"
         # Add $GUEST_INTERFACE_DEFAULT to that bridge
         sudo ovs-vsctl add-port "br-$GUEST_INTERFACE_DEFAULT" $GUEST_INTERFACE_DEFAULT
 
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 51999c60e4..5ecca81ce9 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -16,13 +16,21 @@ function is_neutron_ovs_base_plugin {
     return 0
 }
 
+function _neutron_ovs_base_add_bridge {
+    local bridge=$1
+    local addbr_cmd="sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge"
+
+    if [ "$OVS_DATAPATH_TYPE" != "" ] ; then
+        addbr_cmd="$addbr_cmd -- set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}"
+    fi
+
+    $addbr_cmd
+}
+
 function _neutron_ovs_base_setup_bridge {
     local bridge=$1
     neutron-ovs-cleanup
-    sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
-    if [[ $OVS_DATAPATH_TYPE != "" ]]; then
-        sudo ovs-vsctl set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}
-    fi
+    _neutron_ovs_base_add_bridge $bridge
     sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
 }
 
@@ -93,7 +101,7 @@ function _neutron_ovs_base_configure_l3_agent {
         sudo ip link set $Q_PUBLIC_VETH_EX up
         sudo ip addr flush dev $Q_PUBLIC_VETH_EX
     else
-        sudo ovs-vsctl -- --may-exist add-br $PUBLIC_BRIDGE
+        _neutron_ovs_base_add_bridge $PUBLIC_BRIDGE
         sudo ovs-vsctl br-set-external-id $PUBLIC_BRIDGE bridge-id $PUBLIC_BRIDGE
     fi
 }

From 1b5a49829eebea87b2cd1fd057f808612f72e7cf Mon Sep 17 00:00:00 2001
From: Matthew Gilliard 
Date: Fri, 10 Apr 2015 08:42:22 +0100
Subject: [PATCH 0644/3421] Set live_migrate_paused_instances=True in
 tempest.conf

Live migration of paused instances is a new Nova feature in Kilo, and will not
be backported.  The compute_feature_enabled.live_migrate_paused_instances flag
defaults to False for this reason, but can be set to True here. The tempest
config option and this change can both be removed at Juno-EOL.

The related Tempest change: I5c6fd3de7ea45d1851bb40037c64ad7fb5e6dc48

Change-Id: I3a83e43d252b88c234438a224e2fbebc0a81eaff
Related-Bug: #1305062
---
 lib/tempest | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index cd8fbd725f..6ce245aef1 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -364,6 +364,8 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute-feature-enabled api_extensions $compute_api_extensions
     # TODO(mriedem): Remove the preserve_ports flag when Juno is end of life.
     iniset $TEMPEST_CONFIG compute-feature-enabled preserve_ports True
+    # TODO(gilliard): Remove the live_migrate_paused_instances flag when Juno is end of life.
+    iniset $TEMPEST_CONFIG compute-feature-enabled live_migrate_paused_instances True
 
     # Network
     iniset $TEMPEST_CONFIG network api_version 2.0

From 0a9d03d5059356a9f494ad331b548cc74d85d75f Mon Sep 17 00:00:00 2001
From: Yuki Nishiwaki 
Date: Fri, 8 May 2015 16:29:55 +0900
Subject: [PATCH 0645/3421] Move install_infra before execute build_wheels.sh

The pip_install_gr function in build_wheels.sh use requirements project.
So requirements project must exist before execute build_wheels.sh.
Then we moved install_infra function which install requirements project.

Change-Id: I8f80ecafff0f7e1942731379b70bccac338ea3b3
Closes-Bug: 1453012
---
 stack.sh | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/stack.sh b/stack.sh
index e5ee0dc03f..f0aafafb3a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -705,6 +705,9 @@ source $TOP_DIR/tools/fixup_stuff.sh
 # Virtual Environment
 # -------------------
 
+# Install required infra support libraries
+install_infra
+
 # Pre-build some problematic wheels
 if [[ -n ${WHEELHOUSE:-} && ! -d ${WHEELHOUSE:-} ]]; then
     source $TOP_DIR/tools/build_wheels.sh
@@ -713,10 +716,6 @@ fi
 
 # Extras Pre-install
 # ------------------
-
-# Install required infra support libraries
-install_infra
-
 # Phase: pre-install
 run_phase stack pre-install
 

From 41309002fa1a1c00f8485ef71acdec93fbfbd014 Mon Sep 17 00:00:00 2001
From: Vladyslav Drok 
Date: Wed, 29 Apr 2015 13:36:52 +0300
Subject: [PATCH 0646/3421] Add new options to baremetal config section

This change adds setting of deploy_img_dir and node_uuid baremetal
config options during tempest configuration to enable ironic w/o
glance scenario testing.
Needed for change I171e85cb8a21fae4da45028f1f798988a36f6c95

Change-Id: I6fd393390389c4c643b93198fa461fc2adc415ae
---
 lib/ironic  | 8 +++++++-
 lib/tempest | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 4a37f0aafa..7493c3cab2 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -58,6 +58,7 @@ IRONIC_HW_EPHEMERAL_DISK=${IRONIC_HW_EPHEMERAL_DISK:-0}
 IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info}
 
 # Set up defaults for functional / integration testing
+IRONIC_NODE_UUID=${IRONIC_NODE_UUID:-`uuidgen`}
 IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts}
 IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates}
 IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS)
@@ -619,7 +620,12 @@ function enroll_nodes {
             node_options+=" -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID"
         fi
 
-        local node_id=$(ironic node-create --chassis_uuid $chassis_id \
+        # First node created will be used for testing in ironic w/o glance
+        # scenario, so we need to know its UUID.
+        local standalone_node_uuid=$([ $total_nodes -eq 0 ] && echo "--uuid $IRONIC_NODE_UUID")
+
+        local node_id=$(ironic node-create $standalone_node_uuid\
+            --chassis_uuid $chassis_id \
             --driver $IRONIC_DEPLOY_DRIVER \
             -p cpus=$ironic_node_cpu\
             -p memory_mb=$ironic_node_ram\
diff --git a/lib/tempest b/lib/tempest
index cd8fbd725f..44b2f96101 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -481,6 +481,8 @@ function configure_tempest {
     if [ "$VIRT_DRIVER" = "ironic" ] ; then
         iniset $TEMPEST_CONFIG baremetal driver_enabled True
         iniset $TEMPEST_CONFIG baremetal unprovision_timeout 300
+        iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES
+        iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID
         iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
         iniset $TEMPEST_CONFIG compute-feature-enabled console_output False
         iniset $TEMPEST_CONFIG compute-feature-enabled interface_attach False

From b3a8f6032a47fd78fcaeb46bca6572a700c775ce Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Fri, 8 May 2015 06:59:39 -0700
Subject: [PATCH 0647/3421] nova: remove allow_migrate_to_same_host config
 usage

Nova commit 9b224641295af3763d011816d6399565ac7b98de removed the option
in Liberty so we can remove it's usage in devstack.

Related-Bug: #1364851

Change-Id: If051f43fb75d57c118db4e8e97895ff06fbb54e2
---
 lib/nova | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 807dfceeae..75e585d9d2 100644
--- a/lib/nova
+++ b/lib/nova
@@ -392,7 +392,6 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
     if [ "$NOVA_ALLOW_MOVE_TO_SAME_HOST" == "True" ]; then
         iniset $NOVA_CONF DEFAULT allow_resize_to_same_host "True"
-        iniset $NOVA_CONF DEFAULT allow_migrate_to_same_host "True"
     fi
     iniset $NOVA_CONF DEFAULT api_paste_config "$NOVA_API_PASTE_INI"
     iniset $NOVA_CONF DEFAULT rootwrap_config "$NOVA_CONF_DIR/rootwrap.conf"

From ad0a518ca92f86a9f1361d717413f8d1d65d2994 Mon Sep 17 00:00:00 2001
From: Accela Zhao 
Date: Fri, 8 May 2015 23:55:31 +0800
Subject: [PATCH 0648/3421] Use an actual existing nova scheduler in README.md

The Multi-Node Setup guide in README.md

    https://github.com/openstack-dev/devstack/tree/master#multi-node-setup

guides users to use

    SCHEDULER=nova.scheduler.simple.SimpleScheduler

where the SimpleScheduler doesn't actually exist in nova. Even
though this is just an example, it is misleading enough for a
beginner to put SimpleScheduler into local.conf. The resulting
error message where n-sch fails to start

    ImportError: No module named simple

Isn't intuitive enough and may takes the beginner long time to
locate what's wrong.

This patch replaces SimpleScheduler with a real existing
FilterScheduler in nova.

Change-Id: I14a2a5c0604ce08a498accfc3a795c1c9aa3e642
Closes-bug: #1453186
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 04f5fd9711..7ba4e7461c 100644
--- a/README.md
+++ b/README.md
@@ -328,7 +328,7 @@ that includes at least:
 You likely want to change your `localrc` section to run a scheduler that
 will balance VMs across hosts:
 
-    SCHEDULER=nova.scheduler.simple.SimpleScheduler
+    SCHEDULER=nova.scheduler.filter_scheduler.FilterScheduler
 
 You can then run many compute nodes, each of which should have a `stackrc`
 which includes the following, with the IP address of the above controller node:

From 99de7cc1782ed00905068d0ec894ac08db5aa06f Mon Sep 17 00:00:00 2001
From: Accela Zhao 
Date: Fri, 8 May 2015 18:14:11 +0800
Subject: [PATCH 0649/3421] Fix wrong `sudo ceph -c` command in lib/ceph

The `sudo -c ${CEPH_CONF_FILE} ceph ...` in lib/ceph misplaced
`ceph`. The correct syntax is `sudo ceph -c ${CEPH_CONF_FILE} ...`,
see lib/ceph:308.

While installing ./stack.sh with ceph enabled, the above malformed
command raises a `usage: sudo -h | -K | -k | -V ...` error and stops
the installation.

This patch fixes `sudo -c ${CEPH_CONF_FILE} ceph ...` by moving
`ceph` to the right place.

Change-Id: I3da943d5a353d99b09787f804b79c1d006a09d96
Closes-bug: #1453055
---
 lib/ceph | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ceph b/lib/ceph
index 76747ccd77..4068e26222 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -279,7 +279,7 @@ function configure_ceph_embedded_nova {
     # configure Nova service options, ceph pool, ceph user and ceph key
     sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${NOVA_CEPH_POOL} size ${CEPH_REPLICAS}
     if [[ $CEPH_REPLICAS -ne 1 ]]; then
-        sudo -c ${CEPH_CONF_FILE} ceph osd pool set ${NOVA_CEPH_POOL} crush_ruleset ${RULE_ID}
+        sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${NOVA_CEPH_POOL} crush_ruleset ${RULE_ID}
     fi
 }
 

From 091b42b7da7650d528bb5f88ec411a04af3da828 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley 
Date: Fri, 8 May 2015 17:43:08 +0000
Subject: [PATCH 0650/3421] Stop installing nose and pylint from distros

The distro packages of nose and pylint depend on python-setuptools
on some platforms, and on some of those platforms (at least CentOS
6.x) you can't resolve dependencies on python-setuptools properly if
you've forcibly removed it already (as we do on our CI workers). It
appears that any current upstream use of these tools in relation to
DevStack-based testing is now relying on tox and pip to obtain them
instead.

Change-Id: Ibd16ac550c90364115caf57fae4f5f4cb5d5f238
---
 files/debs/swift        | 3 ---
 files/rpms-suse/general | 1 -
 files/rpms-suse/horizon | 2 --
 files/rpms-suse/swift   | 1 -
 files/rpms/general      | 1 -
 files/rpms/horizon      | 1 -
 6 files changed, 9 deletions(-)

diff --git a/files/debs/swift b/files/debs/swift
index 0089d27fee..726786ee18 100644
--- a/files/debs/swift
+++ b/files/debs/swift
@@ -1,8 +1,5 @@
 curl
 make
 memcached
-# NOTE python-nose only exists because of swift functional job, we should probably
-# figure out a more consistent way of installing this from test-requirements.txt instead
-python-nose
 sqlite3
 xfsprogs
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 2219426141..42756d8fcc 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -15,7 +15,6 @@ openssh
 openssl
 psmisc
 python-cmd2 # dist:opensuse-12.3
-python-pylint
 screen
 tar
 tcpdump
diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
index d1f378a70d..c45eae6153 100644
--- a/files/rpms-suse/horizon
+++ b/files/rpms-suse/horizon
@@ -12,7 +12,5 @@ python-coverage
 python-dateutil
 python-eventlet
 python-mox
-python-nose
-python-pylint
 python-sqlalchemy-migrate
 python-xattr
diff --git a/files/rpms-suse/swift b/files/rpms-suse/swift
index 4b14098064..9c0d188fe2 100644
--- a/files/rpms-suse/swift
+++ b/files/rpms-suse/swift
@@ -8,7 +8,6 @@ python-devel
 python-eventlet
 python-greenlet
 python-netifaces
-python-nose
 python-simplejson
 python-xattr
 sqlite3
diff --git a/files/rpms/general b/files/rpms/general
index e17d6d6458..7b2c00ad5c 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -14,7 +14,6 @@ libxml2-devel
 libxslt-devel
 pkgconfig
 psmisc
-pylint
 python-devel
 screen
 tar
diff --git a/files/rpms/horizon b/files/rpms/horizon
index 8d7f0371ef..b2cf0ded6f 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -1,6 +1,5 @@
 Django
 httpd # NOPRIME
 mod_wsgi  # NOPRIME
-pylint
 pyxattr
 pcre-devel  # pyScss

From 98f59aafaf88328f6aee98efa0f563fb8bf91ebd Mon Sep 17 00:00:00 2001
From: Mahito OGURA 
Date: Mon, 11 May 2015 18:02:34 +0900
Subject: [PATCH 0651/3421] Fix function and test for 'trueorfalse'.

The function's comment is written as follow, however the function accepts
other values (ex. "e", "t", "T", "f", "F", etc...).

---
Accepts as False: 0 no No NO false False FALSE
Accepts as True: 1 yes Yes YES true True TRUE
---

Moreover if testval mach True or False, the function exits without resetting
xtrace.

This patch fixes the issue and add test patterns.

Change-Id: Ie48a859476faff22a4dfef466516e2d7d62ef0c0
Closes-bug: #1453687
---
 functions-common        | 14 ++++++++------
 tests/test_truefalse.sh | 33 +++++++++++++++++++++------------
 2 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/functions-common b/functions-common
index 4d07c03cce..6d9a0fa6b0 100644
--- a/functions-common
+++ b/functions-common
@@ -51,14 +51,16 @@ TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 function trueorfalse {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+
     local default=$1
-    local literal=$2
-    local testval=${!literal:-}
+    local testval=${!2:-}
+
+    case "$testval" in
+        "1" | [yY]es | "YES" | [tT]rue | "TRUE" ) echo "True" ;;
+        "0" | [nN]o | "NO" | [fF]alse | "FALSE" ) echo "False" ;;
+        * )                                       echo "$default" ;;
+    esac
 
-    [[ -z "$testval" ]] && { echo "$default"; return; }
-    [[ "0 no No NO false False FALSE" =~ "$testval" ]] && { echo "False"; return; }
-    [[ "1 yes Yes YES true True TRUE" =~ "$testval" ]] && { echo "True"; return; }
-    echo "$default"
     $xtrace
 }
 
diff --git a/tests/test_truefalse.sh b/tests/test_truefalse.sh
index e57948a407..ebd9650649 100755
--- a/tests/test_truefalse.sh
+++ b/tests/test_truefalse.sh
@@ -8,27 +8,36 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 source $TOP/functions
 source $TOP/tests/unittest.sh
 
-function test_truefalse {
+function test_trueorfalse {
     local one=1
     local captrue=True
     local lowtrue=true
-    local abrevtrue=t
+    local uppertrue=TRUE
+    local capyes=Yes
+    local lowyes=yes
+    local upperyes=YES
+
+    for default in True False; do
+        for name in one captrue lowtrue uppertrue capyes lowyes upperyes; do
+                assert_equal "True" $(trueorfalse $default $name) "\$(trueorfalse $default $name)"
+        done
+    done
+
     local zero=0
     local capfalse=False
     local lowfalse=false
-    local abrevfalse=f
-    for against in True False; do
-        for name in one captrue lowtrue abrevtrue; do
-            assert_equal "True" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
-        done
-    done
-    for against in True False; do
-        for name in zero capfalse lowfalse abrevfalse; do
-            assert_equal "False" $(trueorfalse $against $name) "\$(trueorfalse $against $name)"
+    local upperfalse=FALSE
+    local capno=No
+    local lowno=no
+    local upperno=NO
+
+    for default in True False; do
+        for name in zero capfalse lowfalse upperfalse capno lowno upperno; do
+            assert_equal "False" $(trueorfalse $default $name) "\$(trueorfalse $default $name)"
         done
     done
 }
 
-test_truefalse
+test_trueorfalse
 
 report_results

From 331a64f9d087692cba10f3dd15c6b01595e1c127 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Mon, 11 May 2015 10:02:24 -0500
Subject: [PATCH 0652/3421] Use stevedore for keystone backends

With bp stevedore, keystone will load backend drivers using
stevedore entrypoints. Using the qualified class name is
deprecated.

Since stevedore is going to validate that the entrypoint is
found, there's no need to list the valid backends, so backend
validation was removed. This change will cause the server to fail
to start if the backends are misconfigured rather than using the
default one.

The names of the stevedore endpoints are "sql", "ldap", etc.,
rather than the qualified class name, so the way that these
are specified in KEYSTONE_IDENTITY_BACKEND, etc., is the same as
the stevedore entrypoint and there's no need to translate.

Change-Id: I81e4e3a6c97b0057610e6b256aff5df4da884e33
---
 lib/keystone | 42 +++++++++++-------------------------------
 1 file changed, 11 insertions(+), 31 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index 997bb14967..976aad0c6f 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -64,21 +64,21 @@ KEYSTONE_EXTENSIONS=${KEYSTONE_EXTENSIONS:-}
 # Toggle for deploying Keystone under HTTPD + mod_wsgi
 KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}}
 
-# Select the backend for Keystone's service catalog
+# Select the Catalog backend driver
 KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
 
-# Select the backend for Tokens
+# Select the token persistence backend driver
 KEYSTONE_TOKEN_BACKEND=${KEYSTONE_TOKEN_BACKEND:-sql}
 
-# Select the backend for Identity
+# Select the Identity backend driver
 KEYSTONE_IDENTITY_BACKEND=${KEYSTONE_IDENTITY_BACKEND:-sql}
 
-# Select the backend for Assignment
+# Select the Assignment backend driver
 KEYSTONE_ASSIGNMENT_BACKEND=${KEYSTONE_ASSIGNMENT_BACKEND:-sql}
 
-# Select Keystone's token format
-# Choose from 'UUID', 'PKI', or 'PKIZ'
+# Select Keystone's token provider (and format)
+# Choose from 'uuid', 'pki', 'pkiz', or 'fernet'
 KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
 KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
 
@@ -99,12 +99,6 @@ KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
 # Set the tenant for service accounts in Keystone
 SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
 
-# valid identity backends as per dir keystone/identity/backends
-KEYSTONE_VALID_IDENTITY_BACKENDS=kvs,ldap,pam,sql
-
-# valid assignment backends as per dir keystone/identity/backends
-KEYSTONE_VALID_ASSIGNMENT_BACKENDS=kvs,ldap,sql
-
 # if we are running with SSL use https protocols
 if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
     KEYSTONE_AUTH_PROTOCOL="https"
@@ -225,15 +219,8 @@ function configure_keystone {
         iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
     fi
 
-    # check if identity backend is valid
-    if [[ "$KEYSTONE_VALID_IDENTITY_BACKENDS" =~ "$KEYSTONE_IDENTITY_BACKEND" ]]; then
-        iniset $KEYSTONE_CONF identity driver "keystone.identity.backends.$KEYSTONE_IDENTITY_BACKEND.Identity"
-    fi
-
-    # check if assignment backend is valid
-    if [[ "$KEYSTONE_VALID_ASSIGNMENT_BACKENDS" =~ "$KEYSTONE_ASSIGNMENT_BACKEND" ]]; then
-        iniset $KEYSTONE_CONF assignment driver "keystone.assignment.backends.$KEYSTONE_ASSIGNMENT_BACKEND.Assignment"
-    fi
+    iniset $KEYSTONE_CONF identity driver "$KEYSTONE_IDENTITY_BACKEND"
+    iniset $KEYSTONE_CONF assignment driver "$KEYSTONE_ASSIGNMENT_BACKEND"
 
     iniset_rpc_backend keystone $KEYSTONE_CONF
 
@@ -257,23 +244,17 @@ function configure_keystone {
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
 
     if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
-        iniset $KEYSTONE_CONF token provider keystone.token.providers.$KEYSTONE_TOKEN_FORMAT.Provider
+        iniset $KEYSTONE_CONF token provider $KEYSTONE_TOKEN_FORMAT
     fi
 
     iniset $KEYSTONE_CONF database connection `database_connection_url keystone`
     iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
 
-    if [[ "$KEYSTONE_TOKEN_BACKEND" = "sql" ]]; then
-        iniset $KEYSTONE_CONF token driver keystone.token.persistence.backends.sql.Token
-    elif [[ "$KEYSTONE_TOKEN_BACKEND" = "memcache" ]]; then
-        iniset $KEYSTONE_CONF token driver keystone.token.persistence.backends.memcache.Token
-    else
-        iniset $KEYSTONE_CONF token driver keystone.token.persistence.backends.kvs.Token
-    fi
+    iniset $KEYSTONE_CONF token driver "$KEYSTONE_TOKEN_BACKEND"
 
+    iniset $KEYSTONE_CONF catalog driver "$KEYSTONE_CATALOG_BACKEND"
     if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
         # Configure ``keystone.conf`` to use sql
-        iniset $KEYSTONE_CONF catalog driver keystone.catalog.backends.sql.Catalog
         inicomment $KEYSTONE_CONF catalog template_file
     else
         cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
@@ -300,7 +281,6 @@ function configure_keystone {
         " -i $KEYSTONE_CATALOG
 
         # Configure ``keystone.conf`` to use templates
-        iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.Catalog"
         iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
     fi
 

From 71a8eccdc3594b2e0395d7df75e69eb877269e81 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Mon, 11 May 2015 10:37:18 -0500
Subject: [PATCH 0653/3421] Remove setting nonexistant [ec2] driver option in
 keystone

There's no [ec2] driver option in keystone.

Change-Id: Ifee92127f32db85d4d55f665471c8da1c9a970e7
---
 lib/keystone | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index 976aad0c6f..a1d832c5ae 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -248,7 +248,6 @@ function configure_keystone {
     fi
 
     iniset $KEYSTONE_CONF database connection `database_connection_url keystone`
-    iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
 
     iniset $KEYSTONE_CONF token driver "$KEYSTONE_TOKEN_BACKEND"
 

From eb7a0d9b2d22da3d1e0fbc3f581c597a1a510666 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Mon, 11 May 2015 12:54:33 -0500
Subject: [PATCH 0654/3421] Remove KEYSTONE_AUTH_CACHE_DIR

Keystone doesn't use a cache directory.

Change-Id: I569b406db46cf6bdabcbfd8c5eb6f3cbdbc3cff7
---
 lib/keystone | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index a1d832c5ae..63c3f7973a 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -50,7 +50,6 @@ fi
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
-KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
 if is_suse; then
     KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone}
 else
@@ -475,10 +474,6 @@ function init_keystone {
         # Set up certificates
         rm -rf $KEYSTONE_CONF_DIR/ssl
         $KEYSTONE_BIN_DIR/keystone-manage pki_setup
-
-        # Create cache dir
-        sudo install -d -o $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
-        rm -f $KEYSTONE_AUTH_CACHE_DIR/*
     fi
 }
 

From 60a140571ea3a4ad07772f1eedae6d4d1a6e4c67 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 11 May 2015 14:53:39 -0400
Subject: [PATCH 0655/3421] add network info to the worlddump

This adds potentially helpful networking info to the world dump.

It also refactors some of the output mechanisms into reusable
functions for cleanliness in the code.

Change-Id: I39f95bd487c152925f8fadd1799149db35cffd52
---
 tools/worlddump.py | 49 +++++++++++++++++++++++++++++++---------------
 1 file changed, 33 insertions(+), 16 deletions(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index cb32510526..7f2614dcaa 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -41,12 +41,24 @@ def warn(msg):
     print "WARN: %s" % msg
 
 
+def _dump_cmd(cmd):
+    print cmd
+    print "-" * len(cmd)
+    print
+    print os.popen(cmd).read()
+
+
+def _header(name):
+    print
+    print name
+    print "=" * len(name)
+    print
+
+
 def disk_space():
     # the df output
-    print """
-File System Summary
-===================
-"""
+    _header("File System Summary")
+
     dfraw = os.popen("df -Ph").read()
     df = [s.split() for s in dfraw.splitlines()]
     for fs in df:
@@ -63,22 +75,26 @@ def disk_space():
 
 def iptables_dump():
     tables = ['filter', 'nat', 'mangle']
-    print """
-IP Tables Dump
-===============
-"""
+    _header("IP Tables Dump")
+
     for table in tables:
-        print os.popen("sudo iptables --line-numbers -L -nv -t %s"
-                       % table).read()
+        _dump_cmd("sudo iptables --line-numbers -L -nv -t %s" % table)
+
+
+def network_dump():
+    _header("Network Dump")
+
+    _dump_cmd("brctl show")
+    _dump_cmd("arp -n")
+    _dump_cmd("ip addr")
+    _dump_cmd("ip link")
+    _dump_cmd("ip route")
 
 
 def process_list():
-    print """
-Process Listing
-===============
-"""
-    psraw = os.popen("ps axo user,ppid,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,args").read()
-    print psraw
+    _header("Process Listing")
+    _dump_cmd("ps axo "
+              "user,ppid,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,args")
 
 
 def main():
@@ -90,6 +106,7 @@ def main():
         os.dup2(f.fileno(), sys.stdout.fileno())
         disk_space()
         process_list()
+        network_dump()
         iptables_dump()
 
 

From cbe12eb72eaf70001b80b0a6357cde3048cbc81f Mon Sep 17 00:00:00 2001
From: Louis Taylor 
Date: Tue, 12 May 2015 16:49:49 +0000
Subject: [PATCH 0656/3421] glance: remove deprecated store options

glance_store has now been fully migrated, so we can remove these from the
config files.

Change-Id: I987ab6338b235f0beeed7c7fe74b0f5b6526f70d
---
 lib/glance | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/lib/glance b/lib/glance
index f543e54c7a..4e1bd24ef5 100644
--- a/lib/glance
+++ b/lib/glance
@@ -138,26 +138,12 @@ function configure_glance {
     fi
 
     # Store specific configs
-    iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
-
-    # NOTE(flaper87): Until Glance is fully migrated, set these configs in both
-    # sections.
     iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
 
     iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
 
     # Store the images in swift if enabled.
     if is_service_enabled s-proxy; then
-        iniset $GLANCE_API_CONF DEFAULT default_store swift
-        iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/
-        iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
-        iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
-        iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
-
-        iniset $GLANCE_API_CONF DEFAULT known_stores "glance.store.filesystem.Store, glance.store.http.Store, glance.store.swift.Store"
-
-        # NOTE(flaper87): Until Glance is fully migrated, set these configs in both
-        # sections.
         iniset $GLANCE_API_CONF glance_store default_store swift
         iniset $GLANCE_API_CONF glance_store swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/
         iniset $GLANCE_API_CONF glance_store swift_store_user $SERVICE_TENANT_NAME:glance-swift
@@ -211,9 +197,6 @@ function configure_glance {
     iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
 
     # Store specific confs
-    # NOTE(flaper87): Until Glance is fully migrated, set these configs in both
-    # sections.
-    iniset $GLANCE_CACHE_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
     iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
 
     cp -p $GLANCE_DIR/etc/policy.json $GLANCE_POLICY_JSON

From 3a2c86aabfa985dbdc998f02201649f49f3adab7 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Tue, 12 May 2015 13:41:25 +0000
Subject: [PATCH 0657/3421] Add python_version function to functions-common

This makes it possible to list virtual site-package directories
without statically stating the python version, which is a bit ugly.

Change-Id: I3e7ac39eb43cdc4f656e0c90f3bfb23545722aef
---
 functions-common | 6 ++++++
 lib/keystone     | 2 +-
 lib/nova         | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 4d07c03cce..d28ef85cc1 100644
--- a/functions-common
+++ b/functions-common
@@ -1897,6 +1897,12 @@ function maskip {
     echo $subnet
 }
 
+# Return the current python as "python."
+function python_version {
+    local python_version=$(python -c 'import sys; print("%s.%s" % sys.version_info[0:2])')
+    echo "python${python_version}"
+}
+
 # Service wrapper to restart services
 # restart_service service-name
 function restart_service {
diff --git a/lib/keystone b/lib/keystone
index 997bb14967..0f369af71d 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -164,7 +164,7 @@ function _config_keystone_apache_wsgi {
         keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
     fi
     if [[ ${USE_VENV} = True ]]; then
-        venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/python2.7/site-packages"
+        venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
     fi
 
     # copy proxy vhost and wsgi file
diff --git a/lib/nova b/lib/nova
index 6ac9da3b41..7d2145b170 100644
--- a/lib/nova
+++ b/lib/nova
@@ -259,7 +259,7 @@ function _config_nova_apache_wsgi {
         nova_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
     fi
     if [[ ${USE_VENV} = True ]]; then
-        venv_path="python-path=${PROJECT_VENV["nova"]}/lib/python2.7/site-packages"
+        venv_path="python-path=${PROJECT_VENV["nova"]}/lib/$(python_version)/site-packages"
     fi
 
     # copy proxy vhost and wsgi helper files

From ce8e6f6aa61c267df7892e7e8748963db8c83bc3 Mon Sep 17 00:00:00 2001
From: John Griffith 
Date: Tue, 12 May 2015 17:28:59 -0600
Subject: [PATCH 0658/3421] Add ability to specify cinder lvm_type option

Cinder has had an lvm_type option for quite a while
that allows the LVM driver to be configured to use
thin provisioning.

This required an additional PPA in Precise, but is
available in the default Trusty packages.

This patch adds the lvm_type option, and we'll use
it to do gate testing against the lvm_thin configuration.

Change-Id: I99c7fea131f3d79747ec75052adf8b24f41ba483
---
 lib/cinder              | 4 ++++
 lib/cinder_backends/lvm | 1 +
 2 files changed, 5 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index eb0e1d7600..93285bf99c 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -65,6 +65,10 @@ CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
 CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
 CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
+# What type of LVM device should Cinder use for LVM backend
+# Defaults to default, which is thick, the other valid choice
+# is thin, which as the name implies utilizes lvm thin provisioning.
+CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-default}
 
 # Default backends
 # The backend format is type:name where type is one of the supported backend
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 35ad209db7..411b82c190 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -51,6 +51,7 @@ function configure_cinder_backend_lvm {
     iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMVolumeDriver"
     iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
     iniset $CINDER_CONF $be_name iscsi_helper "$CINDER_ISCSI_HELPER"
+    iniset $CINDER_CONF $be_name lvm_type "$CINDER_LVM_TYPE"
 
     if [[ "$CINDER_SECURE_DELETE" == "False" ]]; then
         iniset $CINDER_CONF $be_name volume_clear none

From 1fa82aab6634bf815d162978e33b211e1fdef343 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Tue, 12 May 2015 20:04:49 -0700
Subject: [PATCH 0659/3421] Install g-r version of OSC in configure_tempest

configure_tempest uses python-openstackclient (OSC) and we call
configure_tempest in grenade on the new side. So we need to make sure
the version of OSC is installed matches global-requirements on new.

Change-Id: I6fae9b8b081355b45e7c8d622d8db2482d41b464
Closes-Bug: #1454467
---
 lib/tempest | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 6ce245aef1..1af5c7a795 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -106,6 +106,10 @@ function configure_tempest {
         pip_install_gr testrepository
     fi
 
+    # Used during configuration so make sure we have the correct
+    # version installed
+    pip_install_gr python-openstackclient
+
     local image_lines
     local images
     local num_images

From 38bee18a2c440b01bd1c2187cb2a62a841e3b7ae Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Mon, 11 May 2015 16:51:10 +0200
Subject: [PATCH 0660/3421] Cinder: Set os_privileged_user credentials (for
 os-assisted-snapshots)

When calling os-assisted-snapshots APIs, Cinder often (by default) needs
 to pass an admin token to Nova. Currently it uses the credentials of
 the current user.

This will cause calls to Nova APIs for assisted volume snapshots to fail.

Configuration options should be added to specify different credentials
for talking to Nova.

Change-Id: I9e3ed53f4e1349d57a0c33518445f54ac63e36ec
Related-Bug: #1308736
---
 lib/cinder | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index eb0e1d7600..7ad7ef9b0c 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -299,6 +299,11 @@ function configure_cinder {
         iniset $CINDER_CONF DEFAULT ssl_key_file "$CINDER_SSL_KEY"
     fi
 
+    # Set os_privileged_user credentials (used for os-assisted-snapshots)
+    iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
+    iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
+    iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME"
+
 }
 
 # create_cinder_accounts() - Set up common required cinder accounts

From a747cd25f76440a2320bd5e1c65252d31eb9b189 Mon Sep 17 00:00:00 2001
From: Swapnil Kulkarni 
Date: Wed, 13 May 2015 09:26:15 +0000
Subject: [PATCH 0661/3421] Update the glance image-list with openstack image
 list

Change-Id: I0f0f15cb204daf12fbc12384f04a2cd9618c4bef
---
 lib/tempest | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index cd8fbd725f..df986728c1 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -143,9 +143,7 @@ function configure_tempest {
                 image_uuid_alt="$IMAGE_UUID"
             fi
             images+=($IMAGE_UUID)
-        # TODO(stevemar): update this command to use openstackclient's `openstack image list`
-        # when it supports listing by status.
-        done < <(glance image-list --status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
+        done < <(openstack image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
 
         case "${#images[*]}" in
             0)

From 737e94202fe635b7bd9ad59195352bb5dfe54817 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 12 May 2015 19:51:39 -0400
Subject: [PATCH 0662/3421] dump compute consoles on fail as well

This provides a dump of the compute consoles as well on failure.

Change-Id: Ib253537a54a1b9d83a930bbefa4512e039575fd1
---
 tools/worlddump.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 7f2614dcaa..d846f10025 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -18,6 +18,7 @@
 
 import argparse
 import datetime
+import fnmatch
 import os
 import os.path
 import sys
@@ -97,6 +98,14 @@ def process_list():
               "user,ppid,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,args")
 
 
+def compute_consoles():
+    _header("Compute consoles")
+    for root, dirnames, filenames in os.walk('/opt/stack'):
+        for filename in fnmatch.filter(filenames, 'console.log'):
+            fullpath = os.path.join(root, filename)
+            _dump_cmd("sudo cat %s" % fullpath)
+
+
 def main():
     opts = get_options()
     fname = filename(opts.dir)
@@ -108,6 +117,7 @@ def main():
         process_list()
         network_dump()
         iptables_dump()
+        compute_consoles()
 
 
 if __name__ == '__main__':

From 6816234dc84b3e81a3de8745e84691d09123ba7f Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 13 May 2015 15:41:03 -0500
Subject: [PATCH 0663/3421] Save stackenv values more often

Having these for debugging can be handy

Change-Id: I18c2658eec83a0f20f697a3c4c36aa1cf46b7a92
---
 functions-common | 20 ++++++++++++++++++++
 stack.sh         | 13 +++++++------
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/functions-common b/functions-common
index 52d80fb95b..974f5934e4 100644
--- a/functions-common
+++ b/functions-common
@@ -43,6 +43,25 @@ declare -A GITDIR
 
 TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 
+# Save these variables to .stackenv
+STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
+    KEYSTONE_AUTH_PROTOCOL KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \
+    LOGFILE OS_CACERT SERVICE_HOST SERVICE_PROTOCOL STACK_USER TLS_IP"
+
+
+# Saves significant environment variables to .stackenv for later use
+# Refers to a lot of globals, only TOP_DIR and STACK_ENV_VARS are required to
+# function, the rest are simply saved and do not cause problems if they are undefined.
+# save_stackenv [tag]
+function save_stackenv {
+    local tag=${1:-""}
+    # Save some values we generated for later use
+    time_stamp=$(date "+$TIMESTAMP_FORMAT")
+    echo "# $time_stamp $tag" >$TOP_DIR/.stackenv
+    for i in $STACK_ENV_VARS; do
+        echo $i=${!i} >>$TOP_DIR/.stackenv
+    done
+}
 
 # Normalize config values to True or False
 # Accepts as False: 0 no No NO false False FALSE
@@ -68,6 +87,7 @@ function isset {
     [[ -v "$1" ]]
 }
 
+
 # Control Functions
 # =================
 
diff --git a/stack.sh b/stack.sh
index f0aafafb3a..4f7a805f3f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -669,6 +669,9 @@ if is_service_enabled s-proxy; then
     fi
 fi
 
+# Save configuration values
+save_stackenv $LINENO
+
 
 # Install Packages
 # ================
@@ -950,6 +953,9 @@ fi
 # Initialize the directory for service status check
 init_service_check
 
+# Save configuration values
+save_stackenv $LINENO
+
 
 # Start Services
 # ==============
@@ -1294,12 +1300,7 @@ fi
 
 
 # Save some values we generated for later use
-CURRENT_RUN_TIME=$(date "+$TIMESTAMP_FORMAT")
-echo "# $CURRENT_RUN_TIME" >$TOP_DIR/.stackenv
-for i in BASE_SQL_CONN ENABLED_SERVICES HOST_IP LOGFILE \
-    SERVICE_HOST SERVICE_PROTOCOL STACK_USER TLS_IP KEYSTONE_AUTH_PROTOCOL OS_CACERT; do
-    echo $i=${!i} >>$TOP_DIR/.stackenv
-done
+save_stackenv
 
 
 # Wrapup configuration

From 9e220b9b2b560b160c93058b255b3d69e49c0cbc Mon Sep 17 00:00:00 2001
From: "James E. Blair" 
Date: Tue, 24 Mar 2015 16:32:03 -0700
Subject: [PATCH 0664/3421] Move trove into in-tree plugin

Once the trove code is copied into the trove repo and it is used
as a devstack-plugin, we can remove trove-specific code from
devstack.

Change-Id: I8f9f1a015edb7ec1033e2eaf0b29ab15d89384ce
Depends-On: I3506dec0e6097f9c2e9267110fdfb768faa23c85
---
 MAINTAINERS.rst              |   6 -
 clean.sh                     |   1 -
 doc/source/index.rst         |   3 -
 extras.d/70-trove.sh         |  32 -----
 lib/trove                    | 252 -----------------------------------
 stackrc                      |  28 ++--
 tests/test_libs_from_pypi.sh |   2 +-
 unstack.sh                   |   4 -
 8 files changed, 10 insertions(+), 318 deletions(-)
 delete mode 100644 extras.d/70-trove.sh
 delete mode 100644 lib/trove

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index 20e8655d69..d3e8c67487 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -75,12 +75,6 @@ SUSE
 Tempest
 ~~~~~~~
 
-Trove
-~~~~~
-
-* Nikhil Manchanda 
-* Michael Basnight 
-
 Xen
 ~~~
 * Bob Ball 
diff --git a/clean.sh b/clean.sh
index 7db519b0dc..c31a65fd40 100755
--- a/clean.sh
+++ b/clean.sh
@@ -51,7 +51,6 @@ source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ironic
-source $TOP_DIR/lib/trove
 
 
 # Extras Source
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 4435b495ae..e0c3f3a5d6 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -173,7 +173,6 @@ Scripts
 * `lib/swift `__
 * `lib/tempest `__
 * `lib/tls `__
-* `lib/trove `__
 * `lib/zaqar `__
 * `unstack.sh `__
 * `clean.sh `__
@@ -182,7 +181,6 @@ Scripts
 * `extras.d/50-ironic.sh `__
 * `extras.d/60-ceph.sh `__
 * `extras.d/70-sahara.sh `__
-* `extras.d/70-trove.sh `__
 * `extras.d/70-tuskar.sh `__
 * `extras.d/70-zaqar.sh `__
 * `extras.d/80-tempest.sh `__
@@ -242,6 +240,5 @@ Exercises
 * `exercises/sahara.sh `__
 * `exercises/sec\_groups.sh `__
 * `exercises/swift.sh `__
-* `exercises/trove.sh `__
 * `exercises/volumes.sh `__
 * `exercises/zaqar.sh `__
diff --git a/extras.d/70-trove.sh b/extras.d/70-trove.sh
deleted file mode 100644
index f284354e1f..0000000000
--- a/extras.d/70-trove.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-# trove.sh - Devstack extras script to install Trove
-
-if is_service_enabled trove; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source
-        source $TOP_DIR/lib/trove
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing Trove"
-        install_trove
-        install_troveclient
-        cleanup_trove
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        echo_summary "Configuring Trove"
-        configure_trove
-
-        if is_service_enabled key; then
-            create_trove_accounts
-        fi
-
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        # Initialize trove
-        init_trove
-
-        # Start the trove API and trove taskmgr components
-        echo_summary "Starting Trove"
-        start_trove
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_trove
-    fi
-fi
diff --git a/lib/trove b/lib/trove
deleted file mode 100644
index b0a96100c2..0000000000
--- a/lib/trove
+++ /dev/null
@@ -1,252 +0,0 @@
-#!/bin/bash
-#
-# lib/trove
-# Functions to control the configuration and operation of the **Trove** service
-
-# Dependencies:
-# ``functions`` file
-# ``DEST``, ``STACK_USER`` must be defined
-# ``SERVICE_{HOST|PROTOCOL|TOKEN}`` must be defined
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# install_trove
-# configure_trove
-# init_trove
-# start_trove
-# stop_trove
-# cleanup_trove
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-if is_service_enabled neutron; then
-    TROVE_HOST_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
-else
-    TROVE_HOST_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
-fi
-
-# Set up default configuration
-GITDIR["python-troveclient"]=$DEST/python-troveclient
-
-TROVE_DIR=$DEST/trove
-TROVE_CONF_DIR=${TROVE_CONF_DIR:-/etc/trove}
-TROVE_CONF=${TROVE_CONF:-$TROVE_CONF_DIR/trove.conf}
-TROVE_TASKMANAGER_CONF=${TROVE_TASKMANAGER_CONF:-$TROVE_CONF_DIR/trove-taskmanager.conf}
-TROVE_CONDUCTOR_CONF=${TROVE_CONDUCTOR_CONF:-$TROVE_CONF_DIR/trove-conductor.conf}
-TROVE_GUESTAGENT_CONF=${TROVE_GUESTAGENT_CONF:-$TROVE_CONF_DIR/trove-guestagent.conf}
-TROVE_API_PASTE_INI=${TROVE_API_PASTE_INI:-$TROVE_CONF_DIR/api-paste.ini}
-
-TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
-TROVE_LOCAL_API_PASTE_INI=$TROVE_LOCAL_CONF_DIR/api-paste.ini
-TROVE_AUTH_CACHE_DIR=${TROVE_AUTH_CACHE_DIR:-/var/cache/trove}
-TROVE_DATASTORE_TYPE=${TROVE_DATASTORE_TYPE:-"mysql"}
-TROVE_DATASTORE_VERSION=${TROVE_DATASTORE_VERSION:-"5.6"}
-TROVE_DATASTORE_PACKAGE=${TROVE_DATASTORE_PACKAGE:-"mysql-server-5.6"}
-
-# Support entry points installation of console scripts
-if [[ -d $TROVE_DIR/bin ]]; then
-    TROVE_BIN_DIR=$TROVE_DIR/bin
-else
-    TROVE_BIN_DIR=$(get_python_exec_prefix)
-fi
-TROVE_MANAGE=$TROVE_BIN_DIR/trove-manage
-
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,trove
-
-
-# Functions
-# ---------
-
-# Test if any Trove services are enabled
-# is_trove_enabled
-function is_trove_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"tr-" ]] && return 0
-    return 1
-}
-
-# setup_trove_logging() - Adds logging configuration to conf files
-function setup_trove_logging {
-    local CONF=$1
-    iniset $CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $CONF DEFAULT use_syslog $SYSLOG
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        # Add color to logging output
-        setup_colorized_logging $CONF DEFAULT tenant user
-    fi
-}
-
-# create_trove_accounts() - Set up common required Trove accounts
-
-# Tenant               User       Roles
-# ------------------------------------------------------------------
-# service              trove     admin        # if enabled
-
-function create_trove_accounts {
-    if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
-
-        create_service_user "trove"
-
-        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-            local trove_service=$(get_or_create_service "trove" \
-                "database" "Trove Service")
-            get_or_create_endpoint $trove_service \
-                "$REGION_NAME" \
-                "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
-                "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
-                "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
-        fi
-    fi
-}
-
-# stack.sh entry points
-# ---------------------
-
-# cleanup_trove() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_trove {
-    #Clean up dirs
-    rm -fr $TROVE_AUTH_CACHE_DIR/*
-    rm -fr $TROVE_CONF_DIR/*
-}
-
-# configure_trove() - Set config files, create data dirs, etc
-function configure_trove {
-    setup_develop $TROVE_DIR
-
-    # Create the trove conf dir and cache dirs if they don't exist
-    sudo install -d -o $STACK_USER ${TROVE_CONF_DIR} ${TROVE_AUTH_CACHE_DIR}
-
-    # Copy api-paste file over to the trove conf dir
-    cp $TROVE_LOCAL_API_PASTE_INI $TROVE_API_PASTE_INI
-
-    # (Re)create trove conf files
-    rm -f $TROVE_CONF
-    rm -f $TROVE_TASKMANAGER_CONF
-    rm -f $TROVE_CONDUCTOR_CONF
-
-    iniset $TROVE_CONF DEFAULT rabbit_userid $RABBIT_USERID
-    iniset $TROVE_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-    iniset $TROVE_CONF database connection `database_connection_url trove`
-    iniset $TROVE_CONF DEFAULT default_datastore $TROVE_DATASTORE_TYPE
-    setup_trove_logging $TROVE_CONF
-    iniset $TROVE_CONF DEFAULT trove_api_workers "$API_WORKERS"
-
-    configure_auth_token_middleware $TROVE_CONF trove $TROVE_AUTH_CACHE_DIR
-
-    # (Re)create trove taskmanager conf file if needed
-    if is_service_enabled tr-tmgr; then
-        TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
-
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT rabbit_userid $RABBIT_USERID
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $TROVE_TASKMANAGER_CONF database connection `database_connection_url trove`
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_user radmin
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_tenant_name trove
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
-        iniset $TROVE_TASKMANAGER_CONF DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
-        setup_trove_logging $TROVE_TASKMANAGER_CONF
-    fi
-
-    # (Re)create trove conductor conf file if needed
-    if is_service_enabled tr-cond; then
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT rabbit_userid $RABBIT_USERID
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-        iniset $TROVE_CONDUCTOR_CONF database connection `database_connection_url trove`
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_user radmin
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_tenant_name trove
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
-        iniset $TROVE_CONDUCTOR_CONF DEFAULT control_exchange trove
-        setup_trove_logging $TROVE_CONDUCTOR_CONF
-    fi
-
-    # Set up Guest Agent conf
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT rabbit_userid $RABBIT_USERID
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT rabbit_host $TROVE_HOST_GATEWAY
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT nova_proxy_admin_user radmin
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT nova_proxy_admin_tenant_name trove
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT control_exchange trove
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT ignore_users os_admin
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT log_dir /var/log/trove/
-    iniset $TROVE_GUESTAGENT_CONF DEFAULT log_file trove-guestagent.log
-    setup_trove_logging $TROVE_GUESTAGENT_CONF
-}
-
-# install_troveclient() - Collect source and prepare
-function install_troveclient {
-    if use_library_from_git "python-troveclient"; then
-        git_clone_by_name "python-troveclient"
-        setup_dev_lib "python-troveclient"
-    fi
-}
-
-# install_trove() - Collect source and prepare
-function install_trove {
-    git_clone $TROVE_REPO $TROVE_DIR $TROVE_BRANCH
-}
-
-# init_trove() - Initializes Trove Database as a Service
-function init_trove {
-    # (Re)Create trove db
-    recreate_database trove
-
-    # Initialize the trove database
-    $TROVE_MANAGE db_sync
-
-    # If no guest image is specified, skip remaining setup
-    [ -z "$TROVE_GUEST_IMAGE_URL" ] && return 0
-
-    # Find the glance id for the trove guest image
-    # The image is uploaded by stack.sh -- see $IMAGE_URLS handling
-    GUEST_IMAGE_NAME=$(basename "$TROVE_GUEST_IMAGE_URL")
-    GUEST_IMAGE_NAME=${GUEST_IMAGE_NAME%.*}
-    TROVE_GUEST_IMAGE_ID=$(openstack --os-token $TOKEN --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image list | grep "${GUEST_IMAGE_NAME}" | get_field 1)
-    if [ -z "$TROVE_GUEST_IMAGE_ID" ]; then
-        # If no glance id is found, skip remaining setup
-        echo "Datastore ${TROVE_DATASTORE_TYPE} will not be created: guest image ${GUEST_IMAGE_NAME} not found."
-        return 1
-    fi
-
-    # Now that we have the guest image id, initialize appropriate datastores / datastore versions
-    $TROVE_MANAGE datastore_update "$TROVE_DATASTORE_TYPE" ""
-    $TROVE_MANAGE datastore_version_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION" "$TROVE_DATASTORE_TYPE" \
-        "$TROVE_GUEST_IMAGE_ID" "$TROVE_DATASTORE_PACKAGE" 1
-    $TROVE_MANAGE datastore_version_update "$TROVE_DATASTORE_TYPE" "inactive_version" "inactive_manager" "$TROVE_GUEST_IMAGE_ID" "" 0
-    $TROVE_MANAGE datastore_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION"
-    $TROVE_MANAGE datastore_update "Inactive_Datastore" ""
-}
-
-# start_trove() - Start running processes, including screen
-function start_trove {
-    run_process tr-api "$TROVE_BIN_DIR/trove-api --config-file=$TROVE_CONF --debug"
-    run_process tr-tmgr "$TROVE_BIN_DIR/trove-taskmanager --config-file=$TROVE_TASKMANAGER_CONF --debug"
-    run_process tr-cond "$TROVE_BIN_DIR/trove-conductor --config-file=$TROVE_CONDUCTOR_CONF --debug"
-}
-
-# stop_trove() - Stop running processes
-function stop_trove {
-    # Kill the trove screen windows
-    local serv
-    for serv in tr-api tr-tmgr tr-cond; do
-        stop_process $serv
-    done
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/stackrc b/stackrc
index 3c08b15b03..938a09a56d 100644
--- a/stackrc
+++ b/stackrc
@@ -231,11 +231,6 @@ SAHARA_BRANCH=${SAHARA_BRANCH:-master}
 SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git}
 SWIFT_BRANCH=${SWIFT_BRANCH:-master}
 
-# trove service
-TROVE_REPO=${TROVE_REPO:-${GIT_BASE}/openstack/trove.git}
-TROVE_BRANCH=${TROVE_BRANCH:-master}
-
-
 ##############
 #
 #  Testing Components
@@ -301,10 +296,6 @@ GITBRANCH["python-saharaclient"]=${SAHARACLIENT_BRANCH:-master}
 GITREPO["python-swiftclient"]=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
 GITBRANCH["python-swiftclient"]=${SWIFTCLIENT_BRANCH:-master}
 
-# trove client library test
-GITREPO["python-troveclient"]=${TROVECLIENT_REPO:-${GIT_BASE}/openstack/python-troveclient.git}
-GITBRANCH["python-troveclient"]=${TROVECLIENT_BRANCH:-master}
-
 # consolidated openstack python client
 GITREPO["python-openstackclient"]=${OPENSTACKCLIENT_REPO:-${GIT_BASE}/openstack/python-openstackclient.git}
 GITBRANCH["python-openstackclient"]=${OPENSTACKCLIENT_BRANCH:-master}
@@ -577,16 +568,15 @@ case "$VIRT_DRIVER" in
         IMAGE_URLS=${IMAGE_URLS:-"http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz"};;
 esac
 
-# Trove needs a custom image for its work
-if [[ "$ENABLED_SERVICES" =~ 'tr-api' ]]; then
-    case "$VIRT_DRIVER" in
-        libvirt|ironic|xenapi)
-            TROVE_GUEST_IMAGE_URL=${TROVE_GUEST_IMAGE_URL:-"http://tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2"}
-            IMAGE_URLS+=",${TROVE_GUEST_IMAGE_URL}"
-            ;;
-        *)
-            ;;
-    esac
+# Staging Area for New Images, have them here for at least 24hrs for nodepool
+# to cache them otherwise the failure rates in the gate are too high
+PRECACHE_IMAGES=$(trueorfalse False PRECACHE_IMAGES)
+if [[ "$PRECACHE_IMAGES" == "True" ]]; then
+
+    IMAGE_URL="http://tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2"
+    if ! [[ "$IMAGE_URLS"  =~ "$IMAGE_URL" ]]; then
+        IMAGE_URLS+=",$IMAGE_URL"
+    fi
 fi
 
 # 10Gb default volume backing file size
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 0bec584aad..8210d0a466 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -29,7 +29,7 @@ for i in $TOP/lib/*; do
     fi
 done
 
-ALL_LIBS="python-novaclient oslo.config pbr oslo.context python-troveclient"
+ALL_LIBS="python-novaclient oslo.config pbr oslo.context"
 ALL_LIBS+=" python-keystoneclient taskflow oslo.middleware pycadf"
 ALL_LIBS+=" python-glanceclient python-ironicclient tempest-lib"
 ALL_LIBS+=" oslo.messaging oslo.log cliff python-heatclient stevedore"
diff --git a/unstack.sh b/unstack.sh
index ed7e6175ca..f0da9710a2 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -173,10 +173,6 @@ if is_service_enabled neutron; then
     cleanup_neutron
 fi
 
-if is_service_enabled trove; then
-    cleanup_trove
-fi
-
 if is_service_enabled dstat; then
     stop_dstat
 fi

From 61045ca58a89f9ce3a2c905450885700119a8a6f Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Thu, 14 May 2015 11:20:39 -0400
Subject: [PATCH 0665/3421] Write out a clouds.yaml file

os-client-config consumes clouds.yaml files, which is now supported in
python-openstackclient and shade. It also makes for a non-envvar way of
getting config info into functional tests.

Change-Id: I1150b943f52f10d19f8434b27e8dde73a14d7843
---
 clean.sh |  2 +-
 stack.sh | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/clean.sh b/clean.sh
index 7db519b0dc..86e3d4bec8 100755
--- a/clean.sh
+++ b/clean.sh
@@ -130,7 +130,7 @@ if [[ -n "$SCREEN_LOGDIR" ]] && [[ -d "$SCREEN_LOGDIR" ]]; then
 fi
 
 # Clean up venvs
-DIRS_TO_CLEAN="$WHEELHOUSE ${PROJECT_VENV[@]}"
+DIRS_TO_CLEAN="$WHEELHOUSE ${PROJECT_VENV[@]} .config/openstack"
 rm -rf $DIRS_TO_CLEAN
 
 # Clean up files
diff --git a/stack.sh b/stack.sh
index f20af219a6..dea56437dd 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1294,6 +1294,29 @@ for i in BASE_SQL_CONN ENABLED_SERVICES HOST_IP LOGFILE \
     echo $i=${!i} >>$TOP_DIR/.stackenv
 done
 
+# Write out a clouds.yaml file
+# putting the location into a variable to allow for easier refactoring later
+# to make it overridable. There is current no usecase where doing so makes
+# sense, so I'm not actually doing it now.
+CLOUDS_YAML=~/.config/openstack/clouds.yaml
+if [ ! -e $CLOUDS_YAML ]; then
+    mkdir -p $(dirname $CLOUDS_YAML)
+    cat >"$CLOUDS_YAML" <>"$CLOUDS_YAML"
+    fi
+fi
+
 
 # Wrapup configuration
 # ====================

From c6782413081cbdc72c7b24e34acec383a1cf2f46 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 14 May 2015 10:01:53 +1000
Subject: [PATCH 0666/3421] Infer rootwrap arguments from project

We can infer the binary and configuration paths just from the project
name and expanding this to the known *_DIR & *_BIN_DIR variables.  A
similar thing is done for policyd settings

Change-Id: I7c6a9fa106948ae5cbcf52555ade6154623798f1
---
 inc/rootwrap   | 14 ++++++++++----
 lib/ceilometer |  2 +-
 lib/cinder     |  2 +-
 lib/nova       |  2 +-
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/inc/rootwrap b/inc/rootwrap
index bac8e1e86c..411e5f7b73 100644
--- a/inc/rootwrap
+++ b/inc/rootwrap
@@ -38,11 +38,17 @@ function add_sudo_secure_path {
 
 # Configure rootwrap
 # Make a load of assumptions otherwise we'll have 6 arguments
-# configure_rootwrap project bin conf-src-dir
+# configure_rootwrap project
 function configure_rootwrap {
-    local project=$1                    # xx
-    local rootwrap_bin=$2               # /opt/stack/xx.venv/bin/xx-rootwrap
-    local rootwrap_conf_src_dir=$3      # /opt/stack/xx/etc/xx
+    local project=$1
+    local project_uc=$(echo $1|tr a-z A-Z)
+    local bin_dir="${project_uc}_BIN_DIR"
+    bin_dir="${!bin_dir}"
+    local project_dir="${project_uc}_DIR"
+    project_dir="${!project_dir}"
+
+    local rootwrap_conf_src_dir="${project_dir}/etc/${project}"
+    local rootwrap_bin="${bin_dir}/${project}-rootwrap"
 
     # Start fresh with rootwrap filters
     sudo rm -rf /etc/${project}/rootwrap.d
diff --git a/lib/ceilometer b/lib/ceilometer
index 9abdbfe286..1f72187ed6 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -254,7 +254,7 @@ function configure_ceilometer {
 
     if is_service_enabled ceilometer-aipmi; then
         # Configure rootwrap for the ipmi agent
-        configure_rootwrap ceilometer $CEILOMETER_BIN_DIR/ceilometer-rootwrap $CEILOMETER_DIR/etc/ceilometer
+        configure_rootwrap ceilometer
     fi
 }
 
diff --git a/lib/cinder b/lib/cinder
index eb0e1d7600..3c5425af08 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -190,7 +190,7 @@ function configure_cinder {
 
     rm -f $CINDER_CONF
 
-    configure_rootwrap cinder $CINDER_BIN_DIR/cinder-rootwrap $CINDER_DIR/etc/cinder
+    configure_rootwrap cinder
 
     cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI
 
diff --git a/lib/nova b/lib/nova
index 7d2145b170..da288d3e4d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -298,7 +298,7 @@ function configure_nova {
 
     install_default_policy nova
 
-    configure_rootwrap nova $NOVA_BIN_DIR/nova-rootwrap $NOVA_DIR/etc/nova
+    configure_rootwrap nova
 
     if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
         # Get the sample configuration file in place

From 8afbaa1c80d54d7f6591f8f2c1a26c34f60c77e1 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Wed, 13 May 2015 20:53:08 -0400
Subject: [PATCH 0667/3421] Support for running Nova with oslo.rootwrap daemon

Nova is being enhanced to use rootwrap as a daemon. For this effort,
we need an additional entry for nova-rootwrap-daemon in the
sudoers.d/ directory.

Needed by:
I57dc2efa39b86fa1fa20730ad70d056e87617c96

Change-Id: I80c7b9dd8e9e0f940aa4e54a95b241dfc40d3574
---
 inc/rootwrap | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/inc/rootwrap b/inc/rootwrap
index 411e5f7b73..f91e557e68 100644
--- a/inc/rootwrap
+++ b/inc/rootwrap
@@ -59,12 +59,16 @@ function configure_rootwrap {
     sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf
     sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
 
-    # Specify rootwrap.conf as first parameter to rootwrap
-    rootwrap_sudo_cmd="$rootwrap_bin /etc/${project}/rootwrap.conf *"
-
     # Set up the rootwrap sudoers
     local tempfile=$(mktemp)
+    # Specify rootwrap.conf as first parameter to rootwrap
+    rootwrap_sudo_cmd="${rootwrap_bin} /etc/${project}/rootwrap.conf *"
     echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >$tempfile
+    if [ -f ${bin_dir}/${project}-rootwrap-daemon ]; then
+        # rootwrap daemon does not need any parameters
+        rootwrap_sudo_cmd="${rootwrap_bin}-daemon /etc/${project}/rootwrap.conf"
+        echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >>$tempfile
+    fi
     chmod 0440 $tempfile
     sudo chown root:root $tempfile
     sudo mv $tempfile /etc/sudoers.d/${project}-rootwrap

From 3380a16974defc62db65fbc8e30e2510b57b84b6 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 15 May 2015 13:12:02 +1000
Subject: [PATCH 0668/3421] Disable firewalld always

We've bike-sheded over this before
(I5252a12223a35f7fb7a4ac3c58aa4a3cd1bc4799) but I have just traced
down further issues to firewalld with neutron+ipv6 (see the bug).

In fact, as mentioned in the comments, RDO disables firewalld and the
neutron guide says to disable it [1].  The force flag is left if
anyone really wants this; but nobody is testing (or, as far as I can
tell, working on) this so bring devstack back into line and disable it
always.  Note we do not remove the package; as has been found in the
puppet scripts this can lead to dependency issues.

[1] http://docs.openstack.org/developer/devstack/guides/neutron.html

Change-Id: Ief7cb33d926a9538f4eb39c74d906ee0c879de35
Partial-Bug: 1455303
---
 lib/nova_plugins/functions-libvirt | 11 -----------
 tools/fixup_stuff.sh               | 27 ++++++++++++++++++---------
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 04da5e2b60..96d8a44b05 100755
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -39,17 +39,6 @@ function install_libvirt {
         pip_install_gr libvirt-python
         install_package python-libguestfs
     fi
-
-    # Restart firewalld after install of libvirt to avoid a problem
-    # with polkit, which libvirtd brings in.  See
-    # https://bugzilla.redhat.com/show_bug.cgi?id=1099031
-
-    # Note there is a difference between F20 rackspace cloud images
-    # and HP images used in the gate; rackspace has firewalld but hp
-    # cloud doesn't.
-    if is_fedora && is_package_installed firewalld; then
-        sudo service firewalld restart || true
-    fi
 }
 
 # Configures the installed libvirt system so that is accessible by
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 2efb4e0987..31258d13f7 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -109,19 +109,28 @@ if is_fedora; then
     fi
 
     FORCE_FIREWALLD=$(trueorfalse False $FORCE_FIREWALLD)
-    if [[ ${DISTRO} =~ (f20) && $FORCE_FIREWALLD == "False" ]]; then
+    if [[ $FORCE_FIREWALLD == "False" ]]; then
         # On Fedora 20 firewalld interacts badly with libvirt and
-        # slows things down significantly.  However, for those cases
-        # where that combination is desired, allow this fix to be skipped.
-
-        # There was also an additional issue with firewalld hanging
-        # after install of libvirt with polkit.  See
-        # https://bugzilla.redhat.com/show_bug.cgi?id=1099031
+        # slows things down significantly (this issue was fixed in
+        # later fedoras).  There was also an additional issue with
+        # firewalld hanging after install of libvirt with polkit [1].
+        # firewalld also causes problems with neturon+ipv6 [2]
+        #
+        # Note we do the same as the RDO packages and stop & disable,
+        # rather than remove.  This is because other packages might
+        # have the dependency [3][4].
+        #
+        # [1] https://bugzilla.redhat.com/show_bug.cgi?id=1099031
+        # [2] https://bugs.launchpad.net/neutron/+bug/1455303
+        # [3] https://github.com/redhat-openstack/openstack-puppet-modules/blob/master/firewall/manifests/linux/redhat.pp
+        # [4] http://docs.openstack.org/developer/devstack/guides/neutron.html
         if is_package_installed firewalld; then
-            uninstall_package firewalld
+            sudo systemctl disable firewalld
+            sudo systemctl enable iptables
+            sudo systemctl stop firewalld
+            sudo systemctl start iptables
         fi
     fi
-
 fi
 
 # The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has

From 4b684aed316a89d4bc0d365e594ed345fe99d6b4 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Fri, 15 May 2015 12:38:09 -0400
Subject: [PATCH 0669/3421] Don't set tempest fixed_network_name with neutron

If neutron is enabled then there isn't a shared private network
between all tenants which is what is required for the
fixed_network_name config option. This commit adds a conditional
to not set that option when neutron is enabled. While not necessarily
fatal to tempest it does emit a warning on almost every server create
call if it is set with a non-existent network name.

Change-Id: I1a42fa6b0b5a93b411c08ec35df043d6ea69d453
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 9c227167d8..f02b0d13dd 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -344,7 +344,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute flavor_ref $flavor_ref
     iniset $TEMPEST_CONFIG compute flavor_ref_alt $flavor_ref_alt
     iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
-    if ! is_service_enabled n-cell; then
+    if [[ ! $(is_service_enabled n-cell) && ! $(is_service_enabled neutron) ]]; then
         iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
     fi
 

From a48e5dc4bd3514cc24cd75c72ea998ad9afe5321 Mon Sep 17 00:00:00 2001
From: Yalei Wang 
Date: Fri, 6 Mar 2015 17:05:11 +0800
Subject: [PATCH 0670/3421] add the port_sec as default neutron/ml2 extension
 driver

Neutron ML2 plugin introduces the first extension driver port_security, this
patch add it to be a default extension driver as a example. And also, if not
set it by default, networks like public/private which are created after the
neutron-db-manage's update, will not include the port-sec value.

Change-Id: I3035317c83d22804855517434bd8578719ce0436
Partially Implements: blueprint ml2-ovs-portsecurity
---
 doc/source/guides/neutron.rst | 5 +++++
 lib/neutron_plugins/ml2       | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 3030c7b5f2..b0a89070fb 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -131,6 +131,11 @@ In this configuration we are defining FLOATING_RANGE to be a
 subnet that exists in the private RFC1918 address space - however in
 in a real setup FLOATING_RANGE would be a public IP address range.
 
+Note that extension drivers for the ML2 plugin is set by
+`Q_ML2_PLUGIN_EXT_DRIVERS`, and it includes 'port_security' by default. If you
+want to remove all the extension drivers (even 'port_security'), set
+`Q_ML2_PLUGIN_EXT_DRIVERS` to blank.
+
 Neutron Networking with Open vSwitch and Provider Networks
 ==========================================================
 
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 88537774b7..2733f1f513 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -31,6 +31,9 @@ Q_ML2_PLUGIN_GRE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GRE_TYPE_OPTIONS:-tunnel_id_ranges=
 Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS:-vni_ranges=1001:2000}
 # Default VLAN TypeDriver options
 Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-}
+# List of extension drivers to load, use '-' instead of ':-' to allow people to
+# explicitly override this to blank
+Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS-port_security}
 
 # L3 Plugin to load for ML2
 ML2_L3_PLUGIN=${ML2_L3_PLUGIN:-neutron.services.l3_router.l3_router_plugin.L3RouterPlugin}
@@ -113,6 +116,8 @@ function neutron_plugin_configure_service {
 
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 type_drivers=$Q_ML2_PLUGIN_TYPE_DRIVERS
 
+    populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 extension_drivers=$Q_ML2_PLUGIN_EXT_DRIVERS
+
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 $Q_SRV_EXTRA_OPTS
 
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_gre $Q_ML2_PLUGIN_GRE_TYPE_OPTIONS

From 37421991b446f2077a9fb4e9a6d580b1c08044a3 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 20 May 2015 06:37:11 -0700
Subject: [PATCH 0671/3421] optional pymysql support

This allows you to specify MYSQL_DRIVER=PyMySQL and get it in the
environment.

Change-Id: Ic9d75266640b7aa6d7efb6e882d3027e81414059
---
 files/venv-requirements.txt |  1 -
 lib/databases/mysql         | 13 +++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/files/venv-requirements.txt b/files/venv-requirements.txt
index 73d05793ce..b9a55b423d 100644
--- a/files/venv-requirements.txt
+++ b/files/venv-requirements.txt
@@ -1,7 +1,6 @@
 # Once we can prebuild wheels before a devstack run, uncomment the skipped libraries
 cryptography
 # lxml # still install from from packages
-MySQL-python
 # netifaces # still install from packages
 #numpy    # slowest wheel by far, stop building until we are actually using the output
 posix-ipc
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 1b9a08199f..7cd2856ae9 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -11,6 +11,13 @@
 MY_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
+MYSQL_DRIVER=${MYSQL_DRIVER:-MySQL-python}
+# Force over to pymysql driver by default if we are using it.
+if is_service_enabled mysql; then
+    if [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then
+        SQLALCHEMY_DATABASE_DRIVER=${SQLALCHEMY_DATABASE_DRIVER:-"pymysql"}
+    fi
+fi
 
 register_database mysql
 
@@ -155,8 +162,10 @@ EOF
 
 function install_database_python_mysql {
     # Install Python client module
-    pip_install_gr MySQL-python
-    ADDITIONAL_VENV_PACKAGES+=",MySQL-python"
+    pip_install_gr $MYSQL_DRIVER
+    if [[ "$MYSQL_DRIVER" == "MySQL-python" ]]; then
+        ADDITIONAL_VENV_PACKAGES+=",MySQL-python"
+    fi
 }
 
 function database_connection_url_mysql {

From 165afa2377ee8eb6bad1b6cfb454a7de525a4498 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 25 May 2015 11:29:48 +1000
Subject: [PATCH 0672/3421] Fix msg argument to assert_equal

I noticed this was taking an argument but not dealing with it.  In
general the functions were undocumented, so I added some terse usage.

Also, the intent of the test-case was to expand the values before
using them as the message; make sure this happens by using a temp
variable.

Change-Id: Ib317ad1e9dd2a5d2232b9c64541fe4a601a2b8da
---
 tests/test_truefalse.sh |  6 ++++--
 tests/unittest.sh       | 17 +++++++++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/tests/test_truefalse.sh b/tests/test_truefalse.sh
index ebd9650649..2689589dc9 100755
--- a/tests/test_truefalse.sh
+++ b/tests/test_truefalse.sh
@@ -19,7 +19,8 @@ function test_trueorfalse {
 
     for default in True False; do
         for name in one captrue lowtrue uppertrue capyes lowyes upperyes; do
-                assert_equal "True" $(trueorfalse $default $name) "\$(trueorfalse $default $name)"
+            local msg="trueorfalse($default $name)"
+            assert_equal "True" $(trueorfalse $default $name) "$msg"
         done
     done
 
@@ -33,7 +34,8 @@ function test_trueorfalse {
 
     for default in True False; do
         for name in zero capfalse lowfalse upperfalse capno lowno upperno; do
-            assert_equal "False" $(trueorfalse $default $name) "\$(trueorfalse $default $name)"
+            local msg="trueorfalse($default $name)"
+            assert_equal "False" $(trueorfalse $default $name) "$msg"
         done
     done
 }
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 69f19b7dae..93aa5fc571 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -17,6 +17,8 @@ ERROR=0
 PASS=0
 FAILED_FUNCS=""
 
+# pass a test, printing out MSG
+#  usage: passed message
 function passed {
     local lineno=$(caller 0 | awk '{print $1}')
     local function=$(caller 0 | awk '{print $2}')
@@ -25,9 +27,11 @@ function passed {
         msg="OK"
     fi
     PASS=$((PASS+1))
-    echo $function:L$lineno $msg
+    echo "PASS: $function:L$lineno $msg"
 }
 
+# fail a test, printing out MSG
+#  usage: failed message
 function failed {
     local lineno=$(caller 0 | awk '{print $1}')
     local function=$(caller 0 | awk '{print $2}')
@@ -38,10 +42,16 @@ function failed {
     ERROR=$((ERROR+1))
 }
 
+# assert string comparision of val1 equal val2, printing out msg
+#  usage: assert_equal val1 val2 msg
 function assert_equal {
     local lineno=`caller 0 | awk '{print $1}'`
     local function=`caller 0 | awk '{print $2}'`
     local msg=$3
+
+    if [ -z "$msg" ]; then
+        msg="OK"
+    fi
     if [[ "$1" != "$2" ]]; then
         FAILED_FUNCS+="$function:L$lineno\n"
         echo "ERROR: $1 != $2 in $function:L$lineno!"
@@ -49,10 +59,13 @@ function assert_equal {
         ERROR=$((ERROR+1))
     else
         PASS=$((PASS+1))
-        echo "$function:L$lineno - ok"
+        echo "PASS: $function:L$lineno - $msg"
     fi
 }
 
+# print a summary of passing and failing tests, exiting
+# with an error if we have failed tests
+#  usage: report_results
 function report_results {
     echo "$PASS Tests PASSED"
     if [[ $ERROR -gt 1 ]]; then

From fcefb0a910f78f36b329d8eb74d3849678a7a2b7 Mon Sep 17 00:00:00 2001
From: Gary Kotton 
Date: Sun, 26 Apr 2015 08:50:49 -0700
Subject: [PATCH 0673/3421] VMware: add support for simple DVS

Add the file vmware_dvs that will enable the external CI to be
run.

The patch in the VMware repo for the DVS support is:
https://review.openstack.org/#/c/177597/

Change-Id: I6dee978fd2be3818c5ce57b1dcb2917234ab61e2
---
 lib/neutron_plugins/vmware_dvs | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 lib/neutron_plugins/vmware_dvs

diff --git a/lib/neutron_plugins/vmware_dvs b/lib/neutron_plugins/vmware_dvs
new file mode 100644
index 0000000000..587d5a6b11
--- /dev/null
+++ b/lib/neutron_plugins/vmware_dvs
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# This file is needed so Q_PLUGIN=vmware_dvs will work.
+
+# FIXME(salv-orlando): This function should not be here, but unfortunately
+# devstack calls it before the external plugins are fetched
+function has_neutron_plugin_security_group {
+    # 0 means True here
+    return 0
+}

From 93ee8c876ca2a8cdea98b6685538f85f1a7979ef Mon Sep 17 00:00:00 2001
From: Guillaume Giamarchi 
Date: Tue, 26 May 2015 02:08:44 +0200
Subject: [PATCH 0674/3421] Set IP_VERSION default value to 4+6

This is actually the default value since 645114b

Change-Id: Ib6603b4f6ea0b4079f9a4ea46e723ecbb2ea371d
---
 doc/source/configuration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 1cc7083bb4..8e2e7ffa31 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -391,7 +391,7 @@ Multi-host DevStack
         ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
 
 IP Version
-    | Default: ``IP_VERSION=4``
+    | Default: ``IP_VERSION=4+6``
     | This setting can be used to configure DevStack to create either an IPv4,
       IPv6, or dual stack tenant data network by setting ``IP_VERSION`` to
       either ``IP_VERSION=4``, ``IP_VERSION=6``, or ``IP_VERSION=4+6``

From 8606c98c53722f425525fa06eee554b7d30f62f6 Mon Sep 17 00:00:00 2001
From: fumihiko kakuma 
Date: Mon, 13 Apr 2015 09:55:06 +0900
Subject: [PATCH 0675/3421] Fix remove_disabled_extensions to remove an
 extension at the last position

remove_disabled_extensions do matching by '$ext_to_remove","'. So it doesn't
match an extension at the last position in extensions_list.
This patch fixes that.

Closes-Bug: #1443254
Change-Id: I194b483de797697ba06b320cf33f1bac67fc0cc7
---
 functions-common        | 41 +++++++++++++++++++++++++----------------
 lib/tempest             |  5 +----
 tests/test_functions.sh | 25 +++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/functions-common b/functions-common
index 52d80fb95b..ff9261161c 100644
--- a/functions-common
+++ b/functions-common
@@ -1629,7 +1629,6 @@ function disable_all_services {
 function disable_negated_services {
     local to_remove=""
     local remaining=""
-    local enabled=""
     local service
 
     # build up list of services that should be removed; i.e. they
@@ -1644,21 +1643,7 @@ function disable_negated_services {
 
     # go through the service list.  if this service appears in the "to
     # be removed" list, drop it
-    for service in ${remaining//,/ }; do
-        local remove
-        local add=1
-        for remove in ${to_remove//,/ }; do
-            if [[ ${remove} == ${service} ]]; then
-                add=0
-                break
-            fi
-        done
-        if [[ $add == 1 ]]; then
-            enabled="${enabled},$service"
-        fi
-    done
-
-    ENABLED_SERVICES=$(_cleanup_service_list "$enabled")
+    ENABLED_SERVICES=$(remove_disabled_services "$remaining" "$to_remove")
 }
 
 # disable_service() removes the services passed as argument to the
@@ -1762,6 +1747,30 @@ function is_service_enabled {
     return $enabled
 }
 
+# remove specified list from the input string
+# remove_disabled_services service-list remove-list
+function remove_disabled_services {
+    local service_list=$1
+    local remove_list=$2
+    local service
+    local enabled=""
+
+    for service in ${service_list//,/ }; do
+        local remove
+        local add=1
+        for remove in ${remove_list//,/ }; do
+            if [[ ${remove} == ${service} ]]; then
+                add=0
+                break
+            fi
+        done
+        if [[ $add == 1 ]]; then
+            enabled="${enabled},$service"
+        fi
+    done
+    _cleanup_service_list "$enabled"
+}
+
 # Toggle enable/disable_service for services that must run exclusive of each other
 #  $1 The name of a variable containing a space-separated list of services
 #  $2 The name of a variable in which to store the enabled service's name
diff --git a/lib/tempest b/lib/tempest
index 6c34323802..ffb59ff59b 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -91,10 +91,7 @@ function remove_disabled_extensions {
     local extensions_list=$1
     shift
     local disabled_exts=$*
-    for ext_to_remove in ${disabled_exts//,/ } ; do
-        extensions_list=${extensions_list/$ext_to_remove","}
-    done
-    echo $extensions_list
+    remove_disabled_services "$extensions_list" "$disabled_exts"
 }
 
 # configure_tempest() - Set config files, create data dirs, etc
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index 1d82792ca7..f555de8dff 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -137,6 +137,31 @@ test_disable_negated_services 'a,aa,-a' 'aa'
 test_disable_negated_services 'a,av2,-a,a' 'av2'
 test_disable_negated_services 'a,-a,av2' 'av2'
 
+echo "Testing remove_disabled_services()"
+
+function test_remove_disabled_services {
+    local service_list="$1"
+    local remove_list="$2"
+    local expected="$3"
+
+    results=$(remove_disabled_services "$service_list" "$remove_list")
+    if [ "$results" = "$expected" ]; then
+        passed "OK: '$service_list' - '$remove_list' -> '$results'"
+    else
+        failed "getting '$expected' from '$service_list' - '$remove_list' failed: '$results'"
+    fi
+}
+
+test_remove_disabled_services 'a,b,c' 'a,c' 'b'
+test_remove_disabled_services 'a,b,c' 'b' 'a,c'
+test_remove_disabled_services 'a,b,c,d' 'a,c d' 'b'
+test_remove_disabled_services 'a,b c,d' 'a d' 'b,c'
+test_remove_disabled_services 'a,b,c' 'a,b,c' ''
+test_remove_disabled_services 'a,b,c' 'd' 'a,b,c'
+test_remove_disabled_services 'a,b,c' '' 'a,b,c'
+test_remove_disabled_services '' 'a,b,c' ''
+test_remove_disabled_services '' '' ''
+
 echo "Testing is_package_installed()"
 
 if [[ -z "$os_PACKAGE" ]]; then

From d82d3f13401320ec47757aff0457a307203b28fe Mon Sep 17 00:00:00 2001
From: Mahito 
Date: Fri, 22 May 2015 10:37:23 -0700
Subject: [PATCH 0676/3421] Add test case to 'cidr2netmask'

'cidr2netmask' of function doesn't have enough test case
and test code isn't smart.
This patch adds test case and refactors test code.

Change-Id: Iab20ef06fe78316a78198ab75c0afe738a577dd6
Closes-bug: #1457989
---
 tests/test_ip.sh | 80 +++++++++++++++++++++---------------------------
 1 file changed, 35 insertions(+), 45 deletions(-)

diff --git a/tests/test_ip.sh b/tests/test_ip.sh
index c53e80de36..f8c2058967 100755
--- a/tests/test_ip.sh
+++ b/tests/test_ip.sh
@@ -12,51 +12,41 @@ source $TOP/tests/unittest.sh
 
 echo "Testing IP addr functions"
 
-if [[ $(cidr2netmask 4) == 240.0.0.0 ]]; then
-    passed "cidr2netmask(): /4...OK"
-else
-    failed "cidr2netmask(): /4...failed"
-fi
-if [[ $(cidr2netmask 8) == 255.0.0.0 ]]; then
-    passed "cidr2netmask(): /8...OK"
-else
-    failed "cidr2netmask(): /8...failed"
-fi
-if [[ $(cidr2netmask 12) == 255.240.0.0 ]]; then
-    passed "cidr2netmask(): /12...OK"
-else
-    failed "cidr2netmask(): /12...failed"
-fi
-if [[ $(cidr2netmask 16) == 255.255.0.0 ]]; then
-    passed "cidr2netmask(): /16...OK"
-else
-    failed "cidr2netmask(): /16...failed"
-fi
-if [[ $(cidr2netmask 20) == 255.255.240.0 ]]; then
-    passed "cidr2netmask(): /20...OK"
-else
-    failed "cidr2netmask(): /20...failed"
-fi
-if [[ $(cidr2netmask 24) == 255.255.255.0 ]]; then
-    passed "cidr2netmask(): /24...OK"
-else
-    failed "cidr2netmask(): /24...failed"
-fi
-if [[ $(cidr2netmask 28) == 255.255.255.240 ]]; then
-    passed "cidr2netmask(): /28...OK"
-else
-    failed "cidr2netmask(): /28...failed"
-fi
-if [[ $(cidr2netmask 30) == 255.255.255.252 ]]; then
-    passed "cidr2netmask(): /30...OK"
-else
-    failed "cidr2netmask(): /30...failed"
-fi
-if [[ $(cidr2netmask 32) == 255.255.255.255 ]]; then
-    passed "cidr2netmask(): /32...OK"
-else
-    failed "cidr2netmask(): /32...failed"
-fi
+function test_cidr2netmask {
+    local mask=0
+    local ips="128 192 224 240 248 252 254 255"
+    local ip
+    local msg
+
+    msg="cidr2netmask(/0) == 0.0.0.0"
+    assert_equal "0.0.0.0" $(cidr2netmask $mask) "$msg"
+
+    for ip in $ips; do
+        mask=$(( mask + 1 ))
+        msg="cidr2netmask(/$mask) == $ip.0.0.0"
+        assert_equal "$ip.0.0.0" $(cidr2netmask $mask) "$msg"
+    done
+
+    for ip in $ips; do
+        mask=$(( mask + 1 ))
+        msg="cidr2netmask(/$mask) == 255.$ip.0.0"
+        assert_equal "255.$ip.0.0" $(cidr2netmask $mask) "$msg"
+    done
+
+    for ip in $ips; do
+        mask=$(( mask + 1 ))
+        msg="cidr2netmask(/$mask) == 255.255.$ip.0"
+        assert_equal "255.255.$ip.0" $(cidr2netmask $mask) "$msg"
+    done
+
+    for ip in $ips; do
+        mask=$(( mask + 1 ))
+        msg="cidr2netmask(/$mask) == 255.255.255.$ip"
+        assert_equal "255.255.255.$ip" $(cidr2netmask $mask) "$msg"
+    done
+}
+
+test_cidr2netmask
 
 if [[ $(maskip 169.254.169.254 240.0.0.0) == 160.0.0.0 ]]; then
     passed "maskip(): /4...OK"

From b3798af474955368211a297ba85332fde5491993 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 20 May 2015 06:48:02 -0700
Subject: [PATCH 0677/3421] change the default to PyMYSQL

As discussed in the Liberty Design Summit "Moving apps to Python 3"
cross-project workshop, the way forward in the near future is to
switch to the pure-python PyMySQL library as a default.

    https://etherpad.openstack.org/p/liberty-cross-project-python3

Change-Id: Ic609ce136061b753ca692b37509a0b29c60bb8b5
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 7cd2856ae9..832c2ca6d7 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -11,7 +11,7 @@
 MY_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-MYSQL_DRIVER=${MYSQL_DRIVER:-MySQL-python}
+MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
 # Force over to pymysql driver by default if we are using it.
 if is_service_enabled mysql; then
     if [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then

From aece9ff9eff94fcdd2bdac14d64536e16207139d Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Tue, 26 May 2015 15:24:38 -0400
Subject: [PATCH 0678/3421] Use correct conf file variable name in sahara

When the tls-proxy service is enabled then a separate
set of ports is used internally vs externally. The
services listen on the internal port and a proxy (stud)
listen on the "standard" port and forward requests to
the internal port.

An incorrect environment variable was being used to set
the internal port in the sahara configuration so it wasn't
listening on the correct port, causing stack.sh to fail
because it thought the service wasn't up (at least not
on the right port).

Change-Id: I3384039392be786d3c189f3e4f84e069ddaf4339
Closes-Bug: #1458984
---
 lib/sahara | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/sahara b/lib/sahara
index 6d4e8648bf..51e431afc7 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -186,7 +186,7 @@ function configure_sahara {
 
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
-        iniset $SAHARA_CONF DEFAULT port $SAHARA_SERVICE_PORT_INT
+        iniset $SAHARA_CONF_FILE DEFAULT port $SAHARA_SERVICE_PORT_INT
     fi
 
     recreate_database sahara

From 73d24b2c1c1795a1d8b7f6dcdd608ad387d125b9 Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Wed, 27 May 2015 11:41:33 +0100
Subject: [PATCH 0679/3421] Ironic: Remove deprecated parameters

Ironic have updated some parameters to have a consistent name
across drivers. This patch is updating devstack to stop using the
pxe_deploy_{kernel, ramdisk} parameters which have been deprecated since
early Kilo eliminating the deprecation warnings in the logs.

WARNING ironic.drivers.modules.pxe [-] The "pxe_deploy_kernel" parameter
is deprecated. Please update the node 267e42c8-df07-49f5-bc7f-48b566acb109
to use "deploy_kernel" instead.

WARNING ironic.drivers.modules.pxe [-] The "pxe_deploy_ramdisk" parameter
is deprecated. Please update the node 267e42c8-df07-49f5-bc7f-48b566acb109
to use "deploy_ramdisk" instead.

Change-Id: I3dcf8df130efc0c2ea35695018bedba31bf0570c
---
 lib/ironic | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 7493c3cab2..4984be1861 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -569,14 +569,6 @@ function wait_for_nova_resources {
 function enroll_nodes {
     local chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2)
 
-    if [[ "$IRONIC_DEPLOY_DRIVER" == "pxe_ssh" ]] ; then
-        local _IRONIC_DEPLOY_KERNEL_KEY=pxe_deploy_kernel
-        local _IRONIC_DEPLOY_RAMDISK_KEY=pxe_deploy_ramdisk
-    elif is_deployed_by_agent; then
-        local _IRONIC_DEPLOY_KERNEL_KEY=deploy_kernel
-        local _IRONIC_DEPLOY_RAMDISK_KEY=deploy_ramdisk
-    fi
-
     if ! is_ironic_hardware; then
         local ironic_node_cpu=$IRONIC_VM_SPECS_CPU
         local ironic_node_ram=$IRONIC_VM_SPECS_RAM
@@ -584,8 +576,8 @@ function enroll_nodes {
         local ironic_ephemeral_disk=$IRONIC_VM_EPHEMERAL_DISK
         local ironic_hwinfo_file=$IRONIC_VM_MACS_CSV_FILE
         local node_options="\
-            -i $_IRONIC_DEPLOY_KERNEL_KEY=$IRONIC_DEPLOY_KERNEL_ID \
-            -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID \
+            -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID \
+            -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID \
             -i ssh_virt_type=$IRONIC_SSH_VIRT_TYPE \
             -i ssh_address=$IRONIC_VM_SSH_ADDRESS \
             -i ssh_port=$IRONIC_VM_SSH_PORT \
@@ -616,8 +608,8 @@ function enroll_nodes {
             # we create the bare metal flavor with minimum value
             local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\
                 -i ipmi_username=$ironic_ipmi_username"
-            node_options+=" -i $_IRONIC_DEPLOY_KERNEL_KEY=$IRONIC_DEPLOY_KERNEL_ID"
-            node_options+=" -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID"
+            node_options+=" -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID"
+            node_options+=" -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID"
         fi
 
         # First node created will be used for testing in ironic w/o glance

From 3fd71d68933f2c4e38ff7fa58416ec0263325a9f Mon Sep 17 00:00:00 2001
From: Samuel de Medeiros Queiroz 
Date: Sun, 3 May 2015 14:54:45 -0300
Subject: [PATCH 0680/3421] Honor the flag for Identity v3 API only jobs

When the property ENABLE_IDENTITY_V2 is set to
False in the local.conf file, devstack will:

* Disable the v2 API in Keystone paste config;
* Set Tempest to skip Identity v2 tests and use
  v3 auth tokens to run all the other tests;
* Set Horizon to use v3 API and v3 auth tokens;
* Register the Identity endpoint as v3.

Change-Id: I2575a516244b848e5ed461e7f488c59edc41068d
---
 lib/horizon  |  9 ++++++++-
 lib/keystone |  6 ++++++
 lib/tempest  | 10 +++++++++-
 stackrc      | 19 ++++++++++++++++---
 4 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/lib/horizon b/lib/horizon
index f953f5cc01..ab6e758409 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -97,7 +97,14 @@ function init_horizon {
     _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\"
 
     _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
-    _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
+
+    if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
+        # Only Identity v3 API is available; then use it with v3 auth tokens
+        _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":\"v3\"}
+        _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\""
+    else
+        _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
+    fi
 
     if [ -f $SSL_BUNDLE_FILE ]; then
         _horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
diff --git a/lib/keystone b/lib/keystone
index 997bb14967..de2d2ca53f 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -204,6 +204,12 @@ function configure_keystone {
         KEYSTONE_PASTE_INI="$KEYSTONE_CONF"
     fi
 
+    if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
+        # Only Identity v3 API should be available; then disable v2 pipelines
+        inidelete $KEYSTONE_PASTE_INI composite:main \\/v2.0
+        inidelete $KEYSTONE_PASTE_INI composite:admin \\/v2.0
+    fi
+
     configure_keystone_extensions
 
     # Rewrite stock ``keystone.conf``
diff --git a/lib/tempest b/lib/tempest
index cd8fbd725f..18e3703110 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -311,7 +311,15 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID
         iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME
     fi
-    iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
+    if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
+        # Only Identity v3 is available; then skip Identity API v2 tests
+        iniset $TEMPEST_CONFIG identity-feature-enabled v2_api False
+        # In addition, use v3 auth tokens for running all Tempest tests
+        iniset $TEMPEST_CONFIG identity auth_version v3
+    else
+        iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
+    fi
+
     if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
         iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
     fi
diff --git a/stackrc b/stackrc
index 2a49ea5ef5..af5ed6e16d 100644
--- a/stackrc
+++ b/stackrc
@@ -87,9 +87,6 @@ TEMPEST_SERVICES=""
 # Set the default Nova APIs to enable
 NOVA_ENABLED_APIS=ec2,osapi_compute,metadata
 
-# Configure Identity API version: 2.0, 3
-IDENTITY_API_VERSION=2.0
-
 # Whether to use 'dev mode' for screen windows. Dev mode works by
 # stuffing text into the screen windows so that a developer can use
 # ctrl-c, up-arrow, enter to restart the service. Starting services
@@ -106,6 +103,22 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then
     source $RC_DIR/.localrc.auto
 fi
 
+# Configure Identity API version: 2.0, 3
+IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
+
+# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack
+# deployment will be deploying the Identity v2 pipelines. If this option is set
+# to ``False``, DevStack will: i) disable Identity v2; ii) configure Tempest to
+# skip Identity v2 specific tests; and iii) configure Horizon to use Identity
+# v3. When this option is set to ``False``, the option IDENTITY_API_VERSION
+# will to be set to ``3`` in order to make DevStack register the Identity
+# endpoint as v3. This flag is experimental and will be used as basis to
+# identify the projects which still have issues to operate with Identity v3.
+ENABLE_IDENTITY_V2=$(trueorfalse True ENABLE_IDENTITY_V2)
+if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
+    IDENTITY_API_VERSION=3
+fi
+
 # Enable use of Python virtual environments.  Individual project use of
 # venvs are controlled by the PROJECT_VENV array; every project with
 # an entry in the array will be installed into the named venv.

From dd363a182fb1f8472bc163c82ea5f48e8f8fd29e Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 25 May 2015 11:50:32 +1000
Subject: [PATCH 0681/3421] Cleanup test_ip.sh to give more consistent output

Minor changes to give more consistent output; no functional changes to
tests.

Change-Id: I6c4ef74587c59b786761735c7bd528f3d7f94905
---
 tests/test_ip.sh | 76 +++++++++++++++++++-----------------------------
 1 file changed, 30 insertions(+), 46 deletions(-)

diff --git a/tests/test_ip.sh b/tests/test_ip.sh
index f8c2058967..da939f41d1 100755
--- a/tests/test_ip.sh
+++ b/tests/test_ip.sh
@@ -48,60 +48,44 @@ function test_cidr2netmask {
 
 test_cidr2netmask
 
-if [[ $(maskip 169.254.169.254 240.0.0.0) == 160.0.0.0 ]]; then
-    passed "maskip(): /4...OK"
-else
-    failed "maskip(): /4...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.0.0.0) == 169.0.0.0 ]]; then
-    passed "maskip(): /8...OK"
-else
-    failed "maskip(): /8...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.240.0.0) == 169.240.0.0 ]]; then
-    passed "maskip(): /12...OK"
-else
-    failed "maskip(): /12...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.255.0.0) == 169.254.0.0 ]]; then
-    passed "maskip(): /16...OK"
-else
-    failed "maskip(): /16...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.255.240.0) == 169.254.160.0 ]]; then
-    passed "maskip(): /20...OK"
-else
-    failed "maskip(): /20...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.255.255.0) == 169.254.169.0 ]]; then
-    passed "maskip(): /24...OK"
-else
-    failed "maskip(): /24...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.255.255.240) == 169.254.169.240 ]]; then
-    passed "maskip(): /28...OK"
-else
-    failed "maskip(): /28...failed"
-fi
-if [[ $(maskip 169.254.169.254 255.255.255.255) == 169.254.169.254 ]]; then
-    passed "maskip(): /32...OK"
-else
-    failed "maskip(): /32...failed"
-fi
+msg="maskip(169.254.169.254 240.0.0.0) == 160.0.0.0"
+assert_equal $(maskip 169.254.169.254 240.0.0.0) 160.0.0.0 "$msg"
+
+msg="maskip(169.254.169.254 255.0.0.0) == 169.0.0.0"
+assert_equal $(maskip 169.254.169.254 255.0.0.0) 169.0.0.0 "$msg"
+
+msg="maskip(169.254.169.254 255.240.0.0) == 169.240.0.0"
+assert_equal $(maskip 169.254.169.254 255.240.0.0) 169.240.0.0 "$msg"
+
+msg="maskip(169.254.169.254 255.255.0.0) == 169.254.0.0"
+assert_equal $(maskip 169.254.169.254 255.255.0.0) 169.254.0.0 "$msg"
+
+msg="maskip(169.254.169.254 255.255.240.0) == 169.254.160.0"
+assert_equal $(maskip 169.254.169.254 255.255.240.0) 169.254.160.0 "$msg"
+
+msg="maskip(169.254.169.254 255.255.255.0) == 169.254.169.0"
+assert_equal $(maskip 169.254.169.254 255.255.255.0) 169.254.169.0 "$msg"
+
+msg="maskip(169.254.169.254 255.255.255.240) == 169.254.169.240"
+assert_equal $(maskip 169.254.169.254 255.255.255.240) 169.254.169.240 "$msg"
+
+msg="maskip(169.254.169.254 255.255.255.255) == 169.254.169.254"
+assert_equal $(maskip 169.254.169.254 255.255.255.255) 169.254.169.254 "$msg"
+
 
 for mask in 8 12 16 20 24 26 28; do
-    echo -n "address_in_net(): in /$mask..."
+    msg="address_in_net($10.10.10.1 10.10.10.0/$mask)"
     if address_in_net 10.10.10.1 10.10.10.0/$mask; then
-        passed "OK"
+        passed "$msg"
     else
-        failed "address_in_net() failed on /$mask"
+        failed "$msg"
     fi
 
-    echo -n "address_in_net(): not in /$mask..."
+    msg="! address_in_net($10.10.10.1 11.11.11.0/$mask)"
     if ! address_in_net 10.10.10.1 11.11.11.0/$mask; then
-        passed "OK"
+        passed "$msg"
     else
-        failed "address_in_net() failed on /$mask"
+        failed "$msg"
     fi
 done
 

From 9ee1ef6cb8e06864e2341f4121372028d6d59c64 Mon Sep 17 00:00:00 2001
From: Shin Sato 
Date: Thu, 28 May 2015 13:56:58 +0900
Subject: [PATCH 0682/3421] Fix typo: _create_volume_group =>
 _create_lvm_volume_group

Change-Id: Ifb648c9eb4a57ac0fc97afb842e83286789801dd
---
 lib/lvm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/lvm b/lib/lvm
index 1fe2683e65..8afd543f34 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -78,7 +78,7 @@ function clean_lvm_volume_group {
 }
 
 
-# _create_volume_group creates default volume group
+# _create_lvm_volume_group creates default volume group
 #
 # Usage: _create_lvm_volume_group() $vg $size
 function _create_lvm_volume_group {

From 40c5ea67d34168048068d115e5d870a5065d4b0f Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Thu, 28 May 2015 06:42:03 +0100
Subject: [PATCH 0683/3421] XenAPI: Increase OpenStack DomU usage again

Devstack has continued to grow in memory requirements and now we cannot
reliably fit in 4GB, with several services being unable to start.  Increase
the minimum for DomU to 6GB to leave room for virtual machines

Change-Id: Idbdfa1f36015b6af347d1ce27eb28baa360af5ef
---
 tools/xen/xenrc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index 43a6ce8a77..be6c5ca037 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -14,12 +14,12 @@ CLEAN_TEMPLATES=${CLEAN_TEMPLATES:-false}
 # Size of image
 VDI_MB=${VDI_MB:-5000}
 
-# Devstack now contains many components.  3GB ram is not enough to prevent
+# Devstack now contains many components.  4GB ram is not enough to prevent
 # swapping and memory fragmentation - the latter of which can cause failures
 # such as blkfront failing to plug a VBD and lead to random test fails.
 #
-# Set to 4GB so an 8GB XenServer VM can have a 1GB Dom0 and leave 3GB for VMs
-OSDOMU_MEM_MB=4096
+# Set to 6GB so an 8GB XenServer VM can have a 1GB Dom0 and leave 1GB for VMs
+OSDOMU_MEM_MB=6144
 OSDOMU_VDI_GB=8
 
 # Network mapping. Specify bridge names or network names. Network names may

From 75c44737121baea0c56050599350bc7de8f22799 Mon Sep 17 00:00:00 2001
From: Yalei Wang 
Date: Wed, 13 May 2015 12:43:56 +0800
Subject: [PATCH 0684/3421] Remove the code against flushing public bridge

As unstack.sh does destroy all bridges, we don't have to refresh bridge
interface any more, as what is done in commit
c2dc95add6e46829f1705041c1d9dddab9b360d3. So in this commit we will continue to
remove the related statements in lib/neutron-legacy. These statements will also
cause undefined PUBLIC_BRIDGE error.

Change-Id: I4c7617f6a245ea4e2e08f518d873b1b8adc2b807
Closes-Bug: #1454475
---
 lib/neutron-legacy | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 18b0942ae1..a08778ca32 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1294,17 +1294,6 @@ function _neutron_configure_router_v6 {
         IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
         die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
 
-        # The ovs_base_configure_l3_agent function flushes the public
-        # bridge's ip addresses, so turn IPv6 support in the host off
-        # and then on to recover the public bridge's link local address
-        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=1
-        sudo sysctl -w net.ipv6.conf.${PUBLIC_BRIDGE}.disable_ipv6=0
-        if ! ip -6 addr show dev $PUBLIC_BRIDGE | grep 'scope global'; then
-            # Create an IPv6 ULA address for PUBLIC_BRIDGE if one is not present
-            IPV6_BRIDGE_ULA=`uuidgen | sed s/-//g | cut -c 23- | sed -e "s/\(..\)\(....\)\(....\)/\1:\2:\3/"`
-            sudo ip -6 addr add fd$IPV6_BRIDGE_ULA::1 dev $PUBLIC_BRIDGE
-        fi
-
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
             local ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}

From c550f2158970fc222cf01ddccf71d03f96a4651d Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 28 May 2015 15:38:01 +0200
Subject: [PATCH 0685/3421] Enable F22 without the FORCE flag

F22 has a stable release and working with devstack.

The change also removes the version flags regarding to the
mariadb-devel.

NOTE: You may see yum deprecation warnings, unless
you set the YUM variable to dnf.

Change-Id: I05140765bffc16faef5a29dfaba291c290bfae02
---
 files/rpms/devlibs | 3 +--
 lib/ceph           | 2 +-
 stack.sh           | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/files/rpms/devlibs b/files/rpms/devlibs
index 834a4b6cf1..385ed3b84c 100644
--- a/files/rpms/devlibs
+++ b/files/rpms/devlibs
@@ -1,8 +1,7 @@
 libffi-devel  # pyOpenSSL
 libxml2-devel  # lxml
 libxslt-devel  # lxml
-mariadb-devel  # MySQL-python  f20,f21,rhel7
-mysql-devel  # MySQL-python  rhel6
+mariadb-devel  # MySQL-python
 openssl-devel  # pyOpenSSL
 postgresql-devel  # psycopg2
 python-devel  # pyOpenSSL
diff --git a/lib/ceph b/lib/ceph
index 4068e26222..4d6ca4aa68 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -110,7 +110,7 @@ function undefine_virsh_secret {
 
 # check_os_support_ceph() - Check if the operating system provides a decent version of Ceph
 function check_os_support_ceph {
-    if [[ ! ${DISTRO} =~ (trusty|f20|f21) ]]; then
+    if [[ ! ${DISTRO} =~ (trusty|f20|f21|f22) ]]; then
         echo "WARNING: your distro $DISTRO does not provide (at least) the Firefly release. Please use Ubuntu Trusty or Fedora 20 (and higher)"
         if [[ "$FORCE_CEPH_INSTALL" != "yes" ]]; then
             die $LINENO "If you wish to install Ceph on this distribution anyway run with FORCE_CEPH_INSTALL=yes"
diff --git a/stack.sh b/stack.sh
index dea56437dd..6615b8fef4 100755
--- a/stack.sh
+++ b/stack.sh
@@ -173,7 +173,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f20|f21|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f20|f21|f22|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From 31127a2a74ab851fe4b133e7f413719f370d7c94 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Fri, 15 May 2015 13:09:26 +1000
Subject: [PATCH 0686/3421] Skip 'shocco' code when running tox

when running tox in a devstack directory where you have previously run tox
-edocs the bashate testenv will fail as the shocco code doesn't match the
devstack style.

eg:
---
E003: Indent not multiple of 4: '           2>/dev/null ||'
 - /home/stack/projects/openstack/openstack-dev/devstack/shocco/shocco.sh : L352

27 bashate error(s) found
---

Take the easy path and avoid running bashate in the shocco dir.

Change-Id: I5b0155332ec994afaffc5c5961902281864cff61
---
 tox.ini | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/tox.ini b/tox.ini
index 279dcd4f66..e3d19ce60c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,19 +10,20 @@ install_command = pip install {opts} {packages}
 [testenv:bashate]
 deps = bashate
 whitelist_externals = bash
-commands = bash -c "find {toxinidir}          \
-         -not \( -type d -name .?\* -prune \) \ # prune all 'dot' dirs
-         -not \( -type d -name doc -prune \)  \ # skip documentation
-         -type f                              \ # only files
-         -not -name \*~                       \ # skip editors, readme, etc
-         -not -name \*.md                     \
-         \(                                   \
-          -name \*.sh -or                     \
-          -name \*rc -or                      \
-          -name functions\* -or               \
-          -wholename \*/inc/\* -or            \ # /inc files and
-          -wholename \*/lib/\*                \ # /lib files are shell, but
-         \)                                   \ #   have no extension
+commands = bash -c "find {toxinidir}             \
+         -not \( -type d -name .?\* -prune \)    \ # prune all 'dot' dirs
+         -not \( -type d -name doc -prune \)     \ # skip documentation
+         -not \( -type d -name shocco -prune \)  \ # skip shocco
+         -type f                                 \ # only files
+         -not -name \*~                          \ # skip editors, readme, etc
+         -not -name \*.md                        \
+         \(                                      \
+          -name \*.sh -or                        \
+          -name \*rc -or                         \
+          -name functions\* -or                  \
+          -wholename \*/inc/\* -or               \ # /inc files and
+          -wholename \*/lib/\*                   \ # /lib files are shell, but
+         \)                                      \ #   have no extension
          -print0 | xargs -0 bashate -v"
 
 [testenv:docs]

From 6d50d95cae72435330690e518e4b7dbf06c75f84 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Fri, 29 May 2015 12:26:31 +1000
Subject: [PATCH 0687/3421] Skip the .tox dir when building docs

When running tools/build_docs.sh in a devstack dir that has also run tox
build_docs needlessly runs shocco on the .tox files.

Just skip them.

Change-Id: Ia561e49ea2214ac75bd55964f1b86872118b2031
---
 tools/build_docs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/build_docs.sh b/tools/build_docs.sh
index fda86c05cd..fa843432b5 100755
--- a/tools/build_docs.sh
+++ b/tools/build_docs.sh
@@ -75,7 +75,7 @@ rm -f $GLOG
 
 # Build list of scripts to process
 FILES=""
-for f in $(find . -name .git -prune -o \( -type f -name \*.sh -not -path \*shocco/\* -print \)); do
+for f in $(find . \( -name .git -o -name .tox \) -prune -o \( -type f -name \*.sh -not -path \*shocco/\* -print \)); do
     echo $f
     FILES+="$f "
     mkdir -p $FQ_HTML_BUILD/`dirname $f`;

From 02ae50dc995815641c787d821c69ac537ac6527a Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 20 Mar 2015 09:58:55 -0700
Subject: [PATCH 0688/3421] Documentation for single interface Neutron
 networking with OVS

Change-Id: I7a72377f55952db629c2ce7ba4ed648635e581ef
---
 doc/source/conf.py            |  2 +-
 doc/source/guides/neutron.rst | 74 +++++++++++++++++++++++++++++++++--
 tox.ini                       |  4 ++
 3 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/doc/source/conf.py b/doc/source/conf.py
index 3e9aa45911..6e3ec029e9 100644
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@@ -26,7 +26,7 @@
 
 # Add any Sphinx extension module names here, as strings. They can be extensions
 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
-extensions = [ 'oslosphinx' ]
+extensions = [ 'oslosphinx', 'sphinxcontrib.blockdiag', 'sphinxcontrib.nwdiag' ]
 
 todo_include_todos = True
 
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index b0a89070fb..bdfd3a4afa 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -5,11 +5,77 @@ Using DevStack with neutron Networking
 This guide will walk you through using OpenStack neutron with the ML2
 plugin and the Open vSwitch mechanism driver.
 
-Network Interface Configuration
-===============================
 
-To use neutron, it is suggested that two network interfaces be present
-in the host operating system.
+Using Neutron with a Single Interface
+=====================================
+
+In some instances, like on a developer laptop, there is only one
+network interface that is available. In this scenario, the physical
+interface is added to the Open vSwitch bridge, and the IP address of
+the laptop is migrated onto the bridge interface. That way, the
+physical interface can be used to transmit tenant network traffic,
+the OpenStack API traffic, and management traffic.
+
+
+Physical Network Setup
+----------------------
+
+In most cases where DevStack is being deployed with a single
+interface, there is a hardware router that is being used for external
+connectivity and DHCP. The developer machine is connected to this
+network and is on a shared subnet with other machines.
+
+.. nwdiag::
+
+        nwdiag {
+                inet [ shape = cloud ];
+                router;
+                inet -- router;
+
+                network hardware_network {
+                        address = "172.18.161.0/24"
+                        router [ address = "172.18.161.1" ];
+                        devstack_laptop [ address = "172.18.161.6" ];
+                }
+        }
+
+
+DevStack Configuration
+----------------------
+
+
+::
+
+        HOST_IP=172.18.161.6
+        SERVICE_HOST=172.18.161.6
+        MYSQL_HOST=172.18.161.6
+        RABBIT_HOST=172.18.161.6
+        GLANCE_HOSTPORT=172.18.161.6:9292
+        ADMIN_PASSWORD=secrete
+        MYSQL_PASSWORD=secrete
+        RABBIT_PASSWORD=secrete
+        SERVICE_PASSWORD=secrete
+        SERVICE_TOKEN=secrete
+
+        ## Neutron options
+        Q_USE_SECGROUP=True
+        FLOATING_RANGE="172.18.161.1/24"
+        FIXED_RANGE="10.0.0.0/24"
+        Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
+        PUBLIC_NETWORK_GATEWAY="172.18.161.1"
+        Q_L3_ENABLED=True
+        PUBLIC_INTERFACE=eth0
+        Q_USE_PROVIDERNET_FOR_PUBLIC=True
+        OVS_PHYSICAL_BRIDGE=br-ex
+        PUBLIC_BRIDGE=br-ex
+        OVS_BRIDGE_MAPPINGS=public:br-ex
+
+
+
+
+
+Using Neutron with Multiple Interfaces
+======================================
 
 The first interface, eth0 is used for the OpenStack management (API,
 message bus, etc) as well as for ssh for an administrator to access
diff --git a/tox.ini b/tox.ini
index 279dcd4f66..f76e2565eb 100644
--- a/tox.ini
+++ b/tox.ini
@@ -32,6 +32,10 @@ deps =
    sphinx>=1.1.2,<1.2
    pbr>=0.6,!=0.7,<1.0
    oslosphinx
+   nwdiag
+   blockdiag
+   sphinxcontrib-blockdiag
+   sphinxcontrib-nwdiag
 whitelist_externals = bash
 setenv =
   TOP_DIR={toxinidir}

From 7ef246492c8613c80b197fcec93ca65c5db47cb1 Mon Sep 17 00:00:00 2001
From: David Lyle 
Date: Fri, 29 May 2015 13:49:03 -0600
Subject: [PATCH 0689/3421] Fixing keystone v3 version use for horizon

The setting for overriding Horizon's OPENSTACK_API_VERSIONS is not
the correct format. The version should be a number, not a string.

so should be 3, not "v3".

Change-Id: I193d21514b196336796eac067417dc2aaec56433
Closes-Bug: #1460190
---
 lib/horizon | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/horizon b/lib/horizon
index ab6e758409..b0f306b675 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -100,7 +100,7 @@ function init_horizon {
 
     if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
         # Only Identity v3 API is available; then use it with v3 auth tokens
-        _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":\"v3\"}
+        _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
         _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\""
     else
         _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""

From 4be092da3eb79ffe172d29ed767815fb13d658ca Mon Sep 17 00:00:00 2001
From: Thomas Bechtold 
Date: Sat, 30 May 2015 23:19:18 +0200
Subject: [PATCH 0690/3421] Fix devlibs for SUSE

libmysqld-devel is needed for installing MySQL-python. Otherwise the
following error occurs:

EnvironmentError: mysql_config not found

Change-Id: Id84d3116d5987976169d8e2f9aca754ded205880
---
 files/rpms-suse/devlibs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
index c9238252af..02c5398079 100644
--- a/files/rpms-suse/devlibs
+++ b/files/rpms-suse/devlibs
@@ -4,3 +4,4 @@ libxml2-devel  # lxml
 libxslt-devel  # lxml
 postgresql-devel  # psycopg2
 python-devel  # pyOpenSSL
+libmysqld-devel  # MySQL-python
\ No newline at end of file

From 06efa2ac5df6f64785c2574e653595625dbbffde Mon Sep 17 00:00:00 2001
From: Thomas Bechtold 
Date: Sat, 30 May 2015 23:55:33 +0200
Subject: [PATCH 0691/3421] Fix horizon files for SUSE

python-CherryPy and python-beautifulsoup are not needed so remove them
from the list of packages for horizon.

Change-Id: I45ddf98b5891a1f1f1da82bb4afa79ea43d156cc
---
 files/rpms-suse/horizon | 2 --
 1 file changed, 2 deletions(-)

diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
index c45eae6153..5ba5aafd38 100644
--- a/files/rpms-suse/horizon
+++ b/files/rpms-suse/horizon
@@ -1,13 +1,11 @@
 apache2  # NOPRIME
 apache2-mod_wsgi  # NOPRIME
-python-CherryPy # why? (coming from apts)
 python-Paste
 python-PasteDeploy
 python-Routes
 python-SQLAlchemy
 python-WebOb
 python-anyjson
-python-beautifulsoup
 python-coverage
 python-dateutil
 python-eventlet

From a858085afb46922760d9e89c34feb988ea283a54 Mon Sep 17 00:00:00 2001
From: Thomas Bechtold 
Date: Sun, 31 May 2015 00:04:33 +0200
Subject: [PATCH 0692/3421] Simplify add_user_to_group function

Current SLE12 and openSUSE13.X versions can handle usermod's '-a' and '-G'
switches so remove the special case.

Change-Id: If0f1390a0eb8f41ffffca74525a4648cfe8ea61d
---
 functions-common | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/functions-common b/functions-common
index ff9261161c..3a2f5f7f41 100644
--- a/functions-common
+++ b/functions-common
@@ -1842,16 +1842,7 @@ function add_user_to_group {
     local user=$1
     local group=$2
 
-    if [[ -z "$os_VENDOR" ]]; then
-        GetOSVersion
-    fi
-
-    # SLE11 and openSUSE 12.2 don't have the usual usermod
-    if ! is_suse || [[ "$os_VENDOR" = "openSUSE" && "$os_RELEASE" != "12.2" ]]; then
-        sudo usermod -a -G "$group" "$user"
-    else
-        sudo usermod -A "$group" "$user"
-    fi
+    sudo usermod -a -G "$group" "$user"
 }
 
 # Convert CIDR notation to a IPv4 netmask

From 6bc905c3488a93fa87776bcd0af7e362a90b082f Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Fri, 15 May 2015 12:51:43 +1000
Subject: [PATCH 0693/3421] Change the restart_rpc_backend loop to accomodate
 async rabbitmq

Some distros have converted to systemd for starting RabbitMQ.  This has
resulted in:
---
[Call Trace]
./stack.sh:904:restart_rpc_backend
/home/stack/projects/openstack/openstack-dev/devstack/lib/rpc_backend:201:die
[ERROR] /home/stack/projects/openstack/openstack-dev/devstack/lib/rpc_backend:201 Failed to set rabbitmq password
Error on exit
World dumping... see /opt/stack/logs/worlddump-2015-05-29-031618.txt for details
---

Because 'restart_service rabbitmq-server' returns before the server is ready to
accept connections.

Alter the retry loop to only restart the rabbitmq-server every second time
through the loop.  Allowing time for the slow rabbit to start.

Closes-Bug: 1449056
Change-Id: Ibb291c1ecfd109f9ed10b5f194933364985cc1ce
---
 lib/rpc_backend | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/rpc_backend b/lib/rpc_backend
index 297ebacc08..33ab03d664 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -194,13 +194,22 @@ function restart_rpc_backend {
         # NOTE(bnemec): Retry initial rabbitmq configuration to deal with
         # the fact that sometimes it fails to start properly.
         # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144100
+        # NOTE(tonyb): Extend the orginal retry logic to only restart rabbitmq
+        # every second time around the loop.
+        # See: https://bugs.launchpad.net/devstack/+bug/1449056 for details on
+        # why this is needed.  This can bee seen on vivid and Debian unstable
+        # (May 2015)
+        # TODO(tonyb): Remove this when Debian and Ubuntu have a fixed systemd
+        # service file.
         local i
-        for i in `seq 10`; do
+        for i in `seq 20`; do
             local rc=0
 
-            [[ $i -eq "10" ]] && die $LINENO "Failed to set rabbitmq password"
+            [[ $i -eq "20" ]] && die $LINENO "Failed to set rabbitmq password"
 
-            restart_service rabbitmq-server
+            if [[ $(( i % 2 )) == "0" ]] ; then
+                restart_service rabbitmq-server
+            fi
 
             rabbit_setuser "$RABBIT_USERID" "$RABBIT_PASSWORD" || rc=$?
             if [ $rc -ne 0 ]; then

From 0bedeb906244b8ecf32cff43d4a73717217801b2 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Fri, 15 May 2015 12:51:16 +1000
Subject: [PATCH 0694/3421] Add utopic and vivid as a supported distros

Change-Id: I63843335bd70ab9701bbd10dcf61f3eaa45a10e8
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index 6615b8fef4..dc79fa94f7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -173,7 +173,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|7.0|wheezy|sid|testing|jessie|f20|f21|f22|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|utopic|vivid|7.0|wheezy|sid|testing|jessie|f20|f21|f22|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From 1ebe4f1ff0b9056d8015eee021a11ce1bd18b184 Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Fri, 29 May 2015 13:36:09 +0200
Subject: [PATCH 0695/3421] Add missing libmysqlclient-devel dependency for
 SUSE

Currently devstack unconditionally installs MySQL-python, so
we need to have its dependencies available. Since this is
transitional until the switch to PyMysql happened, lets just
add the dependency for now to have devstack working again.

Change-Id: I638b5999d35a06eee962679b1cd95950bbf2b1d7
---
 files/rpms-suse/devlibs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
index 02c5398079..bdb630a16f 100644
--- a/files/rpms-suse/devlibs
+++ b/files/rpms-suse/devlibs
@@ -3,5 +3,5 @@ libopenssl-devel  # pyOpenSSL
 libxml2-devel  # lxml
 libxslt-devel  # lxml
 postgresql-devel  # psycopg2
+libmysqlclient-devel # MySQL-python
 python-devel  # pyOpenSSL
-libmysqld-devel  # MySQL-python
\ No newline at end of file

From 643779873acfaca160caac5ef94c1286eb33ae51 Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Mon, 1 Jun 2015 10:43:58 +0200
Subject: [PATCH 0696/3421] Remove packaged rpm python libraries

We want to use the pip versions instead, only python-devel
should be needed.

Change-Id: If7720d54c4ad3358f9dc2fceedd6f5897085eb8f
---
 files/rpms-suse/ceilometer-collector |  1 -
 files/rpms-suse/glance               |  9 ---------
 files/rpms-suse/horizon              | 12 ------------
 files/rpms-suse/keystone             | 11 -----------
 files/rpms-suse/neutron              | 12 ------------
 files/rpms-suse/nova                 | 24 +-----------------------
 files/rpms-suse/swift                |  9 ---------
 7 files changed, 1 insertion(+), 77 deletions(-)

diff --git a/files/rpms-suse/ceilometer-collector b/files/rpms-suse/ceilometer-collector
index c76454fded..5e4dfcc35e 100644
--- a/files/rpms-suse/ceilometer-collector
+++ b/files/rpms-suse/ceilometer-collector
@@ -1,4 +1,3 @@
 # Not available in openSUSE main repositories, but can be fetched from OBS
 # (devel:languages:python and server:database projects)
 mongodb
-python-pymongo
diff --git a/files/rpms-suse/glance b/files/rpms-suse/glance
index 9b962f9643..0e58425b1f 100644
--- a/files/rpms-suse/glance
+++ b/files/rpms-suse/glance
@@ -1,11 +1,2 @@
 libxml2-devel
-python-PasteDeploy
-python-Routes
-python-SQLAlchemy
-python-argparse
 python-devel
-python-eventlet
-python-greenlet
-python-iso8601
-python-pyOpenSSL
-python-xattr
diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
index 5ba5aafd38..77f7c34b31 100644
--- a/files/rpms-suse/horizon
+++ b/files/rpms-suse/horizon
@@ -1,14 +1,2 @@
 apache2  # NOPRIME
 apache2-mod_wsgi  # NOPRIME
-python-Paste
-python-PasteDeploy
-python-Routes
-python-SQLAlchemy
-python-WebOb
-python-anyjson
-python-coverage
-python-dateutil
-python-eventlet
-python-mox
-python-sqlalchemy-migrate
-python-xattr
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
index 4c37adef9b..c838b413c3 100644
--- a/files/rpms-suse/keystone
+++ b/files/rpms-suse/keystone
@@ -1,15 +1,4 @@
 cyrus-sasl-devel
 openldap2-devel
-python-Paste
-python-PasteDeploy
-python-PasteScript
-python-Routes
-python-SQLAlchemy
-python-WebOb
 python-devel
-python-greenlet
-python-lxml
-python-mysql
-python-mysql-connector-python
-python-pysqlite
 sqlite3
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index d278363e98..e75db89ddf 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -6,17 +6,6 @@ iptables
 iputils
 mariadb # NOPRIME
 postgresql-devel
-python-eventlet
-python-greenlet
-python-iso8601
-python-mysql
-python-mysql-connector-python
-python-Paste
-python-PasteDeploy
-python-pyudev
-python-Routes
-python-SQLAlchemy
-python-suds
 rabbitmq-server # NOPRIME
 sqlite3
 sudo
@@ -24,5 +13,4 @@ vlan
 radvd # NOPRIME
 
 # FIXME: qpid is not part of openSUSE, those names are tentative
-python-qpid # NOPRIME
 qpidd # NOPRIME
diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova
index b1c4f6a8d0..6f8aef1027 100644
--- a/files/rpms-suse/nova
+++ b/files/rpms-suse/nova
@@ -16,29 +16,7 @@ libvirt-python # NOPRIME
 mariadb # NOPRIME
 parted
 polkit
-python-M2Crypto
-python-m2crypto # dist:sle11sp2
-python-Paste
-python-PasteDeploy
-python-Routes
-python-SQLAlchemy
-python-Tempita
-python-cheetah
-python-eventlet
-python-feedparser
-python-greenlet
-python-iso8601
-python-libxml2
-python-lockfile
-python-lxml # needed for glance which is needed for nova --- this shouldn't be here
-python-mox
-python-mysql
-python-mysql-connector-python
-python-numpy # needed by websockify for spice console
-python-paramiko
-python-sqlalchemy-migrate
-python-suds
-python-xattr # needed for glance which is needed for nova --- this shouldn't be here
+python-devel
 rabbitmq-server # NOPRIME
 socat
 sqlite3
diff --git a/files/rpms-suse/swift b/files/rpms-suse/swift
index 9c0d188fe2..6a824f944f 100644
--- a/files/rpms-suse/swift
+++ b/files/rpms-suse/swift
@@ -1,15 +1,6 @@
 curl
 memcached
-python-PasteDeploy
-python-WebOb
-python-configobj
-python-coverage
 python-devel
-python-eventlet
-python-greenlet
-python-netifaces
-python-simplejson
-python-xattr
 sqlite3
 xfsprogs
 xinetd

From f100e1cfe6860cc3b7d5384ed41d5bdad6af2fd2 Mon Sep 17 00:00:00 2001
From: David Kranz 
Date: Mon, 1 Jun 2015 10:29:59 -0400
Subject: [PATCH 0697/3421] Enable image deactivate feature which was added in
 kilo

Change-Id: Ia1d3d811bd57d3de16d397cfab341e8d0f17cb69
---
 lib/tempest | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 059709dbb8..95715a33da 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -330,6 +330,9 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE
     fi
 
+    # Image Features
+    iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image True
+
     # Auth
     TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}
     iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}

From 25cb34606eb25ad2760e4ac50fa4d08036afbc96 Mon Sep 17 00:00:00 2001
From: Sergey Skripnick 
Date: Mon, 1 Jun 2015 19:06:46 +0300
Subject: [PATCH 0698/3421] Fix sample multinode configuration

There should not be c-sch and c-api services on compute node.

Change-Id: Ice057eb80e7ab6e917ca972abe7eaae7d635e8a5
Closes-Bug: 1393721
---
 doc/source/guides/multinode-lab.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index b2617c9f17..27d71f1b9c 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -178,7 +178,7 @@ machines, create a ``local.conf`` with:
     MYSQL_HOST=192.168.42.11
     RABBIT_HOST=192.168.42.11
     GLANCE_HOSTPORT=192.168.42.11:9292
-    ENABLED_SERVICES=n-cpu,n-net,n-api,c-sch,c-api,c-vol
+    ENABLED_SERVICES=n-cpu,n-net,n-api,c-vol
     NOVA_VNC_ENABLED=True
     NOVNCPROXY_URL="http://192.168.42.11:6080/vnc_auto.html"
     VNCSERVER_LISTEN=$HOST_IP

From 64d5ecf3bf7e0bd08762a7fe5f94f7947ae0204c Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 1 Jun 2015 14:13:41 -0400
Subject: [PATCH 0699/3421] Define PUBLIC_BRIDGE in the main Neutron lib

This way, it can be used by both OVS and Linux Bridge

Change-Id: Iea5a8bb720d327b69f64791a23d414d4cde2e3ea
Closes-Bug: #1460758
---
 lib/neutron-legacy                    | 4 ++++
 lib/neutron_plugins/linuxbridge_agent | 5 +++++
 lib/neutron_plugins/ovs_base          | 1 -
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 18b0942ae1..8879bd91c6 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -168,6 +168,10 @@ NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
 ## Provider Network Information
 PROVIDER_SUBNET_NAME=${PROVIDER_SUBNET_NAME:-"provider_net"}
 
+# Define the public bridge that will transmit traffic from VMs to the
+# physical network - used by both the OVS and Linux Bridge drivers.
+PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
+
 # Use flat providernet for public network
 #
 # If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index c9ea1cac28..b348af9c4f 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -7,6 +7,10 @@
 PLUGIN_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
+function neutron_lb_cleanup {
+    sudo brctl delbr $PUBLIC_BRIDGE
+}
+
 function is_neutron_ovs_base_plugin {
     # linuxbridge doesn't use OVS
     return 1
@@ -29,6 +33,7 @@ function neutron_plugin_configure_dhcp_agent {
 }
 
 function neutron_plugin_configure_l3_agent {
+    sudo brctl addbr $PUBLIC_BRIDGE
     iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge
     iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
 }
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 51999c60e4..81561d3114 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -8,7 +8,6 @@ OVSB_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
 OVS_BRIDGE=${OVS_BRIDGE:-br-int}
-PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
 OVS_DATAPATH_TYPE=${OVS_DATAPATH_TYPE:-""}
 
 function is_neutron_ovs_base_plugin {

From 7d350720fe5d25fece68c5d1625a33a6cad431ef Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Thu, 28 May 2015 14:59:31 -0400
Subject: [PATCH 0700/3421] Replace pip-installed requests CA bundle with link

If the version of python-requests required is higher than
that provided by the operating system, pip will install
it from upstream.

The upstream version provides its own CA certificate bundle
based on the Mozilla bundle, and defaults to that in case
a CA certificate file is not specified for a request.

The distribution-specific packages point to the system-wide
CA bundle that can be managed by tools such as
update-ca-trust (Fedora/RHEL) and update-ca-certificates
(Debian/Ubuntu).

When installing in SSL/TLS mode, either with SSL=True or by
adding tls-proxy to ENABLED_SERVICES, if a non-systemwide
CA bundle is used, then the CA generated by devstack will
not be used causing the installation to fail.

Replace the upstream-provided bundle with a link to the
system bundle when possible.

Change-Id: I349662ff8f851b4a7f879f89b8975a068f2d73dc
Closes-Bug: #1459789
---
 tools/fixup_stuff.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 31258d13f7..d3a3de2092 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -138,3 +138,24 @@ fi
 # and installing the latest version using pip.
 uninstall_package python-virtualenv
 pip_install -U virtualenv
+
+# If a non-system python-requests is installed then it will use the
+# built-in CA certificate store rather than the distro-specific
+# CA certificate store. Detect this and symlink to the correct
+# one. If the value for the CA is not rooted in /etc then we know
+# we need to change it.
+capath=$(python -c "from requests import certs; print certs.where()")
+
+if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
+    if [[ ! $capath =~ ^/etc/.* && ! -L $capath ]]; then
+        if is_fedora; then
+            sudo rm -f $capath
+            sudo ln -s /etc/pki/tls/certs/ca-bundle.crt $capath
+        elif is_ubuntu; then
+            sudo rm -f $capath
+            sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath
+        else
+            echo "Don't know how to set the CA bundle, expect the install to fail."
+        fi
+    fi
+fi

From aa54511727614a837992845be416b9bd921be2e4 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Wed, 3 Jun 2015 17:10:43 +0900
Subject: [PATCH 0701/3421] midonet: Provide has_neutron_plugin_security_group

Change-Id: I6ac12022bb8998fbec17cfa503db9277aa2eb8b7
Partial-Bug: #1458871
---
 lib/neutron_plugins/midonet | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
index 9e72aa0ce9..ca0b70c76c 100644
--- a/lib/neutron_plugins/midonet
+++ b/lib/neutron_plugins/midonet
@@ -1,4 +1,10 @@
 #!/bin/bash
 
-# REVISIT(devvesa): This file is intentionally left empty
-# in order to keep Q_PLUGIN=midonet work.
+# REVISIT(devvesa): This file is needed so Q_PLUGIN=midonet will work.
+
+# FIXME(yamamoto): This function should not be here, but unfortunately
+# devstack calls it before the external plugins are fetched
+function has_neutron_plugin_security_group {
+    # 0 means True here
+    return 0
+}

From 3fe4c4e789f266b1367a770e12f3c461e8981a15 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Wed, 3 Jun 2015 17:29:50 +0900
Subject: [PATCH 0702/3421] MAINTAINERS.rst: Add MidoNet section

While the most part of MidoNet code is now externally maintained
using the external plugin mechanism, it can be still useful to
have a contact list.

Change-Id: I3e0a0586c07875ca37ce101dd169eaf78f34f7a5
---
 MAINTAINERS.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index d3e8c67487..eeb1f21b61 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -45,6 +45,13 @@ Fedora/CentOS/RHEL
 Neutron
 ~~~~~~~
 
+MidoNet
+~~~~~~~
+
+* Jaume Devesa 
+* Ryu Ishimoto 
+* YAMAMOTO Takashi 
+
 OpenDaylight
 ~~~~~~~~~~~~
 

From 50a3edf1b77fbe91c8101cfca9c1abad9c756a3d Mon Sep 17 00:00:00 2001
From: afazekas 
Date: Wed, 27 May 2015 11:50:12 +0200
Subject: [PATCH 0703/3421] Enable deactivate image tests in tempest

Deactivate image is new feature, so it cannot be default
enabled in tempest.

Change-Id: Ic33b3e2f7a9f62543680647312603bdd19b90198
Depends-On: I7880f0e2646ce8660e035ebaa19a60f5bf271b64
---
 lib/tempest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tempest b/lib/tempest
index 059709dbb8..5312a02cfa 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -329,6 +329,7 @@ function configure_tempest {
     if [[ ! -z "$TEMPEST_HTTP_IMAGE" ]]; then
         iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE
     fi
+    iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image true
 
     # Auth
     TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}

From a53ae68889746d61ad84cc19d2f2b61eec2c052a Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Wed, 27 May 2015 21:59:32 +0200
Subject: [PATCH 0704/3421] Remove Fedora 20 as supported distribution

Fedora 20 will reach end of life on 23-JUN-2015[1]; remove it as
supported distribution. Add Fedora 22 where applicable.

    - stack.sh: Remove Fedora 20 from list of supported distributions.
    - files/rpms/general: Remove 'f20' from NOPRIME.
    - lib/ceph: Remove 'f20' from the check_os_support_ceph()
      function.
    - doc/source/index.rst: s/Fedora 20/Fedora 21/

[1] https://lists.fedoraproject.org/pipermail/devel-announce/2015-May/001586.html

Change-Id: I8f2e1ddc24c071754b1cceb5bed5bdafdc9d9f79
---
 doc/source/index.rst | 6 +++---
 files/rpms/general   | 2 +-
 lib/ceph             | 2 +-
 stack.sh             | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index e0c3f3a5d6..6d0edb0bfe 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -19,9 +19,9 @@ Quick Start
 
 #. Select a Linux Distribution
 
-   Only Ubuntu 14.04 (Trusty), Fedora 20 and CentOS/RHEL 7 are
-   documented here. OpenStack also runs and is packaged on other flavors
-   of Linux such as OpenSUSE and Debian.
+   Only Ubuntu 14.04 (Trusty), Fedora 21 (or Fedora 22) and CentOS/RHEL
+   7 are documented here. OpenStack also runs and is packaged on other
+   flavors of Linux such as OpenSUSE and Debian.
 
 #. Install Selected OS
 
diff --git a/files/rpms/general b/files/rpms/general
index 7b2c00ad5c..67b084ef29 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -25,6 +25,6 @@ bc
 libyaml-devel
 gettext  # used for compiling message catalogs
 net-tools
-java-1.7.0-openjdk-headless  # NOPRIME rhel7,f20
+java-1.7.0-openjdk-headless  # NOPRIME rhel7
 java-1.8.0-openjdk-headless  # NOPRIME f21,f22
 pyOpenSSL # version in pip uses too much memory
diff --git a/lib/ceph b/lib/ceph
index 4d6ca4aa68..cbdc3b87f1 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -110,7 +110,7 @@ function undefine_virsh_secret {
 
 # check_os_support_ceph() - Check if the operating system provides a decent version of Ceph
 function check_os_support_ceph {
-    if [[ ! ${DISTRO} =~ (trusty|f20|f21|f22) ]]; then
+    if [[ ! ${DISTRO} =~ (trusty|f21|f22) ]]; then
         echo "WARNING: your distro $DISTRO does not provide (at least) the Firefly release. Please use Ubuntu Trusty or Fedora 20 (and higher)"
         if [[ "$FORCE_CEPH_INSTALL" != "yes" ]]; then
             die $LINENO "If you wish to install Ceph on this distribution anyway run with FORCE_CEPH_INSTALL=yes"
diff --git a/stack.sh b/stack.sh
index dc79fa94f7..0c01165642 100755
--- a/stack.sh
+++ b/stack.sh
@@ -173,7 +173,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|utopic|vivid|7.0|wheezy|sid|testing|jessie|f20|f21|f22|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|utopic|vivid|7.0|wheezy|sid|testing|jessie|f21|f22|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From 6254d5fd0d87e65aa0a53b9fb30b36145e47d46d Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Fri, 5 Jun 2015 11:58:15 -0400
Subject: [PATCH 0705/3421] Fix nova and glance discovery URLs when tls-proxy
 is enabled.

Retrieving the root page in the nova and glance APIs include
URLs for the various versions supported. These are by default
reported using unsecure URLs. Configure the services to report
a SSL-based URL instead.

Change-Id: I220757e53b94a5f6d19291371407220fdf54c645
---
 lib/glance | 1 +
 lib/nova   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/lib/glance b/lib/glance
index 4e1bd24ef5..016ade3479 100644
--- a/lib/glance
+++ b/lib/glance
@@ -154,6 +154,7 @@ function configure_glance {
 
     if is_service_enabled tls-proxy; then
         iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
+        iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT
         iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT
     fi
 
diff --git a/lib/nova b/lib/nova
index da288d3e4d..11fa2a0ba4 100644
--- a/lib/nova
+++ b/lib/nova
@@ -489,6 +489,7 @@ function create_nova_conf {
         if is_service_enabled tls-proxy; then
             # Set the service port for a proxy to take the original
             iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT"
+            iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT
         fi
 
         configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR

From 027e2ea741bdbcb6e1afc3fe527c3fdf045825c3 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Fri, 5 Jun 2015 18:43:50 +0000
Subject: [PATCH 0706/3421] Allow ceilometer to run in virtualenv if USE_VENV

This requires three main changes:

* setting CEILOMETER_BIN_DIR appropriately
* running the various services with a full path
* explicitly installing optional python modules (for mongo and
  virt drivers, if configured) during the install phase

In the process of making this work it was discovered that setting
CEILOMETER_BACKEND to something like 'foo' would cause the backend
to be configured to use mongodb but for the mongodb system packages
and related python modules to not be installed. Fixing this was used
to validate the install process under USE_VENV.

Change-Id: I35fbfa76bdd60a22ba90b13666b06eeb961dddb3
---
 files/apache-ceilometer.template |  2 +-
 lib/ceilometer                   | 59 +++++++++++++++++++++++---------
 2 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/files/apache-ceilometer.template b/files/apache-ceilometer.template
index 1c57b328b8..79f14c38ab 100644
--- a/files/apache-ceilometer.template
+++ b/files/apache-ceilometer.template
@@ -1,7 +1,7 @@
 Listen %PORT%
 
 
-    WSGIDaemonProcess ceilometer-api processes=2 threads=10 user=%USER% display-name=%{GROUP}
+    WSGIDaemonProcess ceilometer-api processes=2 threads=10 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup ceilometer-api
     WSGIScriptAlias / %WSGIAPP%
     WSGIApplicationGroup %{GLOBAL}
diff --git a/lib/ceilometer b/lib/ceilometer
index 1f72187ed6..f6f605b686 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -78,8 +78,13 @@ CEILOMETER_API_LOG_DIR=/var/log/ceilometer-api
 CEILOMETER_AUTH_CACHE_DIR=${CEILOMETER_AUTH_CACHE_DIR:-/var/cache/ceilometer}
 CEILOMETER_WSGI_DIR=${CEILOMETER_WSGI_DIR:-/var/www/ceilometer}
 
-# Support potential entry-points console scripts
-CEILOMETER_BIN_DIR=$(get_python_exec_prefix)
+# Support potential entry-points console scripts in VENV or not
+if [[ ${USE_VENV} = True ]]; then
+    PROJECT_VENV["ceilometer"]=${CEILOMETER_DIR}.venv
+    CEILOMETER_BIN_DIR=${PROJECT_VENV["ceilometer"]}/bin
+else
+    CEILOMETER_BIN_DIR=$(get_python_exec_prefix)
+fi
 
 # Set up database backend
 CEILOMETER_BACKEND=${CEILOMETER_BACKEND:-mysql}
@@ -151,6 +156,8 @@ function _cleanup_ceilometer_apache_wsgi {
 # runs that a clean run would need to clean up
 function cleanup_ceilometer {
     if [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
+        echo "### cleaning database"
+        read
         mongo ceilometer --eval "db.dropDatabase();"
     elif [ "$CEILOMETER_BACKEND" = 'es' ] ; then
         curl -XDELETE "localhost:9200/events_*"
@@ -165,16 +172,22 @@ function _config_ceilometer_apache_wsgi {
 
     local ceilometer_apache_conf=$(apache_site_config_for ceilometer)
     local apache_version=$(get_apache_version)
+    local venv_path=""
 
     # Copy proxy vhost and wsgi file
     sudo cp $CEILOMETER_DIR/ceilometer/api/app.wsgi $CEILOMETER_WSGI_DIR/app
 
+    if [[ ${USE_VENV} = True ]]; then
+        venv_path="python-path=${PROJECT_VENV["ceilometer"]}/lib/$(python_version)/site-packages"
+    fi
+
     sudo cp $FILES/apache-ceilometer.template $ceilometer_apache_conf
     sudo sed -e "
         s|%PORT%|$CEILOMETER_SERVICE_PORT|g;
         s|%APACHE_NAME%|$APACHE_NAME|g;
         s|%WSGIAPP%|$CEILOMETER_WSGI_DIR/app|g;
-        s|%USER%|$STACK_USER|g
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
     " -i $ceilometer_apache_conf
 }
 
@@ -232,12 +245,14 @@ function configure_ceilometer {
         iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS
         ${TOP_DIR}/pkg/elasticsearch.sh start
         cleanup_ceilometer
-    else
+    elif [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
         iniset $CEILOMETER_CONF database alarm_connection mongodb://localhost:27017/ceilometer
         iniset $CEILOMETER_CONF database event_connection mongodb://localhost:27017/ceilometer
         iniset $CEILOMETER_CONF database metering_connection mongodb://localhost:27017/ceilometer
         configure_mongodb
         cleanup_ceilometer
+    else
+        die $LINENO "Unable to configure unknown CEILOMETER_BACKEND $CEILOMETER_BACKEND"
     fi
 
     if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
@@ -263,10 +278,8 @@ function configure_mongodb {
     local packages=mongodb-server
 
     if is_fedora; then
-        # mongodb client + python bindings
-        packages="${packages} mongodb pymongo"
-    else
-        packages="${packages} python-pymongo"
+        # mongodb client
+        packages="${packages} mongodb"
     fi
 
     install_package ${packages}
@@ -319,6 +332,18 @@ function install_ceilometer {
         install_redis
     fi
 
+    if [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
+        pip_install_gr pymongo
+    fi
+
+    if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
+        pip_install_gr libvirt-python
+    fi
+
+    if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
+        pip_instal_gr oslo.vmware
+    fi
+
     if [ "$CEILOMETER_BACKEND" = 'es' ] ; then
         ${TOP_DIR}/pkg/elasticsearch.sh download
         ${TOP_DIR}/pkg/elasticsearch.sh install
@@ -349,13 +374,13 @@ function install_ceilometermiddleware {
 
 # start_ceilometer() - Start running processes, including screen
 function start_ceilometer {
-    run_process ceilometer-acentral "ceilometer-agent-central --config-file $CEILOMETER_CONF"
-    run_process ceilometer-anotification "ceilometer-agent-notification --config-file $CEILOMETER_CONF"
-    run_process ceilometer-collector "ceilometer-collector --config-file $CEILOMETER_CONF"
-    run_process ceilometer-aipmi "ceilometer-agent-ipmi --config-file $CEILOMETER_CONF"
+    run_process ceilometer-acentral "$CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF"
+    run_process ceilometer-anotification "$CEILOMETER_BIN_DIR/ceilometer-agent-notification --config-file $CEILOMETER_CONF"
+    run_process ceilometer-collector "$CEILOMETER_BIN_DIR/ceilometer-collector --config-file $CEILOMETER_CONF"
+    run_process ceilometer-aipmi "$CEILOMETER_BIN_DIR/ceilometer-agent-ipmi --config-file $CEILOMETER_CONF"
 
     if [[ "$CEILOMETER_USE_MOD_WSGI" == "False" ]]; then
-        run_process ceilometer-api "ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
+        run_process ceilometer-api "$CEILOMETER_BIN_DIR/ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
     else
         enable_apache_site ceilometer
         restart_apache_server
@@ -367,10 +392,10 @@ function start_ceilometer {
     # Start the compute agent last to allow time for the collector to
     # fully wake up and connect to the message bus. See bug #1355809
     if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
-        run_process ceilometer-acompute "ceilometer-agent-compute --config-file $CEILOMETER_CONF" $LIBVIRT_GROUP
+        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-agent-compute --config-file $CEILOMETER_CONF" $LIBVIRT_GROUP
     fi
     if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-        run_process ceilometer-acompute "ceilometer-agent-compute --config-file $CEILOMETER_CONF"
+        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-agent-compute --config-file $CEILOMETER_CONF"
     fi
 
     # Only die on API if it was actually intended to be turned on
@@ -381,8 +406,8 @@ function start_ceilometer {
         fi
     fi
 
-    run_process ceilometer-alarm-notifier "ceilometer-alarm-notifier --config-file $CEILOMETER_CONF"
-    run_process ceilometer-alarm-evaluator "ceilometer-alarm-evaluator --config-file $CEILOMETER_CONF"
+    run_process ceilometer-alarm-notifier "$CEILOMETER_BIN_DIR/ceilometer-alarm-notifier --config-file $CEILOMETER_CONF"
+    run_process ceilometer-alarm-evaluator "$CEILOMETER_BIN_DIR/ceilometer-alarm-evaluator --config-file $CEILOMETER_CONF"
 }
 
 # stop_ceilometer() - Stop running processes

From 2ebe993b25462919e8aeeb896c9f91b6be7aa573 Mon Sep 17 00:00:00 2001
From: Joe Gordon 
Date: Sun, 7 Jun 2015 16:57:34 +0900
Subject: [PATCH 0707/3421] guru meditation report for nova-compute in
 worlddump

Nova-compute is hanging in the multinode test, and its difficult to
figure out why. So trigger a guru meditation report for nova-compute in
worlddump so we can see what nova-compute is doing when it is hung.

Having a hung nova-compute causes tempest to fail and
I035fe8e3333034e44b403ed0f986220ab5b0e57a runs worlddump whenever
tempest fails.

Bug 1462305 is one of the last issues left before the multinode job is
stable enough to gate on, and this patch should make it much easier to
debug.

Change-Id: I87d7536b5992c47b8082684cc662f953113fd1a8
Related-Bug: #1462305
---
 tools/worlddump.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index d846f10025..7acfb5e97d 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -106,6 +106,12 @@ def compute_consoles():
             _dump_cmd("sudo cat %s" % fullpath)
 
 
+def guru_meditation_report():
+    _header("nova-compute Guru Meditation Report")
+    _dump_cmd("kill -s USR1 `pgrep nova-compute`")
+    print "guru meditation report in nova-compute log"
+
+
 def main():
     opts = get_options()
     fname = filename(opts.dir)
@@ -118,6 +124,7 @@ def main():
         network_dump()
         iptables_dump()
         compute_consoles()
+        guru_meditation_report()
 
 
 if __name__ == '__main__':

From 10e1fd420dbebec2a5e546266edfc748b8684f9b Mon Sep 17 00:00:00 2001
From: Ramy Asselin 
Date: Thu, 4 Jun 2015 12:12:15 -0700
Subject: [PATCH 0708/3421] Allow override of os-brick library used by cinder

os-brick code was pulled out of cinder and made into its own library
https://review.openstack.org/#/c/155552/

added to requirements:
https://review.openstack.org/#/c/177372/

Integration tests were added
https://review.openstack.org/#/c/188156/

But they still use the version of os-brick from pip.

This change updates devstack to pull in the changes from
os-brick patch sets instead, when configured to do so.

Needed-by: Id2bc10782847861fe4bb5e9e46245654450e38fd

Change-Id: I5359dd37dfe94bd469d5ca35f9fbaeda61b5fac4
---
 lib/cinder                   | 8 ++++++++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/cinder b/lib/cinder
index da22e29f84..b8cf8090dc 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -39,6 +39,7 @@ fi
 
 # set up default directories
 GITDIR["python-cinderclient"]=$DEST/python-cinderclient
+GITDIR["os-brick"]=$DEST/os-brick
 CINDER_DIR=$DEST/cinder
 
 # Cinder virtual environment
@@ -381,6 +382,13 @@ function init_cinder {
 
 # install_cinder() - Collect source and prepare
 function install_cinder {
+    # Install os-brick from git so we make sure we're testing
+    # the latest code.
+    if use_library_from_git "os-brick"; then
+        git_clone_by_name "os-brick"
+        setup_dev_lib "os-brick"
+    fi
+
     git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
     setup_develop $CINDER_DIR
     if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
diff --git a/stackrc b/stackrc
index 09ba3e9807..f8add4b44d 100644
--- a/stackrc
+++ b/stackrc
@@ -441,6 +441,10 @@ SWIFT3_BRANCH=${SWIFT3_BRANCH:-master}
 GITREPO["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_REPO:-${GIT_BASE}/openstack/ceilometermiddleware.git}
 GITBRANCH["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_BRANCH:-master}
 
+# os-brick library to manage local volume attaches
+GITREPO["os-brick"]=${OS_BRICK_REPO:-${GIT_BASE}/openstack/os-brick.git}
+GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master}
+
 
 ##################
 #
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 8210d0a466..336a213bc5 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -39,7 +39,7 @@ ALL_LIBS+=" oslo.serialization python-saharaclient django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
-ALL_LIBS+=" debtcollector"
+ALL_LIBS+=" debtcollector os-brick"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 7bc2af7a6b75a0e7f383546c1d61e02b27cf45b5 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 8 Jun 2015 12:36:30 -0400
Subject: [PATCH 0709/3421] Neutron: Add a cleanup function for Linux Bridge

Change-Id: Ia1bad5d2fa3b94afc662463b2e072f8482b0ce1f
---
 lib/neutron-legacy | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 5681743e41..dd67f45a39 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -824,6 +824,10 @@ function cleanup_neutron {
         neutron_ovs_base_cleanup
     fi
 
+    if [[ $Q_AGENT == "linuxbridge" ]]; then
+        neutron_lb_cleanup
+    fi
+
     # delete all namespaces created by neutron
     for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|qlbaas|fip|snat)-[0-9a-f-]*'); do
         sudo ip netns delete ${ns}

From 09b94603bb4f903616da3b1b4970ee1e2a666b91 Mon Sep 17 00:00:00 2001
From: Russell Bryant 
Date: Mon, 8 Jun 2015 15:25:43 -0400
Subject: [PATCH 0710/3421] Separate start/stop control of Neutron L2 agent.

This patch separates out control of the Neutron L2 agent from
starting/stopping the rest of Neutron.  This is needed for the same
reason that control of nova-compute was separated out for Nova.  When
doing rolling upgrade testing with Grenade, we need to be able to stop
and upgrade everything except the L2 agent, as that is what would be
running on a compute node.

After this is in place, we can update grenade to support a partial
upgrade scenario with Neutron and run it in jenkins to ensure we don't
break live upgrade support of Neutron.

Change-Id: I7eb87fba778aff3e4514813c6232dafa99ee2912
Signed-off-by: Russell Bryant 
---
 lib/neutron-legacy | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 5681743e41..519200bbcb 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -703,11 +703,10 @@ function start_neutron_service_and_check {
     fi
 }
 
-# Start running processes, including screen
-function start_neutron_agents {
-    # Start up the neutron agents if enabled
+# Control of the l2 agent is separated out to make it easier to test partial
+# upgrades (everything upgraded except the L2 agent)
+function start_neutron_l2_agent {
     run_process q-agt "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
-    run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
 
     if is_provider_network; then
         sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
@@ -722,6 +721,10 @@ function start_neutron_agents {
             sudo route add -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
         fi
     fi
+}
+
+function start_neutron_other_agents {
+    run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
 
     if is_service_enabled q-vpn; then
         run_process q-vpn "$AGENT_VPN_BINARY $(determine_config_files neutron-vpn-agent)"
@@ -745,8 +748,18 @@ function start_neutron_agents {
     fi
 }
 
-# stop_neutron() - Stop running processes (non-screen)
-function stop_neutron {
+# Start running processes, including screen
+function start_neutron_agents {
+    # Start up the neutron agents if enabled
+    start_neutron_l2_agent
+    start_neutron_other_agents
+}
+
+function stop_neutron_l2_agent {
+    stop_process q-agt
+}
+
+function stop_neutron_other {
     if is_service_enabled q-dhcp; then
         stop_process q-dhcp
         pid=$(ps aux | awk '/[d]nsmasq.+interface=(tap|ns-)/ { print $2 }')
@@ -761,8 +774,6 @@ function stop_neutron {
         stop_process q-meta
     fi
 
-    stop_process q-agt
-
     if is_service_enabled q-lbaas; then
         neutron_lbaas_stop
     fi
@@ -777,6 +788,12 @@ function stop_neutron {
     fi
 }
 
+# stop_neutron() - Stop running processes (non-screen)
+function stop_neutron {
+    stop_neutron_other
+    stop_neutron_l2_agent
+}
+
 # _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
 # on startup, or back to the public interface on cleanup
 function _move_neutron_addresses_route {

From ce2d75df01071a06ac08c8f5ba73a8fd78002da4 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Thu, 4 Jun 2015 18:01:29 -0400
Subject: [PATCH 0711/3421] Remove hardcoded http in URL in sahara exercise
 script

The script hardcoded http://$SERVICE_HOST/... which failed
when SSL or tls-proxy was enabled. Calculate the protocol
based on enabled services instead.

Change-Id: I192eeeafe7bf4dc5cbd382c505ffb9307651d78a
---
 exercises/sahara.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/exercises/sahara.sh b/exercises/sahara.sh
index 2589e28c0c..8cad94562d 100755
--- a/exercises/sahara.sh
+++ b/exercises/sahara.sh
@@ -35,7 +35,13 @@ source $TOP_DIR/exerciserc
 
 is_service_enabled sahara || exit 55
 
-$CURL_GET http://$SERVICE_HOST:8386/ 2>/dev/null | grep -q 'Auth' || die $LINENO "Sahara API isn't functioning!"
+if is_ssl_enabled_service "sahara" || is_service_enabled tls-proxy; then
+    SAHARA_SERVICE_PROTOCOL="https"
+fi
+
+SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+
+$CURL_GET $SAHARA_SERVICE_PROTOCOL://$SERVICE_HOST:8386/ 2>/dev/null | grep -q 'Auth' || die $LINENO "Sahara API isn't functioning!"
 
 set +o xtrace
 echo "*********************************************************************"

From a16e46100a2f676457abf884fc2b852d67597807 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 2 Jun 2015 10:08:04 +1000
Subject: [PATCH 0712/3421] Cleanup FAQ somewhat

Remove some old discussions that no longer seem relevant and cleanup a
few other points.

Change-Id: I175ddaf9362bf48d35b0e648904eeb21bdc3c793
---
 doc/source/faq.rst | 104 ++++++++++++++++-----------------------------
 1 file changed, 37 insertions(+), 67 deletions(-)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index d3b491fdac..0437ec26d5 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -10,36 +10,21 @@ General Questions
 =================
 
 Q: Can I use DevStack for production?
-    A: No. We mean it. Really. DevStack makes some implementation
-    choices that are not appropriate for production deployments. We
-    warned you!
-Q: Then why selinux in enforcing mode?
-    A: That is the default on current Fedora and RHEL releases. DevStack
-    has (rightly so) a bad reputation for its security practices; it has
-    always been meant as a development tool first and system integration
-    later. This is changing as the security issues around OpenStack's
-    use of root (for example) have been tightened and developers need to
-    be better equipped to work in these environments. ``stack.sh``'s use
-    of root is primarily to support the activities that would be handled
-    by packaging in "real" deployments. To remove additional protections
-    that will be desired/required in production would be a step
-    backward.
-Q: But selinux is disabled in RHEL!
-    A: Today it is, yes. That is a specific exception that certain
-    DevStack contributors fought strongly against. The primary reason it
-    was allowed was to support using RHEL6 as the Python 2.6 test
-    platform and that took priority time-wise. This will not be the case
-    with RHEL 7.
+
+    A: DevStack is targeted at developers and CI systems to use the
+    raw upstream code.  It makes many choices that are not appropriate
+    for production systems.
+
+    Your best choice is probably to choose a `distribution of
+    OpenStack
+    `__.
+
 Q: Why a shell script, why not chef/puppet/...
     A: The script is meant to be read by humans (as well as ran by
     computers); it is the primary documentation after all. Using a
     recipe system requires everyone to agree and understand chef or
     puppet.
-Q: Why not use Crowbar?
-    A: DevStack is optimized for documentation & developers. As some of
-    us use `Crowbar `__ for
-    production deployments, we hope developers documenting how they
-    setup systems for new features supports projects like Crowbar.
+
 Q: I'd like to help!
     A: That isn't a question, but please do! The source for DevStack is
     at
@@ -49,27 +34,23 @@ Q: I'd like to help!
     follow the usual process as described in the `developer
     guide `__. This Sphinx
     documentation is housed in the doc directory.
+
 Q: Why not use packages?
     A: Unlike packages, DevStack leaves your cloud ready to develop -
     checkouts of the code and services running in screen. However, many
     people are doing the hard work of packaging and recipes for
-    production deployments. We hope this script serves as a way to
-    communicate configuration changes between developers and packagers.
+    production deployments.
+
 Q: Why isn't $MY\_FAVORITE\_DISTRO supported?
     A: DevStack is meant for developers and those who want to see how
     OpenStack really works. DevStack is known to run on the
     distro/release combinations listed in ``README.md``. DevStack is
     only supported on releases other than those documented in
     ``README.md`` on a best-effort basis.
-Q: What about Fedora/RHEL/CentOS?
-    A: Fedora and CentOS/RHEL are supported via rpm dependency files and
-    specific checks in ``stack.sh``. Support will follow the pattern set
-    with the Ubuntu testing, i.e. only a single release of the distro
-    will receive regular testing, others will be handled on a
-    best-effort basis.
-Q: Are there any differences between Ubuntu and Fedora support?
-    A: Neutron is not fully supported prior to Fedora 18 due lack of
-    OpenVSwitch packages.
+
+Q: Are there any differences between Ubuntu and Centos/Fedora support?
+    A: Both should work well and are tested by DevStack CI.
+
 Q: Why can't I use another shell?
     A: DevStack now uses some specific bash-ism that require Bash 4, such
     as associative arrays. Simple compatibility patches have been accepted
@@ -77,26 +58,23 @@ Q: Why can't I use another shell?
     compatibility patches will be considered except for shells matching
     the array functionality as it is very ingrained in the repo and project
     management.
-Q: But, but, can't I test on OS/X?
-   A: Yes, even you, core developer who complained about this, needs to
-   install bash 4 via homebrew to keep running tests on OS/X.  Get a Real
-   Operating System.   (For most of you who don't know, I am referring to
-   myself.)
+
+Q: Can I test on OS/X?
+   A: Some people have success with bash 4 installed via
+   homebrew to keep running tests on OS/X.
 
 Operation and Configuration
 ===========================
 
 Q: Can DevStack handle a multi-node installation?
-    A: Indirectly, yes. You run DevStack on each node with the
-    appropriate configuration in ``local.conf``. The primary
-    considerations are turning off the services not required on the
-    secondary nodes, making sure the passwords match and setting the
-    various API URLs to the right place.
+    A: Yes, see :doc:`multinode lab guide `
+
 Q: How can I document the environment that DevStack is using?
     A: DevStack includes a script (``tools/info.sh``) that gathers the
     versions of the relevant installed apt packages, pip packages and
     git repos. This is a good way to verify what Python modules are
     installed.
+
 Q: How do I turn off a service that is enabled by default?
     A: Services can be turned off by adding ``disable_service xxx`` to
     ``local.conf`` (using ``n-vol`` in this example):
@@ -113,31 +91,22 @@ Q: Is enabling a service that defaults to off done with the reverse of the above
         enable_service qpid
 
 Q: How do I run a specific OpenStack milestone?
-    A: OpenStack milestones have tags set in the git repo. Set the appropriate tag in the ``*_BRANCH`` variables in ``local.conf``.  Swift is on its own release schedule so pick a tag in the Swift repo that is just before the milestone release. For example:
+   A: OpenStack milestones have tags set in the git repo. Set the
+   appropriate tag in the ``*_BRANCH`` variables in ``local.conf``.
+   Swift is on its own release schedule so pick a tag in the Swift repo
+   that is just before the milestone release. For example:
 
     ::
 
         [[local|localrc]]
-        GLANCE_BRANCH=stable/juno
-        HORIZON_BRANCH=stable/juno
-        KEYSTONE_BRANCH=stable/juno
-        NOVA_BRANCH=stable/juno
-        GLANCE_BRANCH=stable/juno
-        NEUTRON_BRANCH=stable/juno
-        SWIFT_BRANCH=2.2.1
-
-Q: Why not use [STRIKEOUT:``tools/pip-requires``]\ ``requirements.txt`` to grab project dependencies?
-    [STRIKEOUT:The majority of deployments will use packages to install
-    OpenStack that will have distro-based packages as dependencies.
-    DevStack installs as many of these Python packages as possible to
-    mimic the expected production environment.] Certain Linux
-    distributions have a 'lack of workaround' in their Python
-    configurations that installs vendor packaged Python modules and
-    pip-installed modules to the SAME DIRECTORY TREE. This is causing
-    heartache and moving us in the direction of installing more modules
-    from PyPI than vendor packages. However, that is only being done as
-    necessary as the packaging needs to catch up to the development
-    cycle anyway so this is kept to a minimum.
+        GLANCE_BRANCH=stable/kilo
+        HORIZON_BRANCH=stable/kilo
+        KEYSTONE_BRANCH=stable/kilo
+        NOVA_BRANCH=stable/kilo
+        GLANCE_BRANCH=stable/kilo
+        NEUTRON_BRANCH=stable/kilo
+        SWIFT_BRANCH=2.3.0
+
 Q: What can I do about RabbitMQ not wanting to start on my fresh new VM?
     A: This is often caused by ``erlang`` not being happy with the
     hostname resolving to a reachable IP address. Make sure your
@@ -145,6 +114,7 @@ Q: What can I do about RabbitMQ not wanting to start on my fresh new VM?
     in ``/etc/hosts`` is often good enough for a single-node
     installation. And in an extreme case, use ``clean.sh`` to eradicate
     it and try again.
+
 Q: How can I set up Heat in stand-alone configuration?
     A: Configure ``local.conf`` thusly:
 

From 2f27addf660d768988b1d9ec199e59584f0d4022 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 2 Jun 2015 10:18:49 +1000
Subject: [PATCH 0713/3421] Move FAQ to a section-based format

Move to a section-based format, and add a TOC so we can see an
overview of the questions.

Change-Id: Ie480f2ab759a5a7081d4dc7d2491b44a85b6503a
---
 doc/source/faq.rst | 218 +++++++++++++++++++++++++--------------------
 1 file changed, 121 insertions(+), 97 deletions(-)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 0437ec26d5..87f84693df 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -2,99 +2,120 @@
 FAQ
 ===
 
--  `General Questions <#general>`__
--  `Operation and Configuration <#ops_conf>`__
--  `Miscellaneous <#misc>`__
+.. contents::
+   :local:
 
 General Questions
 =================
 
-Q: Can I use DevStack for production?
-
-    A: DevStack is targeted at developers and CI systems to use the
-    raw upstream code.  It makes many choices that are not appropriate
-    for production systems.
-
-    Your best choice is probably to choose a `distribution of
-    OpenStack
-    `__.
-
-Q: Why a shell script, why not chef/puppet/...
-    A: The script is meant to be read by humans (as well as ran by
-    computers); it is the primary documentation after all. Using a
-    recipe system requires everyone to agree and understand chef or
-    puppet.
-
-Q: I'd like to help!
-    A: That isn't a question, but please do! The source for DevStack is
-    at
-    `git.openstack.org `__
-    and bug reports go to
-    `LaunchPad `__. Contributions
-    follow the usual process as described in the `developer
-    guide `__. This Sphinx
-    documentation is housed in the doc directory.
-
-Q: Why not use packages?
-    A: Unlike packages, DevStack leaves your cloud ready to develop -
-    checkouts of the code and services running in screen. However, many
-    people are doing the hard work of packaging and recipes for
-    production deployments.
-
-Q: Why isn't $MY\_FAVORITE\_DISTRO supported?
-    A: DevStack is meant for developers and those who want to see how
-    OpenStack really works. DevStack is known to run on the
-    distro/release combinations listed in ``README.md``. DevStack is
-    only supported on releases other than those documented in
-    ``README.md`` on a best-effort basis.
-
-Q: Are there any differences between Ubuntu and Centos/Fedora support?
-    A: Both should work well and are tested by DevStack CI.
-
-Q: Why can't I use another shell?
-    A: DevStack now uses some specific bash-ism that require Bash 4, such
-    as associative arrays. Simple compatibility patches have been accepted
-    in the past when they are not complex, at this point no additional
-    compatibility patches will be considered except for shells matching
-    the array functionality as it is very ingrained in the repo and project
-    management.
-
-Q: Can I test on OS/X?
-   A: Some people have success with bash 4 installed via
-   homebrew to keep running tests on OS/X.
+Can I use DevStack for production?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+DevStack is targeted at developers and CI systems to use the raw
+upstream code.  It makes many choices that are not appropriate for
+production systems.
+
+Your best choice is probably to choose a `distribution of OpenStack
+`__.
+
+Why a shell script, why not chef/puppet/...
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The script is meant to be read by humans (as well as ran by
+computers); it is the primary documentation after all. Using a recipe
+system requires everyone to agree and understand chef or puppet.
+
+I'd like to help!
+~~~~~~~~~~~~~~~~~
+
+That isn't a question, but please do! The source for DevStack is at
+`git.openstack.org
+`__ and bug
+reports go to `LaunchPad
+`__. Contributions follow the
+usual process as described in the `developer guide
+`__. This
+Sphinx documentation is housed in the doc directory.
+
+Why not use packages?
+~~~~~~~~~~~~~~~~~~~~~
+
+Unlike packages, DevStack leaves your cloud ready to develop -
+checkouts of the code and services running in screen. However, many
+people are doing the hard work of packaging and recipes for production
+deployments.
+
+Why isn't $MY\_FAVORITE\_DISTRO supported?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+DevStack is meant for developers and those who want to see how
+OpenStack really works. DevStack is known to run on the distro/release
+combinations listed in ``README.md``. DevStack is only supported on
+releases other than those documented in ``README.md`` on a best-effort
+basis.
+
+Are there any differences between Ubuntu and Centos/Fedora support?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Both should work well and are tested by DevStack CI.
+
+Why can't I use another shell?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+DevStack now uses some specific bash-ism that require Bash 4, such as
+associative arrays. Simple compatibility patches have been accepted in
+the past when they are not complex, at this point no additional
+compatibility patches will be considered except for shells matching
+the array functionality as it is very ingrained in the repo and
+project management.
+
+Can I test on OS/X?
+~~~~~~~~~~~~~~~~~~~
+
+Some people have success with bash 4 installed via homebrew to keep
+running tests on OS/X.
 
 Operation and Configuration
 ===========================
 
-Q: Can DevStack handle a multi-node installation?
-    A: Yes, see :doc:`multinode lab guide `
+Can DevStack handle a multi-node installation?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Yes, see :doc:`multinode lab guide `
+
+How can I document the environment that DevStack is using?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Q: How can I document the environment that DevStack is using?
-    A: DevStack includes a script (``tools/info.sh``) that gathers the
-    versions of the relevant installed apt packages, pip packages and
-    git repos. This is a good way to verify what Python modules are
-    installed.
+DevStack includes a script (``tools/info.sh``) that gathers the
+versions of the relevant installed apt packages, pip packages and git
+repos. This is a good way to verify what Python modules are
+installed.
 
-Q: How do I turn off a service that is enabled by default?
-    A: Services can be turned off by adding ``disable_service xxx`` to
-    ``local.conf`` (using ``n-vol`` in this example):
+How do I turn off a service that is enabled by default?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Services can be turned off by adding ``disable_service xxx`` to
+``local.conf`` (using ``n-vol`` in this example):
 
     ::
 
         disable_service n-vol
 
-Q: Is enabling a service that defaults to off done with the reverse of the above?
-    A: Of course!
+Is enabling a service that defaults to off done with the reverse of the above?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Of course!
 
     ::
 
         enable_service qpid
 
-Q: How do I run a specific OpenStack milestone?
-   A: OpenStack milestones have tags set in the git repo. Set the
-   appropriate tag in the ``*_BRANCH`` variables in ``local.conf``.
-   Swift is on its own release schedule so pick a tag in the Swift repo
-   that is just before the milestone release. For example:
+How do I run a specific OpenStack milestone?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+OpenStack milestones have tags set in the git repo. Set the
+appropriate tag in the ``*_BRANCH`` variables in ``local.conf``.
+Swift is on its own release schedule so pick a tag in the Swift repo
+that is just before the milestone release. For example:
 
     ::
 
@@ -107,16 +128,16 @@ Q: How do I run a specific OpenStack milestone?
         NEUTRON_BRANCH=stable/kilo
         SWIFT_BRANCH=2.3.0
 
-Q: What can I do about RabbitMQ not wanting to start on my fresh new VM?
-    A: This is often caused by ``erlang`` not being happy with the
-    hostname resolving to a reachable IP address. Make sure your
-    hostname resolves to a working IP address; setting it to 127.0.0.1
-    in ``/etc/hosts`` is often good enough for a single-node
-    installation. And in an extreme case, use ``clean.sh`` to eradicate
-    it and try again.
+What can I do about RabbitMQ not wanting to start on my fresh new VM?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is often caused by ``erlang`` not being happy with the hostname
+resolving to a reachable IP address. Make sure your hostname resolves
+to a working IP address; setting it to 127.0.0.1 in ``/etc/hosts`` is
+often good enough for a single-node installation. And in an extreme
+case, use ``clean.sh`` to eradicate it and try again.
 
-Q: How can I set up Heat in stand-alone configuration?
-    A: Configure ``local.conf`` thusly:
+Configure ``local.conf`` thusly:
 
     ::
 
@@ -126,22 +147,25 @@ Q: How can I set up Heat in stand-alone configuration?
         KEYSTONE_SERVICE_HOST=
         KEYSTONE_AUTH_HOST=
 
-Q: Why are my configuration changes ignored?
-    A: You may have run into the package prerequisite installation
-    timeout. ``tools/install_prereqs.sh`` has a timer that skips the
-    package installation checks if it was run within the last
-    ``PREREQ_RERUN_HOURS`` hours (default is 2). To override this, set
-    ``FORCE_PREREQ=1`` and the package checks will never be skipped.
+Why are my configuration changes ignored?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You may have run into the package prerequisite installation
+timeout. ``tools/install_prereqs.sh`` has a timer that skips the
+package installation checks if it was run within the last
+``PREREQ_RERUN_HOURS`` hours (default is 2). To override this, set
+``FORCE_PREREQ=1`` and the package checks will never be skipped.
 
 Miscellaneous
 =============
 
-Q: ``tools/fixup_stuff.sh`` is broken and shouldn't 'fix' just one version of packages.
-    A: [Another not-a-question] No it isn't. Stuff in there is to
-    correct problems in an environment that need to be fixed elsewhere
-    or may/will be fixed in a future release. In the case of
-    ``httplib2`` and ``prettytable`` specific problems with specific
-    versions are being worked around. If later releases have those
-    problems than we'll add them to the script. Knowing about the broken
-    future releases is valuable rather than polling to see if it has
-    been fixed.
+``tools/fixup_stuff.sh`` is broken and shouldn't 'fix' just one version of packages.
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Stuff in there is to correct problems in an environment that need to
+be fixed elsewhere or may/will be fixed in a future release. In the
+case of ``httplib2`` and ``prettytable`` specific problems with
+specific versions are being worked around. If later releases have
+those problems than we'll add them to the script. Knowing about the
+broken future releases is valuable rather than polling to see if it
+has been fixed.

From 64cf20440865595a4c6c71859a964ddbea0389e2 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 2 Jun 2015 10:28:55 +1000
Subject: [PATCH 0714/3421] Add note on openrc and zsh

Add a note about running openrc through bash for import into zsh, as
shown by Chmouel Boudjnah in I5b6c8cfedcdd36efb4cbc91831501ee5c9c3b1d1

Change-Id: I5f1c9fc3fdc045cf6fb69af13f6264a81bf5f763
Closes-Bug: #1460656
---
 doc/source/faq.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 87f84693df..b09d386048 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -75,6 +75,21 @@ Can I test on OS/X?
 Some people have success with bash 4 installed via homebrew to keep
 running tests on OS/X.
 
+Can I at least source ``openrc`` with ``zsh``?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+People have reported success with a special function to run ``openrc``
+through bash for this
+
+.. code-block:: bash
+
+   function sourceopenrc {
+       pushd ~/devstack >/dev/null
+       eval $(bash -c ". openrc $1 $2;env|sed -n '/OS_/ { s/^/export /;p}'")
+       popd >/dev/null
+   }
+
+
 Operation and Configuration
 ===========================
 

From 64b2ebca15701785af09d2c225d7c81e3c6acdce Mon Sep 17 00:00:00 2001
From: Ben Nemec 
Date: Fri, 5 Jun 2015 12:22:36 -0500
Subject: [PATCH 0715/3421] Make sure iptables-services is installed

The iptables service files are no longer included by default on
Fedora.  This causes the systemctl calls in fixup_stuff.sh to fail
when disabling firewalld in favor of iptables.

Change-Id: If37691d03e3d07ca8b53c541717081beeb184c16
Closes-Bug: #1462347
---
 files/rpms/general   | 1 +
 tools/fixup_stuff.sh | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/files/rpms/general b/files/rpms/general
index 7b2c00ad5c..43101f7c87 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -28,3 +28,4 @@ net-tools
 java-1.7.0-openjdk-headless  # NOPRIME rhel7,f20
 java-1.8.0-openjdk-headless  # NOPRIME f21,f22
 pyOpenSSL # version in pip uses too much memory
+iptables-services  # NOPRIME f21,f22
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 31258d13f7..4fff57f401 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -126,6 +126,9 @@ if is_fedora; then
         # [4] http://docs.openstack.org/developer/devstack/guides/neutron.html
         if is_package_installed firewalld; then
             sudo systemctl disable firewalld
+            # The iptables service files are no longer included by default,
+            # at least on a baremetal Fedora 21 Server install.
+            install_package iptables-services
             sudo systemctl enable iptables
             sudo systemctl stop firewalld
             sudo systemctl start iptables

From d8ed29dcb3c73bd0eec61939164b90b914c6530c Mon Sep 17 00:00:00 2001
From: Aaron Rosen 
Date: Tue, 9 Jun 2015 13:15:24 -0700
Subject: [PATCH 0716/3421] Add vmware_nsx_v3 support

Sadly this is needed. We should refactor this out from all of the
plugins so we don't need to have all of these files. Adding this one
for now though.

Change-Id: Id382443fa7bef6b45237688c7e88d9e9a80a6ba1
---
 lib/neutron_plugins/vmware_nsx_v3 | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 lib/neutron_plugins/vmware_nsx_v3

diff --git a/lib/neutron_plugins/vmware_nsx_v3 b/lib/neutron_plugins/vmware_nsx_v3
new file mode 100644
index 0000000000..6d8a6e6b70
--- /dev/null
+++ b/lib/neutron_plugins/vmware_nsx_v3
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# This file is needed so Q_PLUGIN=vmware_nsx_v3 will work.
+
+# FIXME(salv-orlando): This function should not be here, but unfortunately
+# devstack calls it before the external plugins are fetched
+function has_neutron_plugin_security_group {
+    # 0 means True here
+    return 0
+}

From 7272afdf8bf55580f778530d590afd505394b4ae Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 10 Jun 2015 10:26:57 +0000
Subject: [PATCH 0717/3421] Revert "Replace pip-installed requests CA bundle
 with link"

This does not gracefully handle the situation where requests
is not there at the beginning. Needs to be rethought.

This reverts commit 7d350720fe5d25fece68c5d1625a33a6cad431ef.

Change-Id: I101fac0dc6fdc97b7fb0b2955cffc6b4905152e5
---
 tools/fixup_stuff.sh | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index d3a3de2092..31258d13f7 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -138,24 +138,3 @@ fi
 # and installing the latest version using pip.
 uninstall_package python-virtualenv
 pip_install -U virtualenv
-
-# If a non-system python-requests is installed then it will use the
-# built-in CA certificate store rather than the distro-specific
-# CA certificate store. Detect this and symlink to the correct
-# one. If the value for the CA is not rooted in /etc then we know
-# we need to change it.
-capath=$(python -c "from requests import certs; print certs.where()")
-
-if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
-    if [[ ! $capath =~ ^/etc/.* && ! -L $capath ]]; then
-        if is_fedora; then
-            sudo rm -f $capath
-            sudo ln -s /etc/pki/tls/certs/ca-bundle.crt $capath
-        elif is_ubuntu; then
-            sudo rm -f $capath
-            sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath
-        else
-            echo "Don't know how to set the CA bundle, expect the install to fail."
-        fi
-    fi
-fi

From cfbc7918c5e7720fcfba88d2c18d26dd9d0cf5cf Mon Sep 17 00:00:00 2001
From: Russell Bryant 
Date: Tue, 9 Jun 2015 09:14:13 -0400
Subject: [PATCH 0718/3421] Simplify start_neutron_other_agents

This patch just simplifies the start function a bit by removing some
unnecessary is_service_enabled checks that just wrap run_process
calls.  run_process does this exact check internally so it's not
needed here.

Change-Id: Id12a23f77ea0342854337c7d65821dd4e574dec2
Signed-off-by: Russell Bryant 
---
 lib/neutron-legacy | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 519200bbcb..87674b309a 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -733,19 +733,13 @@ function start_neutron_other_agents {
     fi
 
     run_process q-meta "python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
+    run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
+    run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
 
     if [ "$VIRT_DRIVER" = 'xenserver' ]; then
         # For XenServer, start an agent for the domU openvswitch
         run_process q-domua "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
     fi
-
-    if is_service_enabled q-lbaas; then
-        run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
-    fi
-
-    if is_service_enabled q-metering; then
-        run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
-    fi
 }
 
 # Start running processes, including screen

From 21afa42da6c3f0d7d73cc71718cfd7c9588fc43b Mon Sep 17 00:00:00 2001
From: Louis Taylor 
Date: Wed, 10 Jun 2015 12:55:10 +0000
Subject: [PATCH 0719/3421] ceph: remove deprecated glance_store options

glance_store has now been fully migrated, so we can stop setting these
options in the config files.

Change-Id: I3c6c2eea0171227b1ed362e74bcc5b10770721be
---
 lib/ceph | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index 4d6ca4aa68..25afb6c10c 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -264,10 +264,6 @@ function configure_ceph_glance {
     sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
     sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
 
-    # NOTE(eharney): When Glance has fully migrated to Glance store,
-    # default_store can be removed from [DEFAULT].  (See lib/glance.)
-    iniset $GLANCE_API_CONF DEFAULT default_store rbd
-    iniset $GLANCE_API_CONF DEFAULT show_image_direct_url True
     iniset $GLANCE_API_CONF glance_store default_store rbd
     iniset $GLANCE_API_CONF glance_store stores "file, http, rbd"
     iniset $GLANCE_API_CONF glance_store rbd_store_ceph_conf $CEPH_CONF_FILE

From 96c6b2deb33e67c1657e37fdcc8c6ec904674ed6 Mon Sep 17 00:00:00 2001
From: Joshua Harlow 
Date: Mon, 8 Jun 2015 16:48:49 -0700
Subject: [PATCH 0720/3421] Add automaton to lib/oslo and stackrc

Part of blueprint adopt-automaton

Change-Id: I520643b74aced431f7a46b7d7b94616bb2e6bf8e
---
 lib/oslo                     | 1 +
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index d9688a01cd..b195687bb7 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -22,6 +22,7 @@ set +o xtrace
 
 # Defaults
 # --------
+GITDIR["automaton"]=$DEST/automaton
 GITDIR["cliff"]=$DEST/cliff
 GITDIR["debtcollector"]=$DEST/debtcollector
 GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
diff --git a/stackrc b/stackrc
index f8add4b44d..b010a88d52 100644
--- a/stackrc
+++ b/stackrc
@@ -330,6 +330,10 @@ GITBRANCH["cliff"]=${CLIFF_BRANCH:-master}
 GITREPO["debtcollector"]=${DEBTCOLLECTOR_REPO:-${GIT_BASE}/openstack/debtcollector.git}
 GITBRANCH["debtcollector"]=${DEBTCOLLECTOR_BRANCH:-master}
 
+# helpful state machines
+GITREPO["automaton"]=${AUTOMATON_REPO:-${GIT_BASE}/openstack/automaton.git}
+GITBRANCH["automaton"]=${AUTOMATON_BRANCH:-master}
+
 # oslo.concurrency
 GITREPO["oslo.concurrency"]=${OSLOCON_REPO:-${GIT_BASE}/openstack/oslo.concurrency.git}
 GITBRANCH["oslo.concurrency"]=${OSLOCON_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 336a213bc5..83b7e10b81 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -39,7 +39,7 @@ ALL_LIBS+=" oslo.serialization python-saharaclient django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
-ALL_LIBS+=" debtcollector os-brick"
+ALL_LIBS+=" debtcollector os-brick automaton"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From e3a640d57327955aba491366d6e69349813897a8 Mon Sep 17 00:00:00 2001
From: Joshua Harlow 
Date: Mon, 8 Jun 2015 16:44:21 -0700
Subject: [PATCH 0721/3421] Add futurist to lib/oslo and stackrc

Part of blueprint adopt-futurist

Change-Id: I17e27a085c7c509bad6018016e90d0114543b073
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index b195687bb7..be26668dfb 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -25,6 +25,7 @@ set +o xtrace
 GITDIR["automaton"]=$DEST/automaton
 GITDIR["cliff"]=$DEST/cliff
 GITDIR["debtcollector"]=$DEST/debtcollector
+GITDIR["futurist"]=$DEST/futurist
 GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
 GITDIR["oslo.config"]=$DEST/oslo.config
 GITDIR["oslo.context"]=$DEST/oslo.context
@@ -63,6 +64,7 @@ function _do_install_oslo_lib {
 function install_oslo {
     _do_install_oslo_lib "cliff"
     _do_install_oslo_lib "debtcollector"
+    _do_install_oslo_lib "futurist"
     _do_install_oslo_lib "oslo.concurrency"
     _do_install_oslo_lib "oslo.config"
     _do_install_oslo_lib "oslo.context"
diff --git a/stackrc b/stackrc
index b010a88d52..c16a9997a4 100644
--- a/stackrc
+++ b/stackrc
@@ -326,6 +326,10 @@ GITDIR["python-openstackclient"]=$DEST/python-openstackclient
 GITREPO["cliff"]=${CLIFF_REPO:-${GIT_BASE}/openstack/cliff.git}
 GITBRANCH["cliff"]=${CLIFF_BRANCH:-master}
 
+# async framework/helpers
+GITREPO["futurist"]=${FUTURIST_REPO:-${GIT_BASE}/openstack/futurist.git}
+GITBRANCH["futurist"]=${FUTURIST_BRANCH:-master}
+
 # debtcollector deprecation framework/helpers
 GITREPO["debtcollector"]=${DEBTCOLLECTOR_REPO:-${GIT_BASE}/openstack/debtcollector.git}
 GITBRANCH["debtcollector"]=${DEBTCOLLECTOR_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 83b7e10b81..2f0b1febe4 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -39,7 +39,7 @@ ALL_LIBS+=" oslo.serialization python-saharaclient django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
-ALL_LIBS+=" debtcollector os-brick automaton"
+ALL_LIBS+=" debtcollector os-brick automaton futurist"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 03786b1cca196473d90c8ce0dc1c98a1b3081ac5 Mon Sep 17 00:00:00 2001
From: Dan Smith 
Date: Wed, 10 Jun 2015 11:31:51 -0700
Subject: [PATCH 0722/3421] Create and initialize the nova api_db

Going forward, nova will have another database at the API level (similar to how
current cells has an api-level cell, with its own database). This patch creates
and initializes it so that we can start testing the migrations with grenade.

Change-Id: I0dfae32102aeda9c5d17e134527b6a18f4b88014
---
 lib/nova | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/nova b/lib/nova
index 11fa2a0ba4..a9f335115d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -53,6 +53,7 @@ NOVA_CONF=$NOVA_CONF_DIR/nova.conf
 NOVA_CELLS_CONF=$NOVA_CONF_DIR/nova-cells.conf
 NOVA_FAKE_CONF=$NOVA_CONF_DIR/nova-fake.conf
 NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
+NOVA_API_DB=${NOVA_API_DB:-nova_api}
 
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
 # NOVA_API_VERSION valid options
@@ -471,6 +472,7 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT s3_port "$S3_SERVICE_PORT"
     iniset $NOVA_CONF DEFAULT my_ip "$HOST_IP"
     iniset $NOVA_CONF database connection `database_connection_url nova`
+    iniset $NOVA_CONF api_database connection `database_connection_url nova_api`
     iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x"
     iniset $NOVA_CONF osapi_v3 enabled "True"
 
@@ -675,6 +677,9 @@ function init_nova {
         if is_service_enabled n-cell; then
             recreate_database $NOVA_CELLS_DB
         fi
+
+        recreate_database $NOVA_API_DB
+        $NOVA_BIN_DIR/nova-manage api_db sync
     fi
 
     create_nova_cache_dir

From d1d6667c6b201d8c01f6b1d89660ceb4176de070 Mon Sep 17 00:00:00 2001
From: David Kranz 
Date: Thu, 11 Jun 2015 13:09:37 -0400
Subject: [PATCH 0723/3421] Enable the volume bootable feature flag that was
 added in kilo

Change-Id: I5f8e0154a8b654b4c65b95f8b5c03e1a9be9e137
---
 lib/tempest | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index c4ae05f534..0c451d3b55 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -451,6 +451,9 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions
 
     # Volume
+    # TODO(dkranz): Remove the bootable flag when Juno is end of life.
+    iniset $TEMPEST_CONFIG volume-feature-enabled bootable True
+
     local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
     if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then
         # Enabled extensions are either the ones explicitly specified or those available on the API endpoint

From 0f63eb3a37c547b4aa9027fb83cc444d60157adf Mon Sep 17 00:00:00 2001
From: Julien Danjou 
Date: Fri, 12 Jun 2015 09:05:12 +0200
Subject: [PATCH 0724/3421] Install PyMySQL if used

Change Ic609ce136061b753ca692b37509a0b29c60bb8b5 switched to PyMySQL by
default but does not make sure it is installed. This is causing gate
failure in Gnocchi for example:

  http://logs.openstack.org/25/186025/3/check/gate-gnocchi-dsvm-functional-file-mysql/eebd773/logs/devstacklog.txt.gz

Change-Id: I23d313220607fcc8acb95ab43f55b7d9899b9b1f
---
 lib/databases/mysql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 832c2ca6d7..f097fb21cb 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -165,6 +165,8 @@ function install_database_python_mysql {
     pip_install_gr $MYSQL_DRIVER
     if [[ "$MYSQL_DRIVER" == "MySQL-python" ]]; then
         ADDITIONAL_VENV_PACKAGES+=",MySQL-python"
+    elif [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then
+        ADDITIONAL_VENV_PACKAGES+=",PyMySQL"
     fi
 }
 

From de8d29ed8ce4a26b61cbee48f9fe5418d5416a06 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 12 Jun 2015 10:43:28 +0000
Subject: [PATCH 0725/3421] Revert "change the default to PyMYSQL"

The failure rate with neutron is too high to keep this
as the default.

Related-Bug: #1464612

This reverts commit b3798af474955368211a297ba85332fde5491993.

Change-Id: Ie9550aeb25d472a38e3d3ef6f3711622c9221c46
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 832c2ca6d7..7cd2856ae9 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -11,7 +11,7 @@
 MY_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
+MYSQL_DRIVER=${MYSQL_DRIVER:-MySQL-python}
 # Force over to pymysql driver by default if we are using it.
 if is_service_enabled mysql; then
     if [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then

From 987f83da5adcf5f8dd2b78a526613cc23a9cdfdd Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Mon, 1 Jun 2015 12:43:30 +0200
Subject: [PATCH 0726/3421] SUSE: Add dependencies for L3 agent

Change-Id: If3f4f5ab9a3072273d2f440718ce0c75fd71fdf1
---
 files/rpms-suse/q-l3 | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 files/rpms-suse/q-l3

diff --git a/files/rpms-suse/q-l3 b/files/rpms-suse/q-l3
new file mode 100644
index 0000000000..a7a190c063
--- /dev/null
+++ b/files/rpms-suse/q-l3
@@ -0,0 +1,2 @@
+conntrack-tools
+keepalived

From b3d8822ec835f1ca7eb5d9742b28f2ece480b387 Mon Sep 17 00:00:00 2001
From: armando-migliaccio 
Date: Fri, 12 Jun 2015 07:54:03 -0700
Subject: [PATCH 0727/3421] Revert "Revert "change the default to PyMYSQL""

Some projects (Neutron) seem to be affected more than others, so we should revert this
to allow for a more selective choice of the DB driver on a per project basis.

We can re-enable the use MySQL-python just for Neutron.

This reverts commit de8d29ed8ce4a26b61cbee48f9fe5418d5416a06.

Related-Bug: #1464612

Change-Id: I889f4f8b116c413b300ab9eecc7b428a9a4afb1a
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 7cd2856ae9..832c2ca6d7 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -11,7 +11,7 @@
 MY_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-MYSQL_DRIVER=${MYSQL_DRIVER:-MySQL-python}
+MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
 # Force over to pymysql driver by default if we are using it.
 if is_service_enabled mysql; then
     if [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then

From e155b894c8975f649cbbbc08675095fe728d0b69 Mon Sep 17 00:00:00 2001
From: armando-migliaccio 
Date: Fri, 12 Jun 2015 08:55:02 -0700
Subject: [PATCH 0728/3421] Set Neutron api_workers to $API_WORKERS

Change [1] brings back this feature in Neutron, so we want to have
the ability to set the number of API workers the same way other
projects do.

However, this cause some instability, so we need to be careful on
how we bring it back.

[1] https://review.openstack.org/#/c/191127/

Closes-Bug: #1432189
Related-bug: #1432065

Change-Id: Id4986a49d33fa4b8a7291150488665e200525dac
Co-authored-by: Russell Bryant 
---
 lib/neutron-legacy | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index dd67f45a39..3ac76a2586 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -463,6 +463,8 @@ function configure_neutron {
     fi
 
     _configure_neutron_debug_command
+
+    iniset $NEUTRON_CONF DEFAULT api_workers "$API_WORKERS"
 }
 
 function create_nova_conf_neutron {

From 13f655720d77149d908fcae7d0b7c6d377c972d5 Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Wed, 10 Jun 2015 14:34:22 -0400
Subject: [PATCH 0729/3421] Small fixes for running Nova services under Apache2

Following fixed were done:
1. Cleanup fixed.
2. API_WORKERS config option was added to nova config templates.
3. Nova API screen tabs were named as nova-api and nova-ec2-api.

Change-Id: I68dc6fd6c8aeffcec7f9039afd63bd1599c65682
---
 files/apache-nova-api.template     |  4 ++--
 files/apache-nova-ec2-api.template |  4 ++--
 lib/nova                           | 10 ++++++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/files/apache-nova-api.template b/files/apache-nova-api.template
index 70ccedddc8..301a3bdbdd 100644
--- a/files/apache-nova-api.template
+++ b/files/apache-nova-api.template
@@ -1,7 +1,7 @@
 Listen %PUBLICPORT%
 
 
-    WSGIDaemonProcess nova-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIDaemonProcess nova-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup nova-api
     WSGIScriptAlias / %PUBLICWSGI%
     WSGIApplicationGroup %{GLOBAL}
@@ -13,4 +13,4 @@ Listen %PUBLICPORT%
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
-
\ No newline at end of file
+
diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template
index ae4cf94a38..235d958d1a 100644
--- a/files/apache-nova-ec2-api.template
+++ b/files/apache-nova-ec2-api.template
@@ -1,7 +1,7 @@
 Listen %PUBLICPORT%
 
 
-    WSGIDaemonProcess nova-ec2-api processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIDaemonProcess nova-ec2-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup nova-ec2-api
     WSGIScriptAlias / %PUBLICWSGI%
     WSGIApplicationGroup %{GLOBAL}
@@ -13,4 +13,4 @@ Listen %PUBLICPORT%
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
-
\ No newline at end of file
+
diff --git a/lib/nova b/lib/nova
index a9f335115d..88b336a1be 100644
--- a/lib/nova
+++ b/lib/nova
@@ -232,6 +232,10 @@ function cleanup_nova {
     #if is_service_enabled n-cpu && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; then
     #    cleanup_nova_hypervisor
     #fi
+
+    if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
+        _cleanup_nova_apache_wsgi
+    fi
 }
 
 # _cleanup_nova_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
@@ -277,6 +281,7 @@ function _config_nova_apache_wsgi {
         s|%SSLKEYFILE%|$nova_keyfile|g;
         s|%USER%|$STACK_USER|g;
         s|%VIRTUALENV%|$venv_path|g
+        s|%APIWORKERS%|$API_WORKERS|g
     " -i $nova_apache_conf
 
     sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf
@@ -289,6 +294,7 @@ function _config_nova_apache_wsgi {
         s|%SSLKEYFILE%|$nova_keyfile|g;
         s|%USER%|$STACK_USER|g;
         s|%VIRTUALENV%|$venv_path|g
+        s|%APIWORKERS%|$API_WORKERS|g
     " -i $nova_ec2_apache_conf
 }
 
@@ -761,8 +767,8 @@ function start_nova_api {
         enable_apache_site nova-api
         enable_apache_site nova-ec2-api
         restart_apache_server
-        tail_log nova /var/log/$APACHE_NAME/nova-api.log
-        tail_log nova /var/log/$APACHE_NAME/nova-ec2-api.log
+        tail_log nova-api /var/log/$APACHE_NAME/nova-api.log
+        tail_log nova-ec2-api /var/log/$APACHE_NAME/nova-ec2-api.log
     else
         run_process n-api "$NOVA_BIN_DIR/nova-api"
     fi

From 6bc089fce03e1b29405224eeed4761f08339255a Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Mon, 1 Jun 2015 12:39:12 +0200
Subject: [PATCH 0730/3421] Cinder: On SUSE, avoid restarting tgt

There is a known bug that restart tgtd fails, so go the
workaround way and stopping/starting it instead.

In addition, remove the else case since unstack also
uses cleanup_cinder, which already unconditionally supports
all distros.

Change-Id: Ib70917a95f001ef36a51815f08416fa30084aad6
---
 lib/cinder | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index b8cf8090dc..ade3b82c3a 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -432,12 +432,13 @@ function start_cinder {
             _configure_tgt_for_config_d
             if is_ubuntu; then
                 sudo service tgt restart
-            elif is_fedora || is_suse; then
-                restart_service tgtd
+            elif is_suse; then
+                # NOTE(dmllr): workaround restart bug
+                # https://bugzilla.suse.com/show_bug.cgi?id=934642
+                stop_service tgtd
+                start_service tgtd
             else
-                # note for other distros: unstack.sh also uses the tgt/tgtd service
-                # name, and would need to be adjusted too
-                exit_distro_not_supported "restarting tgt"
+                restart_service tgtd
             fi
             # NOTE(gfidente): ensure tgtd is running in debug mode
             sudo tgtadm --mode system --op update --name debug --value on

From b632c9ef81090e210fee27346c6e1f2b4f3bedec Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Thu, 28 May 2015 23:36:15 +0000
Subject: [PATCH 0731/3421] Use keystone v3 API for projects

Always use the keystone v3 API for project creation. Make domain a
required argument. Whilst we could simply default this value within the
function I think it's better to make this explicit as these are things
deployers and services need to consider.

In future we will want to figure out how we want devstack to organize domains
however I don't believe that it belongs in this patch.

Change-Id: Ib9587193c5c8419dc4b5a608246709baaddd2a52
Implements: bp keystonev3
---
 functions-common | 15 ++++++---------
 lib/ironic       |  2 +-
 lib/keystone     |  8 ++++----
 lib/swift        |  4 ++--
 lib/tempest      |  2 +-
 5 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/functions-common b/functions-common
index 3a2f5f7f41..33245fbc3d 100644
--- a/functions-common
+++ b/functions-common
@@ -720,18 +720,15 @@ function get_or_create_user {
 }
 
 # Gets or creates project
-# Usage: get_or_create_project  []
+# Usage: get_or_create_project  
 function get_or_create_project {
-    # Gets project id
-    local os_cmd="openstack"
-    local domain=""
-    if [[ ! -z "$2" ]]; then
-        domain="--domain=$2"
-        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
-    fi
     local project_id=$(
         # Creates new project with --or-show
-        $os_cmd project create $1 $domain --or-show -f value -c id
+        openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            project create $1 \
+            --domain=$2 \
+            --or-show -f value -c id
     )
     echo $project_id
 }
diff --git a/lib/ironic b/lib/ironic
index 4984be1861..40a3460f1f 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -366,7 +366,7 @@ function configure_ironic_conductor {
         fi
         iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
         iniset $IRONIC_CONF_FILE glance swift_api_version v1
-        local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME)
+        local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default)
         iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
         iniset $IRONIC_CONF_FILE glance swift_container glance
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
diff --git a/lib/keystone b/lib/keystone
index 7a949cf96f..90ff31a54c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -357,13 +357,13 @@ function configure_keystone_extensions {
 function create_keystone_accounts {
 
     # admin
-    local admin_tenant=$(get_or_create_project "admin")
+    local admin_tenant=$(get_or_create_project "admin" default)
     local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
     local admin_role=$(get_or_create_role "admin")
     get_or_add_user_project_role $admin_role $admin_user $admin_tenant
 
     # Create service project/role
-    get_or_create_project "$SERVICE_TENANT_NAME"
+    get_or_create_project "$SERVICE_TENANT_NAME" default
 
     # Service role, so service users do not have to be admins
     get_or_create_role service
@@ -382,10 +382,10 @@ function create_keystone_accounts {
     local another_role=$(get_or_create_role "anotherrole")
 
     # invisible tenant - admin can't see this one
-    local invis_tenant=$(get_or_create_project "invisible_to_admin")
+    local invis_tenant=$(get_or_create_project "invisible_to_admin" default)
 
     # demo
-    local demo_tenant=$(get_or_create_project "demo")
+    local demo_tenant=$(get_or_create_project "demo" default)
     local demo_user=$(get_or_create_user "demo" \
         "$ADMIN_PASSWORD" "demo@example.com")
 
diff --git a/lib/swift b/lib/swift
index 820042d972..420350b95e 100644
--- a/lib/swift
+++ b/lib/swift
@@ -616,7 +616,7 @@ function create_swift_accounts {
             "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
     fi
 
-    local swift_tenant_test1=$(get_or_create_project swifttenanttest1)
+    local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
     SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
@@ -626,7 +626,7 @@ function create_swift_accounts {
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
     get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
 
-    local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
+    local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
 
     local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
diff --git a/lib/tempest b/lib/tempest
index c4ae05f534..4e7133a0db 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -546,7 +546,7 @@ function create_tempest_accounts {
     if is_service_enabled tempest; then
         # Tempest has some tests that validate various authorization checks
         # between two regular users in separate tenants
-        get_or_create_project alt_demo
+        get_or_create_project alt_demo default
         get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
         get_or_add_user_project_role Member alt_demo alt_demo
     fi

From 9d7e776b704d0fa54b2bf6543d054ab0118f5806 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 29 May 2015 01:08:53 +0000
Subject: [PATCH 0732/3421] Use Keystone v3 API for user creation

This includes requiring a domain when creating a user. This will allow us to
control where users are created in a later patch.

Adding the token to the user creation call is required because of a bad
interaction between OpenStackClient, os-client-config and keystoneclient
when dealing with v2 authentication but v3 API calls. It will be cleaned
up when we switch to v3 credentials.

Change-Id: I6ef50fd384d423bc0f13ee1016a8bdbb0650ecd9
Implements: bp keystonev3
---
 functions-common | 23 +++++++++--------------
 lib/glance       |  2 +-
 lib/keystone     |  6 +++---
 lib/swift        | 12 ++++++++----
 lib/tempest      |  2 +-
 stack.sh         |  3 +++
 6 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/functions-common b/functions-common
index 33245fbc3d..48c0c75637 100644
--- a/functions-common
+++ b/functions-common
@@ -675,9 +675,8 @@ function get_or_create_domain {
 }
 
 # Gets or creates group
-# Usage: get_or_create_group  [ ]
+# Usage: get_or_create_group   []
 function get_or_create_group {
-    local domain=${2:+--domain ${2}}
     local desc="${3:-}"
     local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets group id
@@ -685,34 +684,30 @@ function get_or_create_group {
         # Creates new group with --or-show
         openstack --os-token=$OS_TOKEN --os-url=$os_url \
             --os-identity-api-version=3 group create $1 \
-            $domain --description "$desc" --or-show \
+            --domain $2 --description "$desc" --or-show \
             -f value -c id
     )
     echo $group_id
 }
 
 # Gets or creates user
-# Usage: get_or_create_user   [ []]
+# Usage: get_or_create_user    []
 function get_or_create_user {
-    if [[ ! -z "$3" ]]; then
-        local email="--email=$3"
+    if [[ ! -z "$4" ]]; then
+        local email="--email=$4"
     else
         local email=""
     fi
-    local os_cmd="openstack"
-    local domain=""
-    if [[ ! -z "$4" ]]; then
-        domain="--domain=$4"
-        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
-    fi
     # Gets user id
     local user_id=$(
         # Creates new user with --or-show
-        $os_cmd user create \
+        openstack user create \
             $1 \
             --password "$2" \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            --domain=$3 \
             $email \
-            $domain \
             --or-show \
             -f value -c id
     )
diff --git a/lib/glance b/lib/glance
index 016ade3479..2fae002049 100644
--- a/lib/glance
+++ b/lib/glance
@@ -254,7 +254,7 @@ function create_glance_accounts {
         if is_service_enabled s-proxy; then
 
             local glance_swift_user=$(get_or_create_user "glance-swift" \
-                "$SERVICE_PASSWORD" "glance-swift@example.com")
+                "$SERVICE_PASSWORD" "default" "glance-swift@example.com")
             get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
         fi
 
diff --git a/lib/keystone b/lib/keystone
index 90ff31a54c..c33d466c6c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -358,7 +358,7 @@ function create_keystone_accounts {
 
     # admin
     local admin_tenant=$(get_or_create_project "admin" default)
-    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
+    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
     local admin_role=$(get_or_create_role "admin")
     get_or_add_user_project_role $admin_role $admin_user $admin_tenant
 
@@ -387,7 +387,7 @@ function create_keystone_accounts {
     # demo
     local demo_tenant=$(get_or_create_project "demo" default)
     local demo_user=$(get_or_create_user "demo" \
-        "$ADMIN_PASSWORD" "demo@example.com")
+        "$ADMIN_PASSWORD" "default" "demo@example.com")
 
     get_or_add_user_project_role $member_role $demo_user $demo_tenant
     get_or_add_user_project_role $admin_role $admin_user $demo_tenant
@@ -426,7 +426,7 @@ function create_keystone_accounts {
 function create_service_user {
     local role=${2:-service}
 
-    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")
+    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
     get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
 }
 
diff --git a/lib/swift b/lib/swift
index 420350b95e..0cd51aaddf 100644
--- a/lib/swift
+++ b/lib/swift
@@ -618,18 +618,21 @@ function create_swift_accounts {
 
     local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
-    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
+    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
+                        "default" "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
     get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
 
-    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
+    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
+                                "default" "test3@example.com")
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
     get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
 
     local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
 
-    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
+    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
+                                "default" "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
     get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
 
@@ -639,7 +642,8 @@ function create_swift_accounts {
     local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
     die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
 
-    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
+    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
+                                $swift_domain "test4@example.com")
     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
     get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
 }
diff --git a/lib/tempest b/lib/tempest
index 4e7133a0db..f3703a072a 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -547,7 +547,7 @@ function create_tempest_accounts {
         # Tempest has some tests that validate various authorization checks
         # between two regular users in separate tenants
         get_or_create_project alt_demo default
-        get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
+        get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
         get_or_add_user_project_role Member alt_demo alt_demo
     fi
 }
diff --git a/stack.sh b/stack.sh
index dc79fa94f7..489fbe446c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1006,6 +1006,9 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
+    # force set to use v2 identity authentication even with v3 commands
+    export OS_AUTH_TYPE=v2password
+
     # Set up password auth credentials now that Keystone is bootstrapped
     export OS_AUTH_URL=$SERVICE_ENDPOINT
     export OS_TENANT_NAME=admin

From 37eca48970106abb9b982af4f1262bcb227411ea Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 16 Jun 2015 07:19:22 -0400
Subject: [PATCH 0733/3421] remove non RabbitMQ messaging

Part of what was decided at summit is devstack needs to return to a
more opinionated stance, the following removes support for non
RabbitMQ messaging. RabbitMQ is used by over 95% of our community
(statistically all of it), so it's a pretty clear line to draw that
this shouldn't be in tree.

iniset_rpc_backend will be our stable hook for other projects that
want to implement this out of tree. The burden on creating those out
of tree plugins will be on those that wish to support those
alternative stacks.

Change-Id: I8073a895c03ec927a2598eff6c2f01e5c82606fc
---
 README.md               |  16 ---
 doc/source/faq.rst      |   2 +-
 files/debs/neutron      |   2 -
 files/debs/nova         |   2 -
 files/debs/qpid         |   1 -
 files/rpms-suse/neutron |   3 -
 files/rpms-suse/nova    |   4 -
 files/rpms/neutron      |   1 -
 files/rpms/nova         |   1 -
 files/rpms/qpid         |   3 -
 functions-common        |   2 +-
 lib/glance              |   8 +-
 lib/rpc_backend         | 271 ++--------------------------------------
 lib/zaqar               |   7 +-
 stack.sh                |  13 --
 15 files changed, 16 insertions(+), 320 deletions(-)
 delete mode 100644 files/debs/qpid
 delete mode 100644 files/rpms/qpid

diff --git a/README.md b/README.md
index 455e1c69c6..ebcb0184e5 100644
--- a/README.md
+++ b/README.md
@@ -115,22 +115,6 @@ following in the `localrc` section:
 
 `mysql` is the default database.
 
-# RPC Backend
-
-Multiple RPC backends are available. Currently, this
-includes RabbitMQ (default), Qpid, and ZeroMQ. Your backend of
-choice may be selected via the `localrc` section.
-
-Note that selecting more than one RPC backend will result in a failure.
-
-Example (ZeroMQ):
-
-    ENABLED_SERVICES="$ENABLED_SERVICES,-rabbit,-qpid,zeromq"
-
-Example (Qpid):
-
-    ENABLED_SERVICES="$ENABLED_SERVICES,-rabbit,-zeromq,qpid"
-
 # Apache Frontend
 
 Apache web server can be enabled for wsgi services that support being deployed
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 0437ec26d5..be81f5d863 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -88,7 +88,7 @@ Q: Is enabling a service that defaults to off done with the reverse of the above
 
     ::
 
-        enable_service qpid
+        enable_service q-svc
 
 Q: How do I run a specific OpenStack milestone?
    A: OpenStack milestones have tags set in the git repo. Set the
diff --git a/files/debs/neutron b/files/debs/neutron
index 2d69a71c3a..b5a457e482 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -9,11 +9,9 @@ sudo
 postgresql-server-dev-all
 python-mysqldb
 python-mysql.connector
-python-qpid # NOPRIME
 dnsmasq-base
 dnsmasq-utils # for dhcp_release only available in dist:precise
 rabbitmq-server # NOPRIME
-qpidd # NOPRIME
 sqlite3
 vlan
 radvd # NOPRIME
diff --git a/files/debs/nova b/files/debs/nova
index 9d9acde3e9..346b8b337a 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -24,10 +24,8 @@ vlan
 curl
 genisoimage # required for config_drive
 rabbitmq-server # NOPRIME
-qpidd # NOPRIME
 socat # used by ajaxterm
 python-libvirt # NOPRIME
 python-libxml2
 python-numpy # used by websockify for spice console
 python-m2crypto
-python-qpid # NOPRIME
diff --git a/files/debs/qpid b/files/debs/qpid
deleted file mode 100644
index e3bbf0961c..0000000000
--- a/files/debs/qpid
+++ /dev/null
@@ -1 +0,0 @@
-sasl2-bin # NOPRIME
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index e75db89ddf..133979911e 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -11,6 +11,3 @@ sqlite3
 sudo
 vlan
 radvd # NOPRIME
-
-# FIXME: qpid is not part of openSUSE, those names are tentative
-qpidd # NOPRIME
diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova
index 6f8aef1027..039456fc1b 100644
--- a/files/rpms-suse/nova
+++ b/files/rpms-suse/nova
@@ -22,7 +22,3 @@ socat
 sqlite3
 sudo
 vlan
-
-# FIXME: qpid is not part of openSUSE, those names are tentative
-python-qpid # NOPRIME
-qpidd # NOPRIME
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 8292e7bffe..29851bea9b 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -11,7 +11,6 @@ mysql-server # NOPRIME
 openvswitch # NOPRIME
 postgresql-devel
 rabbitmq-server # NOPRIME
-qpid-cpp-server        # NOPRIME
 sqlite
 sudo
 radvd # NOPRIME
diff --git a/files/rpms/nova b/files/rpms/nova
index ebd667454a..6a20940bd4 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -22,6 +22,5 @@ mysql-server # NOPRIME
 parted
 polkit
 rabbitmq-server # NOPRIME
-qpid-cpp-server # NOPRIME
 sqlite
 sudo
diff --git a/files/rpms/qpid b/files/rpms/qpid
deleted file mode 100644
index 41dd2f69f9..0000000000
--- a/files/rpms/qpid
+++ /dev/null
@@ -1,3 +0,0 @@
-qpid-proton-c-devel # NOPRIME
-cyrus-sasl-lib # NOPRIME
-cyrus-sasl-plain # NOPRIME
diff --git a/functions-common b/functions-common
index 3a2f5f7f41..8f1031139d 100644
--- a/functions-common
+++ b/functions-common
@@ -1671,7 +1671,7 @@ function disable_service {
 # ``ENABLED_SERVICES`` list, if they are not already present.
 #
 # For example:
-#   enable_service qpid
+#   enable_service q-svc
 #
 # This function does not know about the special cases
 # for nova, glance, and neutron built into is_service_enabled().
diff --git a/lib/glance b/lib/glance
index 016ade3479..9db25aef06 100644
--- a/lib/glance
+++ b/lib/glance
@@ -112,9 +112,7 @@ function configure_glance {
     iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS"
     iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
     configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
-    if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
-        iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
-    fi
+    iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
     iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
 
     cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
@@ -125,9 +123,7 @@ function configure_glance {
     iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
     iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
     configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
-    if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
-        iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
-    fi
+    iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
     iniset_rpc_backend glance $GLANCE_API_CONF
     if [ "$VIRT_DRIVER" = 'xenserver' ]; then
         iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 33ab03d664..03eacd8674 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -1,72 +1,32 @@
 #!/bin/bash
 #
 # lib/rpc_backend
-# Interface for interactig with different RPC backends
+# Interface for installing RabbitMQ on the system
 
 # Dependencies:
 #
 # - ``functions`` file
 # - ``RABBIT_{HOST|PASSWORD|USERID}`` must be defined when RabbitMQ is used
-# - ``RPC_MESSAGING_PROTOCOL`` option for configuring the messaging protocol
 
 # ``stack.sh`` calls the entry points in this order:
 #
 # - check_rpc_backend
 # - install_rpc_backend
 # - restart_rpc_backend
-# - iniset_rpc_backend
+# - iniset_rpc_backend (stable interface)
+#
+# Note: if implementing an out of tree plugin for an RPC backend, you
+# should install all services through normal plugin methods, then
+# redefine ``iniset_rpc_backend`` in your code. That's the one portion
+# of this file which is a standard interface.
 
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
-RPC_MESSAGING_PROTOCOL=${RPC_MESSAGING_PROTOCOL:-0.9}
-
-# TODO(sdague): RPC backend selection is super wonky because we treat
-# messaging server as a service, which it really isn't for multi host
-QPID_HOST=${QPID_HOST:-}
-
-
 # Functions
 # ---------
 
-# Make sure we only have one rpc backend enabled.
-# Also check the specified rpc backend is available on your platform.
-function check_rpc_backend {
-    local c svc
-
-    local rpc_needed=1
-    # We rely on the fact that filenames in lib/* match the service names
-    # that can be passed as arguments to is_service_enabled.
-    # We check for a call to iniset_rpc_backend in these files, meaning
-    # the service needs a backend.
-    rpc_candidates=$(grep -rl iniset_rpc_backend $TOP_DIR/lib/ | awk -F/ '{print $NF}')
-    for c in ${rpc_candidates}; do
-        if is_service_enabled $c; then
-            rpc_needed=0
-            break
-        fi
-    done
-    local rpc_backend_cnt=0
-    for svc in qpid zeromq rabbit; do
-        is_service_enabled $svc &&
-        (( rpc_backend_cnt++ )) || true
-    done
-    if [ "$rpc_backend_cnt" -gt 1 ]; then
-        echo "ERROR: only one rpc backend may be enabled,"
-        echo "       set only one of 'rabbit', 'qpid', 'zeromq'"
-        echo "       via ENABLED_SERVICES."
-    elif [ "$rpc_backend_cnt" == 0 ] && [ "$rpc_needed" == 0 ]; then
-        echo "ERROR: at least one rpc backend must be enabled,"
-        echo "       set one of 'rabbit', 'qpid', 'zeromq'"
-        echo "       via ENABLED_SERVICES."
-    fi
-
-    if is_service_enabled qpid && ! qpid_is_supported; then
-        die $LINENO "Qpid support is not available for this version of your distribution."
-    fi
-}
-
 # clean up after rpc backend - eradicate all traces so changing backends
 # produces a clean switch
 function cleanup_rpc_backend {
@@ -79,110 +39,14 @@ function cleanup_rpc_backend {
             # And the Erlang runtime too
             apt_get purge -y erlang*
         fi
-    elif is_service_enabled qpid; then
-        if is_fedora; then
-            uninstall_package qpid-cpp-server
-        elif is_ubuntu; then
-            uninstall_package qpidd
-        else
-            exit_distro_not_supported "qpid installation"
-        fi
-    elif is_service_enabled zeromq; then
-        if is_fedora; then
-            uninstall_package zeromq python-zmq
-            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-                uninstall_package redis python-redis
-            fi
-        elif is_ubuntu; then
-            uninstall_package libzmq1 python-zmq
-            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-                uninstall_package redis-server python-redis
-            fi
-        elif is_suse; then
-            uninstall_package libzmq1 python-pyzmq
-            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-                uninstall_package redis python-redis
-            fi
-        else
-            exit_distro_not_supported "zeromq installation"
-        fi
-    fi
-
-    # Remove the AMQP 1.0 messaging libraries
-    if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
-        if is_fedora; then
-            uninstall_package qpid-proton-c-devel
-            uninstall_package python-qpid-proton
-        fi
-        # TODO(kgiusti) ubuntu cleanup
     fi
 }
 
 # install rpc backend
 function install_rpc_backend {
-    # Regardless of the broker used, if AMQP 1.0 is configured load
-    # the necessary messaging client libraries for oslo.messaging
-    if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
-        if is_fedora; then
-            install_package qpid-proton-c-devel
-            install_package python-qpid-proton
-        elif is_ubuntu; then
-            # TODO(kgiusti) The QPID AMQP 1.0 protocol libraries
-            # are not yet in the ubuntu repos. Enable these installs
-            # once they are present:
-            #install_package libqpid-proton2-dev
-            #install_package python-qpid-proton
-            # Also add 'uninstall' directives in cleanup_rpc_backend()!
-            exit_distro_not_supported "QPID AMQP 1.0 Proton libraries"
-        else
-            exit_distro_not_supported "QPID AMQP 1.0 Proton libraries"
-        fi
-        # Install pyngus client API
-        # TODO(kgiusti) can remove once python qpid bindings are
-        # available on all supported platforms _and_ pyngus is added
-        # to the requirements.txt file in oslo.messaging
-        pip_install_gr pyngus
-    fi
-
     if is_service_enabled rabbit; then
         # Install rabbitmq-server
         install_package rabbitmq-server
-    elif is_service_enabled qpid; then
-        if is_fedora; then
-            install_package qpid-cpp-server
-        elif is_ubuntu; then
-            install_package qpidd
-        else
-            exit_distro_not_supported "qpid installation"
-        fi
-        _configure_qpid
-    elif is_service_enabled zeromq; then
-        if is_fedora; then
-            install_package zeromq python-zmq
-            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-                install_package redis python-redis
-            fi
-        elif is_ubuntu; then
-            install_package libzmq1 python-zmq
-            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-                install_package redis-server python-redis
-            fi
-        elif is_suse; then
-            install_package libzmq1 python-pyzmq
-            if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-                install_package redis python-redis
-            fi
-        else
-            exit_distro_not_supported "zeromq installation"
-        fi
-        # Necessary directory for socket location.
-        sudo mkdir -p /var/run/openstack
-        sudo chown $STACK_USER /var/run/openstack
-    fi
-
-    # If using the QPID broker, install the QPID python client API
-    if is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
-        install_package python-qpid
     fi
 }
 
@@ -232,17 +96,12 @@ function restart_rpc_backend {
                 sudo rabbitmqctl set_permissions -p child_cell $RABBIT_USERID ".*" ".*" ".*"
             fi
         fi
-    elif is_service_enabled qpid; then
-        echo_summary "Starting qpid"
-        restart_service qpidd
     fi
 }
 
 # builds transport url string
 function get_transport_url {
-    if is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
-        echo "qpid://$QPID_USERNAME:$QPID_PASSWORD@$QPID_HOST:5672/"
-    elif is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
+    if is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
         echo "rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672/"
     fi
 }
@@ -252,29 +111,7 @@ function iniset_rpc_backend {
     local package=$1
     local file=$2
     local section=${3:-DEFAULT}
-    if is_service_enabled zeromq; then
-        iniset $file $section rpc_backend "zmq"
-        iniset $file $section rpc_zmq_host `hostname`
-        if [ "$ZEROMQ_MATCHMAKER" == "redis" ]; then
-            iniset $file $section rpc_zmq_matchmaker "redis"
-            MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
-            iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
-        else
-            die $LINENO "Other matchmaker drivers not supported"
-        fi
-    elif is_service_enabled qpid || [ -n "$QPID_HOST" ]; then
-        # For Qpid use the 'amqp' oslo.messaging transport when AMQP 1.0 is used
-        if [ "$RPC_MESSAGING_PROTOCOL" == "AMQP1" ]; then
-            iniset $file $section rpc_backend "amqp"
-        else
-            iniset $file $section rpc_backend "qpid"
-        fi
-        iniset $file $section qpid_hostname ${QPID_HOST:-$SERVICE_HOST}
-        if [ -n "$QPID_USERNAME" ]; then
-            iniset $file $section qpid_username $QPID_USERNAME
-            iniset $file $section qpid_password $QPID_PASSWORD
-        fi
-    elif is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
+    if is_service_enabled rabbit || { [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; }; then
         iniset $file $section rpc_backend "rabbit"
         iniset $file oslo_messaging_rabbit rabbit_hosts $RABBIT_HOST
         iniset $file oslo_messaging_rabbit rabbit_password $RABBIT_PASSWORD
@@ -288,17 +125,6 @@ function iniset_rpc_backend {
     fi
 }
 
-# Check if qpid can be used on the current distro.
-# qpid_is_supported
-function qpid_is_supported {
-    if [[ -z "$DISTRO" ]]; then
-        GetDistro
-    fi
-
-    # Qpid is not in openSUSE
-    ( ! is_suse )
-}
-
 function rabbit_setuser {
     local user="$1" pass="$2" found="" out=""
     out=$(sudo rabbitmqctl list_users) ||
@@ -314,85 +140,6 @@ function rabbit_setuser {
     sudo rabbitmqctl set_permissions "$user" ".*" ".*" ".*"
 }
 
-# Set up the various configuration files used by the qpidd broker
-function _configure_qpid {
-
-    # the location of the configuration files have changed since qpidd 0.14
-    local qpid_conf_file
-    if [ -e /etc/qpid/qpidd.conf ]; then
-        qpid_conf_file=/etc/qpid/qpidd.conf
-    elif [ -e /etc/qpidd.conf ]; then
-        qpid_conf_file=/etc/qpidd.conf
-    else
-        exit_distro_not_supported "qpidd.conf file not found!"
-    fi
-
-    # force the ACL file to a known location
-    local qpid_acl_file=/etc/qpid/qpidd.acl
-    if [ ! -e $qpid_acl_file ]; then
-        sudo mkdir -p -m 755 `dirname $qpid_acl_file`
-        sudo touch $qpid_acl_file
-        sudo chmod o+r $qpid_acl_file
-    fi
-    sudo sed -i.bak '/^acl-file=/d' $qpid_conf_file
-    echo "acl-file=$qpid_acl_file" | sudo tee --append $qpid_conf_file
-
-    sudo sed -i '/^auth=/d' $qpid_conf_file
-    if [ -z "$QPID_USERNAME" ]; then
-        # no QPID user configured, so disable authentication
-        # and access control
-        echo "auth=no" | sudo tee --append $qpid_conf_file
-        cat <
Date: Tue, 16 Jun 2015 23:25:17 +0530
Subject: [PATCH 0734/3421] Invoke Heat via console script generated binaries

Depends-On: Ic8f5b8dc85098de752bbf673c4b15c06fdc4162a
Change-Id: Iffb6d09bfef593d854b38e68200ae6039c4727e7
---
 lib/heat | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/heat b/lib/heat
index 5cb0dbf6d9..373b810f4a 100644
--- a/lib/heat
+++ b/lib/heat
@@ -53,6 +53,8 @@ HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
 HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
 HEAT_API_PORT=${HEAT_API_PORT:-8004}
 
+# Support entry points installation of console scripts
+HEAT_BIN_DIR=$(get_python_exec_prefix)
 
 # other default options
 if [[ "$HEAT_STANDALONE" = "True" ]]; then
@@ -190,7 +192,7 @@ function init_heat {
     # (re)create heat database
     recreate_database heat
 
-    $HEAT_DIR/bin/heat-manage db_sync
+    $HEAT_BIN_DIR/heat-manage db_sync
     create_heat_cache_dir
 }
 
@@ -227,10 +229,10 @@ function install_heat_other {
 
 # start_heat() - Start running processes, including screen
 function start_heat {
-    run_process h-eng "$HEAT_DIR/bin/heat-engine --config-file=$HEAT_CONF"
-    run_process h-api "$HEAT_DIR/bin/heat-api --config-file=$HEAT_CONF"
-    run_process h-api-cfn "$HEAT_DIR/bin/heat-api-cfn --config-file=$HEAT_CONF"
-    run_process h-api-cw "$HEAT_DIR/bin/heat-api-cloudwatch --config-file=$HEAT_CONF"
+    run_process h-eng "$HEAT_BIN_DIR/heat-engine --config-file=$HEAT_CONF"
+    run_process h-api "$HEAT_BIN_DIR/heat-api --config-file=$HEAT_CONF"
+    run_process h-api-cfn "$HEAT_BIN_DIR/heat-api-cfn --config-file=$HEAT_CONF"
+    run_process h-api-cw "$HEAT_BIN_DIR/heat-api-cloudwatch --config-file=$HEAT_CONF"
 }
 
 # stop_heat() - Stop running processes

From 1987fcc8a31478911d6c815eb0a94afcf9fa5788 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Wed, 10 Jun 2015 11:00:59 -0400
Subject: [PATCH 0735/3421] Replace pip-installed requests CA bundle with link

If the version of python-requests required is higher than
that provided by the operating system, pip will install
it from upstream.

The upstream version provides its own CA certificate bundle
based on the Mozilla bundle, and defaults to that in case
a CA certificate file is not specified for a request.

The distribution-specific packages point to the system-wide
CA bundle that can be managed by tools such as
update-ca-trust (Fedora/RHEL) and update-ca-certificates
(Debian/Ubuntu).

When installing in SSL/TLS mode, either with SSL=True or by
adding tls-proxy to ENABLED_SERVICES, if a non-systemwide
CA bundle is used, then the CA generated by devstack will
not be used causing the installation to fail.

Replace the upstream-provided bundle with a link to the
system bundle when possible.

Change-Id: I651aec93398d583dcdc8323503792df7ca05a7e7
Closes-Bug: #1459789
---
 lib/tls | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/tls b/lib/tls
index 09f1c2dfdd..8ff2027819 100644
--- a/lib/tls
+++ b/lib/tls
@@ -202,6 +202,7 @@ subjectAltName          = \$ENV::SUBJECT_ALT_NAME
 # Create root and intermediate CAs
 # init_CA
 function init_CA {
+    fix_system_ca_bundle_path
     # Ensure CAs are built
     make_root_CA $ROOT_CA_DIR
     make_int_CA $INT_CA_DIR $ROOT_CA_DIR
@@ -338,6 +339,29 @@ function make_root_CA {
         -outform PEM
 }
 
+# If a non-system python-requests is installed then it will use the
+# built-in CA certificate store rather than the distro-specific
+# CA certificate store. Detect this and symlink to the correct
+# one. If the value for the CA is not rooted in /etc then we know
+# we need to change it.
+function fix_system_ca_bundle_path {
+    if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
+        local capath=$(python -c $'try:\n from requests import certs\n print certs.where()\nexcept ImportError: pass')
+
+        if [[ ! $capath == "" && ! $capath =~ ^/etc/.* && ! -L $capath ]]; then
+            if is_fedora; then
+                sudo rm -f $capath
+                sudo ln -s /etc/pki/tls/certs/ca-bundle.crt $capath
+            elif is_ubuntu; then
+                sudo rm -f $capath
+                sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath
+            else
+                echo "Don't know how to set the CA bundle, expect the install to fail."
+            fi
+        fi
+    fi
+}
+
 
 # Certificate Input Configuration
 # ===============================

From 40fc66324c94a54263c63e70e8f427940c04a0a7 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Wed, 17 Jun 2015 16:39:37 +0000
Subject: [PATCH 0736/3421] Remove debugging artifacts

The change in 027e2ea741bdbcb6e1afc3fe527c3fdf045825c3 included some
debugging code that should have been removed before being added. This
removes it.

Change-Id: Ia56e1eb7305683b6c00b27a727fc8e094c65a963
---
 lib/ceilometer | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index f6f605b686..90c7705743 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -156,8 +156,6 @@ function _cleanup_ceilometer_apache_wsgi {
 # runs that a clean run would need to clean up
 function cleanup_ceilometer {
     if [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
-        echo "### cleaning database"
-        read
         mongo ceilometer --eval "db.dropDatabase();"
     elif [ "$CEILOMETER_BACKEND" = 'es' ] ; then
         curl -XDELETE "localhost:9200/events_*"

From ccd4c2e1775a214967ca287729facfc21bd4e59d Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Wed, 17 Jun 2015 16:42:43 +0000
Subject: [PATCH 0737/3421] Install python-libvirt for ceilometer only if n-cpu
 enabled

Nova is responsible for installing the libvirt package (if it is being
used). It is required by python-libvirt but python-libvirt only required
in ceilometer if nova compute is being used. There are some usage
scenarios where nova compute is not being used so in that case don't
install python-libvirt.

Change-Id: I0db66f1c0526e24ade98de85989a5ed8d37f0c4f
---
 lib/ceilometer | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 90c7705743..a577ee9ca8 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -334,12 +334,15 @@ function install_ceilometer {
         pip_install_gr pymongo
     fi
 
-    if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
-        pip_install_gr libvirt-python
-    fi
+    # Only install virt drivers if we're running nova compute
+    if is_service_enabled n-cpu ; then
+        if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
+            pip_install_gr libvirt-python
+        fi
 
-    if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-        pip_instal_gr oslo.vmware
+        if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
+            pip_instal_gr oslo.vmware
+        fi
     fi
 
     if [ "$CEILOMETER_BACKEND" = 'es' ] ; then

From f553ce24ea1fa860d19b5dfb14c286614552d509 Mon Sep 17 00:00:00 2001
From: Robert Collins 
Date: Wed, 17 Jun 2015 13:52:20 +1200
Subject: [PATCH 0738/3421] Actually install the requirements repo.

The requirements repo has had a setup.cfg etc for a long time but only
recently started using it. As it now has dependencies, we need to pip
install it. To preserve compat with older requirements repos I haven't
changed the call to invoke update-requirements yet, as we still have
the update.py symlink.

The pbr install is moved before requirements to ensure we don't
trigger easy-install.

Change-Id: I7d7e91694c9145fac0ddab8a9de5f789d723c641
---
 lib/infra | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/infra b/lib/infra
index c825b4ee56..5fb185fd6a 100644
--- a/lib/infra
+++ b/lib/infra
@@ -29,9 +29,6 @@ REQUIREMENTS_DIR=$DEST/requirements
 
 # install_infra() - Collect source and prepare
 function install_infra {
-    # bring down global requirements
-    git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
-
     # Install pbr
     if use_library_from_git "pbr"; then
         git_clone_by_name "pbr"
@@ -41,6 +38,10 @@ function install_infra {
         # in via system packages.
         pip_install "-U" "pbr"
     fi
+
+    # bring down global requirements
+    git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
+    pip_install $REQUIREMENTS_DIR
 }
 
 # Restore xtrace

From 18d1cca6cb1e56827e04c2f38c9db745b881f98a Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Thu, 18 Jun 2015 06:32:00 -0400
Subject: [PATCH 0739/3421] Add oslo.service to devstack

Add the ability to switch on oslo.service master using
LIBS_FROM_GIT

Change-Id: I00fe7776aea005b6d4e0a84fce54f33a862b57e3
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index be26668dfb..554bec8945 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -37,6 +37,7 @@ GITDIR["oslo.middleware"]=$DEST/oslo.middleware
 GITDIR["oslo.policy"]=$DEST/oslo.policy
 GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap
 GITDIR["oslo.serialization"]=$DEST/oslo.serialization
+GITDIR["oslo.service"]=$DEST/oslo.service
 GITDIR["oslo.utils"]=$DEST/oslo.utils
 GITDIR["oslo.versionedobjects"]=$DEST/oslo.versionedobjects
 GITDIR["oslo.vmware"]=$DEST/oslo.vmware
@@ -76,6 +77,7 @@ function install_oslo {
     _do_install_oslo_lib "oslo.policy"
     _do_install_oslo_lib "oslo.rootwrap"
     _do_install_oslo_lib "oslo.serialization"
+    _do_install_oslo_lib "oslo.service"
     _do_install_oslo_lib "oslo.utils"
     _do_install_oslo_lib "oslo.versionedobjects"
     _do_install_oslo_lib "oslo.vmware"
diff --git a/stackrc b/stackrc
index c16a9997a4..1ac1338f2c 100644
--- a/stackrc
+++ b/stackrc
@@ -382,6 +382,10 @@ GITBRANCH["oslo.rootwrap"]=${OSLORWRAP_BRANCH:-master}
 GITREPO["oslo.serialization"]=${OSLOSERIALIZATION_REPO:-${GIT_BASE}/openstack/oslo.serialization.git}
 GITBRANCH["oslo.serialization"]=${OSLOSERIALIZATION_BRANCH:-master}
 
+# oslo.service
+GITREPO["oslo.service"]=${OSLOSERVICE_REPO:-${GIT_BASE}/openstack/oslo.service.git}
+GITBRANCH["oslo.service"]=${OSLOSERVICE_BRANCH:-master}
+
 # oslo.utils
 GITREPO["oslo.utils"]=${OSLOUTILS_REPO:-${GIT_BASE}/openstack/oslo.utils.git}
 GITBRANCH["oslo.utils"]=${OSLOUTILS_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 2f0b1febe4..fc6596789b 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -39,7 +39,7 @@ ALL_LIBS+=" oslo.serialization python-saharaclient django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
-ALL_LIBS+=" debtcollector os-brick automaton futurist"
+ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 40f3e33f734330c32f27882898ab1bb4ab8f3217 Mon Sep 17 00:00:00 2001
From: Robert Collins 
Date: Fri, 19 Jun 2015 08:04:00 +1200
Subject: [PATCH 0740/3421] Put requirements repo in a venv.

This is to prevent any possible contamination of test results from its
presence.

Change-Id: I5a929854745650cc6a182ffc4d15c50caabdd727
---
 inc/python | 6 +++---
 lib/infra  | 6 +++++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/inc/python b/inc/python
index 3d329b59a9..e3c5e61dd2 100644
--- a/inc/python
+++ b/inc/python
@@ -219,15 +219,15 @@ function setup_package_with_req_sync {
         if [[ "$REQUIREMENTS_MODE" == "soft" ]]; then
             if is_in_projects_txt $project_dir; then
                 (cd $REQUIREMENTS_DIR; \
-                    python update.py $project_dir)
+                    ./.venv/bin/python update.py $project_dir)
             else
                 # soft update projects not found in requirements project.txt
                 (cd $REQUIREMENTS_DIR; \
-                    python update.py -s $project_dir)
+                    ./.venv/bin/python update.py -s $project_dir)
             fi
         else
             (cd $REQUIREMENTS_DIR; \
-                python update.py $project_dir)
+                ./.venv/bin/python update.py $project_dir)
         fi
     fi
 
diff --git a/lib/infra b/lib/infra
index 5fb185fd6a..4cc25965ea 100644
--- a/lib/infra
+++ b/lib/infra
@@ -29,6 +29,8 @@ REQUIREMENTS_DIR=$DEST/requirements
 
 # install_infra() - Collect source and prepare
 function install_infra {
+    local PIP_VIRTUAL_ENV="$REQUIREMENTS_DIR/.venv"
+
     # Install pbr
     if use_library_from_git "pbr"; then
         git_clone_by_name "pbr"
@@ -41,7 +43,9 @@ function install_infra {
 
     # bring down global requirements
     git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
-    pip_install $REQUIREMENTS_DIR
+    [ ! -d $PIP_VIRTUAL_ENV ] && virtualenv $PIP_VIRTUAL_ENV
+    PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
+    PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR
 }
 
 # Restore xtrace

From d16bfa48ee33f07ebb60221267082002aea5c47b Mon Sep 17 00:00:00 2001
From: Clint Byrum 
Date: Thu, 18 Jun 2015 13:22:35 -0700
Subject: [PATCH 0741/3421] Tune mysql a bit better for concurrent operations

With PyMySQL in the projects we can expect things to happen more
concurrently now. The query cache is a hinderance to concurrency, and
more connections will be required.

Change-Id: Icfb8cdbb9ed39cfd7732ad05fe740e01c767af7b
---
 lib/databases/mysql | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index f097fb21cb..0e477ca264 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -95,7 +95,10 @@ function configure_database_mysql {
     sudo bash -c "source $TOP_DIR/functions && \
         iniset $my_conf mysqld bind-address 0.0.0.0 && \
         iniset $my_conf mysqld sql_mode STRICT_ALL_TABLES && \
-        iniset $my_conf mysqld default-storage-engine InnoDB"
+        iniset $my_conf mysqld default-storage-engine InnoDB \
+        iniset $my_conf mysqld max_connections 1024 \
+        iniset $my_conf mysqld query_cache_type OFF \
+        iniset $my_conf mysqld query_cache_size 0"
 
 
     if [[ "$DATABASE_QUERY_LOGGING" == "True" ]]; then

From d72b839b7f15a8065d2f7bcceff0a9299ea9c901 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Thu, 18 Jun 2015 12:40:09 -0400
Subject: [PATCH 0742/3421] Docs: Use RFC5737 for Provider Networking

That'll make things more clear that with the provider networking
feature in DevStack, FIXED_RANGE will be a routed IPv4 subnet that gives
routed IPv4 addresses to instances without using floating IPs.

Change-Id: Ie26d75ac5ff285a25762c4f61fd9800b0382886b
---
 doc/source/guides/neutron.rst | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index bdfd3a4afa..40a5632b86 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -261,15 +261,18 @@ controller node.
 
         ## Neutron Networking options used to create Neutron Subnets
 
-        FIXED_RANGE="10.1.1.0/24"
+        FIXED_RANGE="203.0.113.0/24"
         PROVIDER_SUBNET_NAME="provider_net"
         PROVIDER_NETWORK_TYPE="vlan"
         SEGMENTATION_ID=2010
 
 In this configuration we are defining FIXED_RANGE to be a
-subnet that exists in the private RFC1918 address space - however
-in a real setup FIXED_RANGE would be a public IP address range, so
-that you could access your instances from the public internet.
+publicly routed IPv4 subnet. In this specific instance we are using
+the special TEST-NET-3 subnet defined in `RFC 5737 `_,
+which is used for documentation.  In your DevStack setup, FIXED_RANGE
+would be a public IP address range that you or your organization has
+allocated to you, so that you could access your instances from the
+public internet.
 
 The following is a snippet of the DevStack configuration on the
 compute node.

From 86923559a4feb4a7c1f01f69ffdbff6c67c6b785 Mon Sep 17 00:00:00 2001
From: Robert Collins 
Date: Fri, 19 Jun 2015 11:17:04 +1200
Subject: [PATCH 0743/3421] Fixup pbr in LIBS_FROM_GIT

Change-Id: I32594f30a13c0757cc918c8a5e54ae182e985693
---
 lib/infra | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/infra b/lib/infra
index 4cc25965ea..585e9b47bc 100644
--- a/lib/infra
+++ b/lib/infra
@@ -30,6 +30,12 @@ REQUIREMENTS_DIR=$DEST/requirements
 # install_infra() - Collect source and prepare
 function install_infra {
     local PIP_VIRTUAL_ENV="$REQUIREMENTS_DIR/.venv"
+    # bring down global requirements
+    git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
+    [ ! -d $PIP_VIRTUAL_ENV ] && virtualenv $PIP_VIRTUAL_ENV
+    # We don't care about testing git pbr in the requirements venv.
+    PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
+    PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR
 
     # Install pbr
     if use_library_from_git "pbr"; then
@@ -40,12 +46,6 @@ function install_infra {
         # in via system packages.
         pip_install "-U" "pbr"
     fi
-
-    # bring down global requirements
-    git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
-    [ ! -d $PIP_VIRTUAL_ENV ] && virtualenv $PIP_VIRTUAL_ENV
-    PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
-    PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR
 }
 
 # Restore xtrace

From f4f01c63973246cbd7821fb28f0e8f9d74e4a131 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 19 Jun 2015 02:52:41 +0000
Subject: [PATCH 0744/3421] Use swift store config files in glance

Using the swift_store_auth_address, swift_store_user and swift_store_key are
marked as deprecated in glance in favour of using a standalone config file that
provides multiple auth options.

Create and use a standalone authentication file for communicating with swift.

Change-Id: I9b5361ce6e1771781d7ae7226974604a7f9e5d00
---
 lib/glance | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/glance b/lib/glance
index 016ade3479..47bad0e277 100644
--- a/lib/glance
+++ b/lib/glance
@@ -56,6 +56,7 @@ GLANCE_SEARCH_PASTE_INI=$GLANCE_CONF_DIR/glance-search-paste.ini
 GLANCE_CACHE_CONF=$GLANCE_CONF_DIR/glance-cache.conf
 GLANCE_POLICY_JSON=$GLANCE_CONF_DIR/policy.json
 GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
+GLANCE_SWIFT_STORE_CONF=$GLANCE_CONF_DIR/glance-swift-store.conf
 
 if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then
     GLANCE_SERVICE_PROTOCOL="https"
@@ -145,11 +146,20 @@ function configure_glance {
     # Store the images in swift if enabled.
     if is_service_enabled s-proxy; then
         iniset $GLANCE_API_CONF glance_store default_store swift
-        iniset $GLANCE_API_CONF glance_store swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/
-        iniset $GLANCE_API_CONF glance_store swift_store_user $SERVICE_TENANT_NAME:glance-swift
-        iniset $GLANCE_API_CONF glance_store swift_store_key $SERVICE_PASSWORD
         iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True
+
+        iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
+        iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
         iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
+
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v2.0/
+
+        # commenting is not strictly necessary but it's confusing to have bad values in conf
+        inicomment $GLANCE_API_CONF glance_store swift_store_user
+        inicomment $GLANCE_API_CONF glance_store swift_store_key
+        inicomment $GLANCE_API_CONF glance_store swift_store_auth_address
     fi
 
     if is_service_enabled tls-proxy; then

From ceca15db4d1d7cf652c25d0339ce90d9aad2b885 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Fri, 19 Jun 2015 11:46:36 +0200
Subject: [PATCH 0745/3421] Glance: move connection_url from DEFAULT section to
 DB section

To get rid of Oslo_config deprecation warning.

Change-Id: I9de475f4dea4a4496cc8b5e93aa6928235d4cb29
---
 lib/glance | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/glance b/lib/glance
index 016ade3479..650028450e 100644
--- a/lib/glance
+++ b/lib/glance
@@ -107,7 +107,7 @@ function configure_glance {
     iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     inicomment $GLANCE_REGISTRY_CONF DEFAULT log_file
     local dburl=`database_connection_url glance`
-    iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
+    iniset $GLANCE_REGISTRY_CONF database connection $dburl
     iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
     iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS"
     iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
@@ -120,7 +120,7 @@ function configure_glance {
     cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
     iniset $GLANCE_API_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     inicomment $GLANCE_API_CONF DEFAULT log_file
-    iniset $GLANCE_API_CONF DEFAULT sql_connection $dburl
+    iniset $GLANCE_API_CONF database connection $dburl
     iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
     iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
     iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
@@ -219,7 +219,7 @@ function configure_glance {
         iniset $GLANCE_SEARCH_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
         inicomment $GLANCE_SEARCH_CONF DEFAULT log_file
         iniset $GLANCE_SEARCH_CONF DEFAULT use_syslog $SYSLOG
-        iniset $GLANCE_SEARCH_CONF DEFAULT sql_connection $dburl
+        iniset $GLANCE_SEARCH_CONF database connection $dburl
         iniset $GLANCE_SEARCH_CONF paste_deploy flavor keystone
         configure_auth_token_middleware $GLANCE_SEARCH_CONF glance $GLANCE_AUTH_CACHE_DIR/search
 

From 0124e08ede770caf8b787d3a54e4683e7e1277cb Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 19 Jun 2015 08:26:45 -0400
Subject: [PATCH 0746/3421] refresh the devstack plugin docs, add plugin
 registry

The devstack plugin docs mostly referred to in tree plugins, which is
honestly something we don't want people doing. Instead restructure the
whole document to talk about external plugins as the only kinds of
plugins, and focus on a workflow to make that easy for people to work
through.

This also adds a plugin-registry page to start listing known plugins
somewhere centrally. Some sample content was added, hopefully people
will submit patches to include their plugins.

This does drop the section on hypervisor plugins. That's not currently
something that we expect a ton of people to work on, so diving into
the code for this should be fine.

Change-Id: Ifc0b831c90a1a45daa507a009d1dcffcd6e2deca
---
 doc/source/index.rst           |   1 +
 doc/source/plugin-registry.rst |  73 ++++++++
 doc/source/plugins.rst         | 305 ++++++++++++++++++---------------
 3 files changed, 243 insertions(+), 136 deletions(-)
 create mode 100644 doc/source/plugin-registry.rst

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 6d0edb0bfe..f15c3060e7 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -10,6 +10,7 @@ DevStack - an OpenStack Community Production
    overview
    configuration
    plugins
+   plugin-registry
    faq
    changes
    hacking
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
new file mode 100644
index 0000000000..2dd70d84e9
--- /dev/null
+++ b/doc/source/plugin-registry.rst
@@ -0,0 +1,73 @@
+..
+  Note to reviewers: the intent of this file is to be easy for
+  community members to update. As such fast approving (single core +2)
+  is fine as long as you've identified that the plugin listed actually exists.
+
+==========================
+ DevStack Plugin Registry
+==========================
+
+Since we've created the external plugin mechanism, it's gotten used by
+a lot of projects. The following is a list of plugins that currently
+exist. Any project that wishes to list their plugin here is welcomed
+to.
+
+Official OpenStack Projects
+===========================
+
+The following are plugins that exist for official OpenStack projects.
+
++--------------------+-------------------------------------------+--------------------+
+|Plugin Name         |URL                                        |Comments            |
++--------------------+-------------------------------------------+--------------------+
+|magnum              |git://git.openstack.org/openstack/magnum   |                    |
++--------------------+-------------------------------------------+--------------------+
+|trove               |git://git.openstack.org/openstack/trove    |                    |
++--------------------+-------------------------------------------+--------------------+
+|zaqar               |git://git.openstack.org/openstack/zarar    |                    |
++--------------------+-------------------------------------------+--------------------+
+
+
+
+Drivers
+=======
+
++--------------------+-------------------------------------------------+------------------+
+|Plugin Name         |URL                                              |Comments          |
++--------------------+-------------------------------------------------+------------------+
+|dragonflow          |git://git.openstack.org/openstack/dragonflow     |[d1]_             |
++--------------------+-------------------------------------------------+------------------+
+|odl                 |git://git.openstack.org/openstack/networking-odl |[d2]_             |
++--------------------+-------------------------------------------------+------------------+
+
+.. [d1] demonstrates example of installing 3rd party SDN controller
+.. [d2] demonstrates a pretty advanced set of modes that that allow
+        one to run OpenDayLight either from a pre-existing install, or
+        also from source
+
+Alternate Configs
+=================
+
++-------------+------------------------------------------------------------+------------+
+| Plugin Name | URL                                                        | Comments   |
+|             |                                                            |            |
++-------------+------------------------------------------------------------+------------+
+|glusterfs    |git://git.openstack.org/stackforge/devstack-plugin-glusterfs|            |
++-------------+------------------------------------------------------------+------------+
+|             |                                                            |            |
++-------------+------------------------------------------------------------+------------+
+
+Additional Services
+===================
+
++-------------+------------------------------------------+------------+
+| Plugin Name | URL                                      | Comments   |
+|             |                                          |            |
++-------------+------------------------------------------+------------+
+|ec2-api      |git://git.openstack.org/stackforge/ec2api |[as1]_      |
++-------------+------------------------------------------+------------+
+|             |                                          |            |
++-------------+------------------------------------------+------------+
+
+.. [as1] first functional devstack plugin, hence why used in most of
+         the examples.
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index c4ed2285cb..b166936a8b 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -2,78 +2,83 @@
 Plugins
 =======
 
-DevStack has a couple of plugin mechanisms to allow easily adding
-support for additional projects and features.
+The OpenStack ecosystem is wide and deep, and only growing more so
+every day. The value of DevStack is that it's simple enough to
+understand what it's doing clearly. And yet we'd like to support as
+much of the OpenStack Ecosystem as possible. We do that with plugins.
 
-Extras.d Hooks
-==============
+DevStack plugins are bits of bash code that live outside the DevStack
+tree. They are called through a strong contract, so these plugins can
+be sure that they will continue to work in the future as DevStack
+evolves.
 
-These hooks are an extension of the service calls in
-``stack.sh`` at specific points in its run, plus ``unstack.sh`` and
-``clean.sh``. A number of the higher-layer projects are implemented in
-DevStack using this mechanism.
+Plugin Interface
+================
 
-The script in ``extras.d`` is expected to be mostly a dispatcher to
-functions in a ``lib/*`` script. The scripts are named with a
-zero-padded two digits sequence number prefix to control the order that
-the scripts are called, and with a suffix of ``.sh``. DevStack reserves
-for itself the sequence numbers 00 through 09 and 90 through 99.
+DevStack supports a standard mechansim for including plugins from
+external repositories. The plugin interface assumes the following:
 
-Below is a template that shows handlers for the possible command-line
-arguments:
+An external git repository that includes a ``devstack/`` top level
+directory. Inside this directory there can be 2 files.
 
-::
+- ``settings`` - a file containing global variables that will be
+  sourced very early in the process. This is helpful if other plugins
+  might depend on this one, and need access to global variables to do
+  their work.
 
-    # template.sh - DevStack extras.d dispatch script template
+  Your settings should include any ``enable_service`` lines required
+  by your plugin. This is especially important if you are kicking off
+  services using ``run_process`` as it only works with enabled
+  services.
 
-    # check for service enabled
-    if is_service_enabled template; then
+  Be careful to allow users to override global-variables for
+  customizing their environment.  Usually it is best to provide a
+  default value only if the variable is unset or empty; e.g. in bash
+  syntax ``FOO=${FOO:-default}``.
 
-        if [[ "$1" == "source" ]]; then
-            # Initial source of lib script
-            source $TOP_DIR/lib/template
-        fi
+- ``plugin.sh`` - the actual plugin. It is executed by devstack at
+  well defined points during a ``stack.sh`` run. The plugin.sh
+  internal structure is discussed bellow.
 
-        if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
-            # Set up system services
-            echo_summary "Configuring system services Template"
-            install_package cowsay
 
-        elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-            # Perform installation of service source
-            echo_summary "Installing Template"
-            install_template
+Plugins are registered by adding the following to the localrc section
+of ``local.conf``.
 
-        elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-            # Configure after the other layer 1 and 2 services have been configured
-            echo_summary "Configuring Template"
-            configure_template
+They are added in the following format::
 
-        elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-            # Initialize and start the template service
-            echo_summary "Initializing Template"
-            ##init_template
-        fi
+  [[local|localrc]]
+  enable_plugin   [GITREF]
 
-        if [[ "$1" == "unstack" ]]; then
-            # Shut down template services
-            # no-op
-            :
-        fi
+- ``name`` - an arbitrary name. (ex: glustfs, docker, zaqar, congress)
+- ``giturl`` - a valid git url that can be cloned
+- ``gitref`` - an optional git ref (branch / ref / tag) that will be
+  cloned. Defaults to master.
 
-        if [[ "$1" == "clean" ]]; then
-            # Remove state and transient data
-            # Remember clean.sh first calls unstack.sh
-            # no-op
-            :
-        fi
-    fi
+An example would be as follows::
 
-The arguments are:
+  enable_plugin ec2api git://git.openstack.org/stackforge/ec2api
+
+plugin.sh contract
+==================
+
+``plugin.sh`` is a bash script that will be called at specific points
+during ``stack.sh``, ``unstack.sh``, and ``clean.sh``. It will be
+called in the following way::
+
+  source $PATH/TO/plugin.sh  [phase]
 
--  **source** - Called by each script that utilizes ``extras.d`` hooks;
-   this replaces directly sourcing the ``lib/*`` script.
--  **stack** - Called by ``stack.sh`` three times for different phases
+``mode`` can be thought of as the major mode being called, currently
+one of: ``stack``, ``unstack``, ``clean``. ``phase`` is used by modes
+which have multiple points during their run where it's necessary to
+be able to execute code. All existing ``mode`` and ``phase`` points
+are considered **strong contracts** and won't be removed without a
+reasonable deprecation period. Additional new ``mode`` or ``phase``
+points may be added at any time if we discover we need them to support
+additional kinds of plugins in devstack.
+
+The current full list of ``mode`` and ``phase`` are:
+
+-  **stack** - Called by ``stack.sh`` four times for different phases
    of its run:
 
    -  **pre-install** - Called after system (OS) setup is complete and
@@ -84,106 +89,90 @@ The arguments are:
       been configured. All configuration files for enabled services
       should exist at this point.
    -  **extra** - Called near the end after layer 1 and 2 services have
-      been started. This is the existing hook and has not otherwise
-      changed.
+      been started.
 
 -  **unstack** - Called by ``unstack.sh`` before other services are shut
    down.
 -  **clean** - Called by ``clean.sh`` before other services are cleaned,
    but after ``unstack.sh`` has been called.
 
+Example plugin
+====================
 
-Externally Hosted Plugins
-=========================
+An example plugin would look something as follows.
 
-Based on the extras.d hooks, DevStack supports a standard mechansim
-for including plugins from external repositories. The plugin interface
-assumes the following:
+``devstack/settings``::
 
-An external git repository that includes a ``devstack/`` top level
-directory. Inside this directory there can be 2 files.
+    # settings file for template
+  enable_service template
 
-- ``settings`` - a file containing global variables that will be
-  sourced very early in the process. This is helpful if other plugins
-  might depend on this one, and need access to global variables to do
-  their work.
 
-  Your settings should include any ``enable_service`` lines required
-  by your plugin. This is especially important if you are kicking off
-  services using ``run_process`` as it only works with enabled
-  services.
+``devstack/plugin.sh``::
 
-  Be careful to allow users to override global-variables for
-  customizing their environment.  Usually it is best to provide a
-  default value only if the variable is unset or empty; e.g. in bash
-  syntax ``FOO=${FOO:-default}``.
+    # plugin.sh - DevStack plugin.sh dispatch script template
 
-- ``plugin.sh`` - the actual plugin. It will be executed by devstack
-  during it's run. The run order will be done in the registration
-  order for these plugins, and will occur immediately after all in
-  tree extras.d dispatch at the phase in question.  The plugin.sh
-  looks like the extras.d dispatcher above.
+    function install_template {
+        ...
+    }
 
-Plugins are registered by adding the following to the localrc section
-of ``local.conf``.
+    function init_template {
+        ...
+    }
 
-They are added in the following format::
+    function configure_template {
+        ...
+    }
 
-  [[local|localrc]]
-  enable_plugin   [GITREF]
+    # check for service enabled
+    if is_service_enabled template; then
 
-- ``name`` - an arbitrary name. (ex: glustfs, docker, zaqar, congress)
-- ``giturl`` - a valid git url that can be cloned
-- ``gitref`` - an optional git ref (branch / ref / tag) that will be
-  cloned. Defaults to master.
+        if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
+            # Set up system services
+            echo_summary "Configuring system services Template"
+            install_package cowsay
 
-An example would be as follows::
+        elif [[ "$1" == "stack" && "$2" == "install" ]]; then
+            # Perform installation of service source
+            echo_summary "Installing Template"
+            install_template
 
-  enable_plugin ec2api git://git.openstack.org/stackforge/ec2api
+        elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
+            # Configure after the other layer 1 and 2 services have been configured
+            echo_summary "Configuring Template"
+            configure_template
+
+        elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+            # Initialize and start the template service
+            echo_summary "Initializing Template"
+            init_template
+        fi
+
+        if [[ "$1" == "unstack" ]]; then
+            # Shut down template services
+            # no-op
+            :
+        fi
 
-Plugins for gate jobs
----------------------
-
-All OpenStack plugins that wish to be used as gate jobs need to exist
-in OpenStack's gerrit. Both ``openstack`` namespace and ``stackforge``
-namespace are fine. This allows testing of the plugin as well as
-provides network isolation against upstream git repository failures
-(which we see often enough to be an issue).
-
-Ideally plugins will be implemented as ``devstack`` directory inside
-the project they are testing. For example, the stackforge/ec2-api
-project has it's pluggin support in it's tree.
-
-In the cases where there is no "project tree" per say (like
-integrating a backend storage configuration such as ceph or glusterfs)
-it's also allowed to build a dedicated
-``stackforge/devstack-plugin-FOO`` project to house the plugin.
-
-Note jobs must not require cloning of repositories during tests.
-Tests must list their repository in the ``PROJECTS`` variable for
-`devstack-gate
-`_
-for the repository to be available to the test.  Further information
-is provided in the project creator's guide.
-
-Hypervisor
-==========
-
-Hypervisor plugins are fairly new and condense most hypervisor
-configuration into one place.
-
-The initial plugin implemented was for Docker support and is a useful
-template for the required support. Plugins are placed in
-``lib/nova_plugins`` and named ``hypervisor-`` where ```` is
-the value of ``VIRT_DRIVER``. Plugins must define the following
-functions:
-
--  ``install_nova_hypervisor`` - install any external requirements
--  ``configure_nova_hypervisor`` - make configuration changes, including
-   those to other services
--  ``start_nova_hypervisor`` - start any external services
--  ``stop_nova_hypervisor`` - stop any external services
--  ``cleanup_nova_hypervisor`` - remove transient data and cache
+        if [[ "$1" == "clean" ]]; then
+            # Remove state and transient data
+            # Remember clean.sh first calls unstack.sh
+            # no-op
+            :
+        fi
+    fi
+
+Plugin Execution Order
+======================
+
+Plugins are run after in tree services at each of the stages
+above. For example, if you need something to happen before Keystone
+starts, you should do that at the ``post-config`` phase.
+
+Multiple plugins can be specified in your ``local.conf``. When that
+happens the plugins will be executed **in order** at each phase. This
+allows plugins to conceptually depend on each other through
+documenting to the user the order they must be declared. A formal
+dependency mechanism is beyond the scope of the current work.
 
 System Packages
 ===============
@@ -205,3 +194,47 @@ repository:
 
 - ``./devstack/files/rpms-suse/$plugin_name`` - Packages to install when
   running on SUSE Linux or openSUSE.
+
+
+Using Plugins in the OpenStack Gate
+===================================
+
+For everyday use, DevStack plugins can exist in any git tree that's
+accessible on the internet. However, when using DevStack plugins in
+the OpenStack gate, they must live in projects in OpenStack's
+gerrit. Both ``openstack`` namespace and ``stackforge`` namespace are
+fine. This allows testing of the plugin as well as provides network
+isolation against upstream git repository failures (which we see often
+enough to be an issue).
+
+Ideally a plugin will be included within the ``devstack`` directory of
+the project they are being tested. For example, the stackforge/ec2-api
+project has its pluggin support in its own tree.
+
+However, some times a DevStack plugin might be used solely to
+configure a backend service that will be used by the rest of
+OpenStack, so there is no "project tree" per say. Good examples
+include: integration of back end storage (e.g. ceph or glusterfs),
+integration of SDN controllers (e.g. ovn, OpenDayLight), or
+integration of alternate RPC systems (e.g. zmq, qpid). In these cases
+the best practice is to build a dedicated
+``stackforge/devstack-plugin-FOO`` project.
+
+To enable a plugin to be used in a gate job, the following lines will
+be needed in your project.yaml definition::
+
+  # Because we are testing a non standard project, add the
+  # our project repository. This makes zuul do the right
+  # reference magic for testing changes.
+  export PROJECTS="stackforge/ec2-api $PROJECTS"
+
+  # note the actual url here is somewhat irrelevant because it
+  # caches in nodepool, however make it a valid url for
+  # documentation purposes.
+  export DEVSTACK_LOCAL_CONFIG="enable_plugin ec2-api git://git.openstack.org/stackforge/ec2-api"
+
+See Also
+========
+
+For additional inspiration on devstack plugins you can check out the
+`Plugin Registry `_.

From 23bf045c183f53762e7771fe0081b3d4ab09e107 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Fri, 29 May 2015 11:38:22 +0200
Subject: [PATCH 0747/3421] Check if cinder is enabled before doing anything
 lvm2 related

On some system Cinder is not enabled so we can't assume LVM is installed. So
do not try to `sed` /etc/lvm/lvm.conf or clean LVM VG if cinder is not enabled

Change-Id: I09b1a7bee0785e5e1bb7dc96158a654bd3f15c83
---
 unstack.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/unstack.sh b/unstack.sh
index f0da9710a2..10e595809a 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -187,5 +187,10 @@ if [[ -n "$SCREEN" ]]; then
 fi
 
 # BUG: maybe it doesn't exist? We should isolate this further down.
-clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME || /bin/true
-clean_lvm_filter
+# NOTE: Cinder automatically installs the lvm2 package, independently of the
+# enabled backends. So if Cinder is enabled, we are sure lvm (lvremove,
+# /etc/lvm/lvm.conf, etc.) is here.
+if is_service_enabled cinder; then
+    clean_lvm_volume_group $DEFAULT_VOLUME_GROUP_NAME || /bin/true
+    clean_lvm_filter
+fi

From d3d78cc528ea2d35a8794ea21c2b8d043e3119e2 Mon Sep 17 00:00:00 2001
From: Jerry Zhao 
Date: Fri, 19 Jun 2015 18:57:13 -0700
Subject: [PATCH 0748/3421] use pip_install_gr for ceilometermiddleware

Since this patch https://review.openstack.org/#/c/171685 has been
merged in global requirements, better to switch to pip_install_gr.

Change-Id: Ibe708d4f523c32ade3c6a273f80b9c38bb03e382
---
 lib/ceilometer | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index a577ee9ca8..d7888d9502 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -366,10 +366,7 @@ function install_ceilometermiddleware {
         git_clone_by_name "ceilometermiddleware"
         setup_dev_lib "ceilometermiddleware"
     else
-        # BUG: this should be a pip_install_gr except it was never
-        # included in global-requirements. Needs to be fixed by
-        # https://bugs.launchpad.net/ceilometer/+bug/1441655
-        pip_install ceilometermiddleware
+        pip_install_gr ceilometermiddleware
     fi
 }
 

From e1fa0701b3920932d40b031b08d19c6fd2e3397e Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sun, 21 Jun 2015 08:54:43 -0500
Subject: [PATCH 0749/3421] Update clouds.yaml

If the user already has a clouds.yaml, update it with the "devstack"
entry.

Change-Id: Id02378b6f3a86f9fee201d91688205705202c0a8
---
 stack.sh                    | 45 ++++++++++--------
 tools/update_clouds_yaml.py | 95 +++++++++++++++++++++++++++++++++++++
 2 files changed, 119 insertions(+), 21 deletions(-)
 create mode 100755 tools/update_clouds_yaml.py

diff --git a/stack.sh b/stack.sh
index 0d9d836eca..26d9754f6f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1295,28 +1295,31 @@ fi
 # Save some values we generated for later use
 save_stackenv
 
-# Write out a clouds.yaml file
-# putting the location into a variable to allow for easier refactoring later
-# to make it overridable. There is current no usecase where doing so makes
-# sense, so I'm not actually doing it now.
+# Update/create user clouds.yaml file.
+# clouds.yaml will have a `devstack` entry for the `demo` user for the `demo`
+# project.
+
+# The location is a variable to allow for easier refactoring later to make it
+# overridable. There is currently no usecase where doing so makes sense, so
+# it's not currently configurable.
 CLOUDS_YAML=~/.config/openstack/clouds.yaml
-if [ ! -e $CLOUDS_YAML ]; then
-    mkdir -p $(dirname $CLOUDS_YAML)
-    cat >"$CLOUDS_YAML" <>"$CLOUDS_YAML"
-    fi
-fi
+
+mkdir -p $(dirname $CLOUDS_YAML)
+
+CA_CERT_ARG=''
+if [ -f "$SSL_BUNDLE_FILE" ]; then
+    CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
+fi
+$TOP_DIR/tools/update_clouds_yaml.py \
+    --file $CLOUDS_YAML \
+    --os-cloud devstack \
+    --os-region-name $REGION_NAME \
+    --os-identity-api-version $IDENTITY_API_VERSION \
+    $CA_CERT_ARG \
+    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+    --os-username demo \
+    --os-password $ADMIN_PASSWORD \
+    --os-project-name demo
 
 
 # Wrapup configuration
diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py
new file mode 100755
index 0000000000..08621352ad
--- /dev/null
+++ b/tools/update_clouds_yaml.py
@@ -0,0 +1,95 @@
+#!/usr/bin/env python
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Update the clouds.yaml file.
+
+
+import argparse
+import os.path
+
+import yaml
+
+
+class UpdateCloudsYaml(object):
+    def __init__(self, args):
+        if args.file:
+            self._clouds_path = args.file
+            self._create_directory = False
+        else:
+            self._clouds_path = os.path.expanduser(
+                '~/.config/openstack/clouds.yaml')
+            self._create_directory = True
+        self._clouds = {}
+
+        self._cloud = args.os_cloud
+        self._cloud_data = {
+            'region_name': args.os_region_name,
+            'identity_api_version': args.os_identity_api_version,
+            'auth': {
+                'auth_url': args.os_auth_url,
+                'username': args.os_username,
+                'password': args.os_password,
+                'project_name': args.os_project_name,
+            },
+        }
+        if args.os_cacert:
+            self._cloud_data['cacert'] = args.os_cacert
+
+    def run(self):
+        self._read_clouds()
+        self._update_clouds()
+        self._write_clouds()
+
+    def _read_clouds(self):
+        try:
+            with open(self._clouds_path) as clouds_file:
+                self._clouds = yaml.load(clouds_file)
+        except IOError:
+            # The user doesn't have a clouds.yaml file.
+            print("The user clouds.yaml file didn't exist.")
+            self._clouds = {}
+
+    def _update_clouds(self):
+        self._clouds.setdefault('clouds', {})[self._cloud] = self._cloud_data
+
+    def _write_clouds(self):
+
+        if self._create_directory:
+            clouds_dir = os.path.dirname(self._clouds_path)
+            os.makedirs(clouds_dir)
+
+        with open(self._clouds_path, 'w') as clouds_file:
+            yaml.dump(self._clouds, clouds_file, default_flow_style=False)
+
+
+def main():
+    parser = argparse.ArgumentParser('Update clouds.yaml file.')
+    parser.add_argument('--file')
+    parser.add_argument('--os-cloud', required=True)
+    parser.add_argument('--os-region-name', default='RegionOne')
+    parser.add_argument('--os-identity-api-version', default='3')
+    parser.add_argument('--os-cacert')
+    parser.add_argument('--os-auth-url', required=True)
+    parser.add_argument('--os-username', required=True)
+    parser.add_argument('--os-password', required=True)
+    parser.add_argument('--os-project-name', required=True)
+
+    args = parser.parse_args()
+
+    update_clouds_yaml = UpdateCloudsYaml(args)
+    update_clouds_yaml.run()
+
+
+if __name__ == "__main__":
+    main()

From e123830c15a4bd07f7ea700a46ca1e158487cdd9 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sun, 21 Jun 2015 09:16:44 -0500
Subject: [PATCH 0750/3421] Add devstack-admin cloud to clouds.yaml

A lot of commands developers use require admin by default, so add a
"devstack-admin" cloud to clouds.yaml that has admin authority.

 $ openstack --os-cloud devstack-admin user list

Change-Id: Ie0f1979c50901004418f8622d4ca79dc4bdadd8d
---
 stack.sh | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/stack.sh b/stack.sh
index 26d9754f6f..4228f35e0d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1296,8 +1296,9 @@ fi
 save_stackenv
 
 # Update/create user clouds.yaml file.
-# clouds.yaml will have a `devstack` entry for the `demo` user for the `demo`
-# project.
+# clouds.yaml will have
+# - A `devstack` entry for the `demo` user for the `demo` project.
+# - A `devstack-admin` entry for the `admin` user for the `admin` project.
 
 # The location is a variable to allow for easier refactoring later to make it
 # overridable. There is currently no usecase where doing so makes sense, so
@@ -1320,6 +1321,16 @@ $TOP_DIR/tools/update_clouds_yaml.py \
     --os-username demo \
     --os-password $ADMIN_PASSWORD \
     --os-project-name demo
+$TOP_DIR/tools/update_clouds_yaml.py \
+    --file $CLOUDS_YAML \
+    --os-cloud devstack-admin \
+    --os-region-name $REGION_NAME \
+    --os-identity-api-version $IDENTITY_API_VERSION \
+    $CA_CERT_ARG \
+    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+    --os-username admin \
+    --os-password $ADMIN_PASSWORD \
+    --os-project-name admin
 
 
 # Wrapup configuration

From 2f63da9e0e0d0491acab31cafcee530ca0982e2e Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Sun, 21 Jun 2015 09:02:59 -0700
Subject: [PATCH 0751/3421] Ensure yum-utils is installed before using
 yum-config-manager

yum-utils provides yum-config-manager but the check for yum-utils is
currently being done after the first usage of yum-config-manager, which
fails if you don't have yum-utils already installed, so move it up
before the first usage of yum-config-manager.

Putting yum-utils in files/rpms/general doesn't help since
yum-config-manager is used in stack.sh before tools/install_prereqs.sh
is called.

Closes-Bug: #1467270

Change-Id: I74996c76838b7dc50d847e3bedb2d04dc55b4431
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index 0d9d836eca..f1dc74f45d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -263,6 +263,7 @@ gpgcheck=0
 EOF
     # Enable a bootstrap repo.  It is removed after finishing
     # the epel-release installation.
+    is_package_installed yum-utils || install_package yum-utils
     sudo yum-config-manager --enable epel-bootstrap
     yum_install epel-release || \
         die $LINENO "Error installing EPEL repo, cannot continue"
@@ -270,7 +271,6 @@ EOF
     sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo
 
     # ... and also optional to be enabled
-    is_package_installed yum-utils || install_package yum-utils
     sudo yum-config-manager --enable rhel-7-server-optional-rpms
 
     RHEL_RDO_REPO_RPM=${RHEL7_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm"}

From c7e89f23808abf837d2a410ec9f4b1a452957c6d Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Mon, 1 Jun 2015 12:57:33 +0200
Subject: [PATCH 0752/3421] SUSE: Clean up libxslt/libxml2 related dependencies

libxml2-devel is a dependency of libxslt-devel, so we don't need
to explicitly include it. Also, since it is only really needed
by python-lxml, consolidate it into devlibs and remove the copies.
Also remove a non-existing package reference along the way

Change-Id: If9afaaa93f2c485baa1efff74d7ae58c59713de6
---
 files/rpms-suse/devlibs | 1 -
 files/rpms-suse/glance  | 1 -
 files/rpms-suse/trove   | 1 -
 3 files changed, 3 deletions(-)
 delete mode 100644 files/rpms-suse/trove

diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
index bdb630a16f..54d13a33e9 100644
--- a/files/rpms-suse/devlibs
+++ b/files/rpms-suse/devlibs
@@ -1,6 +1,5 @@
 libffi-devel  # pyOpenSSL
 libopenssl-devel  # pyOpenSSL
-libxml2-devel  # lxml
 libxslt-devel  # lxml
 postgresql-devel  # psycopg2
 libmysqlclient-devel # MySQL-python
diff --git a/files/rpms-suse/glance b/files/rpms-suse/glance
index 0e58425b1f..bf512de575 100644
--- a/files/rpms-suse/glance
+++ b/files/rpms-suse/glance
@@ -1,2 +1 @@
-libxml2-devel
 python-devel
diff --git a/files/rpms-suse/trove b/files/rpms-suse/trove
deleted file mode 100644
index 96f8f29277..0000000000
--- a/files/rpms-suse/trove
+++ /dev/null
@@ -1 +0,0 @@
-libxslt1-dev

From 0ae942b41c6dcd0fe7353e7d68574194fb72a66d Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Wed, 3 Jun 2015 14:09:05 +0200
Subject: [PATCH 0753/3421] Only install python-libguestfs bindings when needed

Currently those bindings are missing from SLES12, and since
they're not actually used unless file injection is enabled
(which is not by default), only conditionally depend on it.

Change-Id: I79a8d8ac7ad2fbd7d2fce696821d130218e43e03
---
 lib/nova_plugins/functions-libvirt  |  2 --
 lib/nova_plugins/hypervisor-libvirt | 11 +++++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 96d8a44b05..22b58e0065 100755
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -28,7 +28,6 @@ function install_libvirt {
         else
             install_package qemu-kvm
             install_package libguestfs0
-            install_package python-guestfs
         fi
         install_package libvirt-bin libvirt-dev
         pip_install_gr libvirt-python
@@ -37,7 +36,6 @@ function install_libvirt {
         install_package kvm
         install_package libvirt libvirt-devel
         pip_install_gr libvirt-python
-        install_package python-libguestfs
     fi
 }
 
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index a6a87f9164..f70b21a475 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -26,7 +26,7 @@ source $TOP_DIR/lib/nova_plugins/functions-libvirt
 # --------
 
 # File injection is disabled by default in Nova.  This will turn it back on.
-ENABLE_FILE_INJECTION=${ENABLE_FILE_INJECTION:-False}
+ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
 
 
 # Entry Points
@@ -60,7 +60,6 @@ function configure_nova_hypervisor {
         iniset $NOVA_CONF DEFAULT vnc_enabled "false"
     fi
 
-    ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
     if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
         # When libguestfs is available for file injection, enable using
         # libguestfs to inspect the image and figure out the proper
@@ -97,6 +96,14 @@ function install_nova_hypervisor {
             yum_install libcgroup-tools
         fi
     fi
+
+    if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
+        if is_ubuntu; then
+            install_package python-guestfs
+        elif is_fedora || is_suse; then
+            install_package python-libguestfs
+        fi
+    fi
 }
 
 # start_nova_hypervisor - Start any required external services

From 7ebe8e0751dab545091e0b114589087009cc4e22 Mon Sep 17 00:00:00 2001
From: Robert Collins 
Date: Tue, 23 Jun 2015 09:41:21 +1200
Subject: [PATCH 0754/3421] Don't install pbr in a venv

Because PIP_VIRTUAL_ENV was set for the installation of requirements,
and left around in scope, the installation of pbr no longer happened
in a global context, it instead landed inside the virtual
env. Unsetting the variable after requirements install gets us back to
where we expect.

This was an unintended side effect of the requirements-venv patch.

Change-Id: I2c4cb4305fec81a5fd237edabee78874ccd0da22
---
 lib/infra | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/infra b/lib/infra
index 585e9b47bc..3d68e45bd9 100644
--- a/lib/infra
+++ b/lib/infra
@@ -37,6 +37,10 @@ function install_infra {
     PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
     PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR
 
+    # Unset the PIP_VIRTUAL_ENV so that PBR does not end up trapped
+    # down the VENV well
+    unset PIP_VIRTUAL_ENV
+
     # Install pbr
     if use_library_from_git "pbr"; then
         git_clone_by_name "pbr"

From 365d11dfa9fec3b1025c14e38ad3a66f8c79a148 Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Tue, 23 Jun 2015 11:50:18 +0100
Subject: [PATCH 0755/3421] Ironic: Fix iPXE Connection timed out

This patch fixes the problem of iPXE connection timing out when it's
trying to fetch the configuration files and images from the HTTP server
by accepting requests to HTTP server port on iptables.

Closes-Bug: #1467894
Change-Id: I43d66335a97c376ab64d604ff807540d0decc401
---
 lib/ironic | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ironic b/lib/ironic
index 4984be1861..ab1915abd6 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -658,6 +658,10 @@ function configure_iptables {
         # agent ramdisk gets instance image from swift
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
     fi
+
+    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true
+    fi
 }
 
 function configure_tftpd {

From 010963c677a1c4e558e09afa320595fa5584b329 Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Tue, 23 Jun 2015 14:16:39 +0100
Subject: [PATCH 0756/3421] Correct logging_context_format_string for Ironic

We should use "tenant" and "user" instead of "project_name" and
"user_name" by calling setup_colorized_logging with these parameters.

Closes-Bug: #1467942
Change-Id: I484ef431ac422e25545391ed41fab45060a7b821
---
 lib/ironic | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 4984be1861..5c8509f98a 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -285,7 +285,7 @@ function configure_ironic {
 
     # Format logging
     if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        setup_colorized_logging $IRONIC_CONF_FILE DEFAULT
+        setup_colorized_logging $IRONIC_CONF_FILE DEFAULT tenant user
     fi
 
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then

From 348c6ace71f791034dae19a3467d18cea3140d5a Mon Sep 17 00:00:00 2001
From: gong yong sheng 
Date: Tue, 23 Jun 2015 14:03:47 +0800
Subject: [PATCH 0757/3421] Use ip route replace to avoid the existing route

Change-Id: I3cc82aca1e3fd26e3beb4baee1f11a9b45e8b9f7
Closes-Bug: 1467762
---
 lib/neutron-legacy | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 3ac76a2586..279f6e937b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -721,7 +721,7 @@ function start_neutron_agents {
                 sudo ip addr del $IP dev $PUBLIC_INTERFACE
                 sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
             done
-            sudo route add -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+            sudo ip route replace $FIXED_RANGE via $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
         fi
     fi
 
@@ -1275,7 +1275,7 @@ function _neutron_configure_router_v4 {
             fi
             ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
             die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
-            sudo route add -net $FIXED_RANGE gw $ROUTER_GW_IP
+            sudo ip route replace  $FIXED_RANGE via $ROUTER_GW_IP
         fi
         _neutron_set_router_id
     fi
@@ -1310,7 +1310,7 @@ function _neutron_configure_router_v6 {
 
             # Configure interface for public bridge
             sudo ip -6 addr add $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
-            sudo ip -6 route add $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
+            sudo ip -6 route replace $FIXED_RANGE_V6 via $IPV6_ROUTER_GW_IP dev $ext_gw_interface
         fi
         _neutron_set_router_id
     fi

From 7af8a1b9b3180da54e2c9505228ad722db44ca27 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 24 Jun 2015 05:51:54 -0400
Subject: [PATCH 0758/3421] only soft enforce requirements not in projects.txt

We're adding the ability to have devstack plugins, which should be
much more free to require new things not in global requirements. Our
old thinking of locking down all the requirements doesn't really work
in a plugin model.

Instead, if the project is in projects.txt, continue with the old
behavior. If it is not, do a soft update (update all the requirements
we know about, leave the ones we don't). This was previously the SOFT
requirements update mode, but now it will just be the default.

Change-Id: Ic0c6e01a6d7613d712ac9e7e4a378cc3a8ce75e6
---
 inc/python | 16 ++++++----------
 stackrc    | 11 -----------
 2 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/inc/python b/inc/python
index e3c5e61dd2..07a811e8c3 100644
--- a/inc/python
+++ b/inc/python
@@ -216,18 +216,14 @@ function setup_package_with_req_sync {
     local update_requirements=$(cd $project_dir && git diff --exit-code >/dev/null || echo "changed")
 
     if [[ $update_requirements != "changed" ]]; then
-        if [[ "$REQUIREMENTS_MODE" == "soft" ]]; then
-            if is_in_projects_txt $project_dir; then
-                (cd $REQUIREMENTS_DIR; \
-                    ./.venv/bin/python update.py $project_dir)
-            else
-                # soft update projects not found in requirements project.txt
-                (cd $REQUIREMENTS_DIR; \
-                    ./.venv/bin/python update.py -s $project_dir)
-            fi
-        else
+        if is_in_projects_txt $project_dir; then
             (cd $REQUIREMENTS_DIR; \
                 ./.venv/bin/python update.py $project_dir)
+        else
+            # soft update projects not found in requirements project.txt
+            echo "$project_dir not a constrained repository, soft enforcing requirements"
+            (cd $REQUIREMENTS_DIR; \
+                ./.venv/bin/python update.py -s $project_dir)
         fi
     fi
 
diff --git a/stackrc b/stackrc
index 1ac1338f2c..9cd9c053d7 100644
--- a/stackrc
+++ b/stackrc
@@ -149,17 +149,6 @@ DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
 # Zero disables timeouts
 GIT_TIMEOUT=${GIT_TIMEOUT:-0}
 
-# Requirements enforcing mode
-#
-# - strict (default) : ensure all project requirements files match
-#   what's in global requirements.
-#
-# - soft : enforce requirements on everything in
-#   requirements/projects.txt, but do soft updates on all other
-#   repositories (i.e. sync versions for requirements that are in g-r,
-#   but pass through any extras)
-REQUIREMENTS_MODE=${REQUIREMENTS_MODE:-strict}
-
 
 # Repositories
 # ------------

From 442e4e962559479fa0000ad64e6fa34da2c141c8 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 24 Jun 2015 13:24:02 -0400
Subject: [PATCH 0759/3421] make test_with_retry a function

We have this pattern of timeout with while tests for a non infinite
while loop condition. It's enough of a pattern that we should probably
extract it into a function to make it more widely used.

Change-Id: I11afcda9fac9709acf2f52d256d6e97644d4727c
---
 functions-common   | 13 +++++++++++++
 lib/neutron-legacy | 12 ++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/functions-common b/functions-common
index c85052d5b0..061a9356f5 100644
--- a/functions-common
+++ b/functions-common
@@ -1967,6 +1967,19 @@ function stop_service {
     fi
 }
 
+# Test with a finite retry loop.
+#
+function test_with_retry {
+    local testcmd=$1
+    local failmsg=$2
+    local until=${3:-10}
+    local sleep=${4:-0.5}
+
+    if ! timeout $until sh -c "while ! $testcmd; do sleep $sleep; done"; then
+        die $LINENO "$failmsg"
+    fi
+}
+
 
 # Restore xtrace
 $XTRACE
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 3ac76a2586..4cfb026ae2 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -696,9 +696,10 @@ function start_neutron_service_and_check {
     if is_ssl_enabled_service "neutron"; then
         ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
     fi
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port; do sleep 1; done"; then
-        die $LINENO "Neutron did not start"
-    fi
+
+    local testcmd="wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port"
+    test_with_retry "$testcmd" "Neutron did not start" $SERVICE_TIMEOUT
+
     # Start proxy if enabled
     if is_service_enabled tls-proxy; then
         start_tls_proxy '*' $Q_PORT $Q_HOST $Q_PORT_INT &
@@ -1380,9 +1381,8 @@ function _ssh_check_neutron {
     local timeout_sec=$5
     local probe_cmd = ""
     probe_cmd=`_get_probe_cmd_prefix $from_net`
-    if ! timeout $timeout_sec sh -c "while ! $probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success; do sleep 1; done"; then
-        die $LINENO "server didn't become ssh-able!"
-    fi
+    local testcmd="$probe_cmd ssh -o StrictHostKeyChecking=no -i $key_file ${user}@$ip echo success"
+    test_with_retry "$testcmd" "server $ip didn't become ssh-able" $timeout_sec
 }
 
 # Neutron 3rd party programs

From 3bae7d48c0bd283779c206152e6dcfa4c5883521 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Sun, 21 Jun 2015 09:56:17 -0500
Subject: [PATCH 0760/3421] Keystone also handle /identity and /identity_admin

When configured to run under Apache Httpd, keystone will also
handle requests on /identity (public) and /identity_admin (admin).

Change-Id: I4e6eb0cad1603aa0e612d0adc5431565da93870e
---
 files/apache-keystone.template | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 0b914e2b8f..6dd1ad9ea6 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -33,3 +33,23 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
     %SSLCERTFILE%
     %SSLKEYFILE%
 
+
+Alias /identity %PUBLICWSGI%
+
+    SetHandler wsgi-script
+    Options +ExecCGI
+
+    WSGIProcessGroup keystone-public
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+
+
+Alias /identity_admin %ADMINWSGI%
+
+    SetHandler wsgi-script
+    Options +ExecCGI
+
+    WSGIProcessGroup keystone-admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+

From b0160d0fa9b20a4c1bda01dda6ffceac6beb9842 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 23 Jun 2015 12:53:51 -0400
Subject: [PATCH 0761/3421] Log all input/output in rootwrap calls

This should make it easier to understand possible interactions between
rootwrap processes calling commands that might be the cause of race
bugs.

Closes-Bug: 1081524
Change-Id: Ic1f1fa42e4478a9d30f0f582a68f648935d0097d
---
 stack.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/stack.sh b/stack.sh
index 0d9d836eca..5b3f2c1183 100755
--- a/stack.sh
+++ b/stack.sh
@@ -212,6 +212,15 @@ is_package_installed sudo || install_package sudo
 sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
     echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
 
+# Conditionally setup detailed logging for sudo
+if [[ -n "$LOG_SUDO" ]]; then
+    TEMPFILE=`mktemp`
+    echo "Defaults log_output" > $TEMPFILE
+    chmod 0440 $TEMPFILE
+    sudo chown root:root $TEMPFILE
+    sudo mv $TEMPFILE /etc/sudoers.d/00_logging
+fi
+
 # Set up DevStack sudoers
 TEMPFILE=`mktemp`
 echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE

From 1e3a89eeffc58525c30b8201a552e10776fba423 Mon Sep 17 00:00:00 2001
From: Tomoki Sekine 
Date: Thu, 25 Jun 2015 06:35:07 +0900
Subject: [PATCH 0762/3421] Fix typo: where is runs => where it runs

Change-Id: I7dad52c5b5ea91d727bd8ee7253a64422e4ec210
---
 doc/source/configuration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 8e2e7ffa31..e91012fe2b 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -201,7 +201,7 @@ Enable Logging
 
     | *Defaults: ``LOGFILE="" LOGDAYS=7 LOG_COLOR=True``*
     |  By default ``stack.sh`` output is only written to the console
-       where is runs. It can be sent to a file in addition to the console
+       where it runs. It can be sent to a file in addition to the console
        by setting ``LOGFILE`` to the fully-qualified name of the
        destination log file. A timestamp will be appended to the given
        filename for each run of ``stack.sh``.

From 71947d5fd05c3609417351ab37b9ac24b0eae9ef Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Wed, 17 Jun 2015 17:33:02 -0400
Subject: [PATCH 0763/3421] Fixes for Linux Bridge in the L3 agent

Prior to this patch, the logic for configuring the interface used for
the L3 agent was OVS specific. This patch introduces code to correctly
identify the brq device that is used for the L3 agent when using the
Linux Bridge mechanism driver.

Change-Id: I1a36cad0fb790aaa37417a1176576293e4f2c87f
Co-Authored-By: Jens Rosenboom 
---
 lib/neutron-legacy | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4cfb026ae2..ee72b600d7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1267,9 +1267,19 @@ function _neutron_configure_router_v4 {
     # This logic is specific to using the l3-agent for layer 3
     if is_service_enabled q-l3; then
         # Configure and enable public bridge
+        local ext_gw_interface="none"
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
+            ext_gw_interface=$(_neutron_get_ext_gw_interface)
+        elif [[ "$Q_AGENT" = "linuxbridge" ]]; then
+            # Search for the brq device the neutron router and network for $FIXED_RANGE
+            # will be using.
+            # e.x. brq3592e767-da for NET_ID 3592e767-da66-4bcb-9bec-cdb03cd96102
+            ext_gw_interface=brq${EXT_NET_ID:0:11}
+        fi
+        if [[ "$ext_gw_interface" != "none" ]]; then
             local cidr_len=${FLOATING_RANGE#*/}
+            local testcmd="ip -o link | grep -q $ext_gw_interface"
+            test_with_retry "$testcmd" "$ext_gw_interface creation failed"
             if [[ $(ip addr show dev $ext_gw_interface | grep -c $ext_gw_ip) == 0 && ( $Q_USE_PROVIDERNET_FOR_PUBLIC == "False" || $Q_USE_PUBLIC_VETH == "True" ) ]]; then
                 sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
                 sudo ip link set $ext_gw_interface up

From 614ca26b47076321e1e06d0d79b9f7c53c5ef259 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 26 Jun 2015 14:45:04 +1000
Subject: [PATCH 0764/3421] Install qemu-kvm package on centos/fedora

Change I79a8d8ac7ad2fbd7d2fce696821d130218e43e03 removed the install
of python-libguestfs, which was actually hiding a dependency issue on
Centos.  The "kvm" package is ultimately missing some bios files from
"seabios-bin" -- however with python-libguestfs installed this was
coming in via a dependency chain that pulled in qemu-kvm, which has
the dependency.

qemu-kvm is not strictly required as all the functionality is within
qemu-system-x86.  But while we get [1] sorted out this restores the
job functionality.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1235890

Change-Id: I3379bc497978befac48c5af0f1035b96d030b7eb
---
 files/rpms/nova                    | 1 +
 lib/nova_plugins/functions-libvirt | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/files/rpms/nova b/files/rpms/nova
index ebd667454a..d32c332dd9 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -10,6 +10,7 @@ iptables
 iputils
 kpartx
 kvm # NOPRIME
+qemu-kvm # NOPRIME
 libvirt-bin # NOPRIME
 libvirt-devel # NOPRIME
 libvirt-python # NOPRIME
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 22b58e0065..5525cfd951 100755
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -34,6 +34,13 @@ function install_libvirt {
         #pip_install_gr 
     elif is_fedora || is_suse; then
         install_package kvm
+        # there is a dependency issue with kvm (which is really just a
+        # wrapper to qemu-system-x86) that leaves some bios files out,
+        # so install qemu-kvm (which shouldn't strictly be needed, as
+        # everything has been merged into qemu-system-x86) to bring in
+        # the right packages. see
+        # https://bugzilla.redhat.com/show_bug.cgi?id=1235890
+        install_package qemu-kvm
         install_package libvirt libvirt-devel
         pip_install_gr libvirt-python
     fi

From f2a05497a3716b5eaa178b970d5cd2e6db865a97 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur 
Date: Fri, 26 Jun 2015 15:20:54 +0200
Subject: [PATCH 0765/3421] Drop no longer needed and broken check for cinder
 in is_service_enabled

There is properly working is_cinder_enabled now, and this check
actualy matches ironic-inspector, breaking its devstack plugin.

Change-Id: I659ec9b9b2b49690fd075f9766ae8cbf19e81848
Closes-Bug: #1469160
---
 functions-common | 1 -
 1 file changed, 1 deletion(-)

diff --git a/functions-common b/functions-common
index c85052d5b0..9054c335b6 100644
--- a/functions-common
+++ b/functions-common
@@ -1754,7 +1754,6 @@ function is_service_enabled {
         [[ ${service} == n-cell-* && ${ENABLED_SERVICES} =~ "n-cell" ]] && enabled=0
         [[ ${service} == n-cpu-* && ${ENABLED_SERVICES} =~ "n-cpu" ]] && enabled=0
         [[ ${service} == "nova" && ${ENABLED_SERVICES} =~ "n-" ]] && enabled=0
-        [[ ${service} == "cinder" && ${ENABLED_SERVICES} =~ "c-" ]] && enabled=0
         [[ ${service} == "ceilometer" && ${ENABLED_SERVICES} =~ "ceilometer-" ]] && enabled=0
         [[ ${service} == "glance" && ${ENABLED_SERVICES} =~ "g-" ]] && enabled=0
         [[ ${service} == "ironic" && ${ENABLED_SERVICES} =~ "ir-" ]] && enabled=0

From 68e6ae60e70161eb1f359912da42a450070846b6 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Thu, 25 Jun 2015 18:15:05 -0500
Subject: [PATCH 0766/3421] Support identity API v3 when generate clouds.yaml

When using IDENTITY_API_VERSION=3, the clouds.yaml must also set
auth/user_domain_id and project_domain_id.

Change-Id: If028f2935ea729276f40039a4003c07c08e91672
---
 tools/update_clouds_yaml.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py
index 08621352ad..3a364fe982 100755
--- a/tools/update_clouds_yaml.py
+++ b/tools/update_clouds_yaml.py
@@ -43,6 +43,9 @@ def __init__(self, args):
                 'project_name': args.os_project_name,
             },
         }
+        if args.os_identity_api_version == '3':
+            self._cloud_data['auth']['user_domain_id'] = 'default'
+            self._cloud_data['auth']['project_domain_id'] = 'default'
         if args.os_cacert:
             self._cloud_data['cacert'] = args.os_cacert
 

From cef5e40e0c1479f12f78c9dab74dc3100b2f10f7 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Thu, 25 Jun 2015 17:57:53 -0500
Subject: [PATCH 0767/3421] Support fernet token provider

Keystone added the "fernet" token provider in Kilo. This adds
support for it.

Change-Id: I6b7342ea67157a40edc8b9ba3d84d118e39d86ed
---
 lib/keystone | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index 7a949cf96f..99e31b48f9 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -313,6 +313,8 @@ function configure_keystone {
 
     iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
     # Public workers will use the server default, typically number of CPU.
+
+    iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
 }
 
 function configure_keystone_extensions {
@@ -476,11 +478,15 @@ function init_keystone {
         $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
     done
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
+    if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
         # Set up certificates
         rm -rf $KEYSTONE_CONF_DIR/ssl
         $KEYSTONE_BIN_DIR/keystone-manage pki_setup
     fi
+    if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
+        rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
+        $KEYSTONE_BIN_DIR/keystone-manage fernet_setup
+    fi
 }
 
 # install_keystoneclient() - Collect source and prepare

From dcc8a30f2a1cb597ebc609d10d34b45c68c9a74e Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Sat, 27 Jun 2015 12:45:21 +0000
Subject: [PATCH 0768/3421] Be more explicit about jenkins project config

In documentation like this (which is a huge boon) we should strive to be
as explicit and helpful as possible, so this change tries to be more
clear about what a project.yaml is and where one might go to create it
or change it.

Change-Id: Ia66a361fc7d79e511afa3ad903fffb122b86998b
---
 doc/source/plugins.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index b166936a8b..1b6f5e36ed 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -221,7 +221,9 @@ the best practice is to build a dedicated
 ``stackforge/devstack-plugin-FOO`` project.
 
 To enable a plugin to be used in a gate job, the following lines will
-be needed in your project.yaml definition::
+be needed in your ``jenkins/jobs/.yaml`` definition in
+`project-config
+`_::
 
   # Because we are testing a non standard project, add the
   # our project repository. This makes zuul do the right

From 53a8f7c7bc1864a0e63643ebf90e7c66bf3cdeb7 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Sat, 27 Jun 2015 15:07:20 +0100
Subject: [PATCH 0769/3421] Fix typo in installation of vmware virtdriver

The probably got introduced in recent adjustments to cleanup the
virt driver installs.

Change-Id: Ic51411d5bd9b18d395dbdf948c58fea2d53eba0d
---
 lib/ceilometer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index d7888d9502..ed9b93377e 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -341,7 +341,7 @@ function install_ceilometer {
         fi
 
         if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-            pip_instal_gr oslo.vmware
+            pip_install_gr oslo.vmware
         fi
     fi
 

From 531017cf3e760dc1e9af25684465681277dec8d4 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Sat, 27 Jun 2015 03:37:39 +0000
Subject: [PATCH 0770/3421] Add oslo.cache to devstack

as part of the graduation process, add oslo.cache to lib/oslo
and stackrc.

Change-Id: I2baf0384dd5d71d234a95b7acd0bfe5534f2732c
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 1 +
 3 files changed, 7 insertions(+)

diff --git a/lib/oslo b/lib/oslo
index 554bec8945..be935bbe8c 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -26,6 +26,7 @@ GITDIR["automaton"]=$DEST/automaton
 GITDIR["cliff"]=$DEST/cliff
 GITDIR["debtcollector"]=$DEST/debtcollector
 GITDIR["futurist"]=$DEST/futurist
+GITDIR["oslo.cache"]=$DEST/oslo.cache
 GITDIR["oslo.concurrency"]=$DEST/oslo.concurrency
 GITDIR["oslo.config"]=$DEST/oslo.config
 GITDIR["oslo.context"]=$DEST/oslo.context
@@ -66,6 +67,7 @@ function install_oslo {
     _do_install_oslo_lib "cliff"
     _do_install_oslo_lib "debtcollector"
     _do_install_oslo_lib "futurist"
+    _do_install_oslo_lib "oslo.cache"
     _do_install_oslo_lib "oslo.concurrency"
     _do_install_oslo_lib "oslo.config"
     _do_install_oslo_lib "oslo.context"
diff --git a/stackrc b/stackrc
index 9cd9c053d7..f2aafe97fc 100644
--- a/stackrc
+++ b/stackrc
@@ -327,6 +327,10 @@ GITBRANCH["debtcollector"]=${DEBTCOLLECTOR_BRANCH:-master}
 GITREPO["automaton"]=${AUTOMATON_REPO:-${GIT_BASE}/openstack/automaton.git}
 GITBRANCH["automaton"]=${AUTOMATON_BRANCH:-master}
 
+# oslo.cache
+GITREPO["oslo.cache"]=${OSLOCACHE_REPO:-${GIT_BASE}/openstack/oslo.cache.git}
+GITBRANCH["oslo.cache"]=${OSLOCACHE_BRANCH:-master}
+
 # oslo.concurrency
 GITREPO["oslo.concurrency"]=${OSLOCON_REPO:-${GIT_BASE}/openstack/oslo.concurrency.git}
 GITBRANCH["oslo.concurrency"]=${OSLOCON_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index fc6596789b..1f7169c689 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -40,6 +40,7 @@ ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
 ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
+ALL_LIBS+=" oslo.cache"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 5c0546e427a02ca7f84eac0894bc84073fa32638 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Fri, 26 Jun 2015 17:43:28 +0900
Subject: [PATCH 0771/3421] Add cleanup for Linuxbridge-agent

Change-Id: I53f445e7f8efd950823f79aca95b9e65d1544ee9
Closes-Bug: #1469609
---
 lib/neutron_plugins/linuxbridge_agent | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 mode change 100644 => 100755 lib/neutron_plugins/linuxbridge_agent

diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
old mode 100644
new mode 100755
index b348af9c4f..fefc1c33a8
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -9,6 +9,20 @@ set +o xtrace
 
 function neutron_lb_cleanup {
     sudo brctl delbr $PUBLIC_BRIDGE
+
+    if [[ "$Q_ML2_TENANT_NETWORK_TYPE" = "vxlan" ]]; then
+        for port in $(sudo brctl show | grep -o -e [a-zA-Z\-]*tap[0-9a-f\-]* -e vxlan-[0-9a-f\-]*); do
+            sudo ip link delete $port
+        done
+    elif [[ "$Q_ML2_TENANT_NETWORK_TYPE" = "vlan" ]]; then
+        for port in $(sudo brctl show | grep -o -e [a-zA-Z\-]*tap[0-9a-f\-]* -e ${LB_PHYSICAL_INTERFACE}\.[0-9a-f\-]*); do
+            sudo ip link delete $port
+        done
+    fi
+    for bridge in $(sudo brctl show |grep -o -e brq[0-9a-f\-]*); do
+        sudo ip link set $bridge down
+        sudo brctl delbr $bridge
+    done
 }
 
 function is_neutron_ovs_base_plugin {

From bde24cb7c20a9797eb581a39a9f0839c4951300d Mon Sep 17 00:00:00 2001
From: Anandprakash Dnyaneshwar Tandale 
Date: Mon, 29 Jun 2015 15:04:30 +0530
Subject: [PATCH 0772/3421] Fixing the deprecated library function

os.popen() is deprecated since version 2.6. Resolved with use of
    subprocess module.

Change-Id: Ib6a91ee525e2e57d3901d2c0c1b2d1305bc4566f
---
 tools/worlddump.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 7acfb5e97d..0f1a6a1da9 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -23,6 +23,7 @@
 import os.path
 import sys
 
+from subprocess import Popen
 
 def get_options():
     parser = argparse.ArgumentParser(
@@ -46,7 +47,7 @@ def _dump_cmd(cmd):
     print cmd
     print "-" * len(cmd)
     print
-    print os.popen(cmd).read()
+    subprocess.Popen(cmd, shell=True)
 
 
 def _header(name):

From 04c0f0be2643ef95380a7dcf4b510d86ff11cd58 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 30 Jun 2015 13:47:51 +1000
Subject: [PATCH 0773/3421] Move failure trap after functions it uses

Move the failure trap after the functions it uses, so that
"delete_all" is defined when it is triggered.

Change-Id: Icb2465d0f834b8cb2d46dca3c7df4ae06e49d9b5
---
 exercises/neutron-adv-test.sh | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index 04892b0e93..a0de4ccd37 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -19,18 +19,6 @@ echo "*********************************************************************"
 
 set -o errtrace
 
-trap failed ERR
-function failed {
-    local r=$?
-    set +o errtrace
-    set +o xtrace
-    echo "Failed to execute"
-    echo "Starting cleanup..."
-    delete_all
-    echo "Finished cleanup"
-    exit $r
-}
-
 # Print the commands being run so that we can see the command that triggers
 # an error.  It is also useful for following allowing as the install occurs.
 set -o xtrace
@@ -441,6 +429,18 @@ function main {
     fi
 }
 
+trap failed ERR
+function failed {
+    local r=$?
+    set +o errtrace
+    set +o xtrace
+    echo "Failed to execute"
+    echo "Starting cleanup..."
+    delete_all
+    echo "Finished cleanup"
+    exit $r
+}
+
 # Kick off script
 # ---------------
 

From 4ffb4541452a95ae964c562c89e31c49e39dbaa7 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 30 Jun 2015 11:00:32 +1000
Subject: [PATCH 0774/3421] Add header guard to functions/functions-common

To avoid sourcing this twice and getting globals mixed up,
particularly when using multiple plugins, add a "header guard" that
ensures we only source it once.

In general I don't think functions/functions-common have been written
or considered to be idempotent.  I don't think going down that path is
going to be a long-term solution as it's easy to break.

Change-Id: Idca49eb996d2b7ff3779ec27ed672a2da7852590
Closes-Bug: #1469178
---
 functions        | 4 ++++
 functions-common | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/functions b/functions
index 1668e16b6d..e4aea677d6 100644
--- a/functions
+++ b/functions
@@ -10,6 +10,10 @@
 # - ``GLANCE_HOSTPORT``
 #
 
+# ensure we don't re-source this in the same environment
+[[ -z "$_DEVSTACK_FUNCTIONS" ]] || return 0
+declare -r _DEVSTACK_FUNCTIONS=1
+
 # Include the common functions
 FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 source ${FUNC_DIR}/functions-common
diff --git a/functions-common b/functions-common
index 061a9356f5..5f22bf0c6d 100644
--- a/functions-common
+++ b/functions-common
@@ -36,6 +36,10 @@
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
+# ensure we don't re-source this in the same environment
+[[ -z "$_DEVSTACK_FUNCTIONS_COMMON" ]] || return 0
+declare -r _DEVSTACK_FUNCTIONS_COMMON=1
+
 # Global Config Variables
 declare -A GITREPO
 declare -A GITBRANCH

From 432268b17bff090a8ea8cbbd46c430ddd5be98a1 Mon Sep 17 00:00:00 2001
From: Amey Bhide 
Date: Tue, 30 Jun 2015 11:39:05 -0700
Subject: [PATCH 0775/3421] Fix NameError in worlddump.py

Change-Id: Ie87e5b5ead777c0153ed7fa5d1db5cc1ae444261
---
 tools/worlddump.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 0f1a6a1da9..628a69f7e5 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -47,7 +47,7 @@ def _dump_cmd(cmd):
     print cmd
     print "-" * len(cmd)
     print
-    subprocess.Popen(cmd, shell=True)
+    Popen(cmd, shell=True)
 
 
 def _header(name):

From 77a7d11dfa828468f27bce5456d11a9827473b20 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Mon, 22 Jun 2015 16:44:13 -0400
Subject: [PATCH 0776/3421] Add new oslo libraries

Full list for liberty is as follows:
* oslo.service
* oslo.reports
* automaton
* futurist

oslo.cache was already added in the earlier review

Some of the entries are already there, though automaton was
missing in one spot. Made sure all references have all five
libraries.

Change-Id: Iffb720d46058424924469695a3ae1e4f20655f99
---
 lib/oslo                     | 3 +++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index be935bbe8c..123572cd7b 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -36,6 +36,7 @@ GITDIR["oslo.log"]=$DEST/oslo.log
 GITDIR["oslo.messaging"]=$DEST/oslo.messaging
 GITDIR["oslo.middleware"]=$DEST/oslo.middleware
 GITDIR["oslo.policy"]=$DEST/oslo.policy
+GITDIR["oslo.reports"]=$DEST/oslo.reports
 GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap
 GITDIR["oslo.serialization"]=$DEST/oslo.serialization
 GITDIR["oslo.service"]=$DEST/oslo.service
@@ -64,6 +65,7 @@ function _do_install_oslo_lib {
 
 # install_oslo() - Collect source and prepare
 function install_oslo {
+    _do_install_oslo_lib "automaton"
     _do_install_oslo_lib "cliff"
     _do_install_oslo_lib "debtcollector"
     _do_install_oslo_lib "futurist"
@@ -77,6 +79,7 @@ function install_oslo {
     _do_install_oslo_lib "oslo.messaging"
     _do_install_oslo_lib "oslo.middleware"
     _do_install_oslo_lib "oslo.policy"
+    _do_install_oslo_lib "oslo.reports"
     _do_install_oslo_lib "oslo.rootwrap"
     _do_install_oslo_lib "oslo.serialization"
     _do_install_oslo_lib "oslo.service"
diff --git a/stackrc b/stackrc
index f2aafe97fc..3f56151b00 100644
--- a/stackrc
+++ b/stackrc
@@ -367,6 +367,10 @@ GITBRANCH["oslo.middleware"]=${OSLOMID_BRANCH:-master}
 GITREPO["oslo.policy"]=${OSLOPOLICY_REPO:-${GIT_BASE}/openstack/oslo.policy.git}
 GITBRANCH["oslo.policy"]=${OSLOPOLICY_BRANCH:-master}
 
+# oslo.reports
+GITREPO["oslo.reports"]=${OSLOREPORTS_REPO:-${GIT_BASE}/openstack/oslo.reports.git}
+GITBRANCH["oslo.reports"]=${OSLOREPORTS_BRANCH:-master}
+
 # oslo.rootwrap
 GITREPO["oslo.rootwrap"]=${OSLORWRAP_REPO:-${GIT_BASE}/openstack/oslo.rootwrap.git}
 GITBRANCH["oslo.rootwrap"]=${OSLORWRAP_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 1f7169c689..b3b38e6baf 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -40,7 +40,7 @@ ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
 ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
-ALL_LIBS+=" oslo.cache"
+ALL_LIBS+=" oslo.cache oslo.reports"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 99440f9d596668724690d9091e0a5def1d7f1d6d Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 1 Jul 2015 06:14:01 +1000
Subject: [PATCH 0777/3421] Wait for command in worlddump

Wait for the command to complete and catch errors when running
commands.

Change-Id: I2c93b3bdd930ed8564e33bd2d45fe4e3f08f03f5
---
 tools/worlddump.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 628a69f7e5..0a9f810877 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -21,9 +21,9 @@
 import fnmatch
 import os
 import os.path
+import subprocess
 import sys
 
-from subprocess import Popen
 
 def get_options():
     parser = argparse.ArgumentParser(
@@ -47,7 +47,10 @@ def _dump_cmd(cmd):
     print cmd
     print "-" * len(cmd)
     print
-    Popen(cmd, shell=True)
+    try:
+        subprocess.check_call(cmd, shell=True)
+    except subprocess.CalledProcessError:
+        print "*** Failed to run: %s" % cmd
 
 
 def _header(name):

From 3a9df1dab73e2cb2f27dd014543ab16f22ac3846 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 1 Jul 2015 06:18:47 +1000
Subject: [PATCH 0778/3421] Check for nova-compute before running kill

Unconditionally running this can lead to confusing failure output from
kill as the pgrep matches nothing when nova-compute isn't yet running.

Change-Id: I37cb84fe8e0b393f49b8907af16a3e44f82c46a6
---
 tools/worlddump.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 0a9f810877..e4ba02b51c 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -112,6 +112,13 @@ def compute_consoles():
 
 def guru_meditation_report():
     _header("nova-compute Guru Meditation Report")
+
+    try:
+        subprocess.check_call(["pgrep","nova-compute"])
+    except subprocess.CalledProcessError:
+        print "Skipping as nova-compute does not appear to be running"
+        return
+
     _dump_cmd("kill -s USR1 `pgrep nova-compute`")
     print "guru meditation report in nova-compute log"
 

From 5c7f39fdcd29a74c402840021ca55f47c359fbf1 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 1 Jul 2015 06:29:27 +1000
Subject: [PATCH 0779/3421] Add worlddump unit test

Add a worlddump unit test to avoid simple breakages

Change-Id: I6b87d4dbe22da2c1ca5ceb13134e9bb570f5cef2
---
 tests/test_worlddump.sh | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100755 tests/test_worlddump.sh

diff --git a/tests/test_worlddump.sh b/tests/test_worlddump.sh
new file mode 100755
index 0000000000..f407d407c0
--- /dev/null
+++ b/tests/test_worlddump.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Simple test of worlddump.py
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+source $TOP/tests/unittest.sh
+
+OUT_DIR=$(mktemp -d)
+
+$TOP/tools/worlddump.py -d $OUT_DIR
+
+if [[ $? -ne 0 ]]; then
+    fail "worlddump failed"
+else
+
+    # worlddump creates just one output file
+    OUT_FILE=($OUT_DIR/*.txt)
+
+    if [ ! -r $OUT_FILE ]; then
+        failed "worlddump output not seen"
+    else
+        passed "worlddump output $OUT_FILE"
+
+        if [[ $(stat -c %s $OUT_DIR/*.txt) -gt 0 ]]; then
+            passed "worlddump output is not zero sized"
+        fi
+
+        # put more extensive examination here, if required.
+    fi
+fi
+
+rm -rf $OUT_DIR
+
+report_results

From f750a6fedbb34399e1ee4dd540c13028d53c0e13 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Wed, 1 Jul 2015 12:17:35 +0200
Subject: [PATCH 0780/3421] Already dead process tolerance in unstack.sh

The gate/updown.sh calls the unstack.sh with
-ex option. Normally we do not use -e with unstack.sh.

The unstack.sh can fail if the service already stopped,
and it also can have flaky failures on the gate.

For example the stop_swift function tries to kill swift in two
different ways, and if the first one succeeds before the 2th attempt
the pkill fails the whole unstack.sh.

This change accepts kill failure.
Normally the kill can fail if the process does not exits,
or when you do not have permission to the kill operation.

Since the permission issue is very unlikely in our case,
this change does not tries to distinguish the two operation.

The behavior of the unstack.sh wen you are not using -ex should
not be changed by this change.

Change-Id: I64bf3cbe1b60c96f5b271dcfb620c3d4b50de26b
---
 functions-common                          | 2 +-
 lib/neutron_plugins/services/loadbalancer | 2 +-
 lib/swift                                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/functions-common b/functions-common
index 6ab567a4c6..f122e56f98 100644
--- a/functions-common
+++ b/functions-common
@@ -1342,7 +1342,7 @@ function screen_stop_service {
 
     if is_service_enabled $service; then
         # Clean up the screen window
-        screen -S $SCREEN_NAME -p $service -X kill
+        screen -S $SCREEN_NAME -p $service -X kill || true
     fi
 }
 
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
index f465cc94b4..34190f9a56 100644
--- a/lib/neutron_plugins/services/loadbalancer
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -42,7 +42,7 @@ function neutron_agent_lbaas_configure_agent {
 
 function neutron_lbaas_stop {
     pids=$(ps aux | awk '/haproxy/ { print $2 }')
-    [ ! -z "$pids" ] && sudo kill $pids
+    [ ! -z "$pids" ] && sudo kill $pids || true
 }
 
 # Restore xtrace
diff --git a/lib/swift b/lib/swift
index 0cd51aaddf..5b73981ed2 100644
--- a/lib/swift
+++ b/lib/swift
@@ -772,7 +772,7 @@ function stop_swift {
         stop_process s-${type}
     done
     # Blast out any stragglers
-    pkill -f swift-
+    pkill -f swift- || true
 }
 
 function swift_configure_tempurls {

From 2ba4a7214c96542987e1c379a28765a242136b12 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka 
Date: Fri, 26 Jun 2015 10:45:44 +0200
Subject: [PATCH 0781/3421] Fixed detection of a project in projects.txt

Before the fix, requirements soft-update was used for projects that are
in the file.

Change-Id: I095d42521f54b45a6b13837e2f8375fa04532faa
Closes-Bug: #1469067
---
 inc/python | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/python b/inc/python
index 07a811e8c3..9a7cea0a07 100644
--- a/inc/python
+++ b/inc/python
@@ -195,7 +195,7 @@ function setup_develop {
 function is_in_projects_txt {
     local project_dir=$1
     local project_name=$(basename $project_dir)
-    return grep "/$project_name\$" $REQUIREMENTS_DIR/projects.txt >/dev/null
+    grep -q "/$project_name\$" $REQUIREMENTS_DIR/projects.txt
 }
 
 # ``pip install -e`` the package, which processes the dependencies

From 3381e09f72e7edbf39080893212b533b8e01a3a9 Mon Sep 17 00:00:00 2001
From: Sergey Lukjanov 
Date: Wed, 1 Jul 2015 14:20:23 +0300
Subject: [PATCH 0782/3421] Move Sahara into in-tree plugin

Once the Sahara related code moved to Sahara repo and used, we can
remove Sahara specific code from Devstack.

Partial-Implements: bp sahara-devstack-intree

Change-Id: I34412b5cb2e86944b8555b8fd04b43556eb2bbe6
Depends-on: I2e00b2ebc59dd3be6a0539dea2985f2e801a1bd7
Depends-on: I07c3fede473030e8a110cbf5a08309f890905abf
---
 MAINTAINERS.rst                |   5 -
 doc/source/index.rst           |   3 -
 doc/source/plugin-registry.rst |   2 +
 exercises/sahara.sh            |  49 -------
 extras.d/70-sahara.sh          |  29 ----
 lib/sahara                     | 259 ---------------------------------
 stack.sh                       |   2 +-
 stackrc                        |   8 -
 tests/test_libs_from_pypi.sh   |   2 +-
 9 files changed, 4 insertions(+), 355 deletions(-)
 delete mode 100755 exercises/sahara.sh
 delete mode 100644 extras.d/70-sahara.sh
 delete mode 100644 lib/sahara

diff --git a/MAINTAINERS.rst b/MAINTAINERS.rst
index eeb1f21b61..d4968a6051 100644
--- a/MAINTAINERS.rst
+++ b/MAINTAINERS.rst
@@ -63,11 +63,6 @@ OpenFlow Agent (ofagent)
 * YAMAMOTO Takashi 
 * Fumihiko Kakuma 
 
-Sahara
-~~~~~~
-
-* Sergey Lukjanov 
-
 Swift
 ~~~~~
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index f15c3060e7..2dd0241fba 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -170,7 +170,6 @@ Scripts
 * `lib/nova `__
 * `lib/oslo `__
 * `lib/rpc\_backend `__
-* `lib/sahara `__
 * `lib/swift `__
 * `lib/tempest `__
 * `lib/tls `__
@@ -181,7 +180,6 @@ Scripts
 
 * `extras.d/50-ironic.sh `__
 * `extras.d/60-ceph.sh `__
-* `extras.d/70-sahara.sh `__
 * `extras.d/70-tuskar.sh `__
 * `extras.d/70-zaqar.sh `__
 * `extras.d/80-tempest.sh `__
@@ -238,7 +236,6 @@ Exercises
 * `exercises/floating\_ips.sh `__
 * `exercises/horizon.sh `__
 * `exercises/neutron-adv-test.sh `__
-* `exercises/sahara.sh `__
 * `exercises/sec\_groups.sh `__
 * `exercises/swift.sh `__
 * `exercises/volumes.sh `__
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 2dd70d84e9..c5c4e1eaa5 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -22,6 +22,8 @@ The following are plugins that exist for official OpenStack projects.
 +--------------------+-------------------------------------------+--------------------+
 |magnum              |git://git.openstack.org/openstack/magnum   |                    |
 +--------------------+-------------------------------------------+--------------------+
+|sahara              |git://git.openstack.org/openstack/sahara   |                    |
++--------------------+-------------------------------------------+--------------------+
 |trove               |git://git.openstack.org/openstack/trove    |                    |
 +--------------------+-------------------------------------------+--------------------+
 |zaqar               |git://git.openstack.org/openstack/zarar    |                    |
diff --git a/exercises/sahara.sh b/exercises/sahara.sh
deleted file mode 100755
index 8cad94562d..0000000000
--- a/exercises/sahara.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-
-# **sahara.sh**
-
-# Sanity check that Sahara started if enabled
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import configuration
-source $TOP_DIR/openrc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-is_service_enabled sahara || exit 55
-
-if is_ssl_enabled_service "sahara" || is_service_enabled tls-proxy; then
-    SAHARA_SERVICE_PROTOCOL="https"
-fi
-
-SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
-
-$CURL_GET $SAHARA_SERVICE_PROTOCOL://$SERVICE_HOST:8386/ 2>/dev/null | grep -q 'Auth' || die $LINENO "Sahara API isn't functioning!"
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
diff --git a/extras.d/70-sahara.sh b/extras.d/70-sahara.sh
deleted file mode 100644
index f177766d3b..0000000000
--- a/extras.d/70-sahara.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-# sahara.sh - DevStack extras script to install Sahara
-
-if is_service_enabled sahara; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source
-        source $TOP_DIR/lib/sahara
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing sahara"
-        install_sahara
-        install_python_saharaclient
-        cleanup_sahara
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        echo_summary "Configuring sahara"
-        configure_sahara
-        create_sahara_accounts
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        echo_summary "Initializing sahara"
-        sahara_register_images
-        start_sahara
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_sahara
-    fi
-
-    if [[ "$1" == "clean" ]]; then
-        cleanup_sahara
-    fi
-fi
diff --git a/lib/sahara b/lib/sahara
deleted file mode 100644
index 51e431afc7..0000000000
--- a/lib/sahara
+++ /dev/null
@@ -1,259 +0,0 @@
-#!/bin/bash
-#
-# lib/sahara
-
-# Dependencies:
-# ``functions`` file
-# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# install_sahara
-# install_python_saharaclient
-# configure_sahara
-# sahara_register_images
-# start_sahara
-# stop_sahara
-# cleanup_sahara
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-# Set up default repos
-
-# Set up default directories
-GITDIR["python-saharaclient"]=$DEST/python-saharaclient
-SAHARA_DIR=$DEST/sahara
-
-SAHARA_CONF_DIR=${SAHARA_CONF_DIR:-/etc/sahara}
-SAHARA_CONF_FILE=${SAHARA_CONF_DIR}/sahara.conf
-
-if is_ssl_enabled_service "sahara" || is_service_enabled tls-proxy; then
-    SAHARA_SERVICE_PROTOCOL="https"
-fi
-SAHARA_SERVICE_HOST=${SAHARA_SERVICE_HOST:-$SERVICE_HOST}
-SAHARA_SERVICE_PORT=${SAHARA_SERVICE_PORT:-8386}
-SAHARA_SERVICE_PORT_INT=${SAHARA_SERVICE_PORT_INT:-18386}
-SAHARA_SERVICE_PROTOCOL=${SAHARA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
-
-SAHARA_AUTH_CACHE_DIR=${SAHARA_AUTH_CACHE_DIR:-/var/cache/sahara}
-
-SAHARA_ENABLED_PLUGINS=${SAHARA_ENABLED_PLUGINS:-vanilla,hdp,cdh,spark,fake}
-
-# Support entry points installation of console scripts
-if [[ -d $SAHARA_DIR/bin ]]; then
-    SAHARA_BIN_DIR=$SAHARA_DIR/bin
-else
-    SAHARA_BIN_DIR=$(get_python_exec_prefix)
-fi
-
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,sahara
-
-# Functions
-# ---------
-
-# create_sahara_accounts() - Set up common required sahara accounts
-#
-# Tenant      User       Roles
-# ------------------------------
-# service     sahara    admin
-function create_sahara_accounts {
-
-    create_service_user "sahara"
-
-    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-        # TODO: remove "data_processing" service when #1356053 will be fixed
-        local sahara_service_old=$(openstack service create \
-            "data_processing" \
-            --name "sahara" \
-            --description "Sahara Data Processing" \
-            -f value -c id
-        )
-        local sahara_service_new=$(openstack service create \
-            "data-processing" \
-            --name "sahara" \
-            --description "Sahara Data Processing" \
-            -f value -c id
-        )
-        get_or_create_endpoint $sahara_service_old \
-            "$REGION_NAME" \
-            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
-        get_or_create_endpoint $sahara_service_new \
-            "$REGION_NAME" \
-            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
-            "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
-    fi
-}
-
-# cleanup_sahara() - Remove residual data files, anything left over from
-# previous runs that would need to clean up.
-function cleanup_sahara {
-
-    # Cleanup auth cache dir
-    sudo rm -rf $SAHARA_AUTH_CACHE_DIR
-}
-
-# configure_sahara() - Set config files, create data dirs, etc
-function configure_sahara {
-    sudo install -d -o $STACK_USER $SAHARA_CONF_DIR
-
-    if [[ -f $SAHARA_DIR/etc/sahara/policy.json ]]; then
-        cp -p $SAHARA_DIR/etc/sahara/policy.json $SAHARA_CONF_DIR
-    fi
-
-    # Create auth cache dir
-    sudo install -d -o $STACK_USER -m 700 $SAHARA_AUTH_CACHE_DIR
-    rm -rf $SAHARA_AUTH_CACHE_DIR/*
-
-    configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR
-
-    iniset_rpc_backend sahara $SAHARA_CONF_FILE DEFAULT
-
-    # Set configuration to send notifications
-
-    if is_service_enabled ceilometer; then
-        iniset $SAHARA_CONF_FILE DEFAULT enable_notifications "true"
-        iniset $SAHARA_CONF_FILE DEFAULT notification_driver "messaging"
-    fi
-
-    iniset $SAHARA_CONF_FILE DEFAULT verbose True
-    iniset $SAHARA_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-
-    iniset $SAHARA_CONF_FILE DEFAULT plugins $SAHARA_ENABLED_PLUGINS
-
-    iniset $SAHARA_CONF_FILE database connection `database_connection_url sahara`
-
-    if is_service_enabled neutron; then
-        iniset $SAHARA_CONF_FILE DEFAULT use_neutron true
-
-        if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
-            iniset $SAHARA_CONF_FILE neutron ca_file $SSL_BUNDLE_FILE
-        fi
-    else
-        iniset $SAHARA_CONF_FILE DEFAULT use_neutron false
-    fi
-
-    if is_service_enabled heat; then
-        iniset $SAHARA_CONF_FILE DEFAULT infrastructure_engine heat
-
-        if is_ssl_enabled_service "heat" || is_service_enabled tls-proxy; then
-            iniset $SAHARA_CONF_FILE heat ca_file $SSL_BUNDLE_FILE
-        fi
-    else
-        iniset $SAHARA_CONF_FILE DEFAULT infrastructure_engine direct
-    fi
-
-    if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
-        iniset $SAHARA_CONF_FILE cinder ca_file $SSL_BUNDLE_FILE
-    fi
-
-    if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
-        iniset $SAHARA_CONF_FILE nova ca_file $SSL_BUNDLE_FILE
-    fi
-
-    if is_ssl_enabled_service "swift" || is_service_enabled tls-proxy; then
-        iniset $SAHARA_CONF_FILE swift ca_file $SSL_BUNDLE_FILE
-    fi
-
-    if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
-        iniset $SAHARA_CONF_FILE keystone ca_file $SSL_BUNDLE_FILE
-    fi
-
-    # Register SSL certificates if provided
-    if is_ssl_enabled_service sahara; then
-        ensure_certificates SAHARA
-
-        iniset $SAHARA_CONF_FILE ssl cert_file "$SAHARA_SSL_CERT"
-        iniset $SAHARA_CONF_FILE ssl key_file "$SAHARA_SSL_KEY"
-    fi
-
-    iniset $SAHARA_CONF_FILE DEFAULT use_syslog $SYSLOG
-
-    # Format logging
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        setup_colorized_logging $SAHARA_CONF_FILE DEFAULT
-    fi
-
-    if is_service_enabled tls-proxy; then
-        # Set the service port for a proxy to take the original
-        iniset $SAHARA_CONF_FILE DEFAULT port $SAHARA_SERVICE_PORT_INT
-    fi
-
-    recreate_database sahara
-    $SAHARA_BIN_DIR/sahara-db-manage --config-file $SAHARA_CONF_FILE upgrade head
-}
-
-# install_sahara() - Collect source and prepare
-function install_sahara {
-    git_clone $SAHARA_REPO $SAHARA_DIR $SAHARA_BRANCH
-    setup_develop $SAHARA_DIR
-}
-
-# install_python_saharaclient() - Collect source and prepare
-function install_python_saharaclient {
-    if use_library_from_git "python-saharaclient"; then
-        git_clone_by_name "python-saharaclient"
-        setup_dev_lib "python-saharaclient"
-    fi
-}
-
-# sahara_register_images() - Registers images in sahara image registry
-function sahara_register_images {
-    if is_service_enabled heat && [[ ! -z "$HEAT_CFN_IMAGE_URL" ]]; then
-        # Register heat image for Fake plugin
-        local fake_plugin_properties="--property _sahara_tag_0.1=True"
-        fake_plugin_properties+=" --property _sahara_tag_fake=True"
-        fake_plugin_properties+=" --property _sahara_username=fedora"
-        openstack --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image set $(basename "$HEAT_CFN_IMAGE_URL" ".qcow2") $fake_plugin_properties
-    fi
-}
-
-# start_sahara() - Start running processes, including screen
-function start_sahara {
-    local service_port=$SAHARA_SERVICE_PORT
-    local service_protocol=$SAHARA_SERVICE_PROTOCOL
-    if is_service_enabled tls-proxy; then
-        service_port=$SAHARA_SERVICE_PORT_INT
-        service_protocol="http"
-    fi
-
-    run_process sahara "$SAHARA_BIN_DIR/sahara-all --config-file $SAHARA_CONF_FILE"
-    run_process sahara-api "$SAHARA_BIN_DIR/sahara-api --config-file $SAHARA_CONF_FILE"
-    run_process sahara-eng "$SAHARA_BIN_DIR/sahara-engine --config-file $SAHARA_CONF_FILE"
-
-    echo "Waiting for Sahara to start..."
-    if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SAHARA_SERVICE_HOST:$service_port; then
-        die $LINENO "Sahara did not start"
-    fi
-
-    # Start proxies if enabled
-    if is_service_enabled tls-proxy; then
-        start_tls_proxy '*' $SAHARA_SERVICE_PORT $SAHARA_SERVICE_HOST $SAHARA_SERVICE_PORT_INT &
-    fi
-}
-
-# stop_sahara() - Stop running processes
-function stop_sahara {
-    # Kill the Sahara screen windows
-    stop_process sahara
-    stop_process sahara-api
-    stop_process sahara-eng
-}
-
-
-# Restore xtrace
-$XTRACE
-
-# Local variables:
-# mode: shell-script
-# End:
diff --git a/stack.sh b/stack.sh
index 591c0dc614..1f355e539b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -505,7 +505,7 @@ source $TOP_DIR/lib/rpc_backend
 check_rpc_backend
 
 # Service to enable with SSL if ``USE_SSL`` is True
-SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron,sahara"
+SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron"
 
 if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then
     die $LINENO "tls-proxy and SSL are mutually exclusive"
diff --git a/stackrc b/stackrc
index f2aafe97fc..91eef07fe1 100644
--- a/stackrc
+++ b/stackrc
@@ -225,10 +225,6 @@ NEUTRON_VPNAAS_BRANCH=${NEUTRON_VPNAAS_BRANCH:-master}
 NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git}
 NOVA_BRANCH=${NOVA_BRANCH:-master}
 
-# data processing service
-SAHARA_REPO=${SAHARA_REPO:-${GIT_BASE}/openstack/sahara.git}
-SAHARA_BRANCH=${SAHARA_BRANCH:-master}
-
 # object storage service
 SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git}
 SWIFT_BRANCH=${SWIFT_BRANCH:-master}
@@ -290,10 +286,6 @@ GITBRANCH["python-neutronclient"]=${NEUTRONCLIENT_BRANCH:-master}
 GITREPO["python-novaclient"]=${NOVACLIENT_REPO:-${GIT_BASE}/openstack/python-novaclient.git}
 GITBRANCH["python-novaclient"]=${NOVACLIENT_BRANCH:-master}
 
-# python saharaclient
-GITREPO["python-saharaclient"]=${SAHARACLIENT_REPO:-${GIT_BASE}/openstack/python-saharaclient.git}
-GITBRANCH["python-saharaclient"]=${SAHARACLIENT_BRANCH:-master}
-
 # python swift client library
 GITREPO["python-swiftclient"]=${SWIFTCLIENT_REPO:-${GIT_BASE}/openstack/python-swiftclient.git}
 GITBRANCH["python-swiftclient"]=${SWIFTCLIENT_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 1f7169c689..5532347848 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -35,7 +35,7 @@ ALL_LIBS+=" python-glanceclient python-ironicclient tempest-lib"
 ALL_LIBS+=" oslo.messaging oslo.log cliff python-heatclient stevedore"
 ALL_LIBS+=" python-cinderclient glance_store oslo.concurrency oslo.db"
 ALL_LIBS+=" oslo.versionedobjects oslo.vmware keystonemiddleware"
-ALL_LIBS+=" oslo.serialization python-saharaclient django_openstack_auth"
+ALL_LIBS+=" oslo.serialization django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
 ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"

From 99970389925f8fb79d55d1a2e00a2d0407f76580 Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Wed, 1 Jul 2015 11:28:32 -0500
Subject: [PATCH 0783/3421] Replace RPC Backend text in README

Review https://review.openstack.org/#/c/192154/ removed support for RPC backends
other than RabbitMQ, but we should still document how to disable rabbit.

Change-Id: I1fd64b5f02573c58d7b0d1005c39a22c459a09a5
---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index ebcb0184e5..750190b716 100644
--- a/README.md
+++ b/README.md
@@ -115,6 +115,16 @@ following in the `localrc` section:
 
 `mysql` is the default database.
 
+# RPC Backend
+
+Support for a RabbitMQ RPC backend is included. Additional RPC backends may
+be available via external plugins.  Enabling or disabling RabbitMQ is handled
+via the usual service functions and ``ENABLED_SERVICES``.
+
+Example disabling RabbitMQ in ``local.conf``:
+
+    disable_service rabbit
+
 # Apache Frontend
 
 Apache web server can be enabled for wsgi services that support being deployed

From e57a33224bcc8a22b4c64be2a7e3b7e784a2536a Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Sat, 20 Jun 2015 14:48:00 -0700
Subject: [PATCH 0784/3421] Set compute-feature-enabled.attach_encrypted_volume
 Tempest option

This allows setting the new option in Tempest for toggling whether
or not the Cinder encrypted volume tests should run.

Depends-On: I48eba7c645cc1c979fd766ae9c05efb00957f787

Related-Bug: #1463525

Change-Id: I9e12f8dc9e3e6b68dc031351cb081ee2bc6e6cbb
---
 lib/tempest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/tempest b/lib/tempest
index 5ea217f869..a84ade2a81 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -379,6 +379,7 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute-feature-enabled preserve_ports True
     # TODO(gilliard): Remove the live_migrate_paused_instances flag when Juno is end of life.
     iniset $TEMPEST_CONFIG compute-feature-enabled live_migrate_paused_instances True
+    iniset $TEMPEST_CONFIG compute-feature-enabled attach_encrypted_volume ${ATTACH_ENCRYPTED_VOLUME_AVAILABLE:-True}
 
     # Network
     iniset $TEMPEST_CONFIG network api_version 2.0

From a709b11a533c40bee910b8a4a4c9d102fab004cc Mon Sep 17 00:00:00 2001
From: Assaf Muller 
Date: Wed, 1 Jul 2015 18:19:11 -0400
Subject: [PATCH 0785/3421] Update Neutron section in README

Change-Id: Ic4b354a587a1d5f83037fb5250e8e5c9cfe6d48c
---
 README.md | 37 ++++++++++++++-----------------------
 1 file changed, 14 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index 455e1c69c6..cd83dd8292 100644
--- a/README.md
+++ b/README.md
@@ -193,7 +193,7 @@ services are started in background and managed by `swift-init` tool.
 
 Basic Setup
 
-In order to enable Neutron a single node setup, you'll need the
+In order to enable Neutron in a single node setup, you'll need the
 following settings in your `local.conf`:
 
     disable_service n-net
@@ -203,47 +203,38 @@ following settings in your `local.conf`:
     enable_service q-l3
     enable_service q-meta
     enable_service q-metering
-    # Optional, to enable tempest configuration as part of DevStack
-    enable_service tempest
 
 Then run `stack.sh` as normal.
 
 DevStack supports setting specific Neutron configuration flags to the
-service, Open vSwitch plugin and LinuxBridge plugin configuration files.
-To make use of this feature, the settings can be added to ``local.conf``.
-The old ``Q_XXX_EXTRA_XXX_OPTS`` variables are deprecated and will be removed
-in the near future.  The ``local.conf`` headers for the replacements are:
-
-* ``Q_SRV_EXTRA_OPTS``:
+service, ML2 plugin, DHCP and L3 configuration files:
 
     [[post-config|/$Q_PLUGIN_CONF_FILE]]
-    [linuxbridge]   # or [ovs]
+    [ml2]
+    mechanism_drivers=openvswitch,l2population
 
-Example extra config in `local.conf`:
+    [[post-config|$NEUTRON_CONF]]
+    [DEFAULT]
+    quota_port=42
 
-    [[post-config|/$Q_PLUGIN_CONF_FILE]]
-    [agent]
-    tunnel_type=vxlan
-    vxlan_udp_port=8472
+    [[post-config|$Q_L3_CONF_FILE]]
+    [DEFAULT]
+    agent_mode=legacy
 
-    [[post-config|$NEUTRON_CONF]]
+    [[post-config|$Q_DHCP_CONF_FILE]]
     [DEFAULT]
-    tenant_network_type=vxlan
+    dnsmasq_dns_servers = 8.8.8.8,8.8.4.4
 
-DevStack also supports configuring the Neutron ML2 plugin. The ML2 plugin
-can run with the OVS, LinuxBridge, or Hyper-V agents on compute hosts. This
-is a simple way to configure the ml2 plugin:
+The ML2 plugin can run with the OVS, LinuxBridge, or Hyper-V agents on compute
+hosts. This is a simple way to configure the ml2 plugin:
 
     # VLAN configuration
-    Q_PLUGIN=ml2
     ENABLE_TENANT_VLANS=True
 
     # GRE tunnel configuration
-    Q_PLUGIN=ml2
     ENABLE_TENANT_TUNNELS=True
 
     # VXLAN tunnel configuration
-    Q_PLUGIN=ml2
     Q_ML2_TENANT_NETWORK_TYPE=vxlan
 
 The above will default in DevStack to using the OVS on each compute host.

From 635a5ba9929e1594aacfc0229663f43898479e2a Mon Sep 17 00:00:00 2001
From: Robert Collins 
Date: Wed, 10 Jun 2015 08:48:06 +1200
Subject: [PATCH 0786/3421] constraints file support for devstack.

Constraints files allow a global view of dependencies for devstack
without the side effect that requirements files have of installing
everything everytime. This is part of the cross project
requirements-management spec.

Change-Id: If089d30146629e6cf817edd634e5c2b80f1366dd
---
 inc/python | 22 ++++++++++++++++++----
 stack.sh   |  3 +++
 stackrc    |  6 ++++++
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/inc/python b/inc/python
index 07a811e8c3..ca185f05d2 100644
--- a/inc/python
+++ b/inc/python
@@ -66,7 +66,8 @@ function pip_install_gr {
 
 # Wrapper for ``pip install`` to set cache and proxy environment variables
 # Uses globals ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
-# ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``
+# ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``,
+# ``USE_CONSTRAINTS``
 # pip_install package [package ...]
 function pip_install {
     local xtrace=$(set +o | grep xtrace)
@@ -103,6 +104,13 @@ function pip_install {
         fi
     fi
 
+    cmd_pip="$cmd_pip install"
+
+    # Handle a constraints file, if needed.
+    if [[ "$USE_CONSTRAINTS" == "True" ]]; then
+        cmd_pip="$cmd_pip -c $REQUIREMENTS_DIR/upper-constraints.txt"
+    fi
+
     local pip_version=$(python -c "import pip; \
                         print(pip.__version__.strip('.')[0])")
     if (( pip_version<6 )); then
@@ -116,7 +124,7 @@ function pip_install {
         https_proxy="${https_proxy:-}" \
         no_proxy="${no_proxy:-}" \
         PIP_FIND_LINKS=$PIP_FIND_LINKS \
-        $cmd_pip install $upgrade \
+        $cmd_pip $upgrade \
         $@
 
     # Also install test requirements
@@ -128,7 +136,7 @@ function pip_install {
             https_proxy=${https_proxy:-} \
             no_proxy=${no_proxy:-} \
             PIP_FIND_LINKS=$PIP_FIND_LINKS \
-            $cmd_pip install $upgrade \
+            $cmd_pip $upgrade \
             -r $test_req
     fi
 }
@@ -215,7 +223,7 @@ function setup_package_with_req_sync {
     # ``errexit`` requires us to trap the exit code when the repo is changed
     local update_requirements=$(cd $project_dir && git diff --exit-code >/dev/null || echo "changed")
 
-    if [[ $update_requirements != "changed" ]]; then
+    if [[ $update_requirements != "changed" && "$USE_CONSTRAINTS" == "False" ]]; then
         if is_in_projects_txt $project_dir; then
             (cd $REQUIREMENTS_DIR; \
                 ./.venv/bin/python update.py $project_dir)
@@ -227,6 +235,12 @@ function setup_package_with_req_sync {
         fi
     fi
 
+    if [ -n "$REQUIREMENTS_DIR" ]; then
+        # Constrain this package to this project directory from here on out.
+        local name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
+        $REQUIREMENTS_DIR/.venv/bin/edit-constraints $REQUIREMENTS_DIR/upper-constraints.txt -- $name "$flags $project_dir"
+    fi
+
     setup_package $project_dir $flags
 
     # We've just gone and possibly modified the user's source tree in an
diff --git a/stack.sh b/stack.sh
index 591c0dc614..4069509e96 100755
--- a/stack.sh
+++ b/stack.sh
@@ -683,6 +683,9 @@ save_stackenv $LINENO
 echo_summary "Installing package prerequisites"
 source $TOP_DIR/tools/install_prereqs.sh
 
+# Normalise USE_CONSTRAINTS
+USE_CONSTRAINTS=$(trueorfalse False USE_CONSTRAINTS)
+
 # Configure an appropriate Python environment
 if [[ "$OFFLINE" != "True" ]]; then
     PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/install_pip.sh
diff --git a/stackrc b/stackrc
index f2aafe97fc..e76abc0e85 100644
--- a/stackrc
+++ b/stackrc
@@ -149,6 +149,12 @@ DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
 # Zero disables timeouts
 GIT_TIMEOUT=${GIT_TIMEOUT:-0}
 
+# Constraints mode
+# - False (default) : update git projects dependencies from global-requirements.
+#
+# - True : use upper-constraints.txt to constrain versions of packages intalled
+#          and do not edit projects at all.
+USE_CONSTRAINTS=${USE_CONSTRAINTS:-False}
 
 # Repositories
 # ------------

From 0ffdb368a65d4e1532aba14c82c8b91e30db0acd Mon Sep 17 00:00:00 2001
From: Dean Troyer 
Date: Thu, 2 Jul 2015 09:09:51 -0500
Subject: [PATCH 0787/3421] Move USE_CONSTRAINTS normalization back to stackrc

stackrc needs to do all of the initialization for situations (Grenade,
unstack.sh, etc) that do not run stack.sh

Change-Id: Ib8c7b923dde817b37f852515dd049fcf970b999a
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index e76abc0e85..c59d0a4a20 100644
--- a/stackrc
+++ b/stackrc
@@ -154,7 +154,7 @@ GIT_TIMEOUT=${GIT_TIMEOUT:-0}
 #
 # - True : use upper-constraints.txt to constrain versions of packages intalled
 #          and do not edit projects at all.
-USE_CONSTRAINTS=${USE_CONSTRAINTS:-False}
+USE_CONSTRAINTS=$(trueorfalse False USE_CONSTRAINTS)
 
 # Repositories
 # ------------

From 180f5eb652c73463cd5ae7d0dbede6d9d31a5df5 Mon Sep 17 00:00:00 2001
From: Brian Haley 
Date: Tue, 16 Jun 2015 13:14:31 -0400
Subject: [PATCH 0788/3421] Add IPv6 support to devstack infrastructure

By default, most Openstack services are bound to 0.0.0.0
and service endpoints are registered as IPv4 addresses.
With this change we introduce two new variables to control
this behavior:

SERVICE_IP_VERSION - can either be "4" or "6".

When set to "4" (default if not set) devstack will operate
as today - most services will open listen sockets on 0.0.0.0
and service endpoints will be registered using HOST_IP as the
address.

When set to "6" devstack services will open listen sockets on ::
and service endpoints will be registered using HOST_IPV6 as the
address.

There is no support for "4+6", more work is required for that.

HOST_IPV6 - if SERVICE_IP_VERSION=6 this must be an IPv6
address configured on the system.

Some existing services, like the Openvswitch agent, will continue
to use IPv4 addresses for things like tunnel endpoints.  This is
a current restriction in the code and can be updated at a later
time.  This change is just a first step to supporting IPv6-only
control and data planes in devstack.

This change is also partly based on two previous patches,
https://review.openstack.org/#/c/140519/ and
https://review.openstack.org/#/c/176898/

Change-Id: I5c0b775490ce54ab104fd5e89b20fb700212ae74
Co-Authored-By: Sean Collins 
Co-Authored-By: Baodong Li 
Co-Authored-By: Sridhar Gaddam 
Co-Authored-By: Adam Kacmarsky 
Co-Authored-By: Jeremy Alvis 
---
 README.md                    | 16 +++++++++++++
 doc/source/configuration.rst | 26 ++++++++++++++++++++
 functions-common             | 12 +++++++---
 lib/cinder                   |  2 ++
 lib/database                 | 13 ++++++++--
 lib/databases/mysql          |  4 ++--
 lib/glance                   |  6 +++++
 lib/neutron-legacy           |  3 +++
 lib/nova                     | 25 ++++++++++++++++----
 lib/swift                    |  7 +++---
 samples/local.conf           | 15 ++++++------
 stack.sh                     |  5 +++-
 stackrc                      | 46 +++++++++++++++++++++++++++++++++---
 13 files changed, 154 insertions(+), 26 deletions(-)

diff --git a/README.md b/README.md
index ebcb0184e5..34e451dc0b 100644
--- a/README.md
+++ b/README.md
@@ -360,6 +360,22 @@ Be aware that there are some features currently missing in cells, one notable
 one being security groups.  The exercises have been patched to disable
 functionality not supported by cells.
 
+# IPv6
+
+By default, most Openstack services are bound to 0.0.0.0
+and service endpoints are registered as IPv4 addresses.
+A new variable was created to control this behavior, and to
+allow for operation over IPv6 instead of IPv4.
+
+For this, add the following to `local.conf`:
+
+    SERVICE_IP_VERSION=6
+
+When set to "6" devstack services will open listen sockets on ::
+and service endpoints will be registered using HOST_IPV6 as the
+address.  The default value for this setting is `4`.  Dual-mode
+support, for example `4+6` is not currently supported.
+
 
 # Local Configuration
 
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index e91012fe2b..6052576e98 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -137,6 +137,11 @@ Ethernet interface to a bridge on the host. Setting it here also makes it
 available for ``openrc`` to set ``OS_AUTH_URL``. ``HOST_IP`` is not set
 by default.
 
+``HOST_IPV6`` is normally detected on the first run of ``stack.sh`` but
+will not be set if there is no IPv6 address on the default Ethernet interface.
+Setting it here also makes it available for ``openrc`` to set ``OS_AUTH_URL``.
+``HOST_IPV6`` is not set by default.
+
 Common Configuration Variables
 ==============================
 
@@ -391,6 +396,8 @@ Multi-host DevStack
         ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
 
 IP Version
+----------
+
     | Default: ``IP_VERSION=4+6``
     | This setting can be used to configure DevStack to create either an IPv4,
       IPv6, or dual stack tenant data network by setting ``IP_VERSION`` to
@@ -418,6 +425,25 @@ IP Version
     | *Note: ``FIXED_RANGE_V6`` and ``IPV6_PRIVATE_NETWORK_GATEWAY``
       can be configured with any valid IPv6 prefix. The default values make
       use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC 4193.*
+    |
+
+    | Default: ``SERVICE_IP_VERSION=4``
+    | This setting can be used to configure DevStack to enable services to
+      operate over either IPv4 or IPv6, by setting ``SERVICE_IP_VERSION`` to
+      either ``SERVICE_IP_VERSION=4`` or ``SERVICE_IP_VERSION=6`` respectively.
+      When set to ``4`` devstack services will open listen sockets on 0.0.0.0
+      and service endpoints will be registered using ``HOST_IP`` as the address.
+      When set to ``6`` devstack services will open listen sockets on :: and
+      service endpoints will be registered using ``HOST_IPV6`` as the address.
+      The default value for this setting is ``4``.  Dual-mode support, for
+      example ``4+6`` is not currently supported.
+    | The following optional variable can be used to alter the default IPv6
+      address used:
+    |
+
+    ::
+
+        HOST_IPV6=${some_local_ipv6_address}
 
 Examples
 ========
diff --git a/functions-common b/functions-common
index 483b1fa696..39c1bfc4d7 100644
--- a/functions-common
+++ b/functions-common
@@ -46,7 +46,8 @@ TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 # Save these variables to .stackenv
 STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
     KEYSTONE_AUTH_PROTOCOL KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \
-    LOGFILE OS_CACERT SERVICE_HOST SERVICE_PROTOCOL STACK_USER TLS_IP"
+    LOGFILE OS_CACERT SERVICE_HOST SERVICE_PROTOCOL STACK_USER TLS_IP \
+    HOST_IPV6"
 
 
 # Saves significant environment variables to .stackenv for later use
@@ -578,13 +579,14 @@ function get_default_host_ip {
     local floating_range=$2
     local host_ip_iface=$3
     local host_ip=$4
+    local af=$5
 
     # Search for an IP unless an explicit is set by ``HOST_IP`` environment variable
     if [ -z "$host_ip" -o "$host_ip" == "dhcp" ]; then
         host_ip=""
         # Find the interface used for the default route
-        host_ip_iface=${host_ip_iface:-$(ip route | awk '/default/ {print $5}' | head -1)}
-        local host_ips=$(LC_ALL=C ip -f inet addr show ${host_ip_iface} | awk '/inet/ {split($2,parts,"/");  print parts[1]}')
+        host_ip_iface=${host_ip_iface:-$(ip -f $af route | awk '/default/ {print $5}' | head -1)}
+        local host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | awk /$af'/ {split($2,parts,"/");  print parts[1]}')
         local ip
         for ip in $host_ips; do
             # Attempt to filter out IP addresses that are part of the fixed and
@@ -593,6 +595,10 @@ function get_default_host_ip {
             # will be printed and the first IP from the interface will be used.
             # If that is not correct set ``HOST_IP`` in ``localrc`` to the correct
             # address.
+            if [[ "$af" == "inet6" ]]; then
+                host_ip=$ip
+                break;
+            fi
             if ! (address_in_net $ip $fixed_range || address_in_net $ip $floating_range); then
                 host_ip=$ip
                 break;
diff --git a/lib/cinder b/lib/cinder
index 81174474e4..ab315ac8a2 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -65,6 +65,7 @@ CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
 CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
 CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
 CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 
 # What type of LVM device should Cinder use for LVM backend
 # Defaults to default, which is thick, the other valid choice
@@ -222,6 +223,7 @@ function configure_cinder {
     iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
     iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf"
     iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.contrib.standard_extensions
+    iniset $CINDER_CONF DEFAULT osapi_volume_listen $CINDER_SERVICE_LISTEN_ADDRESS
     iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
     iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
     iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL
diff --git a/lib/database b/lib/database
index ff1fafee26..5bbbe3144b 100644
--- a/lib/database
+++ b/lib/database
@@ -70,10 +70,19 @@ function initialize_database_backends {
 
     # For backward-compatibility, read in the MYSQL_HOST/USER variables and use
     # them as the default values for the DATABASE_HOST/USER variables.
-    MYSQL_HOST=${MYSQL_HOST:-127.0.0.1}
+    MYSQL_HOST=${MYSQL_HOST:-$SERVICE_LOCAL_HOST}
     MYSQL_USER=${MYSQL_USER:-root}
 
-    DATABASE_HOST=${DATABASE_HOST:-${MYSQL_HOST}}
+    # Set DATABASE_HOST equal to MYSQL_HOST. If SERVICE_IP_VERSION is equal to 6,
+    # set DATABASE_HOST equal to [MYSQL_HOST]. MYSQL_HOST cannot use brackets due
+    # to mysql not using bracketing for IPv6 addresses. DATABASE_HOST must have brackets
+    # due to sqlalchemy only reading IPv6 addresses with brackets.
+    if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
+        DATABASE_HOST=${DATABASE_HOST:-[$MYSQL_HOST]}
+    else
+        DATABASE_HOST=${DATABASE_HOST:-${MYSQL_HOST}}
+    fi
+
     DATABASE_USER=${DATABASE_USER:-${MYSQL_USER}}
 
     if [ -n "$MYSQL_PASSWORD" ]; then
diff --git a/lib/databases/mysql b/lib/databases/mysql
index 0e477ca264..9c9401edf6 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -90,10 +90,10 @@ function configure_database_mysql {
 
     # Now update ``my.cnf`` for some local needs and restart the mysql service
 
-    # Change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0) and
+    # Change ‘bind-address’ from localhost (127.0.0.1) to any (::) and
     # set default db type to InnoDB
     sudo bash -c "source $TOP_DIR/functions && \
-        iniset $my_conf mysqld bind-address 0.0.0.0 && \
+        iniset $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" && \
         iniset $my_conf mysqld sql_mode STRICT_ALL_TABLES && \
         iniset $my_conf mysqld default-storage-engine InnoDB \
         iniset $my_conf mysqld max_connections 1024 \
diff --git a/lib/glance b/lib/glance
index 4dbce9f521..c268324733 100644
--- a/lib/glance
+++ b/lib/glance
@@ -64,6 +64,7 @@ fi
 
 # Glance connection info.  Note the port must be specified.
 GLANCE_SERVICE_HOST=${GLANCE_SERVICE_HOST:-$SERVICE_HOST}
+GLANCE_SERVICE_LISTEN_ADDRESS=${GLANCE_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292}
 GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292}
 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT}
@@ -106,6 +107,7 @@ function configure_glance {
     # Copy over our glance configurations and update them
     cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
     iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
     inicomment $GLANCE_REGISTRY_CONF DEFAULT log_file
     local dburl=`database_connection_url glance`
     iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
@@ -118,6 +120,7 @@ function configure_glance {
 
     cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
     iniset $GLANCE_API_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+    iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
     inicomment $GLANCE_API_CONF DEFAULT log_file
     iniset $GLANCE_API_CONF DEFAULT sql_connection $dburl
     iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
@@ -136,6 +139,7 @@ function configure_glance {
 
     # Store specific configs
     iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
+    iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST
 
     iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
 
@@ -202,6 +206,7 @@ function configure_glance {
     iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
     iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_password
     iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD
+    iniset $GLANCE_CACHE_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST
 
     # Store specific confs
     iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
@@ -223,6 +228,7 @@ function configure_glance {
     if is_service_enabled g-search; then
         cp $GLANCE_DIR/etc/glance-search.conf $GLANCE_SEARCH_CONF
         iniset $GLANCE_SEARCH_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
+        iniset $GLANCE_SEARCH_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
         inicomment $GLANCE_SEARCH_CONF DEFAULT log_file
         iniset $GLANCE_SEARCH_CONF DEFAULT use_syslog $SYSLOG
         iniset $GLANCE_SEARCH_CONF DEFAULT sql_connection $dburl
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index acc2851131..cb1d1ef2ad 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -138,6 +138,8 @@ Q_PORT_INT=${Q_PORT_INT:-19696}
 Q_HOST=${Q_HOST:-$SERVICE_HOST}
 # Default protocol
 Q_PROTOCOL=${Q_PROTOCOL:-$SERVICE_PROTOCOL}
+# Default listen address
+Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 # Default admin username
 Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
 # Default auth strategy
@@ -871,6 +873,7 @@ function _configure_neutron_common {
     iniset $NEUTRON_CONF database connection `database_connection_url $Q_DB_NAME`
     iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron
     iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
+    iniset $NEUTRON_CONF DEFAULT bind_host $Q_LISTEN_ADDRESS
     # If addition config files are set, make sure their path name is set as well
     if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
         die $LINENO "Neutron additional plugin config not set.. exiting"
diff --git a/lib/nova b/lib/nova
index 88b336a1be..ee748434d5 100644
--- a/lib/nova
+++ b/lib/nova
@@ -85,6 +85,8 @@ NOVA_SERVICE_HOST=${NOVA_SERVICE_HOST:-$SERVICE_HOST}
 NOVA_SERVICE_PORT=${NOVA_SERVICE_PORT:-8774}
 NOVA_SERVICE_PORT_INT=${NOVA_SERVICE_PORT_INT:-18774}
 NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
+NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}
 EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}
 
@@ -476,11 +478,20 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT default_floating_pool "$PUBLIC_NETWORK_NAME"
     iniset $NOVA_CONF DEFAULT s3_host "$SERVICE_HOST"
     iniset $NOVA_CONF DEFAULT s3_port "$S3_SERVICE_PORT"
-    iniset $NOVA_CONF DEFAULT my_ip "$HOST_IP"
+    if [[ $SERVICE_IP_VERSION == 6 ]]; then
+        iniset $NOVA_CONF DEFAULT my_ip "$HOST_IPV6"
+        iniset $NOVA_CONF DEFAULT use_ipv6 "True"
+    else
+        iniset $NOVA_CONF DEFAULT my_ip "$HOST_IP"
+    fi
     iniset $NOVA_CONF database connection `database_connection_url nova`
     iniset $NOVA_CONF api_database connection `database_connection_url nova_api`
     iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x"
     iniset $NOVA_CONF osapi_v3 enabled "True"
+    iniset $NOVA_CONF DEFAULT osapi_compute_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
+    iniset $NOVA_CONF DEFAULT ec2_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
+    iniset $NOVA_CONF DEFAULT metadata_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
+    iniset $NOVA_CONF DEFAULT s3_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
 
     if is_fedora || is_suse; then
         # nova defaults to /usr/local/bin, but fedora and suse pip like to
@@ -560,11 +571,13 @@ function create_nova_conf {
     if is_service_enabled n-novnc || is_service_enabled n-xvnc || [ "$NOVA_VNC_ENABLED" != False ]; then
         # Address on which instance vncservers will listen on compute hosts.
         # For multi-host, this should be the management ip of the compute host.
-        VNCSERVER_LISTEN=${VNCSERVER_LISTEN=127.0.0.1}
-        VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=127.0.0.1}
+        VNCSERVER_LISTEN=${VNCSERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST}
+        VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST}
         iniset $NOVA_CONF DEFAULT vnc_enabled true
         iniset $NOVA_CONF DEFAULT vncserver_listen "$VNCSERVER_LISTEN"
         iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
+        iniset $NOVA_CONF DEFAULT novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
+        iniset $NOVA_CONF DEFAULT xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
     else
         iniset $NOVA_CONF DEFAULT vnc_enabled false
     fi
@@ -572,11 +585,12 @@ function create_nova_conf {
     if is_service_enabled n-spice; then
         # Address on which instance spiceservers will listen on compute hosts.
         # For multi-host, this should be the management ip of the compute host.
-        SPICESERVER_PROXYCLIENT_ADDRESS=${SPICESERVER_PROXYCLIENT_ADDRESS=127.0.0.1}
-        SPICESERVER_LISTEN=${SPICESERVER_LISTEN=127.0.0.1}
+        SPICESERVER_PROXYCLIENT_ADDRESS=${SPICESERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST}
+        SPICESERVER_LISTEN=${SPICESERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST}
         iniset $NOVA_CONF spice enabled true
         iniset $NOVA_CONF spice server_listen "$SPICESERVER_LISTEN"
         iniset $NOVA_CONF spice server_proxyclient_address "$SPICESERVER_PROXYCLIENT_ADDRESS"
+        iniset $NOVA_CONF spice html5proxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
     else
         iniset $NOVA_CONF spice enabled false
     fi
@@ -616,6 +630,7 @@ function create_nova_conf {
     fi
 
     if is_service_enabled n-sproxy; then
+        iniset $NOVA_CONF serial_console serialproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
         iniset $NOVA_CONF serial_console enabled True
     fi
 }
diff --git a/lib/swift b/lib/swift
index 5b73981ed2..a8c02b3eb2 100644
--- a/lib/swift
+++ b/lib/swift
@@ -45,6 +45,7 @@ SWIFT3_DIR=$DEST/swift3
 
 SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}
+SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
 
 # TODO: add logging to different location.
 
@@ -668,9 +669,9 @@ function init_swift {
         swift-ring-builder account.builder create ${SWIFT_PARTITION_POWER_SIZE} ${SWIFT_REPLICAS} 1
 
         for node_number in ${SWIFT_REPLICAS_SEQ}; do
-            swift-ring-builder object.builder add z${node_number}-127.0.0.1:$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
-            swift-ring-builder container.builder add z${node_number}-127.0.0.1:$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
-            swift-ring-builder account.builder add z${node_number}-127.0.0.1:$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
+            swift-ring-builder object.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
+            swift-ring-builder container.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
+            swift-ring-builder account.builder add z${node_number}-${SWIFT_SERVICE_LOCAL_HOST}:$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))/sdb1 1
         done
         swift-ring-builder object.builder rebalance
         swift-ring-builder container.builder rebalance
diff --git a/samples/local.conf b/samples/local.conf
index bd0cd9c0db..ce7007391d 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -32,14 +32,15 @@ MYSQL_PASSWORD=stackdb
 RABBIT_PASSWORD=stackqueue
 SERVICE_PASSWORD=$ADMIN_PASSWORD
 
-# ``HOST_IP`` should be set manually for best results if the NIC configuration
-# of the host is unusual, i.e. ``eth1`` has the default route but ``eth0`` is the
-# public interface.  It is auto-detected in ``stack.sh`` but often is indeterminate
-# on later runs due to the IP moving from an Ethernet interface to a bridge on
-# the host. Setting it here also makes it available for ``openrc`` to include
-# when setting ``OS_AUTH_URL``.
-# ``HOST_IP`` is not set by default.
+# ``HOST_IP`` and ``HOST_IPV6`` should be set manually for best results if
+# the NIC configuration of the host is unusual, i.e. ``eth1`` has the default
+# route but ``eth0`` is the public interface.  They are auto-detected in
+# ``stack.sh`` but often is indeterminate on later runs due to the IP moving
+# from an Ethernet interface to a bridge on the host. Setting it here also
+# makes it available for ``openrc`` to include when setting ``OS_AUTH_URL``.
+# Neither is set by default.
 #HOST_IP=w.x.y.z
+#HOST_IPV6=2001:db8::7
 
 
 # Logging
diff --git a/stack.sh b/stack.sh
index 17cbe75802..4b53df379b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1403,7 +1403,10 @@ fi
 echo ""
 echo ""
 echo ""
-echo "This is your host ip: $HOST_IP"
+echo "This is your host IP address: $HOST_IP"
+if [ "$HOST_IPV6" != "" ]; then
+    echo "This is your host IPv6 address: $HOST_IPV6"
+fi
 
 # If you installed Horizon on this server you should be able
 # to access the site using your browser.
diff --git a/stackrc b/stackrc
index 9fb334a69a..5cacb1858f 100644
--- a/stackrc
+++ b/stackrc
@@ -669,14 +669,54 @@ FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}
 FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256}
 HOST_IP_IFACE=${HOST_IP_IFACE:-}
 HOST_IP=${HOST_IP:-}
+HOST_IPV6=${HOST_IPV6:-}
 
-HOST_IP=$(get_default_host_ip $FIXED_RANGE $FLOATING_RANGE "$HOST_IP_IFACE" "$HOST_IP")
+HOST_IP=$(get_default_host_ip "$FIXED_RANGE" "$FLOATING_RANGE" "$HOST_IP_IFACE" "$HOST_IP" "inet")
 if [ "$HOST_IP" == "" ]; then
     die $LINENO "Could not determine host ip address.  See local.conf for suggestions on setting HOST_IP."
 fi
 
-# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for service endpoints.
-SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
+HOST_IPV6=$(get_default_host_ip "" "" "$HOST_IP_IFACE" "$HOST_IPV6" "inet6")
+
+# SERVICE IP version
+# This is the IP version that services should be listening on, as well
+# as using to register their endpoints with keystone.
+SERVICE_IP_VERSION=${SERVICE_IP_VERSION:-4}
+
+# Validate SERVICE_IP_VERSION
+# It would be nice to support "4+6" here as well, but that will require
+# multiple calls into keystone to register endpoints, so for now let's
+# just support one or the other.
+if [[ $SERVICE_IP_VERSION != "4" ]] && [[ $SERVICE_IP_VERSION != "6" ]]; then
+    die $LINENO "SERVICE_IP_VERSION must be either 4 or 6"
+fi
+
+if [[ "$SERVICE_IP_VERSION" == 4 ]]; then
+    DEF_SERVICE_HOST=$HOST_IP
+    DEF_SERVICE_LOCAL_HOST=127.0.0.1
+    DEF_SERVICE_LISTEN_ADDRESS=0.0.0.0
+fi
+
+if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
+    if [ "$HOST_IPV6" == "" ]; then
+        die $LINENO "Could not determine host IPv6 address.  See local.conf for suggestions on setting HOST_IPV6."
+    fi
+
+    DEF_SERVICE_HOST=[$HOST_IPV6]
+    DEF_SERVICE_LOCAL_HOST=::1
+    DEF_SERVICE_LISTEN_ADDRESS=::
+fi
+
+# This is either 0.0.0.0 for IPv4 or :: for IPv6
+SERVICE_LISTEN_ADDRESS=${SERVICE_LISTEN_ADDRESS:-${DEF_SERVICE_LISTEN_ADDRESS}}
+
+# Allow the use of an alternate hostname (such as localhost/127.0.0.1) for
+# service endpoints.  Default is dependent on SERVICE_IP_VERSION above.
+SERVICE_HOST=${SERVICE_HOST:-${DEF_SERVICE_HOST}}
+# This is either 127.0.0.1 for IPv4 or ::1 for IPv6
+SERVICE_LOCAL_HOST=${SERVICE_LOCAL_HOST:-${DEF_SERVICE_LOCAL_HOST}}
+
+REGION_NAME=${REGION_NAME:-RegionOne}
 
 # Configure services to use syslog instead of writing to individual log files
 SYSLOG=$(trueorfalse False SYSLOG)

From 5d04db20ec5a89c6f04df7c798efa41a4259d22e Mon Sep 17 00:00:00 2001
From: Brian Haley 
Date: Tue, 16 Jun 2015 13:14:31 -0400
Subject: [PATCH 0789/3421] Add IPv6 support to openrc files

Assumes devstack was configured with SERVICE_IP_VERSION in
local.conf

SERVICE_IP_VERSION is stored in .stackenv and checked in
openrc. If SERVICE_IP_VERSION is set to 6, openrc will use
IPv6.

NOTE: At first, I added a '-6' option to the openrc call
which would set the HOSTS accordingly. I then simplified
the code by saving SERVICE_IP_VERSION to the .stackenv file
which is sourced by openrc. After that, I simplified the
code even more by removing an extra, unnecessary, variable.

Change-Id: I5d46d5438d3e56fea788720ca17f0010caef3df1
---
 functions-common |  2 +-
 openrc           | 24 ++++++++++++++++--------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/functions-common b/functions-common
index 39c1bfc4d7..fc17d42422 100644
--- a/functions-common
+++ b/functions-common
@@ -47,7 +47,7 @@ TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
     KEYSTONE_AUTH_PROTOCOL KEYSTONE_AUTH_URI KEYSTONE_SERVICE_URI \
     LOGFILE OS_CACERT SERVICE_HOST SERVICE_PROTOCOL STACK_USER TLS_IP \
-    HOST_IPV6"
+    HOST_IPV6 SERVICE_IP_VERSION"
 
 
 # Saves significant environment variables to .stackenv for later use
diff --git a/openrc b/openrc
index 64faa58a3a..71ba5a6ea5 100644
--- a/openrc
+++ b/openrc
@@ -56,18 +56,26 @@ export OS_NO_CACHE=${OS_NO_CACHE:-1}
 # Region
 export OS_REGION_NAME=${REGION_NAME:-RegionOne}
 
-# Set api HOST_IP endpoint.  SERVICE_HOST may also be used to specify the endpoint,
-# which is convenient for some localrc configurations.
-HOST_IP=${HOST_IP:-127.0.0.1}
-SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
+# Set the host API endpoint. This will default to HOST_IP if SERVICE_IP_VERSION
+# is 4, else HOST_IPV6 if it's 6. SERVICE_HOST may also be used to specify the
+# endpoint, which is convenient for some localrc configurations. Additionally,
+# some exercises call Glance directly. On a single-node installation, Glance
+# should be listening on a local IP address, depending on the setting of
+# SERVICE_IP_VERSION. If its running elsewhere, it can be set here.
+if [[ $SERVICE_IP_VERSION == 6 ]]; then
+    HOST_IPV6=${HOST_IPV6:-::1}
+    SERVICE_HOST=${SERVICE_HOST:-[$HOST_IPV6]}
+    GLANCE_HOST=${GLANCE_HOST:-[$HOST_IPV6]}
+else
+    HOST_IP=${HOST_IP:-127.0.0.1}
+    SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
+    GLANCE_HOST=${GLANCE_HOST:-$HOST_IP}
+fi
+
 SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
 KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
 KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
 
-# Some exercises call glance directly.  On a single-node installation, Glance
-# should be listening on HOST_IP.  If its running elsewhere, it can be set here
-GLANCE_HOST=${GLANCE_HOST:-$HOST_IP}
-
 # Identity API version
 export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
 

From aedb8b97f60e7ff5bf5d0bafc192cc6e3e289cbe Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Thu, 2 Jul 2015 17:39:07 +1000
Subject: [PATCH 0790/3421] Search for service by type

When you get or create service it first checks to see if an existing
service matching these parameters exists. The definition of existing is
having a service with the same name, however name is not a unique field.
Sahara for example creates two services, one with data-processing, one
with data_processing with the same sahara name.

Search for existing services by service type, not by service name.

Change-Id: I6148e2254aa3968039b0e7c178e7cabc53b6be68
---
 functions-common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index 483b1fa696..d6be1ecc1e 100644
--- a/functions-common
+++ b/functions-common
@@ -806,7 +806,7 @@ function get_or_create_service {
     # Gets service id
     local service_id=$(
         # Gets service id
-        openstack service show $1 -f value -c id 2>/dev/null ||
+        openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
             $2 \

From e62c906baf9f94be1cd4d3a66c3e5b7b6324bed8 Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Wed, 24 Jun 2015 16:25:16 -0400
Subject: [PATCH 0791/3421] Added processing /compute URL

With config option NOVA_USE_MOD_WSGI=True nova-api handles
requests on /compute URL.

Depends on I83bc4731507fa028377ae6701ed4d32adefa9251

Change-Id: Ic84b5c0dc0726662470ef9c076a0cadca55a3917
---
 files/apache-nova-api.template |  9 +++++++++
 lib/nova                       | 18 ++++++++++++------
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/files/apache-nova-api.template b/files/apache-nova-api.template
index 301a3bdbdd..49081528ff 100644
--- a/files/apache-nova-api.template
+++ b/files/apache-nova-api.template
@@ -14,3 +14,12 @@ Listen %PUBLICPORT%
     %SSLCERTFILE%
     %SSLKEYFILE%
 
+
+Alias /compute %PUBLICWSGI%
+
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup nova-api
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+
diff --git a/lib/nova b/lib/nova
index 88b336a1be..41248b10ed 100644
--- a/lib/nova
+++ b/lib/nova
@@ -405,19 +405,25 @@ function create_nova_accounts {
 
             local nova_service=$(get_or_create_service "nova" \
                 "compute" "Nova Compute Service")
+            local nova_api_url
+            if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
+                nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
+            else
+                nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
+            fi
             get_or_create_endpoint $nova_service \
                 "$REGION_NAME" \
-                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
-                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
-                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
+                "$nova_api_url/v2/\$(tenant_id)s" \
+                "$nova_api_url/v2/\$(tenant_id)s" \
+                "$nova_api_url/v2/\$(tenant_id)s"
 
             local nova_v21_service=$(get_or_create_service "novav21" \
                 "computev21" "Nova Compute Service V2.1")
             get_or_create_endpoint $nova_v21_service \
                 "$REGION_NAME" \
-                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/\$(tenant_id)s" \
-                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/\$(tenant_id)s" \
-                "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2.1/\$(tenant_id)s"
+                "$nova_api_url/v2.1/\$(tenant_id)s" \
+                "$nova_api_url/v2.1/\$(tenant_id)s" \
+                "$nova_api_url/v2.1/\$(tenant_id)s"
         fi
     fi
 

From 7c838616c98212c808d12c3789cc17ec76cbd878 Mon Sep 17 00:00:00 2001
From: Robert Collins 
Date: Fri, 3 Jul 2015 13:28:09 +1200
Subject: [PATCH 0792/3421] Fix library runs.

Libraries were resulting in two edit-constraints runs:
 - one for the library, which adds a non-editable file path
 - then one for the editable servers, but that fails becuse
   pkg-resources couldn't parse the prior entry.

This is fixed in two parts: the dependent patch which supports parsing
file urls that have egg names, and this patch which changes from a
file path to a file url with an egg name.

Change-Id: I0f07858e96ea3baf46f8a453e253b9ed29c7f7e2
---
 inc/python | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/inc/python b/inc/python
index ca185f05d2..bba9cda44d 100644
--- a/inc/python
+++ b/inc/python
@@ -238,7 +238,9 @@ function setup_package_with_req_sync {
     if [ -n "$REQUIREMENTS_DIR" ]; then
         # Constrain this package to this project directory from here on out.
         local name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
-        $REQUIREMENTS_DIR/.venv/bin/edit-constraints $REQUIREMENTS_DIR/upper-constraints.txt -- $name "$flags $project_dir"
+        $REQUIREMENTS_DIR/.venv/bin/edit-constraints \
+            $REQUIREMENTS_DIR/upper-constraints.txt -- $name \
+            "$flags file://$project_dir#egg=$name"
     fi
 
     setup_package $project_dir $flags

From 4f91f93557d088b315e1687db9fa462888a06312 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Sat, 4 Jul 2015 20:45:24 +0900
Subject: [PATCH 0793/3421] Remove duplication in ml2 and openvswitch_agent

Configuration of local_ip is duplication in ml2 because there is
the configuration in both ml2 and openvswitch_agent.
It also should be set in each driver using openvswitch.

Change-Id: Ib0b874aed8db883d778426ed1ae01679fc0cc075
---
 lib/neutron_plugins/ml2 | 5 -----
 1 file changed, 5 deletions(-)
 mode change 100644 => 100755 lib/neutron_plugins/ml2

diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
old mode 100644
new mode 100755
index 2733f1f513..13ffee9b5b
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -107,11 +107,6 @@ function neutron_plugin_configure_service {
         iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
     fi
 
-    if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then
-        # Set local_ip if TENANT_TUNNELS are enabled.
-        iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
-    fi
-
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS
 
     populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 type_drivers=$Q_ML2_PLUGIN_TYPE_DRIVERS

From d48d672a8d36a70b10456496159fecf7551e89f8 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Sat, 4 Jul 2015 22:58:44 +0900
Subject: [PATCH 0794/3421] Add tunnel_bridge configuration for openvswitch
 agent

Change-Id: I0235aa05cf86b3ed9d9620dda3f16b69ced077e3
---
 lib/neutron_plugins/openvswitch_agent | 1 +
 lib/neutron_plugins/ovs_base          | 1 +
 2 files changed, 2 insertions(+)
 mode change 100644 => 100755 lib/neutron_plugins/openvswitch_agent
 mode change 100644 => 100755 lib/neutron_plugins/ovs_base

diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
old mode 100644
new mode 100755
index 2a05e2dcfa..1ff3a40c82
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -50,6 +50,7 @@ function neutron_plugin_configure_plugin_agent {
             die $LINENO "You are running OVS version $OVS_VERSION. OVS 1.4+ is required for tunneling between multiple hosts."
         fi
         iniset /$Q_PLUGIN_CONF_FILE ovs local_ip $TUNNEL_ENDPOINT_IP
+        iniset /$Q_PLUGIN_CONF_FILE ovs tunnel_bridge $OVS_TUNNEL_BRIDGE
     fi
 
     # Setup physical network bridge mappings.  Override
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
old mode 100644
new mode 100755
index 4e750f0932..ad09a739c6
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -9,6 +9,7 @@ set +o xtrace
 
 OVS_BRIDGE=${OVS_BRIDGE:-br-int}
 OVS_DATAPATH_TYPE=${OVS_DATAPATH_TYPE:-""}
+OVS_TUNNEL_BRIDGE=${OVS_TUNNEL_BRIDGE:-br-tun}
 
 function is_neutron_ovs_base_plugin {
     # Yes, we use OVS.

From 7ab3e39bc485acc2b54d7496a77c2e43eda4e799 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Sat, 4 Jul 2015 23:11:52 +0900
Subject: [PATCH 0795/3421] Add cleanup for br-tun with OVS

Change-Id: I5c4d28844f40eaad622ef7590c54e0e6647c85e3
Closes-Bug: #1471390
---
 lib/neutron_plugins/ovs_base | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index ad09a739c6..f1f7f8597b 100755
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -41,7 +41,7 @@ function neutron_ovs_base_cleanup {
     done
 
     # remove all OVS bridges created by Neutron
-    for bridge in $(sudo ovs-vsctl list-br | grep -o -e ${OVS_BRIDGE} -e ${PUBLIC_BRIDGE}); do
+    for bridge in $(sudo ovs-vsctl list-br | grep -o -e ${OVS_BRIDGE} -e ${PUBLIC_BRIDGE} -e ${OVS_TUNNEL_BRIDGE}); do
         sudo ovs-vsctl del-br ${bridge}
     done
 }

From 21a9077d7cf32ee1c387171b943125e938eaa1b2 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 3 Jul 2015 11:54:38 +1000
Subject: [PATCH 0796/3421] Allow installing keystoneauth from git

Keystoneauth is not marked as stable yet however to ensure that the
integration between it, keystoneclient and other services don't break
compatibility we want to test it with tempest.

Unfortunately you can't put -e links in requirements.txt files so add
it to devstack so we can set the test environment. This will also make
it available when keystoneauth is released.

Change-Id: I43ca1df9c6ae2f0ac1a687c9ce1e2ccb97e81652
---
 lib/keystone                 | 9 +++++++++
 stack.sh                     | 1 +
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 1 +
 4 files changed, 15 insertions(+)

diff --git a/lib/keystone b/lib/keystone
index c33d466c6c..baa4f8c22c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -35,6 +35,7 @@ set +o xtrace
 # --------
 
 # Set up default directories
+GITDIR["keystoneauth"]=$DEST/keystoneauth
 GITDIR["python-keystoneclient"]=$DEST/python-keystoneclient
 GITDIR["keystonemiddleware"]=$DEST/keystonemiddleware
 KEYSTONE_DIR=$DEST/keystone
@@ -483,6 +484,14 @@ function init_keystone {
     fi
 }
 
+# install_keystoneauth() - Collect source and prepare
+function install_keystoneauth {
+    if use_library_from_git "keystoneauth"; then
+        git_clone_by_name "keystoneauth"
+        setup_dev_lib "keystoneauth"
+    fi
+}
+
 # install_keystoneclient() - Collect source and prepare
 function install_keystoneclient {
     if use_library_from_git "python-keystoneclient"; then
diff --git a/stack.sh b/stack.sh
index 17cbe75802..1610651fa7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -741,6 +741,7 @@ echo_summary "Installing OpenStack project source"
 install_oslo
 
 # Install client libraries
+install_keystoneauth
 install_keystoneclient
 install_glanceclient
 install_cinderclient
diff --git a/stackrc b/stackrc
index 342f9bf987..eb0c330ed3 100644
--- a/stackrc
+++ b/stackrc
@@ -280,6 +280,10 @@ GITBRANCH["python-heatclient"]=${HEATCLIENT_BRANCH:-master}
 GITREPO["python-ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git}
 GITBRANCH["python-ironicclient"]=${IRONICCLIENT_BRANCH:-master}
 
+# the base authentication plugins that clients use to authenticate
+GITREPO["keystoneauth"]=${KEYSTONEAUTH_REPO:-${GIT_BASE}/openstack/keystoneauth.git}
+GITBRANCH["keystoneauth"]=${KEYSTONEAUTH_BRANCH:-master}
+
 # python keystone client library to nova that horizon uses
 GITREPO["python-keystoneclient"]=${KEYSTONECLIENT_REPO:-${GIT_BASE}/openstack/python-keystoneclient.git}
 GITBRANCH["python-keystoneclient"]=${KEYSTONECLIENT_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 8dc3ba3c6e..d10cd0ee62 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -41,6 +41,7 @@ ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
 ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
 ALL_LIBS+=" oslo.cache oslo.reports"
+ALL_LIBS+=" keystoneauth"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 1848b837e672fd6b7e091637e7cefa1ce0052958 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Sat, 27 Jun 2015 15:05:17 +0100
Subject: [PATCH 0797/3421] Move ceilometermiddleware installation to lib/swift

lib/swift is where it is used so this makes the relationship more
clear and direct.

Change-Id: Ie6fc09e27a39295c92f0790856446edb7dedb995
---
 lib/ceilometer | 10 ----------
 lib/swift      | 15 +++++++++++++++
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index ed9b93377e..163ed0b0ab 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -360,16 +360,6 @@ function install_ceilometerclient {
     fi
 }
 
-# install_ceilometermiddleware() - Collect source and prepare
-function install_ceilometermiddleware {
-    if use_library_from_git "ceilometermiddleware"; then
-        git_clone_by_name "ceilometermiddleware"
-        setup_dev_lib "ceilometermiddleware"
-    else
-        pip_install_gr ceilometermiddleware
-    fi
-}
-
 # start_ceilometer() - Start running processes, including screen
 function start_ceilometer {
     run_process ceilometer-acentral "$CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF"
diff --git a/lib/swift b/lib/swift
index 5b73981ed2..3207fac165 100644
--- a/lib/swift
+++ b/lib/swift
@@ -697,6 +697,21 @@ function install_swiftclient {
     fi
 }
 
+# install_ceilometermiddleware() - Collect source and prepare
+#   note that this doesn't really have anything to do with ceilometer;
+#   though ceilometermiddleware has ceilometer in its name as an
+#   artifact of history, it is not a ceilometer specific tool. It
+#   simply generates pycadf-based notifications about requests and
+#   responses on the swift proxy
+function install_ceilometermiddleware {
+    if use_library_from_git "ceilometermiddleware"; then
+        git_clone_by_name "ceilometermiddleware"
+        setup_dev_lib "ceilometermiddleware"
+    else
+        pip_install_gr ceilometermiddleware
+    fi
+}
+
 # start_swift() - Start running processes, including screen
 function start_swift {
     # (re)start memcached to make sure we have a clean memcache.

From 9ef663a70fb02d4829b4c5a50f7fe6ef3ec6a8b4 Mon Sep 17 00:00:00 2001
From: Eric Harney 
Date: Tue, 7 Jul 2015 09:34:33 -0400
Subject: [PATCH 0798/3421] Don't uninstall ceph packages at cleanup

We stop the services, which should be sufficient.
Uninstalling the packages means that doing repeated
runs with devstack takes longer than necessary.

Change-Id: I5626e42ce83710690a3523439bb2c9c9af560cd9
---
 lib/ceph | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/ceph b/lib/ceph
index 16dcda2f9e..04e05e7b01 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -158,7 +158,6 @@ function cleanup_ceph_embedded {
 
 function cleanup_ceph_general {
     undefine_virsh_secret
-    uninstall_package ceph ceph-common python-ceph libcephfs1 > /dev/null 2>&1
 }
 
 

From 11298a01f74c7952b924d001c548d9721eebf591 Mon Sep 17 00:00:00 2001
From: Adam Kacmarsky 
Date: Fri, 26 Jun 2015 14:49:47 -0600
Subject: [PATCH 0799/3421] Add IPv6 support for _move_neutron_addresses_route

Added functionallity to allow IPv6 addresses to be moved to the
OVS_PHYSICAL_BRIDGE from PUBLIC_INTERFACE automatically using
_move_neutron_addresses_route. Only PUBLIC_INTERFACE and
OVS_PHYSICAL_BRIDGE need to be set in localrc.

HOST_IP must be set in localrc. HOST_IPV6 must be set in localrc if a
global IPv6 address is configured on PUBLIC_INTERFACE.

Change-Id: I8d2c055702e1c7cf08499a77f6843393762fd4c1
---
 lib/neutron-legacy | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index cb1d1ef2ad..ee98015708 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -788,6 +788,7 @@ function _move_neutron_addresses_route {
     local from_intf=$1
     local to_intf=$2
     local add_ovs_port=$3
+    local af=$4
 
     if [[ -n "$from_intf" && -n "$to_intf" ]]; then
         # Remove the primary IP address from $from_intf and add it to $to_intf,
@@ -795,10 +796,18 @@ function _move_neutron_addresses_route {
         # on configure we will also add $from_intf as a port on $to_intf,
         # assuming it is an OVS bridge.
 
-        local IP_BRD=$(ip -4 a s dev $from_intf | awk '/inet/ { print $2, $3, $4; exit }')
+        local IP_BRD=$(ip -f $af a s dev $from_intf | awk '/inet/ { print $2, $3, $4; exit }')
         local DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
         local ADD_OVS_PORT=""
 
+        if [[ $af == "inet" ]]; then
+            IP_BRD=$(ip -f $af a s dev $from_intf | grep $HOST_IP | awk '{ print $2, $3, $4; exit }')
+        fi
+
+        if [[ $af == "inet6" ]]; then
+            IP_BRD=$(ip -f $af a s dev $from_intf | grep $HOST_IPV6 | awk '{ print $2, $3, $4; exit }')
+        fi
+
         if [ "$DEFAULT_ROUTE_GW" != "" ]; then
             ADD_DEFAULT_ROUTE="sudo ip r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
         fi
@@ -815,7 +824,13 @@ function _move_neutron_addresses_route {
 # runs that a clean run would need to clean up
 function cleanup_neutron {
 
-    _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False
+    if [[ $(ip -f inet a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
+        _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
+    fi
+
+    if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
+        _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet6"
+    fi
 
     if is_provider_network && is_ironic_hardware; then
         for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
@@ -997,8 +1012,12 @@ function _configure_neutron_l3_agent {
 
     neutron_plugin_configure_l3_agent
 
-    if [[ $(ip -4 a s dev "$PUBLIC_INTERFACE" | grep -c 'inet') != 0 ]]; then
-        _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True
+    if [[ $(ip -f inet a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
+        _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True "inet"
+    fi
+
+    if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
+        _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False "inet6"
     fi
 }
 

From b17ad7560d7d67e3464b489e124c540e025b9299 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 29 May 2015 06:04:47 +0000
Subject: [PATCH 0800/3421] Use identity V3 API for endpoint creation

Always use the keystone V3 API when creating services and endpoints. The syntax
here is slightly different but we maintain the function interface.

Change-Id: Ib3a375918a45fd6e37d873a1a5c0c4b26bdbb5d8
Implements: bp keystonev3
---
 functions-common   | 59 ++++++++++++++++++++++++++++++++++------------
 lib/ceilometer     |  5 ++--
 lib/cinder         | 10 ++++----
 lib/glance         | 10 ++++----
 lib/heat           | 10 ++++----
 lib/ironic         |  5 ++--
 lib/keystone       |  5 ++--
 lib/neutron-legacy |  5 ++--
 lib/nova           | 21 +++++++----------
 lib/swift          |  5 ++--
 lib/tempest        |  4 ++--
 lib/zaqar          |  5 ++--
 12 files changed, 79 insertions(+), 65 deletions(-)

diff --git a/functions-common b/functions-common
index d6be1ecc1e..9023e85fad 100644
--- a/functions-common
+++ b/functions-common
@@ -809,6 +809,8 @@ function get_or_create_service {
         openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
+            --os-url $KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             $2 \
             --name $1 \
             --description="$3" \
@@ -817,29 +819,56 @@ function get_or_create_service {
     echo $service_id
 }
 
-# Gets or creates endpoint
-# Usage: get_or_create_endpoint     
-function get_or_create_endpoint {
-    # Gets endpoint id
+# Create an endpoint with a specific interface
+# Usage: _get_or_create_endpoint_with_interface    
+function _get_or_create_endpoint_with_interface {
     local endpoint_id=$(openstack endpoint list \
-        --column "ID" \
-        --column "Region" \
-        --column "Service Name" \
-        | grep " $2 " \
-        | grep " $1 " | get_field 1)
+        --os-url $KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
+        --service $1 \
+        --interface $2 \
+        --region $4 \
+        -c ID -f value)
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \
-            $1 \
-            --region $2 \
-            --publicurl $3 \
-            --adminurl $4 \
-            --internalurl $5 \
-            | grep " id " | get_field 2)
+            --os-url $KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            $1 $2 $3 --region $4 -f value -c id)
     fi
+
     echo $endpoint_id
 }
 
+# Gets or creates endpoint
+# Usage: get_or_create_endpoint     
+function get_or_create_endpoint {
+    # NOTE(jamielennnox): when converting to v3 endpoint creation we go from
+    # creating one endpoint with multiple urls to multiple endpoints each with
+    # a different interface.  To maintain the existing function interface we
+    # create 3 endpoints and return the id of the public one. In reality
+    # returning the public id will not make a lot of difference as there are no
+    # scenarios currently that use the returned id. Ideally this behaviour
+    # should be pushed out to the service setups and let them create the
+    # endpoints they need.
+    local public_id=$(_get_or_create_endpoint_with_interface $1 public $3 $2)
+    _get_or_create_endpoint_with_interface $1 admin $4 $2
+    _get_or_create_endpoint_with_interface $1 internal $5 $2
+
+    # return the public id to indicate success, and this is the endpoint most likely wanted
+    echo $public_id
+}
+
+# Get a URL from the identity service
+# Usage: get_endpoint_url  
+function get_endpoint_url {
+    echo $(openstack endpoint list \
+            --service $1 --interface $2 \
+            --os-url $KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            -c URL -f value)
+}
+
 
 # Package Functions
 # =================
diff --git a/lib/ceilometer b/lib/ceilometer
index 163ed0b0ab..7905384623 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -130,9 +130,8 @@ function create_ceilometer_accounts {
         create_service_user "ceilometer" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            local ceilometer_service=$(get_or_create_service "ceilometer" \
-                "metering" "OpenStack Telemetry Service")
-            get_or_create_endpoint $ceilometer_service \
+            get_or_create_service "ceilometer" "metering" "OpenStack Telemetry Service"
+            get_or_create_endpoint "metering" \
                 "$REGION_NAME" \
                 "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
                 "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
diff --git a/lib/cinder b/lib/cinder
index 81174474e4..e51cd8ba1b 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -327,16 +327,14 @@ function create_cinder_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            local cinder_service=$(get_or_create_service "cinder" \
-                "volume" "Cinder Volume Service")
-            get_or_create_endpoint $cinder_service "$REGION_NAME" \
+            get_or_create_service "cinder" "volume" "Cinder Volume Service"
+            get_or_create_endpoint "volume" "$REGION_NAME" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
 
-            local cinder_v2_service=$(get_or_create_service "cinderv2" \
-                "volumev2" "Cinder Volume Service V2")
-            get_or_create_endpoint $cinder_v2_service "$REGION_NAME" \
+            get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
+            get_or_create_endpoint "volumev2" "$REGION_NAME" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
diff --git a/lib/glance b/lib/glance
index 4dbce9f521..be6ccf9a37 100644
--- a/lib/glance
+++ b/lib/glance
@@ -266,9 +266,8 @@ function create_glance_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            local glance_service=$(get_or_create_service "glance" \
-                "image" "Glance Image Service")
-            get_or_create_endpoint $glance_service \
+            get_or_create_service "glance" "image" "Glance Image Service"
+            get_or_create_endpoint "image" \
                 "$REGION_NAME" \
                 "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
                 "$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" \
@@ -279,10 +278,9 @@ function create_glance_accounts {
     # Add glance-search service and endpoints
     if is_service_enabled g-search; then
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            local glance_search_service=$(get_or_create_service "glance-search" \
-                "search" "EXPERIMENTAL - Glance Graffiti Search Service")
+            get_or_create_service "glance-search" "search" "EXPERIMENTAL - Glance Graffiti Search Service"
 
-            get_or_create_endpoint $glance_search_service \
+            get_or_create_endpoint "search" \
                 "$REGION_NAME" \
                 "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
                 "$GLANCE_SERVICE_PROTOCOL://$GLANCE_SEARCH_HOSTPORT" \
diff --git a/lib/heat b/lib/heat
index 5cb0dbf6d9..cedddd2d26 100644
--- a/lib/heat
+++ b/lib/heat
@@ -250,17 +250,15 @@ function create_heat_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            local heat_service=$(get_or_create_service "heat" \
-                    "orchestration" "Heat Orchestration Service")
-            get_or_create_endpoint $heat_service \
+            get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
+            get_or_create_endpoint "orchestration" \
                 "$REGION_NAME" \
                 "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
                 "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
                 "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
 
-            local heat_cfn_service=$(get_or_create_service "heat-cfn" \
-                    "cloudformation" "Heat CloudFormation Service")
-            get_or_create_endpoint $heat_cfn_service \
+            get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
+            get_or_create_endpoint "cloudformation"  \
                 "$REGION_NAME" \
                 "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
                 "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
diff --git a/lib/ironic b/lib/ironic
index cff20c9bbc..2d197dc655 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -411,9 +411,8 @@ function create_ironic_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            local ironic_service=$(get_or_create_service "ironic" \
-                "baremetal" "Ironic baremetal provisioning service")
-            get_or_create_endpoint $ironic_service \
+            get_or_create_service "ironic" "baremetal" "Ironic baremetal provisioning service"
+            get_or_create_endpoint "baremetal" \
                 "$REGION_NAME" \
                 "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
                 "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
diff --git a/lib/keystone b/lib/keystone
index c33d466c6c..428e615444 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -406,9 +406,8 @@ function create_keystone_accounts {
     # Keystone
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-        KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
-            "identity" "Keystone Identity Service")
-        get_or_create_endpoint $KEYSTONE_SERVICE \
+        get_or_create_service "keystone" "identity" "Keystone Identity Service"
+        get_or_create_endpoint "identity" \
             "$REGION_NAME" \
             "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
             "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index acc2851131..af7c6a1a47 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -517,9 +517,8 @@ function create_neutron_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            local neutron_service=$(get_or_create_service "neutron" \
-                "network" "Neutron Service")
-            get_or_create_endpoint $neutron_service \
+            get_or_create_service "neutron" "network" "Neutron Service"
+            get_or_create_endpoint "network" \
                 "$REGION_NAME" \
                 "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
                 "$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/" \
diff --git a/lib/nova b/lib/nova
index 41248b10ed..0d8f975fa7 100644
--- a/lib/nova
+++ b/lib/nova
@@ -402,24 +402,22 @@ function create_nova_accounts {
         create_service_user "nova" "admin"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-            local nova_service=$(get_or_create_service "nova" \
-                "compute" "Nova Compute Service")
             local nova_api_url
             if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
                 nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT"
             else
                 nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
             fi
-            get_or_create_endpoint $nova_service \
+
+            get_or_create_service "nova" "compute" "Nova Compute Service"
+            get_or_create_endpoint "compute" \
                 "$REGION_NAME" \
                 "$nova_api_url/v2/\$(tenant_id)s" \
                 "$nova_api_url/v2/\$(tenant_id)s" \
                 "$nova_api_url/v2/\$(tenant_id)s"
 
-            local nova_v21_service=$(get_or_create_service "novav21" \
-                "computev21" "Nova Compute Service V2.1")
-            get_or_create_endpoint $nova_v21_service \
+            get_or_create_service "novav21" "computev21" "Nova Compute Service V2.1"
+            get_or_create_endpoint "computev21" \
                 "$REGION_NAME" \
                 "$nova_api_url/v2.1/\$(tenant_id)s" \
                 "$nova_api_url/v2.1/\$(tenant_id)s" \
@@ -438,9 +436,8 @@ function create_nova_accounts {
         # EC2
         if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
 
-            local ec2_service=$(get_or_create_service "ec2" \
-                "ec2" "EC2 Compatibility Layer")
-            get_or_create_endpoint $ec2_service \
+            get_or_create_service "ec2" "ec2" "EC2 Compatibility Layer"
+            get_or_create_endpoint "ec2" \
                 "$REGION_NAME" \
                 "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
                 "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
@@ -452,8 +449,8 @@ function create_nova_accounts {
     if is_service_enabled n-obj swift3; then
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            local s3_service=$(get_or_create_service "s3" "s3" "S3")
-            get_or_create_endpoint $s3_service \
+            get_or_create_service "s3" "s3" "S3"
+            get_or_create_endpoint "s3" \
                 "$REGION_NAME" \
                 "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
                 "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
diff --git a/lib/swift b/lib/swift
index 3207fac165..52101f863a 100644
--- a/lib/swift
+++ b/lib/swift
@@ -607,9 +607,8 @@ function create_swift_accounts {
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-        local swift_service=$(get_or_create_service "swift" \
-            "object-store" "Swift Service")
-        get_or_create_endpoint $swift_service \
+        get_or_create_service "swift" "object-store" "Swift Service"
+        get_or_create_endpoint "object-store" \
             "$REGION_NAME" \
             "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
             "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080" \
diff --git a/lib/tempest b/lib/tempest
index a84ade2a81..1376c87a77 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -270,11 +270,11 @@ function configure_tempest {
         fi
     fi
 
-    EC2_URL=$(openstack endpoint show -f value -c publicurl ec2 || true)
+    EC2_URL=$(get_endpoint_url ec2 public || true)
     if [[ -z $EC2_URL ]]; then
         EC2_URL="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
     fi
-    S3_URL=$(openstack endpoint show -f value -c publicurl s3 || true)
+    S3_URL=$(get_endpoint_url s3 public || true)
     if [[ -z $S3_URL ]]; then
         S3_URL="http://$SERVICE_HOST:${S3_SERVICE_PORT:-3333}"
     fi
diff --git a/lib/zaqar b/lib/zaqar
index 891b0eab04..fdab3a26a8 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -210,9 +210,8 @@ function create_zaqar_accounts {
 
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-        local zaqar_service=$(get_or_create_service "zaqar" \
-            "messaging" "Zaqar Service")
-        get_or_create_endpoint $zaqar_service \
+        get_or_create_service "zaqar" "messaging" "Zaqar Service"
+        get_or_create_endpoint "messaging" \
             "$REGION_NAME" \
             "$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT" \
             "$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT" \

From 72ce6acd22a553e4d34f0ffdc429aaaed7ed1212 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Thu, 2 Jul 2015 09:19:01 +1000
Subject: [PATCH 0801/3421] Use Keystone V3 API for role creation

Always use the V3 API for role creation.

Groups only exist in the v3 identity API and so we must specify
--os-identity-api-version in these commands.

Implements: bp keystonev3
Closes-Bug: #1470668
Change-Id: I5e01d23ebcb5a0c7de56233071a4eb9b16d3b813
---
 functions-common | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/functions-common b/functions-common
index 9023e85fad..a1a8afaecf 100644
--- a/functions-common
+++ b/functions-common
@@ -753,7 +753,10 @@ function get_or_create_project {
 function get_or_create_role {
     local role_id=$(
         # Creates role with --or-show
-        openstack role create $1 --or-show -f value -c id
+        openstack role create $1 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            --or-show -f value -c id
     )
     echo $role_id
 }
@@ -764,8 +767,10 @@ function get_or_add_user_project_role {
     # Gets user role id
     local user_role_id=$(openstack role list \
         --user $2 \
-        --project $3 \
+        --os-url=$KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
         --column "ID" \
+        --project $3 \
         --column "Name" \
         | grep " $1 " | get_field 1)
     if [[ -z "$user_role_id" ]]; then
@@ -774,6 +779,8 @@ function get_or_add_user_project_role {
             $1 \
             --user $2 \
             --project $3 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             | grep " id " | get_field 2)
     fi
     echo $user_role_id
@@ -784,18 +791,24 @@ function get_or_add_user_project_role {
 function get_or_add_group_project_role {
     # Gets group role id
     local group_role_id=$(openstack role list \
+        --os-url=$KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
         --group $2 \
         --project $3 \
-        --column "ID" \
-        --column "Name" \
-        | grep " $1 " | get_field 1)
+        -c "ID" -f value)
     if [[ -z "$group_role_id" ]]; then
-        # Adds role to group
-        group_role_id=$(openstack role add \
-            $1 \
+        # Adds role to group and get it
+        openstack role add $1 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            --group $2 \
+            --project $3
+        group_role_id=$(openstack role list \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             --group $2 \
             --project $3 \
-            | grep " id " | get_field 2)
+            -c "ID" -f value)
     fi
     echo $group_role_id
 }

From 494f7cdf35d025f73b4cce9a3bde7b433183b1d8 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 29 May 2015 08:33:03 +0000
Subject: [PATCH 0802/3421] Use openstack cli for cinder type creation

This command was commented out so assumedly there used to be a bug. Switch to
OpenStackClient as the cinder CLI doesn't handle v3 auth correctly.

Implements: bp keystonev3
Change-Id: I1acdc04cf04b7056701bdded31ef2a015de5bce3
---
 lib/cinder | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index e51cd8ba1b..eb32b719c8 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -480,13 +480,10 @@ function stop_cinder {
 function create_volume_types {
     # Create volume types
     if is_service_enabled c-api && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
-        local be be_name be_type
+        local be be_name
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
-            be_type=${be%%:*}
             be_name=${be##*:}
-            # openstack volume type create --property volume_backend_name="${be_type}" ${be_name}
-            cinder type-create ${be_name} && \
-                cinder type-key ${be_name} set volume_backend_name="${be_name}"
+            openstack volume type create --property volume_backend_name="${be_name}" ${be_name}
         done
     fi
 }

From 9d6d8f801571a1a0e6eff90cd2bfcdbac7945bcc Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Mon, 22 Jun 2015 03:37:59 +0000
Subject: [PATCH 0803/3421] Use project instead of tenant in create_userrc

The create_userrc file is littered with references to a tenant. The tenant
concept has been deprecated long enough that we should use project instead.

I have not attempted to maintain compatibility with the --os-tenant-X flags
because I have not found reference to anyone using this script outside of
devstack.

Change-Id: I613f1bdc6673f0c4bfe29aaab7b514348a617a8c
---
 tools/create_userrc.sh | 103 +++++++++++++++++++++++------------------
 1 file changed, 57 insertions(+), 46 deletions(-)

diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index f067ed1f4b..3f10abbf7c 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -16,45 +16,45 @@ cat <
 
-This script creates certificates and sourcable rc files per tenant/user.
+This script creates certificates and sourcable rc files per project/user.
 
 Target account directory hierarchy:
 target_dir-|
            |-cacert.pem
-           |-tenant1-name|
-           |             |- user1
-           |             |- user1-cert.pem
-           |             |- user1-pk.pem
-           |             |- user2
-           |             ..
-           |-tenant2-name..
+           |-project1-name|
+           |              |- user1
+           |              |- user1-cert.pem
+           |              |- user1-pk.pem
+           |              |- user2
+           |              ..
+           |-project2-name..
            ..
 
 Optional Arguments
 -P include password to the rc files; with -A it assume all users password is the same
 -A try with all user
 -u  create files just for the specified user
--C  create user and tenant, the specifid tenant will be the user's tenant
--r  when combined with -C and the (-u) user exists it will be the user's tenant role in the (-C)tenant (default: Member)
+-C  create user and project, the specifid project will be the user's project
+-r  when combined with -C and the (-u) user exists it will be the user's project role in the (-C)project (default: Member)
 -p  password for the user
 --heat-url 
 --os-username 
 --os-password 
---os-tenant-name 
---os-tenant-id 
+--os-project-name 
+--os-project-id 
 --os-auth-url 
 --os-cacert 
 --target-dir 
---skip-tenant 
+--skip-project 
 --debug
 
 Example:
 $0 -AP
-$0 -P -C mytenant -u myuser -p mypass
+$0 -P -C myproject -u myuser -p mypass
 EOF
 }
 
-if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-name:,os-tenant-id:,os-auth-url:,target-dir:,heat-url:,skip-tenant:,os-cacert:,help,debug -- "$@"); then
+if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-id:,os-tenant-name:,os-project-name:,os-project-id:,os-auth-url:,target-dir:,heat-url:,skip-project:,os-cacert:,help,debug -- "$@"); then
     display_help
     exit 1
 fi
@@ -62,10 +62,10 @@ eval set -- $options
 ADDPASS=""
 HEAT_URL=""
 
-# The services users usually in the service tenant.
+# The services users usually in the service project.
 # rc files for service users, is out of scope.
-# Supporting different tenant for services is out of scope.
-SKIP_TENANT="service"
+# Supporting different project for services is out of scope.
+SKIP_PROJECT="service"
 MODE=""
 ROLE=Member
 USER_NAME=""
@@ -75,9 +75,12 @@ while [ $# -gt 0 ]; do
     -h|--help) display_help; exit 0 ;;
     --os-username) export OS_USERNAME=$2; shift ;;
     --os-password) export OS_PASSWORD=$2; shift ;;
-    --os-tenant-name) export OS_TENANT_NAME=$2; shift ;;
-    --os-tenant-id) export OS_TENANT_ID=$2; shift ;;
-    --skip-tenant) SKIP_TENANT="$SKIP_TENANT$2,"; shift ;;
+    --os-tenant-name) export OS_PROJECT_NAME=$2; shift ;;
+    --os-tenant-id) export OS_PROJECT_ID=$2; shift ;;
+    --os-project-name) export OS_PROJECT_NAME=$2; shift ;;
+    --os-project-id) export OS_PROJECT_ID=$2; shift ;;
+    --skip-tenant) SKIP_PROJECT="$SKIP_PROJECT$2,"; shift ;;
+    --skip-project) SKIP_PROJECT="$SKIP_PROJECT$2,"; shift ;;
     --os-auth-url) export OS_AUTH_URL=$2; shift ;;
     --os-cacert) export OS_CACERT=$2; shift ;;
     --target-dir) ACCOUNT_DIR=$2; shift ;;
@@ -87,7 +90,7 @@ while [ $# -gt 0 ]; do
     -p) USER_PASS=$2; shift ;;
     -A) MODE=all; ;;
     -P) ADDPASS="yes" ;;
-    -C) MODE=create; TENANT=$2; shift ;;
+    -C) MODE=create; PROJECT=$2; shift ;;
     -r) ROLE=$2; shift ;;
     (--) shift; break ;;
     (-*) echo "$0: error - unrecognized option $1" >&2; display_help; exit 1 ;;
@@ -105,8 +108,16 @@ if [ -z "$OS_PASSWORD" ]; then
     fi
 fi
 
-if [ -z "$OS_TENANT_NAME" -a -z "$OS_TENANT_ID" ]; then
-    export OS_TENANT_NAME=admin
+if [ -z "$OS_PROJECT_ID" -a "$OS_TENANT_ID" ]; then
+    export OS_PROJECT_ID=$OS_TENANT_ID
+fi
+
+if [ -z "$OS_PROJECT_NAME" -a "$OS_TENANT_NAME" ]; then
+    export OS_PROJECT_NAME=$OS_TENANT_NAME
+fi
+
+if [ -z "$OS_PROJECT_NAME" -a -z "$OS_PROJECT_ID" ]; then
+    export OS_PROJECT_NAME=admin
 fi
 
 if [ -z "$OS_USERNAME" ]; then
@@ -156,21 +167,21 @@ fi
 function add_entry {
     local user_id=$1
     local user_name=$2
-    local tenant_id=$3
-    local tenant_name=$4
+    local project_id=$3
+    local project_name=$4
     local user_passwd=$5
 
     # The admin user can see all user's secret AWS keys, it does not looks good
-    local line=`openstack ec2 credentials list --user $user_id | grep " $tenant_id "`
+    local line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
     if [ -z "$line" ]; then
-        openstack ec2 credentials create --user $user_id --project $tenant_id 1>&2
-        line=`openstack ec2 credentials list --user $user_id | grep " $tenant_id "`
+        openstack ec2 credentials create --user $user_id --project $project_id 1>&2
+        line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
     fi
     local ec2_access_key ec2_secret_key
     read ec2_access_key ec2_secret_key <<<  `echo $line | awk '{print $2 " " $4 }'`
-    mkdir -p "$ACCOUNT_DIR/$tenant_name"
-    local rcfile="$ACCOUNT_DIR/$tenant_name/$user_name"
-    # The certs subject part are the tenant ID "dash" user ID, but the CN should be the first part of the DN
+    mkdir -p "$ACCOUNT_DIR/$project_name"
+    local rcfile="$ACCOUNT_DIR/$project_name/$user_name"
+    # The certs subject part are the project ID "dash" user ID, but the CN should be the first part of the DN
     # Generally the subject DN parts should be in reverse order like the Issuer
     # The Serial does not seams correctly marked either
     local ec2_cert="$rcfile-cert.pem"
@@ -183,7 +194,7 @@ function add_entry {
         mv -f "$ec2_cert" "$ec2_cert.old"
     fi
     # It will not create certs when the password is incorrect
-    if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-tenant-name "$tenant_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
+    if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-project-name "$project_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
         if [ -e "$ec2_private_key.old" ]; then
             mv -f "$ec2_private_key.old" "$ec2_private_key"
         fi
@@ -199,8 +210,8 @@ export EC2_URL="$EC2_URL"
 export S3_URL="$S3_URL"
 # OpenStack USER ID = $user_id
 export OS_USERNAME="$user_name"
-# OpenStack Tenant ID = $tenant_id
-export OS_TENANT_NAME="$tenant_name"
+# OpenStack project ID = $project_id
+export OS_PROJECT_NAME="$project_name"
 export OS_AUTH_URL="$OS_AUTH_URL"
 export OS_CACERT="$OS_CACERT"
 export EC2_CERT="$ec2_cert"
@@ -213,7 +224,7 @@ EOF
         echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
     fi
     if [ -n "$HEAT_URL" ]; then
-        echo "export HEAT_URL=\"$HEAT_URL/$tenant_id\"" >>"$rcfile"
+        echo "export HEAT_URL=\"$HEAT_URL/$project_id\"" >>"$rcfile"
         echo "export OS_NO_CLIENT_AUTH=True" >>"$rcfile"
     fi
 }
@@ -245,9 +256,9 @@ function get_user_id {
 }
 
 if [ $MODE != "create" ]; then
-    # looks like I can't ask for all tenant related to a specified user
-    openstack project list --long --quote none -f csv | grep ',True' | grep -v "${SKIP_TENANT}" | while IFS=, read tenant_id tenant_name desc enabled; do
-        openstack user list --project $tenant_id --long --quote none -f csv | grep ',True' | while IFS=, read user_id user_name project email enabled; do
+    # looks like I can't ask for all project related to a specified user
+    openstack project list --long --quote none -f csv | grep ',True' | grep -v "${SKIP_PROJECT}" | while IFS=, read project_id project_name desc enabled; do
+        openstack user list --project $project_id --long --quote none -f csv | grep ',True' | while IFS=, read user_id user_name project email enabled; do
             if [ $MODE = one -a "$user_name" != "$USER_NAME" ]; then
                 continue;
             fi
@@ -259,21 +270,21 @@ if [ $MODE != "create" ]; then
             if [ -n "$SPECIFIC_UPASSWORD" ]; then
                 USER_PASS=$SPECIFIC_UPASSWORD
             fi
-            add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
+            add_entry "$user_id" "$user_name" "$project_id" "$project_name" "$USER_PASS"
         done
     done
 else
-    tenant_name=$TENANT
-    tenant_id=$(create_or_get_project "$TENANT")
+    project_name=$PROJECT
+    project_id=$(create_or_get_project "$PROJECT")
     user_name=$USER_NAME
     user_id=`get_user_id $user_name`
     if [ -z "$user_id" ]; then
-        eval $(openstack user create "$user_name" --project "$tenant_id" --password "$USER_PASS" --email "$user_name@example.com" -f shell -c id)
+        eval $(openstack user create "$user_name" --project "$project_id" --password "$USER_PASS" --email "$user_name@example.com" -f shell -c id)
         user_id=$id
-        add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
+        add_entry "$user_id" "$user_name" "$project_id" "$project_name" "$USER_PASS"
     else
         role_id=$(create_or_get_role "$ROLE")
-        openstack role add "$role_id" --user "$user_id" --project "$tenant_id"
-        add_entry "$user_id" "$user_name" "$tenant_id" "$tenant_name" "$USER_PASS"
+        openstack role add "$role_id" --user "$user_id" --project "$project_id"
+        add_entry "$user_id" "$user_name" "$project_id" "$project_name" "$USER_PASS"
     fi
 fi

From c54d4ab9104057b82e02dc9a62f0dd35928f6f64 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Mon, 22 Jun 2015 04:07:18 +0000
Subject: [PATCH 0804/3421] Include domain variables in accrc

Include the user and project domain parameters in the generated user rc files.
This is fairly simplistic, if we were to follow the existing attitudes we
should iterate over the domains and add a new level of folders however this
would change the output location for files that may be depended upon.

Change-Id: I5e9e78406b11382751a591d91f711161bb98f47a
---
 tools/create_userrc.sh | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 3f10abbf7c..c2dbe1aeb4 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -42,6 +42,10 @@ Optional Arguments
 --os-password 
 --os-project-name 
 --os-project-id 
+--os-user-domain-id 
+--os-user-domain-name 
+--os-project-domain-id 
+--os-project-domain-name 
 --os-auth-url 
 --os-cacert 
 --target-dir 
@@ -54,7 +58,7 @@ $0 -P -C myproject -u myuser -p mypass
 EOF
 }
 
-if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-id:,os-tenant-name:,os-project-name:,os-project-id:,os-auth-url:,target-dir:,heat-url:,skip-project:,os-cacert:,help,debug -- "$@"); then
+if ! options=$(getopt -o hPAp:u:r:C: -l os-username:,os-password:,os-tenant-id:,os-tenant-name:,os-project-name:,os-project-id:,os-project-domain-id:,os-project-domain-name:,os-user-domain-id:,os-user-domain-name:,os-auth-url:,target-dir:,heat-url:,skip-project:,os-cacert:,help,debug -- "$@"); then
     display_help
     exit 1
 fi
@@ -79,6 +83,10 @@ while [ $# -gt 0 ]; do
     --os-tenant-id) export OS_PROJECT_ID=$2; shift ;;
     --os-project-name) export OS_PROJECT_NAME=$2; shift ;;
     --os-project-id) export OS_PROJECT_ID=$2; shift ;;
+    --os-user-domain-id) export OS_USER_DOMAIN_ID=$2; shift ;;
+    --os-user-domain-name) export OS_USER_DOMAIN_NAME=$2; shift ;;
+    --os-project-domain-id) export OS_PROJECT_DOMAIN_ID=$2; shift ;;
+    --os-project-domain-name) export OS_PROJECT_DOMAIN_NAME=$2; shift ;;
     --skip-tenant) SKIP_PROJECT="$SKIP_PROJECT$2,"; shift ;;
     --skip-project) SKIP_PROJECT="$SKIP_PROJECT$2,"; shift ;;
     --os-auth-url) export OS_AUTH_URL=$2; shift ;;
@@ -128,6 +136,16 @@ if [ -z "$OS_AUTH_URL" ]; then
     export OS_AUTH_URL=http://localhost:5000/v2.0/
 fi
 
+if [ -z "$OS_USER_DOMAIN_ID" -a -z "$OS_USER_DOMAIN_NAME" ]; then
+    # purposefully not exported as it would force v3 auth within this file.
+    OS_USER_DOMAIN_ID=default
+fi
+
+if [ -z "$OS_PROJECT_DOMAIN_ID" -a -z "$OS_PROJECT_DOMAIN_NAME" ]; then
+    # purposefully not exported as it would force v3 auth within this file.
+    OS_PROJECT_DOMAIN_ID=default
+fi
+
 USER_PASS=${USER_PASS:-$OS_PASSWORD}
 USER_NAME=${USER_NAME:-$OS_USERNAME}
 
@@ -219,6 +237,7 @@ export EC2_PRIVATE_KEY="$ec2_private_key"
 export EC2_USER_ID=42 #not checked by nova (can be a 12-digit id)
 export EUCALYPTUS_CERT="$ACCOUNT_DIR/cacert.pem"
 export NOVA_CERT="$ACCOUNT_DIR/cacert.pem"
+export OS_AUTH_TYPE=v2password
 EOF
     if [ -n "$ADDPASS" ]; then
         echo "export OS_PASSWORD=\"$user_passwd\"" >>"$rcfile"
@@ -227,6 +246,13 @@ EOF
         echo "export HEAT_URL=\"$HEAT_URL/$project_id\"" >>"$rcfile"
         echo "export OS_NO_CLIENT_AUTH=True" >>"$rcfile"
     fi
+    for v in OS_USER_DOMAIN_ID OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_ID OS_PROJECT_DOMAIN_NAME; do
+        if [ ${!v} ]; then
+            echo "export $v=${!v}" >>"$rcfile"
+        else
+            echo "unset $v" >>"$rcfile"
+        fi
+    done
 }
 
 #admin users expected

From 6e121ff53e85fbe8f9eb9437403a4302bd0ee222 Mon Sep 17 00:00:00 2001
From: John Hua 
Date: Wed, 8 Jul 2015 03:00:07 +0100
Subject: [PATCH 0805/3421] Remove unused files from tools/xen.

Most of unused files were used with build_domU_multi.sh which has been
replaced by build_xva.sh. Besides tools/xen/scripts/templatedelete.sh
was created for convenience purposes and now not in use.

Change-Id: I4282c779629e3413ee3cd3ff134c3b7b19eee487
Closes-Bug: #1470535
---
 tools/xen/build_domU_multi.sh       |  29 ---
 tools/xen/files/fstab               |   5 -
 tools/xen/files/hvc0.conf           |  10 -
 tools/xen/scripts/mkxva             | 365 ----------------------------
 tools/xen/scripts/templatedelete.sh |   9 -
 tools/xen/templates/hosts.in        |   8 -
 tools/xen/templates/menu.lst.in     |   6 -
 tools/xen/templates/ova.xml.in      |  14 --
 8 files changed, 446 deletions(-)
 delete mode 100755 tools/xen/build_domU_multi.sh
 delete mode 100644 tools/xen/files/fstab
 delete mode 100644 tools/xen/files/hvc0.conf
 delete mode 100755 tools/xen/scripts/mkxva
 delete mode 100755 tools/xen/scripts/templatedelete.sh
 delete mode 100644 tools/xen/templates/hosts.in
 delete mode 100644 tools/xen/templates/menu.lst.in
 delete mode 100644 tools/xen/templates/ova.xml.in

diff --git a/tools/xen/build_domU_multi.sh b/tools/xen/build_domU_multi.sh
deleted file mode 100755
index 0eb2077414..0000000000
--- a/tools/xen/build_domU_multi.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-# Echo commands
-set -o xtrace
-
-# Head node host, which runs glance, api, keystone
-HEAD_PUB_IP=${HEAD_PUB_IP:-192.168.1.57}
-HEAD_MGT_IP=${HEAD_MGT_IP:-172.16.100.57}
-
-COMPUTE_PUB_IP=${COMPUTE_PUB_IP:-192.168.1.58}
-COMPUTE_MGT_IP=${COMPUTE_MGT_IP:-172.16.100.58}
-
-# Networking params
-FLOATING_RANGE=${FLOATING_RANGE:-192.168.1.196/30}
-
-# Variables common amongst all hosts in the cluster
-COMMON_VARS="$STACKSH_PARAMS MYSQL_HOST=$HEAD_MGT_IP RABBIT_HOST=$HEAD_MGT_IP GLANCE_HOSTPORT=$HEAD_MGT_IP:9292 FLOATING_RANGE=$FLOATING_RANGE"
-
-# Helper to launch containers
-function build_xva {
-    GUEST_NAME=$1 PUB_IP=$2 MGT_IP=$3 DO_SHUTDOWN=$4 TERMINATE=$TERMINATE STACKSH_PARAMS="$COMMON_VARS $5" ./build_xva.sh
-}
-
-# Launch the head node - headnode uses a non-ip domain name,
-# because rabbit won't launch with an ip addr hostname :(
-build_xva HEADNODE $HEAD_PUB_IP $HEAD_MGT_IP 1 "ENABLED_SERVICES=g-api,g-reg,key,n-api,n-sch,n-vnc,horizon,mysql,rabbit"
-
-# Build the HA compute host
-build_xva COMPUTENODE $COMPUTE_PUB_IP $COMPUTE_MGT_IP 0 "ENABLED_SERVICES=n-cpu,n-net,n-api"
diff --git a/tools/xen/files/fstab b/tools/xen/files/fstab
deleted file mode 100644
index 6c9b9818c3..0000000000
--- a/tools/xen/files/fstab
+++ /dev/null
@@ -1,5 +0,0 @@
-LABEL=vpxroot           /                       ext3    defaults        1 1
-tmpfs                   /dev/shm                tmpfs   defaults        0 0
-devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
-sysfs                   /sys                    sysfs   defaults        0 0
-proc                    /proc                   proc    defaults        0 0
diff --git a/tools/xen/files/hvc0.conf b/tools/xen/files/hvc0.conf
deleted file mode 100644
index 4eedaf6ee1..0000000000
--- a/tools/xen/files/hvc0.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# hvc0 - getty
-#
-# This service maintains a getty on hvc0 from the point the system is
-# started until it is shut down again.
-
-start on stopped rc RUNLEVEL=[2345]
-stop on runlevel [!2345]
-
-respawn
-exec /sbin/getty -8 9600 hvc0
diff --git a/tools/xen/scripts/mkxva b/tools/xen/scripts/mkxva
deleted file mode 100755
index 392c05b407..0000000000
--- a/tools/xen/scripts/mkxva
+++ /dev/null
@@ -1,365 +0,0 @@
-#!/bin/bash
-#
-# Copyright (c) 2011 Citrix Systems, Inc.
-# Copyright 2011 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-#
-
-set -eu
-
-set -o xtrace
-
-VBOX_IMG=/output/packages/vbox-img
-
-usage() {
-    cat >&2 < -t  -x    
-  -o: Colon-separated list of output filenames (one for each type).
-  -p: Create a disk label and partition within the output image
-  -t: Colon-separated list of types of output file.  xva and ovf supported.
-  -x: XML filenames (one for each type)
-
-EOF
-    exit 1
-}
-
-# parse cmdline
-
-OPT_USE_PARTITION=
-OPT_TYPES=
-OPT_OUTPUT_FILES=
-OPT_XML_FILES=
-
-while getopts o:pt:x: o
-do case "$o" in
-    o)    OPT_OUTPUT_FILES=$(echo "$OPTARG" | sed -e 's/\s*:\s*/ /g')
-        ;;
-    p)    OPT_USE_PARTITION=1
-        ;;
-    t)    OPT_TYPES=$(echo "$OPTARG" | sed -e 's/\s*:\s*/ /g')
-        ;;
-    x)    OPT_XML_FILES=$(echo "$OPTARG" | sed -e 's/\s*:\s*/ /g')
-        ;;
-    [?])  usage
-        ;;
-    esac
-done
-shift $((OPTIND-1))
-
-[ $# -ne 3 ] && usage
-FS_STAGING="$1"
-FS_SIZE_MIB="$2"
-TMPDIR="$3"
-
-if [ "$UID" = "0" ]
-then
-  SUDO=
-else
-  SUDO=sudo
-fi
-
-if [ "$FS_SIZE_MIB" = "0" ]
-then
-    # Just create a dummy file.  This allows developers to bypass bits of
-    # the build by setting the size to 0.
-    touch $OPT_OUTPUT_FILES
-    exit 0
-fi
-
-# create temporary files and dirs
-FS_TMPFILE=$(mktemp "$TMPDIR/mkxva-fsimg-XXXXX")
-XVA_TARBALL_STAGING=$(mktemp -d "$TMPDIR/mkxva-tarball-staging-XXXXX")
-OVF_STAGING=$(mktemp -d "$TMPDIR/mkxva-ovf-staging-XXXXX")
-
-# Find udevsettle and udevtrigger on this installation
-if [ -x "/sbin/udevsettle" ] ; then
-    UDEVSETTLE="/sbin/udevsettle --timeout=30"
-elif [ -x "/sbin/udevadm" ] ; then
-    UDEVSETTLE='/sbin/udevadm settle'
-else
-    UDEVSETTLE='/bin/true'
-fi
-
-if [ -x "/sbin/udevtrigger" ] ; then
-    UDEVTRIGGER=/sbin/udevtrigger
-elif [ -x "/sbin/udevadm" ] ; then
-    UDEVTRIGGER='/sbin/udevadm trigger'
-else
-    UDEVTRIGGER=
-fi
-
-# CLEAN_ variables track devices and mounts that must be taken down
-# no matter how the script exits.  Loop devices are vulnerable to
-# exhaustion so we make every effort to remove them
-
-CLEAN_KPARTX=
-CLEAN_LOSETUP=
-CLEAN_MOUNTPOINT=
-
-cleanup_devices () {
-    if [ -n "$CLEAN_MOUNTPOINT" ] ; then
-        echo "Mountpoint $CLEAN_MOUNTPOINT removed on abnormal exit"
-        $SUDO umount "$CLEAN_MOUNTPOINT" || echo "umount failed"
-        rmdir "$CLEAN_MOUNTPOINT" || echo "rmdir failed"
-    fi
-    if [ -n "$CLEAN_KPARTX" ] ; then
-        echo "kpartx devices for $CLEAN_KPARTX removed on abnormal exit"
-        $SUDO kpartx -d "$CLEAN_KPARTX" || echo "kpartx -d failed"
-    fi
-    if [ -n "$CLEAN_LOSETUP" ] ; then
-        echo "Loop device $CLEAN_LOSETUP removed on abnormal exit"
-        $SUDO losetup -d "$CLEAN_LOSETUP" # Allow losetup errors to propagate
-    fi
-}
-
-trap "cleanup_devices" EXIT
-
-make_fs_inner () {
-    local staging="$1"
-    local output="$2"
-    local options="$3"
-    CLEAN_MOUNTPOINT=$(mktemp -d "$TMPDIR/mkfs-XXXXXX")
-
-    # copy staging dir contents to fs image
-    $SUDO mount $options "$output" "$CLEAN_MOUNTPOINT"
-    $SUDO tar -C "$staging" -c . | tar -C "$CLEAN_MOUNTPOINT" -x
-    $SUDO umount "$CLEAN_MOUNTPOINT"
-    rmdir "$CLEAN_MOUNTPOINT"
-    CLEAN_MOUNTPOINT=
-}
-
-# Turn a staging dir into an ext3 filesystem within a partition
-make_fs_in_partition () {
-    local staging="$1"
-    local output="$2"
-
-    # create new empty disk
-    dd if=/dev/zero of="$output" bs=1M count=$FS_SIZE_MIB
-    # Set up a loop device on the empty disk image
-    local loopdevice=$($SUDO losetup -f)
-    $SUDO losetup "$loopdevice" "$output"
-    CLEAN_LOSETUP="$loopdevice"
-    # Create a partition table and single partition.
-    # Start partition at sector 63 to allow space for grub
-    cat < "$CLEAN_MOUNTPOINT/boot/grub/grub.conf" </dev/null
-		gzip "$file"
-	else
-		local file="$outputdir"/$(printf "%08d" $i)
-	        dd if="$diskimg" of="$file" skip=$i bs=1M count=1 2>/dev/null
-		local chksum=$(sha1sum -b "$file")
-		echo -n "${chksum/ */}" > "$file.checksum"
-	fi
-	i=$(($i + 1))
-    done
-}
-
-if [ -n "$OPT_USE_PARTITION" ] ; then
-    make_fs_in_partition "$FS_STAGING" "$FS_TMPFILE"
-else
-    make_fs "$FS_STAGING" "$FS_TMPFILE"
-fi
-
-VDI_SIZE=$(stat --format=%s "$FS_TMPFILE")
-
-make_xva () {
-    local output_file="$1"
-    local xml_file="$2"
-    local subdir
-    local rio
-
-    if [[ `cat $xml_file` =~ "\s*class\s*VDI\s*\s*\s*id\s*(Ref:[0-9]+)" ]]
-    then
-        # it's a rio style xva
-        subdir="${BASH_REMATCH[1]}";
-        rio=1
-    else
-        # it's a geneva style xva
-        subdir="xvda"
-        rio=0
-    fi
-
-    cp "$xml_file" "$XVA_TARBALL_STAGING"/ova.xml
-    sed -i -e "s/@VDI_SIZE@/$VDI_SIZE/" "$XVA_TARBALL_STAGING"/ova.xml
-    mkdir "$XVA_TARBALL_STAGING/$subdir"
-    splitvdi "$FS_TMPFILE" "$XVA_TARBALL_STAGING/$subdir" "$rio"
-    TARFILE_MEMBERS=$(cd "$XVA_TARBALL_STAGING" && echo ova.xml $subdir/*)
-    tar -C "$XVA_TARBALL_STAGING" --format=v7 -c $TARFILE_MEMBERS -f "$output_file.tmp"
-    mv "$output_file.tmp" "$output_file"
-}
-
-make_ovf () {
-    local output_dir="$1"
-    local xml_file="$2"
-    local output_base=$(basename "$output_dir")
-    local disk="$output_dir/${output_base}.vmdk"
-    local manifest="$output_dir/${output_base}.mf"
-    local ovf="$output_dir/${output_base}.ovf"
-
-    mkdir -p "$output_dir"
-    rm -f "$disk"
-    $VBOX_IMG convert --srcfilename="$FS_TMPFILE" --dstfilename="$disk" \
-        --srcformat RAW --dstformat VMDK --variant Stream
-    chmod 0644 "$disk"
-
-    local n_bytes=$(stat --printf=%s "$disk")
-    cp "$xml_file" "$ovf"
-    sed -i -e "s/@MKXVA_DISK_FULLSIZE@/$VDI_SIZE/" "$ovf"
-    sed -i -e "s/@MKXVA_DISK_SIZE@/$n_bytes/" "$ovf"
-    sed -i -e "s/@MKXVA_DISK_MIB_SIZE@/$FS_SIZE_MIB/" "$ovf"
-    sed -i -e "s/@MKXVA_DISK_FILENAME@/${output_base}.vmdk/" "$ovf"
-
-    for to_sign in "$ovf" "$disk"
-    do
-	local sha1_sum=$(sha1sum "$to_sign" | cut -d' ' -f1)
-	echo "SHA1($(basename "$to_sign"))= $sha1_sum" >> $manifest
-    done
-}
-
-output_files="$OPT_OUTPUT_FILES"
-xml_files="$OPT_XML_FILES"
-# Iterate through the type list creating the relevant VMs
-for create_type in $OPT_TYPES
-do
-    # Shift one parameter from the front of the lists
-    create_output_file="${output_files%% *}"
-    output_files="${output_files#* }"
-    create_xml_file="${xml_files%% *}"
-    xml_files="${xml_files#* }"
-    echo "Creating $create_type appliance $create_output_file using metadata file $create_xml_file"
-
-    case "$create_type" in
-	xva)
-	    make_xva "$create_output_file" "$create_xml_file"
-	    ;;
-	ovf)
-	    make_ovf "$create_output_file" "$create_xml_file"
-	    ;;
-	*)
-	    echo "Unknown VM type '$create_type'"
-	    exit 1
-	    ;;
-    esac
-
-done
-
-
-# cleanup
-if [ -z "${DO_NOT_CLEANUP:-}" ] ; then
-    rm -rf "$XVA_TARBALL_STAGING"
-    rm -f "$FS_TMPFILE"
-fi
diff --git a/tools/xen/scripts/templatedelete.sh b/tools/xen/scripts/templatedelete.sh
deleted file mode 100755
index 66765b2446..0000000000
--- a/tools/xen/scripts/templatedelete.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-#Usage: ./templatedelete.sh 
-
-templateuuid="$1"
-
-xe template-param-set other-config:default_template=false uuid="$templateuuid"
-xe template-param-set is-a-template=false uuid="$templateuuid"
-xe vm-destroy uuid="$templateuuid"
diff --git a/tools/xen/templates/hosts.in b/tools/xen/templates/hosts.in
deleted file mode 100644
index 8ab4c3e919..0000000000
--- a/tools/xen/templates/hosts.in
+++ /dev/null
@@ -1,8 +0,0 @@
-127.0.0.1   localhost
-127.0.0.1   %HOSTNAME%
-::1     localhost ip6-localhost ip6-loopback
-fe00::0     ip6-localnet
-ff00::0     ip6-mcastprefix
-ff02::1     ip6-allnodes
-ff02::2     ip6-allrouters
-
diff --git a/tools/xen/templates/menu.lst.in b/tools/xen/templates/menu.lst.in
deleted file mode 100644
index 8bc6426251..0000000000
--- a/tools/xen/templates/menu.lst.in
+++ /dev/null
@@ -1,6 +0,0 @@
-default 0
-
-title default
-        root (hd0,0)
-        kernel /boot/vmlinuz-@KERNEL_VERSION@ ro root=LABEL=vpxroot console=xvc0
-        initrd /boot/initrd.img-@KERNEL_VERSION@
diff --git a/tools/xen/templates/ova.xml.in b/tools/xen/templates/ova.xml.in
deleted file mode 100644
index 01041e2030..0000000000
--- a/tools/xen/templates/ova.xml.in
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-        
-                
-                
-                
-                
-                
-        
-        
-
-

From e446fc3f5982089770a936cd8614fe75566cc103 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Wed, 8 Jul 2015 12:10:15 -0700
Subject: [PATCH 0806/3421] Set ATTACH_ENCRYPTED_VOLUME_AVAILABLE=False if
 testing with Ceph

The encrypted Cinder volume tests in Tempest don't actually work
properly for a Ceph backend in cinder since the volume encryption
support is not in Nova for RBD volume types.

This is needed for Cinder change
I03f8cae05cc117e14f7482115de685fc9f3fa54a which tells Nova that the rbd
volume connection is on an encrypted volume type.

Related-Bug: #1463525

Change-Id: I8548d41095513b9e669f773e3f35353e9228ead9
---
 lib/ceph | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ceph b/lib/ceph
index 16dcda2f9e..5104629065 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -74,6 +74,10 @@ CEPH_REPLICAS_SEQ=$(seq ${CEPH_REPLICAS})
 REMOTE_CEPH=$(trueorfalse False REMOTE_CEPH)
 REMOTE_CEPH_ADMIN_KEY_PATH=${REMOTE_CEPH_ADMIN_KEY_PATH:-$CEPH_CONF_DIR/ceph.client.admin.keyring}
 
+# Cinder encrypted volume tests are not supported with a Ceph backend due to
+# bug 1463525.
+ATTACH_ENCRYPTED_VOLUME_AVAILABLE=False
+
 
 # Functions
 # ------------

From 23cd71ac94cf11a18d5d153b963a96eabcb0cd15 Mon Sep 17 00:00:00 2001
From: Zhang Jinnan 
Date: Wed, 8 Jul 2015 11:36:32 -0400
Subject: [PATCH 0807/3421] Update Centos/RHEL to use Kilo RDO packages

Update Centos/RHEL to use Kilo based RDO

Change-Id: I901c4e9dfb6bce377b6afb19bbce94c71dfe127f
---
 stack.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stack.sh b/stack.sh
index 17cbe75802..012b726811 100755
--- a/stack.sh
+++ b/stack.sh
@@ -273,8 +273,8 @@ EOF
     # ... and also optional to be enabled
     sudo yum-config-manager --enable rhel-7-server-optional-rpms
 
-    RHEL_RDO_REPO_RPM=${RHEL7_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm"}
-    RHEL_RDO_REPO_ID=${RHEL7_RDO_REPO_ID:-"openstack-juno"}
+    RHEL_RDO_REPO_RPM=${RHEL7_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-kilo/rdo-release-kilo-1.noarch.rpm"}
+    RHEL_RDO_REPO_ID=${RHEL7_RDO_REPO_ID:-"openstack-kilo"}
 
     if ! sudo yum repolist enabled $RHEL_RDO_REPO_ID | grep -q $RHEL_RDO_REPO_ID; then
         echo "RDO repo not detected; installing"

From f0247ed21ab38e525fb6edace5dbbdd7c14cfb2d Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 9 Jul 2015 15:49:16 +1000
Subject: [PATCH 0808/3421] Move xtrace early

I dug back through the history to see why xtrace is enabled where it
is.  Originally (like first commit originally), it was somewhat sanely
placed to turn on tracing after it had done the interactive
"read_password" prompt stuff.  Over time, it has just shuffled it's
way down as stuff got added around it.

This was noticed this because I was looking for tracing of earlier
commands when looking at the repo setup (see
Iec2ad7b5598fdaefbc2338ade702bc7b08963b96) and couldn't find it.

Putting this at the start means we both capture all output
unconditionally, and avoid needlessly getting this interleaved at some
odd place again.

Change-Id: I441d7eecbab9d204258c18a071ccc1cbf4f7512a
---
 stack.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/stack.sh b/stack.sh
index 17cbe75802..dea820a050 100755
--- a/stack.sh
+++ b/stack.sh
@@ -21,6 +21,10 @@
 
 # Learn more and get the most recent version at http://devstack.org
 
+# Print the commands being run so that we can see the command that triggers
+# an error.  It is also useful for following along as the install occurs.
+set -o xtrace
+
 # Make sure custom grep options don't get in the way
 unset GREP_OPTIONS
 
@@ -485,10 +489,6 @@ function err_trap {
 # Begin trapping error exit codes
 set -o errexit
 
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following along as the install occurs.
-set -o xtrace
-
 # Print the kernel version
 uname -a
 

From 89ee58523050443a38c284e8f0920dae152a901a Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Thu, 9 Jul 2015 13:25:04 -0700
Subject: [PATCH 0809/3421] neutron: add NOVA_ALLOW_DUPLICATE_NETWORKS config
 option

Nova commit 322cc9336fe6f6fe9b3f0da33c6b26a3e5ea9b0c added the
neutron.allow_duplicate_networks config option in Juno and it defaults
to False. The option was deprecated in Kilo with commit
4306d9190f49e7fadf88669d18effedabc880d3b and removed in Liberty with
commit b06867c581541ed325ddc5e5b5a2d53b1b0261ac so it's the default
behavior in Liberty.

To test it in the gate with Tempest, we need to be able to set it to
True in devstack-gate and update tempest.conf (since tempest is branchless
and we don't want to try to test duplicate networks against kilo/juno code).

We can remove the change to lib/tempest when it's removed from Tempest
after kilo-eol.

Depends-On: I05f81d86cde249c23be06d5804fadbf40fc4a7f3

Change-Id: Ifd075420f57c9b60746f4a6af6520c0ef04800db
---
 lib/tempest | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index a84ade2a81..cb5711f7d8 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -30,6 +30,7 @@
 # - ``DEFAULT_INSTANCE_TYPE``
 # - ``DEFAULT_INSTANCE_USER``
 # - ``CINDER_ENABLED_BACKENDS``
+# - ``NOVA_ALLOW_DUPLICATE_NETWORKS``
 #
 # ``stack.sh`` calls the entry points in this order:
 #
@@ -380,6 +381,10 @@ function configure_tempest {
     # TODO(gilliard): Remove the live_migrate_paused_instances flag when Juno is end of life.
     iniset $TEMPEST_CONFIG compute-feature-enabled live_migrate_paused_instances True
     iniset $TEMPEST_CONFIG compute-feature-enabled attach_encrypted_volume ${ATTACH_ENCRYPTED_VOLUME_AVAILABLE:-True}
+    # TODO(mriedem): Remove this when kilo-eol happens since the
+    # neutron.allow_duplicate_networks option was removed from nova in Liberty
+    # and is now the default behavior.
+    iniset $TEMPEST_CONFIG compute-feature-enabled allow_duplicate_networks ${NOVA_ALLOW_DUPLICATE_NETWORKS:-True}
 
     # Network
     iniset $TEMPEST_CONFIG network api_version 2.0

From ee6161720360f589485596dd572286d7a1865b17 Mon Sep 17 00:00:00 2001
From: Bob Ball 
Date: Mon, 22 Jun 2015 13:48:57 +0100
Subject: [PATCH 0810/3421] XenAPI: Update to a newer Cirros image

Update to 0.3.4 as it has support for config drive v2

Change-Id: Id8143f16fb3f0b6ce82c1332e8f695ac739a9e8c
---
 stackrc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index 09ba3e9807..c8069be994 100644
--- a/stackrc
+++ b/stackrc
@@ -564,8 +564,8 @@ case "$VIRT_DRIVER" in
         DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.2-i386-disk.vmdk}
         IMAGE_URLS=${IMAGE_URLS:-"http://partnerweb.vmware.com/programs/vmdkimage/cirros-0.3.2-i386-disk.vmdk"};;
     xenserver)
-        DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.0-x86_64-disk}
-        IMAGE_URLS=${IMAGE_URLS:-"https://github.com/downloads/citrix-openstack/warehouse/cirros-0.3.0-x86_64-disk.vhd.tgz"}
+        DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
+        IMAGE_URLS=${IMAGE_URLS:-"http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"}
         IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
     ironic)
         # Ironic can do both partition and full disk images, depending on the driver

From a3c94468baa159840a47c34cf94d97d816208313 Mon Sep 17 00:00:00 2001
From: Dirk Mueller 
Date: Tue, 23 Jun 2015 12:23:29 +0200
Subject: [PATCH 0811/3421] Remove support for enabling file injection

File injection is disabled in nova meanwhile, and devstack core
reviewers think it shouldn't be configureable in devstack anymore.
This basically reverts https://review.openstack.org/#/c/70560/

Change-Id: Ia7dd407da00c0b1c9641865aea1f7b74533d7357
---
 lib/nova_plugins/hypervisor-libvirt | 25 +++----------------------
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index f70b21a475..f52629dc91 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -25,9 +25,6 @@ source $TOP_DIR/lib/nova_plugins/functions-libvirt
 # Defaults
 # --------
 
-# File injection is disabled by default in Nova.  This will turn it back on.
-ENABLE_FILE_INJECTION=$(trueorfalse False ENABLE_FILE_INJECTION)
-
 
 # Entry Points
 # ------------
@@ -60,17 +57,9 @@ function configure_nova_hypervisor {
         iniset $NOVA_CONF DEFAULT vnc_enabled "false"
     fi
 
-    if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
-        # When libguestfs is available for file injection, enable using
-        # libguestfs to inspect the image and figure out the proper
-        # partition to inject into.
-        iniset $NOVA_CONF libvirt inject_partition '-1'
-        iniset $NOVA_CONF libvirt inject_key 'true'
-    else
-        # File injection is being disabled by default in the near future -
-        # disable it here for now to avoid surprises later.
-        iniset $NOVA_CONF libvirt inject_partition '-2'
-    fi
+    # File injection is being disabled by default in the near future -
+    # disable it here for now to avoid surprises later.
+    iniset $NOVA_CONF libvirt inject_partition '-2'
 
     if [[ "$LIBVIRT_TYPE" = "parallels" ]]; then
         iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
@@ -96,14 +85,6 @@ function install_nova_hypervisor {
             yum_install libcgroup-tools
         fi
     fi
-
-    if [[ "$ENABLE_FILE_INJECTION" = "True" ]] ; then
-        if is_ubuntu; then
-            install_package python-guestfs
-        elif is_fedora || is_suse; then
-            install_package python-libguestfs
-        fi
-    fi
 }
 
 # start_nova_hypervisor - Start any required external services

From 11cf23e03457357368cc40622ecc37cebe56293c Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang 
Date: Wed, 15 Jul 2015 08:18:23 +0800
Subject: [PATCH 0812/3421] Fix the typo zaqar

Change-Id: Ic05b88a55f4110cd2e72985c7f3f544d0de8dd67
---
 doc/source/plugin-registry.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index c5c4e1eaa5..99bfb85b38 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -26,7 +26,7 @@ The following are plugins that exist for official OpenStack projects.
 +--------------------+-------------------------------------------+--------------------+
 |trove               |git://git.openstack.org/openstack/trove    |                    |
 +--------------------+-------------------------------------------+--------------------+
-|zaqar               |git://git.openstack.org/openstack/zarar    |                    |
+|zaqar               |git://git.openstack.org/openstack/zaqar    |                    |
 +--------------------+-------------------------------------------+--------------------+
 
 

From 7aaaf9090145b3e84e1d9a3c90e12bd370f5f31f Mon Sep 17 00:00:00 2001
From: Isao Yamagata 
Date: Sat, 11 Jul 2015 16:07:22 +0000
Subject: [PATCH 0813/3421] Fix distribution link in documentation

Fix broken link to distributions of OpenStack

Closes-Bug: #1469433
Change-Id: Ica572e11c0dedfe0684fad1c4d48b248f7003d47
---
 doc/source/faq.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index f61002baf2..0db8932e9c 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -16,7 +16,7 @@ upstream code.  It makes many choices that are not appropriate for
 production systems.
 
 Your best choice is probably to choose a `distribution of OpenStack
-`__.
+`__.
 
 Why a shell script, why not chef/puppet/...
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From 54ee8a82a837eb2b28746c77e0259ec326ab15cc Mon Sep 17 00:00:00 2001
From: Maxim Nestratov 
Date: Wed, 15 Jul 2015 11:47:11 +0300
Subject: [PATCH 0814/3421] Make it possible to upload ploop images

Add support of ploop images (*.hds extension) for both exe and hvm types.
In devstack we assume that images have '-exe' and '-hvm' suffixes in
their names correspondently.

Change-Id: I1c074876c530be0535a6e02e764d67a4ebcbbbe5
---
 functions | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/functions b/functions
index 1668e16b6d..5bbe18f990 100644
--- a/functions
+++ b/functions
@@ -219,6 +219,23 @@ function upload_image {
         return
     fi
 
+    if [[ "$image_url" =~ '.hds' ]]; then
+        image_name="${image_fname%.hds}"
+        vm_mode=${image_name##*-}
+        if [[ $vm_mode != 'exe' && $vm_mode != 'hvm' ]]; then
+            die $LINENO "Unknown vm_mode=${vm_mode} for Virtuozzo image"
+        fi
+
+        openstack \
+            --os-token $token \
+            --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
+            image create \
+            "$image_name" --public \
+            --container-format=bare --disk-format=ploop \
+            --property vm_mode=$vm_mode < "${image}"
+        return
+    fi
+
     local kernel=""
     local ramdisk=""
     local disk_format=""

From e6f37b91e5cd5b0f70d2be1e75eb4f61adc1e16a Mon Sep 17 00:00:00 2001
From: Maxim Nestratov 
Date: Tue, 30 Jun 2015 14:54:12 +0300
Subject: [PATCH 0815/3421] libvirt virt_type=parallels support enchancement

As soon as Parallels Cloud Server/Virtuozzo is based on CloudLinux distribution
this new rpm kind of distribution is introduced.
Also we setup vnc and set vnc_encoding parameter to None as soon it isn't
supported by parallels.

Change-Id: Ib97a09f397f950227498cfc2ce162d19b700f6f4
---
 functions-common                    | 6 ++++--
 lib/nova_plugins/hypervisor-libvirt | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 061a9356f5..813d164272 100644
--- a/functions-common
+++ b/functions-common
@@ -269,8 +269,9 @@ function GetOSVersion {
         # Fedora release 16 (Verne)
         # XenServer release 6.2.0-70446c (xenenterprise)
         # Oracle Linux release 7
+        # CloudLinux release 7.1
         os_CODENAME=""
-        for r in "Red Hat" CentOS Fedora XenServer; do
+        for r in "Red Hat" CentOS Fedora XenServer CloudLinux; do
             os_VENDOR=$r
             if [[ -n "`grep \"$r\" /etc/redhat-release`" ]]; then
                 ver=`sed -e 's/^.* \([0-9].*\) (\(.*\)).*$/\1\|\2/' /etc/redhat-release`
@@ -374,7 +375,8 @@ function is_fedora {
     fi
 
     [ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
-        [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ]
+        [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleLinux" ] || \
+        [ "$os_VENDOR" = "CloudLinux" ]
 }
 
 
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index f70b21a475..dfd8a67fd9 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -75,6 +75,10 @@ function configure_nova_hypervisor {
     if [[ "$LIBVIRT_TYPE" = "parallels" ]]; then
         iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
         iniset $NOVA_CONF libvirt images_type "ploop"
+        iniset $NOVA_CONF DEFAULT force_raw_images  "False"
+        iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address  $HOST_IP
+        iniset $NOVA_CONF DEFAULT vncserver_listen $HOST_IP
+        iniset $NOVA_CONF DEFAULT vnc_keymap
     fi
 }
 

From 54dc19ecad2ed06694a4b6269c2833d9533a26f5 Mon Sep 17 00:00:00 2001
From: Mahito OGURA 
Date: Tue, 14 Jul 2015 17:16:42 +0900
Subject: [PATCH 0816/3421] Add export_proxy_variables() tests to
 test_functions.sh

In test_functions.sh, There aren't export_proxy_variables() tests.
This patch add test of export_proxy_variables to test_funstions.sh.

Change-Id: I76f2bab84f4019961e612b0bff0ab66646b6e160
---
 tests/test_functions.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index f555de8dff..be8dc5e287 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -245,4 +245,33 @@ else
     passed "OK"
 fi
 
+function test_export_proxy_variables {
+    echo "Testing export_proxy_variables()"
+
+    local expected results
+
+    http_proxy=http_proxy_test
+    https_proxy=https_proxy_test
+    no_proxy=no_proxy_test
+
+    export_proxy_variables
+    expected=$(echo -e "http_proxy=$http_proxy\nhttps_proxy=$https_proxy\nno_proxy=$no_proxy")
+    results=$(env | egrep '(http(s)?|no)_proxy=')
+    if [[ $expected = $results ]]; then
+        passed "OK: Proxy variables are exported when proxy variables are set"
+    else
+        failed "Expected: $expected, Failed: $results"
+    fi
+
+    unset http_proxy https_proxy no_proxy
+    export_proxy_variables
+    results=$(env | egrep '(http(s)?|no)_proxy=')
+    if [[ "" = $results ]]; then
+        passed "OK: Proxy variables aren't exported when proxy variables aren't set"
+    else
+        failed "Expected: '', Failed: $results"
+    fi
+}
+test_export_proxy_variables
+
 report_results

From 7e5fb63b71364637eaa81a0f978af76fe3df2c97 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Thu, 16 Jul 2015 10:40:43 +1000
Subject: [PATCH 0817/3421] Always use volume v1 API for type create.

OpenStackClient doesn't currently support volume type create on the V2
API. Make sure that all requests use the V1 api until this has been
fixed in OpenStackClient.

Change-Id: I2fa133d30753e188d383d3de78c0022a3625cb34
Closes-Bug: #1475062
---
 lib/cinder | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/cinder b/lib/cinder
index a9a9f0d298..e5ed2db1a3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -485,7 +485,9 @@ function create_volume_types {
         local be be_name
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
             be_name=${be##*:}
-            openstack volume type create --property volume_backend_name="${be_name}" ${be_name}
+            # FIXME(jamielennox): Remove --os-volume-api-version pinning when
+            # osc supports volume type create on v2 api. bug #1475060
+            openstack volume type create --os-volume-api-version 1 --property volume_backend_name="${be_name}" ${be_name}
         done
     fi
 }

From 11d276c73cdd848c0287f6718d0163369cefd157 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 2 Jul 2015 09:34:34 +1000
Subject: [PATCH 0818/3421] local call masks errors in subshells

In another "things from the man page"

   The return status is 0 unless local is used outside a function, an
   invalid name is supplied, or name is a readonly variable.

Thus if anything fails in "cmd" of "local foo=$( cmd )" we don't
notice.

Change-Id: I22b10d5d39f014b6c92d2e101b167cbacf81afca
---
 functions-common | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/functions-common b/functions-common
index 322bf82f30..a2a9a3daf4 100644
--- a/functions-common
+++ b/functions-common
@@ -684,9 +684,10 @@ function policy_add {
 # Gets or creates a domain
 # Usage: get_or_create_domain  
 function get_or_create_domain {
+    local domain_id
     local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets domain id
-    local domain_id=$(
+    domain_id=$(
         # Gets domain id
         openstack --os-token=$OS_TOKEN --os-url=$os_url \
             --os-identity-api-version=3 domain show $1 \
@@ -705,8 +706,9 @@ function get_or_create_domain {
 function get_or_create_group {
     local desc="${3:-}"
     local os_url="$KEYSTONE_SERVICE_URI_V3"
+    local group_id
     # Gets group id
-    local group_id=$(
+    group_id=$(
         # Creates new group with --or-show
         openstack --os-token=$OS_TOKEN --os-url=$os_url \
             --os-identity-api-version=3 group create $1 \
@@ -719,13 +721,14 @@ function get_or_create_group {
 # Gets or creates user
 # Usage: get_or_create_user    []
 function get_or_create_user {
+    local user_id
     if [[ ! -z "$4" ]]; then
         local email="--email=$4"
     else
         local email=""
     fi
     # Gets user id
-    local user_id=$(
+    user_id=$(
         # Creates new user with --or-show
         openstack user create \
             $1 \
@@ -743,7 +746,8 @@ function get_or_create_user {
 # Gets or creates project
 # Usage: get_or_create_project  
 function get_or_create_project {
-    local project_id=$(
+    local project_id
+    project_id=$(
         # Creates new project with --or-show
         openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
             --os-identity-api-version=3 \
@@ -757,7 +761,8 @@ function get_or_create_project {
 # Gets or creates role
 # Usage: get_or_create_role 
 function get_or_create_role {
-    local role_id=$(
+    local role_id
+    role_id=$(
         # Creates role with --or-show
         openstack role create $1 \
             --os-url=$KEYSTONE_SERVICE_URI_V3 \
@@ -770,8 +775,9 @@ function get_or_create_role {
 # Gets or adds user role to project
 # Usage: get_or_add_user_project_role   
 function get_or_add_user_project_role {
+    local user_role_id
     # Gets user role id
-    local user_role_id=$(openstack role list \
+    user_role_id=$(openstack role list \
         --user $2 \
         --os-url=$KEYSTONE_SERVICE_URI_V3 \
         --os-identity-api-version=3 \
@@ -795,8 +801,9 @@ function get_or_add_user_project_role {
 # Gets or adds group role to project
 # Usage: get_or_add_group_project_role   
 function get_or_add_group_project_role {
+    local group_role_id
     # Gets group role id
-    local group_role_id=$(openstack role list \
+    group_role_id=$(openstack role list \
         --os-url=$KEYSTONE_SERVICE_URI_V3 \
         --os-identity-api-version=3 \
         --group $2 \
@@ -822,8 +829,9 @@ function get_or_add_group_project_role {
 # Gets or creates service
 # Usage: get_or_create_service   
 function get_or_create_service {
+    local service_id
     # Gets service id
-    local service_id=$(
+    service_id=$(
         # Gets service id
         openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
@@ -841,7 +849,8 @@ function get_or_create_service {
 # Create an endpoint with a specific interface
 # Usage: _get_or_create_endpoint_with_interface    
 function _get_or_create_endpoint_with_interface {
-    local endpoint_id=$(openstack endpoint list \
+    local endpoint_id
+    endpoint_id=$(openstack endpoint list \
         --os-url $KEYSTONE_SERVICE_URI_V3 \
         --os-identity-api-version=3 \
         --service $1 \

From 2fa8944057787fc01e94f9f94a905cee9492edc5 Mon Sep 17 00:00:00 2001
From: Ken'ichi Ohmichi 
Date: Fri, 17 Jul 2015 03:08:55 +0000
Subject: [PATCH 0819/3421] Remove osapi_v3 configuration

Nova option osapi_v3 is used for Nova v2.1 API and the default value
was False(disabled). However Nova v2.1 API is CURRENT status and the
API should be enabled as the default as we discussed on
http://lists.openstack.org/pipermail/openstack-dev/2015-July/069624.html
We could not find it before because devstack makes it True, so this
patch removes it for avoiding confusion any more.

Change-Id: I4efd2036605a1a41ea297b44a5f31b2da7412593
Related-Bug: #1462901
Depends-on: I43f0352f9fa89401f79389a6dc1035d901f52ed2
---
 lib/nova | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index a6cd651a9c..6441a891eb 100644
--- a/lib/nova
+++ b/lib/nova
@@ -490,7 +490,6 @@ function create_nova_conf {
     iniset $NOVA_CONF database connection `database_connection_url nova`
     iniset $NOVA_CONF api_database connection `database_connection_url nova_api`
     iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x"
-    iniset $NOVA_CONF osapi_v3 enabled "True"
     iniset $NOVA_CONF DEFAULT osapi_compute_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
     iniset $NOVA_CONF DEFAULT ec2_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
     iniset $NOVA_CONF DEFAULT metadata_listen "$NOVA_SERVICE_LISTEN_ADDRESS"

From 92ad15251226dc8f19ad5f901c48f4eb8892f24e Mon Sep 17 00:00:00 2001
From: Rawlin Peters 
Date: Mon, 20 Jul 2015 13:33:33 -0600
Subject: [PATCH 0820/3421] Explicitly set bind_ip in Swift server config files

Currently, the Swift proxy, object, account, and container servers bind
to IPv4 address 0.0.0.0 by default. In the case of a user setting
SERVICE_IP_VERSION=6 in their local.conf file, these Swift servers still
listen on 0.0.0.0 instead of ::, which causes a ./stack.sh run to fail.

This change explicitly sets the bind_ip variable in the Swift server
config files so that the servers bind to either 0.0.0.0 (when
SERVICE_IP_VERSION != 6) or :: (when SERVICE_IP_VERSION == 6).

This patch is related to the following patch for devstack IPv6 support:
    https://review.openstack.org/#/c/192329

Change-Id: Ie268c6daf5374e67ef8710a731c3af50ffdb821e
---
 lib/swift | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/swift b/lib/swift
index 826f233414..96d730ef2c 100644
--- a/lib/swift
+++ b/lib/swift
@@ -46,6 +46,7 @@ SWIFT3_DIR=$DEST/swift3
 SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}
 SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
+SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 
 # TODO: add logging to different location.
 
@@ -361,6 +362,9 @@ function configure_swift {
     iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level
     iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT log_level DEBUG
 
+    iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_ip
+    iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
+
     iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port
     if is_service_enabled tls-proxy; then
         iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT_INT}
@@ -463,17 +467,23 @@ EOF
         local swift_node_config=${SWIFT_CONF_DIR}/object-server/${node_number}.conf
         cp ${SWIFT_DIR}/etc/object-server.conf-sample ${swift_node_config}
         generate_swift_config_services ${swift_node_config} ${node_number} $(( OBJECT_PORT_BASE + 10 * (node_number - 1) )) object
+        iniuncomment ${swift_node_config} DEFAULT bind_ip
+        iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
         iniset ${swift_node_config} filter:recon recon_cache_path  ${SWIFT_DATA_DIR}/cache
 
         swift_node_config=${SWIFT_CONF_DIR}/container-server/${node_number}.conf
         cp ${SWIFT_DIR}/etc/container-server.conf-sample ${swift_node_config}
         generate_swift_config_services ${swift_node_config} ${node_number} $(( CONTAINER_PORT_BASE + 10 * (node_number - 1) )) container
+        iniuncomment ${swift_node_config} DEFAULT bind_ip
+        iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
         iniuncomment ${swift_node_config} app:container-server allow_versions
         iniset ${swift_node_config} app:container-server allow_versions  "true"
 
         swift_node_config=${SWIFT_CONF_DIR}/account-server/${node_number}.conf
         cp ${SWIFT_DIR}/etc/account-server.conf-sample ${swift_node_config}
         generate_swift_config_services ${swift_node_config} ${node_number} $(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) )) account
+        iniuncomment ${swift_node_config} DEFAULT bind_ip
+        iniset ${swift_node_config} DEFAULT bind_ip ${SWIFT_SERVICE_LISTEN_ADDRESS}
     done
 
     # Set new accounts in tempauth to match keystone tenant/user (to make testing easier)

From 3756687d1777153e1d6fbf938a74470011aa7bef Mon Sep 17 00:00:00 2001
From: Pradeep Kilambi 
Date: Mon, 20 Jul 2015 16:16:31 -0400
Subject: [PATCH 0821/3421] Include meter.yaml when devstack sets up ceilometer

Partially Implements: blueprint declarative-notifications

Change-Id: Ia20f3558eb85b4e3478e33a9e54b7e696eb6c3fd
---
 lib/ceilometer | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ceilometer b/lib/ceilometer
index 7905384623..9226d85e20 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -211,6 +211,7 @@ function configure_ceilometer {
     cp $CEILOMETER_DIR/etc/ceilometer/event_pipeline.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/api_paste.ini $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/event_definitions.yaml $CEILOMETER_CONF_DIR
+    cp $CEILOMETER_DIR/etc/ceilometer/meters.yaml $CEILOMETER_CONF_DIR
 
     if [ "$CEILOMETER_PIPELINE_INTERVAL" ]; then
         sed -i "s/interval:.*/interval: ${CEILOMETER_PIPELINE_INTERVAL}/" $CEILOMETER_CONF_DIR/pipeline.yaml

From 0294ddc7352d5cf9ab0eca48a6cab3894aa866dc Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Tue, 21 Jul 2015 14:11:49 -0500
Subject: [PATCH 0822/3421] mysql: Fix mysql config

devstack attempts to set bind-address, sql_mode, default-storage-engine,
max_connections, query_cache_type and query_cache_size.

However the bash command is missing some '&&'s and was omiting
max_connections, query_cache_type and query_cache_size.

Change-Id: I24388b5de777995f92d73076524122cf599d6371
---
 lib/databases/mysql | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 9c9401edf6..fb55b60ff6 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -95,9 +95,9 @@ function configure_database_mysql {
     sudo bash -c "source $TOP_DIR/functions && \
         iniset $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" && \
         iniset $my_conf mysqld sql_mode STRICT_ALL_TABLES && \
-        iniset $my_conf mysqld default-storage-engine InnoDB \
-        iniset $my_conf mysqld max_connections 1024 \
-        iniset $my_conf mysqld query_cache_type OFF \
+        iniset $my_conf mysqld default-storage-engine InnoDB && \
+        iniset $my_conf mysqld max_connections 1024 && \
+        iniset $my_conf mysqld query_cache_type OFF && \
         iniset $my_conf mysqld query_cache_size 0"
 
 

From c1dded9b91ae46d339430efcc69b0d3a4882b88b Mon Sep 17 00:00:00 2001
From: Hiroshi Miura 
Date: Wed, 22 Jul 2015 12:18:35 +0900
Subject: [PATCH 0823/3421] fix typo in guide for nested kvm

Change-Id: Ie103a097830401248c75fcb16d4dd746bbbb7288
Signed-off-by: Hiroshi Miura 
---
 doc/source/guides/devstack-with-nested-kvm.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index b35492ea17..c652bacced 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -88,7 +88,7 @@ host:
     parm:           nested:int
 
 To make the above value persistent across reboots, add an entry in
-/etc/modprobe.ddist.conf so it looks as below::
+/etc/modprobe.d/dist.conf so it looks as below::
 
     cat /etc/modprobe.d/dist.conf
     options kvm-amd nested=y

From 92884ede5d20a399186c61cf5e003da61838eec4 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 22 Jul 2015 12:16:45 +1000
Subject: [PATCH 0824/3421] ini-config : always reenable xtrace on return

These return paths doesn't renable xtrace, so output mysteriously goes
missing until the next time it is enabled.

Change-Id: I3a8018dfa9397c07534970c39fba8dc10afcbe41
---
 inc/ini-config | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/inc/ini-config b/inc/ini-config
index 26401f3917..8e7c0187ae 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -104,7 +104,10 @@ function iniadd_literal {
     local option=$3
     local value=$4
 
-    [[ -z $section || -z $option ]] && return
+    if [[ -z $section || -z $option ]]; then
+        $xtrace
+        return
+    fi
 
     # Add it
     sed -i -e "/^\[$section\]/ a\\
@@ -123,7 +126,10 @@ function inidelete {
     local section=$2
     local option=$3
 
-    [[ -z $section || -z $option ]] && return
+    if [[ -z $section || -z $option ]]; then
+        $xtrace
+        return
+    fi
 
     # Remove old values
     sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
@@ -141,7 +147,10 @@ function iniset {
     local option=$3
     local value=$4
 
-    [[ -z $section || -z $option ]] && return
+    if [[ -z $section || -z $option ]]; then
+        $xtrace
+        return
+    fi
 
     if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
         # Add section at the end

From b997db602e15b60c68c0f7a99db74b5d2419a85c Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 22 Jul 2015 10:05:32 +1000
Subject: [PATCH 0825/3421] Cleanup of ini test-case

Various cleanup to this file.

Firstly create a temporary space to test, rather than working in the
source directory.

We have "assert_equal" which simplifies a lot.  Add "assert_empty"
that is used in a couple of tests too.  Remove a couple of duplicate
tests.

Change-Id: I7fd476ed63026e67d66a8ac2891b2e4a6687d09c
---
 tests/test_ini_config.sh | 234 +++++++++++----------------------------
 tests/unittest.sh        |  23 +++-
 2 files changed, 87 insertions(+), 170 deletions(-)

diff --git a/tests/test_ini_config.sh b/tests/test_ini_config.sh
index b2529ac4c9..3aef6f39bd 100755
--- a/tests/test_ini_config.sh
+++ b/tests/test_ini_config.sh
@@ -13,7 +13,13 @@ set -e
 
 echo "Testing INI functions"
 
-cat >test.ini <${TEST_INI} <
Date: Wed, 22 Jul 2015 10:34:47 +1000
Subject: [PATCH 0826/3421] Add -sudo option to ini setting options

Add a -sudo option to allow these functions to operate on root-owned
files.  Test-case is updated, but not enabled by default as we can't
expect test-runner to have sudo access.

Change-Id: I134c3397314c7d9395996eb6c825ecb7e7fdfc69
---
 inc/ini-config           | 69 ++++++++++++++++++++++++++++++----------
 tests/test_ini_config.sh | 36 +++++++++++++--------
 2 files changed, 74 insertions(+), 31 deletions(-)

diff --git a/inc/ini-config b/inc/ini-config
index 8e7c0187ae..d23f4743f1 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -15,30 +15,40 @@ set +o xtrace
 # ================
 
 # Append a new option in an ini file without replacing the old value
-# iniadd config-file section option value1 value2 value3 ...
+# iniadd [-sudo] config-file section option value1 value2 value3 ...
 function iniadd {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="-sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
     shift 3
 
     local values="$(iniget_multiline $file $section $option) $@"
-    iniset_multiline $file $section $option $values
+    iniset_multiline $sudo $file $section $option $values
     $xtrace
 }
 
 # Comment an option in an INI file
-# inicomment config-file section option
+# inicomment [-sudo] config-file section option
 function inicomment {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
 
-    sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file"
+    $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file"
     $xtrace
 }
 
@@ -95,10 +105,15 @@ function ini_has_option {
 # in the argument list. Doing that will cause incorrect configuration
 # if spaces are used in the config values.
 #
-# iniadd_literal config-file section option value
+# iniadd_literal [-sudo] config-file section option value
 function iniadd_literal {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
@@ -110,7 +125,7 @@ function iniadd_literal {
     fi
 
     # Add it
-    sed -i -e "/^\[$section\]/ a\\
+    $sudo sed -i -e "/^\[$section\]/ a\\
 $option = $value
 " "$file"
 
@@ -118,10 +133,15 @@ $option = $value
 }
 
 # Remove an option from an INI file
-# inidelete config-file section option
+# inidelete [-sudo] config-file section option
 function inidelete {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
@@ -132,16 +152,21 @@ function inidelete {
     fi
 
     # Remove old values
-    sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+    $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
 
     $xtrace
 }
 
 # Set an option in an INI file
-# iniset config-file section option value
+# iniset [-sudo] config-file section option value
 function iniset {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
@@ -154,26 +179,31 @@ function iniset {
 
     if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
         # Add section at the end
-        echo -e "\n[$section]" >>"$file"
+        echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null
     fi
     if ! ini_has_option "$file" "$section" "$option"; then
         # Add it
-        sed -i -e "/^\[$section\]/ a\\
+        $sudo sed -i -e "/^\[$section\]/ a\\
 $option = $value
 " "$file"
     else
         local sep=$(echo -ne "\x01")
         # Replace it
-        sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
+        $sudo sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
     fi
     $xtrace
 }
 
 # Set a multiple line option in an INI file
-# iniset_multiline config-file section option value1 value2 valu3 ...
+# iniset_multiline [-sudo] config-file section option value1 value2 valu3 ...
 function iniset_multiline {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
@@ -188,14 +218,14 @@ function iniset_multiline {
     done
     if ! grep -q "^\[$section\]" "$file"; then
         # Add section at the end
-        echo -e "\n[$section]" >>"$file"
+        echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null
     else
         # Remove old values
-        sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+        $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
     fi
     # Add new ones
     for v in $values; do
-        sed -i -e "/^\[$section\]/ a\\
+        $sudo sed -i -e "/^\[$section\]/ a\\
 $option = $v
 " "$file"
     done
@@ -207,10 +237,15 @@ $option = $v
 function iniuncomment {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
+    local sudo=""
+    if [ $1 == "-sudo" ]; then
+        sudo="sudo "
+        shift
+    fi
     local file=$1
     local section=$2
     local option=$3
-    sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file"
+    $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file"
     $xtrace
 }
 
diff --git a/tests/test_ini_config.sh b/tests/test_ini_config.sh
index 3aef6f39bd..61f2c410f9 100755
--- a/tests/test_ini_config.sh
+++ b/tests/test_ini_config.sh
@@ -71,15 +71,23 @@ b=d
 
 EOF
 
-# Test with missing arguments
+# set TEST_SUDO to test writing to root-owned files
+SUDO_ARG=""
+SUDO=""
+if [ -n "$TEST_SUDO" ]; then
+    SUDO="sudo "
+    SUDO_ARG="-sudo "
+    sudo chown -R root:root ${INI_TMP_ETC_DIR}
+fi
 
+# Test with missing arguments
 BEFORE=$(cat ${TEST_INI})
 
-iniset ${TEST_INI} aaa
+iniset ${SUDO_ARG} ${TEST_INI} aaa
 NO_ATTRIBUTE=$(cat ${TEST_INI})
 assert_equal "$BEFORE" "$NO_ATTRIBUTE" "test missing attribute argument"
 
-iniset ${TEST_INI}
+iniset ${SUDO_ARG} ${TEST_INI}
 NO_SECTION=$(cat ${TEST_INI})
 assert_equal "$BEFORE" "$NO_SECTION" "missing section argument"
 
@@ -87,7 +95,7 @@ assert_equal "$BEFORE" "$NO_SECTION" "missing section argument"
 VAL=$(iniget ${TEST_INI} aaa handlers)
 assert_equal "$VAL" "aa, bb" "iniget spaces in option"
 
-iniset ${TEST_INI} aaa handlers "11, 22"
+iniset ${SUDO_ARG} ${TEST_INI} aaa handlers "11, 22"
 VAL=$(iniget ${TEST_INI} aaa handlers)
 assert_equal "$VAL" "11, 22" "iniset spaces in option"
 
@@ -95,7 +103,7 @@ assert_equal "$VAL" "11, 22" "iniset spaces in option"
 VAL=$(iniget ${TEST_INI} " ccc " spaces)
 assert_equal "$VAL" "yes" "iniget with section header space"
 
-iniset ${TEST_INI} "b b" opt_ion 42
+iniset ${SUDO_ARG} ${TEST_INI} "b b" opt_ion 42
 VAL=$(iniget ${TEST_INI} "b b" opt_ion)
 assert_equal "$VAL" "42" "iniset with section header space"
 
@@ -103,7 +111,7 @@ assert_equal "$VAL" "42" "iniset with section header space"
 VAL=$(iniget ${TEST_INI} bbb handlers)
 assert_equal "$VAL" "ee,ff" "iniget at EOF"
 
-iniset ${TEST_INI} bbb handlers "33,44"
+iniset ${SUDO_ARG} ${TEST_INI} bbb handlers "33,44"
 VAL=$(iniget ${TEST_INI} bbb handlers)
 assert_equal "$VAL" "33,44" "inset at EOF"
 
@@ -122,12 +130,12 @@ else
 fi
 
 # test changing empty option
-iniset ${TEST_INI} ddd empty "42"
+iniset ${SUDO_ARG} ${TEST_INI} ddd empty "42"
 VAL=$(iniget ${TEST_INI} ddd empty)
 assert_equal "$VAL" "42" "change empty option"
 
 # test pipe in option
-iniset ${TEST_INI} aaa handlers "a|b"
+iniset ${SUDO_ARG} ${TEST_INI} aaa handlers "a|b"
 VAL=$(iniget ${TEST_INI} aaa handlers)
 assert_equal "$VAL" "a|b" "pipe in option"
 
@@ -146,23 +154,23 @@ else
 fi
 
 # Test comments
-inicomment ${TEST_INI} aaa handlers
+inicomment ${SUDO_ARG} ${TEST_INI} aaa handlers
 VAL=$(iniget ${TEST_INI} aaa handlers)
 assert_empty VAL "test inicomment"
 
 # Test multiple line iniset/iniget
-iniset_multiline ${TEST_INI} eee multi bar1 bar2
+iniset_multiline ${SUDO_ARG} ${TEST_INI} eee multi bar1 bar2
 
 VAL=$(iniget_multiline ${TEST_INI} eee multi)
 assert_equal "$VAL" "bar1 bar2" "iniget_multiline"
 
 # Test iniadd with exiting values
-iniadd ${TEST_INI} eee multi bar3
+iniadd ${SUDO_ARG} ${TEST_INI} eee multi bar3
 VAL=$(iniget_multiline ${TEST_INI} eee multi)
 assert_equal "$VAL" "bar1 bar2 bar3" "iniadd with existing values"
 
 # Test iniadd with non-exiting values
-iniadd ${TEST_INI} eee non-multi foobar1 foobar2
+iniadd ${SUDO_ARG} ${TEST_INI} eee non-multi foobar1 foobar2
 VAL=$(iniget_multiline ${TEST_INI} eee non-multi)
 assert_equal "$VAL" "foobar1 foobar2" "iniadd non-existing values"
 
@@ -176,7 +184,7 @@ del_cases="
     del_no_section"
 
 for x in $del_cases; do
-    inidelete ${TEST_INI} $x a
+    inidelete ${SUDO_ARG} ${TEST_INI} $x a
     VAL=$(iniget_multiline ${TEST_INI} $x a)
     assert_empty VAL "inidelete $x"
     if [ "$x" = "del_separate_options" -o \
@@ -191,6 +199,6 @@ for x in $del_cases; do
     fi
 done
 
-rm -rf ${INI_TMP_DIR}
+$SUDO rm -rf ${INI_TMP_DIR}
 
 report_results

From cede78748291a8b5ae0dd0dc34c95da4a72fb3ea Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 22 Jul 2015 13:36:12 +1000
Subject: [PATCH 0827/3421] Add file creation test

Ensure that iniadd is creating files that don't exist, as it has
historically done.

Change-Id: I2798996f3d46ff1dce410b815a87395f1bf729f9
---
 inc/ini-config           | 1 +
 tests/test_ini_config.sh | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/inc/ini-config b/inc/ini-config
index d23f4743f1..58386e2441 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -159,6 +159,7 @@ function inidelete {
 
 # Set an option in an INI file
 # iniset [-sudo] config-file section option value
+#  - if the file does not exist, it is created
 function iniset {
     local xtrace=$(set +o | grep xtrace)
     set +o xtrace
diff --git a/tests/test_ini_config.sh b/tests/test_ini_config.sh
index 61f2c410f9..d9cb8d8a99 100755
--- a/tests/test_ini_config.sh
+++ b/tests/test_ini_config.sh
@@ -199,6 +199,11 @@ for x in $del_cases; do
     fi
 done
 
+# test file-creation
+iniset $SUDO_ARG ${INI_TMP_ETC_DIR}/test.new.ini test foo bar
+VAL=$(iniget ${INI_TMP_ETC_DIR}/test.new.ini test foo)
+assert_equal "$VAL" "bar" "iniset created file"
+
 $SUDO rm -rf ${INI_TMP_DIR}
 
 report_results

From ff70dad892a89cc4cb09aebfcf72e2de5ab7d556 Mon Sep 17 00:00:00 2001
From: Jens Rosenboom 
Date: Wed, 1 Jul 2015 15:22:53 +0200
Subject: [PATCH 0828/3421] Make image_list.sh independent of host IP address

We do not need the HOST_IP to be detected in order to be able to list
our images. So just set that to some dummy value before sourcing
functions.

This will allow tools like disk-image-builder to work regardless of
whether get_default_host_ip succeeds or not.

Change-Id: I9c22d2066e34309e70e56076e3d17c5db6ecee06
---
 tools/image_list.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/image_list.sh b/tools/image_list.sh
index a27635effd..27b3d4612d 100755
--- a/tools/image_list.sh
+++ b/tools/image_list.sh
@@ -3,6 +3,12 @@
 # Keep track of the DevStack directory
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 
+# The following "source" implicitly calls get_default_host_ip() in
+# stackrc and will die if the selected default IP happens to lie
+# in the default ranges for FIXED_RANGE or FLOATING_RANGE. Since we
+# do not really need HOST_IP to be properly set in the remainder of
+# this script, just set it to some dummy value and make stackrc happy.
+HOST_IP=SKIP
 source $TOP_DIR/functions
 
 # Possible virt drivers, if we have more, add them here. Always keep

From 22cf648cf64029b6ba34a77aadd43b356acd53e7 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Thu, 23 Jul 2015 18:13:55 +0900
Subject: [PATCH 0829/3421] Remove restraint on agent file from ml2 plugin

Ml2 plugin always needs agent file even if the agent is out of tree.
This patch removes the restraint and ofagent_agent.

Change-Id: I12de58e13da1fd162ad8b632d895779ae7560c3c
Closes-Bug: #1477459
---
 lib/neutron_plugins/ml2           | 4 +++-
 lib/neutron_plugins/ofagent_agent | 4 ----
 2 files changed, 3 insertions(+), 5 deletions(-)
 delete mode 100644 lib/neutron_plugins/ofagent_agent

diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 13ffee9b5b..ace5335a78 100755
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -19,7 +19,9 @@ fi
 
 # Default openvswitch L2 agent
 Q_AGENT=${Q_AGENT:-openvswitch}
-source $TOP_DIR/lib/neutron_plugins/${Q_AGENT}_agent
+if [ -f $TOP_DIR/lib/neutron_plugins/${Q_AGENT}_agent ]; then
+    source $TOP_DIR/lib/neutron_plugins/${Q_AGENT}_agent
+fi
 
 # List of MechanismDrivers to load
 Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-openvswitch,linuxbridge}
diff --git a/lib/neutron_plugins/ofagent_agent b/lib/neutron_plugins/ofagent_agent
deleted file mode 100644
index 0bc9bffb55..0000000000
--- a/lib/neutron_plugins/ofagent_agent
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# REVISIT(yamamoto): This file is intentionally left empty
-# in order to keep Q_AGENT=ofagent_agent work.

From 1c506c5c3422b80ca01903f929b47011a4f969e1 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Fri, 24 Jul 2015 10:42:13 +0900
Subject: [PATCH 0830/3421] Remove unused variable

Change-Id: Ib3b50c0e34403311b529e116f39bf82dd03dca0e
---
 lib/neutron-legacy | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 2c9dd1aa7d..4069439183 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -999,7 +999,6 @@ function _configure_neutron_dhcp_agent {
 }
 
 function _configure_neutron_l3_agent {
-    local cfg_file
     Q_L3_ENABLED=True
     # for l3-agent, only use per tenant router if we have namespaces
     Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE

From eef5d8590f560e4dd2be21942086e1e8b1223de4 Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk 
Date: Fri, 24 Jul 2015 10:55:42 +0200
Subject: [PATCH 0831/3421] Adds two new configuration files

Ceilometer introduces two new configuration files

This change adds them.

Change-Id: I4da44f09eb0a839f36fef513aec41d9b1564155d
Depends-On: I5a202c30614d06821063e243d4e2330736aba5fd
---
 lib/ceilometer | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/ceilometer b/lib/ceilometer
index 9226d85e20..ce93ebdc4f 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -212,6 +212,8 @@ function configure_ceilometer {
     cp $CEILOMETER_DIR/etc/ceilometer/api_paste.ini $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/event_definitions.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/meters.yaml $CEILOMETER_CONF_DIR
+    cp $CEILOMETER_DIR/etc/ceilometer/gnocchi_archive_policy_map.yaml $CEILOMETER_CONF_DIR
+    cp $CEILOMETER_DIR/etc/ceilometer/gnocchi_resources.yaml $CEILOMETER_CONF_DIR
 
     if [ "$CEILOMETER_PIPELINE_INTERVAL" ]; then
         sed -i "s/interval:.*/interval: ${CEILOMETER_PIPELINE_INTERVAL}/" $CEILOMETER_CONF_DIR/pipeline.yaml

From aa81e2ea73cf46ab4e220a66959d19529f7bfeac Mon Sep 17 00:00:00 2001
From: Stanislaw Szydlo 
Date: Mon, 27 Jul 2015 10:54:44 +0200
Subject: [PATCH 0832/3421] Fix errors in tools/ping_neutron.sh

Due to errors in tools/ping_neutron.sh, exercise neutron-adv-test.sh
fails. Faults were: 'neutron net-list' took too much arguments and
variable REMAINING_ARGS was mistyped.

Change-Id: I681328bfb1e4445543ef9d94e3b3824dbc9c8346
Closes-Bug: #1478021
---
 tools/ping_neutron.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/ping_neutron.sh b/tools/ping_neutron.sh
index d36b7f60c8..dba7502652 100755
--- a/tools/ping_neutron.sh
+++ b/tools/ping_neutron.sh
@@ -51,15 +51,15 @@ if [[ -z "$NET_NAME" ]]; then
     usage
 fi
 
-REMANING_ARGS="${@:2}"
+REMAINING_ARGS="${@:2}"
 
 # BUG: with duplicate network names, this fails pretty hard.
-NET_ID=$(neutron net-list $NET_NAME | grep "$NET_NAME" | awk '{print $2}')
+NET_ID=$(neutron net-list | grep "$NET_NAME" | awk '{print $2}')
 PROBE_ID=$(neutron-debug probe-list -c id -c network_id | grep "$NET_ID" | awk '{print $2}' | head -n 1)
 
 # This runs a command inside the specific netns
 NET_NS_CMD="ip netns exec qprobe-$PROBE_ID"
 
-PING_CMD="sudo $NET_NS_CMD ping $REMAING_ARGS"
+PING_CMD="sudo $NET_NS_CMD ping $REMAINING_ARGS"
 echo "Running $PING_CMD"
 $PING_CMD

From 20401434091e6083c85f7269cd4e7cf44e5713b4 Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Mon, 27 Jul 2015 20:42:44 +0900
Subject: [PATCH 0833/3421] Fix four typos on devstack documentation

behaviour => behavior
mechansim => mechanism
glustfs => glusterfs
pluggin => plugin

Change-Id: I3de6740e5d4b2b55009614007767458124036b75
Closes-Bug: #1478538
---
 HACKING.rst            | 2 +-
 doc/source/plugins.rst | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/HACKING.rst b/HACKING.rst
index a40af54b45..6bd24b0174 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -355,7 +355,7 @@ your change
 
 * **Should this be upstream** -- DevStack generally does not override
   default choices provided by projects and attempts to not
-  unexpectedly modify behaviour.
+  unexpectedly modify behavior.
 
 * **Context in commit messages** -- DevStack touches many different
   areas and reviewers need context around changes to make good
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 1b6f5e36ed..803dd08a48 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -15,7 +15,7 @@ evolves.
 Plugin Interface
 ================
 
-DevStack supports a standard mechansim for including plugins from
+DevStack supports a standard mechanism for including plugins from
 external repositories. The plugin interface assumes the following:
 
 An external git repository that includes a ``devstack/`` top level
@@ -49,7 +49,7 @@ They are added in the following format::
   [[local|localrc]]
   enable_plugin   [GITREF]
 
-- ``name`` - an arbitrary name. (ex: glustfs, docker, zaqar, congress)
+- ``name`` - an arbitrary name. (ex: glusterfs, docker, zaqar, congress)
 - ``giturl`` - a valid git url that can be cloned
 - ``gitref`` - an optional git ref (branch / ref / tag) that will be
   cloned. Defaults to master.
@@ -209,7 +209,7 @@ enough to be an issue).
 
 Ideally a plugin will be included within the ``devstack`` directory of
 the project they are being tested. For example, the stackforge/ec2-api
-project has its pluggin support in its own tree.
+project has its plugin support in its own tree.
 
 However, some times a DevStack plugin might be used solely to
 configure a backend service that will be used by the rest of

From 089f044cbee4be1d2e1c3ad943c20eec33df736f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= 
Date: Fri, 24 Jul 2015 17:07:07 +0200
Subject: [PATCH 0834/3421] update cinder's key permission to allow nova
 snapshots
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Preparing the field for this patch:
https://review.openstack.org/#/c/205282/2

The client.cinder key needs to have write permission to the glance pool
in order to complete the snapshot process.

Change-Id: I90c6aa056b99944aa558783f3f81d06f918f3e26
Signed-off-by: Sébastien Han 
---
 lib/ceph | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ceph b/lib/ceph
index 6cf481e530..aeb7191512 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -295,7 +295,7 @@ function configure_ceph_nova {
     iniset $NOVA_CONF libvirt images_rbd_ceph_conf ${CEPH_CONF_FILE}
 
     if ! is_service_enabled cinder; then
-        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring > /dev/null
+        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring > /dev/null
         sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
     fi
 }

From 64ab8d122893d4ab1e135e82dab17f14cc74c33c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= 
Date: Mon, 27 Jul 2015 14:29:57 +0200
Subject: [PATCH 0835/3421] Re-enable direct URL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This parameter is needed in order to test the copy on write cloning
functionnality.

Change-Id: Ie8179a68827acba2dd8614ea9c6cecf2ddb20e29
Signed-off-by: Sébastien Han 
---
 lib/ceph | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ceph b/lib/ceph
index 6cf481e530..f09252ff5d 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -267,6 +267,7 @@ function configure_ceph_glance {
     sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
     sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
 
+    iniset $GLANCE_API_CONF DEFAULT show_image_direct_url True
     iniset $GLANCE_API_CONF glance_store default_store rbd
     iniset $GLANCE_API_CONF glance_store stores "file, http, rbd"
     iniset $GLANCE_API_CONF glance_store rbd_store_ceph_conf $CEPH_CONF_FILE

From ac9313e5a5af9e350d66c0ae628ca900c4cfc218 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 27 Jul 2015 13:33:30 -0400
Subject: [PATCH 0836/3421] add -n --name flag to worlddump

We're worlddumping at success points in grenade, and it would be much
handier to explain when that happens via a symbolic name in the
filename. Add a --name option to worlddump to allow it.

Change-Id: I644200fe08e404dc7ca2006478ae4e11ca020672
---
 tools/worlddump.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index e4ba02b51c..926b4a1873 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -31,12 +31,19 @@ def get_options():
     parser.add_argument('-d', '--dir',
                         default='.',
                         help='Output directory for worlddump')
+    parser.add_argument('-n', '--name',
+                        default='',
+                        help='Additional name to tag into file')
     return parser.parse_args()
 
 
-def filename(dirname):
+def filename(dirname, name=""):
     now = datetime.datetime.utcnow()
-    return os.path.join(dirname, now.strftime("worlddump-%Y-%m-%d-%H%M%S.txt"))
+    fmt = "worlddump-%Y-%m-%d-%H%M%S"
+    if name:
+        fmt += "-" + name
+    fmt += ".txt"
+    return os.path.join(dirname, now.strftime(fmt))
 
 
 def warn(msg):
@@ -125,7 +132,7 @@ def guru_meditation_report():
 
 def main():
     opts = get_options()
-    fname = filename(opts.dir)
+    fname = filename(opts.dir, opts.name)
     print "World dumping... see %s for details" % fname
     sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0)
     with open(fname, 'w') as f:

From dd07c484e474f3e9410c558c8fb3103233facd3e Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 27 Jul 2015 13:10:44 -0400
Subject: [PATCH 0837/3421] line wrapping for longer ceph commands

Some of the ceph commands had gotten quite long, so reviewing them in
gerrit is a bit problematic. Do some line wrapping just to bring these
back to a bit more managable state.

Change-Id: Ice5122702f2466d059dd275b038d5ff983bcda44
---
 lib/ceph | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/lib/ceph b/lib/ceph
index aeb7191512..b05e6e818c 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -176,7 +176,9 @@ function configure_ceph {
     sudo mkdir -p ${CEPH_DATA_DIR}/{bootstrap-mds,bootstrap-osd,mds,mon,osd,tmp}
 
     # create ceph monitor initial key and directory
-    sudo ceph-authtool /var/lib/ceph/tmp/keyring.mon.$(hostname) --create-keyring --name=mon. --add-key=$(ceph-authtool --gen-print-key) --cap mon 'allow *'
+    sudo ceph-authtool /var/lib/ceph/tmp/keyring.mon.$(hostname) \
+        --create-keyring --name=mon. --add-key=$(ceph-authtool --gen-print-key) \
+        --cap mon 'allow *'
     sudo mkdir /var/lib/ceph/mon/ceph-$(hostname)
 
     # create a default ceph configuration file
@@ -194,12 +196,14 @@ osd journal size = 100
 EOF
 
     # bootstrap the ceph monitor
-    sudo ceph-mon -c ${CEPH_CONF_FILE} --mkfs -i $(hostname) --keyring /var/lib/ceph/tmp/keyring.mon.$(hostname)
+    sudo ceph-mon -c ${CEPH_CONF_FILE} --mkfs -i $(hostname) \
+        --keyring /var/lib/ceph/tmp/keyring.mon.$(hostname)
+
     if is_ubuntu; then
-    sudo touch /var/lib/ceph/mon/ceph-$(hostname)/upstart
+        sudo touch /var/lib/ceph/mon/ceph-$(hostname)/upstart
         sudo initctl emit ceph-mon id=$(hostname)
     else
-    sudo touch /var/lib/ceph/mon/ceph-$(hostname)/sysvinit
+        sudo touch /var/lib/ceph/mon/ceph-$(hostname)/sysvinit
         sudo service ceph start mon.$(hostname)
     fi
 
@@ -240,7 +244,9 @@ EOF
         OSD_ID=$(sudo ceph -c ${CEPH_CONF_FILE} osd create)
         sudo mkdir -p ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}
         sudo ceph-osd -c ${CEPH_CONF_FILE} -i ${OSD_ID} --mkfs
-        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create osd.${OSD_ID} mon 'allow profile osd ' osd 'allow *' | sudo tee ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/keyring
+        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create osd.${OSD_ID} \
+            mon 'allow profile osd ' osd 'allow *' | \
+            sudo tee ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/keyring
 
         # ceph's init script is parsing ${CEPH_DATA_DIR}/osd/ceph-${OSD_ID}/ and looking for a file
         # 'upstart' or 'sysinitv', thanks to these 'touches' we are able to control OSDs daemons
@@ -264,7 +270,10 @@ function configure_ceph_embedded_glance {
 # configure_ceph_glance() - Glance config needs to come after Glance is set up
 function configure_ceph_glance {
     sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${GLANCE_CEPH_POOL} ${GLANCE_CEPH_POOL_PG} ${GLANCE_CEPH_POOL_PGP}
-    sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
+    sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${GLANCE_CEPH_USER} \
+        mon "allow r" \
+        osd "allow class-read object_prefix rbd_children, allow rwx pool=${GLANCE_CEPH_POOL}" | \
+        sudo tee ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
     sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${GLANCE_CEPH_USER}.keyring
 
     iniset $GLANCE_API_CONF glance_store default_store rbd
@@ -295,7 +304,10 @@ function configure_ceph_nova {
     iniset $NOVA_CONF libvirt images_rbd_ceph_conf ${CEPH_CONF_FILE}
 
     if ! is_service_enabled cinder; then
-        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rwx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring > /dev/null
+        sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} \
+            mon "allow r" \
+            osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rwx pool=${GLANCE_CEPH_POOL}" | \
+            sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring > /dev/null
         sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
     fi
 }
@@ -311,7 +323,10 @@ function configure_ceph_embedded_cinder {
 # configure_ceph_cinder() - Cinder config needs to come after Cinder is set up
 function configure_ceph_cinder {
     sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_CEPH_POOL} ${CINDER_CEPH_POOL_PG} ${CINDER_CEPH_POOL_PGP}
-    sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rx pool=${GLANCE_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
+    sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} \
+        mon "allow r" \
+        osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rx pool=${GLANCE_CEPH_POOL}" | \
+        sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
     sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
 }
 

From 961643e404919e0fa3b90f7620a4daccc962e6a3 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Fri, 31 Jul 2015 13:45:27 +0900
Subject: [PATCH 0838/3421] configuration.rst: Document post-extra meta section
 phase

Change-Id: I81d121424057fd79c1a0a65d420df3ee1badb6f3
---
 doc/source/configuration.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 6052576e98..96f91ec774 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -56,6 +56,7 @@ The defined phases are:
    before they are started
 -  **extra** - runs after services are started and before any files in
    ``extra.d`` are executed
+-  **post-extra** - runs after files in ``extra.d`` are executed
 
 The file is processed strictly in sequence; meta-sections may be
 specified more than once but if any settings are duplicated the last to

From 93c10571e8b1b2c8e6916c759d5b92ab379c037f Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Fri, 31 Jul 2015 10:38:50 -0400
Subject: [PATCH 0839/3421] Stop relying on the tempest sample config file

This commit stops using the sample config file as the base for tempest
configuration. The sample config isn't actually needed as a based for
configuration because all the options are commented out so from the
perspective of the config parser it's a blank file.

There are 2 reasons for making this change, first using the sample
like this creates a hard dependency on tempest having a sample config
file in tree. This is something that the project wants to change since
keeping the file in sync causes headaches because of new oslo
releases. The second aspect is that it makes the generated output
difficult to read. It includes *every* option and it's description in
the generated output which makes finding where devstack is actually
setting something more difficult to find.

Change-Id: I4064a041a965ed2419b68efc8dc31fce37b24cfd
---
 lib/tempest | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 68ddd44105..ebed5ae98f 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -167,10 +167,10 @@ function configure_tempest {
         esac
     fi
 
-    # Create ``tempest.conf`` from ``tempest.conf.sample``
-    # Copy every time because the image UUIDS are going to change
+    # (Re)create ``tempest.conf``
+    # Create every time because the image UUIDS are going to change
     sudo install -d -o $STACK_USER $TEMPEST_CONFIG_DIR
-    install -m 644 $TEMPEST_DIR/etc/tempest.conf.sample $TEMPEST_CONFIG
+    rm -f $TEMPEST_CONFIG
 
     password=${ADMIN_PASSWORD:-secrete}
 

From d73df506f29854997f3b74f1b60968535923316b Mon Sep 17 00:00:00 2001
From: Pradeep Kilambi 
Date: Fri, 31 Jul 2015 11:07:31 -0400
Subject: [PATCH 0840/3421] Remove the old meter.yaml path from devstack

This will let us defauilt to the path within the code,
we can add the right path in once we have the file in
the codebase.

Change-Id: I9de94c5ac6349c3b46adbacb77fc877b5201285c
---
 lib/ceilometer | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index ce93ebdc4f..3df75b7300 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -211,7 +211,6 @@ function configure_ceilometer {
     cp $CEILOMETER_DIR/etc/ceilometer/event_pipeline.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/api_paste.ini $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/event_definitions.yaml $CEILOMETER_CONF_DIR
-    cp $CEILOMETER_DIR/etc/ceilometer/meters.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/gnocchi_archive_policy_map.yaml $CEILOMETER_CONF_DIR
     cp $CEILOMETER_DIR/etc/ceilometer/gnocchi_resources.yaml $CEILOMETER_CONF_DIR
 

From e97cb825d2800d34d1fe6eceae85a3a7f84549d1 Mon Sep 17 00:00:00 2001
From: Nicolas Simonds 
Date: Tue, 28 Jul 2015 11:46:46 -0700
Subject: [PATCH 0841/3421] update cinder's key permission to allow nova
 snapshots

Preparing the field for this patch:

https://review.openstack.org/205282

The client.cinder key needs to have write permission to the glance pool
in order to complete the snapshot process.

Change-Id: I98f16167db864ffd14e8c3dd5dec81fc16245448
---
 lib/ceph | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ceph b/lib/ceph
index 6af4b3a139..8e34aa49a4 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -326,7 +326,7 @@ function configure_ceph_cinder {
     sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_CEPH_POOL} ${CINDER_CEPH_POOL_PG} ${CINDER_CEPH_POOL_PGP}
     sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_CEPH_USER} \
         mon "allow r" \
-        osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rx pool=${GLANCE_CEPH_POOL}" | \
+        osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_CEPH_POOL}, allow rwx pool=${NOVA_CEPH_POOL},allow rwx pool=${GLANCE_CEPH_POOL}" | \
         sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
     sudo chown ${STACK_USER}:$(id -g -n $whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_CEPH_USER}.keyring
 }

From 57aafb5a9ad20e19e2c248a8e853a32d5b719c03 Mon Sep 17 00:00:00 2001
From: Clark Boylan 
Date: Fri, 31 Jul 2015 12:22:44 -0700
Subject: [PATCH 0842/3421] Clone reqs repo prior to using pip constraints

We pull the pip constraints from the requirements repo so need to clone
that repo prior to using the constraints. In fixup_stuff.sh devstack
attempts to install packages like prettytable using the constraints. It
is also possible to need constraints before fixup_stuff.sh if tracking
depends. To deal with this clone requirements repo before any possible
use of constraints in pip_install.

Change-Id: I42e981c8c5ce1b8a57b9f6cce213065c72d6af11
---
 lib/infra | 2 --
 stack.sh  | 5 +++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/infra b/lib/infra
index 3d68e45bd9..eb8000e8d3 100644
--- a/lib/infra
+++ b/lib/infra
@@ -30,8 +30,6 @@ REQUIREMENTS_DIR=$DEST/requirements
 # install_infra() - Collect source and prepare
 function install_infra {
     local PIP_VIRTUAL_ENV="$REQUIREMENTS_DIR/.venv"
-    # bring down global requirements
-    git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
     [ ! -d $PIP_VIRTUAL_ENV ] && virtualenv $PIP_VIRTUAL_ENV
     # We don't care about testing git pbr in the requirements venv.
     PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
diff --git a/stack.sh b/stack.sh
index cc8bc8c88f..2288af57a4 100755
--- a/stack.sh
+++ b/stack.sh
@@ -698,6 +698,11 @@ fi
 
 TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 
+# Bring down global requirements before any use of pip_install. This is
+# necessary to ensure that the constraints file is in place before we
+# attempt to apply any constraints to pip installs.
+git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
+
 # Install Python packages into a virtualenv so that we can track them
 if [[ $TRACK_DEPENDS = True ]]; then
     echo_summary "Installing Python packages into a virtualenv $DEST/.venv"

From 994db6173861a8c6f8c73d59cdf85cd28463ab31 Mon Sep 17 00:00:00 2001
From: lanoux 
Date: Mon, 3 Aug 2015 13:48:12 +0000
Subject: [PATCH 0843/3421] Add tempest run_validation option

This change adds the tempest run_validation option to run
tests with ssh connection in the gate.

Change-Id: I140f79b06d2e85c1d5d07fa5f117d4f8b250fa3d
---
 lib/tempest | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 68ddd44105..a534530b05 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -457,6 +457,9 @@ function configure_tempest {
     fi
     iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions
 
+    # Validation
+    iniset $TEMPEST_CONFIG validation run_validation ${TEMPEST_RUN_VALIDATION:-False}
+
     # Volume
     # TODO(dkranz): Remove the bootable flag when Juno is end of life.
     iniset $TEMPEST_CONFIG volume-feature-enabled bootable True

From a6db5e30cc53d6dae11ffdc228e0ed01865bf603 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 4 Aug 2015 06:23:28 -0400
Subject: [PATCH 0844/3421] fix multinode guide

The multinode guide erroneously said to enable n-api on the worker
nodes, which is a typo. n-api-meta is the thing that's needed.

Change-Id: I733896681f7f6fe3bea0fdeeb8ffc9033d7fc761
---
 doc/source/guides/multinode-lab.rst | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 27d71f1b9c..557b522f69 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -178,12 +178,17 @@ machines, create a ``local.conf`` with:
     MYSQL_HOST=192.168.42.11
     RABBIT_HOST=192.168.42.11
     GLANCE_HOSTPORT=192.168.42.11:9292
-    ENABLED_SERVICES=n-cpu,n-net,n-api,c-vol
+    ENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol
     NOVA_VNC_ENABLED=True
     NOVNCPROXY_URL="http://192.168.42.11:6080/vnc_auto.html"
     VNCSERVER_LISTEN=$HOST_IP
     VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN
 
+**Note:** the ``n-api-meta`` service is a version of the api server
+that only serves the metadata service. It's needed because the
+computes created won't have a routing path to the metadata service on
+the controller.
+
 Fire up OpenStack:
 
 ::
@@ -263,7 +268,7 @@ Swift
 -----
 
 Swift, OpenStack Object Storage, requires a significant amount of resources
-and is disabled by default in DevStack. The support in DevStack is geared 
+and is disabled by default in DevStack. The support in DevStack is geared
 toward a minimal installation but can be used for testing. To implement a
 true multi-node test of swift, additional steps will be required. Enabling it is as
 simple as enabling the ``swift`` service in ``local.conf``:

From 815db16c2099610a52dec35f0846c0d19b9bd5b9 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 6 Aug 2015 10:25:45 +1000
Subject: [PATCH 0845/3421] Clean up configuration documentation

The current format is just copy-paste after auto-conversion and very
inconsistent.  Move discussion of each option into a section and
reword some slightly so they read more clearly.  Group some together
into a section+sub-sections, such as the logging and ip-version option
discussions.

Add a top table-of-contents for the major sections, and then a
separate toc for each of the configuration options that are discussed
in detail.

Change-Id: Iddd27cb54f1d9f062b9c47ff9ad6a2bef3650d6b
---
 doc/source/configuration.rst | 330 +++++++++++++++++------------------
 1 file changed, 165 insertions(+), 165 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 6052576e98..05a8d95f51 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -2,6 +2,10 @@
 Configuration
 =============
 
+.. contents::
+   :local:
+   :depth: 1
+
 DevStack has always tried to be mostly-functional with a minimal amount
 of configuration. The number of options has ballooned as projects add
 features, new projects added and more combinations need to be tested.
@@ -142,121 +146,79 @@ will not be set if there is no IPv6 address on the default Ethernet interface.
 Setting it here also makes it available for ``openrc`` to set ``OS_AUTH_URL``.
 ``HOST_IPV6`` is not set by default.
 
-Common Configuration Variables
-==============================
+Configuration Notes
+===================
+
+.. contents::
+   :local:
 
 Installation Directory
 ----------------------
 
-    | *Default: ``DEST=/opt/stack``*
-    |  The DevStack install directory is set by the ``DEST`` variable.
-    |  By setting it early in the ``localrc`` section you can reference it
-       in later variables. It can be useful to set it even though it is not
-       changed from the default value.
-    |
+The DevStack install directory is set by the ``DEST`` variable.  By
+default it is ``/opt/stack``.
+
+By setting it early in the ``localrc`` section you can reference it in
+later variables.  It can be useful to set it even though it is not
+changed from the default value.
 
     ::
 
         DEST=/opt/stack
 
-Libraries from Git
-------------------
-
-   | *Default: ``LIBS_FROM_GIT=""``*
-
-   | By default devstack installs OpenStack server components from
-     git, however it installs client libraries from released versions
-     on pypi. This is appropriate if you are working on server
-     development, but if you want to see how an unreleased version of
-     the client affects the system you can have devstack install it
-     from upstream, or from local git trees.
-   | Multiple libraries can be specified as a comma separated list.
-   |
-
-   ::
-
-      LIBS_FROM_GIT=python-keystoneclient,oslo.config
-
-Virtual Environments
---------------------
-
-  | *Default: ``USE_VENV=False``*
-  |   Enable the use of Python virtual environments by setting ``USE_VENV``
-      to ``True``.  This will enable the creation of venvs for each project
-      that is defined in the ``PROJECT_VENV`` array.
-
-  | *Default: ``PROJECT_VENV['']='.venv'*
-  |   Each entry in the ``PROJECT_VENV`` array contains the directory name
-      of a venv to be used for the project.  The array index is the project
-      name.  Multiple projects can use the same venv if desired.
-
-  ::
-
-    PROJECT_VENV["glance"]=${GLANCE_DIR}.venv
-
-  | *Default: ``ADDITIONAL_VENV_PACKAGES=""``*
-  |   A comma-separated list of additional packages to be installed into each
-      venv.  Often projects will not have certain packages listed in its
-      ``requirements.txt`` file because they are 'optional' requirements,
-      i.e. only needed for certain configurations.  By default, the enabled
-      databases will have their Python bindings added when they are enabled.
+Logging
+-------
 
 Enable Logging
---------------
+~~~~~~~~~~~~~~
 
-    | *Defaults: ``LOGFILE="" LOGDAYS=7 LOG_COLOR=True``*
-    |  By default ``stack.sh`` output is only written to the console
-       where it runs. It can be sent to a file in addition to the console
-       by setting ``LOGFILE`` to the fully-qualified name of the
-       destination log file. A timestamp will be appended to the given
-       filename for each run of ``stack.sh``.
-    |
+By default ``stack.sh`` output is only written to the console where it
+runs. It can be sent to a file in addition to the console by setting
+``LOGFILE`` to the fully-qualified name of the destination log file. A
+timestamp will be appended to the given filename for each run of
+``stack.sh``.
 
     ::
 
         LOGFILE=$DEST/logs/stack.sh.log
 
-    Old log files are cleaned automatically if ``LOGDAYS`` is set to the
-    number of days of old log files to keep.
+Old log files are cleaned automatically if ``LOGDAYS`` is set to the
+number of days of old log files to keep.
 
     ::
 
         LOGDAYS=1
 
-    The some of the project logs (Nova, Cinder, etc) will be colorized
-    by default (if ``SYSLOG`` is not set below); this can be turned off
-    by setting ``LOG_COLOR`` False.
+The some of the project logs (Nova, Cinder, etc) will be colorized by
+default (if ``SYSLOG`` is not set below); this can be turned off by
+setting ``LOG_COLOR`` to ``False``.
 
     ::
 
         LOG_COLOR=False
 
 Logging the Service Output
---------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-    | *Default: ``LOGDIR=""``*
-    |  DevStack will log the stdout output of the services it starts.
-       When using ``screen`` this logs the output in the screen windows
-       to a file.  Without ``screen`` this simply redirects stdout of
-       the service process to a file in ``LOGDIR``.
-    |
+DevStack will log the ``stdout`` output of the services it starts.
+When using ``screen`` this logs the output in the screen windows to a
+file.  Without ``screen`` this simply redirects stdout of the service
+process to a file in ``LOGDIR``.
 
     ::
 
         LOGDIR=$DEST/logs
 
-    *Note the use of ``DEST`` to locate the main install directory; this
-    is why we suggest setting it in ``local.conf``.*
+*Note the use of ``DEST`` to locate the main install directory; this
+is why we suggest setting it in ``local.conf``.*
 
 Enabling Syslog
----------------
+~~~~~~~~~~~~~~~
 
-    | *Default: ``SYSLOG=False SYSLOG_HOST=$HOST_IP SYSLOG_PORT=516``*
-    |  Logging all services to a single syslog can be convenient. Enable
-       syslogging by setting ``SYSLOG`` to ``True``. If the destination log
-       host is not localhost ``SYSLOG_HOST`` and ``SYSLOG_PORT`` can be
-       used to direct the message stream to the log host.
-    |
+Logging all services to a single syslog can be convenient. Enable
+syslogging by setting ``SYSLOG`` to ``True``. If the destination log
+host is not localhost ``SYSLOG_HOST`` and ``SYSLOG_PORT`` can be used
+to direct the message stream to the log host.  |
 
     ::
 
@@ -264,15 +226,55 @@ Enabling Syslog
         SYSLOG_HOST=$HOST_IP
         SYSLOG_PORT=516
 
+Libraries from Git
+------------------
+
+By default devstack installs OpenStack server components from git,
+however it installs client libraries from released versions on pypi.
+This is appropriate if you are working on server development, but if
+you want to see how an unreleased version of the client affects the
+system you can have devstack install it from upstream, or from local
+git trees by specifying it in ``LIBS_FROM_GIT``.  Multiple libraries
+can be specified as a comma separated list.
+
+   ::
+
+      LIBS_FROM_GIT=python-keystoneclient,oslo.config
+
+Virtual Environments
+--------------------
+
+Enable the use of Python virtual environments by setting ``USE_VENV``
+to ``True``.  This will enable the creation of venvs for each project
+that is defined in the ``PROJECT_VENV`` array.
+
+Each entry in the ``PROJECT_VENV`` array contains the directory name
+of a venv to be used for the project.  The array index is the project
+name.  Multiple projects can use the same venv if desired.
+
+  ::
+
+    PROJECT_VENV["glance"]=${GLANCE_DIR}.venv
+
+``ADDITIONAL_VENV_PACKAGES`` is a comma-separated list of additional
+packages to be installed into each venv.  Often projects will not have
+certain packages listed in its ``requirements.txt`` file because they
+are 'optional' requirements, i.e. only needed for certain
+configurations.  By default, the enabled databases will have their
+Python bindings added when they are enabled.
+
+  ::
+
+     ADDITIONAL_VENV_PACKAGES="python-foo, python-bar"
+
+
 A clean install every time
 --------------------------
 
-    | *Default: ``RECLONE=""``*
-    |  By default ``stack.sh`` only clones the project repos if they do
-       not exist in ``$DEST``. ``stack.sh`` will freshen each repo on each
-       run if ``RECLONE`` is set to ``yes``. This avoids having to manually
-       remove repos in order to get the current branch from ``$GIT_BASE``.
-    |
+By default ``stack.sh`` only clones the project repos if they do not
+exist in ``$DEST``. ``stack.sh`` will freshen each repo on each run if
+``RECLONE`` is set to ``yes``. This avoids having to manually remove
+repos in order to get the current branch from ``$GIT_BASE``.
 
     ::
 
@@ -281,13 +283,11 @@ A clean install every time
 Upgrade packages installed by pip
 ---------------------------------
 
-    | *Default: ``PIP_UPGRADE=""``*
-    |  By default ``stack.sh`` only installs Python packages if no version
-       is currently installed or the current version does not match a specified
-       requirement. If ``PIP_UPGRADE`` is set to ``True`` then existing required
-       Python packages will be upgraded to the most recent version that
-       matches requirements.
-    |
+By default ``stack.sh`` only installs Python packages if no version is
+currently installed or the current version does not match a specified
+requirement. If ``PIP_UPGRADE`` is set to ``True`` then existing
+required Python packages will be upgraded to the most recent version
+that matches requirements.
 
     ::
 
@@ -296,74 +296,69 @@ Upgrade packages installed by pip
 Swift
 -----
 
-    | Default: SWIFT_HASH=""
-    | SWIFT_REPLICAS=1
-    | SWIFT_DATA_DIR=$DEST/data/swift
+Swift is now used as the back-end for the S3-like object store.  When
+enabled Nova's objectstore (``n-obj`` in ``ENABLED_SERVICES``) is
+automatically disabled. Enable Swift by adding it services to
+``ENABLED_SERVICES``
 
-    | Swift is now used as the back-end for the S3-like object store.
-      When enabled Nova's objectstore (n-obj in ENABLED_SERVICES) is
-      automatically disabled. Enable Swift by adding it services to
-      ENABLED_SERVICES: enable_service s-proxy s-object s-container
-      s-account
+    ::
+
+       enable_service s-proxy s-object s-container s-account
 
-    Setting Swift's hash value is required and you will be prompted for
-    it if Swift is enabled so just set it to something already:
+Setting Swift's hash value is required and you will be prompted for it
+if Swift is enabled so just set it to something already:
 
     ::
 
         SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
 
-    For development purposes the default number of replicas is set to
-    ``1`` to reduce the overhead required. To better simulate a
-    production deployment set this to ``3`` or more.
+For development purposes the default number of replicas is set to
+``1`` to reduce the overhead required. To better simulate a production
+deployment set this to ``3`` or more.
 
     ::
 
         SWIFT_REPLICAS=3
 
-    The data for Swift is stored in the source tree by default (in
-    ``$DEST/swift/data``) and can be moved by setting
-    ``SWIFT_DATA_DIR``. The specified directory will be created if it
-    does not exist.
+The data for Swift is stored in the source tree by default (in
+``$DEST/swift/data``) and can be moved by setting
+``SWIFT_DATA_DIR``. The specified directory will be created if it does
+not exist.
 
     ::
 
         SWIFT_DATA_DIR=$DEST/data/swift
 
-    *Note: Previously just enabling ``swift`` was sufficient to start
-    the Swift services. That does not provide proper service
-    granularity, particularly in multi-host configurations, and is
-    considered deprecated. Some service combination tests now check for
-    specific Swift services and the old blanket acceptance will longer
-    work correctly.*
+*Note*: Previously just enabling ``swift`` was sufficient to start the
+Swift services. That does not provide proper service granularity,
+particularly in multi-host configurations, and is considered
+deprecated. Some service combination tests now check for specific
+Swift services and the old blanket acceptance will longer work
+correctly.
 
 Service Catalog Backend
 -----------------------
 
-    | *Default: ``KEYSTONE_CATALOG_BACKEND=sql``*
-    |  DevStack uses Keystone's ``sql`` service catalog backend. An
-       alternate ``template`` backend is also available. However, it does
-       not support the ``service-*`` and ``endpoint-*`` commands of the
-       ``keystone`` CLI. To do so requires the ``sql`` backend be enabled:
-    |
+By default DevStack uses Keystone's ``sql`` service catalog backend.
+An alternate ``template`` backend is also available, however, it does
+not support the ``service-*`` and ``endpoint-*`` commands of the
+``keystone`` CLI.  To do so requires the ``sql`` backend be enabled
+with ``KEYSTONE_CATALOG_BACKEND``:
 
     ::
 
         KEYSTONE_CATALOG_BACKEND=template
 
-    DevStack's default configuration in ``sql`` mode is set in
-    ``files/keystone_data.sh``
+DevStack's default configuration in ``sql`` mode is set in
+``files/keystone_data.sh``
 
 Cinder
 ------
 
-    | Default:
-    | VOLUME_GROUP="stack-volumes" VOLUME_NAME_PREFIX="volume-" VOLUME_BACKING_FILE_SIZE=10250M
-    |  The logical volume group used to hold the Cinder-managed volumes
-       is set by ``VOLUME_GROUP``, the logical volume name prefix is set
-       with ``VOLUME_NAME_PREFIX`` and the size of the volume backing file
-       is set with ``VOLUME_BACKING_FILE_SIZE``.
-    |
+The logical volume group used to hold the Cinder-managed volumes is
+set by ``VOLUME_GROUP``, the logical volume name prefix is set with
+``VOLUME_NAME_PREFIX`` and the size of the volume backing file is set
+with ``VOLUME_BACKING_FILE_SIZE``.
 
     ::
 
@@ -374,19 +369,23 @@ Cinder
 Multi-host DevStack
 -------------------
 
-    | *Default: ``MULTI_HOST=False``*
-    |  Running DevStack with multiple hosts requires a custom
-       ``local.conf`` section for each host. The master is the same as a
-       single host installation with ``MULTI_HOST=True``. The slaves have
-       fewer services enabled and a couple of host variables pointing to
-       the master.
-    |  **Master**
+Running DevStack with multiple hosts requires a custom ``local.conf``
+section for each host. The master is the same as a single host
+installation with ``MULTI_HOST=True``. The slaves have fewer services
+enabled and a couple of host variables pointing to the master.
+
+Master
+~~~~~~
 
+Set ``MULTI_HOST`` to true
     ::
 
         MULTI_HOST=True
 
-    **Slave**
+Slave
+~~~~~
+
+Set the following options to point to the master
 
     ::
 
@@ -398,22 +397,19 @@ Multi-host DevStack
 IP Version
 ----------
 
-    | Default: ``IP_VERSION=4+6``
-    | This setting can be used to configure DevStack to create either an IPv4,
-      IPv6, or dual stack tenant data network by setting ``IP_VERSION`` to
-      either ``IP_VERSION=4``, ``IP_VERSION=6``, or ``IP_VERSION=4+6``
-      respectively. This functionality requires that the Neutron networking
-      service is enabled by setting the following options:
-    |
+``IP_VERSION`` can be used to configure DevStack to create either an
+IPv4, IPv6, or dual-stack tenant data-network by with either
+``IP_VERSION=4``, ``IP_VERSION=6``, or ``IP_VERSION=4+6``
+respectively.  This functionality requires that the Neutron networking
+service is enabled by setting the following options:
 
     ::
 
         disable_service n-net
         enable_service q-svc q-agt q-dhcp q-l3
 
-    | The following optional variables can be used to alter the default IPv6
-      behavior:
-    |
+The following optional variables can be used to alter the default IPv6
+behavior:
 
     ::
 
@@ -422,24 +418,28 @@ IP Version
         FIXED_RANGE_V6=fd$IPV6_GLOBAL_ID::/64
         IPV6_PRIVATE_NETWORK_GATEWAY=fd$IPV6_GLOBAL_ID::1
 
-    | *Note: ``FIXED_RANGE_V6`` and ``IPV6_PRIVATE_NETWORK_GATEWAY``
-      can be configured with any valid IPv6 prefix. The default values make
-      use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC 4193.*
-    |
-
-    | Default: ``SERVICE_IP_VERSION=4``
-    | This setting can be used to configure DevStack to enable services to
-      operate over either IPv4 or IPv6, by setting ``SERVICE_IP_VERSION`` to
-      either ``SERVICE_IP_VERSION=4`` or ``SERVICE_IP_VERSION=6`` respectively.
-      When set to ``4`` devstack services will open listen sockets on 0.0.0.0
-      and service endpoints will be registered using ``HOST_IP`` as the address.
-      When set to ``6`` devstack services will open listen sockets on :: and
-      service endpoints will be registered using ``HOST_IPV6`` as the address.
-      The default value for this setting is ``4``.  Dual-mode support, for
-      example ``4+6`` is not currently supported.
-    | The following optional variable can be used to alter the default IPv6
-      address used:
-    |
+*Note*: ``FIXED_RANGE_V6`` and ``IPV6_PRIVATE_NETWORK_GATEWAY`` can be
+configured with any valid IPv6 prefix. The default values make use of
+an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.
+
+Service Version
+~~~~~~~~~~~~~~~
+
+DevStack can enable service operation over either IPv4 or IPv6 by
+setting ``SERVICE_IP_VERSION`` to either ``SERVICE_IP_VERSION=4`` or
+``SERVICE_IP_VERSION=6`` respectively.
+
+When set to ``4`` devstack services will open listen sockets on
+``0.0.0.0`` and service endpoints will be registered using ``HOST_IP``
+as the address.
+
+When set to ``6`` devstack services will open listen sockets on ``::``
+and service endpoints will be registered using ``HOST_IPV6`` as the
+address.
+
+The default value for this setting is ``4``.  Dual-mode support, for
+example ``4+6`` is not currently supported.  ``HOST_IPV6`` can
+optionally be used to alter the default IPv6 address
 
     ::
 

From 66919076838771c3a07864037ab661994145a958 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 6 Aug 2015 11:49:46 +0200
Subject: [PATCH 0846/3421] Install cryptsetup on the n-cpu nodes

test_encrypted_cinder_volumes.* tempest test failes,
when cryptsetup package is not installed.

The following error can be seen in the n-cpu log:
Stderr: u'/usr/bin/nova-rootwrap: Executable not found: cryptsetup
(filter match = cryptsetup)\n'

Change-Id: I86603f1301fa946c8bb22de3e69a2ec1ab7f1ef3
---
 files/debs/n-cpu      | 1 +
 files/rpms-suse/n-cpu | 1 +
 files/rpms/n-cpu      | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/files/debs/n-cpu b/files/debs/n-cpu
index 5d5052aa4e..ffc947a36d 100644
--- a/files/debs/n-cpu
+++ b/files/debs/n-cpu
@@ -5,3 +5,4 @@ genisoimage
 sysfsutils
 sg3-utils
 python-guestfs # NOPRIME
+cryptsetup
diff --git a/files/rpms-suse/n-cpu b/files/rpms-suse/n-cpu
index 7040b843bf..b3a468d2d8 100644
--- a/files/rpms-suse/n-cpu
+++ b/files/rpms-suse/n-cpu
@@ -4,3 +4,4 @@ lvm2
 open-iscsi
 sysfsutils
 sg3_utils
+cryptsetup
diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu
index c1a8e8ffa6..81278b30bb 100644
--- a/files/rpms/n-cpu
+++ b/files/rpms/n-cpu
@@ -4,4 +4,4 @@ lvm2
 genisoimage
 sysfsutils
 sg3_utils
-
+cryptsetup

From 2da606da2e47b7260732bb6ef43f1cbf6b4a1559 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 6 Aug 2015 10:02:43 -0400
Subject: [PATCH 0847/3421] add ebtables to world dump

I'm still at a loss about why guests stop being pingable in grenade,
so lets get ourselves some ebtables output as well.

Change-Id: I4e40eff6d0b1ef194e43b151a83206fbd50deb66
---
 tools/worlddump.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 926b4a1873..1b337a9a83 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -85,6 +85,11 @@ def disk_space():
     print dfraw
 
 
+def ebtables_dump():
+    _header("EB Tables Dump")
+    _dump_cmd("sudo ebtables -L")
+
+
 def iptables_dump():
     tables = ['filter', 'nat', 'mangle']
     _header("IP Tables Dump")
@@ -141,6 +146,7 @@ def main():
         process_list()
         network_dump()
         iptables_dump()
+        ebtables_dump()
         compute_consoles()
         guru_meditation_report()
 

From c0057ed5158c61446d3ba025a3b1feb337688859 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 7 Aug 2015 12:36:00 +1000
Subject: [PATCH 0848/3421] exercises/aggregates.sh: Only source openrc once

Only source openrc once, and remove the unnecessary re-sourcing of
"functions" which is done by openrc.

Change-Id: I61c87a0742de274d47753a0b216c56d96344d161
---
 exercises/aggregates.sh | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/exercises/aggregates.sh b/exercises/aggregates.sh
index 01d548d1f2..808ef76e2f 100755
--- a/exercises/aggregates.sh
+++ b/exercises/aggregates.sh
@@ -31,18 +31,13 @@ set -o xtrace
 EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
 TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
 
-# Import common functions
-source $TOP_DIR/functions
-
-# Import configuration
-source $TOP_DIR/openrc
+# Test as the admin user
+# note this imports stackrc/functions, etc
+. $TOP_DIR/openrc admin admin
 
 # Import exercise configuration
 source $TOP_DIR/exerciserc
 
-# Test as the admin user
-. $TOP_DIR/openrc admin admin
-
 # If nova api is not enabled we exit with exitcode 55 so that
 # the exercise is skipped
 is_service_enabled n-api || exit 55

From 296c1e3809082db4173f00141a981d3a2d168922 Mon Sep 17 00:00:00 2001
From: Jerry Zhao 
Date: Fri, 7 Aug 2015 20:43:54 -0400
Subject: [PATCH 0849/3421] Move policy.json creation to
 _configure_neutron_common

To allow separating neutron l3, metadata, or dhcp agent from neutron
server or controller, there is supposed to be policy.json on the nodes
with l3, dhcp, metadata agent enabled, so it would be more appropriate
to create policy.json in _configure_neutron_common.

Change-Id: I890d647ffca05482f36ebaaf9c2c6e9e6cb23e2b
---
 lib/neutron-legacy | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4069439183..498cf46179 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -878,6 +878,12 @@ function _configure_neutron_common {
 
     cp $NEUTRON_DIR/etc/neutron.conf $NEUTRON_CONF
 
+    Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
+    cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
+
+    # allow neutron user to administer neutron to match neutron account
+    sed -i 's/"context_is_admin":  "role:admin"/"context_is_admin":  "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
+
     # Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
     # For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.
     # For addition plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH``,
@@ -1106,13 +1112,7 @@ function _configure_neutron_plugin_agent {
 # It is called when q-svc is enabled.
 function _configure_neutron_service {
     Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
-    Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
-
     cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
-    cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
-
-    # allow neutron user to administer neutron to match neutron account
-    sed -i 's/"context_is_admin":  "role:admin"/"context_is_admin":  "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
 
     # Update either configuration file with plugin
     iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS

From 144dbc62f8aa6a62cdca403a69bb883cb8552142 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 10 Aug 2015 12:51:29 +1000
Subject: [PATCH 0850/3421] Remove config_apache_wsgi mention

This has only ever appeared in
I3a5d1e511c5dca1e6d01a1adca8fda0a43d4f632 and has never been exported,
referenced, etc.

Remove it to avoid confusion
(e.g. Icfad40ee6998296727a95613199e5c2d87bd0a45)

Change-Id: Ic71e841f6f751ff43083e12ad734b9c84be7b645
---
 lib/apache | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/apache b/lib/apache
index c7d69f2ea7..a8e9bc5ad2 100644
--- a/lib/apache
+++ b/lib/apache
@@ -11,7 +11,6 @@
 # lib/apache exports the following functions:
 #
 # - install_apache_wsgi
-# - config_apache_wsgi
 # - apache_site_config_for
 # - enable_apache_site
 # - disable_apache_site

From df8f43b44adec60ce6528441f2a0ea193793adb8 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Sun, 9 Aug 2015 20:30:39 -0400
Subject: [PATCH 0851/3421] Add support to lib/tempest for using tempest test
 accounts

This commit adds support to lib/tempest for configuring tempest to use
the test accounts mechanism. It adds a new variable
TEMPEST_USE_TEST_ACCOUNTS which will be used to trigger using test
accounts. The generate tempest-account-generator utility packaged with
tempest is used to generate the users and projects and write an
accounts.yaml. Another option TEMPEST_CONCURRENCY is added to specify
the the number of accounts to create, the value defaults to the number
of processors on the system.

The auth configuration section is moved to the bottom of the
configure_tempest function to ensure the proper auth endpoint and
catalog entries are all set in the tempest.conf file because the
tempest-account-generator tool depends on tempest knowing how to talk
to keystone to create the accounts.

Change-Id: I8682f72ffe26fd133874f5c575df6389f787ffcc
---
 lib/tempest | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 3a9ba814d0..240d55c545 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -82,6 +82,21 @@ TEMPEST_STORAGE_PROTOCOL=${TEMPEST_STORAGE_PROTOCOL:-$TEMPEST_DEFAULT_STORAGE_PR
 IPV6_ENABLED=$(trueorfalse True IPV6_ENABLED)
 IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True IPV6_SUBNET_ATTRIBUTES_ENABLED)
 
+# Do we want to make a configuration where Tempest has admin on
+# the cloud. We don't always want to so that we can ensure Tempest
+# would work on a public cloud.
+TEMPEST_HAS_ADMIN=$(trueorfalse True TEMPEST_HAS_ADMIN)
+
+# Credential provider configuration option variables
+TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}
+TEMPEST_USE_TEST_ACCOUNTS=$(trueorfalse False $TEMPEST_USE_TEST_ACCOUNTS)
+
+# The number of workers tempest is expected to be run with. This is used for
+# generating a accounts.yaml for running with test-accounts. This is also the
+# same variable that devstack-gate uses to specify the number of workers that
+# it will run tempest with
+TEMPEST_CONCURRENCY=${TEMPEST_CONCURRENCY:-$(nproc)}
+
 
 # Functions
 # ---------
@@ -174,11 +189,6 @@ function configure_tempest {
 
     password=${ADMIN_PASSWORD:-secrete}
 
-    # Do we want to make a configuration where Tempest has admin on
-    # the cloud. We don't always want to so that we can ensure Tempest
-    # would work on a public cloud.
-    TEMPEST_HAS_ADMIN=$(trueorfalse True TEMPEST_HAS_ADMIN)
-
     # See ``lib/keystone`` where these users and tenants are set up
     ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
     ADMIN_TENANT_NAME=${ADMIN_TENANT_NAME:-admin}
@@ -335,11 +345,6 @@ function configure_tempest {
     # Image Features
     iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image True
 
-    # Auth
-    TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}
-    iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
-    iniset $TEMPEST_CONFIG auth tempest_roles "Member"
-
     # Compute
     iniset $TEMPEST_CONFIG compute ssh_user ${DEFAULT_INSTANCE_USER:-cirros} # DEPRECATED
     iniset $TEMPEST_CONFIG compute network_for_ssh $PRIVATE_NETWORK_NAME
@@ -545,6 +550,19 @@ function configure_tempest {
         sudo chown $STACK_USER $BOTO_CONF
     fi
 
+    # Auth
+    iniset $TEMPEST_CONFIG auth tempest_roles "Member"
+    if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
+        if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
+            tempest-account-generator -c $TEMPEST_CONFIG --os-username $ADMIN_USERNAME --os-password $ADMIN_PASSWORD --os-tenant-name $ADMIN_TENANT_NAME -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
+        else:
+            tempest-account-generator -c $TEMPEST_CONFIG --os-username $ADMIN_USERNAME --os-password $ADMIN_PASSWORD --os-tenant-name $ADMIN_TENANT_NAME -r $TEMPEST_CONCURRENCY etc/accounts.yaml
+        fi
+        iniset $TEMPEST_CONFIG auth allow_tenant_isolation False
+        iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
+    else
+        iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
+    fi
     # Restore IFS
     IFS=$ifs
 }

From 19c5e62a04902e19a603d5a55bcfc5f318a522cf Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Wed, 5 Aug 2015 15:53:21 +1000
Subject: [PATCH 0852/3421] Configure glance swift communication with v3

With the aim of moving everything fully over to v3 authentication we
need to configure glance_store to use v3 when calling swift.

Requires glance_store 0.8.0

Change-Id: I61e8c5a4136404077f5505ebc2edfe49841c244f
Implements: bp keystonev3
---
 lib/glance | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/glance b/lib/glance
index f200dcaeea..b1b0f32f62 100644
--- a/lib/glance
+++ b/lib/glance
@@ -154,7 +154,10 @@ function configure_glance {
 
         iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
         iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
-        iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v2.0/
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id default
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_id default
+        iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3
 
         # commenting is not strictly necessary but it's confusing to have bad values in conf
         inicomment $GLANCE_API_CONF glance_store swift_store_user

From 1991e7599313cdbc75cf7674df94f32e9443cc60 Mon Sep 17 00:00:00 2001
From: Daniel Gonzalez 
Date: Tue, 11 Aug 2015 19:34:22 +0200
Subject: [PATCH 0853/3421] Fix creation of endpoints in multi-region

Keystone API v3 does currently not support filtering for region names.
As a consequence an additional check is needed in get_or_create_endpoint
to check if an endpoint must be created for a given region or if it
already exists.
See related bug for more information regarding the missing region
filtering in keystone.

Closes-Bug: #1483784
Related-Bug: #1482772
Change-Id: Ia6a497b9fb58f7474636ab52dc01b99857bed3a2
---
 functions-common | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index 60cf04c499..641eca8362 100644
--- a/functions-common
+++ b/functions-common
@@ -852,13 +852,18 @@ function get_or_create_service {
 # Usage: _get_or_create_endpoint_with_interface    
 function _get_or_create_endpoint_with_interface {
     local endpoint_id
+    # TODO(dgonzalez): The check of the region name, as done in the grep
+    # statement below, exists only because keystone does currently
+    # not allow filtering the region name when listing endpoints. If keystone
+    # gets support for this, the check for the region name can be removed.
+    # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
     endpoint_id=$(openstack endpoint list \
         --os-url $KEYSTONE_SERVICE_URI_V3 \
         --os-identity-api-version=3 \
         --service $1 \
         --interface $2 \
         --region $4 \
-        -c ID -f value)
+        -c ID -c Region -f value | grep $4 | cut -f 1 -d " ")
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \

From 75c1dfe3b0adc8bcb98276bcdbecca76a94eaab7 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Thu, 13 Aug 2015 10:40:57 +1000
Subject: [PATCH 0854/3421] Rename bad option value

To disable tempest running the v2 tests when the identity v2 api is
disabled you need to set api_v2=False not v2_api=False.

Change-Id: Ied8a0593619dccb5985f9a1e51feb370754336c7
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 240d55c545..6863bae9de 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -323,7 +323,7 @@ function configure_tempest {
     fi
     if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
         # Only Identity v3 is available; then skip Identity API v2 tests
-        iniset $TEMPEST_CONFIG identity-feature-enabled v2_api False
+        iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
         # In addition, use v3 auth tokens for running all Tempest tests
         iniset $TEMPEST_CONFIG identity auth_version v3
     else

From 7b105c572ed51510d951304b31c043cfe4674731 Mon Sep 17 00:00:00 2001
From: David Lyle 
Date: Mon, 27 Jul 2015 17:14:32 -0600
Subject: [PATCH 0855/3421] Move horizon apache root to /dashboard

With keystone's move to /identity, a conflict in for resources was
created as both keystone and horizon used /identity. The keystone
config took precedence and rendered API output in the horizon UI.

This patch sets the root for horizon to /dashboard and serves all
horizon content from there. Additionally, a RedirectMatch has been added
to the apache config for horizon to redirect '/' to '/dashboard' this
will allow the implementation to change without being immediately
painful to users.

Also made the path '/dashboard/' configurable in stackrc.

Closes-Bug: #1478306
Depends-On: I9a04f936ed6d8c14775a332dc28e903992806c42

for devstack-gate changes to remove hard coded horizon url structure
assumptions.

Change-Id: I6fbca5cea9e44df160afbccc71bd045437657320
---
 files/apache-horizon.template | 7 +++++--
 lib/horizon                   | 4 ++++
 stack.sh                      | 2 +-
 stackrc                       | 3 +++
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/files/apache-horizon.template b/files/apache-horizon.template
index 68838985ee..bfd75678e3 100644
--- a/files/apache-horizon.template
+++ b/files/apache-horizon.template
@@ -1,5 +1,5 @@
 
-    WSGIScriptAlias / %HORIZON_DIR%/openstack_dashboard/wsgi/django.wsgi
+    WSGIScriptAlias %WEBROOT% %HORIZON_DIR%/openstack_dashboard/wsgi/django.wsgi
     WSGIDaemonProcess horizon user=%USER% group=%GROUP% processes=3 threads=10 home=%HORIZON_DIR% display-name=%{GROUP}
     WSGIApplicationGroup %{GLOBAL}
 
@@ -8,7 +8,10 @@
     WSGIProcessGroup horizon
 
     DocumentRoot %HORIZON_DIR%/.blackhole/
-    Alias /media %HORIZON_DIR%/openstack_dashboard/static
+    Alias %WEBROOT%/media %HORIZON_DIR%/openstack_dashboard/static
+    Alias %WEBROOT%/static %HORIZON_DIR%/static
+
+    RedirectMatch "^/$" "%WEBROOT%/"
 
     
         Options FollowSymLinks
diff --git a/lib/horizon b/lib/horizon
index b0f306b675..9fe0aa8b49 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -93,6 +93,9 @@ function init_horizon {
     local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
     cp $HORIZON_SETTINGS $local_settings
 
+    _horizon_config_set $local_settings "" WEBROOT \"$HORIZON_APACHE_ROOT/\"
+    _horizon_config_set $local_settings "" CUSTOM_THEME_PATH \"themes/webroot\"
+
     _horizon_config_set $local_settings "" COMPRESS_OFFLINE True
     _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\"
 
@@ -122,6 +125,7 @@ function init_horizon {
         s,%HORIZON_DIR%,$HORIZON_DIR,g;
         s,%APACHE_NAME%,$APACHE_NAME,g;
         s,%DEST%,$DEST,g;
+        s,%WEBROOT%,$HORIZON_APACHE_ROOT,g;
     \" $FILES/apache-horizon.template >$horizon_conf"
 
     if is_ubuntu; then
diff --git a/stack.sh b/stack.sh
index cc8bc8c88f..cfcf126bda 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1421,7 +1421,7 @@ fi
 # If you installed Horizon on this server you should be able
 # to access the site using your browser.
 if is_service_enabled horizon; then
-    echo "Horizon is now available at http://$SERVICE_HOST/"
+    echo "Horizon is now available at http://$SERVICE_HOST$HORIZON_APACHE_ROOT"
 fi
 
 # If Keystone is present you can point ``nova`` cli to this server
diff --git a/stackrc b/stackrc
index 8beef9639f..f4245a40cf 100644
--- a/stackrc
+++ b/stackrc
@@ -87,6 +87,9 @@ TEMPEST_SERVICES=""
 # Set the default Nova APIs to enable
 NOVA_ENABLED_APIS=ec2,osapi_compute,metadata
 
+# Set the root URL for Horizon
+HORIZON_APACHE_ROOT="/dashboard"
+
 # Whether to use 'dev mode' for screen windows. Dev mode works by
 # stuffing text into the screen windows so that a developer can use
 # ctrl-c, up-arrow, enter to restart the service. Starting services

From b237b93f2bdfd66152bd68eedccec85ce0cb75b8 Mon Sep 17 00:00:00 2001
From: venkatamahesh 
Date: Mon, 10 Aug 2015 16:07:03 +0530
Subject: [PATCH 0856/3421] Location of the "local.conf" file is confusing. It
 is updated.

It was shown that the local.conf is at root devstack directory, but
it is at devstack/samples directory. So the path is updated.

1.) Copy the file into root Devstack directory.

Change-Id: I6ff8a404a3664c892bb458023c57ccc5d0926fdf
Closes-Bug: #1464491
---
 doc/source/configuration.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 05a8d95f51..90b7d44dec 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -28,8 +28,10 @@ simplify this process and meet the following goals:
 local.conf
 ==========
 
-The new configuration file is ``local.conf`` and resides in the root
-DevStack directory like the old ``localrc`` file. It is a modified INI
+The new configuration file is ``local.conf`` and should reside in the
+root Devstack directory. An example of such ``local.conf`` file
+is provided in the ``devstack/samples`` directory. Copy this file into
+the root Devstack directory and adapt it to your needs. It is a modified INI
 format file that introduces a meta-section header to carry additional
 information regarding the configuration files to be changed.
 

From 6b172c8dd52effc649673ac5955d1ec8ae5016f9 Mon Sep 17 00:00:00 2001
From: Adam Kacmarsky 
Date: Thu, 13 Aug 2015 15:14:05 -0600
Subject: [PATCH 0857/3421] Always add OVS port in
 _move_neutron_addresses_route

Added functionallity to allow _move_neutron_addresses_route to support
interfaces without a configured IP address. If PUBLIC_INTERFACE is set
to an interface without a configured IP, only the port will be
added to the OVS_PHYSICAL_BRIDGE.

Change-Id: I511ea5229ab871298086af5c96761390529bd85e
---
 lib/neutron-legacy | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4069439183..4bbc802ba9 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -793,7 +793,8 @@ function stop_neutron {
 }
 
 # _move_neutron_addresses_route() - Move the primary IP to the OVS bridge
-# on startup, or back to the public interface on cleanup
+# on startup, or back to the public interface on cleanup. If no IP is
+# configured on the interface, just add it as a port to the OVS bridge.
 function _move_neutron_addresses_route {
     local from_intf=$1
     local to_intf=$2
@@ -806,7 +807,8 @@ function _move_neutron_addresses_route {
         # on configure we will also add $from_intf as a port on $to_intf,
         # assuming it is an OVS bridge.
 
-        local IP_BRD=$(ip -f $af a s dev $from_intf | awk '/inet/ { print $2, $3, $4; exit }')
+        local IP_ADD=""
+        local IP_DEL=""
         local DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
         local ADD_OVS_PORT=""
 
@@ -826,7 +828,12 @@ function _move_neutron_addresses_route {
             ADD_OVS_PORT="sudo ovs-vsctl --may-exist add-port $to_intf $from_intf"
         fi
 
-        sudo ip addr del $IP_BRD dev $from_intf; sudo ip addr add $IP_BRD dev $to_intf; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
+        if [[ "$IP_BRD" != "" ]]; then
+            IP_ADD="sudo ip addr del $IP_BRD dev $from_intf"
+            IP_DEL="sudo ip addr add $IP_BRD dev $to_intf"
+        fi
+
+        $IP_ADD; $IP_DEL; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
     fi
 }
 
@@ -834,9 +841,7 @@ function _move_neutron_addresses_route {
 # runs that a clean run would need to clean up
 function cleanup_neutron {
 
-    if [[ $(ip -f inet a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
-        _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
-    fi
+    _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
 
     if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
         _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet6"
@@ -1021,9 +1026,7 @@ function _configure_neutron_l3_agent {
 
     neutron_plugin_configure_l3_agent
 
-    if [[ $(ip -f inet a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
-        _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True "inet"
-    fi
+    _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" True "inet"
 
     if [[ $(ip -f inet6 a s dev "$PUBLIC_INTERFACE" | grep -c 'global') != 0 ]]; then
         _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False "inet6"

From dbdee698700d9c7cf86ad3cde74e8b4347ef757a Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 14 Aug 2015 12:22:18 +1000
Subject: [PATCH 0858/3421] Use standard get_or_create_role to find role

The openstack role list command doesn't include any identity API version
information and so will fail when running purely with v3. We could add
this information to the command however we already have a function that
does what swift requires so we should use it.

Change-Id: I5d5417eaed432760bfb97cf35bd76a0919c6004d
---
 lib/swift | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/swift b/lib/swift
index 96d730ef2c..7bc811e1e6 100644
--- a/lib/swift
+++ b/lib/swift
@@ -610,7 +610,7 @@ function create_swift_accounts {
 
     KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 
-    local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
+    local another_role=$(get_or_create_role "anotherrole")
 
     # NOTE(jroll): Swift doesn't need the admin role here, however Ironic uses
     # temp urls, which break when uploaded by a non-admin role

From e4289c88c8007ae942a18a1786fc6fd36f2489c7 Mon Sep 17 00:00:00 2001
From: Paul Michali 
Date: Fri, 14 Aug 2015 11:49:27 -0400
Subject: [PATCH 0859/3421] Prevent spawning two VPN agents

Currently, if the VPN devstack plugin is enabled (which is
the method used for VPN in all test jobs), there will be
two VPN agent processes started. This doesn't seem to
affect the tests, but is incorrect.

To resolve this, the proposal is to do this in two steps.
With this commit, the script is modified to start the q-vpn
process, if q-vpn is enabled (legacy), and to only start
q-l3 process, if neither q-vpn nor neutron-vpnaas is enabled.

Once committed, the opertion will be the same - if no VPN
service is enabled, we get q-l3 (correct); if legacy q-vpn is
enabled (only), we get q-vpn (correct); if the plugin is used
(the default), we get two q-vpn processes started (wrong).

With a separate plugin commit (to be pushed next), the plugin
will be renamed to neutron-vpnaas, and then we'll get only
one agent process (q-vpn or neutron-vpnaas) runing. We can't
commit the plugin first, because both the VPN agent and the
q-l3 agent will be started at once (just as bad, if not worse).

Change-Id: I2bb7ac01e619c8a9b22bd517a4ff60d67035dfed
Partial-Bug: 1484141
---
 lib/neutron-legacy | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4069439183..01be7cb244 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -730,7 +730,9 @@ function start_neutron_l2_agent {
 function start_neutron_other_agents {
     run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
 
-    if is_service_enabled q-vpn; then
+    if is_service_enabled neutron-vpnaas; then
+        :  # Started by plugin
+    elif is_service_enabled q-vpn; then
         run_process q-vpn "$AGENT_VPN_BINARY $(determine_config_files neutron-vpn-agent)"
     else
         run_process q-l3 "python $AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"

From a83e90b56080d1c86f98e66d146f781c19d150c5 Mon Sep 17 00:00:00 2001
From: Tim Buckley 
Date: Wed, 5 Aug 2015 10:25:00 -0600
Subject: [PATCH 0860/3421] Enable CSV logging output for DStat.

Future work toward visualization of DevStack and devstack-gate performance
would benefit greatly from the availability of machine-parsable DStat output.
This patch outputs an additional logfile to $LOGDIR, `dstat-csv.log`, using
DStat's built-in CSV logging functionality.

An additional instance of DStat is started during start_dstat that outputs
to CSV-formatted text without `--top-cpu-adv` and `-top-io-adv` enabled, as
these plugins are currently incompatible with CSV output. To facilitate this,
a new `dstat.sh` script is added to $TOP_DIR/tools/ to act as a daemon to
manage the two processes.

Change-Id: I826c94c35b6a109308b4f132c181ff7a1f63bc7b
Depends-On: I534fb1f9356a7948d2fec0aecc7f275e47362a11
---
 lib/dstat      |  3 +--
 tools/dstat.sh | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100755 tools/dstat.sh

diff --git a/lib/dstat b/lib/dstat
index f11bfa55c0..fe4790b12d 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -19,8 +19,7 @@ set +o xtrace
 # start_dstat() - Start running processes, including screen
 function start_dstat {
     # A better kind of sysstat, with the top process per time slice
-    DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
-    run_process dstat "dstat $DSTAT_OPTS"
+    run_process dstat "$TOP_DIR/tools/dstat.sh $LOGDIR"
 
     # To enable peakmem_tracker add:
     #    enable_service peakmem_tracker
diff --git a/tools/dstat.sh b/tools/dstat.sh
new file mode 100755
index 0000000000..6ba4515acf
--- /dev/null
+++ b/tools/dstat.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# **tools/dstat.sh** - Execute instances of DStat to log system load info
+#
+# Multiple instances of DStat are executed in order to take advantage of
+# incompatible features, particularly CSV output and the "top-cpu-adv" and
+# "top-io-adv" flags.
+#
+# Assumes:
+#  - dstat command is installed
+
+# Retreive log directory as argument from calling script.
+LOGDIR=$1
+
+# Command line arguments for primary DStat process.
+DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
+
+# Command-line arguments for secondary background DStat process.
+DSTAT_CSV_OPTS="-tcmndrylpg --output $LOGDIR/dstat-csv.log"
+
+# Execute and background the secondary dstat process and discard its output.
+dstat $DSTAT_CSV_OPTS >& /dev/null &
+
+# Execute and background the primary dstat process, but keep its output in this
+# TTY.
+dstat $DSTAT_OPTS &
+
+# Catch any exit signals, making sure to also terminate any child processes.
+trap "kill -- -$$" EXIT
+
+# Keep this script running as long as child dstat processes are alive.
+wait

From 51bddb8c64f5cb4086d672574202262ad9c38332 Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Fri, 14 Aug 2015 17:21:47 +0100
Subject: [PATCH 0861/3421] Ironic: Create nodes with names

This patch is setting a name for each node created in Ironic, when
testing stuff it's easier to refer to a nome by its name then uuid.

The format of the name is: node-0, node-1, ...

Change-Id: I60fcddbcb36d1b1da8b3846b6edf14c59401f102
---
 lib/ironic | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ironic b/lib/ironic
index 1323446c1f..b3ad586923 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -618,6 +618,7 @@ function enroll_nodes {
         local node_id=$(ironic node-create $standalone_node_uuid\
             --chassis_uuid $chassis_id \
             --driver $IRONIC_DEPLOY_DRIVER \
+            --name node-$total_nodes \
             -p cpus=$ironic_node_cpu\
             -p memory_mb=$ironic_node_ram\
             -p local_gb=$ironic_node_disk\

From 597c902dfc9ea62f1a1455d6db7c7c50d09a5876 Mon Sep 17 00:00:00 2001
From: Masaki Matsushita 
Date: Sat, 15 Aug 2015 11:35:20 +0900
Subject: [PATCH 0862/3421] use $SERVICE_HOST in multi-node doc

The change fix multi-node doc to use SERVICE_HOST.
It resolves duplicate IP address.

Closes-Bug: #1485159
Change-Id: If86393e9a37bcb911a9aa125829cd8ce684edd9f
---
 doc/source/guides/multinode-lab.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 557b522f69..1530a84523 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -175,12 +175,12 @@ machines, create a ``local.conf`` with:
     SERVICE_TOKEN=xyzpdqlazydog
     DATABASE_TYPE=mysql
     SERVICE_HOST=192.168.42.11
-    MYSQL_HOST=192.168.42.11
-    RABBIT_HOST=192.168.42.11
-    GLANCE_HOSTPORT=192.168.42.11:9292
+    MYSQL_HOST=$SERVICE_HOST
+    RABBIT_HOST=$SERVICE_HOST
+    GLANCE_HOSTPORT=$SERVICE_HOST:9292
     ENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol
     NOVA_VNC_ENABLED=True
-    NOVNCPROXY_URL="http://192.168.42.11:6080/vnc_auto.html"
+    NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_auto.html"
     VNCSERVER_LISTEN=$HOST_IP
     VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN
 

From 4b115ad526df7e12bbdc71e0280b3c691e53ed04 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 29 May 2015 08:36:40 +0000
Subject: [PATCH 0863/3421] Convert identity defaults to keystone v3 api

At this point all our function calls should be using the V3 APIs anyway
so switch the authentication credentials to v3 compatible ones and
remove all the hacks we added to force v3 API calls.

Implements: bp keystonev3
Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249
---
 functions-common | 35 ++++-------------------------------
 stack.sh         | 15 ++++++++-------
 2 files changed, 12 insertions(+), 38 deletions(-)

diff --git a/functions-common b/functions-common
index 641eca8362..cc5136da56 100644
--- a/functions-common
+++ b/functions-common
@@ -687,16 +687,13 @@ function policy_add {
 # Usage: get_or_create_domain  
 function get_or_create_domain {
     local domain_id
-    local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets domain id
     domain_id=$(
         # Gets domain id
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 domain show $1 \
+        openstack domain show $1 \
             -f value -c id 2>/dev/null ||
         # Creates new domain
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 domain create $1 \
+        openstack domain create $1 \
             --description "$2" \
             -f value -c id
     )
@@ -707,13 +704,11 @@ function get_or_create_domain {
 # Usage: get_or_create_group   []
 function get_or_create_group {
     local desc="${3:-}"
-    local os_url="$KEYSTONE_SERVICE_URI_V3"
     local group_id
     # Gets group id
     group_id=$(
         # Creates new group with --or-show
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 group create $1 \
+        openstack group create $1 \
             --domain $2 --description "$desc" --or-show \
             -f value -c id
     )
@@ -735,8 +730,6 @@ function get_or_create_user {
         openstack user create \
             $1 \
             --password "$2" \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --domain=$3 \
             $email \
             --or-show \
@@ -751,9 +744,7 @@ function get_or_create_project {
     local project_id
     project_id=$(
         # Creates new project with --or-show
-        openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
-            project create $1 \
+        openstack project create $1 \
             --domain=$2 \
             --or-show -f value -c id
     )
@@ -767,8 +758,6 @@ function get_or_create_role {
     role_id=$(
         # Creates role with --or-show
         openstack role create $1 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --or-show -f value -c id
     )
     echo $role_id
@@ -781,8 +770,6 @@ function get_or_add_user_project_role {
     # Gets user role id
     user_role_id=$(openstack role list \
         --user $2 \
-        --os-url=$KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --column "ID" \
         --project $3 \
         --column "Name" \
@@ -793,8 +780,6 @@ function get_or_add_user_project_role {
             $1 \
             --user $2 \
             --project $3 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             | grep " id " | get_field 2)
     fi
     echo $user_role_id
@@ -806,21 +791,15 @@ function get_or_add_group_project_role {
     local group_role_id
     # Gets group role id
     group_role_id=$(openstack role list \
-        --os-url=$KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --group $2 \
         --project $3 \
         -c "ID" -f value)
     if [[ -z "$group_role_id" ]]; then
         # Adds role to group and get it
         openstack role add $1 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --group $2 \
             --project $3
         group_role_id=$(openstack role list \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --group $2 \
             --project $3 \
             -c "ID" -f value)
@@ -838,8 +817,6 @@ function get_or_create_service {
         openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
-            --os-url $KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             $2 \
             --name $1 \
             --description="$3" \
@@ -858,8 +835,6 @@ function _get_or_create_endpoint_with_interface {
     # gets support for this, the check for the region name can be removed.
     # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
     endpoint_id=$(openstack endpoint list \
-        --os-url $KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --service $1 \
         --interface $2 \
         --region $4 \
@@ -867,8 +842,6 @@ function _get_or_create_endpoint_with_interface {
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \
-            --os-url $KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             $1 $2 $3 --region $4 -f value -c id)
     fi
 
diff --git a/stack.sh b/stack.sh
index cc8bc8c88f..fa2e490704 100755
--- a/stack.sh
+++ b/stack.sh
@@ -987,13 +987,15 @@ if is_service_enabled keystone; then
         start_keystone
     fi
 
+    export OS_IDENTITY_API_VERSION=3
+
     # Set up a temporary admin URI for Keystone
-    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
+    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
 
     if is_service_enabled tls-proxy; then
         export OS_CACERT=$INT_CA_DIR/ca-chain.pem
         # Until the client support is fixed, just use the internal endpoint
-        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
+        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
     fi
 
     # Setup OpenStackClient token-endpoint auth
@@ -1021,14 +1023,13 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
-    # force set to use v2 identity authentication even with v3 commands
-    export OS_AUTH_TYPE=v2password
-
     # Set up password auth credentials now that Keystone is bootstrapped
-    export OS_AUTH_URL=$SERVICE_ENDPOINT
-    export OS_TENANT_NAME=admin
+    export OS_AUTH_URL=$KEYSTONE_AUTH_URI
     export OS_USERNAME=admin
+    export OS_USER_DOMAIN_ID=default
     export OS_PASSWORD=$ADMIN_PASSWORD
+    export OS_PROJECT_NAME=admin
+    export OS_PROJECT_DOMAIN_ID=default
     export OS_REGION_NAME=$REGION_NAME
 fi
 

From 05076fb7ea45b7f1f7d9f232afb56dbb1d6e2f08 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Sat, 15 Aug 2015 19:01:59 +1000
Subject: [PATCH 0864/3421] Configure horizon with identity v3

Currently horizon configures keystone using v3 only if v2 is not
available. Really we should just always be using v3.

Change-Id: Icac4d90b617209da75abf33f8e25ffc021c45fdb
---
 lib/horizon | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/lib/horizon b/lib/horizon
index b0f306b675..108a7f0a8f 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -98,13 +98,8 @@ function init_horizon {
 
     _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
 
-    if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
-        # Only Identity v3 API is available; then use it with v3 auth tokens
-        _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
-        _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\""
-    else
-        _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
-    fi
+    _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
+    _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\""
 
     if [ -f $SSL_BUNDLE_FILE ]; then
         _horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"

From 1e7fb4c9a0a7a45fb89363a25504e8b173e032aa Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Thu, 23 Jul 2015 15:49:39 +0900
Subject: [PATCH 0865/3421] _configure_neutron_dhcp_agent: Modify the right
 config file

This has been incorrect since the initial commit
(I632df4149e9d7f78cb5a7091dfe4ea8f8ca3ddfa)

Closes-Bug: #1483499
Change-Id: Ife4defce989c4f3c7eb5381376c0f93de50a9668
---
 lib/neutron-legacy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4069439183..64126094cb 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -979,7 +979,7 @@ function _configure_neutron_dhcp_agent {
     iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+        iniset $Q_DHCP_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
 
     if ! is_service_enabled q-l3; then

From fc657f4ff280e0908e096d562ce0770dbfd9e41a Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Thu, 23 Jul 2015 15:52:49 +0900
Subject: [PATCH 0866/3421] neutron-legacy: Update after DEFAULT.root_helper
 removal

Update after change I17cd62c8763430bf3a4b67ab5e9cf5b736065133 .

Closes-Bug: #1483501
Change-Id: Ieb5270484205cffe4ec97db0d59f012d1e7708d4
---
 lib/neutron-legacy | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 64126094cb..7dddde15fd 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -977,7 +977,7 @@ function _configure_neutron_dhcp_agent {
     iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
     iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $Q_DHCP_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    iniset $Q_DHCP_CONF_FILE agent root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $Q_DHCP_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
@@ -1012,7 +1012,7 @@ function _configure_neutron_l3_agent {
     iniset $Q_L3_CONF_FILE DEFAULT verbose True
     iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $Q_L3_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    iniset $Q_L3_CONF_FILE agent root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $Q_L3_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
@@ -1036,7 +1036,7 @@ function _configure_neutron_metadata_agent {
     iniset $Q_META_CONF_FILE DEFAULT verbose True
     iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
-    iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
+    iniset $Q_META_CONF_FILE agent root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $Q_META_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi

From 05aa3846a0402edc9cc49f4ba36f09592004b273 Mon Sep 17 00:00:00 2001
From: Clark Boylan 
Date: Mon, 3 Aug 2015 11:14:13 -0700
Subject: [PATCH 0867/3421] Just use constraints everywhere

Having behavior on your laptop diverge from behavior in the gate is
confusing. Just use constraints on every devstack run to be consistent.
Users of devstack can edit the requirements repo in order to change
these constraints locally if necessary.

Change-Id: I843208e2e982eb04931b76f5cb4bd219fbcd70de
---
 functions-common     |  1 -
 inc/python           | 51 ++++++++------------------------------------
 lib/infra            |  1 -
 stack.sh             |  3 ---
 stackrc              | 13 +++--------
 tools/install_pip.sh |  2 +-
 6 files changed, 13 insertions(+), 58 deletions(-)

diff --git a/functions-common b/functions-common
index 60cf04c499..749ca2b40c 100644
--- a/functions-common
+++ b/functions-common
@@ -28,7 +28,6 @@
 # - ``REQUIREMENTS_DIR``
 # - ``STACK_USER``
 # - ``TRACK_DEPENDS``
-# - ``UNDO_REQUIREMENTS``
 # - ``http_proxy``, ``https_proxy``, ``no_proxy``
 #
 
diff --git a/inc/python b/inc/python
index 54e19a7886..5c9dc5c3e5 100644
--- a/inc/python
+++ b/inc/python
@@ -67,7 +67,6 @@ function pip_install_gr {
 # Wrapper for ``pip install`` to set cache and proxy environment variables
 # Uses globals ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
 # ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``,
-# ``USE_CONSTRAINTS``
 # pip_install package [package ...]
 function pip_install {
     local xtrace=$(set +o | grep xtrace)
@@ -105,11 +104,8 @@ function pip_install {
     fi
 
     cmd_pip="$cmd_pip install"
-
-    # Handle a constraints file, if needed.
-    if [[ "$USE_CONSTRAINTS" == "True" ]]; then
-        cmd_pip="$cmd_pip -c $REQUIREMENTS_DIR/upper-constraints.txt"
-    fi
+    # Always apply constraints
+    cmd_pip="$cmd_pip -c $REQUIREMENTS_DIR/upper-constraints.txt"
 
     local pip_version=$(python -c "import pip; \
                         print(pip.__version__.strip('.')[0])")
@@ -187,13 +183,13 @@ function setup_dev_lib {
 # use this, especially *oslo* ones
 function setup_install {
     local project_dir=$1
-    setup_package_with_req_sync $project_dir
+    setup_package_with_constraints_edit $project_dir
 }
 
 # this should be used for projects which run services, like all services
 function setup_develop {
     local project_dir=$1
-    setup_package_with_req_sync $project_dir -e
+    setup_package_with_constraints_edit $project_dir -e
 }
 
 # determine if a project as specified by directory is in
@@ -209,32 +205,16 @@ function is_in_projects_txt {
 # ``pip install -e`` the package, which processes the dependencies
 # using pip before running `setup.py develop`
 #
-# Updates the dependencies in project_dir from the
-# openstack/requirements global list before installing anything.
+# Updates the constraints from REQUIREMENTS_DIR to reflect the
+# future installed state of this package. This ensures when we
+# install this package we get the from source version.
 #
-# Uses globals ``TRACK_DEPENDS``, ``REQUIREMENTS_DIR``, ``UNDO_REQUIREMENTS``
+# Uses globals ``REQUIREMENTS_DIR``
 # setup_develop directory
-function setup_package_with_req_sync {
+function setup_package_with_constraints_edit {
     local project_dir=$1
     local flags=$2
 
-    # Don't update repo if local changes exist
-    # Don't use buggy "git diff --quiet"
-    # ``errexit`` requires us to trap the exit code when the repo is changed
-    local update_requirements=$(cd $project_dir && git diff --exit-code >/dev/null || echo "changed")
-
-    if [[ $update_requirements != "changed" && "$USE_CONSTRAINTS" == "False" ]]; then
-        if is_in_projects_txt $project_dir; then
-            (cd $REQUIREMENTS_DIR; \
-                ./.venv/bin/python update.py $project_dir)
-        else
-            # soft update projects not found in requirements project.txt
-            echo "$project_dir not a constrained repository, soft enforcing requirements"
-            (cd $REQUIREMENTS_DIR; \
-                ./.venv/bin/python update.py -s $project_dir)
-        fi
-    fi
-
     if [ -n "$REQUIREMENTS_DIR" ]; then
         # Constrain this package to this project directory from here on out.
         local name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
@@ -245,19 +225,6 @@ function setup_package_with_req_sync {
 
     setup_package $project_dir $flags
 
-    # We've just gone and possibly modified the user's source tree in an
-    # automated way, which is considered bad form if it's a development
-    # tree because we've screwed up their next git checkin. So undo it.
-    #
-    # However... there are some circumstances, like running in the gate
-    # where we really really want the overridden version to stick. So provide
-    # a variable that tells us whether or not we should UNDO the requirements
-    # changes (this will be set to False in the OpenStack ci gate)
-    if [ $UNDO_REQUIREMENTS = "True" ]; then
-        if [[ $update_requirements != "changed" ]]; then
-            (cd $project_dir && git reset --hard)
-        fi
-    fi
 }
 
 # ``pip install -e`` the package, which processes the dependencies
diff --git a/lib/infra b/lib/infra
index eb8000e8d3..89397de792 100644
--- a/lib/infra
+++ b/lib/infra
@@ -22,7 +22,6 @@ set +o xtrace
 # Defaults
 # --------
 GITDIR["pbr"]=$DEST/pbr
-REQUIREMENTS_DIR=$DEST/requirements
 
 # Entry Points
 # ------------
diff --git a/stack.sh b/stack.sh
index 2288af57a4..ba935be76e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -688,9 +688,6 @@ save_stackenv $LINENO
 echo_summary "Installing package prerequisites"
 source $TOP_DIR/tools/install_prereqs.sh
 
-# Normalise USE_CONSTRAINTS
-USE_CONSTRAINTS=$(trueorfalse False USE_CONSTRAINTS)
-
 # Configure an appropriate Python environment
 if [[ "$OFFLINE" != "True" ]]; then
     PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/install_pip.sh
diff --git a/stackrc b/stackrc
index 8beef9639f..f67afd9aee 100644
--- a/stackrc
+++ b/stackrc
@@ -149,13 +149,6 @@ DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
 # Zero disables timeouts
 GIT_TIMEOUT=${GIT_TIMEOUT:-0}
 
-# Constraints mode
-# - False (default) : update git projects dependencies from global-requirements.
-#
-# - True : use upper-constraints.txt to constrain versions of packages intalled
-#          and do not edit projects at all.
-USE_CONSTRAINTS=$(trueorfalse False USE_CONSTRAINTS)
-
 # Repositories
 # ------------
 
@@ -163,6 +156,9 @@ USE_CONSTRAINTS=$(trueorfalse False USE_CONSTRAINTS)
 # Another option is https://git.openstack.org
 GIT_BASE=${GIT_BASE:-git://git.openstack.org}
 
+# The location of REQUIREMENTS once cloned
+REQUIREMENTS_DIR=$DEST/requirements
+
 # Which libraries should we install from git instead of using released
 # versions on pypi?
 #
@@ -627,9 +623,6 @@ USE_SCREEN=${SCREEN_DEV:-$USE_SCREEN}
 # Set default screen name
 SCREEN_NAME=${SCREEN_NAME:-stack}
 
-# Undo requirements changes by global requirements
-UNDO_REQUIREMENTS=${UNDO_REQUIREMENTS:-True}
-
 # Allow the use of an alternate protocol (such as https) for service endpoints
 SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
 
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 0f7c962b2b..7b42c8c485 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -20,7 +20,7 @@ TOP_DIR=`cd $TOOLS_DIR/..; pwd`
 cd $TOP_DIR
 
 # Import common functions
-source $TOP_DIR/functions
+source $TOP_DIR/stackrc
 
 FILES=$TOP_DIR/files
 

From ea21eb4f69e2f2ea2c9c6d2fb9c4ed9aef4fc198 Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Tue, 18 Aug 2015 06:57:18 -0400
Subject: [PATCH 0868/3421] Remove non-ASCII characters

Change-Id: If1c68e5aab6990617519150d8aeb3f073df2ad17
---
 lib/databases/mysql | 4 ++--
 lib/swift           | 2 +-
 lib/tempest         | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index fb55b60ff6..7ae9a936d6 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -85,12 +85,12 @@ function configure_database_mysql {
         sudo mysqladmin -u root password $DATABASE_PASSWORD || true
     fi
 
-    # Update the DB to give user ‘$DATABASE_USER’@’%’ full control of the all databases:
+    # Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
     sudo mysql -uroot -p$DATABASE_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
 
     # Now update ``my.cnf`` for some local needs and restart the mysql service
 
-    # Change ‘bind-address’ from localhost (127.0.0.1) to any (::) and
+    # Change bind-address from localhost (127.0.0.1) to any (::) and
     # set default db type to InnoDB
     sudo bash -c "source $TOP_DIR/functions && \
         iniset $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" && \
diff --git a/lib/swift b/lib/swift
index 96d730ef2c..dac121be0c 100644
--- a/lib/swift
+++ b/lib/swift
@@ -97,7 +97,7 @@ SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST:-}
 # the beginning of the pipeline, before authentication middlewares.
 SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH=${SWIFT_EXTRAS_MIDDLEWARE_NO_AUTH:-crossdomain}
 
-# The ring uses a configurable number of bits from a path’s MD5 hash as
+# The ring uses a configurable number of bits from a path's MD5 hash as
 # a partition index that designates a device. The number of bits kept
 # from the hash is known as the partition power, and 2 to the partition
 # power indicates the partition count. Partitioning the full MD5 hash
diff --git a/lib/tempest b/lib/tempest
index 3a9ba814d0..b598db4527 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -386,7 +386,7 @@ function configure_tempest {
     # and is now the default behavior.
     iniset $TEMPEST_CONFIG compute-feature-enabled allow_duplicate_networks ${NOVA_ALLOW_DUPLICATE_NETWORKS:-True}
 
-    # Network
+    # Network
     iniset $TEMPEST_CONFIG network api_version 2.0
     iniset $TEMPEST_CONFIG network tenant_networks_reachable "$tenant_networks_reachable"
     iniset $TEMPEST_CONFIG network public_network_id "$public_network_id"
@@ -468,7 +468,7 @@ function configure_tempest {
     if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then
         # Enabled extensions are either the ones explicitly specified or those available on the API endpoint
         volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")}
-        # Remove disabled extensions
+        # Remove disabled extensions
         volume_api_extensions=$(remove_disabled_extensions $volume_api_extensions $DISABLE_VOLUME_API_EXTENSIONS)
     fi
     iniset $TEMPEST_CONFIG volume-feature-enabled api_extensions $volume_api_extensions

From 2bb3a648929550ae9ff237185be43d864e1e0225 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Tue, 18 Aug 2015 12:59:08 -0700
Subject: [PATCH 0869/3421] Fix duplicated section name

Although l3_agent.ini, dhcp_agent.ini and metadata_agent.ini have
"AGENT" section as default, devstack added "agent" section.

Change-Id: Ie4034257d8aed00d67e3f28e7dd3b05cc5d89fc4
---
 lib/neutron-legacy | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 7dddde15fd..a6743c31fa 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -960,9 +960,9 @@ function _configure_neutron_debug_command {
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper "$Q_RR_COMMAND"
+    iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $NEUTRON_TEST_CONFIG_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+        iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
 
     _neutron_setup_interface_driver $NEUTRON_TEST_CONFIG_FILE
@@ -977,9 +977,9 @@ function _configure_neutron_dhcp_agent {
     iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
     iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $Q_DHCP_CONF_FILE agent root_helper "$Q_RR_COMMAND"
+    iniset $Q_DHCP_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $Q_DHCP_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+        iniset $Q_DHCP_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
 
     if ! is_service_enabled q-l3; then
@@ -1012,9 +1012,9 @@ function _configure_neutron_l3_agent {
     iniset $Q_L3_CONF_FILE DEFAULT verbose True
     iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
-    iniset $Q_L3_CONF_FILE agent root_helper "$Q_RR_COMMAND"
+    iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $Q_L3_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+        iniset $Q_L3_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
 
     _neutron_setup_interface_driver $Q_L3_CONF_FILE
@@ -1036,9 +1036,9 @@ function _configure_neutron_metadata_agent {
     iniset $Q_META_CONF_FILE DEFAULT verbose True
     iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
-    iniset $Q_META_CONF_FILE agent root_helper "$Q_RR_COMMAND"
+    iniset $Q_META_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
-        iniset $Q_META_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
+        iniset $Q_META_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
 
     # Configures keystone for metadata_agent

From 0612b485d3646e40ea0f70dfaadd7705a2b10c71 Mon Sep 17 00:00:00 2001
From: Tomoki Sekiyama 
Date: Tue, 18 Aug 2015 18:51:24 -0400
Subject: [PATCH 0870/3421] Ironic: Fix tag ID detection of tap devices

On Linux kernel 4.1, `ip link` reports peer interface name for
each Open vSwitch interface, like:
  $ ip link
  ...
  71: ovs-tap1@brbm-tap1:  ...
              ~~~~~~~~~~
Currently it is regarded as a part of interface name, so
causes failure in tap id detection from ovs-vsctl output,
that results into ironic deployment failure.
This patch removes the peer name from the interface name.

Change-Id: Id3b181fa821e9bff1afabef4d63964f61fa49a65
Closes-Bug: #1486273
---
 lib/ironic | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index b3ad586923..d9c3396944 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -505,9 +505,9 @@ function create_ovs_taps {
     sleep 10
 
     if  [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-        local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -b2-)
+        local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
     else
-        local tapdev=$(sudo ip link list | grep " tap" | cut -d':' -f2 | cut -b2-)
+        local tapdev=$(sudo ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
     fi
     local tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
 

From 2d91fe8a6ba466c57bae9c7f16ece1d1cc6d7563 Mon Sep 17 00:00:00 2001
From: Shashank Hegde 
Date: Tue, 18 Aug 2015 18:33:55 -0700
Subject: [PATCH 0871/3421] Cloning requirements repository before pip install

The commit 05aa3846a0402edc9cc49f4ba36f09592004b273 into devstack exposed a bug
where pip_install is called before the requirements repository is cloned. This
change ensures that the requirements repository exists before pip_install is
called.

Change-Id: I60b157fc98691764a69cf022852e7a95fc50cdd7
Closes-Bug: #1486304
---
 stack.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/stack.sh b/stack.sh
index 341df7fc92..639f72b1bc 100755
--- a/stack.sh
+++ b/stack.sh
@@ -683,6 +683,11 @@ save_stackenv $LINENO
 
 # OpenStack uses a fair number of other projects.
 
+# Bring down global requirements before any use of pip_install. This is
+# necessary to ensure that the constraints file is in place before we
+# attempt to apply any constraints to pip installs.
+git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
+
 # Install package requirements
 # Source it so the entire environment is available
 echo_summary "Installing package prerequisites"
@@ -695,11 +700,6 @@ fi
 
 TRACK_DEPENDS=${TRACK_DEPENDS:-False}
 
-# Bring down global requirements before any use of pip_install. This is
-# necessary to ensure that the constraints file is in place before we
-# attempt to apply any constraints to pip installs.
-git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
-
 # Install Python packages into a virtualenv so that we can track them
 if [[ $TRACK_DEPENDS = True ]]; then
     echo_summary "Installing Python packages into a virtualenv $DEST/.venv"

From 67168e807adfaff996bf2767601fde0d8cb16c02 Mon Sep 17 00:00:00 2001
From: Mahito 
Date: Tue, 18 Aug 2015 23:59:29 -0700
Subject: [PATCH 0872/3421] Add "source $TOP_DIR/lib/lvm" to clean.sh

When clean.sh is executed, it shows "command not found" messages.
Commands are defined in lib/lvm, however lib/lvm doesn't include clean.sh.
This pache add lib/lvm to clean.sh.

Change-Id: I56672e949d25f7cdcda879badd992f849d06c749
Closes-Bug: 1486392
---
 clean.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/clean.sh b/clean.sh
index 74bcaee924..78e2a7a826 100755
--- a/clean.sh
+++ b/clean.sh
@@ -41,6 +41,7 @@ source $TOP_DIR/lib/rpc_backend
 source $TOP_DIR/lib/tls
 
 source $TOP_DIR/lib/oslo
+source $TOP_DIR/lib/lvm
 source $TOP_DIR/lib/horizon
 source $TOP_DIR/lib/keystone
 source $TOP_DIR/lib/glance

From d6456e67589a78f50f71e93fd789c1423513ab60 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Wed, 19 Aug 2015 10:33:23 -0400
Subject: [PATCH 0873/3421] Ability to specify keystone v3 in nova.conf for
 neutron

As part of moving components to use keystone v3, this review
allows nova.conf's [neutron] section to switch to using the
auth_plugin in keystoneclient for talking to keystone /v3 API

Change-Id: I42502bff147534199096fb581630b8559f311963
---
 lib/neutron-legacy | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 9206fe1754..c4d2dd5f7e 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -471,11 +471,21 @@ function configure_neutron {
 
 function create_nova_conf_neutron {
     iniset $NOVA_CONF DEFAULT network_api_class "nova.network.neutronv2.api.API"
-    iniset $NOVA_CONF neutron admin_username "$Q_ADMIN_USERNAME"
-    iniset $NOVA_CONF neutron admin_password "$SERVICE_PASSWORD"
-    iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
+
+
+    if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
+        iniset $NOVA_CONF neutron auth_plugin "v3password"
+        iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+        iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
+        iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
+        iniset $NOVA_CONF neutron user_domain_name "default"
+    else
+        iniset $NOVA_CONF neutron admin_username "$Q_ADMIN_USERNAME"
+        iniset $NOVA_CONF neutron admin_password "$SERVICE_PASSWORD"
+        iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
+        iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
+    fi
     iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
-    iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
     iniset $NOVA_CONF neutron region_name "$REGION_NAME"
     iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT"
 

From b203d0c71aeb155ae194650004f3a10335801b0f Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Wed, 12 Aug 2015 11:58:11 -0400
Subject: [PATCH 0874/3421] do not redefine path in elasticsearch

in I0272d56bc2e50e8174db78bd449f65f60f7f4000, we reset DEST value
when installing elasticsearch. it gets set to /opt/stack/ which is
not always correct in gate causing the path to be wrong and
elasticseach cannot be installed. we should reuse DEST from stackrc

Change-Id: Ia3a2383ada30c4e92c37386aedd6164c69cac60a
Closes-Bug: #1484182
---
 pkg/elasticsearch.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/pkg/elasticsearch.sh b/pkg/elasticsearch.sh
index 79f67a0179..14d13cf733 100755
--- a/pkg/elasticsearch.sh
+++ b/pkg/elasticsearch.sh
@@ -6,9 +6,7 @@
 # step can probably be factored out to something nicer
 TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
 FILES=$TOP_DIR/files
-source $TOP_DIR/functions
-DEST=${DEST:-/opt/stack}
-source $TOP_DIR/lib/infra
+source $TOP_DIR/stackrc
 
 # Package source and version, all pkg files are expected to have
 # something like this, as well as a way to override them.

From 9b21f98ce0aa5093e477bab68aede5af0fb8d9ad Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Thu, 20 Aug 2015 23:37:04 +0300
Subject: [PATCH 0875/3421] Add region definition to swift3

Swift3 should be in the same region as all other cloud.
By default it has regaion name 'US'. It's ok for requests
that signed by version 1 of signature because they haven't
region information in request.
But S3 signature of version 4 protocol sends region name to server
and swift3 plugin checks that input region equals to internal.
And because all cloud lives with 'RegionOne' then swift3 fails
request because it has 'US' region name by default.

Change-Id: Icd817183b1a040110372a8ae5d73fd2f0ec5559c
Related-Bug: #1411078
---
 lib/swift | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/swift b/lib/swift
index dac121be0c..233a493acb 100644
--- a/lib/swift
+++ b/lib/swift
@@ -455,6 +455,7 @@ admin_password = ${SERVICE_PASSWORD}
 
 [filter:swift3]
 use = egg:swift3#swift3
+location = ${REGION_NAME}
 EOF
     fi
 

From dca06dc7dec148cac2d9e27cdb20d7d26bb0a941 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Thu, 20 Aug 2015 13:56:57 -0700
Subject: [PATCH 0876/3421] Enable nbd if you're running an lxc virt_type
 without an lvm backend

If nbd isn't enabled you can't boot instances with libvirt using lxc
(unless you're using an lvm backend).

Closes-Bug: #1487195

Co-Authored-By: Andrew Melton 

Change-Id: I08c4d498ed35166f566291d9530ca1ecfae05625
---
 lib/nova | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/nova b/lib/nova
index 6441a891eb..087cac6016 100644
--- a/lib/nova
+++ b/lib/nova
@@ -354,6 +354,12 @@ function configure_nova {
                             sudo mount /cgroup
                         fi
                     fi
+
+                    # enable nbd for lxc unless you're using an lvm backend
+                    # otherwise you can't boot instances
+                    if [[ "$NOVA_BACKEND" != "LVM" ]]; then
+                        sudo modprobe nbd
+                    fi
                 fi
             fi
         fi

From 485c962667631e4f321ee2513729718305f4f372 Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Mon, 24 Aug 2015 22:55:19 +0300
Subject: [PATCH 0877/3421] Fix create_userrc.sh script

Patchset fixes calculating EC2_URL/S3_URL for user rc files in 'accrc' directory.
Currently calculation of these url's uses 'openstack endpoint show' command
without specifying os-identity-v3 flag. But output is empty without such flag.
So this patchset uses same construction as exists in functions-common.

Change-Id: Ia4f2510750fa0f46e2f1d58cf0a7a16782f022b3
---
 tools/create_userrc.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index c2dbe1aeb4..de44abbbe5 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -158,12 +158,12 @@ fi
 
 export -n SERVICE_TOKEN SERVICE_ENDPOINT OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
 
-EC2_URL=$(openstack endpoint show -f value -c publicurl ec2 || true)
+EC2_URL=$(openstack endpoint list --service ec2 --interface public --os-identity-api-version=3 -c URL -f value || true)
 if [[ -z $EC2_URL ]]; then
     EC2_URL=http://localhost:8773/
 fi
 
-S3_URL=$(openstack endpoint show -f value -c publicurl s3 || true)
+S3_URL=$(openstack endpoint list --service s3 --interface public --os-identity-api-version=3 -c URL -f value || true)
 if [[ -z $S3_URL ]]; then
     S3_URL=http://localhost:3333
 fi

From 403fbb1d33a3bbb0901d1a696ef68a3fe099dd70 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Mon, 24 Aug 2015 21:17:37 -0400
Subject: [PATCH 0878/3421] Fix trueorfalse call in tempest use accounts check

The lib/tempest variable definition for TEMPEST_USE_TEST_ACCOUNTS was
incorrectly calling the trueorfalse function by passing the variable's
value to the function instead of the variable's name. This was causing
trueorfalse the default value of false to always be returned even when
specifying the option as true in the localrc. (well assuming True or
it's variants wasn't an actual defined variable with a value that
would return true) This commit fixes this issue by properly using the
trueorfalse function.

Change-Id: I8cefb58f49dcd2cb2def8a5071d0892af520e7f7
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index e7f825f417..fe63015c5d 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -89,7 +89,7 @@ TEMPEST_HAS_ADMIN=$(trueorfalse True TEMPEST_HAS_ADMIN)
 
 # Credential provider configuration option variables
 TEMPEST_ALLOW_TENANT_ISOLATION=${TEMPEST_ALLOW_TENANT_ISOLATION:-$TEMPEST_HAS_ADMIN}
-TEMPEST_USE_TEST_ACCOUNTS=$(trueorfalse False $TEMPEST_USE_TEST_ACCOUNTS)
+TEMPEST_USE_TEST_ACCOUNTS=$(trueorfalse False TEMPEST_USE_TEST_ACCOUNTS)
 
 # The number of workers tempest is expected to be run with. This is used for
 # generating a accounts.yaml for running with test-accounts. This is also the

From b274dbd7d04b643932fc583e2901353cfded45c3 Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Tue, 25 Aug 2015 10:01:39 -0400
Subject: [PATCH 0879/3421] Fix syntax error on if else statement

This commit fixes an simple syntax error on an else statement causing
it to crash instead of eval. Clearly someone has been writing too much
python and not enough bash.

Change-Id: I81d2324abd17790dc4790147f210ad7d9f0db74b
---
 lib/tempest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index fe63015c5d..be24da6b61 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -555,7 +555,7 @@ function configure_tempest {
     if [[ $TEMPEST_USE_TEST_ACCOUNTS == "True" ]]; then
         if [[ $TEMPEST_HAS_ADMIN == "True" ]]; then
             tempest-account-generator -c $TEMPEST_CONFIG --os-username $ADMIN_USERNAME --os-password $ADMIN_PASSWORD --os-tenant-name $ADMIN_TENANT_NAME -r $TEMPEST_CONCURRENCY --with-admin etc/accounts.yaml
-        else:
+        else
             tempest-account-generator -c $TEMPEST_CONFIG --os-username $ADMIN_USERNAME --os-password $ADMIN_PASSWORD --os-tenant-name $ADMIN_TENANT_NAME -r $TEMPEST_CONCURRENCY etc/accounts.yaml
         fi
         iniset $TEMPEST_CONFIG auth allow_tenant_isolation False

From 2ad1a42ca667ff21e6f7d2ae906be23a20430036 Mon Sep 17 00:00:00 2001
From: Brant Knudson 
Date: Tue, 23 Jun 2015 10:53:50 -0500
Subject: [PATCH 0880/3421] Use keystone wsgi_scripts

Devstack was setting up a separate directory and copying
http/keystone.py into it for the admin and public endpoints.

Keystone now defines wsgi_scripts entrypoints so that
keystone-wsgi-admin and keystone-wsgi-public are created on
install so devstack can reference these files instead.

See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow|Deny/Require
directives.

Depends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Change-Id: Ided688be62b64066d90776313c963ec5016363f2
---
 files/apache-keystone.template | 24 ++++++++++++++++++++++--
 lib/keystone                   | 15 +--------------
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 6dd1ad9ea6..4d3d2d6623 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -5,7 +5,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
 
     WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup keystone-public
-    WSGIScriptAlias / %PUBLICWSGI%
+    WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
     WSGIApplicationGroup %{GLOBAL}
     WSGIPassAuthorization On
     = 2.4>
@@ -16,12 +16,22 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
+
+    
+        = 2.4>
+            Require all granted
+        
+        
+            Order allow,deny
+            Allow from all
+        
+    
 
 
 
     WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup keystone-admin
-    WSGIScriptAlias / %ADMINWSGI%
+    WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
     WSGIApplicationGroup %{GLOBAL}
     WSGIPassAuthorization On
     = 2.4>
@@ -32,6 +42,16 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
+
+    
+        = 2.4>
+            Require all granted
+        
+        
+            Order allow,deny
+            Allow from all
+        
+    
 
 
 Alias /identity %PUBLICWSGI%
diff --git a/lib/keystone b/lib/keystone
index e2448c9068..921dc766dd 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -51,11 +51,6 @@ fi
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
-if is_suse; then
-    KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone}
-else
-    KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
-fi
 
 # Set up additional extensions, such as oauth1, federation
 # Example of KEYSTONE_EXTENSIONS=oauth1,federation
@@ -132,14 +127,11 @@ function cleanup_keystone {
 
 # _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
 function _cleanup_keystone_apache_wsgi {
-    sudo rm -f $KEYSTONE_WSGI_DIR/*
     sudo rm -f $(apache_site_config_for keystone)
 }
 
 # _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
 function _config_keystone_apache_wsgi {
-    sudo mkdir -p $KEYSTONE_WSGI_DIR
-
     local keystone_apache_conf=$(apache_site_config_for keystone)
     local keystone_ssl=""
     local keystone_certfile=""
@@ -161,22 +153,17 @@ function _config_keystone_apache_wsgi {
         venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
     fi
 
-    # copy proxy vhost and wsgi file
-    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
-    sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
-
     sudo cp $FILES/apache-keystone.template $keystone_apache_conf
     sudo sed -e "
         s|%PUBLICPORT%|$keystone_service_port|g;
         s|%ADMINPORT%|$keystone_auth_port|g;
         s|%APACHE_NAME%|$APACHE_NAME|g;
-        s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
-        s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
         s|%SSLENGINE%|$keystone_ssl|g;
         s|%SSLCERTFILE%|$keystone_certfile|g;
         s|%SSLKEYFILE%|$keystone_keyfile|g;
         s|%USER%|$STACK_USER|g;
         s|%VIRTUALENV%|$venv_path|g
+        s|%KEYSTONE_BIN%|$KEYSTONE_BIN_DIR|g
     " -i $keystone_apache_conf
 }
 

From 091d1ff39d47bf9bebf564b11bbbe5edc984340b Mon Sep 17 00:00:00 2001
From: Henry Gessau 
Date: Sun, 5 Jul 2015 08:55:18 -0400
Subject: [PATCH 0881/3421] Neutron auto-discovers installed alembic_migrations

Neutron and its sub-projects have been made more intelligent about the
alembic migrations of installed sub-projects. Neutron will now
discover the installed migrations and run them automatically.

Partial-Bug: #1470625

Change-Id: Iec8993b02400ae306abf520e6e70d86bba042c8d
---
 lib/neutron-legacy | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index da8c06446c..35ca402087 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -609,16 +609,6 @@ function init_neutron {
     recreate_database $Q_DB_NAME
     # Run Neutron db migrations
     $NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-    for svc in fwaas lbaas vpnaas; do
-        if [ "$svc" = "vpnaas" ]; then
-            q_svc="q-vpn"
-        else
-            q_svc="q-$svc"
-        fi
-        if is_service_enabled $q_svc; then
-            $NEUTRON_BIN_DIR/neutron-db-manage --service $svc --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
-        fi
-    done
 }
 
 # install_neutron() - Collect source and prepare

From 925c256cd45bd845c8dd03827ae9c26f43ad5481 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Tue, 25 Aug 2015 13:40:25 -0700
Subject: [PATCH 0882/3421] Remove NOVA_VIF_DRIVER variable

Commit 7561c8ded211d53e8745d1420a73b82bd0fc35cf removed the
libvirt.vif_driver option from Nova in Juno so we should remove the
variable from devstack since it's useless / confusing.

Change-Id: I70a8cb4a3606eb5eabd3c0ef331945e72c80543a
---
 lib/neutron-legacy                 | 5 +----
 lib/neutron_plugins/README.md      | 4 +---
 lib/neutron_plugins/brocade        | 2 +-
 lib/neutron_plugins/ibm            | 1 -
 lib/neutron_plugins/nuage          | 1 -
 lib/neutron_plugins/oneconvergence | 1 -
 6 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index da8c06446c..f381f6ebec 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -158,8 +158,6 @@ Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
 Q_USE_DEBUG_COMMAND=${Q_USE_DEBUG_COMMAND:-False}
 # The name of the default q-l3 router
 Q_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
-# nova vif driver that all plugins should use
-NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
 Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
 Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
 VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
@@ -485,10 +483,9 @@ function create_nova_conf_neutron {
         iniset $NOVA_CONF DEFAULT security_group_api neutron
     fi
 
-    # set NOVA_VIF_DRIVER and optionally set options in nova_conf
+    # optionally set options in nova_conf
     neutron_plugin_create_nova_conf
 
-    iniset $NOVA_CONF libvirt vif_driver "$NOVA_VIF_DRIVER"
     iniset $NOVA_CONF DEFAULT linuxnet_interface_driver "$LINUXNET_VIF_DRIVER"
     if is_service_enabled q-meta; then
         iniset $NOVA_CONF neutron service_metadata_proxy "True"
diff --git a/lib/neutron_plugins/README.md b/lib/neutron_plugins/README.md
index 4b220d3377..f03000e7cb 100644
--- a/lib/neutron_plugins/README.md
+++ b/lib/neutron_plugins/README.md
@@ -16,9 +16,7 @@ functions
 ``lib/neutron-legacy`` calls the following functions when the ``$Q_PLUGIN`` is enabled
 
 * ``neutron_plugin_create_nova_conf`` :
-  set ``NOVA_VIF_DRIVER`` and optionally set options in nova_conf
-  e.g.
-  NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
+  optionally set options in nova_conf
 * ``neutron_plugin_install_agent_packages`` :
   install packages that is specific to plugin agent
   e.g.
diff --git a/lib/neutron_plugins/brocade b/lib/neutron_plugins/brocade
index b8166d9af9..557b94dec0 100644
--- a/lib/neutron_plugins/brocade
+++ b/lib/neutron_plugins/brocade
@@ -12,7 +12,7 @@ function is_neutron_ovs_base_plugin {
 }
 
 function neutron_plugin_create_nova_conf {
-    NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
+    :
 }
 
 function neutron_plugin_install_agent_packages {
diff --git a/lib/neutron_plugins/ibm b/lib/neutron_plugins/ibm
index 3660a9f2b9..dd5cfa6694 100644
--- a/lib/neutron_plugins/ibm
+++ b/lib/neutron_plugins/ibm
@@ -42,7 +42,6 @@ function neutron_setup_integration_bridge {
 }
 
 function neutron_plugin_create_nova_conf {
-    NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
     # if n-cpu is enabled, then setup integration bridge
     if is_service_enabled n-cpu; then
         neutron_setup_integration_bridge
diff --git a/lib/neutron_plugins/nuage b/lib/neutron_plugins/nuage
index 7bce233853..9e5307ba53 100644
--- a/lib/neutron_plugins/nuage
+++ b/lib/neutron_plugins/nuage
@@ -10,7 +10,6 @@ set +o xtrace
 function neutron_plugin_create_nova_conf {
     NOVA_OVS_BRIDGE=${NOVA_OVS_BRIDGE:-"br-int"}
     iniset $NOVA_CONF neutron ovs_bridge $NOVA_OVS_BRIDGE
-    NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
     LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
     iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
 }
diff --git a/lib/neutron_plugins/oneconvergence b/lib/neutron_plugins/oneconvergence
index 48a368a967..0c570e534b 100644
--- a/lib/neutron_plugins/oneconvergence
+++ b/lib/neutron_plugins/oneconvergence
@@ -68,7 +68,6 @@ function neutron_plugin_configure_plugin_agent {
 }
 
 function neutron_plugin_create_nova_conf {
-    NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
     if ( is_service_enabled n-cpu && ! ( is_service_enabled q-dhcp )) ; then
         setup_integration_bridge
     fi

From d20435bdd4fb5ea856497c797376517ed516d833 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Tue, 25 Aug 2015 19:24:51 -0400
Subject: [PATCH 0883/3421] Filter out temporary addresses

Some IPv6 addresses are temporary and are generated by IPv6 privacy
extensions. They eventually expire and are regenerated, so we should
filter them out.

Change-Id: I916d6a335bab096f765ae8c7e0e540a4349dd15f
Closes-Bug: #1488691
---
 functions-common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index f6a525354f..446de5374f 100644
--- a/functions-common
+++ b/functions-common
@@ -591,7 +591,7 @@ function get_default_host_ip {
         host_ip=""
         # Find the interface used for the default route
         host_ip_iface=${host_ip_iface:-$(ip -f $af route | awk '/default/ {print $5}' | head -1)}
-        local host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | awk /$af'/ {split($2,parts,"/");  print parts[1]}')
+        local host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | sed /temporary/d |awk /$af'/ {split($2,parts,"/");  print parts[1]}')
         local ip
         for ip in $host_ips; do
             # Attempt to filter out IP addresses that are part of the fixed and

From 346edcc532719f6f29471920f9434b6d5300d43a Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 26 Aug 2015 09:38:37 -0400
Subject: [PATCH 0884/3421] check all possible services when configuring
 tempest

The previous approach assumed that devstack in tree service support
would always be a super set of tempest. That's not necessarily
true. Instead when configuring tempest we should look at all the
possible services that tempest could know about, which will let us
disable services we don't have support for.

Change-Id: I9c24705e494689f09a885eb0a640efd50db33fcf
---
 lib/ceilometer     | 3 ---
 lib/cinder         | 3 ---
 lib/glance         | 3 ---
 lib/heat           | 4 ----
 lib/horizon        | 4 ----
 lib/ironic         | 3 ---
 lib/neutron-legacy | 4 ----
 lib/nova           | 4 ----
 lib/swift          | 4 ----
 lib/tempest        | 5 +++++
 lib/zaqar          | 4 ----
 stackrc            | 6 ------
 12 files changed, 5 insertions(+), 42 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index 3df75b7300..d1cc862160 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -102,9 +102,6 @@ CEILOMETER_EVENTS=${CEILOMETER_EVENTS:-True}
 CEILOMETER_COORDINATION_URL=${CEILOMETER_COORDINATION_URL:-}
 CEILOMETER_PIPELINE_INTERVAL=${CEILOMETER_PIPELINE_INTERVAL:-}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,ceilometer
-
 
 # Functions
 # ---------
diff --git a/lib/cinder b/lib/cinder
index e5ed2db1a3..26277ccaba 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -108,9 +108,6 @@ CINDER_PERIODIC_INTERVAL=${CINDER_PERIODIC_INTERVAL:-60}
 
 CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,cinder
-
 
 # Source the enabled backends
 if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
diff --git a/lib/glance b/lib/glance
index b1b0f32f62..7be3a8495c 100644
--- a/lib/glance
+++ b/lib/glance
@@ -75,9 +75,6 @@ GLANCE_SEARCH_PORT=${GLANCE_SEARCH_PORT:-9393}
 GLANCE_SEARCH_PORT_INT=${GLANCE_SEARCH_PORT_INT:-19393}
 GLANCE_SEARCH_HOSTPORT=${GLANCE_SEARCH_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SEARCH_PORT}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,glance
-
 # Functions
 # ---------
 
diff --git a/lib/heat b/lib/heat
index cedddd2d26..3489578162 100644
--- a/lib/heat
+++ b/lib/heat
@@ -64,10 +64,6 @@ else
     HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
 fi
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,heat
-
-
 # Functions
 # ---------
 
diff --git a/lib/horizon b/lib/horizon
index 9fe0aa8b49..b2539d1b7d 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -35,10 +35,6 @@ HORIZON_DIR=$DEST/horizon
 # The example file in Horizon repo is used by default.
 HORIZON_SETTINGS=${HORIZON_SETTINGS:-$HORIZON_DIR/openstack_dashboard/local/local_settings.py.example}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,horizon
-
-
 # Functions
 # ---------
 
diff --git a/lib/ironic b/lib/ironic
index b3ad586923..cc1dfe31d9 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -114,9 +114,6 @@ IRONIC_SERVICE_PROTOCOL=http
 IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385}
 IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,ironic
-
 # Enable iPXE
 IRONIC_IPXE_ENABLED=$(trueorfalse False IRONIC_IPXE_ENABLED)
 IRONIC_HTTP_DIR=${IRONIC_HTTP_DIR:-$IRONIC_DATA_DIR/httpboot}
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index da8c06446c..9fb668ef81 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -358,10 +358,6 @@ else
     Q_USE_SECGROUP=False
 fi
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,neutron
-
-
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
 set +o xtrace
diff --git a/lib/nova b/lib/nova
index 6441a891eb..d4be019ae3 100644
--- a/lib/nova
+++ b/lib/nova
@@ -167,10 +167,6 @@ NOVA_ALLOW_MOVE_TO_SAME_HOST=$(trueorfalse True NOVA_ALLOW_MOVE_TO_SAME_HOST)
 TEST_FLOATING_POOL=${TEST_FLOATING_POOL:-test}
 TEST_FLOATING_RANGE=${TEST_FLOATING_RANGE:-192.168.253.0/29}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,nova
-
-
 # Functions
 # ---------
 
diff --git a/lib/swift b/lib/swift
index fc736a60bc..b119d2fd35 100644
--- a/lib/swift
+++ b/lib/swift
@@ -141,10 +141,6 @@ SWIFT_TEMPURL_KEY=${SWIFT_TEMPURL_KEY:-}
 # Toggle for deploying Swift under HTTPD + mod_wsgi
 SWIFT_USE_MOD_WSGI=${SWIFT_USE_MOD_WSGI:-False}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,swift
-
-
 # Functions
 # ---------
 
diff --git a/lib/tempest b/lib/tempest
index fe63015c5d..323a90a4cd 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -536,6 +536,11 @@ function configure_tempest {
     fi
 
     # ``service_available``
+    #
+    # this tempest service list needs to be all the services that
+    # tempest supports, otherwise we can have an erroneous set of
+    # defaults (something defaulting true in Tempest, but not listed here).
+    TEMPEST_SERVICES="key,glance,nova,neutron,cinder,swift,heat,ceilometer,horizon,sahara,ironic,trove,zaqar"
     for service in ${TEMPEST_SERVICES//,/ }; do
         if is_service_enabled $service ; then
             iniset $TEMPEST_CONFIG service_available $service "True"
diff --git a/lib/zaqar b/lib/zaqar
index fdab3a26a8..aa21aac271 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -59,10 +59,6 @@ ZAQAR_SERVICE_HOST=${ZAQAR_SERVICE_HOST:-$SERVICE_HOST}
 ZAQAR_SERVICE_PORT=${ZAQAR_SERVICE_PORT:-8888}
 ZAQAR_SERVICE_PROTOCOL=${ZAQAR_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
-# Tell Tempest this project is present
-TEMPEST_SERVICES+=,zaqar
-
-
 # Functions
 # ---------
 
diff --git a/stackrc b/stackrc
index 156cb1f85a..67b6424aab 100644
--- a/stackrc
+++ b/stackrc
@@ -78,12 +78,6 @@ fi
 # services will rely on the local toggle variable (e.g. ``KEYSTONE_USE_MOD_WSGI``)
 ENABLE_HTTPD_MOD_WSGI_SERVICES=True
 
-# Tell Tempest which services are available.  The default is set here as
-# Tempest falls late in the configuration sequence.  This differs from
-# ``ENABLED_SERVICES`` in that the project names are used here rather than
-# the service names, i.e.: ``TEMPEST_SERVICES="key,glance,nova"``
-TEMPEST_SERVICES=""
-
 # Set the default Nova APIs to enable
 NOVA_ENABLED_APIS=ec2,osapi_compute,metadata
 

From 869b72b8512d73d24b42e0fa5c39b8dc0d7b28f7 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur 
Date: Thu, 13 Aug 2015 13:36:23 +0200
Subject: [PATCH 0885/3421] Support installing ironic-lib

ironic-lib will soon become a dependency of ironic, make sure we can
write dsvm gates against it.

Change-Id: I6e66ae770cf5065980848e7e987bfd75765a5ac6
---
 lib/ironic                   | 7 +++++++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index b3ad586923..6fb5184af9 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -31,6 +31,7 @@ set +o pipefail
 
 # Set up default directories
 GITDIR["python-ironicclient"]=$DEST/python-ironicclient
+GITDIR["ironic-lib"]=$DEST/ironic-lib
 
 IRONIC_DIR=$DEST/ironic
 IRONIC_PYTHON_AGENT_DIR=$DEST/ironic-python-agent
@@ -191,6 +192,12 @@ function install_ironic {
             die $LINENO "$srv should be enabled for Ironic."
         fi
     done
+
+    if use_library_from_git "ironic-lib"; then
+        git_clone_by_name "ironic-lib"
+        setup_dev_lib "ironic-lib"
+    fi
+
     git_clone $IRONIC_REPO $IRONIC_DIR $IRONIC_BRANCH
     setup_develop $IRONIC_DIR
 
diff --git a/stackrc b/stackrc
index 156cb1f85a..760e2fc745 100644
--- a/stackrc
+++ b/stackrc
@@ -455,6 +455,10 @@ GITBRANCH["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_BRANCH:-master}
 GITREPO["os-brick"]=${OS_BRICK_REPO:-${GIT_BASE}/openstack/os-brick.git}
 GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master}
 
+# ironic common lib
+GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git}
+GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master}
+
 
 ##################
 #
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index d10cd0ee62..cf6ec1cbff 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -41,7 +41,7 @@ ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
 ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
 ALL_LIBS+=" oslo.cache oslo.reports"
-ALL_LIBS+=" keystoneauth"
+ALL_LIBS+=" keystoneauth ironic-lib"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From 7d5be299206e801d39e0e07eec54dfc5948a15a5 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 10 Aug 2015 13:39:17 +1000
Subject: [PATCH 0886/3421] Move configuration notes into configuration guide

We have configuration information split between the README.md and
configuration documentation.  A lot of it is duplicated and it shows
little organisation.

This clears the README.md of detailed configuration options and
consolidates it into the existing configuration guide.  When someone
first hits the README they don't need details on changing the RPC
back-end; but more importantly this indicates clearly where we should
be adding or clarifying details.

Firstly, the detailed overview of local.conf is removed; it was
duplicated in the configuration guide.  This is left as a first-level
section of that guide.

The configuration notes are divided into generic devstack things
(logging, database-backend, etc) and then the rest of the notes on
various projects' configuration options have been moved into a
dedicated sub-section "Projects".

Each project gets its own sub-sub-section.  Duplicated swift guides is
consolidated into the single "Swift section". The neutron and
multi-node nodes, which were all duplicated in their more specific
dedicated guides are removed and replaced with links to those.  Other
sections are moved directly.

Change-Id: Ib0bac56d82be870fe99c47c53fda674d8668b968
---
 README.md                    | 345 +---------------------------------
 doc/source/configuration.rst | 351 +++++++++++++++++++++++++----------
 2 files changed, 255 insertions(+), 441 deletions(-)

diff --git a/README.md b/README.md
index acc3e5a747..df0df917a4 100644
--- a/README.md
+++ b/README.md
@@ -93,345 +93,14 @@ for example).
 
 # Customizing
 
-You can override environment variables used in `stack.sh` by creating file
-name `local.conf` with a ``localrc`` section as shown below.  It is likely
-that you will need to do this to tweak your networking configuration should
-you need to access your cloud from a different host.
+You can override environment variables used in `stack.sh` by creating
+file name `local.conf` with a ``localrc`` section as shown below.  It
+is likely that you will need to do this to tweak several settings for
+your environment.
 
     [[local|localrc]]
     VARIABLE=value
 
-See the **Local Configuration** section below for more details.
-
-# Database Backend
-
-Multiple database backends are available. The available databases are defined
-in the lib/databases directory.
-`mysql` is the default database, choose a different one by putting the
-following in the `localrc` section:
-
-    disable_service mysql
-    enable_service postgresql
-
-`mysql` is the default database.
-
-# RPC Backend
-
-Support for a RabbitMQ RPC backend is included. Additional RPC backends may
-be available via external plugins.  Enabling or disabling RabbitMQ is handled
-via the usual service functions and ``ENABLED_SERVICES``.
-
-Example disabling RabbitMQ in ``local.conf``:
-
-    disable_service rabbit
-
-# Apache Frontend
-
-Apache web server can be enabled for wsgi services that support being deployed
-under HTTPD + mod_wsgi. By default, services that recommend running under
-HTTPD + mod_wsgi are deployed under Apache. To use an alternative deployment
-strategy (e.g. eventlet) for services that support an alternative to HTTPD +
-mod_wsgi set ``ENABLE_HTTPD_MOD_WSGI_SERVICES`` to ``False`` in your
-``local.conf``.
-
-Each service that can be run under HTTPD + mod_wsgi also has an override
-toggle available that can be set in your ``local.conf``.
-
-Keystone is run under HTTPD + mod_wsgi by default.
-
-Example (Keystone):
-
-    KEYSTONE_USE_MOD_WSGI="True"
-
-Example (Nova):
-
-    NOVA_USE_MOD_WSGI="True"
-
-Example (Swift):
-
-    SWIFT_USE_MOD_WSGI="True"
-
-# Swift
-
-Swift is disabled by default.  When enabled, it is configured with
-only one replica to avoid being IO/memory intensive on a small
-vm. When running with only one replica the account, container and
-object services will run directly in screen. The others services like
-replicator, updaters or auditor runs in background.
-
-If you would like to enable Swift you can add this to your `localrc` section:
-
-    enable_service s-proxy s-object s-container s-account
-
-If you want a minimal Swift install with only Swift and Keystone you
-can have this instead in your `localrc` section:
-
-    disable_all_services
-    enable_service key mysql s-proxy s-object s-container s-account
-
-If you only want to do some testing of a real normal swift cluster
-with multiple replicas you can do so by customizing the variable
-`SWIFT_REPLICAS` in your `localrc` section (usually to 3).
-
-# Swift S3
-
-If you are enabling `swift3` in `ENABLED_SERVICES` DevStack will
-install the swift3 middleware emulation. Swift will be configured to
-act as a S3 endpoint for Keystone so effectively replacing the
-`nova-objectstore`.
-
-Only Swift proxy server is launched in the screen session all other
-services are started in background and managed by `swift-init` tool.
-
-# Neutron
-
-Basic Setup
-
-In order to enable Neutron in a single node setup, you'll need the
-following settings in your `local.conf`:
-
-    disable_service n-net
-    enable_service q-svc
-    enable_service q-agt
-    enable_service q-dhcp
-    enable_service q-l3
-    enable_service q-meta
-    enable_service q-metering
-
-Then run `stack.sh` as normal.
-
-DevStack supports setting specific Neutron configuration flags to the
-service, ML2 plugin, DHCP and L3 configuration files:
-
-    [[post-config|/$Q_PLUGIN_CONF_FILE]]
-    [ml2]
-    mechanism_drivers=openvswitch,l2population
-
-    [[post-config|$NEUTRON_CONF]]
-    [DEFAULT]
-    quota_port=42
-
-    [[post-config|$Q_L3_CONF_FILE]]
-    [DEFAULT]
-    agent_mode=legacy
-
-    [[post-config|$Q_DHCP_CONF_FILE]]
-    [DEFAULT]
-    dnsmasq_dns_servers = 8.8.8.8,8.8.4.4
-
-The ML2 plugin can run with the OVS, LinuxBridge, or Hyper-V agents on compute
-hosts. This is a simple way to configure the ml2 plugin:
-
-    # VLAN configuration
-    ENABLE_TENANT_VLANS=True
-
-    # GRE tunnel configuration
-    ENABLE_TENANT_TUNNELS=True
-
-    # VXLAN tunnel configuration
-    Q_ML2_TENANT_NETWORK_TYPE=vxlan
-
-The above will default in DevStack to using the OVS on each compute host.
-To change this, set the `Q_AGENT` variable to the agent you want to run
-(e.g. linuxbridge).
-
-    Variable Name                    Notes
-    ----------------------------------------------------------------------------
-    Q_AGENT                          This specifies which agent to run with the
-                                     ML2 Plugin (Typically either `openvswitch`
-                                     or `linuxbridge`).
-                                     Defaults to `openvswitch`.
-    Q_ML2_PLUGIN_MECHANISM_DRIVERS   The ML2 MechanismDrivers to load. The default
-                                     is `openvswitch,linuxbridge`.
-    Q_ML2_PLUGIN_TYPE_DRIVERS        The ML2 TypeDrivers to load. Defaults to
-                                     all available TypeDrivers.
-    Q_ML2_PLUGIN_GRE_TYPE_OPTIONS    GRE TypeDriver options. Defaults to
-                                     `tunnel_id_ranges=1:1000'.
-    Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS  VXLAN TypeDriver options. Defaults to
-                                     `vni_ranges=1001:2000`
-    Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS   VLAN TypeDriver options. Defaults to none.
-
-# Heat
-
-Heat is disabled by default (see `stackrc` file). To enable it explicitly
-you'll need the following settings in your `localrc` section:
-
-    enable_service heat h-api h-api-cfn h-api-cw h-eng
-
-Heat can also run in standalone mode, and be configured to orchestrate
-on an external OpenStack cloud. To launch only Heat in standalone mode
-you'll need the following settings in your `localrc` section:
-
-    disable_all_services
-    enable_service rabbit mysql heat h-api h-api-cfn h-api-cw h-eng
-    HEAT_STANDALONE=True
-    KEYSTONE_SERVICE_HOST=...
-    KEYSTONE_AUTH_HOST=...
-
-# Tempest
-
-If tempest has been successfully configured, a basic set of smoke
-tests can be run as follows:
-
-    $ cd /opt/stack/tempest
-    $ tox -efull  tempest.scenario.test_network_basic_ops
-
-By default tempest is downloaded and the config file is generated, but the
-tempest package is not installed in the system's global site-packages (the
-package install includes installing dependences). So tempest won't run
-outside of tox. If you would like to install it add the following to your
-``localrc`` section:
-
-    INSTALL_TEMPEST=True
-
-# DevStack on Xenserver
-
-If you would like to use Xenserver as the hypervisor, please refer
-to the instructions in `./tools/xen/README.md`.
-
-# Additional Projects
-
-DevStack has a hook mechanism to call out to a dispatch script at specific
-points in the execution of `stack.sh`, `unstack.sh` and `clean.sh`.  This
-allows upper-layer projects, especially those that the lower layer projects
-have no dependency on, to be added to DevStack without modifying the core
-scripts.  Tempest is built this way as an example of how to structure the
-dispatch script, see `extras.d/80-tempest.sh`.  See `extras.d/README.md`
-for more information.
-
-# Multi-Node Setup
-
-A more interesting setup involves running multiple compute nodes, with Neutron
-networks connecting VMs on different compute nodes.
-You should run at least one "controller node", which should have a `stackrc`
-that includes at least:
-
-    disable_service n-net
-    enable_service q-svc
-    enable_service q-agt
-    enable_service q-dhcp
-    enable_service q-l3
-    enable_service q-meta
-    enable_service neutron
-
-You likely want to change your `localrc` section to run a scheduler that
-will balance VMs across hosts:
-
-    SCHEDULER=nova.scheduler.filter_scheduler.FilterScheduler
-
-You can then run many compute nodes, each of which should have a `stackrc`
-which includes the following, with the IP address of the above controller node:
-
-    ENABLED_SERVICES=n-cpu,rabbit,neutron,q-agt
-    SERVICE_HOST=[IP of controller node]
-    MYSQL_HOST=$SERVICE_HOST
-    RABBIT_HOST=$SERVICE_HOST
-    Q_HOST=$SERVICE_HOST
-    MATCHMAKER_REDIS_HOST=$SERVICE_HOST
-
-# Multi-Region Setup
-
-We want to setup two devstack (RegionOne and RegionTwo) with shared keystone
-(same users and services) and horizon.
-Keystone and Horizon will be located in RegionOne.
-Full spec is available at:
-https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat.
-
-In RegionOne:
-
-    REGION_NAME=RegionOne
-
-In RegionTwo:
-
-    disable_service horizon
-    KEYSTONE_SERVICE_HOST=
-    KEYSTONE_AUTH_HOST=
-    REGION_NAME=RegionTwo
-
-# Cells
-
-Cells is a new scaling option with a full spec at:
-http://wiki.openstack.org/blueprint-nova-compute-cells.
-
-To setup a cells environment add the following to your `localrc` section:
-
-    enable_service n-cell
-
-Be aware that there are some features currently missing in cells, one notable
-one being security groups.  The exercises have been patched to disable
-functionality not supported by cells.
-
-# IPv6
-
-By default, most Openstack services are bound to 0.0.0.0
-and service endpoints are registered as IPv4 addresses.
-A new variable was created to control this behavior, and to
-allow for operation over IPv6 instead of IPv4.
-
-For this, add the following to `local.conf`:
-
-    SERVICE_IP_VERSION=6
-
-When set to "6" devstack services will open listen sockets on ::
-and service endpoints will be registered using HOST_IPV6 as the
-address.  The default value for this setting is `4`.  Dual-mode
-support, for example `4+6` is not currently supported.
-
-
-# Local Configuration
-
-Historically DevStack has used ``localrc`` to contain all local configuration
-and customizations. More and more of the configuration variables available for
-DevStack are passed-through to the individual project configuration files.
-The old mechanism for this required specific code for each file and did not
-scale well.  This is handled now by a master local configuration file.
-
-# local.conf
-
-The new config file ``local.conf`` is an extended-INI format that introduces
-a new meta-section header that provides some additional information such
-as a phase name and destination config filename:
-
-    [[  |  ]]
-
-where ```` is one of a set of phase names defined by ``stack.sh``
-and ```` is the configuration filename.  The filename is
-eval'ed in the ``stack.sh`` context so all environment variables are
-available and may be used.  Using the project config file variables in
-the header is strongly suggested (see the ``NOVA_CONF`` example below).
-If the path of the config file does not exist it is skipped.
-
-The defined phases are:
-
-* **local** - extracts ``localrc`` from ``local.conf`` before ``stackrc`` is sourced
-* **post-config** - runs after the layer 2 services are configured
-                    and before they are started
-* **extra** - runs after services are started and before any files
-              in ``extra.d`` are executed
-* **post-extra** - runs after files in ``extra.d`` are executed
-
-The file is processed strictly in sequence; meta-sections may be specified more
-than once but if any settings are duplicated the last to appear in the file
-will be used.
-
-    [[post-config|$NOVA_CONF]]
-    [DEFAULT]
-    use_syslog = True
-
-    [osapi_v3]
-    enabled = False
-
-A specific meta-section ``local|localrc`` is used to provide a default
-``localrc`` file (actually ``.localrc.auto``).  This allows all custom
-settings for DevStack to be contained in a single file.  If ``localrc``
-exists it will be used instead to preserve backward-compatibility.
-
-    [[local|localrc]]
-    FIXED_RANGE=10.254.1.0/24
-    ADMIN_PASSWORD=speciale
-    LOGFILE=$DEST/logs/stack.sh.log
-
-Note that ``Q_PLUGIN_CONF_FILE`` is unique in that it is assumed to *NOT*
-start with a ``/`` (slash) character.  A slash will need to be added:
-
-    [[post-config|/$Q_PLUGIN_CONF_FILE]]
+Start by reading the [configuration
+guide](doc/source/configuration.rst) for details of the many available
+options.
\ No newline at end of file
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 90b7d44dec..ed17924d45 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -148,6 +148,34 @@ will not be set if there is no IPv6 address on the default Ethernet interface.
 Setting it here also makes it available for ``openrc`` to set ``OS_AUTH_URL``.
 ``HOST_IPV6`` is not set by default.
 
+Examples
+========
+
+-  Eliminate a Cinder pass-through (``CINDER_PERIODIC_INTERVAL``):
+
+   ::
+
+       [[post-config|$CINDER_CONF]]
+       [DEFAULT]
+       periodic_interval = 60
+
+-  Sample ``local.conf`` with screen logging enabled:
+
+   ::
+
+       [[local|localrc]]
+       FIXED_RANGE=10.254.1.0/24
+       NETWORK_GATEWAY=10.254.1.1
+       LOGDAYS=1
+       LOGDIR=$DEST/logs
+       LOGFILE=$LOGDIR/stack.sh.log
+       ADMIN_PASSWORD=quiet
+       DATABASE_PASSWORD=$ADMIN_PASSWORD
+       RABBIT_PASSWORD=$ADMIN_PASSWORD
+       SERVICE_PASSWORD=$ADMIN_PASSWORD
+       SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
+
+
 Configuration Notes
 ===================
 
@@ -228,6 +256,72 @@ to direct the message stream to the log host.  |
         SYSLOG_HOST=$HOST_IP
         SYSLOG_PORT=516
 
+
+Database Backend
+----------------
+
+Multiple database backends are available. The available databases are defined
+in the lib/databases directory.
+`mysql` is the default database, choose a different one by putting the
+following in the `localrc` section:
+
+   ::
+
+      disable_service mysql
+      enable_service postgresql
+
+`mysql` is the default database.
+
+RPC Backend
+-----------
+
+Support for a RabbitMQ RPC backend is included. Additional RPC
+backends may be available via external plugins.  Enabling or disabling
+RabbitMQ is handled via the usual service functions and
+``ENABLED_SERVICES``.
+
+Example disabling RabbitMQ in ``local.conf``:
+
+::
+    disable_service rabbit
+
+
+Apache Frontend
+---------------
+
+The Apache web server can be enabled for wsgi services that support
+being deployed under HTTPD + mod_wsgi. By default, services that
+recommend running under HTTPD + mod_wsgi are deployed under Apache. To
+use an alternative deployment strategy (e.g. eventlet) for services
+that support an alternative to HTTPD + mod_wsgi set
+``ENABLE_HTTPD_MOD_WSGI_SERVICES`` to ``False`` in your
+``local.conf``.
+
+Each service that can be run under HTTPD + mod_wsgi also has an
+override toggle available that can be set in your ``local.conf``.
+
+Keystone is run under Apache with ``mod_wsgi`` by default.
+
+Example (Keystone)
+
+::
+
+    KEYSTONE_USE_MOD_WSGI="True"
+
+Example (Nova):
+
+::
+
+    NOVA_USE_MOD_WSGI="True"
+
+Example (Swift):
+
+::
+
+    SWIFT_USE_MOD_WSGI="True"
+
+
+
 Libraries from Git
 ------------------
 
@@ -295,48 +389,6 @@ that matches requirements.
 
         PIP_UPGRADE=True
 
-Swift
------
-
-Swift is now used as the back-end for the S3-like object store.  When
-enabled Nova's objectstore (``n-obj`` in ``ENABLED_SERVICES``) is
-automatically disabled. Enable Swift by adding it services to
-``ENABLED_SERVICES``
-
-    ::
-
-       enable_service s-proxy s-object s-container s-account
-
-Setting Swift's hash value is required and you will be prompted for it
-if Swift is enabled so just set it to something already:
-
-    ::
-
-        SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
-
-For development purposes the default number of replicas is set to
-``1`` to reduce the overhead required. To better simulate a production
-deployment set this to ``3`` or more.
-
-    ::
-
-        SWIFT_REPLICAS=3
-
-The data for Swift is stored in the source tree by default (in
-``$DEST/swift/data``) and can be moved by setting
-``SWIFT_DATA_DIR``. The specified directory will be created if it does
-not exist.
-
-    ::
-
-        SWIFT_DATA_DIR=$DEST/data/swift
-
-*Note*: Previously just enabling ``swift`` was sufficient to start the
-Swift services. That does not provide proper service granularity,
-particularly in multi-host configurations, and is considered
-deprecated. Some service combination tests now check for specific
-Swift services and the old blanket acceptance will longer work
-correctly.
 
 Service Catalog Backend
 -----------------------
@@ -354,47 +406,6 @@ with ``KEYSTONE_CATALOG_BACKEND``:
 DevStack's default configuration in ``sql`` mode is set in
 ``files/keystone_data.sh``
 
-Cinder
-------
-
-The logical volume group used to hold the Cinder-managed volumes is
-set by ``VOLUME_GROUP``, the logical volume name prefix is set with
-``VOLUME_NAME_PREFIX`` and the size of the volume backing file is set
-with ``VOLUME_BACKING_FILE_SIZE``.
-
-    ::
-
-        VOLUME_GROUP="stack-volumes"
-        VOLUME_NAME_PREFIX="volume-"
-        VOLUME_BACKING_FILE_SIZE=10250M
-
-Multi-host DevStack
--------------------
-
-Running DevStack with multiple hosts requires a custom ``local.conf``
-section for each host. The master is the same as a single host
-installation with ``MULTI_HOST=True``. The slaves have fewer services
-enabled and a couple of host variables pointing to the master.
-
-Master
-~~~~~~
-
-Set ``MULTI_HOST`` to true
-    ::
-
-        MULTI_HOST=True
-
-Slave
-~~~~~
-
-Set the following options to point to the master
-
-    ::
-
-        MYSQL_HOST=w.x.y.z
-        RABBIT_HOST=w.x.y.z
-        GLANCE_HOSTPORT=w.x.y.z:9292
-        ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
 
 IP Version
 ----------
@@ -447,29 +458,163 @@ optionally be used to alter the default IPv6 address
 
         HOST_IPV6=${some_local_ipv6_address}
 
-Examples
-========
+Multi-node setup
+~~~~~~~~~~~~~~~~
 
--  Eliminate a Cinder pass-through (``CINDER_PERIODIC_INTERVAL``):
+See the :doc:`multi-node lab guide`
 
-   ::
+Projects
+--------
 
-       [[post-config|$CINDER_CONF]]
-       [DEFAULT]
-       periodic_interval = 60
+Neutron
+~~~~~~~
 
--  Sample ``local.conf`` with screen logging enabled:
+See the :doc:`neutron configuration guide` for
+details on configuration of Neutron
 
-   ::
 
-       [[local|localrc]]
-       FIXED_RANGE=10.254.1.0/24
-       NETWORK_GATEWAY=10.254.1.1
-       LOGDAYS=1
-       LOGDIR=$DEST/logs
-       LOGFILE=$LOGDIR/stack.sh.log
-       ADMIN_PASSWORD=quiet
-       DATABASE_PASSWORD=$ADMIN_PASSWORD
-       RABBIT_PASSWORD=$ADMIN_PASSWORD
-       SERVICE_PASSWORD=$ADMIN_PASSWORD
-       SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
+Swift
+~~~~~
+
+Swift is disabled by default.  When enabled, it is configured with
+only one replica to avoid being IO/memory intensive on a small
+VM. When running with only one replica the account, container and
+object services will run directly in screen. The others services like
+replicator, updaters or auditor runs in background.
+
+If you would like to enable Swift you can add this to your `localrc`
+section:
+
+::
+
+    enable_service s-proxy s-object s-container s-account
+
+If you want a minimal Swift install with only Swift and Keystone you
+can have this instead in your `localrc` section:
+
+::
+
+    disable_all_services
+    enable_service key mysql s-proxy s-object s-container s-account
+
+If you only want to do some testing of a real normal swift cluster
+with multiple replicas you can do so by customizing the variable
+`SWIFT_REPLICAS` in your `localrc` section (usually to 3).
+
+Swift S3
+++++++++
+
+If you are enabling `swift3` in `ENABLED_SERVICES` DevStack will
+install the swift3 middleware emulation. Swift will be configured to
+act as a S3 endpoint for Keystone so effectively replacing the
+`nova-objectstore`.
+
+Only Swift proxy server is launched in the screen session all other
+services are started in background and managed by `swift-init` tool.
+
+Heat
+~~~~
+
+Heat is disabled by default (see `stackrc` file). To enable it
+explicitly you'll need the following settings in your `localrc`
+section
+
+::
+
+    enable_service heat h-api h-api-cfn h-api-cw h-eng
+
+Heat can also run in standalone mode, and be configured to orchestrate
+on an external OpenStack cloud. To launch only Heat in standalone mode
+you'll need the following settings in your `localrc` section
+
+::
+
+    disable_all_services
+    enable_service rabbit mysql heat h-api h-api-cfn h-api-cw h-eng
+    HEAT_STANDALONE=True
+    KEYSTONE_SERVICE_HOST=...
+    KEYSTONE_AUTH_HOST=...
+
+Tempest
+~~~~~~~
+
+If tempest has been successfully configured, a basic set of smoke
+tests can be run as follows:
+
+::
+
+    $ cd /opt/stack/tempest
+    $ tox -efull  tempest.scenario.test_network_basic_ops
+
+By default tempest is downloaded and the config file is generated, but the
+tempest package is not installed in the system's global site-packages (the
+package install includes installing dependences). So tempest won't run
+outside of tox. If you would like to install it add the following to your
+``localrc`` section:
+
+::
+
+    INSTALL_TEMPEST=True
+
+
+Xenserver
+~~~~~~~~~
+
+If you would like to use Xenserver as the hypervisor, please refer to
+the instructions in `./tools/xen/README.md`.
+
+Cells
+~~~~~
+
+`Cells `__ is
+an alternative scaling option.  To setup a cells environment add the
+following to your `localrc` section:
+
+::
+
+    enable_service n-cell
+
+Be aware that there are some features currently missing in cells, one
+notable one being security groups.  The exercises have been patched to
+disable functionality not supported by cells.
+
+Cinder
+~~~~~~
+
+The logical volume group used to hold the Cinder-managed volumes is
+set by ``VOLUME_GROUP``, the logical volume name prefix is set with
+``VOLUME_NAME_PREFIX`` and the size of the volume backing file is set
+with ``VOLUME_BACKING_FILE_SIZE``.
+
+    ::
+
+        VOLUME_GROUP="stack-volumes"
+        VOLUME_NAME_PREFIX="volume-"
+        VOLUME_BACKING_FILE_SIZE=10250M
+
+
+Keystone
+~~~~~~~~
+
+Multi-Region Setup
+++++++++++++++++++
+
+We want to setup two devstack (RegionOne and RegionTwo) with shared
+keystone (same users and services) and horizon.  Keystone and Horizon
+will be located in RegionOne.  Full spec is available at:
+``__.
+
+In RegionOne:
+
+::
+
+    REGION_NAME=RegionOne
+
+In RegionTwo:
+
+::
+   
+    disable_service horizon
+    KEYSTONE_SERVICE_HOST=
+    KEYSTONE_AUTH_HOST=
+    REGION_NAME=RegionTwo

From a35391e3bb497190e7e78cd0f233ddf1684fe18e Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 10 Aug 2015 13:53:40 +1000
Subject: [PATCH 0887/3421] Talk about local.conf first

We bury the lead with all the historical notes about localrc; just
talk about what is important to somebody setting up a current
devstack, which is local.conf.

There are already inline examples of config-variables, etc.  Remove
them, but add a small overview example for logging in its place.

Change-Id: I466252ffba66ef4ea180c9355f715a19eb4f8017
---
 README.md                    | 39 +++++++-----------
 doc/source/configuration.rst | 78 +++++++++++++-----------------------
 2 files changed, 42 insertions(+), 75 deletions(-)

diff --git a/README.md b/README.md
index df0df917a4..ee7f0e7809 100644
--- a/README.md
+++ b/README.md
@@ -77,30 +77,21 @@ here, so run it in a VM.  And take advantage of the snapshot capabilities
 of your hypervisor of choice to reduce testing cycle times.  You might even save
 enough time to write one more feature before the next feature freeze...
 
-``stack.sh`` needs to have root access for a lot of tasks, but uses ``sudo``
-for all of those tasks.  However, it needs to be not-root for most of its
-work and for all of the OpenStack services.  ``stack.sh`` specifically
-does not run if started as root.
-
-This is a recent change (Oct 2013) from the previous behaviour of
-automatically creating a ``stack`` user.  Automatically creating
-user accounts is not the right response to running as root, so
-that bit is now an explicit step using ``tools/create-stack-user.sh``.
-Run that (as root!) or just check it out to see what DevStack's
-expectations are for the account it runs under.  Many people simply
-use their usual login (the default 'ubuntu' login on a UEC image
-for example).
+``stack.sh`` needs to have root access for a lot of tasks, but uses
+``sudo`` for all of those tasks.  However, it needs to be not-root for
+most of its work and for all of the OpenStack services.  ``stack.sh``
+specifically does not run if started as root.
 
-# Customizing
-
-You can override environment variables used in `stack.sh` by creating
-file name `local.conf` with a ``localrc`` section as shown below.  It
-is likely that you will need to do this to tweak several settings for
-your environment.
+DevStack will not automatically create the user, but provides a helper
+script in ``tools/create-stack-user.sh``.  Run that (as root!) or just
+check it out to see what DevStack's expectations are for the account
+it runs under.  Many people simply use their usual login (the default
+'ubuntu' login on a UEC image for example).
 
-    [[local|localrc]]
-    VARIABLE=value
+# Customizing
 
-Start by reading the [configuration
-guide](doc/source/configuration.rst) for details of the many available
-options.
\ No newline at end of file
+DevStack can be extensively configured via the configuration file
+`local.conf`.  It is likely that you will need to provide and modify
+this file if you want anything other than the most basic setup.  Start
+by reading the [configuration guide](doc/source/configuration.rst) for
+details of the configuration file and the many available options.
\ No newline at end of file
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index ed17924d45..fe23d6cb34 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -6,34 +6,15 @@ Configuration
    :local:
    :depth: 1
 
-DevStack has always tried to be mostly-functional with a minimal amount
-of configuration. The number of options has ballooned as projects add
-features, new projects added and more combinations need to be tested.
-Historically DevStack obtained all local configuration and
-customizations from a ``localrc`` file. The number of configuration
-variables that are simply passed-through to the individual project
-configuration files is also increasing. The old mechanism for this
-(``EXTRAS_OPTS`` and friends) required specific code for each file and
-did not scale well.
-
-In Oct 2013 a new configuration method was introduced (in `review
-46768 `__) to hopefully
-simplify this process and meet the following goals:
-
--  contain all non-default local configuration in a single file
--  be backward-compatible with ``localrc`` to smooth the transition
-   process
--  allow settings in arbitrary configuration files to be changed
-
 local.conf
 ==========
 
-The new configuration file is ``local.conf`` and should reside in the
-root Devstack directory. An example of such ``local.conf`` file
-is provided in the ``devstack/samples`` directory. Copy this file into
-the root Devstack directory and adapt it to your needs. It is a modified INI
-format file that introduces a meta-section header to carry additional
-information regarding the configuration files to be changed.
+DevStack configuration is modified via the file ``local.conf``.  It is
+a modified INI format file that introduces a meta-section header to
+carry additional information regarding the configuration files to be
+changed.
+
+A sample is provided in ``devstack/samples``
 
 The new header is similar to a normal INI section header but with double
 brackets (``[[ ... ]]``) and two internal fields separated by a pipe
@@ -148,33 +129,14 @@ will not be set if there is no IPv6 address on the default Ethernet interface.
 Setting it here also makes it available for ``openrc`` to set ``OS_AUTH_URL``.
 ``HOST_IPV6`` is not set by default.
 
-Examples
-========
-
--  Eliminate a Cinder pass-through (``CINDER_PERIODIC_INTERVAL``):
-
-   ::
-
-       [[post-config|$CINDER_CONF]]
-       [DEFAULT]
-       periodic_interval = 60
-
--  Sample ``local.conf`` with screen logging enabled:
-
-   ::
-
-       [[local|localrc]]
-       FIXED_RANGE=10.254.1.0/24
-       NETWORK_GATEWAY=10.254.1.1
-       LOGDAYS=1
-       LOGDIR=$DEST/logs
-       LOGFILE=$LOGDIR/stack.sh.log
-       ADMIN_PASSWORD=quiet
-       DATABASE_PASSWORD=$ADMIN_PASSWORD
-       RABBIT_PASSWORD=$ADMIN_PASSWORD
-       SERVICE_PASSWORD=$ADMIN_PASSWORD
-       SERVICE_TOKEN=a682f596-76f3-11e3-b3b2-e716f9080d50
+Historical Notes
+================
 
+Historically DevStack obtained all local configuration and
+customizations from a ``localrc`` file.  In Oct 2013 the
+``local.conf`` configuration method was introduced (in `review 46768
+`__) to simplify this
+process.
 
 Configuration Notes
 ===================
@@ -257,6 +219,20 @@ to direct the message stream to the log host.  |
         SYSLOG_PORT=516
 
 
+Example Logging Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For example, non-interactive installs probably wish to save output to
+a file, keep service logs and disable color in the stored files.
+
+   ::
+
+       [[local|localrc]]
+       DEST=/opt/stack/
+       LOGDIR=$DEST/logs
+       LOGFILE=$LOGDIR/stack.sh.log
+       LOG_COLOR=False
+
 Database Backend
 ----------------
 

From a4693b5dea459acb02f226bbd1a8efdbcf1fc2b2 Mon Sep 17 00:00:00 2001
From: John Hua 
Date: Thu, 6 Aug 2015 13:53:35 +0100
Subject: [PATCH 0888/3421] Add/Overwrite default images in IMAGE_URLS and
 detect duplicates

IMAGE_URLS could be set both in localrc with customization or stackrc by
default. By setting DOWNLOAD_DEFAULT_IMAGES, user could choose to add
default images to IMAGE_URLS or overwrite them.

As uploading duplicate images will cause a "409 Conflict" error, a
duplicate detection will expose it earlier.

Care needs to be taken that you don't end up with a duplicate image, so
clean up Xen's README.

Depends-On: I6fbae12f950a03afab39f341132746d3db9f788c
Change-Id: I3ca4e576aa3fb8992c08ca44900a8c53dd4b4163
Closes-Bug: #1473432
---
 doc/source/configuration.rst | 18 ++++++++
 stackrc                      | 87 ++++++++++++++++++++++--------------
 tools/xen/README.md          |  5 ---
 3 files changed, 71 insertions(+), 39 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 90b7d44dec..fef395c327 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -396,6 +396,24 @@ Set the following options to point to the master
         GLANCE_HOSTPORT=w.x.y.z:9292
         ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
 
+Guest Images
+------------
+
+Images provided in URLS via the comma-separated ``IMAGE_URLS``
+variable will be downloaded and uploaded to glance by DevStack.
+
+Default guest-images are predefined for each type of hypervisor and
+their testing-requirements in ``stack.sh``.  Setting
+``DOWNLOAD_DEFAULT_IMAGES=False`` will prevent DevStack downloading
+these default images; in that case, you will want to populate
+``IMAGE_URLS`` with sufficient images to satisfy testing-requirements.
+
+    ::
+
+        DOWNLOAD_DEFAULT_IMAGES=False
+        IMAGE_URLS="http://foo.bar.com/image.qcow,"
+        IMAGE_URLS+="http://foo.bar.com/image2.qcow"
+
 IP Version
 ----------
 
diff --git a/stackrc b/stackrc
index 156cb1f85a..43292a5e02 100644
--- a/stackrc
+++ b/stackrc
@@ -2,6 +2,11 @@
 #
 # stackrc
 #
+
+# ensure we don't re-source this in the same environment
+[[ -z "$_DEVSTACK_STACKRC" ]] || return 0
+declare -r _DEVSTACK_STACKRC=1
+
 # Find the other rc files
 RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 
@@ -560,40 +565,47 @@ CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"}
 # Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
 # which may be set in ``local.conf``.  Also allow ``DEFAULT_IMAGE_NAME`` and
 # ``IMAGE_URLS`` to be set in the `localrc` section of ``local.conf``.
-case "$VIRT_DRIVER" in
-    openvz)
-        DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ubuntu-12.04-x86_64}
-        IMAGE_URLS=${IMAGE_URLS:-"http://download.openvz.org/template/precreated/ubuntu-12.04-x86_64.tar.gz"};;
-    libvirt)
-        case "$LIBVIRT_TYPE" in
-            lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc
-                DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs}
-                IMAGE_URLS=${IMAGE_URLS:-"http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz"};;
-            *) # otherwise, use the uec style image (with kernel, ramdisk, disk)
-                DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
-                IMAGE_URLS=${IMAGE_URLS:-"http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz"};;
-        esac
-        ;;
-    vsphere)
-        DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.2-i386-disk.vmdk}
-        IMAGE_URLS=${IMAGE_URLS:-"http://partnerweb.vmware.com/programs/vmdkimage/cirros-0.3.2-i386-disk.vmdk"};;
-    xenserver)
-        DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
-        IMAGE_URLS=${IMAGE_URLS:-"http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"}
-        IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
-    ironic)
-        # Ironic can do both partition and full disk images, depending on the driver
-        if [[ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]]; then
-            DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-disk}
-        else
-            DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-uec}
-        fi
-        IMAGE_URLS=${IMAGE_URLS:-"http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz"}
-        IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-disk.img";;
-    *) # Default to Cirros with kernel, ramdisk and disk image
-        DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
-        IMAGE_URLS=${IMAGE_URLS:-"http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz"};;
-esac
+DOWNLOAD_DEFAULT_IMAGES=$(trueorfalse True DOWNLOAD_DEFAULT_IMAGES)
+if [[ "$DOWNLOAD_DEFAULT_IMAGES" == "True" ]]; then
+    if [ -n $IMAGE_URLS ]; then
+        IMAGE_URLS+=","
+    fi
+    case "$VIRT_DRIVER" in
+        openvz)
+            DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ubuntu-12.04-x86_64}
+            IMAGE_URLS+="http://download.openvz.org/template/precreated/ubuntu-12.04-x86_64.tar.gz";;
+        libvirt)
+            case "$LIBVIRT_TYPE" in
+                lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc
+                    DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs}
+                    IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz";;
+                *) # otherwise, use the uec style image (with kernel, ramdisk, disk)
+                    DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
+                    IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";;
+                esac
+            ;;
+        vsphere)
+            DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.2-i386-disk.vmdk}
+            IMAGE_URLS+="http://partnerweb.vmware.com/programs/vmdkimage/cirros-0.3.2-i386-disk.vmdk";;
+        xenserver)
+            DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
+            IMAGE_URLS+="http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"
+            IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
+        ironic)
+            # Ironic can do both partition and full disk images, depending on the driver
+            if [[ "$IRONIC_DEPLOY_DRIVER" == "agent_ssh" ]]; then
+                DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-disk}
+            else
+                DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-x86_64-uec}
+            fi
+            IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz"
+            IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-disk.img";;
+        *) # Default to Cirros with kernel, ramdisk and disk image
+            DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec}
+            IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";;
+    esac
+    DOWNLOAD_DEFAULT_IMAGES=False
+fi
 
 # Staging Area for New Images, have them here for at least 24hrs for nodepool
 # to cache them otherwise the failure rates in the gate are too high
@@ -606,6 +618,13 @@ if [[ "$PRECACHE_IMAGES" == "True" ]]; then
     fi
 fi
 
+# Detect duplicate values in IMAGE_URLS
+for image_url in ${IMAGE_URLS//,/ }; do
+    if [ $(echo "$IMAGE_URLS" | grep -o -F "$image_url" | wc -l) -gt 1 ]; then
+        die $LINENO "$image_url is duplicate, please remove it from IMAGE_URLS."
+    fi
+done
+
 # 10Gb default volume backing file size
 VOLUME_BACKING_FILE_SIZE=${VOLUME_BACKING_FILE_SIZE:-10250M}
 
diff --git a/tools/xen/README.md b/tools/xen/README.md
index 61694e9616..6212cc54d7 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -94,11 +94,6 @@ Of course, use real passwords if this machine is exposed.
     XENAPI_CONNECTION_URL="http://address_of_your_xenserver"
     VNCSERVER_PROXYCLIENT_ADDRESS=address_of_your_xenserver
 
-    # Download a vhd and a uec image
-    IMAGE_URLS="\
-    https://github.com/downloads/citrix-openstack/warehouse/cirros-0.3.0-x86_64-disk.vhd.tgz,\
-    http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-uec.tar.gz"
-
     # Explicitly set virt driver
     VIRT_DRIVER=xenserver
 

From 605d6417e60494ef1f9d0511d526afe498d72120 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Wed, 26 Aug 2015 15:37:41 +0000
Subject: [PATCH 0889/3421] Add aodh and gnocchi to the plugin registry

The comment is their keystone service entry.

Change-Id: I896d5c594fa0c61924dbf4527215cc543b6e43e7
---
 doc/source/plugin-registry.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 99bfb85b38..428efc4977 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -20,6 +20,10 @@ The following are plugins that exist for official OpenStack projects.
 +--------------------+-------------------------------------------+--------------------+
 |Plugin Name         |URL                                        |Comments            |
 +--------------------+-------------------------------------------+--------------------+
+|aodh                |git://git.openstack.org/openstack/aodh     | alarming           |
++--------------------+-------------------------------------------+--------------------+
+|gnocchi             |git://git.openstack.org/openstack/gnocchi  | metric             |
++--------------------+-------------------------------------------+--------------------+
 |magnum              |git://git.openstack.org/openstack/magnum   |                    |
 +--------------------+-------------------------------------------+--------------------+
 |sahara              |git://git.openstack.org/openstack/sahara   |                    |

From e89126f6a446ad9a8e17a0e6481644403f8d5a22 Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Fri, 28 Aug 2015 15:29:14 -0400
Subject: [PATCH 0890/3421] remove too_slow_to_test flag

this flag was added to deal with inefficiencies of Icehouse. this
patch removes flag as it's not used in post-Icehouse

Change-Id: Ib715e68dc61f3c3ea0a40fae0ea57028e36285bd
Depends-On: I842dfe04725b2482399c0e95b54403fb82001645
---
 lib/tempest | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index be24da6b61..fe90023c06 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -447,9 +447,6 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG scenario large_ops_number ${TEMPEST_LARGE_OPS_NUMBER:-0}
 
     # Telemetry
-    # Ceilometer API optimization happened in Juno that allows to run more tests in tempest.
-    # Once Tempest retires support for icehouse this flag can be removed.
-    iniset $TEMPEST_CONFIG telemetry too_slow_to_test "False"
     iniset $TEMPEST_CONFIG telemetry-feature-enabled events "True"
 
     # Object Store

From 9c0b9f30247d30babf35147351cfcf8bdf64d223 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 22 Jul 2015 06:08:09 +1000
Subject: [PATCH 0891/3421] Use sudo iniset to modify /etc files

The existing mysql code is wrong and not detected as failing [1], and
boto config requires work-arounds [2,3] that are all fairly ugly.  Use
-sudo argument to iniset to handle this.

[1] I24388b5de777995f92d73076524122cf599d6371
[2] I5f4c43bbbe477c570936e2e40ac05cc38febbb3f
[3] Ib7556dac9aaaf2f3c96237e0ca28ed6ae1b1b7ac

Change-Id: Iaceb8d42ce37be728adae6fd0a30a1f9d33d4029
---
 lib/databases/mysql | 24 ++++++++++--------------
 lib/tempest         |  2 +-
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index 7ae9a936d6..ada56a762a 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -92,14 +92,12 @@ function configure_database_mysql {
 
     # Change bind-address from localhost (127.0.0.1) to any (::) and
     # set default db type to InnoDB
-    sudo bash -c "source $TOP_DIR/functions && \
-        iniset $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS" && \
-        iniset $my_conf mysqld sql_mode STRICT_ALL_TABLES && \
-        iniset $my_conf mysqld default-storage-engine InnoDB && \
-        iniset $my_conf mysqld max_connections 1024 && \
-        iniset $my_conf mysqld query_cache_type OFF && \
-        iniset $my_conf mysqld query_cache_size 0"
-
+    iniset -sudo $my_conf mysqld bind-address "$SERVICE_LISTEN_ADDRESS"
+    iniset -sudo $my_conf mysqld sql_mode STRICT_ALL_TABLES
+    iniset -sudo $my_conf mysqld default-storage-engine InnoDB
+    iniset -sudo $my_conf mysqld max_connections 1024
+    iniset -sudo $my_conf mysqld query_cache_type OFF
+    iniset -sudo $my_conf mysqld query_cache_size 0
 
     if [[ "$DATABASE_QUERY_LOGGING" == "True" ]]; then
         echo_summary "Enabling MySQL query logging"
@@ -115,12 +113,10 @@ function configure_database_mysql {
 
         # Turn on slow query log, log all queries (any query taking longer than
         # 0 seconds) and log all non-indexed queries
-        sudo bash -c "source $TOP_DIR/functions && \
-            iniset $my_conf mysqld slow-query-log 1 && \
-            iniset $my_conf mysqld slow-query-log-file $slow_log && \
-            iniset $my_conf mysqld long-query-time 0 && \
-            iniset $my_conf mysqld log-queries-not-using-indexes 1"
-
+        iniset -sudo $my_conf mysqld slow-query-log 1
+        iniset -sudo $my_conf mysqld slow-query-log-file $slow_log
+        iniset -sudo $my_conf mysqld long-query-time 0
+        iniset -sudo $my_conf mysqld log-queries-not-using-indexes 1
     fi
 
     restart_service $mysql
diff --git a/lib/tempest b/lib/tempest
index be24da6b61..645d245d8f 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -546,7 +546,7 @@ function configure_tempest {
 
     if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
         # Use the ``BOTO_CONFIG`` environment variable to point to this file
-        iniset $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE
+        iniset -sudo $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE
         sudo chown $STACK_USER $BOTO_CONF
     fi
 

From 2e1a91c50b73ca7f46871d3a906ade93bbcac6a7 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 31 Aug 2015 09:43:00 -0400
Subject: [PATCH 0892/3421] turn multi host true for nova network by default

With multi host set to true devstack's dnsmasq server no longer
listens on the network to other systems. In the gate we can see we're
getting a ton of spurious dhcp requests from other systems on the
network, and it's better that we never even see it.

Change-Id: Ie600de91e4a7da734eae722e78101c2401a7b1f5
---
 lib/nova | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 6441a891eb..ed4d43be30 100644
--- a/lib/nova
+++ b/lib/nova
@@ -156,7 +156,7 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
 # ``MULTI_HOST`` is a mode where each compute node runs its own network node.  This
 # allows network operations and routing for a VM to occur on the server that is
 # running the VM - removing a SPOF and bandwidth bottleneck.
-MULTI_HOST=$(trueorfalse False MULTI_HOST)
+MULTI_HOST=$(trueorfalse True MULTI_HOST)
 
 # ``NOVA_ALLOW_MOVE_TO_SAME_HOST`` can be set to False in multi node DevStack,
 # where there are at least two nova-computes.

From 8349aff5abd26c63470b96e99ade0e8292a87e7a Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 1 Sep 2015 12:45:28 -0400
Subject: [PATCH 0893/3421] add options to support nova test matrix

This adds 2 devstack options:

NOVA_V2_LEGACY={True/False} which is whether we'd like to force the
/v2 endpoint to use the legacy v2.0 code base.

it also provides TEMPEST_COMPUTE_TYPE as an way to pass in which
service catalog entry we'd like to use for compute testing.

We also make v2.1 the default compute endpoint, as that's what we'd
like everyone to be testing and using. The other options will let us
build jobs that nova can run to ensure those APIs don't regress.

Change-Id: Ie6b7e4290d9a1d9789d04099b3b31c9a557bc22b
---
 lib/nova    | 21 +++++++++++++++++----
 lib/tempest |  8 ++++++++
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/lib/nova b/lib/nova
index 6441a891eb..dcb4f13bd6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -64,6 +64,11 @@ NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
 # Expect to remove in L or M.
 NOVA_API_VERSION=${NOVA_API_VERSION-default}
 
+# NOVA_V2_LEGACY defines whether we force the Nova v2.0 enpoint onto
+# the Nova v2.0 legacy code base. Remove this option once the Nova
+# v2.0 legacy codebase is removed.
+NOVA_V2_LEGACY=$(trueorfalse False NOVA_V2_LEGACY)
+
 if is_suse; then
     NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/srv/www/htdocs/nova}
 else
@@ -317,6 +322,13 @@ function configure_nova {
         if [[ "$NOVA_API_VERSION" == "v21default" ]]; then
             sed -i s/": openstack_compute_api_v2$"/": openstack_compute_api_v21"/ "$NOVA_API_PASTE_INI"
         fi
+
+        # For setting up an environment where v2.0 is running on the
+        # v2.0 legacy code base.
+        if [[ "$NOVA_V2_LEGACY" == "True" ]]; then
+            sed -i s@"^/v2: openstack_compute_api_v21_legacy_v2_compatible$"@"/v2: openstack_compute_api_legacy_v2"@ \
+                "$NOVA_API_PASTE_INI"
+        fi
     fi
 
     if is_service_enabled n-cpu; then
@@ -411,15 +423,16 @@ function create_nova_accounts {
                 nova_api_url="$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST/compute"
             fi
 
-            get_or_create_service "nova" "compute" "Nova Compute Service"
-            get_or_create_endpoint "compute" \
+            get_or_create_service "nova_legacy" "compute_legacy" \
+                "Nova Compute Service (Legacy 2.0)"
+            get_or_create_endpoint "compute_legacy" \
                 "$REGION_NAME" \
                 "$nova_api_url/v2/\$(tenant_id)s" \
                 "$nova_api_url/v2/\$(tenant_id)s" \
                 "$nova_api_url/v2/\$(tenant_id)s"
 
-            get_or_create_service "novav21" "computev21" "Nova Compute Service V2.1"
-            get_or_create_endpoint "computev21" \
+            get_or_create_service "nova" "compute" "Nova Compute Service"
+            get_or_create_endpoint "compute" \
                 "$REGION_NAME" \
                 "$nova_api_url/v2.1/\$(tenant_id)s" \
                 "$nova_api_url/v2.1/\$(tenant_id)s" \
diff --git a/lib/tempest b/lib/tempest
index be24da6b61..df0e382133 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -361,6 +361,14 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
     fi
 
+    # Set the service catalog entry for Tempest to run on. Typically
+    # used to try different compute API version targets. The tempest
+    # default if 'compute', which is typically valid, so only set this
+    # if you want to change it.
+    if [[ -n "$TEMPEST_COMPUTE_TYPE" ]]; then
+        iniset $TEMPEST_CONFIG compute catalog_type $TEMPEST_COMPUTE_TYPE
+    fi
+
     # Compute Features
     # Run ``verify_tempest_config -ur`` to retrieve enabled extensions on API endpoints
     # NOTE(mtreinish): This must be done after auth settings are added to the tempest config

From f798ec12422b6ff9314e0f5fbaa995ab7203b419 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Tue, 1 Sep 2015 13:20:48 -0700
Subject: [PATCH 0894/3421] docs: add a blurb in the single-vm doc about
 cloud-init log output

I had to poke around for awhile to find /var/log/cloud-init-output.log
so I figured I'd add a sentence in the docs about using that.

Change-Id: I8bb6cb730032e41661ee443da816cbea2b28f76d
---
 doc/source/guides/single-vm.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index c2ce1a34a0..515cd505c3 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -78,6 +78,11 @@ passed as the user-data file when booting the VM.
 As DevStack will refuse to run as root, this configures ``cloud-init``
 to create a non-root user and run the ``start.sh`` script as that user.
 
+If you are using cloud-init and you have not
+`enabled custom logging <../configuration.html#enable-logging>`_ of the stack
+output, then the stack output can be found in
+``/var/log/cloud-init-output.log`` by default.
+
 Launching By Hand
 -----------------
 

From e5a6f82e431bece62deb830257439b309b2921ec Mon Sep 17 00:00:00 2001
From: ghanshyam 
Date: Wed, 2 Sep 2015 13:19:48 +0900
Subject: [PATCH 0895/3421] Cleanup nova v2.1 API testing options

Now gate will tests Nova v2.1 as default and separate jobs
for v2 legacy and v2 compatible APIs -
 I86a627b8ec7b1246452a16c10dcfb1ad5f83bdef

This commit cleanup the options used for old v2.1 jobs.

Separate options are provided for Nova APIs testing-
 Ie6b7e4290d9a1d9789d04099b3b31c9a557bc22b

Depends-On: Ie0430cedb7a8136c04b9fb7d08746293aab79f42
To remove old V2.1 jobs.

Change-Id: Ibbed44e1c41ec1e6b3675317f08061810762796c
---
 lib/nova | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/lib/nova b/lib/nova
index dcb4f13bd6..c0227c524f 100644
--- a/lib/nova
+++ b/lib/nova
@@ -56,13 +56,6 @@ NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
 NOVA_API_DB=${NOVA_API_DB:-nova_api}
 
 NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
-# NOVA_API_VERSION valid options
-# - default - setup API end points as nova does out of the box
-# - v21default - make v21 the default on /v2
-#
-# NOTE(sdague): this is for transitional testing of the Nova v21 API.
-# Expect to remove in L or M.
-NOVA_API_VERSION=${NOVA_API_VERSION-default}
 
 # NOVA_V2_LEGACY defines whether we force the Nova v2.0 enpoint onto
 # the Nova v2.0 legacy code base. Remove this option once the Nova
@@ -318,11 +311,6 @@ function configure_nova {
         # Get the sample configuration file in place
         cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF_DIR
 
-        # For testing v21 is equivalent to v2
-        if [[ "$NOVA_API_VERSION" == "v21default" ]]; then
-            sed -i s/": openstack_compute_api_v2$"/": openstack_compute_api_v21"/ "$NOVA_API_PASTE_INI"
-        fi
-
         # For setting up an environment where v2.0 is running on the
         # v2.0 legacy code base.
         if [[ "$NOVA_V2_LEGACY" == "True" ]]; then

From 36daecd1a362a6a5388aa4ee5c5269563a820cbf Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Thu, 23 Jul 2015 17:50:40 +0900
Subject: [PATCH 0896/3421] Remove restraint on plugin file from neutron
 plugins

Neutron plugin always needs plugin file even if the plugin
is out of tree. This patch remove the restraint.

Change-Id: Iedd52db6430def47505a127986170d7279966141
Closes-Bug: #1477452
---
 lib/neutron-legacy | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 lib/neutron-legacy

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
old mode 100644
new mode 100755
index c244bc54cd..c74c844a0c
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -326,7 +326,9 @@ ENABLE_METADATA_NETWORK=${ENABLE_METADATA_NETWORK:-False}
 # ---------------------------------
 
 # Please refer to ``lib/neutron_plugins/README.md`` for details.
-source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
+if [ -f $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN ]; then
+    source $TOP_DIR/lib/neutron_plugins/$Q_PLUGIN
+fi
 
 # Agent loadbalancer service plugin functions
 # -------------------------------------------

From 09b431d72d3db29e01be44f85dcbfcb78f651b13 Mon Sep 17 00:00:00 2001
From: Chuck Carmack 
Date: Wed, 2 Sep 2015 14:27:58 +0000
Subject: [PATCH 0897/3421] Disable the shelve tests for nova-cells using
 tempest config

Change from using a blacklist to disable the shelve tests for
nova-cells to using the tempest config option to disable the shelve
feature tests.  This is the intended method of disabling feature tests.
This first commit is to add code to lib/tempest to disable the shelve
feature test if the nova-cells service is enabled.  The next
st will remove the shelve blacklist from
http://git.openstack.org/cgit/openstack/nova/tree/devstack/tempest-dsvm-cells-rc

Change-Id: Ibf1f9aaa63e5f17b7d8774b511940ba8421e0887
Partial-bug: 1491152
---
 lib/tempest | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index a8d597a34e..272b549c1a 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -390,6 +390,10 @@ function configure_tempest {
     # neutron.allow_duplicate_networks option was removed from nova in Liberty
     # and is now the default behavior.
     iniset $TEMPEST_CONFIG compute-feature-enabled allow_duplicate_networks ${NOVA_ALLOW_DUPLICATE_NETWORKS:-True}
+    if is_service_enabled n-cell; then
+        # Cells doesn't support shelving/unshelving
+        iniset $TEMPEST_CONFIG compute-feature-enabled shelve False
+    fi
 
     # Network
     iniset $TEMPEST_CONFIG network api_version 2.0

From 0c3a3b051e08589189914bc543378e4dd2dcdeb8 Mon Sep 17 00:00:00 2001
From: Mikhail Feoktistov 
Date: Thu, 3 Sep 2015 18:15:28 +0300
Subject: [PATCH 0898/3421] Fix upload_image error in stackrc

This commit fixes error caused by adding default image path to IMAGE_URLS without ','
If user sets IMAGE_URLS in localrc like
IMAGE_URLS="path1, path2" (with a space after the comma)
the we get an error "binary operator expected" in
if [ -n $IMAGE_URLS ] condition and a comma will not be added to the end of IMAGE_URLS
In the code below we add default image path(path3) to IMAGE_URLS and we get
IMAGE_URLS="path1, path2path3"

Change-Id: I6543f7178c49a42c71ad9df4cdb4c6e78cbf7758
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index b838911d97..ca897a1c4d 100644
--- a/stackrc
+++ b/stackrc
@@ -565,7 +565,7 @@ CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"}
 # ``IMAGE_URLS`` to be set in the `localrc` section of ``local.conf``.
 DOWNLOAD_DEFAULT_IMAGES=$(trueorfalse True DOWNLOAD_DEFAULT_IMAGES)
 if [[ "$DOWNLOAD_DEFAULT_IMAGES" == "True" ]]; then
-    if [ -n $IMAGE_URLS ]; then
+    if [[ -n "$IMAGE_URLS" ]]; then
         IMAGE_URLS+=","
     fi
     case "$VIRT_DRIVER" in

From c7e772c164c0c08be90624d76d4c3e11864364b7 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Tue, 1 Sep 2015 15:18:57 +0200
Subject: [PATCH 0899/3421] Use the pip installed version of requests with
 Fedora

The upstream version of requests contains a copy
of urllib3 and cardet library, common practice in many distros
to create symbolic links for these libraries instead of creating
a huge package which contains the same library as the distro provides
as separate package as well.

Now devstack upgrades the urllib3 to incompatible version,
but it leaves the requests unchanged because Fedora already has the
latest version.
The issue does not happens with Ubuntu because it has older requests
and devstack updates it as well.
The pip installed version contains a bundled urllib3 and the actually
installed urllib3 version does not matters.

This is not the `usual` distro package overrides pip installed package
case.

Change-Id: Icfa71368384b0c2e3ff39265b2fa9190b5566b9b
Related-Bug: #1476770
---
 tools/fixup_stuff.sh | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 4fff57f401..a601cf2f67 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -134,6 +134,31 @@ if is_fedora; then
             sudo systemctl start iptables
         fi
     fi
+
+    if  [[ "$os_RELEASE" -ge "21" ]]; then
+        # requests ships vendored version of chardet/urllib3, but on
+        # fedora these are symlinked back to the primary versions to
+        # avoid duplication of code on disk.  This is fine when
+        # maintainers keep things in sync, but since devstack takes
+        # over and installs later versions via pip we can end up with
+        # incompatible versions.
+        #
+        # The rpm package is not removed to preserve the dependent
+        # packages like cloud-init; rather we remove the symlinks and
+        # force a re-install of requests so the vendored versions it
+        # wants are present.
+        #
+        # Realted issues:
+        # https://bugs.launchpad.net/glance/+bug/1476770
+        # https://bugzilla.redhat.com/show_bug.cgi?id=1253823
+
+        base_path=/usr/lib/python2.7/site-packages/requests/packages
+        if [ -L $base_path/chardet -o -L $base_path/urllib3 ]; then
+            sudo rm -f /usr/lib/python2.7/site-packages/requests/packages/{chardet,urllib3}
+            # install requests with the bundled urllib3 to avoid conflicts
+            pip_install --upgrade --force-reinstall requests
+        fi
+    fi
 fi
 
 # The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has

From 975243189216561f66ca91520495e0c6e2f747e2 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Fri, 4 Sep 2015 14:15:27 +0000
Subject: [PATCH 0900/3421] Revert "turn multi host true for nova network by
 default"

This reverts commit 2e1a91c50b73ca7f46871d3a906ade93bbcac6a7

It looks like this introduced race bug 1491949 in the
gate-tempest-dsvm-large-ops job causing rpc timeouts when
deallocating network information for an instance,
specifically around the dnsmasq callback to release the
fixed IP that the instance was using which triggers the
disassociation between the fixed IP and the instance in the
nova database.

Change-Id: I163cdeea75e92485f241647c69aea0d7456c3258
Closes-Bug: #1491949
---
 lib/nova | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index ed4d43be30..6441a891eb 100644
--- a/lib/nova
+++ b/lib/nova
@@ -156,7 +156,7 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-$GUEST_INTERFACE_DEFAULT}
 # ``MULTI_HOST`` is a mode where each compute node runs its own network node.  This
 # allows network operations and routing for a VM to occur on the server that is
 # running the VM - removing a SPOF and bandwidth bottleneck.
-MULTI_HOST=$(trueorfalse True MULTI_HOST)
+MULTI_HOST=$(trueorfalse False MULTI_HOST)
 
 # ``NOVA_ALLOW_MOVE_TO_SAME_HOST`` can be set to False in multi node DevStack,
 # where there are at least two nova-computes.

From f768787bdd6dddf2790f83a884618d29677ca77c Mon Sep 17 00:00:00 2001
From: Lucas Alvares Gomes 
Date: Fri, 4 Sep 2015 15:34:06 +0100
Subject: [PATCH 0901/3421] Revert "Convert identity defaults to keystone v3
 api"

This change have broke the Ironic tests. Reverting to unblock the Ironic
gate.

This reverts commit 4b115ad526df7e12bbdc71e0280b3c691e53ed04.

Closes-Bug: #1492216
Change-Id: I03acfdf47caf435cede1df08fd79b288a6662435
---
 functions-common | 35 +++++++++++++++++++++++++++++++----
 stack.sh         | 15 +++++++--------
 2 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/functions-common b/functions-common
index 473808b1f5..446de5374f 100644
--- a/functions-common
+++ b/functions-common
@@ -690,13 +690,16 @@ function policy_add {
 # Usage: get_or_create_domain  
 function get_or_create_domain {
     local domain_id
+    local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets domain id
     domain_id=$(
         # Gets domain id
-        openstack domain show $1 \
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 domain show $1 \
             -f value -c id 2>/dev/null ||
         # Creates new domain
-        openstack domain create $1 \
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 domain create $1 \
             --description "$2" \
             -f value -c id
     )
@@ -707,11 +710,13 @@ function get_or_create_domain {
 # Usage: get_or_create_group   []
 function get_or_create_group {
     local desc="${3:-}"
+    local os_url="$KEYSTONE_SERVICE_URI_V3"
     local group_id
     # Gets group id
     group_id=$(
         # Creates new group with --or-show
-        openstack group create $1 \
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 group create $1 \
             --domain $2 --description "$desc" --or-show \
             -f value -c id
     )
@@ -733,6 +738,8 @@ function get_or_create_user {
         openstack user create \
             $1 \
             --password "$2" \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             --domain=$3 \
             $email \
             --or-show \
@@ -747,7 +754,9 @@ function get_or_create_project {
     local project_id
     project_id=$(
         # Creates new project with --or-show
-        openstack project create $1 \
+        openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            project create $1 \
             --domain=$2 \
             --or-show -f value -c id
     )
@@ -761,6 +770,8 @@ function get_or_create_role {
     role_id=$(
         # Creates role with --or-show
         openstack role create $1 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             --or-show -f value -c id
     )
     echo $role_id
@@ -773,6 +784,8 @@ function get_or_add_user_project_role {
     # Gets user role id
     user_role_id=$(openstack role list \
         --user $2 \
+        --os-url=$KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
         --column "ID" \
         --project $3 \
         --column "Name" \
@@ -783,6 +796,8 @@ function get_or_add_user_project_role {
             $1 \
             --user $2 \
             --project $3 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             | grep " id " | get_field 2)
     fi
     echo $user_role_id
@@ -794,15 +809,21 @@ function get_or_add_group_project_role {
     local group_role_id
     # Gets group role id
     group_role_id=$(openstack role list \
+        --os-url=$KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
         --group $2 \
         --project $3 \
         -c "ID" -f value)
     if [[ -z "$group_role_id" ]]; then
         # Adds role to group and get it
         openstack role add $1 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             --group $2 \
             --project $3
         group_role_id=$(openstack role list \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             --group $2 \
             --project $3 \
             -c "ID" -f value)
@@ -820,6 +841,8 @@ function get_or_create_service {
         openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
+            --os-url $KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             $2 \
             --name $1 \
             --description="$3" \
@@ -838,6 +861,8 @@ function _get_or_create_endpoint_with_interface {
     # gets support for this, the check for the region name can be removed.
     # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
     endpoint_id=$(openstack endpoint list \
+        --os-url $KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
         --service $1 \
         --interface $2 \
         --region $4 \
@@ -845,6 +870,8 @@ function _get_or_create_endpoint_with_interface {
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \
+            --os-url $KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
             $1 $2 $3 --region $4 -f value -c id)
     fi
 
diff --git a/stack.sh b/stack.sh
index 093fef4cd9..accfd0ac3e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -989,15 +989,13 @@ if is_service_enabled keystone; then
         start_keystone
     fi
 
-    export OS_IDENTITY_API_VERSION=3
-
     # Set up a temporary admin URI for Keystone
-    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
+    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
 
     if is_service_enabled tls-proxy; then
         export OS_CACERT=$INT_CA_DIR/ca-chain.pem
         # Until the client support is fixed, just use the internal endpoint
-        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
+        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
     fi
 
     # Setup OpenStackClient token-endpoint auth
@@ -1025,13 +1023,14 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
+    # force set to use v2 identity authentication even with v3 commands
+    export OS_AUTH_TYPE=v2password
+
     # Set up password auth credentials now that Keystone is bootstrapped
-    export OS_AUTH_URL=$KEYSTONE_AUTH_URI
+    export OS_AUTH_URL=$SERVICE_ENDPOINT
+    export OS_TENANT_NAME=admin
     export OS_USERNAME=admin
-    export OS_USER_DOMAIN_ID=default
     export OS_PASSWORD=$ADMIN_PASSWORD
-    export OS_PROJECT_NAME=admin
-    export OS_PROJECT_DOMAIN_ID=default
     export OS_REGION_NAME=$REGION_NAME
 fi
 

From e0550190a597c9c78caf2f0cfe3d79ad1d368259 Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Sun, 6 Sep 2015 12:05:49 +0300
Subject: [PATCH 0902/3421] remove unused param from tempest config

Remove setting of ssh_user param to boto section.
Because boto uses user name to ssh from compute.ssh_user

Change-Id: Ifd5b99ef35eaf126a3c6e0055837c4741353345e
---
 lib/tempest | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index a78cd741c6..7695054f78 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -426,7 +426,6 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG boto aki_manifest cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-vmlinuz.manifest.xml
     iniset $TEMPEST_CONFIG boto instance_type "$boto_instance_type"
     iniset $TEMPEST_CONFIG boto http_socket_timeout 30
-    iniset $TEMPEST_CONFIG boto ssh_user ${DEFAULT_INSTANCE_USER:-cirros}
 
     # Orchestration Tests
     if is_service_enabled heat; then

From 9451021200cf333dc624275ef832acd3f37dd553 Mon Sep 17 00:00:00 2001
From: Brian Haley 
Date: Wed, 2 Sep 2015 15:40:04 -0400
Subject: [PATCH 0903/3421] Fix typo in _move_neutron_addresses_route()

A previous change in this code had a typo, reversing the
definitions of IP_ADD and IP_DEL, noticed while debugging
another issue.

Change-Id: Ifb87de1138eeb72081a2e52a5c81bfe9fe91ecd6
---
 lib/neutron-legacy | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c74c844a0c..d1865d8bcd 100755
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -826,11 +826,11 @@ function _move_neutron_addresses_route {
         fi
 
         if [[ "$IP_BRD" != "" ]]; then
-            IP_ADD="sudo ip addr del $IP_BRD dev $from_intf"
-            IP_DEL="sudo ip addr add $IP_BRD dev $to_intf"
+            IP_DEL="sudo ip addr del $IP_BRD dev $from_intf"
+            IP_ADD="sudo ip addr add $IP_BRD dev $to_intf"
         fi
 
-        $IP_ADD; $IP_DEL; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
+        $IP_DEL; $IP_ADD; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
     fi
 }
 

From b848ad783ffa417c4e1a732c164774ee22442f1d Mon Sep 17 00:00:00 2001
From: Takashi NATSUME 
Date: Tue, 8 Sep 2015 10:56:28 +0900
Subject: [PATCH 0904/3421] Fix a typo in make_cert.sh

Change-Id: I6d4f02edf843f0519c3d0413bb033604a7ec73e9
---
 tools/make_cert.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/make_cert.sh b/tools/make_cert.sh
index cb93e57c4b..2628b40524 100755
--- a/tools/make_cert.sh
+++ b/tools/make_cert.sh
@@ -5,7 +5,7 @@
 # Create a CA hierarchy (if necessary) and server certificate
 #
 # This mimics the CA structure that DevStack sets up when ``tls_proxy`` is enabled
-# but in the curent directory unless ``DATA_DIR`` is set
+# but in the current directory unless ``DATA_DIR`` is set
 
 ENABLE_TLS=True
 DATA_DIR=${DATA_DIR:-`pwd`/ca-data}

From 3e3212b52d14c27c002c27b6d4f8bcfa7f5ffbcf Mon Sep 17 00:00:00 2001
From: Christian Schwede 
Date: Fri, 4 Sep 2015 13:02:19 +0200
Subject: [PATCH 0905/3421] Add trailing IDENTITY_API_VERSION to OS_AUTH_URL in
 swift_configure_tempurls

The python-keystoneclient requires a trailing /v to
successfully authenticate, otherwise it fails with a 404 error due to a not
found resource.

This error showed up only when generating Swift tempurls, because the error was
raised when using python-swiftclient.

This change fixes this for python-swiftclient within devstack.

Change-Id: Ibe222d65162898db69acba076b5fe1cb3621fbc3
Closes-Bug: 1492216
---
 lib/swift | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/swift b/lib/swift
index 6b61274127..645bfd7cd9 100644
--- a/lib/swift
+++ b/lib/swift
@@ -801,6 +801,7 @@ function swift_configure_tempurls {
     OS_USERNAME=swift \
         OS_TENANT_NAME=$SERVICE_TENANT_NAME \
         OS_PASSWORD=$SERVICE_PASSWORD \
+        OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
         swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
 }
 

From 2af6915e08da87334da9ea023ad65b1f10040604 Mon Sep 17 00:00:00 2001
From: Wei Jiangang 
Date: Tue, 8 Sep 2015 18:03:22 +0800
Subject: [PATCH 0906/3421] Fix typos in devstack/stack.sh

log to the the file => log to the file
pluggins => plugins

Change-Id: Iff5c54c39afb4398962bfe6a0500b1f011c75c8a
---
 stack.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stack.sh b/stack.sh
index 639f72b1bc..40f481331e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -431,7 +431,7 @@ fi
 
 # Set up logging of screen windows
 # Set ``SCREEN_LOGDIR`` to turn on logging of screen windows to the
-# directory specified in ``SCREEN_LOGDIR``, we will log to the the file
+# directory specified in ``SCREEN_LOGDIR``, we will log to the file
 # ``screen-$SERVICE_NAME-$TIMESTAMP.log`` in that dir and have a link
 # ``screen-$SERVICE_NAME.log`` to the latest log file.
 # Logs are kept for as long specified in ``LOGDAYS``.
@@ -522,7 +522,7 @@ fi
 # Clone all external plugins
 fetch_plugins
 
-# Plugin Phase 0: override_defaults - allow pluggins to override
+# Plugin Phase 0: override_defaults - allow plugins to override
 # defaults before other services are run
 run_phase override_defaults
 

From 0eec4f86c1ac607bfbdf1ec19561b3bbdb56cf4f Mon Sep 17 00:00:00 2001
From: Julien Danjou 
Date: Tue, 8 Sep 2015 10:45:06 +0000
Subject: [PATCH 0907/3421] database: fix PostgreSQL connection string

If all databases drivers are loaded, MySQL SQLAlchemy driver
overrides all the other one that might not have set one.
This patches fixes that.

Change-Id: If6d8d08e5b7b7c48ca012677b536d71058def6fd
Closes-Bug: #1493304
---
 lib/database             | 10 +---------
 lib/databases/mysql      | 14 ++++++++------
 lib/databases/postgresql |  4 ++++
 3 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/lib/database b/lib/database
index 5bbbe3144b..13740b90e6 100644
--- a/lib/database
+++ b/lib/database
@@ -101,7 +101,7 @@ function initialize_database_backends {
     # a multi-node DevStack installation.
 
     # NOTE: Don't specify ``/db`` in this string so we can use it for multiple services
-    BASE_SQL_CONN=${BASE_SQL_CONN:-$(get_database_type)://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST}
+    BASE_SQL_CONN=${BASE_SQL_CONN:-$(get_database_type_$DATABASE_TYPE)://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST}
 
     return 0
 }
@@ -135,14 +135,6 @@ function database_connection_url {
     database_connection_url_$DATABASE_TYPE $db
 }
 
-function get_database_type {
-    if [[ -n "${SQLALCHEMY_DATABASE_DRIVER}" ]]; then
-        echo "${DATABASE_TYPE}+${SQLALCHEMY_DATABASE_DRIVER}"
-    else
-        echo "${DATABASE_TYPE}"
-    fi
-}
-
 
 # Restore xtrace
 $XTRACE
diff --git a/lib/databases/mysql b/lib/databases/mysql
index ada56a762a..c2ab32e5b2 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -12,12 +12,6 @@ MY_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
 MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
-# Force over to pymysql driver by default if we are using it.
-if is_service_enabled mysql; then
-    if [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then
-        SQLALCHEMY_DATABASE_DRIVER=${SQLALCHEMY_DATABASE_DRIVER:-"pymysql"}
-    fi
-fi
 
 register_database mysql
 
@@ -30,6 +24,14 @@ fi
 # Functions
 # ---------
 
+function get_database_type_mysql {
+    if [[ "$MYSQL_DRIVER" == "PyMySQL" ]]; then
+        echo mysql+pymysql
+    else
+        echo mysql
+    fi
+}
+
 # Get rid of everything enough to cleanly change database backends
 function cleanup_database_mysql {
     stop_service $MYSQL
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index e087a1e0d4..78c7bedc90 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -21,6 +21,10 @@ register_database postgresql
 # Functions
 # ---------
 
+function get_database_type_postgresql {
+    echo postgresql
+}
+
 # Get rid of everything enough to cleanly change database backends
 function cleanup_database_postgresql {
     stop_service postgresql

From 54616845dfd0942164a67f69aef4e929d004d2d9 Mon Sep 17 00:00:00 2001
From: Gary Kotton 
Date: Tue, 8 Sep 2015 21:39:20 -0700
Subject: [PATCH 0908/3421] VMware: remove configuration integration_bridge
 from nova

There are a number of different neutron plugins that work with the
VMware nova driver. If necessary this flag can be set by each plugin
if necessary.

Change-Id: I47ac2a5c71ff573f474d45b85a523fc243ec3ade
---
 lib/nova_plugins/hypervisor-vsphere | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/nova_plugins/hypervisor-vsphere b/lib/nova_plugins/hypervisor-vsphere
index c406e094f3..698f836bad 100644
--- a/lib/nova_plugins/hypervisor-vsphere
+++ b/lib/nova_plugins/hypervisor-vsphere
@@ -42,9 +42,6 @@ function configure_nova_hypervisor {
     iniset $NOVA_CONF vmware host_username "$VMWAREAPI_USER"
     iniset $NOVA_CONF vmware host_password "$VMWAREAPI_PASSWORD"
     iniset_multiline $NOVA_CONF vmware cluster_name "$VMWAREAPI_CLUSTER"
-    if is_service_enabled neutron; then
-        iniset $NOVA_CONF vmware integration_bridge $OVS_BRIDGE
-    fi
 }
 
 # install_nova_hypervisor() - Install external components

From 97cc85b9b1661cb73f732b854a3f2ebd738539ed Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Tue, 8 Sep 2015 13:51:01 +0900
Subject: [PATCH 0909/3421] Provide hook for neutron plugin config

This removes a restriction for neutron vendor plugin.
Some neutron vendor plugins were already decomposed and
there is no config file in Neutron tree. They should prepare
the file in each plugin.

Change-Id: I4997b8eae1f433b1c23f20c06ba254568ac4982b
---
 lib/neutron-legacy | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index d1865d8bcd..550eadb4b4 100755
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -901,7 +901,11 @@ function _configure_neutron_common {
     # If needed, move config file from ``$NEUTRON_DIR/etc/neutron`` to ``NEUTRON_CONF_DIR``
     mkdir -p /$Q_PLUGIN_CONF_PATH
     Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
-    cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
+    # NOTE(hichihara): Some neutron vendor plugins were already decomposed and
+    # there is no config file in Neutron tree. They should prepare the file in each plugin.
+    if [ -f $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE ]; then
+        cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
+    fi
 
     iniset $NEUTRON_CONF database connection `database_connection_url $Q_DB_NAME`
     iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron

From 23f65cb9d77cac11101dc7f25c3b8a6a25a73d53 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Wed, 9 Sep 2015 08:33:15 +0000
Subject: [PATCH 0910/3421] Update lib/ceilometer to reflect script renames

Without this change some services for ceilometer will not start
breaking CI.

This change I7447ba4f408c95b0acf1b809504ce16fff1c6e21 was validated
against the ceilometer devstack plugin but apparently not against
devstack itself. Until I413ab159474b7d7231ad66d3a482201f74efe8a8
merges devstack still has ceilometer support and is used in the
gate.

Change-Id: Ib1ea8b6ef7019570f82b0ba87e03fc627c8f6801
---
 lib/ceilometer | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/ceilometer b/lib/ceilometer
index d1cc862160..c6c4c87fbc 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -360,10 +360,10 @@ function install_ceilometerclient {
 
 # start_ceilometer() - Start running processes, including screen
 function start_ceilometer {
-    run_process ceilometer-acentral "$CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF"
+    run_process ceilometer-acentral "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces central --config-file $CEILOMETER_CONF"
     run_process ceilometer-anotification "$CEILOMETER_BIN_DIR/ceilometer-agent-notification --config-file $CEILOMETER_CONF"
     run_process ceilometer-collector "$CEILOMETER_BIN_DIR/ceilometer-collector --config-file $CEILOMETER_CONF"
-    run_process ceilometer-aipmi "$CEILOMETER_BIN_DIR/ceilometer-agent-ipmi --config-file $CEILOMETER_CONF"
+    run_process ceilometer-aipmi "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces ipmi --config-file $CEILOMETER_CONF"
 
     if [[ "$CEILOMETER_USE_MOD_WSGI" == "False" ]]; then
         run_process ceilometer-api "$CEILOMETER_BIN_DIR/ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
@@ -378,10 +378,10 @@ function start_ceilometer {
     # Start the compute agent last to allow time for the collector to
     # fully wake up and connect to the message bus. See bug #1355809
     if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
-        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-agent-compute --config-file $CEILOMETER_CONF" $LIBVIRT_GROUP
+        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces compute --config-file $CEILOMETER_CONF" $LIBVIRT_GROUP
     fi
     if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-agent-compute --config-file $CEILOMETER_CONF"
+        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces compute --config-file $CEILOMETER_CONF"
     fi
 
     # Only die on API if it was actually intended to be turned on

From e8c70e23b5c8b9a41e2e86116972cf4da3367e19 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Thu, 13 Aug 2015 18:10:00 +0200
Subject: [PATCH 0911/3421] Tempest: add a Cinder extend_with_snapshot feature
 flag

A new tempest test is being added in https://review.openstack.org/#/c/200108/
but it doesn't run by default because the test fails on Juno. So a
feature flag in Tempest is added. This patch turns on this feature
flag at Devstack's side.

Change-Id: If1cf90dac3edc81a483fc51da74495042c96d543
---
 lib/tempest | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index fb4b0d34ae..85e8d5ffc3 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -477,6 +477,8 @@ function configure_tempest {
     # Volume
     # TODO(dkranz): Remove the bootable flag when Juno is end of life.
     iniset $TEMPEST_CONFIG volume-feature-enabled bootable True
+    # TODO(jordanP): Remove the extend_with_snapshot flag when Juno is end of life.
+    iniset $TEMPEST_CONFIG volume-feature-enabled extend_with_snapshot True
 
     local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
     if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then

From e9a4750fe1b111eeb457378c26ca9eea1b5e0085 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Sat, 27 Jun 2015 11:29:09 +0000
Subject: [PATCH 0912/3421] Remove ceilometer in favor of plugin

The ceilometer project is moving to using a devstack plugin rather
than having ceilometer in the base devstack. This is to allow
greater control and flexibility.

Change-Id: I413ab159474b7d7231ad66d3a482201f74efe8a8
---
 clean.sh                         |   1 -
 doc/source/index.rst             |   1 -
 files/apache-ceilometer.template |  15 --
 functions-common                 |   6 -
 lib/ceilometer                   | 418 -------------------------------
 stack.sh                         |  22 +-
 stackrc                          |   9 +-
 tests/test_libs_from_pypi.sh     |   2 +-
 unstack.sh                       |   5 -
 9 files changed, 4 insertions(+), 475 deletions(-)
 delete mode 100644 files/apache-ceilometer.template
 delete mode 100644 lib/ceilometer

diff --git a/clean.sh b/clean.sh
index 78e2a7a826..b22a29cb41 100755
--- a/clean.sh
+++ b/clean.sh
@@ -48,7 +48,6 @@ source $TOP_DIR/lib/glance
 source $TOP_DIR/lib/nova
 source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
-source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ironic
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 2dd0241fba..7ff2705055 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -154,7 +154,6 @@ Scripts
 * `functions `__ - DevStack-specific functions
 * `functions-common `__ - Functions shared with other projects
 * `lib/apache `__
-* `lib/ceilometer `__
 * `lib/ceph `__
 * `lib/cinder `__
 * `lib/database `__
diff --git a/files/apache-ceilometer.template b/files/apache-ceilometer.template
deleted file mode 100644
index 79f14c38ab..0000000000
--- a/files/apache-ceilometer.template
+++ /dev/null
@@ -1,15 +0,0 @@
-Listen %PORT%
-
-
-    WSGIDaemonProcess ceilometer-api processes=2 threads=10 user=%USER% display-name=%{GROUP} %VIRTUALENV%
-    WSGIProcessGroup ceilometer-api
-    WSGIScriptAlias / %WSGIAPP%
-    WSGIApplicationGroup %{GLOBAL}
-    = 2.4>
-        ErrorLogFormat "%{cu}t %M"
-    
-    ErrorLog /var/log/%APACHE_NAME%/ceilometer.log
-    CustomLog /var/log/%APACHE_NAME%/ceilometer_access.log combined
-
-
-WSGISocketPrefix /var/run/%APACHE_NAME%
diff --git a/functions-common b/functions-common
index 446de5374f..867bd5227d 100644
--- a/functions-common
+++ b/functions-common
@@ -1033,10 +1033,6 @@ function get_packages {
             if [[ ! $file_to_parse =~ $package_dir/cinder ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/cinder"
             fi
-        elif [[ $service == ceilometer-* ]]; then
-            if [[ ! $file_to_parse =~ $package_dir/ceilometer ]]; then
-                file_to_parse="${file_to_parse} ${package_dir}/ceilometer"
-            fi
         elif [[ $service == s-* ]]; then
             if [[ ! $file_to_parse =~ $package_dir/swift ]]; then
                 file_to_parse="${file_to_parse} ${package_dir}/swift"
@@ -1777,7 +1773,6 @@ function enable_service {
 # There are special cases for some 'catch-all' services::
 #   **nova** returns true if any service enabled start with **n-**
 #   **cinder** returns true if any service enabled start with **c-**
-#   **ceilometer** returns true if any service enabled start with **ceilometer**
 #   **glance** returns true if any service enabled start with **g-**
 #   **neutron** returns true if any service enabled start with **q-**
 #   **swift** returns true if any service enabled start with **s-**
@@ -1813,7 +1808,6 @@ function is_service_enabled {
         [[ ${service} == n-cell-* && ${ENABLED_SERVICES} =~ "n-cell" ]] && enabled=0
         [[ ${service} == n-cpu-* && ${ENABLED_SERVICES} =~ "n-cpu" ]] && enabled=0
         [[ ${service} == "nova" && ${ENABLED_SERVICES} =~ "n-" ]] && enabled=0
-        [[ ${service} == "ceilometer" && ${ENABLED_SERVICES} =~ "ceilometer-" ]] && enabled=0
         [[ ${service} == "glance" && ${ENABLED_SERVICES} =~ "g-" ]] && enabled=0
         [[ ${service} == "ironic" && ${ENABLED_SERVICES} =~ "ir-" ]] && enabled=0
         [[ ${service} == "neutron" && ${ENABLED_SERVICES} =~ "q-" ]] && enabled=0
diff --git a/lib/ceilometer b/lib/ceilometer
deleted file mode 100644
index c6c4c87fbc..0000000000
--- a/lib/ceilometer
+++ /dev/null
@@ -1,418 +0,0 @@
-#!/bin/bash
-#
-# lib/ceilometer
-# Install and start **Ceilometer** service
-
-# To enable a minimal set of Ceilometer services, add the following to the
-# ``localrc`` section of ``local.conf``:
-#
-#   enable_service ceilometer-acompute ceilometer-acentral ceilometer-anotification ceilometer-collector ceilometer-api
-#
-# To ensure Ceilometer alarming services are enabled also, further add to the
-# localrc section of local.conf:
-#
-#   enable_service ceilometer-alarm-notifier ceilometer-alarm-evaluator
-#
-# To enable Ceilometer to collect the IPMI based meters, further add to the
-# localrc section of local.conf:
-#
-#   enable_service ceilometer-aipmi
-#
-# NOTE: Currently, there are two ways to get the IPMI based meters in
-# OpenStack. One way is to configure Ironic conductor to report those meters
-# for the nodes managed by Ironic and to have Ceilometer notification
-# agent to collect them. Ironic by default does NOT enable that reporting
-# functionality. So in order to do so, users need to set the option of
-# conductor.send_sensor_data to true in the ironic.conf configuration file
-# for the Ironic conductor service, and also enable the
-# ceilometer-anotification service.
-#
-# The other way is to use Ceilometer ipmi agent only to get the IPMI based
-# meters. To avoid duplicated meters, users need to make sure to set the
-# option of conductor.send_sensor_data to false in the ironic.conf
-# configuration file if the node on which Ceilometer ipmi agent is running
-# is also managed by Ironic.
-#
-# Several variables set in the localrc section adjust common behaviors
-# of Ceilometer (see within for additional settings):
-#
-#   CEILOMETER_USE_MOD_WSGI:       When True, run the api under mod_wsgi.
-#   CEILOMETER_PIPELINE_INTERVAL:  Seconds between pipeline processing runs. Default 600.
-#   CEILOMETER_BACKEND:            Database backend (e.g. 'mysql', 'mongodb', 'es')
-#   CEILOMETER_COORDINATION_URL:   URL for group membership service provided by tooz.
-#   CEILOMETER_EVENTS:             Enable event collection
-
-# Dependencies:
-#
-# - functions
-# - OS_AUTH_URL for auth in api
-# - DEST set to the destination directory
-# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
-# - STACK_USER service user
-
-# stack.sh
-# ---------
-# - install_ceilometer
-# - configure_ceilometer
-# - init_ceilometer
-# - start_ceilometer
-# - stop_ceilometer
-# - cleanup_ceilometer
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-# Set up default directories
-GITDIR["python-ceilometerclient"]=$DEST/python-ceilometerclient
-GITDIR["ceilometermiddleware"]=$DEST/ceilometermiddleware
-
-CEILOMETER_DIR=$DEST/ceilometer
-CEILOMETER_CONF_DIR=/etc/ceilometer
-CEILOMETER_CONF=$CEILOMETER_CONF_DIR/ceilometer.conf
-CEILOMETER_API_LOG_DIR=/var/log/ceilometer-api
-CEILOMETER_AUTH_CACHE_DIR=${CEILOMETER_AUTH_CACHE_DIR:-/var/cache/ceilometer}
-CEILOMETER_WSGI_DIR=${CEILOMETER_WSGI_DIR:-/var/www/ceilometer}
-
-# Support potential entry-points console scripts in VENV or not
-if [[ ${USE_VENV} = True ]]; then
-    PROJECT_VENV["ceilometer"]=${CEILOMETER_DIR}.venv
-    CEILOMETER_BIN_DIR=${PROJECT_VENV["ceilometer"]}/bin
-else
-    CEILOMETER_BIN_DIR=$(get_python_exec_prefix)
-fi
-
-# Set up database backend
-CEILOMETER_BACKEND=${CEILOMETER_BACKEND:-mysql}
-
-# Ceilometer connection info.
-CEILOMETER_SERVICE_PROTOCOL=http
-CEILOMETER_SERVICE_HOST=$SERVICE_HOST
-CEILOMETER_SERVICE_PORT=${CEILOMETER_SERVICE_PORT:-8777}
-CEILOMETER_USE_MOD_WSGI=$(trueorfalse False CEILOMETER_USE_MOD_WSGI)
-
-# To enable OSprofiler change value of this variable to "notifications,profiler"
-CEILOMETER_NOTIFICATION_TOPICS=${CEILOMETER_NOTIFICATION_TOPICS:-notifications}
-CEILOMETER_EVENTS=${CEILOMETER_EVENTS:-True}
-
-CEILOMETER_COORDINATION_URL=${CEILOMETER_COORDINATION_URL:-}
-CEILOMETER_PIPELINE_INTERVAL=${CEILOMETER_PIPELINE_INTERVAL:-}
-
-
-# Functions
-# ---------
-
-# Test if any Ceilometer services are enabled
-# is_ceilometer_enabled
-function is_ceilometer_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"ceilometer-" ]] && return 0
-    return 1
-}
-
-# create_ceilometer_accounts() - Set up common required Ceilometer accounts
-#
-# Project              User         Roles
-# ------------------------------------------------------------------
-# SERVICE_TENANT_NAME  ceilometer   admin
-# SERVICE_TENANT_NAME  ceilometer   ResellerAdmin (if Swift is enabled)
-function create_ceilometer_accounts {
-
-    # Ceilometer
-    if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
-
-        create_service_user "ceilometer" "admin"
-
-        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-            get_or_create_service "ceilometer" "metering" "OpenStack Telemetry Service"
-            get_or_create_endpoint "metering" \
-                "$REGION_NAME" \
-                "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
-                "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
-                "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
-        fi
-        if is_service_enabled swift; then
-            # Ceilometer needs ResellerAdmin role to access Swift account stats.
-            get_or_add_user_project_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
-        fi
-    fi
-}
-
-
-# _cleanup_keystone_apache_wsgi() - Remove WSGI files, disable and remove Apache vhost file
-function _cleanup_ceilometer_apache_wsgi {
-    sudo rm -f $CEILOMETER_WSGI_DIR/*
-    sudo rm -f $(apache_site_config_for ceilometer)
-}
-
-# cleanup_ceilometer() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_ceilometer {
-    if [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
-        mongo ceilometer --eval "db.dropDatabase();"
-    elif [ "$CEILOMETER_BACKEND" = 'es' ] ; then
-        curl -XDELETE "localhost:9200/events_*"
-    fi
-    if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then
-        _cleanup_ceilometer_apache_wsgi
-    fi
-}
-
-function _config_ceilometer_apache_wsgi {
-    sudo mkdir -p $CEILOMETER_WSGI_DIR
-
-    local ceilometer_apache_conf=$(apache_site_config_for ceilometer)
-    local apache_version=$(get_apache_version)
-    local venv_path=""
-
-    # Copy proxy vhost and wsgi file
-    sudo cp $CEILOMETER_DIR/ceilometer/api/app.wsgi $CEILOMETER_WSGI_DIR/app
-
-    if [[ ${USE_VENV} = True ]]; then
-        venv_path="python-path=${PROJECT_VENV["ceilometer"]}/lib/$(python_version)/site-packages"
-    fi
-
-    sudo cp $FILES/apache-ceilometer.template $ceilometer_apache_conf
-    sudo sed -e "
-        s|%PORT%|$CEILOMETER_SERVICE_PORT|g;
-        s|%APACHE_NAME%|$APACHE_NAME|g;
-        s|%WSGIAPP%|$CEILOMETER_WSGI_DIR/app|g;
-        s|%USER%|$STACK_USER|g;
-        s|%VIRTUALENV%|$venv_path|g
-    " -i $ceilometer_apache_conf
-}
-
-# configure_ceilometer() - Set config files, create data dirs, etc
-function configure_ceilometer {
-    sudo install -d -o $STACK_USER -m 755 $CEILOMETER_CONF_DIR $CEILOMETER_API_LOG_DIR
-
-    iniset_rpc_backend ceilometer $CEILOMETER_CONF
-
-    iniset $CEILOMETER_CONF DEFAULT notification_topics "$CEILOMETER_NOTIFICATION_TOPICS"
-    iniset $CEILOMETER_CONF DEFAULT verbose True
-    iniset $CEILOMETER_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
-
-    if [[ -n "$CEILOMETER_COORDINATION_URL" ]]; then
-        iniset $CEILOMETER_CONF coordination backend_url $CEILOMETER_COORDINATION_URL
-        iniset $CEILOMETER_CONF compute workload_partitioning True
-    fi
-
-    # Install the policy file for the API server
-    cp $CEILOMETER_DIR/etc/ceilometer/policy.json $CEILOMETER_CONF_DIR
-    iniset $CEILOMETER_CONF oslo_policy policy_file $CEILOMETER_CONF_DIR/policy.json
-
-    cp $CEILOMETER_DIR/etc/ceilometer/pipeline.yaml $CEILOMETER_CONF_DIR
-    cp $CEILOMETER_DIR/etc/ceilometer/event_pipeline.yaml $CEILOMETER_CONF_DIR
-    cp $CEILOMETER_DIR/etc/ceilometer/api_paste.ini $CEILOMETER_CONF_DIR
-    cp $CEILOMETER_DIR/etc/ceilometer/event_definitions.yaml $CEILOMETER_CONF_DIR
-    cp $CEILOMETER_DIR/etc/ceilometer/gnocchi_archive_policy_map.yaml $CEILOMETER_CONF_DIR
-    cp $CEILOMETER_DIR/etc/ceilometer/gnocchi_resources.yaml $CEILOMETER_CONF_DIR
-
-    if [ "$CEILOMETER_PIPELINE_INTERVAL" ]; then
-        sed -i "s/interval:.*/interval: ${CEILOMETER_PIPELINE_INTERVAL}/" $CEILOMETER_CONF_DIR/pipeline.yaml
-    fi
-
-    # The compute and central agents need these credentials in order to
-    # call out to other services' public APIs.
-    # The alarm evaluator needs these options to call ceilometer APIs
-    iniset $CEILOMETER_CONF service_credentials os_username ceilometer
-    iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
-    iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
-    iniset $CEILOMETER_CONF service_credentials os_region_name $REGION_NAME
-    iniset $CEILOMETER_CONF service_credentials os_auth_url $KEYSTONE_SERVICE_URI/v2.0
-
-    configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
-
-    iniset $CEILOMETER_CONF notification store_events $CEILOMETER_EVENTS
-
-    if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
-        iniset $CEILOMETER_CONF database alarm_connection $(database_connection_url ceilometer)
-        iniset $CEILOMETER_CONF database event_connection $(database_connection_url ceilometer)
-        iniset $CEILOMETER_CONF database metering_connection $(database_connection_url ceilometer)
-        iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS
-    elif [ "$CEILOMETER_BACKEND" = 'es' ] ; then
-        # es is only supported for events. we will use sql for alarming/metering.
-        iniset $CEILOMETER_CONF database alarm_connection $(database_connection_url ceilometer)
-        iniset $CEILOMETER_CONF database event_connection es://localhost:9200
-        iniset $CEILOMETER_CONF database metering_connection $(database_connection_url ceilometer)
-        iniset $CEILOMETER_CONF DEFAULT collector_workers $API_WORKERS
-        ${TOP_DIR}/pkg/elasticsearch.sh start
-        cleanup_ceilometer
-    elif [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
-        iniset $CEILOMETER_CONF database alarm_connection mongodb://localhost:27017/ceilometer
-        iniset $CEILOMETER_CONF database event_connection mongodb://localhost:27017/ceilometer
-        iniset $CEILOMETER_CONF database metering_connection mongodb://localhost:27017/ceilometer
-        configure_mongodb
-        cleanup_ceilometer
-    else
-        die $LINENO "Unable to configure unknown CEILOMETER_BACKEND $CEILOMETER_BACKEND"
-    fi
-
-    if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-        iniset $CEILOMETER_CONF DEFAULT hypervisor_inspector vsphere
-        iniset $CEILOMETER_CONF vmware host_ip "$VMWAREAPI_IP"
-        iniset $CEILOMETER_CONF vmware host_username "$VMWAREAPI_USER"
-        iniset $CEILOMETER_CONF vmware host_password "$VMWAREAPI_PASSWORD"
-    fi
-
-    if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then
-        iniset $CEILOMETER_CONF api pecan_debug "False"
-        _config_ceilometer_apache_wsgi
-    fi
-
-    if is_service_enabled ceilometer-aipmi; then
-        # Configure rootwrap for the ipmi agent
-        configure_rootwrap ceilometer
-    fi
-}
-
-function configure_mongodb {
-    # Server package is the same on all
-    local packages=mongodb-server
-
-    if is_fedora; then
-        # mongodb client
-        packages="${packages} mongodb"
-    fi
-
-    install_package ${packages}
-
-    if is_fedora; then
-        # Ensure smallfiles is selected to minimize freespace requirements
-        sudo sed -i '/--smallfiles/!s/OPTIONS=\"/OPTIONS=\"--smallfiles /' /etc/sysconfig/mongod
-
-        restart_service mongod
-    fi
-
-    # Give mongodb time to start-up
-    sleep 5
-}
-
-# init_ceilometer() - Initialize etc.
-function init_ceilometer {
-    # Create cache dir
-    sudo install -d -o $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
-    rm -f $CEILOMETER_AUTH_CACHE_DIR/*
-
-    if is_service_enabled mysql postgresql; then
-        if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] || [ "$CEILOMETER_BACKEND" = 'es' ] ; then
-            recreate_database ceilometer
-            $CEILOMETER_BIN_DIR/ceilometer-dbsync
-        fi
-    fi
-}
-
-# install_redis() - Install the redis server.
-function install_redis {
-    if is_ubuntu; then
-        install_package redis-server
-        restart_service redis-server
-    else
-        # This will fail (correctly) where a redis package is unavailable
-        install_package redis
-        restart_service redis
-    fi
-}
-
-# install_ceilometer() - Collect source and prepare
-function install_ceilometer {
-    git_clone $CEILOMETER_REPO $CEILOMETER_DIR $CEILOMETER_BRANCH
-    setup_develop $CEILOMETER_DIR
-
-    if echo $CEILOMETER_COORDINATION_URL | grep -q '^memcached:'; then
-        install_package memcached
-    elif echo $CEILOMETER_COORDINATION_URL | grep -q '^redis:'; then
-        install_redis
-    fi
-
-    if [ "$CEILOMETER_BACKEND" = 'mongodb' ] ; then
-        pip_install_gr pymongo
-    fi
-
-    # Only install virt drivers if we're running nova compute
-    if is_service_enabled n-cpu ; then
-        if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
-            pip_install_gr libvirt-python
-        fi
-
-        if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-            pip_install_gr oslo.vmware
-        fi
-    fi
-
-    if [ "$CEILOMETER_BACKEND" = 'es' ] ; then
-        ${TOP_DIR}/pkg/elasticsearch.sh download
-        ${TOP_DIR}/pkg/elasticsearch.sh install
-    fi
-}
-
-# install_ceilometerclient() - Collect source and prepare
-function install_ceilometerclient {
-    if use_library_from_git "python-ceilometerclient"; then
-        git_clone_by_name "python-ceilometerclient"
-        setup_dev_lib "python-ceilometerclient"
-        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ceilometerclient"]}/tools/,/etc/bash_completion.d/}ceilometer.bash_completion
-    fi
-}
-
-# start_ceilometer() - Start running processes, including screen
-function start_ceilometer {
-    run_process ceilometer-acentral "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces central --config-file $CEILOMETER_CONF"
-    run_process ceilometer-anotification "$CEILOMETER_BIN_DIR/ceilometer-agent-notification --config-file $CEILOMETER_CONF"
-    run_process ceilometer-collector "$CEILOMETER_BIN_DIR/ceilometer-collector --config-file $CEILOMETER_CONF"
-    run_process ceilometer-aipmi "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces ipmi --config-file $CEILOMETER_CONF"
-
-    if [[ "$CEILOMETER_USE_MOD_WSGI" == "False" ]]; then
-        run_process ceilometer-api "$CEILOMETER_BIN_DIR/ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
-    else
-        enable_apache_site ceilometer
-        restart_apache_server
-        tail_log ceilometer /var/log/$APACHE_NAME/ceilometer.log
-        tail_log ceilometer-api /var/log/$APACHE_NAME/ceilometer_access.log
-    fi
-
-
-    # Start the compute agent last to allow time for the collector to
-    # fully wake up and connect to the message bus. See bug #1355809
-    if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
-        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces compute --config-file $CEILOMETER_CONF" $LIBVIRT_GROUP
-    fi
-    if [[ "$VIRT_DRIVER" = 'vsphere' ]]; then
-        run_process ceilometer-acompute "$CEILOMETER_BIN_DIR/ceilometer-polling --polling-namespaces compute --config-file $CEILOMETER_CONF"
-    fi
-
-    # Only die on API if it was actually intended to be turned on
-    if is_service_enabled ceilometer-api; then
-        echo "Waiting for ceilometer-api to start..."
-        if ! wait_for_service $SERVICE_TIMEOUT $CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/v2/; then
-            die $LINENO "ceilometer-api did not start"
-        fi
-    fi
-
-    run_process ceilometer-alarm-notifier "$CEILOMETER_BIN_DIR/ceilometer-alarm-notifier --config-file $CEILOMETER_CONF"
-    run_process ceilometer-alarm-evaluator "$CEILOMETER_BIN_DIR/ceilometer-alarm-evaluator --config-file $CEILOMETER_CONF"
-}
-
-# stop_ceilometer() - Stop running processes
-function stop_ceilometer {
-    if [ "$CEILOMETER_USE_MOD_WSGI" == "True" ]; then
-        disable_apache_site ceilometer
-        restart_apache_server
-    fi
-    # Kill the ceilometer screen windows
-    for serv in ceilometer-acompute ceilometer-acentral ceilometer-aipmi ceilometer-anotification ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do
-        stop_process $serv
-    done
-}
-
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/stack.sh b/stack.sh
index accfd0ac3e..8a9a28fd67 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1,9 +1,8 @@
 #!/usr/bin/env bash
 
 # ``stack.sh`` is an opinionated OpenStack developer installation.  It
-# installs and configures various combinations of **Ceilometer**, **Cinder**,
-# **Glance**, **Heat**, **Horizon**, **Keystone**, **Nova**, **Neutron**,
-# and **Swift**
+# installs and configures various combinations of **Cinder**, **Glance**,
+# **Heat**, **Horizon**, **Keystone**, **Nova**, **Neutron**, and **Swift**
 
 # This script's options can be changed by setting appropriate environment
 # variables.  You can configure things like which git repositories to use,
@@ -542,7 +541,6 @@ source $TOP_DIR/lib/glance
 source $TOP_DIR/lib/nova
 source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
-source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
@@ -826,13 +824,6 @@ if is_service_enabled horizon; then
     configure_horizon
 fi
 
-if is_service_enabled ceilometer; then
-    install_ceilometerclient
-    stack_install_service ceilometer
-    echo_summary "Configuring Ceilometer"
-    configure_ceilometer
-fi
-
 if is_service_enabled heat; then
     stack_install_service heat
     install_heat_other
@@ -1008,10 +999,6 @@ if is_service_enabled keystone; then
     create_cinder_accounts
     create_neutron_accounts
 
-    if is_service_enabled ceilometer; then
-        create_ceilometer_accounts
-    fi
-
     if is_service_enabled swift; then
         create_swift_accounts
     fi
@@ -1255,11 +1242,6 @@ if is_service_enabled cinder; then
     start_cinder
     create_volume_types
 fi
-if is_service_enabled ceilometer; then
-    echo_summary "Starting Ceilometer"
-    init_ceilometer
-    start_ceilometer
-fi
 
 # Configure and launch Heat engine, api and metadata
 if is_service_enabled heat; then
diff --git a/stackrc b/stackrc
index ca897a1c4d..12c315ad78 100644
--- a/stackrc
+++ b/stackrc
@@ -181,10 +181,6 @@ REQUIREMENTS_DIR=$DEST/requirements
 #
 ##############
 
-# telemetry service
-CEILOMETER_REPO=${CEILOMETER_REPO:-${GIT_BASE}/openstack/ceilometer.git}
-CEILOMETER_BRANCH=${CEILOMETER_BRANCH:-master}
-
 # block storage service
 CINDER_REPO=${CINDER_REPO:-${GIT_BASE}/openstack/cinder.git}
 CINDER_BRANCH=${CINDER_BRANCH:-master}
@@ -258,10 +254,6 @@ GITBRANCH["tempest-lib"]=${TEMPEST_LIB_BRANCH:-master}
 #
 ##############
 
-# ceilometer client library
-GITREPO["python-ceilometerclient"]=${CEILOMETERCLIENT_REPO:-${GIT_BASE}/openstack/python-ceilometerclient.git}
-GITBRANCH["python-ceilometerclient"]=${CEILOMETERCLIENT_BRANCH:-master}
-
 # volume client
 GITREPO["python-cinderclient"]=${CINDERCLIENT_REPO:-${GIT_BASE}/openstack/python-cinderclient.git}
 GITBRANCH["python-cinderclient"]=${CINDERCLIENT_BRANCH:-master}
@@ -449,6 +441,7 @@ SWIFT3_BRANCH=${SWIFT3_BRANCH:-master}
 # ceilometer middleware
 GITREPO["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_REPO:-${GIT_BASE}/openstack/ceilometermiddleware.git}
 GITBRANCH["ceilometermiddleware"]=${CEILOMETERMIDDLEWARE_BRANCH:-master}
+GITDIR["ceilometermiddleware"]=$DEST/ceilometermiddleware
 
 # os-brick library to manage local volume attaches
 GITREPO["os-brick"]=${OS_BRICK_REPO:-${GIT_BASE}/openstack/os-brick.git}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index cf6ec1cbff..8e8c0227a9 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -37,7 +37,7 @@ ALL_LIBS+=" python-cinderclient glance_store oslo.concurrency oslo.db"
 ALL_LIBS+=" oslo.versionedobjects oslo.vmware keystonemiddleware"
 ALL_LIBS+=" oslo.serialization django_openstack_auth"
 ALL_LIBS+=" python-openstackclient oslo.rootwrap oslo.i18n"
-ALL_LIBS+=" python-ceilometerclient oslo.utils python-swiftclient"
+ALL_LIBS+=" oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
 ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
 ALL_LIBS+=" oslo.cache oslo.reports"
diff --git a/unstack.sh b/unstack.sh
index 10e595809a..6fa8314d4e 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -65,7 +65,6 @@ source $TOP_DIR/lib/glance
 source $TOP_DIR/lib/nova
 source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
-source $TOP_DIR/lib/ceilometer
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
@@ -104,10 +103,6 @@ if is_service_enabled heat; then
     stop_heat
 fi
 
-if is_service_enabled ceilometer; then
-    stop_ceilometer
-fi
-
 if is_service_enabled nova; then
     stop_nova
 fi

From 1c394829d1a6523b6b0b2f449b9ba92f5e8c472b Mon Sep 17 00:00:00 2001
From: Christian Berendt 
Date: Thu, 10 Sep 2015 12:15:16 +0200
Subject: [PATCH 0913/3421] Fix the FLOATING_RANGE in the Neutron guide

The range should be 172.18.161.0/24 and not 172.18.161.1/24.

Change-Id: I29bb24a1a278c285a00cd69188de340670891c53
---
 doc/source/guides/neutron.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 40a5632b86..2973eb63e8 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -59,7 +59,7 @@ DevStack Configuration
 
         ## Neutron options
         Q_USE_SECGROUP=True
-        FLOATING_RANGE="172.18.161.1/24"
+        FLOATING_RANGE="172.18.161.0/24"
         FIXED_RANGE="10.0.0.0/24"
         Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
         PUBLIC_NETWORK_GATEWAY="172.18.161.1"

From 3db0aad63c182a88830ec61fc048240058c02d85 Mon Sep 17 00:00:00 2001
From: Christian Schwede 
Date: Thu, 10 Sep 2015 11:15:39 +0000
Subject: [PATCH 0914/3421] Fix is_service_enabled when using multiple
 arguments

is_service_enabled might actually fail to return the expected result if
there is a is_${service}_enabled function available and multiple
services are checked.

For example, if one defines swift as a service but disables glance, the
following check fails:

 if is_service_enabled swift glance horizon; then
     install_swiftclient
 fi

This is because the second for-iteration resets the local "enabled" var
again to 1 and finally exits with 1 as a return code.

This patch fixes this.

Change-Id: Ic76b72897efe9597d1412470353895001a1a4c66
---
 functions-common | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index 446de5374f..705c3149dd 100644
--- a/functions-common
+++ b/functions-common
@@ -1803,8 +1803,7 @@ function is_service_enabled {
         # Look for top-level 'enabled' function for this service
         if type is_${service}_enabled >/dev/null 2>&1; then
             # A function exists for this service, use it
-            is_${service}_enabled
-            enabled=$?
+            is_${service}_enabled && enabled=0
         fi
 
         # TODO(dtroyer): Remove these legacy special-cases after the is_XXX_enabled()

From 17fe88a72c65fa1f926f3ada5a0cfb45bf6649a9 Mon Sep 17 00:00:00 2001
From: Hidekazu Nakamura 
Date: Fri, 11 Sep 2015 19:50:26 +0900
Subject: [PATCH 0915/3421] Fix typo in lib/keystone

nonadmin => nonadmins

Change-Id: I9d51e079c10f7c48b962a1d6f4577e8a6ec4a229
---
 lib/keystone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index e2448c9068..6520fc6035 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -353,7 +353,7 @@ function configure_keystone_extensions {
 # Group                Users      Roles                 Tenant
 # ------------------------------------------------------------------
 # admins               admin      admin                 admin
-# nonadmin             demo       Member, anotherrole   demo
+# nonadmins            demo       Member, anotherrole   demo
 
 
 # Migrated from keystone_data.sh

From 2105b9f9ce325394d205d9c5f7a7427141bc4ebd Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 10 Sep 2015 14:01:40 -0400
Subject: [PATCH 0916/3421] move back to editable install for oslo

Now that we don't have namespace packages any more, editable installs
should be fine. This also means that we apply constraints to these
libraries during installation, which is important for future testing.

This is needed in order to be able to easily sanity check
LIBS_FROM_GIT, as then all libs installed from git will have pip urls
with git in them.

Change-Id: I46c3b8f943b97f912eccc7278e3e033ae67e7e31
---
 lib/infra | 2 +-
 lib/oslo  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/infra b/lib/infra
index 89397de792..ab32efecd9 100644
--- a/lib/infra
+++ b/lib/infra
@@ -41,7 +41,7 @@ function install_infra {
     # Install pbr
     if use_library_from_git "pbr"; then
         git_clone_by_name "pbr"
-        setup_lib "pbr"
+        setup_dev_lib "pbr"
     else
         # Always upgrade pbr to latest version as we may have pulled it
         # in via system packages.
diff --git a/lib/oslo b/lib/oslo
index 123572cd7b..f64f327ccd 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -59,7 +59,7 @@ function _do_install_oslo_lib {
     local name=$1
     if use_library_from_git "$name"; then
         git_clone_by_name "$name"
-        setup_lib "$name"
+        setup_dev_lib "$name"
     fi
 }
 

From c71973eb04d05c2497eb930c4e1b59dcaf983085 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 8 Sep 2015 07:12:48 -0400
Subject: [PATCH 0917/3421] check LIBS_FROM_GIT

after the glance_store vs. upper-constraints bug, it's probably worth
actually enforcing and sanity checking that devstack is doing what
it's being asked of with LIBS_FROM_GIT. This will hopefully reduce
user generated error.

This *might* not work with the current oslo naming, we'll have to test
and normalize that.

Change-Id: Iffef2007f99a0e932b68c4c897ebbfb748cac2b4
---
 inc/python | 22 ++++++++++++++++++++++
 stack.sh   |  7 +++++++
 2 files changed, 29 insertions(+)

diff --git a/inc/python b/inc/python
index 5c9dc5c3e5..210a9dbdfe 100644
--- a/inc/python
+++ b/inc/python
@@ -157,6 +157,28 @@ function use_library_from_git {
     return $enabled
 }
 
+# determine if a package was installed from git
+function lib_installed_from_git {
+    local name=$1
+    pip freeze 2>/dev/null | grep -- "$name" | grep -q -- '-e git'
+}
+
+# check that everything that's in LIBS_FROM_GIT was actually installed
+# correctly, this helps double check issues with library fat fingering.
+function check_libs_from_git {
+    local lib=""
+    local not_installed=""
+    for lib in $(echo ${LIBS_FROM_GIT} | tr "," " "); do
+        if ! lib_installed_from_git "$lib"; then
+            not_installed+=" $lib"
+        fi
+    done
+    # if anything is not installed, say what it is.
+    if [[ -n "$not_installed" ]]; then
+        die $LINENO "The following LIBS_FROM_GIT were not installed correct: $not_installed"
+    fi
+}
+
 # setup a library by name. If we are trying to use the library from
 # git, we'll do a git based install, otherwise we'll punt and the
 # library should be installed by a requirements pull from another
diff --git a/stack.sh b/stack.sh
index accfd0ac3e..638d471654 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1373,9 +1373,16 @@ if [[ -x $TOP_DIR/local.sh ]]; then
     $TOP_DIR/local.sh
 fi
 
+# Sanity checks
+# =============
+
 # Check the status of running services
 service_check
 
+# ensure that all the libraries we think we installed from git,
+# actually were.
+check_libs_from_git
+
 
 # Bash completion
 # ===============

From be65c6f88d5922e356178a2958afa9ae452fb85e Mon Sep 17 00:00:00 2001
From: Wei Jiangang 
Date: Mon, 14 Sep 2015 18:52:47 +0800
Subject: [PATCH 0918/3421] Fix typos in stackrc and unstack.sh

Componets => Components
pluggins => plugins

Change-Id: I82634a55fd5895599099c94817af7d8d2f602859
---
 stackrc    | 2 +-
 unstack.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/stackrc b/stackrc
index 156cb1f85a..05956ee0b2 100644
--- a/stackrc
+++ b/stackrc
@@ -255,7 +255,7 @@ GITBRANCH["tempest-lib"]=${TEMPEST_LIB_BRANCH:-master}
 
 ##############
 #
-#  OpenStack Client Library Componets
+#  OpenStack Client Library Components
 #
 ##############
 
diff --git a/unstack.sh b/unstack.sh
index 10e595809a..27d6719af9 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -45,7 +45,7 @@ fi
 # Configure Projects
 # ==================
 
-# Plugin Phase 0: override_defaults - allow pluggins to override
+# Plugin Phase 0: override_defaults - allow plugins to override
 # defaults before other services are run
 run_phase override_defaults
 

From a29434460e869b7bb397044d8f073531e4ee112d Mon Sep 17 00:00:00 2001
From: Ivan Kolodyazhny 
Date: Tue, 23 Jun 2015 19:09:34 +0300
Subject: [PATCH 0919/3421] Disable Cinder v1 API support by default

Cinder API v1 will be removed Mitaka so we don't need to setup it be
default.

To enable Cinder API v1 you need to set CINDER_ENABLE_V1_API=True in
your Devstack config.

Related-Bug: #1467589

Depends-On: I6916eb3e4b7c85f37be8b365b11ca8b48f88177c
Change-Id: I0754e357433cfcd9fde7e937a4a1b440580b6289
---
 doc/source/configuration.rst |  7 +++++++
 lib/cinder                   | 29 +++++++++++++++++------------
 lib/tempest                  |  9 +++++++++
 3 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 983f5c0aae..3bd246d870 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -587,6 +587,13 @@ with ``VOLUME_BACKING_FILE_SIZE``.
         VOLUME_BACKING_FILE_SIZE=10250M
 
 
+Cinder v1 API is depricated and disabled by default. You can enable v1 API by
+setting ``CINDER_ENABLE_V1_API`` to ``True``.
+
+    ::
+        CINDER_ENABLE_V1_API=True
+
+
 Keystone
 ~~~~~~~~
 
diff --git a/lib/cinder b/lib/cinder
index 26277ccaba..f0b0f1d7e5 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -27,6 +27,9 @@ set +o xtrace
 # Defaults
 # --------
 
+# NOTE (e0ne): Cinder API v1 is deprecated and will be disabled by default.
+CINDER_ENABLE_V1_API=$(trueorfalse False CINDER_ENABLE_V1_API)
+
 # set up default driver
 CINDER_DRIVER=${CINDER_DRIVER:-default}
 CINDER_PLUGINS=$TOP_DIR/lib/cinder_plugins
@@ -225,9 +228,12 @@ function configure_cinder {
     iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
     iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL
     # NOTE(thingee): Cinder V1 API is deprecated and defaults to off as of
-    # Juno. Keep it enabled so we can continue testing while it's still
-    # supported.
-    iniset $CINDER_CONF DEFAULT enable_v1_api true
+    # Juno.
+    if [[ ${CINDER_ENABLE_V1_API} = True ]]; then
+        iniset $CINDER_CONF DEFAULT enable_v1_api true
+    else
+        iniset $CINDER_CONF DEFAULT enable_v1_api false
+    fi
 
     iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME"
 
@@ -326,12 +332,13 @@ function create_cinder_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            get_or_create_service "cinder" "volume" "Cinder Volume Service"
-            get_or_create_endpoint "volume" "$REGION_NAME" \
-                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
-                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
-                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
-
+            if [[ ${CINDER_ENABLE_V1_API} = True ]]; then
+                get_or_create_service "cinder" "volume" "Cinder Volume Service"
+                get_or_create_endpoint "volume" "$REGION_NAME" \
+                    "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                    "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                    "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
+            fi
             get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
             get_or_create_endpoint "volumev2" "$REGION_NAME" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
@@ -482,9 +489,7 @@ function create_volume_types {
         local be be_name
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
             be_name=${be##*:}
-            # FIXME(jamielennox): Remove --os-volume-api-version pinning when
-            # osc supports volume type create on v2 api. bug #1475060
-            openstack volume type create --os-volume-api-version 1 --property volume_backend_name="${be_name}" ${be_name}
+            openstack volume type create --os-volume-api-version 2 --property volume_backend_name="${be_name}" ${be_name}
         done
     fi
 }
diff --git a/lib/tempest b/lib/tempest
index d372e0f6ca..3624b9605e 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -494,6 +494,15 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG volume-feature-enabled backup False
     fi
 
+    # Use only Cinder API v2
+    if [[ ${CINDER_ENABLE_V1_API} = True ]]; then
+        iniset $TEMPEST_CONFIG volume-feature-enabled api_v1 True
+        iniset $TEMPEST_CONFIG volume catalog_type volume
+    else
+        iniset $TEMPEST_CONFIG volume-feature-enabled api_v1 False
+        iniset $TEMPEST_CONFIG volume catalog_type volumev2
+    fi
+
     # Using ``CINDER_ENABLED_BACKENDS``
     if [[ -n "$CINDER_ENABLED_BACKENDS" ]] && [[ $CINDER_ENABLED_BACKENDS =~ .*,.* ]]; then
         iniset $TEMPEST_CONFIG volume-feature-enabled multi_backend "True"

From 624ab1e65dac94572de04e4a12b28d31e342faf1 Mon Sep 17 00:00:00 2001
From: Flavio Percoco 
Date: Thu, 30 Apr 2015 08:54:15 +0200
Subject: [PATCH 0920/3421] Remove Zaqar from devstack

Zaqar's devstack code has been moved into a plugin in the Zaqar repo.
This patch removes the remaining code from devstack.

Depends-On: Iceefabb6cd528b23075a91e8039b8264eb3f33f5
Change-Id: Ifcf54fa2d4a5bf49b6757b593bb70cdeda8edb2a
---
 doc/source/index.rst    |   4 +-
 exercises/zaqar.sh      |  43 --------
 extras.d/70-zaqar.sh    |  29 ------
 files/debs/zaqar-server |   4 -
 files/rpms/zaqar-server |   5 -
 lib/tempest             |   2 +-
 lib/zaqar               | 225 ----------------------------------------
 7 files changed, 2 insertions(+), 310 deletions(-)
 delete mode 100755 exercises/zaqar.sh
 delete mode 100644 extras.d/70-zaqar.sh
 delete mode 100644 files/debs/zaqar-server
 delete mode 100644 files/rpms/zaqar-server
 delete mode 100644 lib/zaqar

diff --git a/doc/source/index.rst b/doc/source/index.rst
index 2dd0241fba..21fec590ef 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -173,7 +173,7 @@ Scripts
 * `lib/swift `__
 * `lib/tempest `__
 * `lib/tls `__
-* `lib/zaqar `__
+* `lib/trove `__
 * `unstack.sh `__
 * `clean.sh `__
 * `run\_tests.sh `__
@@ -181,7 +181,6 @@ Scripts
 * `extras.d/50-ironic.sh `__
 * `extras.d/60-ceph.sh `__
 * `extras.d/70-tuskar.sh `__
-* `extras.d/70-zaqar.sh `__
 * `extras.d/80-tempest.sh `__
 
 * `inc/ini-config `__
@@ -239,4 +238,3 @@ Exercises
 * `exercises/sec\_groups.sh `__
 * `exercises/swift.sh `__
 * `exercises/volumes.sh `__
-* `exercises/zaqar.sh `__
diff --git a/exercises/zaqar.sh b/exercises/zaqar.sh
deleted file mode 100755
index c370b12c85..0000000000
--- a/exercises/zaqar.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-# **zaqar.sh**
-
-# Sanity check that Zaqar started if enabled
-
-echo "*********************************************************************"
-echo "Begin DevStack Exercise: $0"
-echo "*********************************************************************"
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occurred.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Keep track of the current directory
-EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
-TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
-
-# Import common functions
-source $TOP_DIR/functions
-
-# Import configuration
-source $TOP_DIR/openrc
-
-# Import exercise configuration
-source $TOP_DIR/exerciserc
-
-is_service_enabled zaqar-server || exit 55
-
-$CURL_GET http://$SERVICE_HOST:8888/v1/ 2>/dev/null | grep -q 'queue_name' || die $LINENO "Zaqar API not functioning!"
-
-set +o xtrace
-echo "*********************************************************************"
-echo "SUCCESS: End DevStack Exercise: $0"
-echo "*********************************************************************"
diff --git a/extras.d/70-zaqar.sh b/extras.d/70-zaqar.sh
deleted file mode 100644
index 63c4fd5ad5..0000000000
--- a/extras.d/70-zaqar.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-# zaqar.sh - Devstack extras script to install Zaqar
-
-if is_service_enabled zaqar-server; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source
-        source $TOP_DIR/lib/zaqar
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing Zaqar"
-        install_zaqarclient
-        install_zaqar
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        echo_summary "Configuring Zaqar"
-        configure_zaqar
-        configure_zaqarclient
-
-        if is_service_enabled key; then
-            create_zaqar_accounts
-        fi
-
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        echo_summary "Initializing Zaqar"
-        init_zaqar
-        start_zaqar
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_zaqar
-    fi
-fi
diff --git a/files/debs/zaqar-server b/files/debs/zaqar-server
deleted file mode 100644
index 6c2a4d154a..0000000000
--- a/files/debs/zaqar-server
+++ /dev/null
@@ -1,4 +0,0 @@
-python-pymongo
-mongodb-server
-pkg-config
-redis-server # NOPRIME
\ No newline at end of file
diff --git a/files/rpms/zaqar-server b/files/rpms/zaqar-server
deleted file mode 100644
index 78806fb3f6..0000000000
--- a/files/rpms/zaqar-server
+++ /dev/null
@@ -1,5 +0,0 @@
-selinux-policy-targeted
-mongodb
-mongodb-server
-pymongo
-redis # NOPRIME
diff --git a/lib/tempest b/lib/tempest
index 71181cca21..f4d0a6dab0 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -550,7 +550,7 @@ function configure_tempest {
     # this tempest service list needs to be all the services that
     # tempest supports, otherwise we can have an erroneous set of
     # defaults (something defaulting true in Tempest, but not listed here).
-    TEMPEST_SERVICES="key,glance,nova,neutron,cinder,swift,heat,ceilometer,horizon,sahara,ironic,trove,zaqar"
+    TEMPEST_SERVICES="key,glance,nova,neutron,cinder,swift,heat,ceilometer,horizon,sahara,ironic,trove"
     for service in ${TEMPEST_SERVICES//,/ }; do
         if is_service_enabled $service ; then
             iniset $TEMPEST_CONFIG service_available $service "True"
diff --git a/lib/zaqar b/lib/zaqar
deleted file mode 100644
index aa21aac271..0000000000
--- a/lib/zaqar
+++ /dev/null
@@ -1,225 +0,0 @@
-#!/bin/bash
-#
-# lib/zaqar
-# Install and start **Zaqar** service
-
-# To enable a minimal set of Zaqar services, add the following to localrc:
-#
-#     enable_service zaqar-server
-#
-# Dependencies:
-# - functions
-# - OS_AUTH_URL for auth in api
-# - DEST set to the destination directory
-# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
-# - STACK_USER service user
-
-# stack.sh
-# ---------
-# install_zaqar
-# configure_zaqar
-# init_zaqar
-# start_zaqar
-# stop_zaqar
-# cleanup_zaqar
-# cleanup_zaqar_mongodb
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-# Set up default directories
-ZAQAR_DIR=$DEST/zaqar
-ZAQARCLIENT_DIR=$DEST/python-zaqarclient
-ZAQAR_CONF_DIR=/etc/zaqar
-ZAQAR_CONF=$ZAQAR_CONF_DIR/zaqar.conf
-ZAQAR_AUTH_CACHE_DIR=${ZAQAR_AUTH_CACHE_DIR:-/var/cache/zaqar}
-
-# Support potential entry-points console scripts
-ZAQAR_BIN_DIR=$(get_python_exec_prefix)
-
-# Set up database backend
-ZAQAR_BACKEND=${ZAQAR_BACKEND:-mongodb}
-
-
-# Set Zaqar repository
-ZAQAR_REPO=${ZAQAR_REPO:-${GIT_BASE}/openstack/zaqar.git}
-ZAQAR_BRANCH=${ZAQAR_BRANCH:-master}
-
-# Set client library repository
-ZAQARCLIENT_REPO=${ZAQARCLIENT_REPO:-${GIT_BASE}/openstack/python-zaqarclient.git}
-ZAQARCLIENT_BRANCH=${ZAQARCLIENT_BRANCH:-master}
-
-# Set Zaqar Connection Info
-ZAQAR_SERVICE_HOST=${ZAQAR_SERVICE_HOST:-$SERVICE_HOST}
-ZAQAR_SERVICE_PORT=${ZAQAR_SERVICE_PORT:-8888}
-ZAQAR_SERVICE_PROTOCOL=${ZAQAR_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
-
-# Functions
-# ---------
-
-# Test if any Zaqar services are enabled
-# is_zaqar_enabled
-function is_zaqar_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"zaqar-" ]] && return 0
-    return 1
-}
-
-# cleanup_zaqar() - Cleans up general things from previous
-# runs and storage specific left overs.
-function cleanup_zaqar {
-    if [ "$ZAQAR_BACKEND" = 'mongodb' ] ; then
-        cleanup_zaqar_mongodb
-    fi
-}
-
-# cleanup_zaqar_mongodb() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_zaqar_mongodb {
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! mongo zaqar --eval 'db.dropDatabase();'; do sleep 1; done"; then
-        die $LINENO "Mongo DB did not start"
-    else
-        full_version=$(mongo zaqar --eval 'db.dropDatabase();')
-        mongo_version=`echo $full_version | cut -d' ' -f4`
-        required_mongo_version='2.2'
-        if [[ $mongo_version < $required_mongo_version ]]; then
-            die $LINENO "Zaqar needs Mongo DB version >= 2.2 to run."
-        fi
-    fi
-}
-
-# configure_zaqarclient() - Set config files, create data dirs, etc
-function configure_zaqarclient {
-    setup_develop $ZAQARCLIENT_DIR
-}
-
-# configure_zaqar() - Set config files, create data dirs, etc
-function configure_zaqar {
-    setup_develop $ZAQAR_DIR
-
-    sudo install -d -o $STACK_USER -m 755 $ZAQAR_CONF_DIR
-
-    iniset $ZAQAR_CONF DEFAULT debug True
-    iniset $ZAQAR_CONF DEFAULT verbose True
-    iniset $ZAQAR_CONF DEFAULT admin_mode True
-    iniset $ZAQAR_CONF DEFAULT use_syslog $SYSLOG
-    iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST
-
-    configure_auth_token_middleware $ZAQAR_CONF zaqar $ZAQAR_AUTH_CACHE_DIR
-
-    if [ "$ZAQAR_BACKEND" = 'mysql' ] || [ "$ZAQAR_BACKEND" = 'postgresql' ] ; then
-        iniset $ZAQAR_CONF drivers storage sqlalchemy
-        iniset $ZAQAR_CONF 'drivers:storage:sqlalchemy' uri `database_connection_url zaqar`
-    elif [ "$ZAQAR_BACKEND" = 'mongodb' ] ; then
-        iniset $ZAQAR_CONF  drivers storage mongodb
-        iniset $ZAQAR_CONF 'drivers:storage:mongodb' uri mongodb://localhost:27017/zaqar
-        configure_mongodb
-    elif [ "$ZAQAR_BACKEND" = 'redis' ] ; then
-        iniset $ZAQAR_CONF  drivers storage redis
-        iniset $ZAQAR_CONF 'drivers:storage:redis' uri redis://localhost:6379
-        configure_redis
-    fi
-
-    iniset $ZAQAR_CONF DEFAULT notification_driver messaging
-    iniset $ZAQAR_CONF DEFAULT control_exchange zaqar
-
-    iniset_rpc_backend zaqar $ZAQAR_CONF
-
-    cleanup_zaqar
-}
-
-function configure_redis {
-    if is_ubuntu; then
-        install_package redis-server
-        pip_install_gr redis
-    elif is_fedora; then
-        install_package redis
-        pip_install_gr redis
-    else
-        exit_distro_not_supported "redis installation"
-    fi
-}
-
-function configure_mongodb {
-    # Set nssize to 2GB. This increases the number of namespaces supported
-    # # per database.
-    if is_ubuntu; then
-        sudo sed -i -e "
-            s|[^ \t]*#[ \t]*\(nssize[ \t]*=.*\$\)|\1|
-            s|^\(nssize[ \t]*=[ \t]*\).*\$|\1 2047|
-        " /etc/mongodb.conf
-        restart_service mongodb
-    elif is_fedora; then
-        sudo sed -i '/--nssize/!s/OPTIONS=\"/OPTIONS=\"--nssize 2047 /' /etc/sysconfig/mongod
-        restart_service mongod
-    fi
-}
-
-# init_zaqar() - Initialize etc.
-function init_zaqar {
-    # Create cache dir
-    sudo install -d -o $STACK_USER $ZAQAR_AUTH_CACHE_DIR
-    rm -f $ZAQAR_AUTH_CACHE_DIR/*
-}
-
-# install_zaqar() - Collect source and prepare
-function install_zaqar {
-    git_clone $ZAQAR_REPO $ZAQAR_DIR $ZAQAR_BRANCH
-    setup_develop $ZAQAR_DIR
-}
-
-# install_zaqarclient() - Collect source and prepare
-function install_zaqarclient {
-    git_clone $ZAQARCLIENT_REPO $ZAQARCLIENT_DIR $ZAQARCLIENT_BRANCH
-    setup_develop $ZAQARCLIENT_DIR
-}
-
-# start_zaqar() - Start running processes, including screen
-function start_zaqar {
-    if [[ "$USE_SCREEN" = "False" ]]; then
-        run_process zaqar-server "zaqar-server --config-file $ZAQAR_CONF --daemon"
-    else
-        run_process zaqar-server "zaqar-server --config-file $ZAQAR_CONF"
-    fi
-
-    echo "Waiting for Zaqar to start..."
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT/v1/health; do sleep 1; done"; then
-        die $LINENO "Zaqar did not start"
-    fi
-}
-
-# stop_zaqar() - Stop running processes
-function stop_zaqar {
-    local serv
-    # Kill the zaqar screen windows
-    for serv in zaqar-server; do
-        screen -S $SCREEN_NAME -p $serv -X kill
-    done
-}
-
-function create_zaqar_accounts {
-    create_service_user "zaqar"
-
-    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-        get_or_create_service "zaqar" "messaging" "Zaqar Service"
-        get_or_create_endpoint "messaging" \
-            "$REGION_NAME" \
-            "$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT" \
-            "$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT" \
-            "$ZAQAR_SERVICE_PROTOCOL://$ZAQAR_SERVICE_HOST:$ZAQAR_SERVICE_PORT"
-    fi
-
-}
-
-
-# Restore xtrace
-$XTRACE
-
-# Local variables:
-# mode: shell-script
-# End:

From 193d8a6e7c22695f33d2082bb330e3039b516a5b Mon Sep 17 00:00:00 2001
From: Fawad Khaliq 
Date: Tue, 11 Aug 2015 07:32:56 -0700
Subject: [PATCH 0921/3421] Improve PLUMgrid Install Endpoints

PLUMgrid Plugin has moved out of Neutron tree and it's new
home is openstack/networking-plumgrid[1]. With core vendor
decomposition reaching completion, this change moves
PLUMgrid Plugin install to an external DevStack plugin
for better integration.

[1] https://github.com/openstack/networking-plumgrid
[2] http://docs.openstack.org/developer/neutron/devref/contribute.html

Change-Id: I5bd6d8f611c2a134f2e8f14c074c1a4185d9c522
---
 lib/neutron_plugins/plumgrid | 58 ------------------------------------
 1 file changed, 58 deletions(-)
 delete mode 100644 lib/neutron_plugins/plumgrid

diff --git a/lib/neutron_plugins/plumgrid b/lib/neutron_plugins/plumgrid
deleted file mode 100644
index 0d711fe8b2..0000000000
--- a/lib/neutron_plugins/plumgrid
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/bin/bash
-#
-# PLUMgrid Neutron Plugin
-# Edgar Magana emagana@plumgrid.com
-# ------------------------------------
-
-# Save trace settings
-PG_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-function neutron_plugin_create_nova_conf {
-    :
-}
-
-function neutron_plugin_setup_interface_driver {
-    :
-}
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/plumgrid
-    Q_PLUGIN_CONF_FILENAME=plumgrid.ini
-    Q_PLUGIN_CLASS="neutron.plugins.plumgrid.plumgrid_plugin.plumgrid_plugin.NeutronPluginPLUMgridV2"
-    PLUMGRID_DIRECTOR_IP=${PLUMGRID_DIRECTOR_IP:-localhost}
-    PLUMGRID_DIRECTOR_PORT=${PLUMGRID_DIRECTOR_PORT:-7766}
-    PLUMGRID_ADMIN=${PLUMGRID_ADMIN:-username}
-    PLUMGRID_PASSWORD=${PLUMGRID_PASSWORD:-password}
-    PLUMGRID_TIMEOUT=${PLUMGRID_TIMEOUT:-70}
-    PLUMGRID_DRIVER=${PLUMGRID_DRIVER:-neutron.plugins.plumgrid.drivers.fake_plumlib.Plumlib}
-}
-
-function neutron_plugin_configure_service {
-    iniset /$Q_PLUGIN_CONF_FILE plumgriddirector director_server $PLUMGRID_DIRECTOR_IP
-    iniset /$Q_PLUGIN_CONF_FILE plumgriddirector director_server_port $PLUMGRID_DIRECTOR_PORT
-    iniset /$Q_PLUGIN_CONF_FILE plumgriddirector username $PLUMGRID_ADMIN
-    iniset /$Q_PLUGIN_CONF_FILE plumgriddirector password $PLUMGRID_PASSWORD
-    iniset /$Q_PLUGIN_CONF_FILE plumgriddirector servertimeout $PLUMGRID_TIMEOUT
-    iniset /$Q_PLUGIN_CONF_FILE plumgriddirector driver $PLUMGRID_DRIVER
-}
-
-function neutron_plugin_configure_debug_command {
-    :
-}
-
-function is_neutron_ovs_base_plugin {
-    # False
-    return 1
-}
-
-function has_neutron_plugin_security_group {
-    # return 0 means enabled
-    return 0
-}
-
-function neutron_plugin_check_adv_test_requirements {
-    is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
-}
-# Restore xtrace
-$PG_XTRACE

From 7c7679ecc9f1e8dffcb886aab8ef96eafcc1d9f6 Mon Sep 17 00:00:00 2001
From: dieterly 
Date: Fri, 18 Sep 2015 15:10:48 -0600
Subject: [PATCH 0922/3421] Clarify new header configuration syntax

Make it clear that there are no spaces in the
new header section.

Change-Id: I69c14017820621a3aea75e41960ac3758f7e4835
---
 doc/source/configuration.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 983f5c0aae..e8de7c4f70 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -18,11 +18,12 @@ A sample is provided in ``devstack/samples``
 
 The new header is similar to a normal INI section header but with double
 brackets (``[[ ... ]]``) and two internal fields separated by a pipe
-(``|``):
-
+(``|``). Note that there are no spaces between the double brackets and the
+internal fields. Likewise, there are no spaces between the pipe and the
+internal fields:
 ::
 
-    [[  |  ]]
+    '[['  '|'  ']]'
 
 where ```` is one of a set of phase names defined by ``stack.sh``
 and ```` is the configuration filename. The filename

From 261d10080900908e3377d88a82adb47b607d0174 Mon Sep 17 00:00:00 2001
From: Christian Berendt 
Date: Sat, 19 Sep 2015 18:44:29 +0200
Subject: [PATCH 0923/3421] registry: list rally project

Change-Id: I29ec5693ad1e2c3edd5a8ed2d18a4433e4eee627
---
 doc/source/plugin-registry.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 428efc4977..9bc7ce3f2d 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -26,6 +26,8 @@ The following are plugins that exist for official OpenStack projects.
 +--------------------+-------------------------------------------+--------------------+
 |magnum              |git://git.openstack.org/openstack/magnum   |                    |
 +--------------------+-------------------------------------------+--------------------+
+|rally               |git://git.openstack.org/openstack/rally    |                    |
++--------------------+-------------------------------------------+--------------------+
 |sahara              |git://git.openstack.org/openstack/sahara   |                    |
 +--------------------+-------------------------------------------+--------------------+
 |trove               |git://git.openstack.org/openstack/trove    |                    |

From 2a16b512640afd6290a4f023e359b83d7052a0de Mon Sep 17 00:00:00 2001
From: Christian Berendt 
Date: Sat, 19 Sep 2015 18:42:21 +0200
Subject: [PATCH 0924/3421] registry: list mistral project

Change-Id: Icbc73b3df9cedf9bd228c23b20aebf9b69c4a39c
---
 doc/source/plugin-registry.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 9bc7ce3f2d..1b54c01f54 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -26,6 +26,8 @@ The following are plugins that exist for official OpenStack projects.
 +--------------------+-------------------------------------------+--------------------+
 |magnum              |git://git.openstack.org/openstack/magnum   |                    |
 +--------------------+-------------------------------------------+--------------------+
+|mistral             |git://git.openstack.org/openstack/mistral  |                    |
++--------------------+-------------------------------------------+--------------------+
 |rally               |git://git.openstack.org/openstack/rally    |                    |
 +--------------------+-------------------------------------------+--------------------+
 |sahara              |git://git.openstack.org/openstack/sahara   |                    |

From 91e3c1ec9a0e003e5cea08383852be6535e11c45 Mon Sep 17 00:00:00 2001
From: Wei Jiangang 
Date: Mon, 21 Sep 2015 17:51:02 +0800
Subject: [PATCH 0925/3421] lib/nova: make redirects happen in correct order

It should redirect stdout to /dev/null firstly,
then redirect stderr to whatever stdout currently points at.

Change-Id: I4666fa90a96301f0b504a8501f0ffc3fe17616b0
---
 lib/nova | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 6441a891eb..63489502e9 100644
--- a/lib/nova
+++ b/lib/nova
@@ -332,7 +332,7 @@ function configure_nova {
                 if [ ! -e /dev/kvm ]; then
                     echo "WARNING: Switching to QEMU"
                     LIBVIRT_TYPE=qemu
-                    if which selinuxenabled 2>&1 > /dev/null && selinuxenabled; then
+                    if which selinuxenabled >/dev/null 2>&1 && selinuxenabled; then
                         # https://bugzilla.redhat.com/show_bug.cgi?id=753589
                         sudo setsebool virt_use_execmem on
                     fi

From e3340f1fe6a79166e50dc2a89e7a74fa038e9014 Mon Sep 17 00:00:00 2001
From: Wei Jiangang 
Date: Mon, 21 Sep 2015 17:52:14 +0800
Subject: [PATCH 0926/3421] Fix typo: falure => failure

Change-Id: Ic1a53eec71d5e20194505aa8655a99b2fedd7632
---
 functions-common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index f6a525354f..16abb65fb3 100644
--- a/functions-common
+++ b/functions-common
@@ -1453,7 +1453,7 @@ function service_check {
         return
     fi
 
-    # Check if there is any falure flag file under $SERVICE_DIR/$SCREEN_NAME
+    # Check if there is any failure flag file under $SERVICE_DIR/$SCREEN_NAME
     # make this -o errexit safe
     failures=`ls "$SERVICE_DIR/$SCREEN_NAME"/*.failure 2>/dev/null || /bin/true`
 

From bf9f9a594246e6f997c7be69910efa25b6bd80d7 Mon Sep 17 00:00:00 2001
From: dieterly 
Date: Mon, 21 Sep 2015 13:24:00 -0600
Subject: [PATCH 0927/3421] Fix typo

Change 'This' -> 'These'.

Change-Id: If2f8f92d3adbb8fe4556e5c3ec53e4da31d02d49
---
 doc/source/plugins.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 803dd08a48..fda601b414 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -178,7 +178,7 @@ System Packages
 ===============
 
 Devstack provides a framework for getting packages installed at an early
-phase of its execution. This packages may be defined in a plugin as files
+phase of its execution. These packages may be defined in a plugin as files
 that contain new-line separated lists of packages required by the plugin
 
 Supported packaging systems include apt and yum across multiple distributions.

From 16a2d64f379974e7c88ef9f7879c88511e43c2eb Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Sat, 19 Sep 2015 11:19:31 -0400
Subject: [PATCH 0928/3421] Move writing of credentials earlier in the process

If something goes wrong after keystone is running with services
registered, but before credentials are written, it's hard to poke at the
existing half-running state because none of the auth information is
recorded.

Write the files right after we're done bootstrapping keystone.

Change-Id: I2f8ae86e17d26ec4defa16e843faa8987d27fac9
---
 stack.sh | 130 ++++++++++++++++++++++++++++---------------------------
 1 file changed, 67 insertions(+), 63 deletions(-)

diff --git a/stack.sh b/stack.sh
index 700a0aecad..7184e59bc0 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1034,6 +1034,73 @@ if is_service_enabled keystone; then
     export OS_REGION_NAME=$REGION_NAME
 fi
 
+# We now have a working keystone. From this point, everything can be done
+# with normal auth. Let's write out the auth config files so that if something
+# goes wrong subsequently, developers debugging have stackrc and clouds.yaml
+# files to use to poke at things
+
+# Create account rc files
+# =======================
+
+# Creates source able script files for easier user switching.
+# This step also creates certificates for tenants and users,
+# which is helpful in image bundle steps.
+
+if is_service_enabled nova && is_service_enabled keystone; then
+    USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
+
+    if [ -f $SSL_BUNDLE_FILE ]; then
+        USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
+    fi
+
+    if [[ "$HEAT_STANDALONE" = "True" ]]; then
+        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
+    fi
+
+    $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
+fi
+
+
+# Save some values we generated for later use
+save_stackenv
+
+# Update/create user clouds.yaml file.
+# clouds.yaml will have
+# - A `devstack` entry for the `demo` user for the `demo` project.
+# - A `devstack-admin` entry for the `admin` user for the `admin` project.
+
+# The location is a variable to allow for easier refactoring later to make it
+# overridable. There is currently no usecase where doing so makes sense, so
+# it's not currently configurable.
+CLOUDS_YAML=~/.config/openstack/clouds.yaml
+
+mkdir -p $(dirname $CLOUDS_YAML)
+
+CA_CERT_ARG=''
+if [ -f "$SSL_BUNDLE_FILE" ]; then
+    CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
+fi
+$TOP_DIR/tools/update_clouds_yaml.py \
+    --file $CLOUDS_YAML \
+    --os-cloud devstack \
+    --os-region-name $REGION_NAME \
+    --os-identity-api-version $IDENTITY_API_VERSION \
+    $CA_CERT_ARG \
+    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+    --os-username demo \
+    --os-password $ADMIN_PASSWORD \
+    --os-project-name demo
+$TOP_DIR/tools/update_clouds_yaml.py \
+    --file $CLOUDS_YAML \
+    --os-cloud devstack-admin \
+    --os-region-name $REGION_NAME \
+    --os-identity-api-version $IDENTITY_API_VERSION \
+    $CA_CERT_ARG \
+    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+    --os-username admin \
+    --os-password $ADMIN_PASSWORD \
+    --os-project-name admin
+
 # Horizon
 # -------
 
@@ -1275,69 +1342,6 @@ if is_service_enabled heat; then
 fi
 
 
-# Create account rc files
-# =======================
-
-# Creates source able script files for easier user switching.
-# This step also creates certificates for tenants and users,
-# which is helpful in image bundle steps.
-
-if is_service_enabled nova && is_service_enabled keystone; then
-    USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
-
-    if [ -f $SSL_BUNDLE_FILE ]; then
-        USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
-    fi
-
-    if [[ "$HEAT_STANDALONE" = "True" ]]; then
-        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
-    fi
-
-    $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
-fi
-
-
-# Save some values we generated for later use
-save_stackenv
-
-# Update/create user clouds.yaml file.
-# clouds.yaml will have
-# - A `devstack` entry for the `demo` user for the `demo` project.
-# - A `devstack-admin` entry for the `admin` user for the `admin` project.
-
-# The location is a variable to allow for easier refactoring later to make it
-# overridable. There is currently no usecase where doing so makes sense, so
-# it's not currently configurable.
-CLOUDS_YAML=~/.config/openstack/clouds.yaml
-
-mkdir -p $(dirname $CLOUDS_YAML)
-
-CA_CERT_ARG=''
-if [ -f "$SSL_BUNDLE_FILE" ]; then
-    CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
-fi
-$TOP_DIR/tools/update_clouds_yaml.py \
-    --file $CLOUDS_YAML \
-    --os-cloud devstack \
-    --os-region-name $REGION_NAME \
-    --os-identity-api-version $IDENTITY_API_VERSION \
-    $CA_CERT_ARG \
-    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
-    --os-username demo \
-    --os-password $ADMIN_PASSWORD \
-    --os-project-name demo
-$TOP_DIR/tools/update_clouds_yaml.py \
-    --file $CLOUDS_YAML \
-    --os-cloud devstack-admin \
-    --os-region-name $REGION_NAME \
-    --os-identity-api-version $IDENTITY_API_VERSION \
-    $CA_CERT_ARG \
-    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
-    --os-username admin \
-    --os-password $ADMIN_PASSWORD \
-    --os-project-name admin
-
-
 # Wrapup configuration
 # ====================
 

From 7224eecb98883a91e9da445baefc23a194e8fd68 Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Sat, 19 Sep 2015 11:26:18 -0400
Subject: [PATCH 0929/3421] Extract writing clouds.yaml to function

It's a bit wordy to be directly in stack.sh and not in a function.

Change-Id: Ibddfd8018d861191f1b1dc3270e0e81c274733cd
---
 functions-common | 39 +++++++++++++++++++++++++++++++++++++++
 stack.sh         | 38 ++------------------------------------
 2 files changed, 41 insertions(+), 36 deletions(-)

diff --git a/functions-common b/functions-common
index 446de5374f..4fca80e14b 100644
--- a/functions-common
+++ b/functions-common
@@ -67,6 +67,45 @@ function save_stackenv {
     done
 }
 
+# Update/create user clouds.yaml file.
+# clouds.yaml will have
+# - A `devstack` entry for the `demo` user for the `demo` project.
+# - A `devstack-admin` entry for the `admin` user for the `admin` project.
+# write_clouds_yaml
+function write_clouds_yaml {
+    # The location is a variable to allow for easier refactoring later to make it
+    # overridable. There is currently no usecase where doing so makes sense, so
+    # it's not currently configurable.
+    CLOUDS_YAML=~/.config/openstack/clouds.yaml
+
+    mkdir -p $(dirname $CLOUDS_YAML)
+
+    CA_CERT_ARG=''
+    if [ -f "$SSL_BUNDLE_FILE" ]; then
+        CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
+    fi
+    $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack \
+        --os-region-name $REGION_NAME \
+        --os-identity-api-version $IDENTITY_API_VERSION \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+        --os-username demo \
+        --os-password $ADMIN_PASSWORD \
+        --os-project-name demo
+    $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack-admin \
+        --os-region-name $REGION_NAME \
+        --os-identity-api-version $IDENTITY_API_VERSION \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+        --os-username admin \
+        --os-password $ADMIN_PASSWORD \
+        --os-project-name admin
+}
+
 # Normalize config values to True or False
 # Accepts as False: 0 no No NO false False FALSE
 # Accepts as True: 1 yes Yes YES true True TRUE
diff --git a/stack.sh b/stack.sh
index 7184e59bc0..21760213ec 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1064,42 +1064,8 @@ fi
 # Save some values we generated for later use
 save_stackenv
 
-# Update/create user clouds.yaml file.
-# clouds.yaml will have
-# - A `devstack` entry for the `demo` user for the `demo` project.
-# - A `devstack-admin` entry for the `admin` user for the `admin` project.
-
-# The location is a variable to allow for easier refactoring later to make it
-# overridable. There is currently no usecase where doing so makes sense, so
-# it's not currently configurable.
-CLOUDS_YAML=~/.config/openstack/clouds.yaml
-
-mkdir -p $(dirname $CLOUDS_YAML)
-
-CA_CERT_ARG=''
-if [ -f "$SSL_BUNDLE_FILE" ]; then
-    CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
-fi
-$TOP_DIR/tools/update_clouds_yaml.py \
-    --file $CLOUDS_YAML \
-    --os-cloud devstack \
-    --os-region-name $REGION_NAME \
-    --os-identity-api-version $IDENTITY_API_VERSION \
-    $CA_CERT_ARG \
-    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
-    --os-username demo \
-    --os-password $ADMIN_PASSWORD \
-    --os-project-name demo
-$TOP_DIR/tools/update_clouds_yaml.py \
-    --file $CLOUDS_YAML \
-    --os-cloud devstack-admin \
-    --os-region-name $REGION_NAME \
-    --os-identity-api-version $IDENTITY_API_VERSION \
-    $CA_CERT_ARG \
-    --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
-    --os-username admin \
-    --os-password $ADMIN_PASSWORD \
-    --os-project-name admin
+# Write a clouds.yaml file
+write_clouds_yaml
 
 # Horizon
 # -------

From 31c313d3a35e1b222fdb3aa72993a27c288d10bb Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Sat, 19 Sep 2015 11:35:22 -0400
Subject: [PATCH 0930/3421] Use normal API not token/endpoint for image uploads

There is no reason to use keystone token bootstrapping for image
uploads. Glance is a service, and images can be uploaded to it normally
without special shenanigans.

Depends-On: If7b81c4a6746c8a1eb0302c96e045fb0f457d67b
Change-Id: I7092fb10cbe243e091789134263fab081af0c7f4
---
 functions | 23 ++++++++++-------------
 stack.sh  |  2 --
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/functions b/functions
index 4001e9d5f9..3dae157a0c 100644
--- a/functions
+++ b/functions
@@ -71,7 +71,7 @@ function upload_image {
     # OpenVZ-format images are provided as .tar.gz, but not decompressed prior to loading
     if [[ "$image_url" =~ 'openvz' ]]; then
         image_name="${image_fname%.tar.gz}"
-        openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" --public --container-format ami --disk-format ami < "${image}"
+        openstack --os-cloud=devstack-admin image create "$image_name" --public --container-format ami --disk-format ami < "${image}"
         return
     fi
 
@@ -182,7 +182,7 @@ function upload_image {
         vmdk_adapter_type="${props[1]:-$vmdk_adapter_type}"
         vmdk_net_adapter="${props[2]:-$vmdk_net_adapter}"
 
-        openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" --public --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${image}"
+        openstack --os-cloud=devstack-admin image create "$image_name" --public --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${image}"
         return
     fi
 
@@ -199,8 +199,7 @@ function upload_image {
             force_vm_mode="--property vm_mode=xen"
         fi
         openstack \
-            --os-token $token \
-            --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
+            --os-cloud=devstack-admin \
             image create \
             "$image_name" --public \
             --container-format=ovf --disk-format=vhd \
@@ -214,8 +213,7 @@ function upload_image {
     if [[ "$image_url" =~ '.xen-raw.tgz' ]]; then
         image_name="${image_fname%.xen-raw.tgz}"
         openstack \
-            --os-token $token \
-            --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
+            --os-cloud=devstack-admin \
             image create \
             "$image_name" --public \
             --container-format=tgz --disk-format=raw \
@@ -231,8 +229,7 @@ function upload_image {
         fi
 
         openstack \
-            --os-token $token \
-            --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
+            --os-cloud=devstack-admin \
             image create \
             "$image_name" --public \
             --container-format=bare --disk-format=ploop \
@@ -314,9 +311,9 @@ function upload_image {
 
     if [ "$container_format" = "bare" ]; then
         if [ "$unpack" = "zcat" ]; then
-            openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
+            openstack --os-cloud=devstack-admin image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < <(zcat --force "${image}")
         else
-            openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < "${image}"
+            openstack --os-cloud=devstack-admin image create "$image_name" $img_property --public --container-format=$container_format --disk-format $disk_format < "${image}"
         fi
     else
         # Use glance client to add the kernel the root filesystem.
@@ -324,12 +321,12 @@ function upload_image {
         # kernel for use when uploading the root filesystem.
         local kernel_id="" ramdisk_id="";
         if [ -n "$kernel" ]; then
-            kernel_id=$(openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name-kernel" $img_property --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
+            kernel_id=$(openstack --os-cloud=devstack-admin image create "$image_name-kernel" $img_property --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
         fi
         if [ -n "$ramdisk" ]; then
-            ramdisk_id=$(openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "$image_name-ramdisk" $img_property --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
+            ramdisk_id=$(openstack --os-cloud=devstack-admin image create "$image_name-ramdisk" $img_property --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
         fi
-        openstack --os-token $token --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image create "${image_name%.img}" $img_property --public --container-format ami --disk-format ami ${kernel_id:+--property kernel_id=$kernel_id} ${ramdisk_id:+--property ramdisk_id=$ramdisk_id} < "${image}"
+        openstack --os-cloud=devstack-admin image create "${image_name%.img}" $img_property --public --container-format ami --disk-format ami ${kernel_id:+--property kernel_id=$kernel_id} ${ramdisk_id:+--property ramdisk_id=$ramdisk_id} < "${image}"
     fi
 }
 
diff --git a/stack.sh b/stack.sh
index 21760213ec..3625e5f296 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1216,8 +1216,6 @@ fi
 # See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
 
 if is_service_enabled g-reg; then
-    TOKEN=$(openstack token issue -c id -f value)
-    die_if_not_set $LINENO TOKEN "Keystone fail to get token"
 
     echo_summary "Uploading images"
 

From 382f982e51d6117cf8d478b94f975455dabe4ce9 Mon Sep 17 00:00:00 2001
From: Julien Danjou 
Date: Mon, 21 Sep 2015 14:19:52 +0000
Subject: [PATCH 0931/3421] keystone: fix prefixed URL

Commit 2ad1a42ca667ff21e6f7d2ae906be23a20430036 broke entirely the
Apache configuration for Keystone when used without a port on the
/identity URL. This patch fixes that.

Change-Id: I47805138c66456c9c5fa9af1f4ac33b03d0ce5b9
---
 files/apache-keystone.template | 34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 4d3d2d6623..f9fa265db5 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -2,6 +2,16 @@ Listen %PUBLICPORT%
 Listen %ADMINPORT%
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
 
+
+    = 2.4>
+        Require all granted
+    
+    
+        Order allow,deny
+        Allow from all
+    
+
+
 
     WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
     WSGIProcessGroup keystone-public
@@ -16,16 +26,6 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
-
-    
-        = 2.4>
-            Require all granted
-        
-        
-            Order allow,deny
-            Allow from all
-        
-    
 
 
 
@@ -42,19 +42,9 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
     %SSLENGINE%
     %SSLCERTFILE%
     %SSLKEYFILE%
-
-    
-        = 2.4>
-            Require all granted
-        
-        
-            Order allow,deny
-            Allow from all
-        
-    
 
 
-Alias /identity %PUBLICWSGI%
+Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
 
     SetHandler wsgi-script
     Options +ExecCGI
@@ -64,7 +54,7 @@ Alias /identity %PUBLICWSGI%
     WSGIPassAuthorization On
 
 
-Alias /identity_admin %ADMINWSGI%
+Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
 
     SetHandler wsgi-script
     Options +ExecCGI

From 91b7fa134ccc4d58dc14f08fef4641602c98db9e Mon Sep 17 00:00:00 2001
From: Clinton Knight 
Date: Tue, 22 Sep 2015 09:39:23 -0700
Subject: [PATCH 0932/3421] Add manila to devstack plugin registry

Manila has had a devstack plugin since Kilo.  The registry should
reflect that.

Change-Id: I910198495e98b6f8d92c4880d1bee0c16d6c1559
---
 doc/source/plugin-registry.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 1b54c01f54..bbab56b025 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -26,6 +26,8 @@ The following are plugins that exist for official OpenStack projects.
 +--------------------+-------------------------------------------+--------------------+
 |magnum              |git://git.openstack.org/openstack/magnum   |                    |
 +--------------------+-------------------------------------------+--------------------+
+|manila              |git://git.openstack.org/openstack/manila   | file shares        |
++--------------------+-------------------------------------------+--------------------+
 |mistral             |git://git.openstack.org/openstack/mistral  |                    |
 +--------------------+-------------------------------------------+--------------------+
 |rally               |git://git.openstack.org/openstack/rally    |                    |

From 59c6377ae51c024c28a6fba72de567bc97edda10 Mon Sep 17 00:00:00 2001
From: Roxana Gherle 
Date: Wed, 9 Sep 2015 18:22:31 -0700
Subject: [PATCH 0933/3421] Assign admin role for admin user on default domain

This patch adds an admin role assignment for the admin user on
the default domain as part of the Keystone configuration stage.

Closes-Bug: #1494081
Change-Id: I91c88917bd51be4572e4970c94e65d866798df26
---
 functions-common | 32 ++++++++++++++++++++++++++++++++
 lib/keystone     |  1 +
 2 files changed, 33 insertions(+)

diff --git a/functions-common b/functions-common
index 446de5374f..c38a77243e 100644
--- a/functions-common
+++ b/functions-common
@@ -803,6 +803,38 @@ function get_or_add_user_project_role {
     echo $user_role_id
 }
 
+# Gets or adds user role to domain
+# Usage: get_or_add_user_domain_role   
+function get_or_add_user_domain_role {
+    local user_role_id
+    # Gets user role id
+    user_role_id=$(openstack role list \
+        --user $2 \
+        --os-url=$KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
+        --column "ID" \
+        --domain $3 \
+        --column "Name" \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$user_role_id" ]]; then
+        # Adds role to user and get it
+        openstack role add $1 \
+            --user $2 \
+            --domain $3 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3
+        user_role_id=$(openstack role list \
+            --user $2 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            --column "ID" \
+            --domain $3 \
+            --column "Name" \
+            | grep " $1 " | get_field 1)
+    fi
+    echo $user_role_id
+}
+
 # Gets or adds group role to project
 # Usage: get_or_add_group_project_role   
 function get_or_add_group_project_role {
diff --git a/lib/keystone b/lib/keystone
index e2448c9068..b15abe1cb5 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -364,6 +364,7 @@ function create_keystone_accounts {
     local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
     local admin_role=$(get_or_create_role "admin")
     get_or_add_user_project_role $admin_role $admin_user $admin_tenant
+    get_or_add_user_domain_role $admin_role $admin_user default
 
     # Create service project/role
     get_or_create_project "$SERVICE_TENANT_NAME" default

From 50821bed081e94dfd4b75cf02121a42a56cdbaac Mon Sep 17 00:00:00 2001
From: Roxana Gherle 
Date: Tue, 22 Sep 2015 10:52:46 -0700
Subject: [PATCH 0934/3421] Fix return value of get_or_add_user_project_role

get_or_add_user_project_role function was always returning an
empty user_role_id because the role assignment command does not
return any output. Added a command to get the user_role_id after
the assignment happens.

Closes-Bug: #1498599
Change-Id: If1b77eef0d4f0ebdcdf761ecb5e2011484f73871
---
 functions-common | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/functions-common b/functions-common
index cf140072fd..d230a29891 100644
--- a/functions-common
+++ b/functions-common
@@ -830,14 +830,20 @@ function get_or_add_user_project_role {
         --column "Name" \
         | grep " $1 " | get_field 1)
     if [[ -z "$user_role_id" ]]; then
-        # Adds role to user
-        user_role_id=$(openstack role add \
-            $1 \
+        # Adds role to user and get it
+        openstack role add $1 \
             --user $2 \
             --project $3 \
             --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3
+        user_role_id=$(openstack role list \
+            --user $2 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
             --os-identity-api-version=3 \
-            | grep " id " | get_field 2)
+            --column "ID" \
+            --project $3 \
+            --column "Name" \
+            | grep " $1 " | get_field 1)
     fi
     echo $user_role_id
 }

From 5aeea6ae3e2434d7b08bce2da672061cdba08ab0 Mon Sep 17 00:00:00 2001
From: Peter Stachowski 
Date: Tue, 22 Sep 2015 19:38:02 +0000
Subject: [PATCH 0935/3421] Removed unused TOKEN from upload_image

Changeset https://review.openstack.org/#/c/225426/ changed how images
were uploaded into Glance, however the (now) unused TOKEN variable
and function argument to upload_image remained.

These have been removed.

Change-Id: I9910c469f72d52e56111048cc24ea3c992c1d480
---
 functions | 3 +--
 stack.sh  | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/functions b/functions
index 3dae157a0c..ff95c89ad9 100644
--- a/functions
+++ b/functions
@@ -36,10 +36,9 @@ function function_exists {
 # - ``FILES`` must be set to the cache dir
 # - ``GLANCE_HOSTPORT``
 #
-# upload_image image-url glance-token
+# upload_image image-url
 function upload_image {
     local image_url=$1
-    local token=$2
 
     local image image_fname image_name
 
diff --git a/stack.sh b/stack.sh
index 3625e5f296..ae9c946aaa 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1225,7 +1225,7 @@ if is_service_enabled g-reg; then
     fi
 
     for image_url in ${IMAGE_URLS//,/ }; do
-        upload_image $image_url $TOKEN
+        upload_image $image_url
     done
 fi
 

From 5090142969e162e115d6eb1ea7582f68f34d8879 Mon Sep 17 00:00:00 2001
From: Andrey Pavlov 
Date: Tue, 22 Sep 2015 21:20:36 +0300
Subject: [PATCH 0936/3421] Revert change
 I2f8ae86e17d26ec4defa16e843faa8987d27fac9

The commit breaks creation of user rc file.
Now devstack doesn't create certificate for user
(because it's too early to do it) and doesn't react
to changes of EC2/S3 urls if they is recreated by devstack plugins.
So the commit totally broke ec2-api gating for example.

Change-Id: I069f46f95656655ae7ba8f3dd929f47eae594b68
---
 stack.sh | 56 ++++++++++++++++++++++++++------------------------------
 1 file changed, 26 insertions(+), 30 deletions(-)

diff --git a/stack.sh b/stack.sh
index 3625e5f296..d8ab52ec98 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1034,36 +1034,6 @@ if is_service_enabled keystone; then
     export OS_REGION_NAME=$REGION_NAME
 fi
 
-# We now have a working keystone. From this point, everything can be done
-# with normal auth. Let's write out the auth config files so that if something
-# goes wrong subsequently, developers debugging have stackrc and clouds.yaml
-# files to use to poke at things
-
-# Create account rc files
-# =======================
-
-# Creates source able script files for easier user switching.
-# This step also creates certificates for tenants and users,
-# which is helpful in image bundle steps.
-
-if is_service_enabled nova && is_service_enabled keystone; then
-    USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
-
-    if [ -f $SSL_BUNDLE_FILE ]; then
-        USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
-    fi
-
-    if [[ "$HEAT_STANDALONE" = "True" ]]; then
-        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
-    fi
-
-    $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
-fi
-
-
-# Save some values we generated for later use
-save_stackenv
-
 # Write a clouds.yaml file
 write_clouds_yaml
 
@@ -1306,6 +1276,32 @@ if is_service_enabled heat; then
 fi
 
 
+# Create account rc files
+# =======================
+
+# Creates source able script files for easier user switching.
+# This step also creates certificates for tenants and users,
+# which is helpful in image bundle steps.
+
+if is_service_enabled nova && is_service_enabled keystone; then
+    USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc"
+
+    if [ -f $SSL_BUNDLE_FILE ]; then
+        USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
+    fi
+
+    if [[ "$HEAT_STANDALONE" = "True" ]]; then
+        USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1"
+    fi
+
+    $TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
+fi
+
+
+# Save some values we generated for later use
+save_stackenv
+
+
 # Wrapup configuration
 # ====================
 

From 78f6c1d70b51c29e5d36143e6051e6ff96ceb41c Mon Sep 17 00:00:00 2001
From: jianghua wang 
Date: Fri, 18 Sep 2015 11:17:46 +0100
Subject: [PATCH 0937/3421] tools/Xen: failed to install domU in new XenServer

Current install_os_domU.sh depends on some keywords which are changed in the
next version XenServer which is upgraded to CentOS 7. So with the existing
script to install domU in the new version XenServer, it will always fail.
This patch is to make it to be compatible with all XenServer versions:
1. the output format of "ifconfig" is changed; the fix is to use the ip
   command to retrieve IP address.
2. In XS 6.5 and the previous XS, the "xe-guest-utilities" package file name
   is as "xe-guest-utilities__.deb" but now it delivers a
   single file for all Arch's and the file name is
   "xe-guest-utilities__all.deb". In order to make it to be
   compatible, the fix will try to search the old file name pattern by
   default. If it does't exist, then try to search the new file name pattern.

Change-Id: I893e89e42a5ef7dd079b571ea308f318c9befc9e
Closes-Bug: #1494241
---
 tools/xen/functions          | 3 ++-
 tools/xen/install_os_domU.sh | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tools/xen/functions b/tools/xen/functions
index 4e9fede387..8c674dcce3 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -179,7 +179,8 @@ function xenapi_ip_on {
     local bridge_or_net_name
     bridge_or_net_name=$1
 
-    ifconfig $(bridge_for "$bridge_or_net_name") | grep "inet addr" | cut -d ":" -f2 | sed "s/ .*//"
+    ip -4 addr show $(bridge_for "$bridge_or_net_name") |\
+    awk '/inet/{split($2, ip, "/"); print ip[1];}'
 }
 
 function xenapi_is_listening_on {
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index b49347e09b..e24d9ed0b9 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -193,7 +193,10 @@ if [ -z "$templateuuid" ]; then
             TMP_DIR=/tmp/temp.$RANDOM
             mkdir -p $TMP_DIR
             mount -o loop $TOOLS_ISO $TMP_DIR
-            DEB_FILE=$(ls $TMP_DIR/Linux/*amd64.deb)
+            # the target deb package maybe *amd64.deb or *all.deb,
+            # so use *amd64.deb by default. If it doesn't exist,
+            # then use *all.deb.
+            DEB_FILE=$(ls $TMP_DIR/Linux/*amd64.deb || ls $TMP_DIR/Linux/*all.deb)
             cp $DEB_FILE $HTTP_SERVER_LOCATION
             umount $TMP_DIR
             rmdir $TMP_DIR

From 59756e990ca527d017e698e54bc7c6432af1b1fd Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Wed, 23 Sep 2015 17:42:54 -0400
Subject: [PATCH 0938/3421] Don't use python with run_process

First noted in change id by fumihiko and kyle:
I079e18b58b214bf8362945c253d6d894ca8b1a6b

Neutron and few others seem to use an extra "python" along
with run_process which is quite unnecessary and complicates
adding python3 support in devstack. So let's clean this up.

Change-Id: I2d478f2b04c04d05c18420563e2ad77eba73be3f
---
 lib/neutron-legacy | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 550eadb4b4..e67bd4ae32 100755
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -687,7 +687,7 @@ function start_neutron_service_and_check {
         service_protocol="http"
     fi
     # Start the Neutron service
-    run_process q-svc "python $NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
+    run_process q-svc "$NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
     echo "Waiting for Neutron to start..."
     if is_ssl_enabled_service "neutron"; then
         ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
@@ -705,7 +705,7 @@ function start_neutron_service_and_check {
 # Control of the l2 agent is separated out to make it easier to test partial
 # upgrades (everything upgraded except the L2 agent)
 function start_neutron_l2_agent {
-    run_process q-agt "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
+    run_process q-agt "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
 
     if is_provider_network; then
         sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
@@ -723,23 +723,23 @@ function start_neutron_l2_agent {
 }
 
 function start_neutron_other_agents {
-    run_process q-dhcp "python $AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
+    run_process q-dhcp "$AGENT_DHCP_BINARY --config-file $NEUTRON_CONF --config-file=$Q_DHCP_CONF_FILE"
 
     if is_service_enabled neutron-vpnaas; then
         :  # Started by plugin
     elif is_service_enabled q-vpn; then
         run_process q-vpn "$AGENT_VPN_BINARY $(determine_config_files neutron-vpn-agent)"
     else
-        run_process q-l3 "python $AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"
+        run_process q-l3 "$AGENT_L3_BINARY $(determine_config_files neutron-l3-agent)"
     fi
 
-    run_process q-meta "python $AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
-    run_process q-lbaas "python $AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
-    run_process q-metering "python $AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
+    run_process q-meta "$AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file=$Q_META_CONF_FILE"
+    run_process q-lbaas "$AGENT_LBAAS_BINARY --config-file $NEUTRON_CONF --config-file=$LBAAS_AGENT_CONF_FILENAME"
+    run_process q-metering "$AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
 
     if [ "$VIRT_DRIVER" = 'xenserver' ]; then
         # For XenServer, start an agent for the domU openvswitch
-        run_process q-domua "python $AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
+        run_process q-domua "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
     fi
 }
 

From 1ce19ab76d67a89b04f907f1d292d013a3b699e0 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 23 Sep 2015 10:36:53 -0400
Subject: [PATCH 0939/3421] attempt to cut api workers in half

One of the key reasons for the large number of API_WORKERS was that
mysql would block API workers, so would start rejecting work. Now with
the python mysql driver we should be eventlet aware, and life should
be good.

Let's see if this works.

Change-Id: Iaf8730a4dcdc30ef390795bfb5fb73ec3cd665fe
---
 lib/nova | 2 ++
 stackrc  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index ab5a76e2ad..db7967841c 100644
--- a/lib/nova
+++ b/lib/nova
@@ -607,6 +607,8 @@ function create_nova_conf {
     iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS"
     iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS"
     iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS"
+    # don't let the conductor get out of control now that we're using a pure python db driver
+    iniset $NOVA_CONF conductor workers "$API_WORKERS"
 
     iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
 
diff --git a/stackrc b/stackrc
index 2641be64b7..9e05d8253a 100644
--- a/stackrc
+++ b/stackrc
@@ -631,7 +631,7 @@ SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
 # the memory used where there are a large number of CPUs present
 # (the default number of workers for many services is the number of CPUs)
 # Also sets the minimum number of workers to 2.
-API_WORKERS=${API_WORKERS:=$(( ($(nproc)/2)<2 ? 2 : ($(nproc)/2) ))}
+API_WORKERS=${API_WORKERS:=$(( ($(nproc)/4)<2 ? 2 : ($(nproc)/4) ))}
 
 # Service startup timeout
 SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60}

From 1c42846a62dfafd43eb3cca4f7f1c8f3819cf867 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur 
Date: Thu, 24 Sep 2015 16:51:50 +0200
Subject: [PATCH 0940/3421] Mention ironic-inspector in plugin-registry docs

Change-Id: Ia508a3af5a65e4fbf34dd8b9ae537ca133358fa3
---
 doc/source/plugin-registry.rst | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index bbab56b025..0feaafb275 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -72,14 +72,16 @@ Alternate Configs
 Additional Services
 ===================
 
-+-------------+------------------------------------------+------------+
-| Plugin Name | URL                                      | Comments   |
-|             |                                          |            |
-+-------------+------------------------------------------+------------+
-|ec2-api      |git://git.openstack.org/stackforge/ec2api |[as1]_      |
-+-------------+------------------------------------------+------------+
-|             |                                          |            |
-+-------------+------------------------------------------+------------+
++----------------+--------------------------------------------------+------------+
+| Plugin Name    | URL                                              | Comments   |
+|                |                                                  |            |
++----------------+--------------------------------------------------+------------+
+|ec2-api         |git://git.openstack.org/stackforge/ec2api         |[as1]_      |
++----------------+--------------------------------------------------+------------+
+|ironic-inspector|git://git.openstack.org/openstack/ironic-inspector|            |
++----------------+--------------------------------------------------+------------+
+|                |                                                  |            |
++----------------+--------------------------------------------------+------------+
 
 .. [as1] first functional devstack plugin, hence why used in most of
          the examples.

From ebe63d826b7909b992bff988b3eac65e7b6bfa88 Mon Sep 17 00:00:00 2001
From: "James E. Blair" 
Date: Thu, 24 Sep 2015 07:43:50 -0700
Subject: [PATCH 0941/3421] Improve ERROR_ON_CLONE message

In case ERROR_ON_CLONE is true and triggers a failure for a missing
project, suggest a remedial action.  On their own, people have
come up with remedies that include altering the value of ERROR_ON_CLONE
which rather defeats the purpose.

Change-Id: I28d7f2c184f8440b774fefaa8ec7002d6708db95
---
 functions-common | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/functions-common b/functions-common
index cf140072fd..1ae4d6597d 100644
--- a/functions-common
+++ b/functions-common
@@ -492,8 +492,11 @@ function git_clone {
     if echo $git_ref | egrep -q "^refs"; then
         # If our branch name is a gerrit style refs/changes/...
         if [[ ! -d $git_dest ]]; then
-            [[ "$ERROR_ON_CLONE" = "True" ]] && \
+            if [[ "$ERROR_ON_CLONE" = "True" ]]; then
+                echo "The $git_dest project was not found; if this is a gate job, add"
+                echo "the project to the \$PROJECTS variable in the job definition."
                 die $LINENO "Cloning not allowed in this configuration"
+            fi
             git_timed clone $git_clone_flags $git_remote $git_dest
         fi
         cd $git_dest
@@ -501,8 +504,11 @@ function git_clone {
     else
         # do a full clone only if the directory doesn't exist
         if [[ ! -d $git_dest ]]; then
-            [[ "$ERROR_ON_CLONE" = "True" ]] && \
+            if [[ "$ERROR_ON_CLONE" = "True" ]]; then
+                echo "The $git_dest project was not found; if this is a gate job, add"
+                echo "the project to the \$PROJECTS variable in the job definition."
                 die $LINENO "Cloning not allowed in this configuration"
+            fi
             git_timed clone $git_clone_flags $git_remote $git_dest
             cd $git_dest
             # This checkout syntax works for both branches and tags

From 8872545a0f98c5681147a08541e119813f0bdc01 Mon Sep 17 00:00:00 2001
From: Kashyap Chamarthy 
Date: Mon, 14 Sep 2015 13:17:56 +0200
Subject: [PATCH 0942/3421] worlddump: Use SIGUSR2 instead of SIGUSR1

The function guru_meditation_report() currently uses the User-defined
signal SIGUSR1 to kill a Nova Compute process so that a Guru Meditation
Report is generated.

Testing locally, in a DevStack instance, manually attempting to kill a
Nova compute process [kill -s USR1 `pgrep nova-compute`] does not result
in process being terminated, and no error report generated.

It turns out[1] that SIGUSR1 is used by Apache 'mod_wsgi'.

Using the signal SIGUSR2 resolves this issue (i.e. 'nova-compute'
process is terminated, and the Guru Meditation Report is generated).

So, use USR2, instead of USR1.

Corresponding oslo.reports related commit[2].

[1] https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIRestrictSignal
[2] 45b1c02d113051d147e54ef921ce8e94135542d8 -- guru_meditation_report:
    Use SIGUSR2 instead of SIGUSR1
[3] Original DevStack commit that brought in this change --
    2ebe993b25462919e8aeeb896c9f91b6be7aa573

Change-Id: I8a7eaf71b83edca3c80074d6bf2d471e3db6142b
---
 tools/worlddump.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 1b337a9a83..33d5b8f620 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -131,7 +131,7 @@ def guru_meditation_report():
         print "Skipping as nova-compute does not appear to be running"
         return
 
-    _dump_cmd("kill -s USR1 `pgrep nova-compute`")
+    _dump_cmd("kill -s USR2 `pgrep nova-compute`")
     print "guru meditation report in nova-compute log"
 
 

From c1605550d94736f5698d3f6ea7bc1e0b0914cb4e Mon Sep 17 00:00:00 2001
From: Michal Ptacek 
Date: Wed, 23 Sep 2015 21:02:02 +0100
Subject: [PATCH 0943/3421] Propagate OVS_DATAPATH_TYPE to ml2_conf.ini

If OVS_DATAPATH_TYPE is configured it should be visible in ML2 config

Changing OVS_DATAPATH_TYPE default value to 'system' from ''

Closes-Bug: 1499029
Change-Id: I88e7d2554e8a1d6dcfea71fc1fb8e9fb2491d8b7
---
 lib/neutron_plugins/openvswitch_agent | 1 +
 lib/neutron_plugins/ovs_base          | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 1ff3a40c82..48e47b3dab 100755
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -105,6 +105,7 @@ function neutron_plugin_configure_plugin_agent {
         iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper "$Q_RR_COMMAND"
     fi
     iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
+    iniset /$Q_PLUGIN_CONF_FILE ovs datapath_type $OVS_DATAPATH_TYPE
 }
 
 function neutron_plugin_setup_interface_driver {
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index f1f7f8597b..b012683a6f 100755
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -8,7 +8,8 @@ OVSB_XTRACE=$(set +o | grep xtrace)
 set +o xtrace
 
 OVS_BRIDGE=${OVS_BRIDGE:-br-int}
-OVS_DATAPATH_TYPE=${OVS_DATAPATH_TYPE:-""}
+# OVS recognize default 'system' datapath or 'netdev' for userspace datapath
+OVS_DATAPATH_TYPE=${OVS_DATAPATH_TYPE:-system}
 OVS_TUNNEL_BRIDGE=${OVS_TUNNEL_BRIDGE:-br-tun}
 
 function is_neutron_ovs_base_plugin {
@@ -20,7 +21,7 @@ function _neutron_ovs_base_add_bridge {
     local bridge=$1
     local addbr_cmd="sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge"
 
-    if [ "$OVS_DATAPATH_TYPE" != "" ] ; then
+    if [ "$OVS_DATAPATH_TYPE" != "system" ] ; then
         addbr_cmd="$addbr_cmd -- set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}"
     fi
 

From 1eca508c57dd987fa6f7a7e6f441096365e6892d Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 25 Sep 2015 13:28:58 +1000
Subject: [PATCH 0944/3421] Simplify RDO install

We can just directly install the latest RDO repo rather than having to
keep this up-to-date.  I don't think there is actually much there we
need any more; there was a lot more coming from RDO in the centos6
days.  openvswitch is one big one, however.

Change-Id: I42b8bc1aea8ff61770987eecd5fc3b8309c1e210
---
 stack.sh | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/stack.sh b/stack.sh
index d8ab52ec98..01b1165f26 100755
--- a/stack.sh
+++ b/stack.sh
@@ -286,14 +286,7 @@ EOF
     # ... and also optional to be enabled
     sudo yum-config-manager --enable rhel-7-server-optional-rpms
 
-    RHEL_RDO_REPO_RPM=${RHEL7_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-kilo/rdo-release-kilo-1.noarch.rpm"}
-    RHEL_RDO_REPO_ID=${RHEL7_RDO_REPO_ID:-"openstack-kilo"}
-
-    if ! sudo yum repolist enabled $RHEL_RDO_REPO_ID | grep -q $RHEL_RDO_REPO_ID; then
-        echo "RDO repo not detected; installing"
-        yum_install $RHEL_RDO_REPO_RPM || \
-            die $LINENO "Error installing RDO repo, cannot continue"
-    fi
+    sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm
 
     if is_oraclelinux; then
         sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56

From 3c68501356c319ecda80a9eba82f0575e7714eb2 Mon Sep 17 00:00:00 2001
From: venkatamahesh 
Date: Sat, 26 Sep 2015 18:05:34 +0530
Subject: [PATCH 0945/3421] Replace the devstack.org with devstack docs url

Change-Id: I870300b90e1e5f4f382238c209fc5416914d49f0
---
 README.md | 4 ++--
 setup.cfg | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index ee7f0e7809..dd394c2e07 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ DevStack is a set of scripts and utilities to quickly deploy an OpenStack cloud.
 * To provide an environment for the OpenStack CI testing on every commit
   to the projects
 
-Read more at http://devstack.org.
+Read more at http://docs.openstack.org/developer/devstack
 
 IMPORTANT: Be sure to carefully read `stack.sh` and any other scripts you
 execute before you run them, as they install software and will alter your
@@ -94,4 +94,4 @@ DevStack can be extensively configured via the configuration file
 `local.conf`.  It is likely that you will need to provide and modify
 this file if you want anything other than the most basic setup.  Start
 by reading the [configuration guide](doc/source/configuration.rst) for
-details of the configuration file and the many available options.
\ No newline at end of file
+details of the configuration file and the many available options.
diff --git a/setup.cfg b/setup.cfg
index 58871344aa..e4b2888dcb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -5,7 +5,7 @@ description-file =
     README.md
 author = OpenStack
 author-email = openstack-dev@lists.openstack.org
-home-page = http://devstack.org
+home-page = http://docs.openstack.org/developer/devstack
 classifier =
     Intended Audience :: Developers
     License :: OSI Approved :: Apache Software License

From f327b1e1196eacf25e7c4c9e3a7ad30c53bb961c Mon Sep 17 00:00:00 2001
From: Einst Crazy 
Date: Thu, 24 Sep 2015 18:50:30 +0800
Subject: [PATCH 0946/3421] stackrc set the LC_ALL to C

It will report 'unknown locale: UTF-8', when the env is UTF-8.
Default set the LC_ALL to C in the stackrc, instead. And delete
the duplicate option in stack.sh.

Closes-Bug: 1499296

Change-Id: I14121b25ac314a1a93e6dd6811e196ce2a7c0eb5
---
 stack.sh | 7 -------
 stackrc  | 7 +++++++
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/stack.sh b/stack.sh
index d8ab52ec98..5e57274d64 100755
--- a/stack.sh
+++ b/stack.sh
@@ -28,13 +28,6 @@ set -o xtrace
 # Make sure custom grep options don't get in the way
 unset GREP_OPTIONS
 
-# Sanitize language settings to avoid commands bailing out
-# with "unsupported locale setting" errors.
-unset LANG
-unset LANGUAGE
-LC_ALL=C
-export LC_ALL
-
 # Make sure umask is sane
 umask 022
 
diff --git a/stackrc b/stackrc
index fdde62f50c..82c6885db9 100644
--- a/stackrc
+++ b/stackrc
@@ -7,6 +7,13 @@
 [[ -z "$_DEVSTACK_STACKRC" ]] || return 0
 declare -r _DEVSTACK_STACKRC=1
 
+# Sanitize language settings to avoid commands bailing out
+# with "unsupported locale setting" errors.
+unset LANG
+unset LANGUAGE
+LC_ALL=C
+export LC_ALL
+
 # Find the other rc files
 RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
 

From 651cb1ad758866a87b947c4e50b4ec995072d6ca Mon Sep 17 00:00:00 2001
From: Anton Arefiev 
Date: Tue, 1 Sep 2015 10:55:20 +0300
Subject: [PATCH 0947/3421] Add toggle to run Cinder API under Apache

This change adds apache templates for Cinder API services.
Also add possibility to switch between the old and new ways
to setup Cinder API.

Related Cinder blueprint:
 https://blueprints.launchpad.net/cinder/+spec/non-eventlet-wsgi-app

Change-Id: Icfad40ee6998296727a95613199e5c2d87bd0a45
Depends-On: Ifbab059001d1567b1f7b394c0411a9ca4629f846
Co-Authored-By: Ivan Kolodyazhny 
---
 doc/source/configuration.rst     |  6 +++
 files/apache-cinder-api.template | 26 +++++++++++
 lib/cinder                       | 80 +++++++++++++++++++++++++++++---
 3 files changed, 106 insertions(+), 6 deletions(-)
 create mode 100644 files/apache-cinder-api.template

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index e8de7c4f70..7ca82c7fd1 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -298,6 +298,12 @@ Example (Swift):
     SWIFT_USE_MOD_WSGI="True"
 
 
+Example (Cinder):
+
+::
+
+    CINDER_USE_MOD_WSGI="True"
+
 
 Libraries from Git
 ------------------
diff --git a/files/apache-cinder-api.template b/files/apache-cinder-api.template
new file mode 100644
index 0000000000..e1246f11b6
--- /dev/null
+++ b/files/apache-cinder-api.template
@@ -0,0 +1,26 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess osapi_volume processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup osapi_volume
+    WSGIScriptAlias / %CINDER_BIN_DIR%/cinder-wsgi
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/c-api.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
+    
+        = 2.4>
+            Require all granted
+        
+        
+            Order allow,deny
+            Allow from all
+        
+    
+
diff --git a/lib/cinder b/lib/cinder
index 26277ccaba..10144117ec 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -108,6 +108,8 @@ CINDER_PERIODIC_INTERVAL=${CINDER_PERIODIC_INTERVAL:-60}
 
 CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
 
+# Toggle for deploying Cinder under HTTPD + mod_wsgi
+CINDER_USE_MOD_WSGI=${CINDER_USE_MOD_WSGI:-False}
 
 # Source the enabled backends
 if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
@@ -137,6 +139,11 @@ function is_cinder_enabled {
     return 1
 }
 
+# _cinder_cleanup_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+function _cinder_cleanup_apache_wsgi {
+    sudo rm -f $(apache_site_config_for osapi-volume)
+}
+
 # cleanup_cinder() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_cinder {
@@ -183,6 +190,43 @@ function cleanup_cinder {
             fi
         done
     fi
+
+    if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
+        _cinder_cleanup_apache_wsgi
+    fi
+}
+
+# _cinder_config_apache_wsgi() - Set WSGI config files
+function _cinder_config_apache_wsgi {
+    local cinder_apache_conf=$(apache_site_config_for osapi-volume)
+    local cinder_ssl=""
+    local cinder_certfile=""
+    local cinder_keyfile=""
+    local cinder_api_port=$CINDER_SERVICE_PORT
+    local venv_path=""
+
+    if is_ssl_enabled_service c-api; then
+        cinder_ssl="SSLEngine On"
+        cinder_certfile="SSLCertificateFile $CINDER_SSL_CERT"
+        cinder_keyfile="SSLCertificateKeyFile $CINDER_SSL_KEY"
+    fi
+    if [[ ${USE_VENV} = True ]]; then
+        venv_path="python-path=${PROJECT_VENV["cinder"]}/lib/python2.7/site-packages"
+    fi
+
+    # copy proxy vhost file
+    sudo cp $FILES/apache-cinder-api.template $cinder_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$cinder_api_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%APIWORKERS%|$API_WORKERS|g
+        s|%CINDER_BIN_DIR%|$CINDER_BIN_DIR|g;
+        s|%SSLENGINE%|$cinder_ssl|g;
+        s|%SSLCERTFILE%|$cinder_certfile|g;
+        s|%SSLKEYFILE%|$cinder_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $cinder_apache_conf
 }
 
 # configure_cinder() - Set config files, create data dirs, etc
@@ -276,13 +320,17 @@ function configure_cinder {
     fi
 
     # Format logging
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
         setup_colorized_logging $CINDER_CONF DEFAULT "project_id" "user_id"
     else
         # Set req-id, project-name and resource in log format
         iniset $CINDER_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(project_name)s] %(resource)s%(message)s"
     fi
 
+    if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
+        _cinder_config_apache_wsgi
+    fi
+
     if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
         configure_cinder_driver
     fi
@@ -399,6 +447,13 @@ function install_cinder {
             install_package tgt
         fi
     fi
+
+    if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
+        install_apache_wsgi
+        if is_ssl_enabled_service "c-api"; then
+            enable_mod_ssl
+        fi
+    fi
 }
 
 # install_cinderclient() - Collect source and prepare
@@ -446,10 +501,16 @@ function start_cinder {
         fi
     fi
 
-    run_process c-api "$CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
-    echo "Waiting for Cinder API to start..."
-    if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$CINDER_SERVICE_HOST:$service_port; then
-        die $LINENO "c-api did not start"
+    if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
+        enable_apache_site osapi-volume
+        restart_apache_server
+        tail_log c-api /var/log/$APACHE_NAME/c-api.log
+    else
+        run_process c-api "$CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
+        echo "Waiting for Cinder API to start..."
+        if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$CINDER_SERVICE_HOST:$service_port; then
+            die $LINENO "c-api did not start"
+        fi
     fi
 
     run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
@@ -468,9 +529,16 @@ function start_cinder {
 
 # stop_cinder() - Stop running processes
 function stop_cinder {
+    if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
+        disable_apache_site osapi-volume
+        restart_apache_server
+    else
+        stop_process c-api
+    fi
+
     # Kill the cinder screen windows
     local serv
-    for serv in c-api c-bak c-sch c-vol; do
+    for serv in c-bak c-sch c-vol; do
         stop_process $serv
     done
 }

From d2999d0d0cc4d283873ff0d0951c4fdacd234dd1 Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Tue, 29 Sep 2015 10:02:32 +0000
Subject: [PATCH 0948/3421] Add ceilometer to plugin registry

Ceilometer is now removed from devstack and only exists as a plugin
so it should be in the registry.

Unfortunately the length of the URL changed the table formatting so
the diff is much larger than the semantic change.

Change-Id: Ibe8e27e97294c2d13be8f22f41eea27775811eec
---
 doc/source/plugin-registry.rst | 44 ++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 0feaafb275..85fd7cc065 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -17,27 +17,29 @@ Official OpenStack Projects
 
 The following are plugins that exist for official OpenStack projects.
 
-+--------------------+-------------------------------------------+--------------------+
-|Plugin Name         |URL                                        |Comments            |
-+--------------------+-------------------------------------------+--------------------+
-|aodh                |git://git.openstack.org/openstack/aodh     | alarming           |
-+--------------------+-------------------------------------------+--------------------+
-|gnocchi             |git://git.openstack.org/openstack/gnocchi  | metric             |
-+--------------------+-------------------------------------------+--------------------+
-|magnum              |git://git.openstack.org/openstack/magnum   |                    |
-+--------------------+-------------------------------------------+--------------------+
-|manila              |git://git.openstack.org/openstack/manila   | file shares        |
-+--------------------+-------------------------------------------+--------------------+
-|mistral             |git://git.openstack.org/openstack/mistral  |                    |
-+--------------------+-------------------------------------------+--------------------+
-|rally               |git://git.openstack.org/openstack/rally    |                    |
-+--------------------+-------------------------------------------+--------------------+
-|sahara              |git://git.openstack.org/openstack/sahara   |                    |
-+--------------------+-------------------------------------------+--------------------+
-|trove               |git://git.openstack.org/openstack/trove    |                    |
-+--------------------+-------------------------------------------+--------------------+
-|zaqar               |git://git.openstack.org/openstack/zaqar    |                    |
-+--------------------+-------------------------------------------+--------------------+
++------------------+---------------------------------------------+--------------------+
+|Plugin Name       |URL                                          |Comments            |
++------------------+---------------------------------------------+--------------------+
+|aodh              |git://git.openstack.org/openstack/aodh       | alarming           |
++------------------+---------------------------------------------+--------------------+
+|ceilometer        |git://git.openstack.org/openstack/ceilometer | metering           |
++------------------+---------------------------------------------+--------------------+
+|gnocchi           |git://git.openstack.org/openstack/gnocchi    | metric             |
++------------------+---------------------------------------------+--------------------+
+|magnum            |git://git.openstack.org/openstack/magnum     |                    |
++------------------+---------------------------------------------+--------------------+
+|manila            |git://git.openstack.org/openstack/manila     | file shares        |
++------------------+---------------------------------------------+--------------------+
+|mistral           |git://git.openstack.org/openstack/mistral    |                    |
++------------------+---------------------------------------------+--------------------+
+|rally             |git://git.openstack.org/openstack/rally      |                    |
++------------------+---------------------------------------------+--------------------+
+|sahara            |git://git.openstack.org/openstack/sahara     |                    |
++------------------+---------------------------------------------+--------------------+
+|trove             |git://git.openstack.org/openstack/trove      |                    |
++------------------+---------------------------------------------+--------------------+
+|zaqar             |git://git.openstack.org/openstack/zaqar      |                    |
++------------------+---------------------------------------------+--------------------+
 
 
 

From c35eee5dbbb6b4dbc2901ebef4c4d88780aa74ec Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Mon, 28 Sep 2015 14:46:27 -0700
Subject: [PATCH 0949/3421] use nproc/2 workers for large ops job

Commit 1ce19ab76d67a89b04f907f1d292d013a3b699e0 dropped API_WORKERS from
nproc/2 to nproc/4 and also started using API_WORKERS for the number of
conductor workers, so in gate runs that dropped conductor workers from 8
to 2.  We're now seeing instance build timeouts in the large ops job.

This change goes back to nproc/2 for the large ops job (VIRT_DRIVER=='fake').

Closes-Bug: #1500615

Change-Id: Ie6ef855fce0a99c930d479b7459c15b69e8de499
---
 stackrc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index e010b452c2..c7c631362e 100644
--- a/stackrc
+++ b/stackrc
@@ -650,7 +650,12 @@ SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
 # the memory used where there are a large number of CPUs present
 # (the default number of workers for many services is the number of CPUs)
 # Also sets the minimum number of workers to 2.
-API_WORKERS=${API_WORKERS:=$(( ($(nproc)/4)<2 ? 2 : ($(nproc)/4) ))}
+if [[ "$VIRT_DRIVER" = 'fake' ]]; then
+    # we need more workers for the large ops job
+    API_WORKERS=${API_WORKERS:=$(( ($(nproc)/2)<2 ? 2 : ($(nproc)/2) ))}
+else
+    API_WORKERS=${API_WORKERS:=$(( ($(nproc)/4)<2 ? 2 : ($(nproc)/4) ))}
+fi
 
 # Service startup timeout
 SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60}

From 7dd890d6e13e3bc021952ed1e4b81d3ae4bb4356 Mon Sep 17 00:00:00 2001
From: Olivier Lemasle 
Date: Mon, 14 Sep 2015 14:21:12 +0200
Subject: [PATCH 0950/3421] Install python db client if a db backend is
 configured

If `DATABASE_TYPE` is configured in `local.conf`, the database backend
is currently configured with `initialize_database_backends` even if no
database backend is enabled.

On a multi-nodes Devstack environment, such as devstack-vagrant, the
compute node currently fails because it does not have PyMysql. This
compute node has no database backend enabled, but has to connect to
the database on another node.

We should install the python client if DATABASE_TYPE is set, even
if no database backend is enabled.

Closes-Bug: 1501001
Change-Id: Iffd5f7243a0dfdbe56cf6b9a87b96ed7678c81dd
---
 stack.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/stack.sh b/stack.sh
index 700a0aecad..7bc9c20fcf 100755
--- a/stack.sh
+++ b/stack.sh
@@ -736,6 +736,8 @@ install_rpc_backend
 
 if is_service_enabled $DATABASE_BACKENDS; then
     install_database
+fi
+if [ -n "$DATABASE_TYPE" ]; then
     install_database_python
 fi
 

From 050a0d5b304a013e23cd5909abf6e11b7dda5f18 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Sun, 6 Sep 2015 22:03:54 +0000
Subject: [PATCH 0951/3421] Revert "Revert "Convert identity defaults to
 keystone v3 api""

This reverts commit f768787bdd6dddf2790f83a884618d29677ca77c.
And sets OS_AUTH_VERSION so swift CLI doesn't fall flat when
not using v2 keystone

Change-Id: If44a7e0d85e48020a3c90d8c5c027513129f0f3b
---
 functions-common | 47 +++++++++--------------------------------------
 lib/swift        |  6 +++---
 stack.sh         | 15 ++++++++-------
 3 files changed, 20 insertions(+), 48 deletions(-)

diff --git a/functions-common b/functions-common
index a7fec41bb9..fb774002ec 100644
--- a/functions-common
+++ b/functions-common
@@ -88,9 +88,9 @@ function write_clouds_yaml {
         --file $CLOUDS_YAML \
         --os-cloud devstack \
         --os-region-name $REGION_NAME \
-        --os-identity-api-version $IDENTITY_API_VERSION \
+        --os-identity-api-version 3 \
         $CA_CERT_ARG \
-        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+        --os-auth-url $KEYSTONE_AUTH_URI \
         --os-username demo \
         --os-password $ADMIN_PASSWORD \
         --os-project-name demo
@@ -98,9 +98,9 @@ function write_clouds_yaml {
         --file $CLOUDS_YAML \
         --os-cloud devstack-admin \
         --os-region-name $REGION_NAME \
-        --os-identity-api-version $IDENTITY_API_VERSION \
+        --os-identity-api-version 3 \
         $CA_CERT_ARG \
-        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+        --os-auth-url $KEYSTONE_AUTH_URI \
         --os-username admin \
         --os-password $ADMIN_PASSWORD \
         --os-project-name admin
@@ -735,16 +735,13 @@ function policy_add {
 # Usage: get_or_create_domain  
 function get_or_create_domain {
     local domain_id
-    local os_url="$KEYSTONE_SERVICE_URI_V3"
     # Gets domain id
     domain_id=$(
         # Gets domain id
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 domain show $1 \
+        openstack domain show $1 \
             -f value -c id 2>/dev/null ||
         # Creates new domain
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 domain create $1 \
+        openstack domain create $1 \
             --description "$2" \
             -f value -c id
     )
@@ -755,13 +752,11 @@ function get_or_create_domain {
 # Usage: get_or_create_group   []
 function get_or_create_group {
     local desc="${3:-}"
-    local os_url="$KEYSTONE_SERVICE_URI_V3"
     local group_id
     # Gets group id
     group_id=$(
         # Creates new group with --or-show
-        openstack --os-token=$OS_TOKEN --os-url=$os_url \
-            --os-identity-api-version=3 group create $1 \
+        openstack group create $1 \
             --domain $2 --description "$desc" --or-show \
             -f value -c id
     )
@@ -783,8 +778,6 @@ function get_or_create_user {
         openstack user create \
             $1 \
             --password "$2" \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --domain=$3 \
             $email \
             --or-show \
@@ -799,9 +792,7 @@ function get_or_create_project {
     local project_id
     project_id=$(
         # Creates new project with --or-show
-        openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
-            project create $1 \
+        openstack project create $1 \
             --domain=$2 \
             --or-show -f value -c id
     )
@@ -815,8 +806,6 @@ function get_or_create_role {
     role_id=$(
         # Creates role with --or-show
         openstack role create $1 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --or-show -f value -c id
     )
     echo $role_id
@@ -829,8 +818,6 @@ function get_or_add_user_project_role {
     # Gets user role id
     user_role_id=$(openstack role list \
         --user $2 \
-        --os-url=$KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --column "ID" \
         --project $3 \
         --column "Name" \
@@ -839,13 +826,9 @@ function get_or_add_user_project_role {
         # Adds role to user and get it
         openstack role add $1 \
             --user $2 \
-            --project $3 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3
+            --project $3
         user_role_id=$(openstack role list \
             --user $2 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --column "ID" \
             --project $3 \
             --column "Name" \
@@ -860,21 +843,15 @@ function get_or_add_group_project_role {
     local group_role_id
     # Gets group role id
     group_role_id=$(openstack role list \
-        --os-url=$KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --group $2 \
         --project $3 \
         -c "ID" -f value)
     if [[ -z "$group_role_id" ]]; then
         # Adds role to group and get it
         openstack role add $1 \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --group $2 \
             --project $3
         group_role_id=$(openstack role list \
-            --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             --group $2 \
             --project $3 \
             -c "ID" -f value)
@@ -892,8 +869,6 @@ function get_or_create_service {
         openstack service show $2 -f value -c id 2>/dev/null ||
         # Creates new service if not exists
         openstack service create \
-            --os-url $KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             $2 \
             --name $1 \
             --description="$3" \
@@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface {
     # gets support for this, the check for the region name can be removed.
     # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
     endpoint_id=$(openstack endpoint list \
-        --os-url $KEYSTONE_SERVICE_URI_V3 \
-        --os-identity-api-version=3 \
         --service $1 \
         --interface $2 \
         --region $4 \
@@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface {
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \
-            --os-url $KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 \
             $1 $2 $3 --region $4 -f value -c id)
     fi
 
diff --git a/lib/swift b/lib/swift
index 645bfd7cd9..f0eb56abbe 100644
--- a/lib/swift
+++ b/lib/swift
@@ -799,10 +799,10 @@ function stop_swift {
 
 function swift_configure_tempurls {
     OS_USERNAME=swift \
-        OS_TENANT_NAME=$SERVICE_TENANT_NAME \
+        OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
         OS_PASSWORD=$SERVICE_PASSWORD \
-        OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
-        swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
+        OS_AUTH_URL=$SERVICE_ENDPOINT \
+        swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
 }
 
 # Restore xtrace
diff --git a/stack.sh b/stack.sh
index cd8a11e66c..11dd2009e8 100755
--- a/stack.sh
+++ b/stack.sh
@@ -973,13 +973,15 @@ if is_service_enabled keystone; then
         start_keystone
     fi
 
+    export OS_IDENTITY_API_VERSION=3
+
     # Set up a temporary admin URI for Keystone
-    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
+    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
 
     if is_service_enabled tls-proxy; then
         export OS_CACERT=$INT_CA_DIR/ca-chain.pem
         # Until the client support is fixed, just use the internal endpoint
-        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
+        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
     fi
 
     # Setup OpenStackClient token-endpoint auth
@@ -1003,14 +1005,13 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
-    # force set to use v2 identity authentication even with v3 commands
-    export OS_AUTH_TYPE=v2password
-
     # Set up password auth credentials now that Keystone is bootstrapped
-    export OS_AUTH_URL=$SERVICE_ENDPOINT
-    export OS_TENANT_NAME=admin
+    export OS_AUTH_URL=$KEYSTONE_AUTH_URI
     export OS_USERNAME=admin
+    export OS_USER_DOMAIN_ID=default
     export OS_PASSWORD=$ADMIN_PASSWORD
+    export OS_PROJECT_NAME=admin
+    export OS_PROJECT_DOMAIN_ID=default
     export OS_REGION_NAME=$REGION_NAME
 fi
 

From c295bca61fbef22d4816b2db8cec40e924c709c4 Mon Sep 17 00:00:00 2001
From: Nick 
Date: Tue, 4 Aug 2015 09:28:19 +0800
Subject: [PATCH 0952/3421] Fix tunneling support for linuxbridge-agent

When I deploy linuxbridge-agent and enable tunneling,
the configuration of neutron isn't right. It lacks
the whole section [vxlan] to be properly configured.

Change-Id: Ib3bfe0f3445f466f4dbb36f7f0cb0d940114e7f6
Closes-Bug: #1481126
---
 lib/neutron_plugins/linuxbridge_agent | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index fefc1c33a8..bd4438db04 100755
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -69,6 +69,18 @@ function neutron_plugin_configure_plugin_agent {
     fi
     AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-linuxbridge-agent"
     iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
+
+    # Configure vxlan tunneling
+    if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then
+        if [[ "$Q_ML2_TENANT_NETWORK_TYPE" == "vxlan" ]]; then
+            iniset /$Q_PLUGIN_CONF_FILE vxlan enable_vxlan "True"
+            iniset /$Q_PLUGIN_CONF_FILE vxlan local_ip $TUNNEL_ENDPOINT_IP
+        else
+            iniset /$Q_PLUGIN_CONF_FILE vxlan enable_vxlan "False"
+        fi
+    else
+        iniset /$Q_PLUGIN_CONF_FILE vxlan enable_vxlan "False"
+    fi
 }
 
 function neutron_plugin_setup_interface_driver {

From 713fd2f6c644e13ed8ad7e8d819f6a3d44ff5370 Mon Sep 17 00:00:00 2001
From: Sirushti Murugesan 
Date: Wed, 30 Sep 2015 15:12:50 +0530
Subject: [PATCH 0953/3421] Additionally install test-requirements with
 pip_install

When moving to Python 3, we also need to install test-requriements
to allow projects to install any python 3 test dependencies they
might be missing otherwise.

Change-Id: I2d19aa2f7ec8de869a82aa7764ab72cc8693101f
---
 inc/python | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/python b/inc/python
index 210a9dbdfe..fd0d616b62 100644
--- a/inc/python
+++ b/inc/python
@@ -124,7 +124,7 @@ function pip_install {
         $@
 
     # Also install test requirements
-    local test_req="$@/test-requirements.txt"
+    local test_req="${!#}/test-requirements.txt"
     if [[ -e "$test_req" ]]; then
         echo "Installing test-requirements for $test_req"
         $sudo_pip \

From 36218e6c50c9eb22003eefe0389b00cbf7132dfb Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 30 Sep 2015 10:33:57 +0000
Subject: [PATCH 0954/3421] Revert "Disable Cinder v1 API support by default"

There has been a ton of fall out from this change, and I
think it's been premature. We should revert and try again
when more of the client space supports this.

This reverts commit a29434460e869b7bb397044d8f073531e4ee112d.

Change-Id: I1658dc48a024627be0fdb39c46137aaa3d9b911a
---
 doc/source/configuration.rst |  7 -------
 lib/cinder                   | 29 ++++++++++++-----------------
 lib/tempest                  |  9 ---------
 3 files changed, 12 insertions(+), 33 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 3bd246d870..983f5c0aae 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -587,13 +587,6 @@ with ``VOLUME_BACKING_FILE_SIZE``.
         VOLUME_BACKING_FILE_SIZE=10250M
 
 
-Cinder v1 API is depricated and disabled by default. You can enable v1 API by
-setting ``CINDER_ENABLE_V1_API`` to ``True``.
-
-    ::
-        CINDER_ENABLE_V1_API=True
-
-
 Keystone
 ~~~~~~~~
 
diff --git a/lib/cinder b/lib/cinder
index f0b0f1d7e5..26277ccaba 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -27,9 +27,6 @@ set +o xtrace
 # Defaults
 # --------
 
-# NOTE (e0ne): Cinder API v1 is deprecated and will be disabled by default.
-CINDER_ENABLE_V1_API=$(trueorfalse False CINDER_ENABLE_V1_API)
-
 # set up default driver
 CINDER_DRIVER=${CINDER_DRIVER:-default}
 CINDER_PLUGINS=$TOP_DIR/lib/cinder_plugins
@@ -228,12 +225,9 @@ function configure_cinder {
     iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
     iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL
     # NOTE(thingee): Cinder V1 API is deprecated and defaults to off as of
-    # Juno.
-    if [[ ${CINDER_ENABLE_V1_API} = True ]]; then
-        iniset $CINDER_CONF DEFAULT enable_v1_api true
-    else
-        iniset $CINDER_CONF DEFAULT enable_v1_api false
-    fi
+    # Juno. Keep it enabled so we can continue testing while it's still
+    # supported.
+    iniset $CINDER_CONF DEFAULT enable_v1_api true
 
     iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME"
 
@@ -332,13 +326,12 @@ function create_cinder_accounts {
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
 
-            if [[ ${CINDER_ENABLE_V1_API} = True ]]; then
-                get_or_create_service "cinder" "volume" "Cinder Volume Service"
-                get_or_create_endpoint "volume" "$REGION_NAME" \
-                    "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
-                    "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
-                    "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
-            fi
+            get_or_create_service "cinder" "volume" "Cinder Volume Service"
+            get_or_create_endpoint "volume" "$REGION_NAME" \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
+                "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
+
             get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
             get_or_create_endpoint "volumev2" "$REGION_NAME" \
                 "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
@@ -489,7 +482,9 @@ function create_volume_types {
         local be be_name
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
             be_name=${be##*:}
-            openstack volume type create --os-volume-api-version 2 --property volume_backend_name="${be_name}" ${be_name}
+            # FIXME(jamielennox): Remove --os-volume-api-version pinning when
+            # osc supports volume type create on v2 api. bug #1475060
+            openstack volume type create --os-volume-api-version 1 --property volume_backend_name="${be_name}" ${be_name}
         done
     fi
 }
diff --git a/lib/tempest b/lib/tempest
index 3624b9605e..d372e0f6ca 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -494,15 +494,6 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG volume-feature-enabled backup False
     fi
 
-    # Use only Cinder API v2
-    if [[ ${CINDER_ENABLE_V1_API} = True ]]; then
-        iniset $TEMPEST_CONFIG volume-feature-enabled api_v1 True
-        iniset $TEMPEST_CONFIG volume catalog_type volume
-    else
-        iniset $TEMPEST_CONFIG volume-feature-enabled api_v1 False
-        iniset $TEMPEST_CONFIG volume catalog_type volumev2
-    fi
-
     # Using ``CINDER_ENABLED_BACKENDS``
     if [[ -n "$CINDER_ENABLED_BACKENDS" ]] && [[ $CINDER_ENABLED_BACKENDS =~ .*,.* ]]; then
         iniset $TEMPEST_CONFIG volume-feature-enabled multi_backend "True"

From bd5e6b16590f852402ae60eb6e2b45178be85870 Mon Sep 17 00:00:00 2001
From: Aaron Rosen 
Date: Fri, 25 Sep 2015 17:55:45 -0700
Subject: [PATCH 0955/3421] Remove unnecessary execute permissions

These files have acquired execute permissions that
are not strictly necessary because they are being
sourced, and not intended to be run separately.

Restore to 644

Change-Id: I0b8654123416a07521502b61610ca45c94494a07
---
 lib/neutron-legacy                    | 0
 lib/neutron_plugins/linuxbridge_agent | 0
 lib/neutron_plugins/ml2               | 0
 lib/neutron_plugins/openvswitch_agent | 0
 lib/neutron_plugins/ovs_base          | 0
 lib/nova_plugins/functions-libvirt    | 0
 6 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 lib/neutron-legacy
 mode change 100755 => 100644 lib/neutron_plugins/linuxbridge_agent
 mode change 100755 => 100644 lib/neutron_plugins/ml2
 mode change 100755 => 100644 lib/neutron_plugins/openvswitch_agent
 mode change 100755 => 100644 lib/neutron_plugins/ovs_base
 mode change 100755 => 100644 lib/nova_plugins/functions-libvirt

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
old mode 100755
new mode 100644
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
old mode 100755
new mode 100644
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
old mode 100755
new mode 100644
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
old mode 100755
new mode 100644
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
old mode 100755
new mode 100644
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
old mode 100755
new mode 100644

From ce7246a34ba51a5ccff0ac08d6e85a8cda7d275b Mon Sep 17 00:00:00 2001
From: Dan Smith 
Date: Thu, 23 Apr 2015 09:41:06 -0700
Subject: [PATCH 0956/3421] Workaround potential failure to shutdown services

Kill them twice to make sure they're good'n'dead. There is a supposed
fix to oslo-incubator code, but we're working around that here in the
meantime with this change.

This returned in Liberty.

Change-Id: I02a7af995dc7de857c4efcf2cef2f95d357c007a
Related-Bug: #1446583
(cherry picked from commit 953baa7998f253681ed31013fd18bd8aa8098b34)
---
 functions-common | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/functions-common b/functions-common
index a7fec41bb9..cfe0c8d4ba 100644
--- a/functions-common
+++ b/functions-common
@@ -1476,6 +1476,22 @@ function stop_process {
         # Kill via pid if we have one available
         if [[ -r $SERVICE_DIR/$SCREEN_NAME/$service.pid ]]; then
             pkill -g $(cat $SERVICE_DIR/$SCREEN_NAME/$service.pid)
+            # oslo.service tends to stop actually shutting down
+            # reliably in between releases because someone believes it
+            # is dying too early due to some inflight work they
+            # have. This is a tension. It happens often enough we're
+            # going to just account for it in devstack and assume it
+            # doesn't work.
+            #
+            # Set OSLO_SERVICE_WORKS=True to skip this block
+            if [[ -z "$OSLO_SERVICE_WORKS" ]]; then
+                # TODO(danms): Remove this double-kill when we have
+                # this fixed in all services:
+                # https://bugs.launchpad.net/oslo-incubator/+bug/1446583
+                sleep 1
+                # /bin/true becakse pkill on a non existant process returns an error
+                pkill -g $(cat $SERVICE_DIR/$SCREEN_NAME/$service.pid) || /bin/true
+            fi
             rm $SERVICE_DIR/$SCREEN_NAME/$service.pid
         fi
         if [[ "$USE_SCREEN" = "True" ]]; then

From dbe0868d11531204b1dcc3a7eafdf9da711a7cc6 Mon Sep 17 00:00:00 2001
From: Denis Afonso 
Date: Fri, 2 Oct 2015 23:51:41 -0400
Subject: [PATCH 0957/3421] Change the default bind_port for swift

The default bind_port (6011-6013) in the sample config files for swift
use port numbers that are in the range registered by X11 (6000-6063) and
can prevent swift from starting if the ports are in use.

We should use an unregistered range (6611-6613).

Change-Id: Ifd95b99004aead5ddc8ae1a8dd3ccd9c4f2abe91
Closes-Bug: #1254328
---
 lib/swift | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/swift b/lib/swift
index 645bfd7cd9..caf2fdf00f 100644
--- a/lib/swift
+++ b/lib/swift
@@ -130,9 +130,9 @@ SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
 # Port bases used in port number calclution for the service "nodes"
 # The specified port number will be used, the additinal ports calculated by
 # base_port + node_num * 10
-OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6013}
-CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6011}
-ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012}
+OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6613}
+CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6611}
+ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6612}
 
 # Enable tempurl feature
 SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False}

From 1759618adb90853a76b77bb6ba24f2bed8b3b1f5 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 5 Oct 2015 15:26:43 -0400
Subject: [PATCH 0958/3421] update faq entry about running other branches

Change-Id: I4f982f9050024245c4a656e9535d4fdfb4413f36
---
 doc/source/faq.rst | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 0db8932e9c..3562bfacee 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -124,24 +124,30 @@ Of course!
 
         enable_service q-svc
 
-How do I run a specific OpenStack milestone?
+How do I run a specific OpenStack release?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-OpenStack milestones have tags set in the git repo. Set the
-appropriate tag in the ``*_BRANCH`` variables in ``local.conf``.
-Swift is on its own release schedule so pick a tag in the Swift repo
-that is just before the milestone release. For example:
+DevStack master tracks the upstream master of all the projects. If you
+would like to run a stable branch of OpenStack, you should use the
+corresponding stable branch of DevStack as well. For instance the
+``stable/kilo`` version of DevStack will already default to all the
+projects running at ``stable/kilo`` levels.
 
-    ::
+Note: it's also possible to manually adjust the ``*_BRANCH`` variables
+further if you would like to test specific milestones, or even custom
+out of tree branches. This is done with entries like the following in
+your ``local.conf``
+
+::
 
         [[local|localrc]]
-        GLANCE_BRANCH=stable/kilo
-        HORIZON_BRANCH=stable/kilo
-        KEYSTONE_BRANCH=stable/kilo
-        NOVA_BRANCH=stable/kilo
-        GLANCE_BRANCH=stable/kilo
-        NEUTRON_BRANCH=stable/kilo
-        SWIFT_BRANCH=2.3.0
+        GLANCE_BRANCH=11.0.0.0rc1
+        NOVA_BRANCH=12.0.0.0.rc1
+
+
+Upstream DevStack is only tested with master and stable
+branches. Setting custom BRANCH definitions is not guarunteed to
+produce working results.
 
 What can I do about RabbitMQ not wanting to start on my fresh new VM?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From c961e791c1068c3054260c0fa59eed412a1aa6ed Mon Sep 17 00:00:00 2001
From: armando-migliaccio 
Date: Mon, 5 Oct 2015 16:51:33 -0700
Subject: [PATCH 0959/3421] Remove explicit support for OneConvergence plugin

This is being removed from the Neutron tree, so there is
no need to keep it here anymore.

Change-Id: Ice869bc445cb9dab6f227c30d38fb9b7ba04442b
Depends-on: I949a51873ee5af654b577952d423dd29a6ced8e7
---
 lib/neutron_plugins/oneconvergence | 77 ------------------------------
 1 file changed, 77 deletions(-)
 delete mode 100644 lib/neutron_plugins/oneconvergence

diff --git a/lib/neutron_plugins/oneconvergence b/lib/neutron_plugins/oneconvergence
deleted file mode 100644
index 0c570e534b..0000000000
--- a/lib/neutron_plugins/oneconvergence
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-# Neutron One Convergence plugin
-# ------------------------------
-
-# Save trace setting
-OC_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-Q_L3_ENABLED=true
-Q_L3_ROUTER_PER_TENANT=true
-Q_USE_NAMESPACE=true
-
-function neutron_plugin_install_agent_packages {
-    _neutron_ovs_base_install_agent_packages
-}
-# Configure common parameters
-function neutron_plugin_configure_common {
-
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/oneconvergence
-    Q_PLUGIN_CONF_FILENAME=nvsdplugin.ini
-    Q_PLUGIN_CLASS="neutron.plugins.oneconvergence.plugin.OneConvergencePluginV2"
-}
-
-# Configure plugin specific information
-function neutron_plugin_configure_service {
-    iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_ip $NVSD_IP
-    iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_port $NVSD_PORT
-    iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_user $NVSD_USER
-    iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_passwd $NVSD_PASSWD
-}
-
-function neutron_plugin_configure_debug_command {
-    _neutron_ovs_base_configure_debug_command
-}
-
-function neutron_plugin_setup_interface_driver {
-    local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-}
-
-function has_neutron_plugin_security_group {
-    # 1 means False here
-    return 0
-}
-
-function setup_integration_bridge {
-    _neutron_ovs_base_setup_bridge $OVS_BRIDGE
-}
-
-function neutron_plugin_configure_dhcp_agent {
-    setup_integration_bridge
-    iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
-}
-
-function neutron_plugin_configure_l3_agent {
-    _neutron_ovs_base_configure_l3_agent
-    iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
-}
-
-function neutron_plugin_configure_plugin_agent {
-
-    AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-nvsd-agent"
-
-    _neutron_ovs_base_configure_firewall_driver
-}
-
-function neutron_plugin_create_nova_conf {
-    if ( is_service_enabled n-cpu && ! ( is_service_enabled q-dhcp )) ; then
-        setup_integration_bridge
-    fi
-}
-
-# Restore xtrace
-$OC_XTRACE

From f80c37dd47ac11b6cbd4cd08a0af2c4c17e31198 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 6 Oct 2015 20:18:15 +1100
Subject: [PATCH 0960/3421] Ignore bashate long-line warnings (E006)

Since Ic2532676e46e93f129d590d1fa7a044ef65f50fb bashate warns on
long-lines.  Traditionally, for whatever reason, devstack hasn't cared
too much about long lines unless it really damages readability.

So ignore this to avoid thousands of warnings on the long lines.  Note
even though released bashate doesn't have this, ignoring a missing
test doesn't matter.

Change-Id: I16aeaa3b334fac1eec5085f2cfe26c81c53023a8
---
 tox.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 788fea9c4f..1c238add8a 100644
--- a/tox.ini
+++ b/tox.ini
@@ -24,7 +24,7 @@ commands = bash -c "find {toxinidir}             \
           -wholename \*/inc/\* -or               \ # /inc files and
           -wholename \*/lib/\*                   \ # /lib files are shell, but
          \)                                      \ #   have no extension
-         -print0 | xargs -0 bashate -v"
+         -print0 | xargs -0 bashate -v -iE006"
 
 [testenv:docs]
 deps =

From f0131e14b8550d5d3637b29f0151ad280c77cb63 Mon Sep 17 00:00:00 2001
From: Rafael Folco 
Date: Wed, 23 Sep 2015 12:55:02 -0500
Subject: [PATCH 0961/3421] Nano and Micro flavors should run really small
 cirros only

Guests with large memory requirements can use default flavors, so
removing the special flavor for ppc64 since new qemu requires more
memory - http://wiki.qemu.org/ChangeLog/2.4 - PowerPC.
Users should set DEFAULT_INSTANCE_TYPE to one of the default
flavors available in local.conf, as m1.tiny.

DocImpact

Change-Id: I0fd275dc7342cc2daa83e9a2bd79d30e7defa3e4
---
 doc/source/configuration.rst | 22 ++++++++++++++++++++++
 lib/tempest                  | 13 ++-----------
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index e8de7c4f70..8f311e037b 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -402,6 +402,28 @@ these default images; in that case, you will want to populate
         IMAGE_URLS="http://foo.bar.com/image.qcow,"
         IMAGE_URLS+="http://foo.bar.com/image2.qcow"
 
+
+Instance Type
+-------------
+
+``DEFAULT_INSTANCE_TYPE`` can be used to configure the default instance
+type. When this parameter is not specified, Devstack creates additional
+micro & nano flavors for really small instances to run Tempest tests.
+
+For guests with larger memory requirements, ``DEFAULT_INSTANCE_TYPE``
+should be specified in the configuration file so Tempest selects the
+default flavors instead.
+
+KVM on Power with QEMU 2.4 requires 512 MB to load the firmware -
+`QEMU 2.4 - PowerPC `__ so users
+running instances on ppc64/ppc64le can choose one of the default
+created flavors as follows:
+
+    ::
+
+        DEFAULT_INSTANCE_TYPE=m1.tiny
+
+
 IP Version
 ----------
 
diff --git a/lib/tempest b/lib/tempest
index f4d0a6dab0..6eeab4e231 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -205,21 +205,12 @@ function configure_tempest {
         if  [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
             available_flavors=$(nova flavor-list)
             if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
-                if is_arch "ppc64"; then
-                    # Qemu needs at least 128MB of memory to boot on ppc64
-                    nova flavor-create m1.nano 42 128 0 1
-                else
-                    nova flavor-create m1.nano 42 64 0 1
-                fi
+                nova flavor-create m1.nano 42 64 0 1
             fi
             flavor_ref=42
             boto_instance_type=m1.nano
             if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
-                if is_arch "ppc64"; then
-                    nova flavor-create m1.micro 84 256 0 1
-                else
-                    nova flavor-create m1.micro 84 128 0 1
-                fi
+                nova flavor-create m1.micro 84 128 0 1
             fi
             flavor_ref_alt=84
         else

From bb4654b869722feb400d65869350465d8ff5439c Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka 
Date: Tue, 6 Oct 2015 18:09:07 +0200
Subject: [PATCH 0962/3421] Don't configure neutron metadata agent for neutron
 API access

Metadata agent now talks to neutron-server thru AMQP, so there is no use
for API access configuration.

Change-Id: I8f81eea91fe3448d5098e77312f64f2eaba68a68
Depends-On: I254c575c66214f50fb93a94c46c4c9caebfc2937
Closes-Bug: #1502947
---
 lib/neutron-legacy | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e67bd4ae32..8b964a72c8 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1050,11 +1050,6 @@ function _configure_neutron_metadata_agent {
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $Q_META_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
     fi
-
-    # Configures keystone for metadata_agent
-    # The third argument "True" sets auth_url needed to communicate with keystone
-    _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True
-
 }
 
 function _configure_neutron_ceilometer_notifications {
@@ -1212,17 +1207,10 @@ function _neutron_setup_rootwrap {
     fi
 }
 
-# Configures keystone integration for neutron service and agents
+# Configures keystone integration for neutron service
 function _neutron_setup_keystone {
     local conf_file=$1
     local section=$2
-    local use_auth_url=$3
-
-    # Configures keystone for metadata_agent
-    # metadata_agent needs auth_url to communicate with keystone
-    if [[ "$use_auth_url" == "True" ]]; then
-        iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
-    fi
 
     create_neutron_cache_dir
     configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section

From 872a2622b9dc9295918784114bce4f4f991187b7 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Tue, 6 Oct 2015 12:45:06 -0400
Subject: [PATCH 0963/3421] Move the firewall disable section into a misc
 section

It broke the flow of the section it was in.

Change-Id: I4c6ec7ccbe7e856600037eb5a3a73863319aa232
---
 doc/source/guides/neutron.rst | 71 +++++++++++++++++++----------------
 1 file changed, 38 insertions(+), 33 deletions(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 2973eb63e8..424844547c 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -125,39 +125,6 @@ connectivity.
 
 
 
-Disabling Next Generation Firewall Tools
-========================================
-
-DevStack does not properly operate with modern firewall tools.  Specifically
-it will appear as if the guest VM can access the external network via ICMP,
-but UDP and TCP packets will not be delivered to the guest VM.  The root cause
-of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
-firewall manager) apply firewall rules to all interfaces in the system, rather
-then per-device.  One solution to this problem is to revert to iptables
-functionality.
-
-To get a functional firewall configuration for Fedora do the following:
-
-::
-
-         sudo service iptables save
-         sudo systemctl disable firewalld
-         sudo systemctl enable iptables
-         sudo systemctl stop firewalld
-         sudo systemctl start iptables
-
-
-To get a functional firewall configuration for distributions containing ufw,
-disable ufw.  Note ufw is generally not enabled by default in Ubuntu.  To
-disable ufw if it was enabled, do the following:
-
-::
-
-        sudo service iptables save
-        sudo ufw disable
-
-
-
 
 Neutron Networking with Open vSwitch
 ====================================
@@ -301,3 +268,41 @@ For example, with the above  configuration, a bridge is
 created, named `br-ex` which is managed by Open vSwitch, and the
 second interface on the compute node, `eth1` is attached to the
 bridge, to forward traffic sent by guest VMs.
+
+Miscellaneous Tips
+==================
+
+
+Disabling Next Generation Firewall Tools
+----------------------------------------
+
+DevStack does not properly operate with modern firewall tools.  Specifically
+it will appear as if the guest VM can access the external network via ICMP,
+but UDP and TCP packets will not be delivered to the guest VM.  The root cause
+of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
+firewall manager) apply firewall rules to all interfaces in the system, rather
+then per-device.  One solution to this problem is to revert to iptables
+functionality.
+
+To get a functional firewall configuration for Fedora do the following:
+
+::
+
+         sudo service iptables save
+         sudo systemctl disable firewalld
+         sudo systemctl enable iptables
+         sudo systemctl stop firewalld
+         sudo systemctl start iptables
+
+
+To get a functional firewall configuration for distributions containing ufw,
+disable ufw.  Note ufw is generally not enabled by default in Ubuntu.  To
+disable ufw if it was enabled, do the following:
+
+::
+
+        sudo service iptables save
+        sudo ufw disable
+
+
+

From 433a9b10ddd6fa67d7459c4943a92ce4f488cebc Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 7 Oct 2015 13:29:31 +1100
Subject: [PATCH 0964/3421] Don't set xtrace directly in local call

Ia0957b47187c3dcadd46154b17022c4213781112 detects setting local
variables with subshell commands.

Although this is a particuarly benign case, it trips the test.  Rather
than putting in an ignore for this, we can easily change it to make
the test pass.  This seems better than putting in special work-arounds
to bashate, etc.

Change-Id: I37c3967c0f2d780a636a7d26cda83755085c5c69
---
 functions-common | 33 ++++++++++++++++++++++-----------
 inc/ini-config   | 30 ++++++++++++++++++++----------
 inc/python       |  6 ++++--
 3 files changed, 46 insertions(+), 23 deletions(-)

diff --git a/functions-common b/functions-common
index cfe0c8d4ba..53b64d668a 100644
--- a/functions-common
+++ b/functions-common
@@ -111,7 +111,8 @@ function write_clouds_yaml {
 # Accepts as True: 1 yes Yes YES true True TRUE
 # VAR=$(trueorfalse default-value test-value)
 function trueorfalse {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
 
     local default=$1
@@ -169,7 +170,8 @@ function die {
 # die_if_not_set $LINENO env-var "message"
 function die_if_not_set {
     local exitcode=$?
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local line=$1; shift
     local evar=$1; shift
@@ -183,7 +185,8 @@ function die_if_not_set {
 # err $LINENO "message"
 function err {
     local exitcode=$?
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local msg="[ERROR] ${BASH_SOURCE[2]}:$1 $2"
     echo $msg 1>&2;
@@ -200,7 +203,8 @@ function err {
 # err_if_not_set $LINENO env-var "message"
 function err_if_not_set {
     local exitcode=$?
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local line=$1; shift
     local evar=$1; shift
@@ -236,7 +240,8 @@ function is_set {
 # warn $LINENO "message"
 function warn {
     local exitcode=$?
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local msg="[WARNING] ${BASH_SOURCE[2]}:$1 $2"
     echo $msg
@@ -986,7 +991,8 @@ function _get_package_dir {
 # Uses globals ``OFFLINE``, ``*_proxy``
 # apt_get operation package [package ...]
 function apt_get {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
 
     [[ "$OFFLINE" = "True" || -z "$@" ]] && return
@@ -1055,7 +1061,8 @@ function _parse_package_files {
 # - ``# dist:DISTRO`` or ``dist:DISTRO1,DISTRO2`` limits the selection
 #   of the package to the distros listed.  The distro names are case insensitive.
 function get_packages {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local services=$@
     local package_dir=$(_get_package_dir)
@@ -1123,7 +1130,8 @@ function get_packages {
 # The same metadata used in the main DevStack prerequisite files may be used
 # in these prerequisite files, see get_packages() for more info.
 function get_plugin_packages {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local files_to_parse=""
     local package_dir=""
@@ -1148,7 +1156,8 @@ function update_package_repo {
     fi
 
     if is_ubuntu; then
-        local xtrace=$(set +o | grep xtrace)
+        local xtrace
+    xtrace=$(set +o | grep xtrace)
         set +o xtrace
         if [[ "$REPOS_UPDATED" != "True" || "$RETRY_UPDATE" = "True" ]]; then
             # if there are transient errors pulling the updates, that's fine.
@@ -1854,7 +1863,8 @@ function enable_service {
 # Uses global ``ENABLED_SERVICES``
 # is_service_enabled service [service ...]
 function is_service_enabled {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local enabled=1
     local services=$@
@@ -1933,7 +1943,8 @@ function use_exclusive_service {
 # Only run the command if the target file (the last arg) is not on an
 # NFS filesystem.
 function _safe_permission_operation {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local args=( $@ )
     local last
diff --git a/inc/ini-config b/inc/ini-config
index 58386e2441..ba2d827ae9 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -17,7 +17,8 @@ set +o xtrace
 # Append a new option in an ini file without replacing the old value
 # iniadd [-sudo] config-file section option value1 value2 value3 ...
 function iniadd {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
@@ -37,7 +38,8 @@ function iniadd {
 # Comment an option in an INI file
 # inicomment [-sudo] config-file section option
 function inicomment {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
@@ -55,7 +57,8 @@ function inicomment {
 # Get an option from an INI file
 # iniget config-file section option
 function iniget {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local file=$1
     local section=$2
@@ -70,7 +73,8 @@ function iniget {
 # Get a multiple line option from an INI file
 # iniget_multiline config-file section option
 function iniget_multiline {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local file=$1
     local section=$2
@@ -85,7 +89,8 @@ function iniget_multiline {
 # Determinate is the given option present in the INI file
 # ini_has_option config-file section option
 function ini_has_option {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local file=$1
     local section=$2
@@ -107,7 +112,8 @@ function ini_has_option {
 #
 # iniadd_literal [-sudo] config-file section option value
 function iniadd_literal {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
@@ -135,7 +141,8 @@ $option = $value
 # Remove an option from an INI file
 # inidelete [-sudo] config-file section option
 function inidelete {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
@@ -161,7 +168,8 @@ function inidelete {
 # iniset [-sudo] config-file section option value
 #  - if the file does not exist, it is created
 function iniset {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
@@ -198,7 +206,8 @@ $option = $value
 # Set a multiple line option in an INI file
 # iniset_multiline [-sudo] config-file section option value1 value2 valu3 ...
 function iniset_multiline {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
@@ -236,7 +245,8 @@ $option = $v
 # Uncomment an option in an INI file
 # iniuncomment config-file section option
 function iniuncomment {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local sudo=""
     if [ $1 == "-sudo" ]; then
diff --git a/inc/python b/inc/python
index fd0d616b62..fe7bba6992 100644
--- a/inc/python
+++ b/inc/python
@@ -38,7 +38,8 @@ function get_pip_command {
 # Get the path to the direcotry where python executables are installed.
 # get_python_exec_prefix
 function get_python_exec_prefix {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     if [[ -z "$os_PACKAGE" ]]; then
         GetOSVersion
@@ -69,7 +70,8 @@ function pip_install_gr {
 # ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``,
 # pip_install package [package ...]
 function pip_install {
-    local xtrace=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local upgrade=""
     local offline=${OFFLINE:-False}

From ada886dd43ccc07f48d3a82d8d3d840fe5096c03 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 7 Oct 2015 14:06:26 +1100
Subject: [PATCH 0965/3421] Don't mix declaration and set of locals

Ia0957b47187c3dcadd46154b17022c4213781112 proposes to have bashate
find instances of setting a local value.  The issue is that "local"
always returns 0, thus hiding any failure in the commands running to
set the variable.

This is an automated replacement of such instances

Depends-On: I676c805e8f0401f75cc5367eee83b3d880cdef81
Change-Id: I9c8912a8fd596535589b207d7fc553b9d951d3fe
---
 exercises/neutron-adv-test.sh         | 36 ++++++++++-----
 functions                             |  9 ++--
 functions-common                      | 36 ++++++++++-----
 inc/ini-config                        |  3 +-
 inc/meta-config                       |  3 +-
 inc/python                            | 18 +++++---
 inc/rootwrap                          |  6 ++-
 lib/apache                            | 12 +++--
 lib/ceph                              |  9 ++--
 lib/cinder                            |  6 ++-
 lib/glance                            |  6 ++-
 lib/heat                              |  3 +-
 lib/horizon                           |  9 ++--
 lib/ironic                            | 63 ++++++++++++++++++---------
 lib/keystone                          | 36 ++++++++++-----
 lib/ldap                              |  9 ++--
 lib/lvm                               |  6 ++-
 lib/neutron-legacy                    | 33 +++++++++-----
 lib/neutron_plugins/embrane           |  3 +-
 lib/neutron_plugins/ovs_base          |  6 ++-
 lib/nova                              | 15 ++++---
 lib/swift                             | 42 ++++++++++++------
 lib/tempest                           |  3 +-
 lib/tls                               |  3 +-
 tests/unittest.sh                     | 24 ++++++----
 tools/create_userrc.sh                |  3 +-
 tools/peakmem_tracker.sh              |  6 ++-
 tools/xen/scripts/install-os-vpx.sh   |  3 +-
 tools/xen/scripts/uninstall-os-vpx.sh | 12 +++--
 tools/xen/test_functions.sh           |  6 ++-
 30 files changed, 286 insertions(+), 143 deletions(-)

diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index a0de4ccd37..a8fbd86473 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -122,41 +122,47 @@ function foreach_tenant_net {
 }
 
 function get_image_id {
-    local IMAGE_ID=$(openstack image list | egrep " $DEFAULT_IMAGE_NAME " | get_field 1)
+    local IMAGE_ID
+    IMAGE_ID=$(openstack image list | egrep " $DEFAULT_IMAGE_NAME " | get_field 1)
     die_if_not_set $LINENO IMAGE_ID "Failure retrieving IMAGE_ID"
     echo "$IMAGE_ID"
 }
 
 function get_tenant_id {
     local TENANT_NAME=$1
-    local TENANT_ID=`openstack project list | grep " $TENANT_NAME " | head -n 1 | get_field 1`
+    local TENANT_ID
+    TENANT_ID=`openstack project list | grep " $TENANT_NAME " | head -n 1 | get_field 1`
     die_if_not_set $LINENO TENANT_ID "Failure retrieving TENANT_ID for $TENANT_NAME"
     echo "$TENANT_ID"
 }
 
 function get_user_id {
     local USER_NAME=$1
-    local USER_ID=`openstack user list | grep $USER_NAME | awk '{print $2}'`
+    local USER_ID
+    USER_ID=`openstack user list | grep $USER_NAME | awk '{print $2}'`
     die_if_not_set $LINENO USER_ID "Failure retrieving USER_ID for $USER_NAME"
     echo "$USER_ID"
 }
 
 function get_role_id {
     local ROLE_NAME=$1
-    local ROLE_ID=`openstack role list | grep $ROLE_NAME | awk '{print $2}'`
+    local ROLE_ID
+    ROLE_ID=`openstack role list | grep $ROLE_NAME | awk '{print $2}'`
     die_if_not_set $LINENO ROLE_ID "Failure retrieving ROLE_ID for $ROLE_NAME"
     echo "$ROLE_ID"
 }
 
 function get_network_id {
     local NETWORK_NAME="$1"
-    local NETWORK_ID=`neutron net-list -F id  -- --name=$NETWORK_NAME | awk "NR==4" | awk '{print $2}'`
+    local NETWORK_ID
+    NETWORK_ID=`neutron net-list -F id  -- --name=$NETWORK_NAME | awk "NR==4" | awk '{print $2}'`
     echo $NETWORK_ID
 }
 
 function get_flavor_id {
     local INSTANCE_TYPE=$1
-    local FLAVOR_ID=`nova flavor-list | grep $INSTANCE_TYPE | awk '{print $2}'`
+    local FLAVOR_ID
+    FLAVOR_ID=`nova flavor-list | grep $INSTANCE_TYPE | awk '{print $2}'`
     die_if_not_set $LINENO FLAVOR_ID "Failure retrieving FLAVOR_ID for $INSTANCE_TYPE"
     echo "$FLAVOR_ID"
 }
@@ -185,13 +191,15 @@ function add_tenant {
 
 function remove_tenant {
     local TENANT=$1
-    local TENANT_ID=$(get_tenant_id $TENANT)
+    local TENANT_ID
+    TENANT_ID=$(get_tenant_id $TENANT)
     openstack project delete $TENANT_ID
 }
 
 function remove_user {
     local USER=$1
-    local USER_ID=$(get_user_id $USER)
+    local USER_ID
+    USER_ID=$(get_user_id $USER)
     openstack user delete $USER_ID
 }
 
@@ -221,9 +229,11 @@ function create_network {
     local NET_NAME="${TENANT}-net$NUM"
     local ROUTER_NAME="${TENANT}-router${NUM}"
     source $TOP_DIR/openrc admin admin
-    local TENANT_ID=$(get_tenant_id $TENANT)
+    local TENANT_ID
+    TENANT_ID=$(get_tenant_id $TENANT)
     source $TOP_DIR/openrc $TENANT $TENANT
-    local NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
+    local NET_ID
+    NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
     die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA"
     neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
     neutron_debug_admin probe-create --device-owner compute $NET_ID
@@ -251,7 +261,8 @@ function create_vm {
     done
     #TODO (nati) Add multi-nic test
     #TODO (nati) Add public-net test
-    local VM_UUID=`nova boot --flavor $(get_flavor_id m1.tiny) \
+    local VM_UUID
+    VM_UUID=`nova boot --flavor $(get_flavor_id m1.tiny) \
         --image $(get_image_id) \
         $NIC \
         $TENANT-server$NUM | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
@@ -309,7 +320,8 @@ function delete_network {
     local NUM=$2
     local NET_NAME="${TENANT}-net$NUM"
     source $TOP_DIR/openrc admin admin
-    local TENANT_ID=$(get_tenant_id $TENANT)
+    local TENANT_ID
+    TENANT_ID=$(get_tenant_id $TENANT)
     #TODO(nati) comment out until l3-agent merged
     #for res in port subnet net router;do
     for net_id in `neutron net-list -c id -c name | grep $NET_NAME | awk '{print $2}'`;do
diff --git a/functions b/functions
index ff95c89ad9..8cf7a25f49 100644
--- a/functions
+++ b/functions
@@ -264,7 +264,8 @@ function upload_image {
             ;;
         *.img)
             image_name=$(basename "$image" ".img")
-            local format=$(qemu-img info ${image} | awk '/^file format/ { print $3; exit }')
+            local format
+            format=$(qemu-img info ${image} | awk '/^file format/ { print $3; exit }')
             if [[ ",qcow2,raw,vdi,vmdk,vpc," =~ ",$format," ]]; then
                 disk_format=$format
             else
@@ -405,7 +406,8 @@ function get_instance_ip {
     local vm_id=$1
     local network_name=$2
     local nova_result="$(nova show $vm_id)"
-    local ip=$(echo "$nova_result" | grep "$network_name" | get_field 2)
+    local ip
+    ip=$(echo "$nova_result" | grep "$network_name" | get_field 2)
     if [[ $ip = "" ]];then
         echo "$nova_result"
         die $LINENO "[Fail] Coudn't get ipaddress of VM"
@@ -455,7 +457,8 @@ function check_path_perm_sanity {
     # homedir permissions on RHEL and common practice of making DEST in
     # the stack user's homedir.
 
-    local real_path=$(readlink -f $1)
+    local real_path
+    real_path=$(readlink -f $1)
     local rebuilt_path=""
     for i in $(echo ${real_path} | tr "/" " "); do
         rebuilt_path=$rebuilt_path"/"$i
diff --git a/functions-common b/functions-common
index 53b64d668a..c831b261e1 100644
--- a/functions-common
+++ b/functions-common
@@ -140,7 +140,8 @@ function isset {
 # backtrace level
 function backtrace {
     local level=$1
-    local deep=$((${#BASH_SOURCE[@]} - 1))
+    local deep
+    deep=$((${#BASH_SOURCE[@]} - 1))
     echo "[Call Trace]"
     while [ $level -le $deep ]; do
         echo "${BASH_SOURCE[$deep]}:${BASH_LINENO[$deep-1]}:${FUNCNAME[$deep-1]}"
@@ -477,7 +478,8 @@ function git_clone {
     local git_remote=$1
     local git_dest=$2
     local git_ref=$3
-    local orig_dir=$(pwd)
+    local orig_dir
+    orig_dir=$(pwd)
     local git_clone_flags=""
 
     RECLONE=$(trueorfalse False RECLONE)
@@ -641,7 +643,8 @@ function get_default_host_ip {
         host_ip=""
         # Find the interface used for the default route
         host_ip_iface=${host_ip_iface:-$(ip -f $af route | awk '/default/ {print $5}' | head -1)}
-        local host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | sed /temporary/d |awk /$af'/ {split($2,parts,"/");  print parts[1]}')
+        local host_ips
+        host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | sed /temporary/d |awk /$af'/ {split($2,parts,"/");  print parts[1]}')
         local ip
         for ip in $host_ips; do
             # Attempt to filter out IP addresses that are part of the fixed and
@@ -690,7 +693,8 @@ function get_field {
 # copy over a default policy.json and policy.d for projects
 function install_default_policy {
     local project=$1
-    local project_uc=$(echo $1|tr a-z A-Z)
+    local project_uc
+    project_uc=$(echo $1|tr a-z A-Z)
     local conf_dir="${project_uc}_CONF_DIR"
     # eval conf dir to get the variable
     conf_dir="${!conf_dir}"
@@ -723,7 +727,8 @@ function policy_add {
 
     # Add a terminating comma to policy lines without one
     # Remove the closing '}' and all lines following to the end-of-file
-    local tmpfile=$(mktemp)
+    local tmpfile
+    tmpfile=$(mktemp)
     uniq ${policy_file} | sed -e '
         s/]$/],/
         /^[}]/,$d
@@ -945,7 +950,8 @@ function get_or_create_endpoint {
     # scenarios currently that use the returned id. Ideally this behaviour
     # should be pushed out to the service setups and let them create the
     # endpoints they need.
-    local public_id=$(_get_or_create_endpoint_with_interface $1 public $3 $2)
+    local public_id
+    public_id=$(_get_or_create_endpoint_with_interface $1 public $3 $2)
     _get_or_create_endpoint_with_interface $1 admin $4 $2
     _get_or_create_endpoint_with_interface $1 internal $5 $2
 
@@ -1065,7 +1071,8 @@ function get_packages {
     xtrace=$(set +o | grep xtrace)
     set +o xtrace
     local services=$@
-    local package_dir=$(_get_package_dir)
+    local package_dir
+    package_dir=$(_get_package_dir)
     local file_to_parse=""
     local service=""
 
@@ -1980,8 +1987,10 @@ function address_in_net {
     local ip=$1
     local range=$2
     local masklen=${range#*/}
-    local network=$(maskip ${range%/*} $(cidr2netmask $masklen))
-    local subnet=$(maskip $ip $(cidr2netmask $masklen))
+    local network
+    network=$(maskip ${range%/*} $(cidr2netmask $masklen))
+    local subnet
+    subnet=$(maskip $ip $(cidr2netmask $masklen))
     [[ $network == $subnet ]]
 }
 
@@ -2033,7 +2042,8 @@ function export_proxy_variables {
 
 # Returns true if the directory is on a filesystem mounted via NFS.
 function is_nfs_directory {
-    local mount_type=`stat -f -L -c %T $1`
+    local mount_type
+    mount_type=`stat -f -L -c %T $1`
     test "$mount_type" == "nfs"
 }
 
@@ -2044,13 +2054,15 @@ function maskip {
     local ip=$1
     local mask=$2
     local l="${ip%.*}"; local r="${ip#*.}"; local n="${mask%.*}"; local m="${mask#*.}"
-    local subnet=$((${ip%%.*}&${mask%%.*})).$((${r%%.*}&${m%%.*})).$((${l##*.}&${n##*.})).$((${ip##*.}&${mask##*.}))
+    local subnet
+    subnet=$((${ip%%.*}&${mask%%.*})).$((${r%%.*}&${m%%.*})).$((${l##*.}&${n##*.})).$((${ip##*.}&${mask##*.}))
     echo $subnet
 }
 
 # Return the current python as "python."
 function python_version {
-    local python_version=$(python -c 'import sys; print("%s.%s" % sys.version_info[0:2])')
+    local python_version
+    python_version=$(python -c 'import sys; print("%s.%s" % sys.version_info[0:2])')
     echo "python${python_version}"
 }
 
diff --git a/inc/ini-config b/inc/ini-config
index ba2d827ae9..42a66c63b6 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -196,7 +196,8 @@ function iniset {
 $option = $value
 " "$file"
     else
-        local sep=$(echo -ne "\x01")
+        local sep
+        sep=$(echo -ne "\x01")
         # Replace it
         $sudo sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
     fi
diff --git a/inc/meta-config b/inc/meta-config
index e5f902d1dd..d74db59bb3 100644
--- a/inc/meta-config
+++ b/inc/meta-config
@@ -89,7 +89,8 @@ function merge_config_file {
     # note, configfile might be a variable (note the iniset, etc
     # created in the mega-awk below is "eval"ed too, so we just leave
     # it alone.
-    local real_configfile=$(eval echo $configfile)
+    local real_configfile
+    real_configfile=$(eval echo $configfile)
     if [ ! -f $real_configfile ]; then
         touch $real_configfile
     fi
diff --git a/inc/python b/inc/python
index fe7bba6992..c7ba51a81d 100644
--- a/inc/python
+++ b/inc/python
@@ -61,7 +61,8 @@ function get_python_exec_prefix {
 # pip_install_gr packagename
 function pip_install_gr {
     local name=$1
-    local clean_name=$(get_from_global_requirements $name)
+    local clean_name
+    clean_name=$(get_from_global_requirements $name)
     pip_install $clean_name
 }
 
@@ -100,7 +101,8 @@ function pip_install {
             local cmd_pip=$PIP_VIRTUAL_ENV/bin/pip
             local sudo_pip="env"
         else
-            local cmd_pip=$(get_pip_command)
+            local cmd_pip
+            cmd_pip=$(get_pip_command)
             local sudo_pip="sudo -H"
         fi
     fi
@@ -109,7 +111,8 @@ function pip_install {
     # Always apply constraints
     cmd_pip="$cmd_pip -c $REQUIREMENTS_DIR/upper-constraints.txt"
 
-    local pip_version=$(python -c "import pip; \
+    local pip_version
+    pip_version=$(python -c "import pip; \
                         print(pip.__version__.strip('.')[0])")
     if (( pip_version<6 )); then
         die $LINENO "Currently installed pip version ${pip_version} does not" \
@@ -143,7 +146,8 @@ function pip_install {
 # get_from_global_requirements 
 function get_from_global_requirements {
     local package=$1
-    local required_pkg=$(grep -i -h ^${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
+    local required_pkg
+    required_pkg=$(grep -i -h ^${package} $REQUIREMENTS_DIR/global-requirements.txt | cut -d\# -f1)
     if [[ $required_pkg == ""  ]]; then
         die $LINENO "Can't find package $package in requirements"
     fi
@@ -222,7 +226,8 @@ function setup_develop {
 # practical ways.
 function is_in_projects_txt {
     local project_dir=$1
-    local project_name=$(basename $project_dir)
+    local project_name
+    project_name=$(basename $project_dir)
     grep -q "/$project_name\$" $REQUIREMENTS_DIR/projects.txt
 }
 
@@ -241,7 +246,8 @@ function setup_package_with_constraints_edit {
 
     if [ -n "$REQUIREMENTS_DIR" ]; then
         # Constrain this package to this project directory from here on out.
-        local name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
+        local name
+        name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
         $REQUIREMENTS_DIR/.venv/bin/edit-constraints \
             $REQUIREMENTS_DIR/upper-constraints.txt -- $name \
             "$flags file://$project_dir#egg=$name"
diff --git a/inc/rootwrap b/inc/rootwrap
index f91e557e68..63ab59adc7 100644
--- a/inc/rootwrap
+++ b/inc/rootwrap
@@ -41,7 +41,8 @@ function add_sudo_secure_path {
 # configure_rootwrap project
 function configure_rootwrap {
     local project=$1
-    local project_uc=$(echo $1|tr a-z A-Z)
+    local project_uc
+    project_uc=$(echo $1|tr a-z A-Z)
     local bin_dir="${project_uc}_BIN_DIR"
     bin_dir="${!bin_dir}"
     local project_dir="${project_uc}_DIR"
@@ -60,7 +61,8 @@ function configure_rootwrap {
     sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
 
     # Set up the rootwrap sudoers
-    local tempfile=$(mktemp)
+    local tempfile
+    tempfile=$(mktemp)
     # Specify rootwrap.conf as first parameter to rootwrap
     rootwrap_sudo_cmd="${rootwrap_bin} /etc/${project}/rootwrap.conf *"
     echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >$tempfile
diff --git a/lib/apache b/lib/apache
index a8e9bc5ad2..17526c74d0 100644
--- a/lib/apache
+++ b/lib/apache
@@ -72,11 +72,14 @@ function install_apache_wsgi {
 # various differences between Apache 2.2 and 2.4 that warrant special handling.
 function get_apache_version {
     if is_ubuntu; then
-        local version_str=$(sudo /usr/sbin/apache2ctl -v | awk '/Server version/ {print $3}' | cut -f2 -d/)
+        local version_str
+        version_str=$(sudo /usr/sbin/apache2ctl -v | awk '/Server version/ {print $3}' | cut -f2 -d/)
     elif is_fedora; then
-        local version_str=$(rpm -qa --queryformat '%{VERSION}' httpd)
+        local version_str
+        version_str=$(rpm -qa --queryformat '%{VERSION}' httpd)
     elif is_suse; then
-        local version_str=$(rpm -qa --queryformat '%{VERSION}' apache2)
+        local version_str
+        version_str=$(rpm -qa --queryformat '%{VERSION}' apache2)
     else
         exit_distro_not_supported "cannot determine apache version"
     fi
@@ -115,7 +118,8 @@ function get_apache_version {
 function apache_site_config_for {
     local site=$@
     if is_ubuntu; then
-        local apache_version=$(get_apache_version)
+        local apache_version
+        apache_version=$(get_apache_version)
         if [[ "$apache_version" == "2.2" ]]; then
             # Ubuntu 12.04 - Apache 2.2
             echo $APACHE_CONF_DIR/${site}
diff --git a/lib/ceph b/lib/ceph
index 8e34aa49a4..29d2aca54f 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -83,7 +83,8 @@ ATTACH_ENCRYPTED_VOLUME_AVAILABLE=False
 # ------------
 
 function get_ceph_version {
-    local ceph_version_str=$(sudo ceph daemon mon.$(hostname) version | cut -d '"' -f 4 | cut -f 1,2 -d '.')
+    local ceph_version_str
+    ceph_version_str=$(sudo ceph daemon mon.$(hostname) version | cut -d '"' -f 4 | cut -f 1,2 -d '.')
     echo $ceph_version_str
 }
 
@@ -106,7 +107,8 @@ EOF
 # undefine_virsh_secret() - Undefine Cinder key secret from libvirt
 function undefine_virsh_secret {
     if is_service_enabled cinder || is_service_enabled nova; then
-        local virsh_uuid=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
+        local virsh_uuid
+        virsh_uuid=$(sudo virsh secret-list | awk '/^ ?[0-9a-z]/ { print $1 }')
         sudo virsh secret-undefine ${virsh_uuid} >/dev/null 2>&1
     fi
 }
@@ -219,7 +221,8 @@ EOF
     done
 
     # pools data and metadata were removed in the Giant release so depending on the version we apply different commands
-    local ceph_version=$(get_ceph_version)
+    local ceph_version
+    ceph_version=$(get_ceph_version)
     # change pool replica size according to the CEPH_REPLICAS set by the user
     if [[ ${ceph_version%%.*} -eq 0 ]] && [[ ${ceph_version##*.} -lt 87 ]]; then
         sudo ceph -c ${CEPH_CONF_FILE} osd pool set rbd size ${CEPH_REPLICAS}
diff --git a/lib/cinder b/lib/cinder
index 10144117ec..73941c6973 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -150,7 +150,8 @@ function cleanup_cinder {
     # ensure the volume group is cleared up because fails might
     # leave dead volumes in the group
     if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
-        local targets=$(sudo tgtadm --op show --mode target)
+        local targets
+        targets=$(sudo tgtadm --op show --mode target)
         if [ $? -ne 0 ]; then
             # If tgt driver isn't running this won't work obviously
             # So check the response and restart if need be
@@ -198,7 +199,8 @@ function cleanup_cinder {
 
 # _cinder_config_apache_wsgi() - Set WSGI config files
 function _cinder_config_apache_wsgi {
-    local cinder_apache_conf=$(apache_site_config_for osapi-volume)
+    local cinder_apache_conf
+    cinder_apache_conf=$(apache_site_config_for osapi-volume)
     local cinder_ssl=""
     local cinder_certfile=""
     local cinder_keyfile=""
diff --git a/lib/glance b/lib/glance
index 7be3a8495c..2eb93a46e6 100644
--- a/lib/glance
+++ b/lib/glance
@@ -106,7 +106,8 @@ function configure_glance {
     iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
     inicomment $GLANCE_REGISTRY_CONF DEFAULT log_file
-    local dburl=`database_connection_url glance`
+    local dburl
+    dburl=`database_connection_url glance`
     iniset $GLANCE_REGISTRY_CONF database connection $dburl
     iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
     iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS"
@@ -265,7 +266,8 @@ function create_glance_accounts {
         # required for swift access
         if is_service_enabled s-proxy; then
 
-            local glance_swift_user=$(get_or_create_user "glance-swift" \
+            local glance_swift_user
+            glance_swift_user=$(get_or_create_user "glance-swift" \
                 "$SERVICE_PASSWORD" "default" "glance-swift@example.com")
             get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
         fi
diff --git a/lib/heat b/lib/heat
index 3e6975ae26..df85c72cfe 100644
--- a/lib/heat
+++ b/lib/heat
@@ -321,7 +321,8 @@ function build_heat_pip_mirror {
 
     echo "" >> $HEAT_PIP_REPO/index.html
 
-    local heat_pip_repo_apache_conf=$(apache_site_config_for heat_pip_repo)
+    local heat_pip_repo_apache_conf
+    heat_pip_repo_apache_conf=$(apache_site_config_for heat_pip_repo)
 
     sudo cp $FILES/apache-heat-pip-repo.template $heat_pip_repo_apache_conf
     sudo sed -e "
diff --git a/lib/horizon b/lib/horizon
index b2539d1b7d..6ecd755795 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -49,7 +49,8 @@ function _horizon_config_set {
         sed -e "/^$option/d" -i $local_settings
         echo -e "\n$option=$value" >> $file
     elif grep -q "^$section" $file; then
-        local line=$(sed -ne "/^$section/,/^}/ { /^ *'$option':/ p; }" $file)
+        local line
+        line=$(sed -ne "/^$section/,/^}/ { /^ *'$option':/ p; }" $file)
         if [ -n "$line" ]; then
             sed -i -e "/^$section/,/^}/ s/^\( *'$option'\) *:.*$/\1: $value,/" $file
         else
@@ -68,7 +69,8 @@ function _horizon_config_set {
 # cleanup_horizon() - Remove residual data files, anything left over from previous
 # runs that a clean run would need to clean up
 function cleanup_horizon {
-    local horizon_conf=$(apache_site_config_for horizon)
+    local horizon_conf
+    horizon_conf=$(apache_site_config_for horizon)
     sudo rm -f $horizon_conf
 }
 
@@ -112,7 +114,8 @@ function init_horizon {
     # Create an empty directory that apache uses as docroot
     sudo mkdir -p $HORIZON_DIR/.blackhole
 
-    local horizon_conf=$(apache_site_config_for horizon)
+    local horizon_conf
+    horizon_conf=$(apache_site_config_for horizon)
 
     # Configure apache to run horizon
     sudo sh -c "sed -e \"
diff --git a/lib/ironic b/lib/ironic
index 40475e0a83..8eb0d80e07 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -225,7 +225,8 @@ function _cleanup_ironic_apache_wsgi {
 
 # _config_ironic_apache_wsgi() - Set WSGI config files of Ironic
 function _config_ironic_apache_wsgi {
-    local ironic_apache_conf=$(apache_site_config_for ironic)
+    local ironic_apache_conf
+    ironic_apache_conf=$(apache_site_config_for ironic)
     sudo cp $FILES/apache-ironic.template $ironic_apache_conf
     sudo sed -e "
         s|%PUBLICPORT%|$IRONIC_HTTP_PORT|g;
@@ -325,11 +326,13 @@ function configure_ironic_api {
 function configure_ironic_conductor {
     cp $IRONIC_DIR/etc/ironic/rootwrap.conf $IRONIC_ROOTWRAP_CONF
     cp -r $IRONIC_DIR/etc/ironic/rootwrap.d $IRONIC_CONF_DIR
-    local ironic_rootwrap=$(get_rootwrap_location ironic)
+    local ironic_rootwrap
+    ironic_rootwrap=$(get_rootwrap_location ironic)
     local rootwrap_isudoer_cmd="$ironic_rootwrap $IRONIC_CONF_DIR/rootwrap.conf *"
 
     # Set up the rootwrap sudoers for ironic
-    local tempfile=`mktemp`
+    local tempfile
+    tempfile=`mktemp`
     echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_isudoer_cmd" >$tempfile
     chmod 0440 $tempfile
     sudo chown root:root $tempfile
@@ -370,7 +373,8 @@ function configure_ironic_conductor {
         fi
         iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
         iniset $IRONIC_CONF_FILE glance swift_api_version v1
-        local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default)
+        local tenant_id
+        tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default)
         iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
         iniset $IRONIC_CONF_FILE glance swift_container glance
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
@@ -379,7 +383,8 @@ function configure_ironic_conductor {
     fi
 
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        local pxebin=`basename $IRONIC_PXE_BOOT_IMAGE`
+        local pxebin
+        pxebin=`basename $IRONIC_PXE_BOOT_IMAGE`
         iniset $IRONIC_CONF_FILE pxe ipxe_enabled True
         iniset $IRONIC_CONF_FILE pxe pxe_config_template '\$pybasedir/drivers/modules/ipxe_config.template'
         iniset $IRONIC_CONF_FILE pxe pxe_bootfile_name $pxebin
@@ -445,7 +450,8 @@ function init_ironic {
 # _ironic_bm_vm_names() - Generates list of names for baremetal VMs.
 function _ironic_bm_vm_names {
     local idx
-    local num_vms=$(($IRONIC_VM_COUNT - 1))
+    local num_vms
+    num_vms=$(($IRONIC_VM_COUNT - 1))
     for idx in $(seq 0 $num_vms); do
         echo "baremetal${IRONIC_VM_NETWORK_BRIDGE}_${idx}"
     done
@@ -498,22 +504,27 @@ function stop_ironic {
 }
 
 function create_ovs_taps {
-    local ironic_net_id=$(neutron net-list | grep private | get_field 1)
+    local ironic_net_id
+    ironic_net_id=$(neutron net-list | grep private | get_field 1)
 
     # Work around: No netns exists on host until a Neutron port is created.  We
     # need to create one in Neutron to know what netns to tap into prior to the
     # first node booting.
-    local port_id=$(neutron port-create private | grep " id " | get_field 2)
+    local port_id
+    port_id=$(neutron port-create private | grep " id " | get_field 2)
 
     # intentional sleep to make sure the tag has been set to port
     sleep 10
 
     if  [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-        local tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
+        local tapdev
+        tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
     else
-        local tapdev=$(sudo ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
+        local tapdev
+        tapdev=$(sudo ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
     fi
-    local tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
+    local tag_id
+    tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
 
     # make sure veth pair is not existing, otherwise delete its links
     sudo ip link show ovs-tap1 && sudo ip link delete ovs-tap1
@@ -570,7 +581,8 @@ function wait_for_nova_resources {
 }
 
 function enroll_nodes {
-    local chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2)
+    local chassis_id
+    chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2)
 
     if ! is_ironic_hardware; then
         local ironic_node_cpu=$IRONIC_VM_SPECS_CPU
@@ -602,10 +614,14 @@ function enroll_nodes {
         if ! is_ironic_hardware; then
             local mac_address=$hardware_info
         elif [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then
-            local ipmi_address=$(echo $hardware_info |awk  '{print $1}')
-            local mac_address=$(echo $hardware_info |awk '{print $2}')
-            local ironic_ipmi_username=$(echo $hardware_info |awk '{print $3}')
-            local ironic_ipmi_passwd=$(echo $hardware_info |awk '{print $4}')
+            local ipmi_address
+            ipmi_address=$(echo $hardware_info |awk  '{print $1}')
+            local mac_address
+            mac_address=$(echo $hardware_info |awk '{print $2}')
+            local ironic_ipmi_username
+            ironic_ipmi_username=$(echo $hardware_info |awk '{print $3}')
+            local ironic_ipmi_passwd
+            ironic_ipmi_passwd=$(echo $hardware_info |awk '{print $4}')
             # Currently we require all hardware platform have same CPU/RAM/DISK info
             # in future, this can be enhanced to support different type, and then
             # we create the bare metal flavor with minimum value
@@ -617,9 +633,11 @@ function enroll_nodes {
 
         # First node created will be used for testing in ironic w/o glance
         # scenario, so we need to know its UUID.
-        local standalone_node_uuid=$([ $total_nodes -eq 0 ] && echo "--uuid $IRONIC_NODE_UUID")
+        local standalone_node_uuid
+        standalone_node_uuid=$([ $total_nodes -eq 0 ] && echo "--uuid $IRONIC_NODE_UUID")
 
-        local node_id=$(ironic node-create $standalone_node_uuid\
+        local node_id
+        node_id=$(ironic node-create $standalone_node_uuid\
             --chassis_uuid $chassis_id \
             --driver $IRONIC_DEPLOY_DRIVER \
             --name node-$total_nodes \
@@ -640,7 +658,8 @@ function enroll_nodes {
     # NOTE(adam_g): Attempting to use an autogenerated UUID for flavor id here uncovered
     # bug (LP: #1333852) in Trove.  This can be changed to use an auto flavor id when the
     # bug is fixed in Juno.
-    local adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
+    local adjusted_disk
+    adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
     nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal 551 $ironic_node_ram $adjusted_disk $ironic_node_cpu
 
     nova flavor-key baremetal set "cpu_arch"="x86_64"
@@ -771,7 +790,8 @@ function upload_baremetal_ironic_deploy {
         fi
     fi
 
-    local token=$(openstack token issue -c id -f value)
+    local token
+    token=$(openstack token issue -c id -f value)
     die_if_not_set $LINENO token "Keystone fail to get token"
 
     # load them into glance
@@ -809,7 +829,8 @@ function prepare_baremetal_basic_ops {
 function cleanup_baremetal_basic_ops {
     rm -f $IRONIC_VM_MACS_CSV_FILE
     if [ -f $IRONIC_KEY_FILE ]; then
-        local key=$(cat $IRONIC_KEY_FILE.pub)
+        local key
+        key=$(cat $IRONIC_KEY_FILE.pub)
         # remove public key from authorized_keys
         grep -v "$key" $IRONIC_AUTHORIZED_KEYS_FILE > temp && mv temp $IRONIC_AUTHORIZED_KEYS_FILE
         chmod 0600 $IRONIC_AUTHORIZED_KEYS_FILE
diff --git a/lib/keystone b/lib/keystone
index ec28b46341..cdcc13a326 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -132,7 +132,8 @@ function _cleanup_keystone_apache_wsgi {
 
 # _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
 function _config_keystone_apache_wsgi {
-    local keystone_apache_conf=$(apache_site_config_for keystone)
+    local keystone_apache_conf
+    keystone_apache_conf=$(apache_site_config_for keystone)
     local keystone_ssl=""
     local keystone_certfile=""
     local keystone_keyfile=""
@@ -347,9 +348,12 @@ function configure_keystone_extensions {
 function create_keystone_accounts {
 
     # admin
-    local admin_tenant=$(get_or_create_project "admin" default)
-    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
-    local admin_role=$(get_or_create_role "admin")
+    local admin_tenant
+    admin_tenant=$(get_or_create_project "admin" default)
+    local admin_user
+    admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
+    local admin_role
+    admin_role=$(get_or_create_role "admin")
     get_or_add_user_project_role $admin_role $admin_user $admin_tenant
 
     # Create service project/role
@@ -365,18 +369,23 @@ function create_keystone_accounts {
     get_or_create_role ResellerAdmin
 
     # The Member role is used by Horizon and Swift so we need to keep it:
-    local member_role=$(get_or_create_role "Member")
+    local member_role
+    member_role=$(get_or_create_role "Member")
 
     # another_role demonstrates that an arbitrary role may be created and used
     # TODO(sleepsonthefloor): show how this can be used for rbac in the future!
-    local another_role=$(get_or_create_role "anotherrole")
+    local another_role
+    another_role=$(get_or_create_role "anotherrole")
 
     # invisible tenant - admin can't see this one
-    local invis_tenant=$(get_or_create_project "invisible_to_admin" default)
+    local invis_tenant
+    invis_tenant=$(get_or_create_project "invisible_to_admin" default)
 
     # demo
-    local demo_tenant=$(get_or_create_project "demo" default)
-    local demo_user=$(get_or_create_user "demo" \
+    local demo_tenant
+    demo_tenant=$(get_or_create_project "demo" default)
+    local demo_user
+    demo_user=$(get_or_create_user "demo" \
         "$ADMIN_PASSWORD" "default" "demo@example.com")
 
     get_or_add_user_project_role $member_role $demo_user $demo_tenant
@@ -384,9 +393,11 @@ function create_keystone_accounts {
     get_or_add_user_project_role $another_role $demo_user $demo_tenant
     get_or_add_user_project_role $member_role $demo_user $invis_tenant
 
-    local admin_group=$(get_or_create_group "admins" \
+    local admin_group
+    admin_group=$(get_or_create_group "admins" \
         "default" "openstack admin group")
-    local non_admin_group=$(get_or_create_group "nonadmins" \
+    local non_admin_group
+    non_admin_group=$(get_or_create_group "nonadmins" \
         "default" "non-admin group")
 
     get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
@@ -415,7 +426,8 @@ function create_keystone_accounts {
 function create_service_user {
     local role=${2:-service}
 
-    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
+    local user
+    user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
     get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
 }
 
diff --git a/lib/ldap b/lib/ldap
index d2dbc3b728..0414fea639 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -82,7 +82,8 @@ function cleanup_ldap {
 function init_ldap {
     local keystone_ldif
 
-    local tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
+    local tmp_ldap_dir
+    tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
 
     # Remove data but not schemas
     clear_ldap_state
@@ -113,7 +114,8 @@ function install_ldap {
     echo "Installing LDAP inside function"
     echo "os_VENDOR is $os_VENDOR"
 
-    local tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
+    local tmp_ldap_dir
+    tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
 
     printf "installing OpenLDAP"
     if is_ubuntu; then
@@ -129,7 +131,8 @@ function install_ldap {
     fi
 
     echo "LDAP_PASSWORD is $LDAP_PASSWORD"
-    local slappass=$(slappasswd -s $LDAP_PASSWORD)
+    local slappass
+    slappass=$(slappasswd -s $LDAP_PASSWORD)
     printf "LDAP secret is $slappass\n"
 
     # Create manager.ldif and add to olcdb
diff --git a/lib/lvm b/lib/lvm
index 8afd543f34..468a99aecc 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -56,7 +56,8 @@ function _clean_lvm_backing_file {
 
     # If the backing physical device is a loop device, it was probably setup by DevStack
     if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
-        local vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
+        local vg_dev
+        vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
         sudo losetup -d $vg_dev
         rm -f $backing_file
     fi
@@ -89,7 +90,8 @@ function _create_lvm_volume_group {
     if ! sudo vgs $vg; then
         # Only create if the file doesn't already exists
         [[ -f $backing_file ]] || truncate -s $size $backing_file
-        local vg_dev=`sudo losetup -f --show $backing_file`
+        local vg_dev
+        vg_dev=`sudo losetup -f --show $backing_file`
 
         # Only create volume group if it doesn't already exist
         if ! sudo vgs $vg; then
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e67bd4ae32..e9f88fbd1b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -806,7 +806,8 @@ function _move_neutron_addresses_route {
 
         local IP_ADD=""
         local IP_DEL=""
-        local DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
+        local DEFAULT_ROUTE_GW
+        DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
         local ADD_OVS_PORT=""
 
         if [[ $af == "inet" ]]; then
@@ -1244,7 +1245,8 @@ function _neutron_create_private_subnet_v4 {
     subnet_params+="--gateway $NETWORK_GATEWAY "
     subnet_params+="--name $PRIVATE_SUBNET_NAME "
     subnet_params+="$NET_ID $FIXED_RANGE"
-    local subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
+    local subnet_id
+    subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
     die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $TENANT_ID"
     echo $subnet_id
 }
@@ -1259,7 +1261,8 @@ function _neutron_create_private_subnet_v6 {
     subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
     subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
     subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
-    local ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
+    local ipv6_subnet_id
+    ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
     die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $TENANT_ID"
     echo $ipv6_subnet_id
 }
@@ -1272,7 +1275,8 @@ function _neutron_create_public_subnet_v4 {
     subnet_params+="--name $PUBLIC_SUBNET_NAME "
     subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
     subnet_params+="-- --enable_dhcp=False"
-    local id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+    local id_and_ext_gw_ip
+    id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
     die_if_not_set $LINENO id_and_ext_gw_ip "Failure creating public IPv4 subnet"
     echo $id_and_ext_gw_ip
 }
@@ -1284,7 +1288,8 @@ function _neutron_create_public_subnet_v6 {
     subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
     subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
     subnet_params+="-- --enable_dhcp=False"
-    local ipv6_id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
+    local ipv6_id_and_ext_gw_ip
+    ipv6_id_and_ext_gw_ip=$(neutron subnet-create $subnet_params | grep -e 'gateway_ip' -e ' id ')
     die_if_not_set $LINENO ipv6_id_and_ext_gw_ip "Failure creating an IPv6 public subnet"
     echo $ipv6_id_and_ext_gw_ip
 }
@@ -1293,8 +1298,10 @@ function _neutron_create_public_subnet_v6 {
 function _neutron_configure_router_v4 {
     neutron router-interface-add $ROUTER_ID $SUBNET_ID
     # Create a public subnet on the external network
-    local id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
-    local ext_gw_ip=$(echo $id_and_ext_gw_ip  | get_field 2)
+    local id_and_ext_gw_ip
+    id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
+    local ext_gw_ip
+    ext_gw_ip=$(echo $id_and_ext_gw_ip  | get_field 2)
     PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
     # Configure the external network as the default router gateway
     neutron router-gateway-set $ROUTER_ID $EXT_NET_ID
@@ -1331,9 +1338,12 @@ function _neutron_configure_router_v4 {
 function _neutron_configure_router_v6 {
     neutron router-interface-add $ROUTER_ID $IPV6_SUBNET_ID
     # Create a public subnet on the external network
-    local ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
-    local ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
-    local ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
+    local ipv6_id_and_ext_gw_ip
+    ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
+    local ipv6_ext_gw_ip
+    ipv6_ext_gw_ip=$(echo $ipv6_id_and_ext_gw_ip | get_field 2)
+    local ipv6_pub_subnet_id
+    ipv6_pub_subnet_id=$(echo $ipv6_id_and_ext_gw_ip | get_field 5)
 
     # If the external network has not already been set as the default router
     # gateway when configuring an IPv4 public subnet, do so now
@@ -1351,7 +1361,8 @@ function _neutron_configure_router_v6 {
         die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
 
         if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-            local ext_gw_interface=$(_neutron_get_ext_gw_interface)
+            local ext_gw_interface
+            ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
 
             # Configure interface for public bridge
diff --git a/lib/neutron_plugins/embrane b/lib/neutron_plugins/embrane
index 6b4819ef70..2028496ca1 100644
--- a/lib/neutron_plugins/embrane
+++ b/lib/neutron_plugins/embrane
@@ -10,7 +10,8 @@ set +o xtrace
 source $TOP_DIR/lib/neutron_plugins/openvswitch
 
 function save_function {
-    local ORIG_FUNC=$(declare -f $1)
+    local ORIG_FUNC
+    ORIG_FUNC=$(declare -f $1)
     local NEW_FUNC="$2${ORIG_FUNC#$1}"
     eval "$NEW_FUNC"
 }
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index b012683a6f..d3fd198b08 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -49,8 +49,10 @@ function neutron_ovs_base_cleanup {
 
 function _neutron_ovs_base_install_ubuntu_dkms {
     # install Dynamic Kernel Module Support packages if needed
-    local kernel_version=$(uname -r)
-    local kernel_major_minor=`echo $kernel_version | cut -d. -f1-2`
+    local kernel_version
+    kernel_version=$(uname -r)
+    local kernel_major_minor
+    kernel_major_minor=`echo $kernel_version | cut -d. -f1-2`
     # From kernel 3.13 on, openvswitch-datapath-dkms is not needed
     if [ `vercmp_numbers "$kernel_major_minor" "3.13"` -lt "0" ]; then
         install_package "dkms openvswitch-datapath-dkms linux-headers-$kernel_version"
diff --git a/lib/nova b/lib/nova
index 9830276232..6e6075cae6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -202,14 +202,16 @@ function cleanup_nova {
         clean_iptables
 
         # Destroy old instances
-        local instances=`sudo virsh list --all | grep $INSTANCE_NAME_PREFIX | sed "s/.*\($INSTANCE_NAME_PREFIX[0-9a-fA-F]*\).*/\1/g"`
+        local instances
+        instances=`sudo virsh list --all | grep $INSTANCE_NAME_PREFIX | sed "s/.*\($INSTANCE_NAME_PREFIX[0-9a-fA-F]*\).*/\1/g"`
         if [ ! "$instances" = "" ]; then
             echo $instances | xargs -n1 sudo virsh destroy || true
             echo $instances | xargs -n1 sudo virsh undefine --managed-save || true
         fi
 
         # Logout and delete iscsi sessions
-        local tgts=$(sudo iscsiadm --mode node | grep $VOLUME_NAME_PREFIX | cut -d ' ' -f2)
+        local tgts
+        tgts=$(sudo iscsiadm --mode node | grep $VOLUME_NAME_PREFIX | cut -d ' ' -f2)
         local target
         for target in $tgts; do
             sudo iscsiadm --mode node -T $target --logout || true
@@ -245,8 +247,10 @@ function _cleanup_nova_apache_wsgi {
 function _config_nova_apache_wsgi {
     sudo mkdir -p $NOVA_WSGI_DIR
 
-    local nova_apache_conf=$(apache_site_config_for nova-api)
-    local nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
+    local nova_apache_conf
+    nova_apache_conf=$(apache_site_config_for nova-api)
+    local nova_ec2_apache_conf
+    nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
     local nova_ssl=""
     local nova_certfile=""
     local nova_keyfile=""
@@ -784,7 +788,8 @@ function start_nova_api {
     export PATH=$NOVA_BIN_DIR:$PATH
 
     # If the site is not enabled then we are in a grenade scenario
-    local enabled_site_file=$(apache_site_config_for nova-api)
+    local enabled_site_file
+    enabled_site_file=$(apache_site_config_for nova-api)
     if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
         enable_apache_site nova-api
         enable_apache_site nova-ec2-api
diff --git a/lib/swift b/lib/swift
index 645bfd7cd9..62f47dce50 100644
--- a/lib/swift
+++ b/lib/swift
@@ -205,9 +205,12 @@ function _config_swift_apache_wsgi {
     # copy apache vhost file and set name and port
     local node_number
     for node_number in ${SWIFT_REPLICAS_SEQ}; do
-        local object_port=$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))
-        local container_port=$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))
-        local account_port=$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))
+        local object_port
+        object_port=$(( OBJECT_PORT_BASE + 10 * (node_number - 1) ))
+        local container_port
+        container_port=$(( CONTAINER_PORT_BASE + 10 * (node_number - 1) ))
+        local account_port
+        account_port=$(( ACCOUNT_PORT_BASE + 10 * (node_number - 1) ))
 
         sudo cp ${SWIFT_DIR}/examples/apache2/object-server.template $(apache_site_config_for object-server-${node_number})
         sudo sed -e "
@@ -504,7 +507,8 @@ EOF
 
     if is_service_enabled keystone; then
         iniuncomment ${testfile} func_test auth_version
-        local auth_vers=$(iniget ${testfile} func_test auth_version)
+        local auth_vers
+        auth_vers=$(iniget ${testfile} func_test auth_version)
         iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
         iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
         if [[ $auth_vers == "3" ]]; then
@@ -514,7 +518,8 @@ EOF
         fi
     fi
 
-    local user_group=$(id -g ${STACK_USER})
+    local user_group
+    user_group=$(id -g ${STACK_USER})
     sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}
 
     local swift_log_dir=${SWIFT_DATA_DIR}/logs
@@ -540,7 +545,8 @@ function create_swift_disk {
     # First do a bit of setup by creating the directories and
     # changing the permissions so we can run it as our user.
 
-    local user_group=$(id -g ${STACK_USER})
+    local user_group
+    user_group=$(id -g ${STACK_USER})
     sudo install -d -o ${STACK_USER} -g ${user_group} ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
 
     # Create a loopback disk and format it to XFS.
@@ -607,7 +613,8 @@ function create_swift_accounts {
 
     KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 
-    local another_role=$(get_or_create_role "anotherrole")
+    local another_role
+    another_role=$(get_or_create_role "anotherrole")
 
     # NOTE(jroll): Swift doesn't need the admin role here, however Ironic uses
     # temp urls, which break when uploaded by a non-admin role
@@ -623,33 +630,40 @@ function create_swift_accounts {
             "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
     fi
 
-    local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
+    local swift_tenant_test1
+    swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
     SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
                         "default" "test@example.com")
     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
     get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
 
-    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
+    local swift_user_test3
+    swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
                                 "default" "test3@example.com")
     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
     get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
 
-    local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
+    local swift_tenant_test2
+    swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
 
-    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
+    local swift_user_test2
+    swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
                                 "default" "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
     get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
 
-    local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
+    local swift_domain
+    swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
     die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
 
-    local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
+    local swift_tenant_test4
+    swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
     die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
 
-    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
+    local swift_user_test4
+    swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
                                 $swift_domain "test4@example.com")
     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
     get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
diff --git a/lib/tempest b/lib/tempest
index f4d0a6dab0..e7ea429847 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -372,7 +372,8 @@ function configure_tempest {
     # Compute Features
     # Run ``verify_tempest_config -ur`` to retrieve enabled extensions on API endpoints
     # NOTE(mtreinish): This must be done after auth settings are added to the tempest config
-    local tmp_cfg_file=$(mktemp)
+    local tmp_cfg_file
+    tmp_cfg_file=$(mktemp)
     cd $TEMPEST_DIR
     tox -revenv -- verify-tempest-config -uro $tmp_cfg_file
 
diff --git a/lib/tls b/lib/tls
index 8ff2027819..f4740b88be 100644
--- a/lib/tls
+++ b/lib/tls
@@ -346,7 +346,8 @@ function make_root_CA {
 # we need to change it.
 function fix_system_ca_bundle_path {
     if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
-        local capath=$(python -c $'try:\n from requests import certs\n print certs.where()\nexcept ImportError: pass')
+        local capath
+        capath=$(python -c $'try:\n from requests import certs\n print certs.where()\nexcept ImportError: pass')
 
         if [[ ! $capath == "" && ! $capath =~ ^/etc/.* && ! -L $capath ]]; then
             if is_fedora; then
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 603652a216..df7a8b4534 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -20,8 +20,10 @@ FAILED_FUNCS=""
 # pass a test, printing out MSG
 #  usage: passed message
 function passed {
-    local lineno=$(caller 0 | awk '{print $1}')
-    local function=$(caller 0 | awk '{print $2}')
+    local lineno
+    lineno=$(caller 0 | awk '{print $1}')
+    local function
+    function=$(caller 0 | awk '{print $2}')
     local msg="$1"
     if [ -z "$msg" ]; then
         msg="OK"
@@ -33,8 +35,10 @@ function passed {
 # fail a test, printing out MSG
 #  usage: failed message
 function failed {
-    local lineno=$(caller 0 | awk '{print $1}')
-    local function=$(caller 0 | awk '{print $2}')
+    local lineno
+    lineno=$(caller 0 | awk '{print $1}')
+    local function
+    function=$(caller 0 | awk '{print $2}')
     local msg="$1"
     FAILED_FUNCS+="$function:L$lineno\n"
     echo "ERROR: $function:L$lineno!"
@@ -45,8 +49,10 @@ function failed {
 # assert string comparision of val1 equal val2, printing out msg
 #  usage: assert_equal val1 val2 msg
 function assert_equal {
-    local lineno=`caller 0 | awk '{print $1}'`
-    local function=`caller 0 | awk '{print $2}'`
+    local lineno
+    lineno=`caller 0 | awk '{print $1}'`
+    local function
+    function=`caller 0 | awk '{print $2}'`
     local msg=$3
 
     if [ -z "$msg" ]; then
@@ -66,8 +72,10 @@ function assert_equal {
 # assert variable is empty/blank, printing out msg
 #  usage: assert_empty VAR msg
 function assert_empty {
-    local lineno=`caller 0 | awk '{print $1}'`
-    local function=`caller 0 | awk '{print $2}'`
+    local lineno
+    lineno=`caller 0 | awk '{print $1}'`
+    local function
+    function=`caller 0 | awk '{print $2}'`
     local msg=$2
 
     if [ -z "$msg" ]; then
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index de44abbbe5..25f713ca93 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -190,7 +190,8 @@ function add_entry {
     local user_passwd=$5
 
     # The admin user can see all user's secret AWS keys, it does not looks good
-    local line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
+    local line
+    line=$(openstack ec2 credentials list --user $user_id | grep " $project_id " || true)
     if [ -z "$line" ]; then
         openstack ec2 credentials create --user $user_id --project $project_id 1>&2
         line=`openstack ec2 credentials list --user $user_id | grep " $project_id "`
diff --git a/tools/peakmem_tracker.sh b/tools/peakmem_tracker.sh
index 0d5728a538..ecbd79a0bc 100755
--- a/tools/peakmem_tracker.sh
+++ b/tools/peakmem_tracker.sh
@@ -41,10 +41,12 @@ function get_mem_available {
 # snapshot of current usage; i.e. checking the latest entry in the
 # file will give the peak-memory usage
 function tracker {
-    local low_point=$(get_mem_available)
+    local low_point
+    low_point=$(get_mem_available)
     while [ 1 ]; do
 
-        local mem_available=$(get_mem_available)
+        local mem_available
+        mem_available=$(get_mem_available)
 
         if [[ $mem_available -lt $low_point ]]; then
             low_point=$mem_available
diff --git a/tools/xen/scripts/install-os-vpx.sh b/tools/xen/scripts/install-os-vpx.sh
index 1ebbeaf564..66f7ef4763 100755
--- a/tools/xen/scripts/install-os-vpx.sh
+++ b/tools/xen/scripts/install-os-vpx.sh
@@ -100,7 +100,8 @@ create_vif()
 {
     local v="$1"
     echo "Installing VM interface on [$BRIDGE]"
-    local out_network_uuid=$(find_network "$BRIDGE")
+    local out_network_uuid
+    out_network_uuid=$(find_network "$BRIDGE")
     xe vif-create vm-uuid="$v" network-uuid="$out_network_uuid" device="0"
 }
 
diff --git a/tools/xen/scripts/uninstall-os-vpx.sh b/tools/xen/scripts/uninstall-os-vpx.sh
index 1ed249433a..96dad7e852 100755
--- a/tools/xen/scripts/uninstall-os-vpx.sh
+++ b/tools/xen/scripts/uninstall-os-vpx.sh
@@ -35,9 +35,12 @@ xe_min()
 destroy_vdi()
 {
     local vbd_uuid="$1"
-    local type=$(xe_min vbd-list uuid=$vbd_uuid params=type)
-    local dev=$(xe_min vbd-list uuid=$vbd_uuid params=userdevice)
-    local vdi_uuid=$(xe_min vbd-list uuid=$vbd_uuid params=vdi-uuid)
+    local type
+    type=$(xe_min vbd-list uuid=$vbd_uuid params=type)
+    local dev
+    dev=$(xe_min vbd-list uuid=$vbd_uuid params=userdevice)
+    local vdi_uuid
+    vdi_uuid=$(xe_min vbd-list uuid=$vbd_uuid params=vdi-uuid)
 
     if [ "$type" == 'Disk' ] && [ "$dev" != 'xvda' ] && [ "$dev" != '0' ]; then
         xe vdi-destroy uuid=$vdi_uuid
@@ -47,7 +50,8 @@ destroy_vdi()
 uninstall()
 {
     local vm_uuid="$1"
-    local power_state=$(xe_min vm-list uuid=$vm_uuid params=power-state)
+    local power_state
+    power_state=$(xe_min vm-list uuid=$vm_uuid params=power-state)
 
     if [ "$power_state" != "halted" ]; then
         xe vm-shutdown vm=$vm_uuid force=true
diff --git a/tools/xen/test_functions.sh b/tools/xen/test_functions.sh
index 924e773c00..324e6a1a1e 100755
--- a/tools/xen/test_functions.sh
+++ b/tools/xen/test_functions.sh
@@ -165,7 +165,8 @@ EOF
 function test_get_local_sr {
     setup_xe_response "uuid123"
 
-    local RESULT=$(. mocks && get_local_sr)
+    local RESULT
+    RESULT=$(. mocks && get_local_sr)
 
     [ "$RESULT" == "uuid123" ]
 
@@ -173,7 +174,8 @@ function test_get_local_sr {
 }
 
 function test_get_local_sr_path {
-    local RESULT=$(mock_out get_local_sr "uuid1" && get_local_sr_path)
+    local RESULT
+    RESULT=$(mock_out get_local_sr "uuid1" && get_local_sr_path)
 
     [ "/var/run/sr-mount/uuid1" == "$RESULT" ]
 }

From 056a0c6bbc277937ee79361f901e4f6bd5513eec Mon Sep 17 00:00:00 2001
From: Christian Berendt 
Date: Wed, 7 Oct 2015 18:11:46 +0200
Subject: [PATCH 0966/3421] build_docs: do not handle md and conf files with
 shocco

At the moment the following md and conf files are handled with shocco.
This should not be the case.

* samples/local.conf
* lib/neutron_thirdparty/README.md
* lib/neutron_plugins/README.md

Change-Id: I11ea5ebda111e6cdab71d3cffaeb4f16443bfd3c
---
 tools/build_docs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/build_docs.sh b/tools/build_docs.sh
index fa843432b5..7dc492e2a4 100755
--- a/tools/build_docs.sh
+++ b/tools/build_docs.sh
@@ -81,7 +81,7 @@ for f in $(find . \( -name .git -o -name .tox \) -prune -o \( -type f -name \*.s
     mkdir -p $FQ_HTML_BUILD/`dirname $f`;
     $SHOCCO $f > $FQ_HTML_BUILD/$f.html
 done
-for f in $(find functions functions-common inc lib pkg samples -type f -name \*); do
+for f in $(find functions functions-common inc lib pkg samples -type f -name \* ! -name *.md ! -name *.conf); do
     echo $f
     FILES+="$f "
     mkdir -p $FQ_HTML_BUILD/`dirname $f`;

From 1de9e330de9fd509fcdbe04c4722951b3acf199c Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 7 Oct 2015 08:46:13 -0400
Subject: [PATCH 0967/3421] add big warning for extras.d usage

This adds a warning for extras.d usage. This will give us something to
keep an eye on in logstash to build up the list of projects that will
break at Mitaka-1.

This also makes the deprecated handling done through a function, which
will hopefully make it more consistent in the future.

Change-Id: Icd393bc3e7095fe58be0fd13ef74fece3aa5c5f1
---
 functions-common | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/functions-common b/functions-common
index cfe0c8d4ba..ee5c5cd03c 100644
--- a/functions-common
+++ b/functions-common
@@ -179,6 +179,12 @@ function die_if_not_set {
     $xtrace
 }
 
+function deprecated {
+    local text=$1
+    DEPRECATED_TEXT+="\n$text"
+    echo "WARNING: $text"
+}
+
 # Prints line number and "message" in error format
 # err $LINENO "message"
 function err {
@@ -1728,6 +1734,16 @@ function run_phase {
     if [[ -d $TOP_DIR/extras.d ]]; then
         for i in $TOP_DIR/extras.d/*.sh; do
             [[ -r $i ]] && source $i $mode $phase
+            # NOTE(sdague): generate a big warning about using
+            # extras.d in an unsupported way which will let us track
+            # unsupported usage in the gate.
+            local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh"
+            local extra=$(basename $i)
+            if [[ ! ( $exceptions =~ "$extra" ) ]]; then
+                deprecated "extras.d support is being removed in Mitaka-1"
+                deprecated "jobs for project $extra will break after that point"
+                deprecated "please move project to a supported devstack plugin model"
+            fi
         done
     fi
     # the source phase corresponds to settings loading in plugins

From 72ad942796adb03c96154cd1df4f97ad775e6092 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 7 Oct 2015 11:51:40 -0400
Subject: [PATCH 0968/3421] use deprecated function instead of modifying global

It's safer to run this through a common function to let us make
changes later.

Change-Id: Ic661824027577e1946726c1843a29ac8325915bf
---
 functions  | 2 +-
 lib/cinder | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions b/functions
index ff95c89ad9..3e17f2f9e9 100644
--- a/functions
+++ b/functions
@@ -341,7 +341,7 @@ function use_database {
         # No backends registered means this is likely called from ``localrc``
         # This is now deprecated usage
         DATABASE_TYPE=$1
-        DEPRECATED_TEXT="$DEPRECATED_TEXT\nThe database backend needs to be properly set in ENABLED_SERVICES; use_database is deprecated localrc\n"
+        deprecated "The database backend needs to be properly set in ENABLED_SERVICES; use_database is deprecated localrc"
     else
         # This should no longer get called...here for posterity
         use_exclusive_service DATABASE_BACKENDS DATABASE_TYPE $1
diff --git a/lib/cinder b/lib/cinder
index 10144117ec..2cda8b7841 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -93,7 +93,7 @@ if [[ -n $CINDER_SECURE_DELETE ]]; then
     if [[ $CINDER_SECURE_DELETE == "False" ]]; then
         CINDER_VOLUME_CLEAR_DEFAULT="none"
     fi
-    DEPRECATED_TEXT="$DEPRECATED_TEXT\nConfigure secure Cinder volume deletion using CINDER_VOLUME_CLEAR instead of CINDER_SECURE_DELETE.\n"
+    deprecated "Configure secure Cinder volume deletion using CINDER_VOLUME_CLEAR instead of CINDER_SECURE_DELETE."
 fi
 CINDER_VOLUME_CLEAR=${CINDER_VOLUME_CLEAR:-${CINDER_VOLUME_CLEAR_DEFAULT:-zero}}
 CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')

From a0cc2918adb4fc9f43c4f2e7f2cec9f46630636f Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 7 Oct 2015 09:06:42 -0400
Subject: [PATCH 0969/3421] fix warning in install_get_pip

we were unconditionally adding -z to the curl command even if the file
doesn't exist that we are referencing. That produces a scary warning
for users. Lets not do that.

Change-Id: Id2860c1c702510b0f8fd496abce579d0fa3ff867
---
 tools/install_pip.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 7b42c8c485..41261800e4 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -53,8 +53,15 @@ function install_get_pip {
     # since and only download if a new version is out -- but only if
     # it seems we downloaded the file originally.
     if [[ ! -r $LOCAL_PIP || -r $LOCAL_PIP.downloaded ]]; then
+        # only test freshness if LOCAL_PIP is actually there,
+        # otherwise we generate a scary warning.
+        local timecond=""
+        if [[ -r $LOCAL_PIP ]]; then
+            timecond="-z $LOCAL_PIP"
+        fi
+
         curl --retry 6 --retry-delay 5 \
-            -z $LOCAL_PIP -o $LOCAL_PIP $PIP_GET_PIP_URL || \
+            $timecond -o $LOCAL_PIP $PIP_GET_PIP_URL || \
             die $LINENO "Download of get-pip.py failed"
         touch $LOCAL_PIP.downloaded
     fi

From 33e3969081e9d3acd332f909cf405193603ec915 Mon Sep 17 00:00:00 2001
From: Dave McCowan 
Date: Wed, 7 Oct 2015 16:57:58 -0400
Subject: [PATCH 0970/3421] Add Barbican to plugin registry list

Barbican can now be installed with devstack via:

enable_plugin barbican https://git.openstack.org/openstack/barbican

Change-Id: I81af04bb6600d1e58590c39efdc2c0c91563321d
---
 doc/source/plugin-registry.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 85fd7cc065..eb09988a53 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -22,6 +22,8 @@ The following are plugins that exist for official OpenStack projects.
 +------------------+---------------------------------------------+--------------------+
 |aodh              |git://git.openstack.org/openstack/aodh       | alarming           |
 +------------------+---------------------------------------------+--------------------+
+|barbican          |git://git.openstack.org/openstack/barbican   | key management     |
++------------------+---------------------------------------------+--------------------+
 |ceilometer        |git://git.openstack.org/openstack/ceilometer | metering           |
 +------------------+---------------------------------------------+--------------------+
 |gnocchi           |git://git.openstack.org/openstack/gnocchi    | metric             |

From 7adf15df5c0812a74a1697b930003bc1dcddb127 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 23 Sep 2015 11:56:02 +1000
Subject: [PATCH 0971/3421] Add a debugging userrc after keystone is up

As a follow-on to the issues raised by
I069f46f95656655ae7ba8f3dd929f47eae594b68, rather than a re-write of
create_userrc.sh logic, create a temporary userrc that can be helpful
for debugging until we have the whole system bootstrapped

Change-Id: I3325acffd259cf7f6f4a153c88037cfe8405ca50
---
 stack.sh | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/stack.sh b/stack.sh
index 01668c208b..58a708c497 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1007,14 +1007,27 @@ if is_service_enabled keystone; then
     # Begone token auth
     unset OS_TOKEN OS_URL
 
-    # Set up password auth credentials now that Keystone is bootstrapped
-    export OS_AUTH_URL=$KEYSTONE_AUTH_URI
-    export OS_USERNAME=admin
-    export OS_USER_DOMAIN_ID=default
-    export OS_PASSWORD=$ADMIN_PASSWORD
-    export OS_PROJECT_NAME=admin
-    export OS_PROJECT_DOMAIN_ID=default
-    export OS_REGION_NAME=$REGION_NAME
+    # Rather than just export these, we write them out to a
+    # intermediate userrc file that can also be used to debug if
+    # something goes wrong between here and running
+    # tools/create_userrc.sh (this script relies on services other
+    # than keystone being available, so we can't call it right now)
+    cat > $TOP_DIR/userrc_early <
Date: Thu, 8 Oct 2015 06:40:21 +0100
Subject: [PATCH 0972/3421] XenServer: the cron job shouldn't print debug text
 into stderr

one cron job attempts to print debug text into stderr; so the file
of /root/dead.letter gets created and its size grows continuously.
It could eventually threaten dom0 disk space. Maybe there are two
solutions: one is to redirect the output to a specific log file;
and rotate log files in the script. And the other one is simply
to redirect the output /dev/null. By considering the function of
this cron job and the printed contents are straight and simple,
this patch set goes with the later solution.

Change-Id: I4875e5e3837e6f0249e314c6c5f408c79145c6c1
Closes-Bug: 1503966
---
 lib/nova_plugins/hypervisor-xenserver | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index efce383222..e097990bd3 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -79,7 +79,7 @@ function configure_nova_hypervisor {
 
     # Create a cron job that will rotate guest logs
     $ssh_dom0 crontab - << CRONTAB
-* * * * * /root/rotate_xen_guest_logs.sh
+* * * * * /root/rotate_xen_guest_logs.sh >/dev/null 2>&1
 CRONTAB
 
     # Create directories for kernels and images

From c988bf6fde5e692e768f7fbd6b70d2d5715cb85e Mon Sep 17 00:00:00 2001
From: "Swapnil (coolsvap) Kulkarni" 
Date: Thu, 8 Oct 2015 13:10:43 +0530
Subject: [PATCH 0973/3421] Updated configuration and docs for MYSQL_PASSWORD

Updated MYSQL_PASSWORD to DATABASE_PASSWORD in sample
configuration and existing docs

Change-Id: Iafb295a0b7707e08a81e6528620db8543d40f7ae
---
 doc/source/guides/multinode-lab.rst  | 4 ++--
 doc/source/guides/neutron.rst        | 2 +-
 doc/source/guides/single-machine.rst | 2 +-
 doc/source/guides/single-vm.rst      | 2 +-
 samples/local.conf                   | 2 +-
 tools/xen/README.md                  | 2 +-
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 1530a84523..5660bc5222 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -128,7 +128,7 @@ cluster controller's DevStack in ``local.conf``:
     MULTI_HOST=1
     LOGFILE=/opt/stack/logs/stack.sh.log
     ADMIN_PASSWORD=labstack
-    MYSQL_PASSWORD=supersecret
+    DATABASE_PASSWORD=supersecret
     RABBIT_PASSWORD=supersecrete
     SERVICE_PASSWORD=supersecrete
     SERVICE_TOKEN=xyzpdqlazydog
@@ -169,7 +169,7 @@ machines, create a ``local.conf`` with:
     MULTI_HOST=1
     LOGFILE=/opt/stack/logs/stack.sh.log
     ADMIN_PASSWORD=labstack
-    MYSQL_PASSWORD=supersecret
+    DATABASE_PASSWORD=supersecret
     RABBIT_PASSWORD=supersecrete
     SERVICE_PASSWORD=supersecrete
     SERVICE_TOKEN=xyzpdqlazydog
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 424844547c..9d4f54a05e 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -52,7 +52,7 @@ DevStack Configuration
         RABBIT_HOST=172.18.161.6
         GLANCE_HOSTPORT=172.18.161.6:9292
         ADMIN_PASSWORD=secrete
-        MYSQL_PASSWORD=secrete
+        DATABASE_PASSWORD=secrete
         RABBIT_PASSWORD=secrete
         SERVICE_PASSWORD=secrete
         SERVICE_TOKEN=secrete
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 236ece9c01..a01c368213 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -105,7 +105,7 @@ do the following:
     FIXED_NETWORK_SIZE=256
     FLAT_INTERFACE=eth0
     ADMIN_PASSWORD=supersecret
-    MYSQL_PASSWORD=iheartdatabases
+    DATABASE_PASSWORD=iheartdatabases
     RABBIT_PASSWORD=flopsymopsy
     SERVICE_PASSWORD=iheartksl
     SERVICE_TOKEN=xyzpdqlazydog
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index 515cd505c3..53c3fa973f 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -64,7 +64,7 @@ passed as the user-data file when booting the VM.
             cd devstack
             echo '[[local|localrc]]' > local.conf
             echo ADMIN_PASSWORD=password >> local.conf
-            echo MYSQL_PASSWORD=password >> local.conf
+            echo DATABASE_PASSWORD=password >> local.conf
             echo RABBIT_PASSWORD=password >> local.conf
             echo SERVICE_PASSWORD=password >> local.conf
             echo SERVICE_TOKEN=tokentoken >> local.conf
diff --git a/samples/local.conf b/samples/local.conf
index ce7007391d..cb293b6c15 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -28,7 +28,7 @@
 # and they will be added to ``local.conf``.
 SERVICE_TOKEN=azertytoken
 ADMIN_PASSWORD=nomoresecrete
-MYSQL_PASSWORD=stackdb
+DATABASE_PASSWORD=stackdb
 RABBIT_PASSWORD=stackqueue
 SERVICE_PASSWORD=$ADMIN_PASSWORD
 
diff --git a/tools/xen/README.md b/tools/xen/README.md
index 6212cc54d7..a1adf590a6 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -77,7 +77,7 @@ Of course, use real passwords if this machine is exposed.
     # NOTE: these need to be specified, otherwise devstack will try
     # to prompt for these passwords, blocking the install process.
 
-    MYSQL_PASSWORD=my_super_secret
+    DATABASE_PASSWORD=my_super_secret
     SERVICE_TOKEN=my_super_secret
     ADMIN_PASSWORD=my_super_secret
     SERVICE_PASSWORD=my_super_secret

From 9e11e098c3346efd7cf70283df7c725e5a3e86c6 Mon Sep 17 00:00:00 2001
From: Einst Crazy 
Date: Tue, 29 Sep 2015 20:01:44 +0800
Subject: [PATCH 0974/3421] Move $DEST creation after logging setup

Setup the log output before calling functions like
check_path_perm_sanity that want to write out to
the error log.

Change-Id: I9815965257c399a48f8cf0f344814d954137aecb
Closes-Bug: #1500834
---
 stack.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/stack.sh b/stack.sh
index 01668c208b..061289053b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -306,9 +306,6 @@ sudo mkdir -p $DEST
 safe_chown -R $STACK_USER $DEST
 safe_chmod 0755 $DEST
 
-# Basic test for ``$DEST`` path permissions (fatal on error unless skipped)
-check_path_perm_sanity ${DEST}
-
 # Destination path for service data
 DATA_DIR=${DATA_DIR:-${DEST}/data}
 sudo mkdir -p $DATA_DIR
@@ -443,6 +440,8 @@ if [[ -n "$SCREEN_LOGDIR" ]]; then
     fi
 fi
 
+# Basic test for ``$DEST`` path permissions (fatal on error unless skipped)
+check_path_perm_sanity ${DEST}
 
 # Configure Error Traps
 # ---------------------

From 0280f6f6c83b45b06220050e0a9353dfe364ef18 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 7 Oct 2015 09:19:53 -0400
Subject: [PATCH 0975/3421] remove corrupt get-pip.py

If get-pip servers fall over and return 503 for a few hours (which
they do medium regularly) we'll cache crud html, and everything will
suck. We know this script should be python, so if it isn't, delete it.

Change-Id: Ia9f6f7c7217939bc1ab5745f4a9d568acfbf04c8
---
 tools/install_pip.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 41261800e4..dd4e4339cb 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -42,6 +42,15 @@ function get_versions {
 
 
 function install_get_pip {
+    # If get-pip.py isn't python, delete it. This was probably an
+    # outage on the server.
+    if [[ -r $LOCAL_PIP ]]; then
+        if ! head -1 $LOCAL_PIP | grep -q '#!/usr/bin/env python'; then
+            echo "WARNING: Corrupt $LOCAL_PIP found removing"
+            rm $LOCAL_PIP
+        fi
+    fi
+
     # The OpenStack gate and others put a cached version of get-pip.py
     # for this to find, explicitly to avoid download issues.
     #

From 3d6eaae21c0b11361b4d83a47e3e345682641e57 Mon Sep 17 00:00:00 2001
From: gong yong sheng 
Date: Tue, 15 Sep 2015 15:00:29 +0800
Subject: [PATCH 0976/3421] don't install root filters when Q_USE_ROOTWRAP is
 false

Change-Id: I2f6edfcfb3789310fbeea8a509e0d9a13428becc
Closes-bug: #1495822
---
 lib/neutron-legacy | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e67bd4ae32..350706c9b7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1165,6 +1165,9 @@ function _neutron_service_plugin_class_add {
 
 # _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
 function _neutron_deploy_rootwrap_filters {
+    if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
+        return
+    fi
     local srcdir=$1
     sudo install -d -o root -m 755 $Q_CONF_ROOTWRAP_D
     sudo install -o root -m 644 $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/

From fa41b5b47ebbf6f2d973bdde235cb58694a2103f Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 8 Oct 2015 06:05:20 -0400
Subject: [PATCH 0977/3421] make curl fail on pypi errors

This will make curl fail on pypi errors, and should prevent corrupt
images from pypi going offline for a few hours randomly, which it does
from time to time.

Closes-Bug: #1503909

Change-Id: Ib4a740b7d1772e1e36aa701e42d3ac0f0ee12883
---
 tools/install_pip.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index dd4e4339cb..13c1786fb9 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -69,7 +69,7 @@ function install_get_pip {
             timecond="-z $LOCAL_PIP"
         fi
 
-        curl --retry 6 --retry-delay 5 \
+        curl -f --retry 6 --retry-delay 5 \
             $timecond -o $LOCAL_PIP $PIP_GET_PIP_URL || \
             die $LINENO "Download of get-pip.py failed"
         touch $LOCAL_PIP.downloaded

From 56037e9a6e0286640fce1f812f3a9d10c3f8535b Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 8 Oct 2015 12:27:07 -0400
Subject: [PATCH 0978/3421] provide devstack lockout with .no-devstack file.

This lets you specify that devstack should not be run by the user on
the box that you are on. Helps with running commands in the wrong
window.

Change-Id: I7aa26df1a2e02331d596bbfefb0697937787252f
---
 stack.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/stack.sh b/stack.sh
index 01668c208b..1abae9c1fd 100755
--- a/stack.sh
+++ b/stack.sh
@@ -93,6 +93,15 @@ if [[ $EUID -eq 0 ]]; then
     exit 1
 fi
 
+# Provide a safety switch for devstack. If you do a lot of devstack,
+# on a lot of different environments, you sometimes run it on the
+# wrong box. This makes there be a way to prevent that.
+if [[ -e $HOME/.no-devstack ]]; then
+    echo "You've marked this host as a no-devstack host, to save yourself from"
+    echo "running devstack accidentally. If this is in error, please remove the"
+    echo "~/.no-devstack file"
+    exit 1
+fi
 
 # Prepare the environment
 # -----------------------

From e82bac04981c8e41a919907d16621c9c952d9224 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 25 Aug 2015 14:29:08 +1000
Subject: [PATCH 0979/3421] Detect blank variable in trueorfalse

As a follow-on to I8cefb58f49dcd2cb2def8a5071d0892af520e7f7, put in
some detection around missing variable-to-test arguments in
trueorfalse.

Correct a couple of places where we were passing in blank strings,
resulting in the default always being applied.

Add test-cases and enhance the documentation a little.

Depends-On: I8cefb58f49dcd2cb2def8a5071d0892af520e7f7
Change-Id: Icc0eb3808a2b6583828d8c47f0af4181e7e2c75a
---
 functions-common        | 19 +++++++++++++++----
 lib/heat                |  4 ++--
 tests/test_truefalse.sh |  8 ++++++++
 tools/fixup_stuff.sh    |  2 +-
 4 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/functions-common b/functions-common
index f9e0b5adaa..d506b846bd 100644
--- a/functions-common
+++ b/functions-common
@@ -106,16 +106,27 @@ function write_clouds_yaml {
         --os-project-name admin
 }
 
-# Normalize config values to True or False
-# Accepts as False: 0 no No NO false False FALSE
-# Accepts as True: 1 yes Yes YES true True TRUE
-# VAR=$(trueorfalse default-value test-value)
+# trueorfalse  
+#
+# Normalize config-value provided in variable VAR to either "True" or
+# "False".  If VAR is unset (i.e. $VAR evaluates as empty), the value
+# of the second argument will be used as the default value.
+#
+#  Accepts as False: 0 no  No  NO  false False FALSE
+#  Accepts as True:  1 yes Yes YES true  True  TRUE
+#
+# usage:
+#  VAL=$(trueorfalse False VAL)
 function trueorfalse {
     local xtrace
     xtrace=$(set +o | grep xtrace)
     set +o xtrace
 
     local default=$1
+
+    if [ -z $2 ]; then
+        die $LINENO "variable to normalize required"
+    fi
     local testval=${!2:-}
 
     case "$testval" in
diff --git a/lib/heat b/lib/heat
index 3e6975ae26..c22369f56c 100644
--- a/lib/heat
+++ b/lib/heat
@@ -59,10 +59,10 @@ HEAT_BIN_DIR=$(get_python_exec_prefix)
 # other default options
 if [[ "$HEAT_STANDALONE" = "True" ]]; then
     # for standalone, use defaults which require no service user
-    HEAT_STACK_DOMAIN=`trueorfalse False $HEAT_STACK_DOMAIN`
+    HEAT_STACK_DOMAIN=$(trueorfalse False HEAT_STACK_DOMAIN)
     HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
 else
-    HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
+    HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
     HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
 fi
 
diff --git a/tests/test_truefalse.sh b/tests/test_truefalse.sh
index 2689589dc9..03996ceab4 100755
--- a/tests/test_truefalse.sh
+++ b/tests/test_truefalse.sh
@@ -8,6 +8,14 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
 source $TOP/functions
 source $TOP/tests/unittest.sh
 
+# common mistake is to use $FOO instead of "FOO"; in that case we
+# should die
+bash -c "source $TOP/functions-common; VAR=\$(trueorfalse False \$FOO)" &> /dev/null
+assert_equal 1 $? "missing test-value"
+
+VAL=$(trueorfalse False MISSING_VARIABLE)
+assert_equal "False" $VAL "blank test-value"
+
 function test_trueorfalse {
     local one=1
     local captrue=True
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index a601cf2f67..6ef32c8894 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -108,7 +108,7 @@ if is_fedora; then
         sudo setenforce 0
     fi
 
-    FORCE_FIREWALLD=$(trueorfalse False $FORCE_FIREWALLD)
+    FORCE_FIREWALLD=$(trueorfalse False FORCE_FIREWALLD)
     if [[ $FORCE_FIREWALLD == "False" ]]; then
         # On Fedora 20 firewalld interacts badly with libvirt and
         # slows things down significantly (this issue was fixed in

From 022c6672ce0e49273e21ece35186d8291f905ca2 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 22 Jun 2015 15:26:26 +0000
Subject: [PATCH 0980/3421] Revert "Install g-r version of OSC in
 configure_tempest"

This reverts commit 1fa82aab6634bf815d162978e33b211e1fdef343.

Change-Id: I931756e6d534839a6c9fb3cc6f5dc32c9a1e6436
---
 lib/tempest | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 6eeab4e231..498a0c7338 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -119,10 +119,6 @@ function configure_tempest {
         pip_install_gr testrepository
     fi
 
-    # Used during configuration so make sure we have the correct
-    # version installed
-    pip_install_gr python-openstackclient
-
     local image_lines
     local images
     local num_images

From d8aa10e583efbd6574abad03f41674178fa89925 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 9 Oct 2015 12:21:30 -0400
Subject: [PATCH 0981/3421] docs: Move tip about Extension Drivers into misc
 section

Change-Id: Ifd458495992a0fd1b7437c315b4fe45906830cb1
---
 doc/source/guides/neutron.rst | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 9d4f54a05e..cf48e22fa2 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -164,11 +164,6 @@ In this configuration we are defining FLOATING_RANGE to be a
 subnet that exists in the private RFC1918 address space - however in
 in a real setup FLOATING_RANGE would be a public IP address range.
 
-Note that extension drivers for the ML2 plugin is set by
-`Q_ML2_PLUGIN_EXT_DRIVERS`, and it includes 'port_security' by default. If you
-want to remove all the extension drivers (even 'port_security'), set
-`Q_ML2_PLUGIN_EXT_DRIVERS` to blank.
-
 Neutron Networking with Open vSwitch and Provider Networks
 ==========================================================
 
@@ -304,5 +299,11 @@ disable ufw if it was enabled, do the following:
         sudo service iptables save
         sudo ufw disable
 
+Configuring Extension Drivers for the ML2 Plugin
+------------------------------------------------
 
+Extension drivers for the ML2 plugin are set with the variable
+`Q_ML2_PLUGIN_EXT_DRIVERS`, and includes the 'port_security' extension
+by default. If you want to remove all the extension drivers (even
+'port_security'), set `Q_ML2_PLUGIN_EXT_DRIVERS` to blank.
 

From c6d470142e0a0359a7322e9b76d61ba15caf95bc Mon Sep 17 00:00:00 2001
From: Chris Dent 
Date: Fri, 9 Oct 2015 14:57:05 +0000
Subject: [PATCH 0982/3421] Perform additional disable_service checks

With the advent of plugins and their settings files it has become
possible to disable_service in local.conf only to have the service
re-enabled in a plugin settings file. This happens because of
processing order.

To get around this the disable_service function now aggregates
service names into a DISABLED_SERVICES variable which is then checked
during enable_service. If something tries to enable something that
was previously disabled, a warning is produced in the log and the
service is not enabled.

Then after all configuration has been sourced a final check is to
done by verify_disabled_services to confirm that something has not
manually adjusted ENABLED_SERVICES to overcome a previously called
disable_service. If something has, the stack dies with an error.

Change-Id: I0f9403f44ed2fe693a46cd02486bd94043ce6b1a
Closes-Bug: #1504304
---
 functions-common | 34 ++++++++++++++++++++++++++--------
 stack.sh         |  1 +
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/functions-common b/functions-common
index f9e0b5adaa..08e5e7fb35 100644
--- a/functions-common
+++ b/functions-common
@@ -1729,6 +1729,7 @@ function run_phase {
     # the source phase corresponds to settings loading in plugins
     if [[ "$mode" == "source" ]]; then
         load_plugin_settings
+        verify_disabled_services
     elif [[ "$mode" == "override_defaults" ]]; then
         plugin_override_defaults
     else
@@ -1784,25 +1785,26 @@ function disable_negated_services {
     ENABLED_SERVICES=$(remove_disabled_services "$remaining" "$to_remove")
 }
 
-# disable_service() removes the services passed as argument to the
-# ``ENABLED_SERVICES`` list, if they are present.
+# disable_service() prepares the services passed as argument to be
+# removed from the ``ENABLED_SERVICES`` list, if they are present.
 #
 # For example:
 #   disable_service rabbit
 #
-# This function does not know about the special cases
-# for nova, glance, and neutron built into is_service_enabled().
-# Uses global ``ENABLED_SERVICES``
+# Uses global ``DISABLED_SERVICES``
 # disable_service service [service ...]
 function disable_service {
-    local tmpsvcs=",${ENABLED_SERVICES},"
+    local disabled_svcs="${DISABLED_SERVICES}"
+    local enabled_svcs=",${ENABLED_SERVICES},"
     local service
     for service in $@; do
+        disabled_svcs+=",$service"
         if is_service_enabled $service; then
-            tmpsvcs=${tmpsvcs//,$service,/,}
+            enabled_svcs=${enabled_svcs//,$service,/,}
         fi
     done
-    ENABLED_SERVICES=$(_cleanup_service_list "$tmpsvcs")
+    DISABLED_SERVICES=$(_cleanup_service_list "$disabled_svcs")
+    ENABLED_SERVICES=$(_cleanup_service_list "$enabled_svcs")
 }
 
 # enable_service() adds the services passed as argument to the
@@ -1819,6 +1821,10 @@ function enable_service {
     local tmpsvcs="${ENABLED_SERVICES}"
     local service
     for service in $@; do
+        if [[ ,${DISABLED_SERVICES}, =~ ,${service}, ]]; then
+            warn $LINENO "Attempt to enable_service ${service} when it has been disabled"
+            continue
+        fi
         if ! is_service_enabled $service; then
             tmpsvcs+=",$service"
         fi
@@ -1923,6 +1929,18 @@ function use_exclusive_service {
     return 0
 }
 
+# Make sure that nothing has manipulated ENABLED_SERVICES in a way
+# that conflicts with prior calls to disable_service.
+# Uses global ``ENABLED_SERVICES``
+function verify_disabled_services {
+    local service
+    for service in ${ENABLED_SERVICES//,/ }; do
+        if [[ ,${DISABLED_SERVICES}, =~ ,${service}, ]]; then
+            die $LINENO "ENABLED_SERVICES directly modified to overcome 'disable_service ${service}'"
+        fi
+    done
+}
+
 
 # System Functions
 # ================
diff --git a/stack.sh b/stack.sh
index db0ff98429..b65c55803c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -553,6 +553,7 @@ source $TOP_DIR/lib/dstat
 # Phase: source
 run_phase source
 
+
 # Interactive Configuration
 # -------------------------
 

From 4696db94a9b3b749cac61608daffdd883e057479 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 9 Oct 2015 12:31:57 -0400
Subject: [PATCH 0983/3421] docs: Add network diagram for provider net section

Change-Id: Id39aaab5a7eadfa3fc09ba3d30c48b452d685904
---
 doc/source/guides/neutron.rst | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 9d4f54a05e..99b7811e9c 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -183,6 +183,34 @@ given a VLAN tag and IP address range, so that instances created via
 DevStack will use the external router for L3 connectivity, as opposed
 to the neutron L3 service.
 
+Physical Network Setup
+----------------------
+
+.. nwdiag::
+
+        nwdiag {
+                inet [ shape = cloud ];
+                router;
+                inet -- router;
+
+                network provider_net {
+                        address = "203.0.113.0/24"
+                        router [ address = "203.0.113.1" ];
+                        controller;
+                        compute1;
+                        compute2;
+                }
+
+                network control_plane {
+                        router [ address = "10.0.0.1" ]
+                        address = "10.0.0.0/24"
+                        controller [ address = "10.0.0.2" ]
+                        compute1 [ address = "10.0.0.3" ]
+                        compute2 [ address = "10.0.0.4" ]
+                }
+        }
+
+
 
 Service Configuration
 ---------------------

From 611cab4b48f14227c636f34cec155dbd99a1d7f2 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Fri, 9 Oct 2015 12:54:32 -0400
Subject: [PATCH 0984/3421] docs: Add IPs to provider net node configurations

Also remove variable definitions from compute node localrc that is only
applicable on the control node.

Change-Id: I37b00611ff08d8973f21af7db340d287b1deb4af
---
 doc/source/guides/neutron.rst | 36 ++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 99b7811e9c..67be067b38 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -236,8 +236,21 @@ controller node.
 
 ::
 
+        HOST_IP=10.0.0.2
+        SERVICE_HOST=10.0.0.2
+        MYSQL_HOST=10.0.0.2
+        SERVICE_HOST=10.0.0.2
+        MYSQL_HOST=10.0.0.2
+        RABBIT_HOST=10.0.0.2
+        GLANCE_HOSTPORT=10.0.0.2:9292
         PUBLIC_INTERFACE=eth1
 
+        ADMIN_PASSWORD=secrete
+        MYSQL_PASSWORD=secrete
+        RABBIT_PASSWORD=secrete
+        SERVICE_PASSWORD=secrete
+        SERVICE_TOKEN=secrete
+
         ## Neutron options
         Q_USE_SECGROUP=True
         ENABLE_TENANT_VLANS=True
@@ -269,24 +282,37 @@ would be a public IP address range that you or your organization has
 allocated to you, so that you could access your instances from the
 public internet.
 
-The following is a snippet of the DevStack configuration on the
-compute node.
+The following is the DevStack configuration on 
+compute node 1.
 
 ::
 
+        HOST_IP=10.0.0.3
+        SERVICE_HOST=10.0.0.2
+        MYSQL_HOST=10.0.0.2
+        SERVICE_HOST=10.0.0.2
+        MYSQL_HOST=10.0.0.2
+        RABBIT_HOST=10.0.0.2
+        GLANCE_HOSTPORT=10.0.0.2:9292
+        ADMIN_PASSWORD=secrete
+        MYSQL_PASSWORD=secrete
+        RABBIT_PASSWORD=secrete
+        SERVICE_PASSWORD=secrete
+        SERVICE_TOKEN=secrete
+
         # Services that a compute node runs
         ENABLED_SERVICES=n-cpu,rabbit,q-agt
 
         ## Neutron options
-        Q_USE_SECGROUP=True
-        ENABLE_TENANT_VLANS=True
-        TENANT_VLAN_RANGE=3001:4000
         PHYSICAL_NETWORK=default
         OVS_PHYSICAL_BRIDGE=br-ex
         PUBLIC_INTERFACE=eth1
         Q_USE_PROVIDER_NETWORKING=True
         Q_L3_ENABLED=False
 
+Compute node 2's configuration will be exactly the same, except
+`HOST_IP` will be `10.0.0.4`
+
 When DevStack is configured to use provider networking (via
 `Q_USE_PROVIDER_NETWORKING` is True and `Q_L3_ENABLED` is False) -
 DevStack will automatically add the network interface defined in

From 64be3210e6bae709ee88736f2b7554db6e82f28e Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur 
Date: Mon, 12 Oct 2015 13:10:24 +0200
Subject: [PATCH 0985/3421] Don't assume that $i variable won't be overriden in
 extras.d plugins

This causes an incorrect warning about ironic jobs putting an unexpected
file in extras.d.

Change-Id: I57acf91fba3fe13b3cc8dd739034e146a0b237c4
---
 functions-common | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/functions-common b/functions-common
index 08e5e7fb35..3e5b3c23a1 100644
--- a/functions-common
+++ b/functions-common
@@ -1712,13 +1712,14 @@ function run_phase {
     local mode=$1
     local phase=$2
     if [[ -d $TOP_DIR/extras.d ]]; then
-        for i in $TOP_DIR/extras.d/*.sh; do
-            [[ -r $i ]] && source $i $mode $phase
+        local extra_plugin_file_name
+        for extra_plugin_file_name in $TOP_DIR/extras.d/*.sh; do
+            [[ -r $extra_plugin_file_name ]] && source $extra_plugin_file_name $mode $phase
             # NOTE(sdague): generate a big warning about using
             # extras.d in an unsupported way which will let us track
             # unsupported usage in the gate.
             local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh"
-            local extra=$(basename $i)
+            local extra=$(basename $extra_plugin_file_name)
             if [[ ! ( $exceptions =~ "$extra" ) ]]; then
                 deprecated "extras.d support is being removed in Mitaka-1"
                 deprecated "jobs for project $extra will break after that point"

From 95d4226c4ce4e3ddd0d159572790d04c17bea831 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 12 Oct 2015 07:34:41 -0400
Subject: [PATCH 0986/3421] make i local

This prevents bleed out of the i variable to other functions that
might call this inside their own iteration loop.

Change-Id: I42d0c287a6f4bb24ae3871de9abb7e0de98a8462
---
 lib/ironic | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ironic b/lib/ironic
index 40475e0a83..6ec7e8092b 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -559,6 +559,7 @@ function wait_for_nova_resources {
     # timing out.
     local resource=$1
     local expected_count=$2
+    local i
     echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $resource >= $expected_count"
     for i in $(seq 1 120); do
         if [ $(nova hypervisor-stats | grep " $resource " | get_field 2) -ge $expected_count ]; then

From 887f182fa146b20011f9127e5653df8b42fa4897 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 12 Oct 2015 10:36:34 -0400
Subject: [PATCH 0987/3421] docs: merge multiple interface sections with
 provider network section

In this guide, multiple interfaces in DevStack is only used when doing
provider networking, so let's go ahead and just put the information
inside the provider network section. That way it won't be confusing.

Change-Id: I66f58ffb936230e72ac4cf8c04668e25dac5b17a
---
 doc/source/guides/neutron.rst | 134 +++++++++++-----------------------
 1 file changed, 42 insertions(+), 92 deletions(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index e99a143592..5891f68033 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -72,98 +72,6 @@ DevStack Configuration
 
 
 
-
-
-Using Neutron with Multiple Interfaces
-======================================
-
-The first interface, eth0 is used for the OpenStack management (API,
-message bus, etc) as well as for ssh for an administrator to access
-the machine.
-
-::
-
-        stack@compute:~$ ifconfig eth0
-        eth0      Link encap:Ethernet  HWaddr bc:16:65:20:af:fc
-                  inet addr:192.168.1.18
-
-eth1 is manually configured at boot to not have an IP address.
-Consult your operating system documentation for the appropriate
-technique. For Ubuntu, the contents of `/etc/network/interfaces`
-contains:
-
-::
-
-        auto eth1
-        iface eth1 inet manual
-                up ifconfig $IFACE 0.0.0.0 up
-                down ifconfig $IFACE 0.0.0.0 down
-
-The second physical interface, eth1 is added to a bridge (in this case
-named br-ex), which is used to forward network traffic from guest VMs.
-Network traffic from eth1 on the compute nodes is then NAT'd by the
-controller node that runs Neutron's `neutron-l3-agent` and provides L3
-connectivity.
-
-::
-
-        stack@compute:~$ sudo ovs-vsctl add-br br-ex
-        stack@compute:~$ sudo ovs-vsctl add-port br-ex eth1
-        stack@compute:~$ sudo ovs-vsctl show
-        9a25c837-32ab-45f6-b9f2-1dd888abcf0f
-            Bridge br-ex
-                Port br-ex
-                    Interface br-ex
-                        type: internal
-                Port phy-br-ex
-                    Interface phy-br-ex
-                        type: patch
-                        options: {peer=int-br-ex}
-                Port "eth1"
-                    Interface "eth1"
-
-
-
-
-
-Neutron Networking with Open vSwitch
-====================================
-
-Configuring neutron, OpenStack Networking in DevStack is very similar to
-configuring `nova-network` - many of the same configuration variables
-(like `FIXED_RANGE` and `FLOATING_RANGE`) used by `nova-network` are
-used by neutron, which is intentional.
-
-The only difference is the disabling of `nova-network` in your
-local.conf, and the enabling of the neutron components.
-
-
-Configuration
--------------
-
-::
-
-        FIXED_RANGE=10.0.0.0/24
-        FLOATING_RANGE=192.168.27.0/24
-        PUBLIC_NETWORK_GATEWAY=192.168.27.2
-
-        disable_service n-net
-        enable_service q-svc
-        enable_service q-agt
-        enable_service q-dhcp
-        enable_service q-meta
-        enable_service q-l3
-
-        Q_USE_SECGROUP=True
-        ENABLE_TENANT_VLANS=True
-        TENANT_VLAN_RANGE=1000:1999
-        PHYSICAL_NETWORK=default
-        OVS_PHYSICAL_BRIDGE=br-ex
-
-In this configuration we are defining FLOATING_RANGE to be a
-subnet that exists in the private RFC1918 address space - however in
-in a real setup FLOATING_RANGE would be a public IP address range.
-
 Neutron Networking with Open vSwitch and Provider Networks
 ==========================================================
 
@@ -206,6 +114,48 @@ Physical Network Setup
         }
 
 
+On a compute node, the first interface, eth0 is used for the OpenStack
+management (API, message bus, etc) as well as for ssh for an
+administrator to access the machine.
+
+::
+
+        stack@compute:~$ ifconfig eth0
+        eth0      Link encap:Ethernet  HWaddr bc:16:65:20:af:fc
+                  inet addr:10.0.0.3
+
+eth1 is manually configured at boot to not have an IP address.
+Consult your operating system documentation for the appropriate
+technique. For Ubuntu, the contents of `/etc/network/interfaces`
+contains:
+
+::
+
+        auto eth1
+        iface eth1 inet manual
+                up ifconfig $IFACE 0.0.0.0 up
+                down ifconfig $IFACE 0.0.0.0 down
+
+The second physical interface, eth1 is added to a bridge (in this case
+named br-ex), which is used to forward network traffic from guest VMs.
+
+::
+
+        stack@compute:~$ sudo ovs-vsctl add-br br-ex
+        stack@compute:~$ sudo ovs-vsctl add-port br-ex eth1
+        stack@compute:~$ sudo ovs-vsctl show
+        9a25c837-32ab-45f6-b9f2-1dd888abcf0f
+            Bridge br-ex
+                Port br-ex
+                    Interface br-ex
+                        type: internal
+                Port phy-br-ex
+                    Interface phy-br-ex
+                        type: patch
+                        options: {peer=int-br-ex}
+                Port "eth1"
+                    Interface "eth1"
+
 
 Service Configuration
 ---------------------

From 95c33d532f5d69516c0fbe123595f00f00792995 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 7 Oct 2015 11:05:59 -0400
Subject: [PATCH 0988/3421] add timing infrastructure to devstack

this adds a timing infrastructure to devstack to account for time
taken up by set of operations. The first instance of this is
accounting the time taken up by doing apt_get calls.

Change-Id: I855ffe9c7a75e9943106af0f70cf715c34ae25c5
---
 functions-common | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
 stack.sh         |  2 ++
 2 files changed, 72 insertions(+)

diff --git a/functions-common b/functions-common
index 3e5b3c23a1..6b9a861bdf 100644
--- a/functions-common
+++ b/functions-common
@@ -976,12 +976,18 @@ function apt_get {
     local sudo="sudo"
     [[ "$(id -u)" = "0" ]] && sudo="env"
 
+    # time all the apt operations
+    time_start "apt-get"
+
     $xtrace
 
     $sudo DEBIAN_FRONTEND=noninteractive \
         http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
         no_proxy=${no_proxy:-} \
         apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@"
+
+    # stop the clock
+    time_stop "apt-get"
 }
 
 function _parse_package_files {
@@ -2115,6 +2121,70 @@ function test_with_retry {
     fi
 }
 
+# Timing infrastructure - figure out where large blocks of time are
+# used in DevStack
+#
+# The timing infrastructure for DevStack is about collecting buckets
+# of time that are spend in some subtask. For instance, that might be
+# 'apt', 'pip', 'osc', even database migrations. We do this by a pair
+# of functions: time_start / time_stop.
+#
+# These take a single parameter: $name - which specifies the name of
+# the bucket to be accounted against. time_totals function spits out
+# the results.
+#
+# Resolution is only in whole seconds, so should be used for long
+# running activities.
+
+declare -A TOTAL_TIME
+declare -A START_TIME
+
+# time_start $name
+#
+# starts the clock for a timer by name. Errors if that clock is
+# already started.
+function time_start {
+    local name=$1
+    local start_time=${START_TIME[$name]}
+    if [[ -n "$start_time" ]]; then
+        die $LINENO "Trying to start the clock on $name, but it's already been started"
+    fi
+    START_TIME[$name]=$(date +%s)
+}
+
+# time_stop $name
+#
+# stops the clock for a timer by name, and accumulate that time in the
+# global counter for that name. Errors if that clock had not
+# previously been started.
+function time_stop {
+    local name=$1
+    local start_time=${START_TIME[$name]}
+    if [[ -z "$start_time" ]]; then
+        die $LINENO "Trying to stop the clock on $name, but it was never started"
+    fi
+    local end_time=$(date +%s)
+    local elapsed_time=$(($end_time - $start_time))
+    local total=${TOTAL_TIME[$name]:-0}
+    # reset the clock so we can start it in the future
+    START_TIME[$name]=""
+    TOTAL_TIME[$name]=$(($total + $elapsed_time))
+}
+
+# time_totals
+#
+# prints out total time
+function time_totals {
+    echo
+    echo "========================"
+    echo "DevStack Components Timed"
+    echo "========================"
+    echo
+    for t in ${!TOTAL_TIME[*]}; do
+        local v=${TOTAL_TIME[$t]}
+        echo "$t - $v secs"
+    done
+}
 
 # Restore xtrace
 $XTRACE
diff --git a/stack.sh b/stack.sh
index b65c55803c..1976dff274 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1366,6 +1366,8 @@ else
     exec 1>&3
 fi
 
+# Dump out the time totals
+time_totals
 
 # Using the cloud
 # ===============

From cb658fab15dbf8074038bc76fc54ec4afccf5716 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 8 Oct 2015 17:12:03 -0400
Subject: [PATCH 0989/3421] add pip install timing

Change-Id: I368fec44858bd97fc6a314fb20eed2b10932cbb1
---
 inc/python | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/python b/inc/python
index fe7bba6992..7d026c5933 100644
--- a/inc/python
+++ b/inc/python
@@ -80,6 +80,8 @@ function pip_install {
         return
     fi
 
+    time_start "pip_install"
+
     PIP_UPGRADE=$(trueorfalse False PIP_UPGRADE)
     if [[ "$PIP_UPGRADE" = "True" ]] ; then
         upgrade="--upgrade"
@@ -137,6 +139,8 @@ function pip_install {
             $cmd_pip $upgrade \
             -r $test_req
     fi
+
+    time_stop "pip_install"
 }
 
 # get version of a package from global requirements file

From 1d662e86bbafebbdef01307b20a7f8a21d1f8e03 Mon Sep 17 00:00:00 2001
From: Tong Li 
Date: Tue, 22 Sep 2015 11:16:11 -0400
Subject: [PATCH 0990/3421] HOST_IP should not be used in moving address to
 route

In neutron-legacy function _move_neutron_addresses_route, there are
few lines trying to figure out the bridge IP by assuming that the
bridge IP will be always same as the HOST_IP, this is not always true.
When the nic bears the HOST_IP and the nic which will be used as the
public network are different nics, the code in that method fails.
Eventually the function fails with network unreachable error.

This patch set fixes the problem, so that when HOST_IP and the IP for
the bridge are different, devstack will still be setup correctly.

Change-Id: I4d67f61c2ffd93f1e8ea2f8fe3b551044fab294e
Closes-bug: #1498538
---
 lib/neutron-legacy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 350706c9b7..f1e5998ab7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -810,11 +810,11 @@ function _move_neutron_addresses_route {
         local ADD_OVS_PORT=""
 
         if [[ $af == "inet" ]]; then
-            IP_BRD=$(ip -f $af a s dev $from_intf | grep $HOST_IP | awk '{ print $2, $3, $4; exit }')
+            IP_BRD=$(ip -f $af a s dev $from_intf | grep inet | awk '{ print $2, $3, $4; exit }')
         fi
 
         if [[ $af == "inet6" ]]; then
-            IP_BRD=$(ip -f $af a s dev $from_intf | grep $HOST_IPV6 | awk '{ print $2, $3, $4; exit }')
+            IP_BRD=$(ip -f $af a s dev $from_intf | grep inet6 | awk '{ print $2, $3, $4; exit }')
         fi
 
         if [ "$DEFAULT_ROUTE_GW" != "" ]; then

From 085855479f5a56e9ce21fdb83e2691c8aad56aa0 Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Mon, 12 Oct 2015 11:36:51 -0400
Subject: [PATCH 0991/3421] Added processing /ec2 URL

With config option NOVA_USE_MOD_WSGI=True nova-ec2-api handles
requests on /ec2 URL.

Change-Id: I0c2e99bf8b5e5cf53cd176685b206038a4b0f78b
---
 files/apache-nova-ec2-api.template |  9 +++++++++
 lib/nova                           | 13 +++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template
index 235d958d1a..6443567740 100644
--- a/files/apache-nova-ec2-api.template
+++ b/files/apache-nova-ec2-api.template
@@ -14,3 +14,12 @@ Listen %PUBLICPORT%
     %SSLCERTFILE%
     %SSLKEYFILE%
 
+
+Alias /ec2 %PUBLICWSGI%
+
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup nova-ec2-api
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+
diff --git a/lib/nova b/lib/nova
index 9830276232..eb1ae1cfaa 100644
--- a/lib/nova
+++ b/lib/nova
@@ -440,13 +440,18 @@ function create_nova_accounts {
 
         # EC2
         if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
-
+            local nova_ec2_api_url
+            if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
+                nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:$EC2_SERVICE_PORT/"
+            else
+                nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST/ec2"
+            fi
             get_or_create_service "ec2" "ec2" "EC2 Compatibility Layer"
             get_or_create_endpoint "ec2" \
                 "$REGION_NAME" \
-                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
-                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/" \
-                "$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:8773/"
+                "$nova_ec2_api_url" \
+                "$nova_ec2_api_url" \
+                "$nova_ec2_api_url"
         fi
     fi
 

From 108b75d7a1ca653efa21e80bfb5ec3ead029954c Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Tue, 13 Oct 2015 15:51:43 +0200
Subject: [PATCH 0992/3421] lib/tempest: remove duplicate iniset calls

In Tempest config, `image-feature-enabled deactivate_image` is
enabled twice. This patch removes one of the redundant call to iniset.

Change-Id: Idbfcd6d6ee171c2c83736e17bbaf3d7a32c738b1
---
 lib/tempest | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 6eeab4e231..da0fe41ca3 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -331,7 +331,6 @@ function configure_tempest {
     if [[ ! -z "$TEMPEST_HTTP_IMAGE" ]]; then
         iniset $TEMPEST_CONFIG image http_image $TEMPEST_HTTP_IMAGE
     fi
-    iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image true
 
     # Image Features
     iniset $TEMPEST_CONFIG image-feature-enabled deactivate_image True

From 8043bfaf5ec6059e7245ff397672b1da0e563013 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 14 Oct 2015 14:53:18 +1100
Subject: [PATCH 0993/3421] Turn off tracing for service functions

These functions commonly externally called (as part of stackrc
inclusion, even) and do a fair bit of iteration over long
service-lists, which really fills up the logs of devstack and grenade
with unnecessary details.

The functions are well tested by unit-tests, so we are very unlikely
to need to debug internal issues with them in a hurry.  Thus turn
logging down for them.

Change-Id: I63b9a05a0678c7e0c7012f6d768c29fd67f090d2
---
 functions-common | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/functions-common b/functions-common
index be3f81c412..c8f551de3c 100644
--- a/functions-common
+++ b/functions-common
@@ -1147,7 +1147,7 @@ function update_package_repo {
 
     if is_ubuntu; then
         local xtrace
-    xtrace=$(set +o | grep xtrace)
+        xtrace=$(set +o | grep xtrace)
         set +o xtrace
         if [[ "$REPOS_UPDATED" != "True" || "$RETRY_UPDATE" = "True" ]]; then
             # if there are transient errors pulling the updates, that's fine.
@@ -1758,11 +1758,17 @@ function run_phase {
 # remove extra commas from the input string (i.e. ``ENABLED_SERVICES``)
 # _cleanup_service_list service-list
 function _cleanup_service_list {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+
     echo "$1" | sed -e '
         s/,,/,/g;
         s/^,//;
         s/,$//
     '
+
+    $xtrace
 }
 
 # disable_all_services() removes all current services
@@ -1780,6 +1786,10 @@ function disable_all_services {
 # Uses global ``ENABLED_SERVICES``
 # disable_negated_services
 function disable_negated_services {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+
     local to_remove=""
     local remaining=""
     local service
@@ -1797,6 +1807,8 @@ function disable_negated_services {
     # go through the service list.  if this service appears in the "to
     # be removed" list, drop it
     ENABLED_SERVICES=$(remove_disabled_services "$remaining" "$to_remove")
+
+    $xtrace
 }
 
 # disable_service() prepares the services passed as argument to be
@@ -1808,6 +1820,10 @@ function disable_negated_services {
 # Uses global ``DISABLED_SERVICES``
 # disable_service service [service ...]
 function disable_service {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+
     local disabled_svcs="${DISABLED_SERVICES}"
     local enabled_svcs=",${ENABLED_SERVICES},"
     local service
@@ -1819,6 +1835,8 @@ function disable_service {
     done
     DISABLED_SERVICES=$(_cleanup_service_list "$disabled_svcs")
     ENABLED_SERVICES=$(_cleanup_service_list "$enabled_svcs")
+
+    $xtrace
 }
 
 # enable_service() adds the services passed as argument to the
@@ -1832,6 +1850,10 @@ function disable_service {
 # Uses global ``ENABLED_SERVICES``
 # enable_service service [service ...]
 function enable_service {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+
     local tmpsvcs="${ENABLED_SERVICES}"
     local service
     for service in $@; do
@@ -1845,6 +1867,8 @@ function enable_service {
     done
     ENABLED_SERVICES=$(_cleanup_service_list "$tmpsvcs")
     disable_negated_services
+
+    $xtrace
 }
 
 # is_service_enabled() checks if the service(s) specified as arguments are
@@ -1873,6 +1897,7 @@ function is_service_enabled {
     local xtrace
     xtrace=$(set +o | grep xtrace)
     set +o xtrace
+
     local enabled=1
     local services=$@
     local service
@@ -1898,6 +1923,7 @@ function is_service_enabled {
         [[ ${service} == "swift" && ${ENABLED_SERVICES} =~ "s-" ]] && enabled=0
         [[ ${service} == s-* && ${ENABLED_SERVICES} =~ "swift" ]] && enabled=0
     done
+
     $xtrace
     return $enabled
 }
@@ -1905,6 +1931,10 @@ function is_service_enabled {
 # remove specified list from the input string
 # remove_disabled_services service-list remove-list
 function remove_disabled_services {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+
     local service_list=$1
     local remove_list=$2
     local service
@@ -1923,6 +1953,9 @@ function remove_disabled_services {
             enabled="${enabled},$service"
         fi
     done
+
+    $xtrace
+
     _cleanup_service_list "$enabled"
 }
 

From 316b348ad6068c485090761713685dfeb9ac4d38 Mon Sep 17 00:00:00 2001
From: Yalei Wang 
Date: Wed, 15 Jul 2015 21:00:31 +0800
Subject: [PATCH 0994/3421] Add verification of OVS_PHYSICAL_BRIDGE

OVS_PHYSICAL_BRIDGE is not always set, like when you don't need specify the
bridge mapping, and also it has no default value. So we need to add
verification of OVS_PHYSICAL_BRIDGE in cleanup_neutron function where we refer
to it.

Change-Id: I69d113a7f3f7e67b09cb72fa0b0d3bba188e783a
Close-Bug: #1474634
---
 lib/neutron-legacy | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 350706c9b7..b3db77e874 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -838,18 +838,20 @@ function _move_neutron_addresses_route {
 # runs that a clean run would need to clean up
 function cleanup_neutron {
 
-    _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
+    if [[ -n "$OVS_PHYSICAL_BRIDGE" ]]; then
+        _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
 
-    if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
-        _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet6"
-    fi
+        if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
+            _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet6"
+        fi
 
-    if is_provider_network && is_ironic_hardware; then
-        for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
-            sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
-            sudo ip addr add $IP dev $PUBLIC_INTERFACE
-        done
-        sudo route del -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+        if is_provider_network && is_ironic_hardware; then
+            for IP in $(ip addr show dev $OVS_PHYSICAL_BRIDGE | grep ' inet ' | awk '{print $2}'); do
+                sudo ip addr del $IP dev $OVS_PHYSICAL_BRIDGE
+                sudo ip addr add $IP dev $PUBLIC_INTERFACE
+            done
+            sudo route del -net $FIXED_RANGE gw $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
+        fi
     fi
 
     if is_neutron_ovs_base_plugin; then

From 746e72d4c3494b9765c2ba221c50f0ca20128c29 Mon Sep 17 00:00:00 2001
From: Mark Hamzy 
Date: Wed, 14 Oct 2015 13:42:18 -0500
Subject: [PATCH 0995/3421] Restrict requests to fedora

The os_RELEASE for RHEL is 7.1 (for example). Which does not work for comparisons
to an integer.  And, while I am at it, change base_path to not use a hard-coded
directory.

Change-Id: I64a04810cc7ba4668c2cb7a8df79c206301e9e16
---
 tools/fixup_stuff.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index a601cf2f67..b57d140d6d 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -135,7 +135,7 @@ if is_fedora; then
         fi
     fi
 
-    if  [[ "$os_RELEASE" -ge "21" ]]; then
+    if  [[ "$os_VENDOR" == "Fedora" ]] && [[ "$os_RELEASE" -ge "21" ]]; then
         # requests ships vendored version of chardet/urllib3, but on
         # fedora these are symlinked back to the primary versions to
         # avoid duplication of code on disk.  This is fine when
@@ -152,9 +152,9 @@ if is_fedora; then
         # https://bugs.launchpad.net/glance/+bug/1476770
         # https://bugzilla.redhat.com/show_bug.cgi?id=1253823
 
-        base_path=/usr/lib/python2.7/site-packages/requests/packages
+        base_path=$(get_package_path requests)/packages
         if [ -L $base_path/chardet -o -L $base_path/urllib3 ]; then
-            sudo rm -f /usr/lib/python2.7/site-packages/requests/packages/{chardet,urllib3}
+            sudo rm -f $base_path/{chardet,urllib3}
             # install requests with the bundled urllib3 to avoid conflicts
             pip_install --upgrade --force-reinstall requests
         fi

From 975f4209d0d7e6a38ec82ce9caafabaea18f2e9d Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Wed, 14 Oct 2015 15:12:32 +1100
Subject: [PATCH 0996/3421] Save interactive passwords to separate file

The interactive password prompt currently saves to .localrc.auto

However, this is removed when you re-run stack; that is required as it
is how we source the localrc bits of local.conf, and we want the
users' changes to be picked up.

The passwords, however, should remain constant, because everything has
already been setup with them.  So write them to a separate file.  Note
we source before localrc so it can still overwrite them.

Some minor flow-changes too

Change-Id: I9871c8b8c7569626faf552628de69b811ba4dac0
Closes-Bug: #1505872
---
 clean.sh |  4 +++-
 stack.sh | 10 ++++++----
 stackrc  |  5 +++++
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/clean.sh b/clean.sh
index b22a29cb41..ae28aa9ab7 100755
--- a/clean.sh
+++ b/clean.sh
@@ -134,7 +134,9 @@ rm -rf $DIRS_TO_CLEAN
 
 # Clean up files
 
-FILES_TO_CLEAN=".localrc.auto docs/files docs/html shocco/ stack-screenrc test*.conf* test.ini*"
+FILES_TO_CLEAN=".localrc.auto .localrc.password "
+FILES_TO_CLEAN+="docs/files docs/html shocco/ "
+FILES_TO_CLEAN+="stack-screenrc test*.conf* test.ini* "
 FILES_TO_CLEAN+=".stackenv .prereqs"
 
 for file in $FILES_TO_CLEAN; do
diff --git a/stack.sh b/stack.sh
index 0720744028..886d449f12 100755
--- a/stack.sh
+++ b/stack.sh
@@ -569,7 +569,7 @@ function read_password {
     if [[ -f $RC_DIR/localrc ]]; then
         localrc=$TOP_DIR/localrc
     else
-        localrc=$TOP_DIR/.localrc.auto
+        localrc=$TOP_DIR/.localrc.password
     fi
 
     # If the password is not defined yet, proceed to prompt user for a password.
@@ -579,13 +579,15 @@ function read_password {
             touch $localrc
         fi
 
-        # Presumably if we got this far it can only be that our localrc is missing
-        # the required password.  Prompt user for a password and write to localrc.
+        # Presumably if we got this far it can only be that our
+        # localrc is missing the required password.  Prompt user for a
+        # password and write to localrc.
+
         echo ''
         echo '################################################################################'
         echo $msg
         echo '################################################################################'
-        echo "This value will be written to your localrc file so you don't have to enter it "
+        echo "This value will be written to ${localrc} file so you don't have to enter it "
         echo "again.  Use only alphanumeric characters."
         echo "If you leave this blank, a random default value will be used."
         pw=" "
diff --git a/stackrc b/stackrc
index c7c631362e..a1643356e0 100644
--- a/stackrc
+++ b/stackrc
@@ -103,6 +103,11 @@ HORIZON_APACHE_ROOT="/dashboard"
 # be disabled for automated testing by setting this value to False.
 USE_SCREEN=True
 
+# Passwords generated by interactive devstack runs
+if [[ -r $RC_DIR/.localrc.password ]]; then
+    source $RC_DIR/.localrc.password
+fi
+
 # allow local overrides of env variables, including repo config
 if [[ -f $RC_DIR/localrc ]]; then
     # Old-style user-supplied config

From 394968fa3d6b0f3b296b49d038aac25b74c2dca7 Mon Sep 17 00:00:00 2001
From: Jamie Lennox 
Date: Fri, 28 Aug 2015 09:18:26 +1000
Subject: [PATCH 0997/3421] Always use v3 nova/neutron authentication

There is no need to test here whether v2 is disabled or not. V3
Authentication will always be available and we should just use that.

Change-Id: I0d2d76ebdf261917f1a2b23c65f0f843ae50f49a
---
 lib/neutron-legacy | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index ebb757058f..bbfe7f374b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -468,19 +468,13 @@ function configure_neutron {
 function create_nova_conf_neutron {
     iniset $NOVA_CONF DEFAULT network_api_class "nova.network.neutronv2.api.API"
 
-
-    if [ "$ENABLE_IDENTITY_V2" == "False" ]; then
-        iniset $NOVA_CONF neutron auth_plugin "v3password"
-        iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
-        iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
-        iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
-        iniset $NOVA_CONF neutron user_domain_name "default"
-    else
-        iniset $NOVA_CONF neutron admin_username "$Q_ADMIN_USERNAME"
-        iniset $NOVA_CONF neutron admin_password "$SERVICE_PASSWORD"
-        iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
-        iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
-    fi
+    iniset $NOVA_CONF neutron auth_plugin "v3password"
+    iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+    iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
+    iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
+    iniset $NOVA_CONF neutron user_domain_name "Default"
+    iniset $NOVA_CONF neutron project_name "$SERVICE_TENANT_NAME"
+    iniset $NOVA_CONF neutron project_domain_name "Default"
     iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
     iniset $NOVA_CONF neutron region_name "$REGION_NAME"
     iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT"

From 5ed8af671328a0f9824bb33f9c637cc779a83ae3 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur 
Date: Thu, 15 Oct 2015 14:30:50 +0200
Subject: [PATCH 0998/3421] Fix devstack failure due to incorrect variable
 assignment

After I9c8912a8fd596535589b207d7fc553b9d951d3fe this approach leads
to a failure and breaks (at least) ironic-inspector gate.

Change-Id: I19bb8ada9a6f42d375838cc88a376715918c2a3e
---
 lib/ironic | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 61eba6fcf3..74e2f931ff 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -634,8 +634,10 @@ function enroll_nodes {
 
         # First node created will be used for testing in ironic w/o glance
         # scenario, so we need to know its UUID.
-        local standalone_node_uuid
-        standalone_node_uuid=$([ $total_nodes -eq 0 ] && echo "--uuid $IRONIC_NODE_UUID")
+        local standalone_node_uuid=""
+        if [ $total_nodes -eq 0 ]; then
+            standalone_node_uuid="--uuid $IRONIC_NODE_UUID"
+        fi
 
         local node_id
         node_id=$(ironic node-create $standalone_node_uuid\

From c94403d8e6c480dad6d962e517c623e1c14ac6d2 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Thu, 15 Oct 2015 12:51:13 -0700
Subject: [PATCH 0999/3421] Disable compute interface attach Tempest tests if
 using cells

Cells doesn't support the os-attach-interfaces API so disable those
tests in Tempest if running with Cells.

Change-Id: I5c7884407868eae70ea125f3f893c73214c04c75
---
 lib/tempest | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index d29a6f9853..10dd652750 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -388,6 +388,8 @@ function configure_tempest {
     if is_service_enabled n-cell; then
         # Cells doesn't support shelving/unshelving
         iniset $TEMPEST_CONFIG compute-feature-enabled shelve False
+        # Cells doesn't support hot-plugging virtual interfaces.
+        iniset $TEMPEST_CONFIG compute-feature-enabled interface_attach False
     fi
 
     # Network

From b14f96fb7aa9512d17399eb38024af652df7bc11 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 15 Oct 2015 11:50:10 +1100
Subject: [PATCH 1000/3421] Pin bashate and allow for substitution

I want to release a new bashate, but I also don't want to risk
consuming it before fully testing it.  By pinning here, we can run all
our usual CI on new versions before accepting them.

Additionally, allow substitution of the bashate dependency via an
environment variable.  We can use this in a bashate test to substitute
a path to a checkout with any changes applied.

Change-Id: I165c4d66db8b7bdcff235ef7d8c99029637bb76a
---
 tox.ini | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 1c238add8a..0df9877ba8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -8,7 +8,8 @@ usedevelop = False
 install_command = pip install {opts} {packages}
 
 [testenv:bashate]
-deps = bashate
+deps =
+   {env:BASHATE_INSTALL_PATH:bashate==0.3.1}
 whitelist_externals = bash
 commands = bash -c "find {toxinidir}             \
          -not \( -type d -name .?\* -prune \)    \ # prune all 'dot' dirs

From c581c78c92dc5ea453bee8dd0a244554b4d6d57d Mon Sep 17 00:00:00 2001
From: ZhiQiang Fan 
Date: Sun, 18 Oct 2015 02:31:40 -0600
Subject: [PATCH 1001/3421] add file userrc_early to .gitignore list

After devstack runs ./stack.sh, there is a file named userrc_early
which contains sensitive information is created, we should add it
to ignore list, because it is only for end user debugging.

Change-Id: Ic99c279ec6a3606dc6f6ba9a7612b5ca7a2b6b10
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 2778a65c89..8870bb362c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@ proto
 shocco
 src
 stack-screenrc
+userrc_early

From cc481740a0766f0f762cc1fc9f7f6db66e792cdc Mon Sep 17 00:00:00 2001
From: Einst Crazy 
Date: Tue, 20 Oct 2015 01:16:25 +0800
Subject: [PATCH 1002/3421] modify stackforge/swift3 to openstack/swift3

As swift3.git has move from stackforge/swift3 to openstack/swift3,
so modify it.

Change-Id: Ieaff4c93889c46c7d4b8ecada1a5d7cf3c775965
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index a1643356e0..4026ff8feb 100644
--- a/stackrc
+++ b/stackrc
@@ -447,7 +447,7 @@ GITREPO["keystonemiddleware"]=${KEYSTONEMIDDLEWARE_REPO:-${GIT_BASE}/openstack/k
 GITBRANCH["keystonemiddleware"]=${KEYSTONEMIDDLEWARE_BRANCH:-master}
 
 # s3 support for swift
-SWIFT3_REPO=${SWIFT3_REPO:-${GIT_BASE}/stackforge/swift3.git}
+SWIFT3_REPO=${SWIFT3_REPO:-${GIT_BASE}/openstack/swift3.git}
 SWIFT3_BRANCH=${SWIFT3_BRANCH:-master}
 
 # ceilometer middleware

From e3a239b2990edfd6517c9bdb1b55fce5618f5277 Mon Sep 17 00:00:00 2001
From: Einst Crazy 
Date: Tue, 20 Oct 2015 01:34:05 +0800
Subject: [PATCH 1003/3421] Modify the build-wheels.sh to build_wheels.sh

The path is tools/build_wheels.sh, but in the Makefile which is
tools/build-wheels.sh. Modify it to the correct one.

Change-Id: If297b65b539403af10a73adbbadfcd8281d40009
Closes-Bug: #1507699
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 082aff21d2..a6bb230708 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,7 @@ unstack:
 	./unstack.sh
 
 wheels:
-	WHEELHOUSE=$(WHEELHOUSE) tools/build-wheels.sh
+	WHEELHOUSE=$(WHEELHOUSE) tools/build_wheels.sh
 
 docs:
 	tox -edocs

From 9f6b542a25dd6b48265c5e7317eb068886dc51c1 Mon Sep 17 00:00:00 2001
From: Zhang Jinnan 
Date: Tue, 20 Oct 2015 01:19:06 +0800
Subject: [PATCH 1004/3421] change stackforge url to openstack url

beacuse of the stackforge project move to openstack project,
so change the document url to git://git.openstack.org/openstack/.

Change-Id: I1628c0aeb62ee519867fdaee56386e22978c4271
---
 doc/source/plugin-registry.rst |  4 ++--
 doc/source/plugins.rst         | 13 ++++++-------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index eb09988a53..49b3a7fc02 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -68,7 +68,7 @@ Alternate Configs
 | Plugin Name | URL                                                        | Comments   |
 |             |                                                            |            |
 +-------------+------------------------------------------------------------+------------+
-|glusterfs    |git://git.openstack.org/stackforge/devstack-plugin-glusterfs|            |
+|glusterfs    |git://git.openstack.org/openstack/devstack-plugin-glusterfs |            |
 +-------------+------------------------------------------------------------+------------+
 |             |                                                            |            |
 +-------------+------------------------------------------------------------+------------+
@@ -80,7 +80,7 @@ Additional Services
 | Plugin Name    | URL                                              | Comments   |
 |                |                                                  |            |
 +----------------+--------------------------------------------------+------------+
-|ec2-api         |git://git.openstack.org/stackforge/ec2api         |[as1]_      |
+|ec2-api         |git://git.openstack.org/openstack/ec2-api         |[as1]_      |
 +----------------+--------------------------------------------------+------------+
 |ironic-inspector|git://git.openstack.org/openstack/ironic-inspector|            |
 +----------------+--------------------------------------------------+------------+
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index fda601b414..8bd3797cd2 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -56,7 +56,7 @@ They are added in the following format::
 
 An example would be as follows::
 
-  enable_plugin ec2api git://git.openstack.org/stackforge/ec2api
+  enable_plugin ec2-api git://git.openstack.org/openstack/ec2-api
 
 plugin.sh contract
 ==================
@@ -202,13 +202,12 @@ Using Plugins in the OpenStack Gate
 For everyday use, DevStack plugins can exist in any git tree that's
 accessible on the internet. However, when using DevStack plugins in
 the OpenStack gate, they must live in projects in OpenStack's
-gerrit. Both ``openstack`` namespace and ``stackforge`` namespace are
-fine. This allows testing of the plugin as well as provides network
+gerrit. This allows testing of the plugin as well as provides network
 isolation against upstream git repository failures (which we see often
 enough to be an issue).
 
 Ideally a plugin will be included within the ``devstack`` directory of
-the project they are being tested. For example, the stackforge/ec2-api
+the project they are being tested. For example, the openstack/ec2-api
 project has its plugin support in its own tree.
 
 However, some times a DevStack plugin might be used solely to
@@ -218,7 +217,7 @@ include: integration of back end storage (e.g. ceph or glusterfs),
 integration of SDN controllers (e.g. ovn, OpenDayLight), or
 integration of alternate RPC systems (e.g. zmq, qpid). In these cases
 the best practice is to build a dedicated
-``stackforge/devstack-plugin-FOO`` project.
+``openstack/devstack-plugin-FOO`` project.
 
 To enable a plugin to be used in a gate job, the following lines will
 be needed in your ``jenkins/jobs/.yaml`` definition in
@@ -228,12 +227,12 @@ be needed in your ``jenkins/jobs/.yaml`` definition in
   # Because we are testing a non standard project, add the
   # our project repository. This makes zuul do the right
   # reference magic for testing changes.
-  export PROJECTS="stackforge/ec2-api $PROJECTS"
+  export PROJECTS="openstack/ec2-api $PROJECTS"
 
   # note the actual url here is somewhat irrelevant because it
   # caches in nodepool, however make it a valid url for
   # documentation purposes.
-  export DEVSTACK_LOCAL_CONFIG="enable_plugin ec2-api git://git.openstack.org/stackforge/ec2-api"
+  export DEVSTACK_LOCAL_CONFIG="enable_plugin ec2-api git://git.openstack.org/openstack/ec2-api"
 
 See Also
 ========

From 8f385dde22815de5e7487e52cf78374f5c2967b3 Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Mon, 19 Oct 2015 15:13:30 -0400
Subject: [PATCH 1005/3421] Write clouds.yaml to /etc as well

There are more than one user that need to access clouds.yaml values
in tests. Rather than copying the file everywhere, simply output
it to /etc/openstack.

However, we have things copying it at the moment, so output to
both places. A follow up patch will remove the homedir version.

Change-Id: I21d3c2ad7a020a5ab02dc1ab532feae70b718892
---
 functions-common | 59 +++++++++++++++++++++++++-----------------------
 1 file changed, 31 insertions(+), 28 deletions(-)

diff --git a/functions-common b/functions-common
index f95bfe543f..42555a95f5 100644
--- a/functions-common
+++ b/functions-common
@@ -76,34 +76,37 @@ function write_clouds_yaml {
     # The location is a variable to allow for easier refactoring later to make it
     # overridable. There is currently no usecase where doing so makes sense, so
     # it's not currently configurable.
-    CLOUDS_YAML=~/.config/openstack/clouds.yaml
-
-    mkdir -p $(dirname $CLOUDS_YAML)
-
-    CA_CERT_ARG=''
-    if [ -f "$SSL_BUNDLE_FILE" ]; then
-        CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
-    fi
-    $TOP_DIR/tools/update_clouds_yaml.py \
-        --file $CLOUDS_YAML \
-        --os-cloud devstack \
-        --os-region-name $REGION_NAME \
-        --os-identity-api-version 3 \
-        $CA_CERT_ARG \
-        --os-auth-url $KEYSTONE_AUTH_URI \
-        --os-username demo \
-        --os-password $ADMIN_PASSWORD \
-        --os-project-name demo
-    $TOP_DIR/tools/update_clouds_yaml.py \
-        --file $CLOUDS_YAML \
-        --os-cloud devstack-admin \
-        --os-region-name $REGION_NAME \
-        --os-identity-api-version 3 \
-        $CA_CERT_ARG \
-        --os-auth-url $KEYSTONE_AUTH_URI \
-        --os-username admin \
-        --os-password $ADMIN_PASSWORD \
-        --os-project-name admin
+    for clouds_path in /etc/openstack ~/.config/openstack ; do
+        CLOUDS_YAML=$clouds_path/clouds.yaml
+
+        sudo mkdir -p $(dirname $CLOUDS_YAML)
+        sudo chown -R $STACK_USER $(dirname $CLOUDS_YAML)
+
+        CA_CERT_ARG=''
+        if [ -f "$SSL_BUNDLE_FILE" ]; then
+            CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
+        fi
+        $TOP_DIR/tools/update_clouds_yaml.py \
+            --file $CLOUDS_YAML \
+            --os-cloud devstack \
+            --os-region-name $REGION_NAME \
+            --os-identity-api-version 3 \
+            $CA_CERT_ARG \
+            --os-auth-url $KEYSTONE_AUTH_URI \
+            --os-username demo \
+            --os-password $ADMIN_PASSWORD \
+            --os-project-name demo
+        $TOP_DIR/tools/update_clouds_yaml.py \
+            --file $CLOUDS_YAML \
+            --os-cloud devstack-admin \
+            --os-region-name $REGION_NAME \
+            --os-identity-api-version 3 \
+            $CA_CERT_ARG \
+            --os-auth-url $KEYSTONE_AUTH_URI \
+            --os-username admin \
+            --os-password $ADMIN_PASSWORD \
+            --os-project-name admin
+    done
 }
 
 # trueorfalse  

From c49917250f2dc5243d652e59d8c70c1437975dea Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Thu, 22 Oct 2015 04:21:34 -0400
Subject: [PATCH 1006/3421] Removed starting of nova-ec2-api service

Since nova-ec2-api service was removed from nova it is not
needed in devstack.

Change-Id: I91d4be02a1a9c2ca4d18256d9a37a5c2559f53b7
Closes-Bug: #1530798
---
 files/apache-nova-ec2-api.template | 25 -----------------
 lib/nova                           | 44 ------------------------------
 2 files changed, 69 deletions(-)
 delete mode 100644 files/apache-nova-ec2-api.template

diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template
deleted file mode 100644
index 7b1d68b106..0000000000
--- a/files/apache-nova-ec2-api.template
+++ /dev/null
@@ -1,25 +0,0 @@
-Listen %PUBLICPORT%
-
-
-    WSGIDaemonProcess nova-ec2-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
-    WSGIProcessGroup nova-ec2-api
-    WSGIScriptAlias / %PUBLICWSGI%
-    WSGIApplicationGroup %{GLOBAL}
-    WSGIPassAuthorization On
-    = 2.4>
-      ErrorLogFormat "%M"
-    
-    ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log
-    %SSLENGINE%
-    %SSLCERTFILE%
-    %SSLKEYFILE%
-
-
-Alias /ec2 %PUBLICWSGI%
-
-    SetHandler wsgi-script
-    Options +ExecCGI
-    WSGIProcessGroup nova-ec2-api
-    WSGIApplicationGroup %{GLOBAL}
-    WSGIPassAuthorization On
-
diff --git a/lib/nova b/lib/nova
index 6337f875ef..c75623f7d6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -242,7 +242,6 @@ function cleanup_nova {
 function _cleanup_nova_apache_wsgi {
     sudo rm -f $NOVA_WSGI_DIR/*
     sudo rm -f $(apache_site_config_for nova-api)
-    sudo rm -f $(apache_site_config_for nova-ec2-api)
     sudo rm -f $(apache_site_config_for nova-metadata)
 }
 
@@ -252,15 +251,12 @@ function _config_nova_apache_wsgi {
 
     local nova_apache_conf
     nova_apache_conf=$(apache_site_config_for nova-api)
-    local nova_ec2_apache_conf
-    nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
     local nova_metadata_apache_conf
     nova_metadata_apache_conf=$(apache_site_config_for nova-metadata)
     local nova_ssl=""
     local nova_certfile=""
     local nova_keyfile=""
     local nova_api_port=$NOVA_SERVICE_PORT
-    local nova_ec2_api_port=$EC2_SERVICE_PORT
     local nova_metadata_port=$METADATA_SERVICE_PORT
     local venv_path=""
 
@@ -275,7 +271,6 @@ function _config_nova_apache_wsgi {
 
     # copy proxy vhost and wsgi helper files
     sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api
-    sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api
     sudo cp $NOVA_DIR/nova/wsgi/nova-metadata.py $NOVA_WSGI_DIR/nova-metadata
 
     sudo cp $FILES/apache-nova-api.template $nova_apache_conf
@@ -291,19 +286,6 @@ function _config_nova_apache_wsgi {
         s|%APIWORKERS%|$API_WORKERS|g
     " -i $nova_apache_conf
 
-    sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf
-    sudo sed -e "
-        s|%PUBLICPORT%|$nova_ec2_api_port|g;
-        s|%APACHE_NAME%|$APACHE_NAME|g;
-        s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-ec2-api|g;
-        s|%SSLENGINE%|$nova_ssl|g;
-        s|%SSLCERTFILE%|$nova_certfile|g;
-        s|%SSLKEYFILE%|$nova_keyfile|g;
-        s|%USER%|$STACK_USER|g;
-        s|%VIRTUALENV%|$venv_path|g
-        s|%APIWORKERS%|$API_WORKERS|g
-    " -i $nova_ec2_apache_conf
-
     sudo cp $FILES/apache-nova-metadata.template $nova_metadata_apache_conf
     sudo sed -e "
         s|%PUBLICPORT%|$nova_metadata_port|g;
@@ -461,22 +443,6 @@ function create_nova_accounts {
             # swift through the s3 api.
             get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME
         fi
-
-        # EC2
-        if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
-            local nova_ec2_api_url
-            if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then
-                nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:$EC2_SERVICE_PORT/"
-            else
-                nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST/ec2"
-            fi
-            get_or_create_service "ec2" "ec2" "EC2 Compatibility Layer"
-            get_or_create_endpoint "ec2" \
-                "$REGION_NAME" \
-                "$nova_ec2_api_url" \
-                "$nova_ec2_api_url" \
-                "$nova_ec2_api_url"
-        fi
     fi
 
     # S3
@@ -522,7 +488,6 @@ function create_nova_conf {
     iniset $NOVA_CONF api_database connection `database_connection_url nova_api`
     iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x"
     iniset $NOVA_CONF DEFAULT osapi_compute_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
-    iniset $NOVA_CONF DEFAULT ec2_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
     iniset $NOVA_CONF DEFAULT metadata_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
     iniset $NOVA_CONF DEFAULT s3_listen "$NOVA_SERVICE_LISTEN_ADDRESS"
 
@@ -629,12 +594,10 @@ function create_nova_conf {
     fi
 
     iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST"
-    iniset $NOVA_CONF DEFAULT keystone_ec2_url $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
     iniset_rpc_backend nova $NOVA_CONF
     iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
 
     iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS"
-    iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS"
     iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS"
     # don't let the conductor get out of control now that we're using a pure python db driver
     iniset $NOVA_CONF conductor workers "$API_WORKERS"
@@ -660,10 +623,6 @@ function create_nova_conf {
         iniset $NOVA_CONF DEFAULT enabled_ssl_apis "$NOVA_ENABLED_APIS"
     fi
 
-    if is_service_enabled tls-proxy; then
-        iniset $NOVA_CONF DEFAULT ec2_listen_port $EC2_SERVICE_PORT_INT
-    fi
-
     if is_service_enabled n-sproxy; then
         iniset $NOVA_CONF serial_console serialproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
         iniset $NOVA_CONF serial_console enabled True
@@ -817,11 +776,9 @@ function start_nova_api {
     enabled_site_file=$(apache_site_config_for nova-api)
     if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
         enable_apache_site nova-api
-        enable_apache_site nova-ec2-api
         enable_apache_site nova-metadata
         restart_apache_server
         tail_log nova-api /var/log/$APACHE_NAME/nova-api.log
-        tail_log nova-ec2-api /var/log/$APACHE_NAME/nova-ec2-api.log
         tail_log nova-metadata /var/log/$APACHE_NAME/nova-metadata.log
     else
         run_process n-api "$NOVA_BIN_DIR/nova-api"
@@ -937,7 +894,6 @@ function stop_nova_compute {
 function stop_nova_rest {
     if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
         disable_apache_site nova-api
-        disable_apache_site nova-ec2-api
         disable_apache_site nova-metadata
         restart_apache_server
     else

From c148b13c60525be637d23a1330cf56376f11432f Mon Sep 17 00:00:00 2001
From: Matthew Treinish 
Date: Thu, 22 Oct 2015 10:05:00 -0400
Subject: [PATCH 1007/3421] Ensure we disable tenant isolation without admin

This commit fixes an issue with the tempest configuration when
TEMPEST_HAS_ADMIN is disabled. Without admin credentials tempest
is unable to create credentials at all so enabling tenant isolation
is not going to work. Previously devstack wasn't setting it one way
or the other when TEMPEST_HAS_ADMIN was set, which results in the
default of being enabled. So jobs that try to run tempest without
admin were failing.

Change-Id: Iff496cb5cbf29f17c130cfad746b48d8547ca965
---
 lib/tempest | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 10dd652750..bd76be570d 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -564,9 +564,13 @@ function configure_tempest {
         fi
         iniset $TEMPEST_CONFIG auth allow_tenant_isolation False
         iniset $TEMPEST_CONFIG auth test_accounts_file "etc/accounts.yaml"
+    elif [[ $TEMPEST_HAS_ADMIN == "False" ]]; then
+        iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-False}
+
     else
         iniset $TEMPEST_CONFIG auth allow_tenant_isolation ${TEMPEST_ALLOW_TENANT_ISOLATION:-True}
     fi
+
     # Restore IFS
     IFS=$ifs
 }

From 22f747b8df023dd74808df097f5fa5a92168f620 Mon Sep 17 00:00:00 2001
From: Falk Reimann 
Date: Fri, 28 Aug 2015 12:40:19 +0200
Subject: [PATCH 1008/3421] Use swift port variable in keystone and cinder

This patch alows specifiying a deviation of the swift default port 8080 with
variable SWIFT_DEFAULT_BIND_PORT. The created endpoints in keystone for
object-store and the backup_swift_url in cinder.conf will use variable
SWIFT_DEFAULT_BIND_PORT instead of the fixed port 8080.

Change-Id: I47bbcf77368c430718fb8f29b7de1ff305e64422
Closes-Bug: #1489767
---
 lib/cinder   |  2 +-
 lib/keystone |  6 +++---
 lib/swift    | 17 +++++++++--------
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index e5ed2db1a3..2ed02e8b33 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -256,7 +256,7 @@ function configure_cinder {
     fi
 
     if is_service_enabled swift; then
-        iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_"
+        iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_"
     fi
 
     if is_service_enabled ceilometer; then
diff --git a/lib/keystone b/lib/keystone
index e2448c9068..31d5448499 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -266,9 +266,9 @@ function configure_keystone {
 
         # Add swift endpoints to service catalog if swift is enabled
         if is_service_enabled s-proxy; then
-            echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
-            echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/" >> $KEYSTONE_CATALOG
-            echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
+            echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
+            echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/" >> $KEYSTONE_CATALOG
+            echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG
             echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG
         fi
 
diff --git a/lib/swift b/lib/swift
index fc736a60bc..4c2b292bd7 100644
--- a/lib/swift
+++ b/lib/swift
@@ -44,6 +44,7 @@ SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
 SWIFT3_DIR=$DEST/swift3
 
 SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+SWIFT_DEFAULT_BIND_PORT=${SWIFT_DEFAULT_BIND_PORT:-8080}
 SWIFT_DEFAULT_BIND_PORT_INT=${SWIFT_DEFAULT_BIND_PORT_INT:-8081}
 SWIFT_SERVICE_LOCAL_HOST=${SWIFT_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
 SWIFT_SERVICE_LISTEN_ADDRESS=${SWIFT_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
@@ -62,7 +63,7 @@ SWIFT_CONF_DIR=${SWIFT_CONF_DIR:-/etc/swift}
 if is_service_enabled s-proxy && is_service_enabled swift3; then
     # If we are using ``swift3``, we can default the S3 port to swift instead
     # of nova-objectstore
-    S3_SERVICE_PORT=${S3_SERVICE_PORT:-8080}
+    S3_SERVICE_PORT=${S3_SERVICE_PORT:-$SWIFT_DEFAULT_BIND_PORT}
 fi
 
 if is_service_enabled g-api; then
@@ -187,7 +188,7 @@ function _cleanup_swift_apache_wsgi {
 # _config_swift_apache_wsgi() - Set WSGI config files of Swift
 function _config_swift_apache_wsgi {
     sudo mkdir -p ${SWIFT_APACHE_WSGI_DIR}
-    local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080}
+    local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
 
     # copy proxy vhost and wsgi file
     sudo cp ${SWIFT_DIR}/examples/apache2/proxy-server.template $(apache_site_config_for proxy-server)
@@ -348,7 +349,7 @@ function configure_swift {
     local csyncfile=${SWIFT_CONF_DIR}/container-sync-realms.conf
     cp ${SWIFT_DIR}/etc/container-sync-realms.conf-sample ${csyncfile}
     iniset ${csyncfile} realm1 key realm1key
-    iniset ${csyncfile} realm1 cluster_name1 "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/"
+    iniset ${csyncfile} realm1 cluster_name1 "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/"
 
     iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user
     iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER}
@@ -369,7 +370,7 @@ function configure_swift {
     if is_service_enabled tls-proxy; then
         iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT_INT}
     else
-        iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080}
+        iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT}
     fi
 
     if is_ssl_enabled_service s-proxy; then
@@ -621,9 +622,9 @@ function create_swift_accounts {
         get_or_create_service "swift" "object-store" "Swift Service"
         get_or_create_endpoint "object-store" \
             "$REGION_NAME" \
-            "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
-            "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080" \
-            "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
+            "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s" \
+            "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT" \
+            "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_\$(tenant_id)s"
     fi
 
     local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
@@ -764,7 +765,7 @@ function start_swift {
         swift-init --run-dir=${SWIFT_DATA_DIR}/run ${type} stop || true
     done
     if is_service_enabled tls-proxy; then
-        local proxy_port=${SWIFT_DEFAULT_BIND_PORT:-8080}
+        local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
         start_tls_proxy '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT &
     fi
     run_process s-proxy "$SWIFT_DIR/bin/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"

From 7792bc39d4f9f7ec7fd1b81ddbb30c30988f03e6 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Fri, 23 Oct 2015 13:57:14 +1100
Subject: [PATCH 1009/3421] Add new oslo.privsep library to oslo repos

A new project olos.privsep has been created but failes sdvm testing as
even though the library is added ro PROJECTS and LIBS_FROM_GIT it isn't
installed by devstack.

Add oslo.privsep to the install_oslo function

Change-Id: Ia4d56747d56dcfe50889ebbdf9d553df13e1b950
---
 lib/oslo                     | 2 ++
 stackrc                      | 4 ++++
 tests/test_libs_from_pypi.sh | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/oslo b/lib/oslo
index f64f327ccd..56615faaa3 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -36,6 +36,7 @@ GITDIR["oslo.log"]=$DEST/oslo.log
 GITDIR["oslo.messaging"]=$DEST/oslo.messaging
 GITDIR["oslo.middleware"]=$DEST/oslo.middleware
 GITDIR["oslo.policy"]=$DEST/oslo.policy
+GITDIR["oslo.privsep"]=$DEST/oslo.privsep
 GITDIR["oslo.reports"]=$DEST/oslo.reports
 GITDIR["oslo.rootwrap"]=$DEST/oslo.rootwrap
 GITDIR["oslo.serialization"]=$DEST/oslo.serialization
@@ -79,6 +80,7 @@ function install_oslo {
     _do_install_oslo_lib "oslo.messaging"
     _do_install_oslo_lib "oslo.middleware"
     _do_install_oslo_lib "oslo.policy"
+    _do_install_oslo_lib "oslo.privsep"
     _do_install_oslo_lib "oslo.reports"
     _do_install_oslo_lib "oslo.rootwrap"
     _do_install_oslo_lib "oslo.serialization"
diff --git a/stackrc b/stackrc
index 4026ff8feb..819aa0125c 100644
--- a/stackrc
+++ b/stackrc
@@ -371,6 +371,10 @@ GITBRANCH["oslo.middleware"]=${OSLOMID_BRANCH:-master}
 GITREPO["oslo.policy"]=${OSLOPOLICY_REPO:-${GIT_BASE}/openstack/oslo.policy.git}
 GITBRANCH["oslo.policy"]=${OSLOPOLICY_BRANCH:-master}
 
+# oslo.privsep
+GITREPO["oslo.privsep"]=${OSLOPRIVSEP_REPO:-${GIT_BASE}/openstack/oslo.privsep.git}
+GITBRANCH["oslo.privsep"]=${OSLOPRIVSEP_BRANCH:-master}
+
 # oslo.reports
 GITREPO["oslo.reports"]=${OSLOREPORTS_REPO:-${GIT_BASE}/openstack/oslo.reports.git}
 GITBRANCH["oslo.reports"]=${OSLOREPORTS_BRANCH:-master}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 8e8c0227a9..f31560a1fe 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -41,7 +41,7 @@ ALL_LIBS+=" oslo.utils python-swiftclient"
 ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
 ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
 ALL_LIBS+=" oslo.cache oslo.reports"
-ALL_LIBS+=" keystoneauth ironic-lib"
+ALL_LIBS+=" keystoneauth ironic-lib oslo.privsep"
 
 # Generate the above list with
 # echo ${!GITREPO[@]}

From b814b536c54f4ed840cf3eb436c4841d2ed575c4 Mon Sep 17 00:00:00 2001
From: Cedric Brandily 
Date: Thu, 22 Oct 2015 22:25:45 +0200
Subject: [PATCH 1010/3421] Prepare neutron "use_namespaces" option removal

The neutron use_namespaces option is deprecated since Kilo, it's time
remove it from neutron and devstack.

Related-bug: #1508188
Change-Id: I4feb2a15c7e1e4bfdbed2531b18b8e7d798ab3cc
---
 lib/ironic         |  9 ++-------
 lib/neutron-legacy | 15 ++++-----------
 lib/tempest        | 19 +++----------------
 3 files changed, 9 insertions(+), 34 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 74e2f931ff..de07b49667 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -516,13 +516,8 @@ function create_ovs_taps {
     # intentional sleep to make sure the tag has been set to port
     sleep 10
 
-    if  [[ "$Q_USE_NAMESPACE" = "True" ]]; then
-        local tapdev
-        tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
-    else
-        local tapdev
-        tapdev=$(sudo ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
-    fi
+    local tapdev
+    tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
     local tag_id
     tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
 
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4e51425ffc..3c3c96b7bd 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -144,8 +144,6 @@ Q_LISTEN_ADDRESS=${Q_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 Q_ADMIN_USERNAME=${Q_ADMIN_USERNAME:-neutron}
 # Default auth strategy
 Q_AUTH_STRATEGY=${Q_AUTH_STRATEGY:-keystone}
-# Use namespace or not
-Q_USE_NAMESPACE=${Q_USE_NAMESPACE:-True}
 # RHEL's support for namespaces requires using veths with ovs
 Q_OVS_USE_VETH=${Q_OVS_USE_VETH:-False}
 Q_USE_ROOTWRAP=${Q_USE_ROOTWRAP:-True}
@@ -208,7 +206,7 @@ Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int}
 # The plugin supports L3.
 Q_L3_ENABLED=${Q_L3_ENABLED:-False}
 # L3 routers exist per tenant
-Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-False}
+Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
 
 # List of config file names in addition to the main plugin config file
 # See _configure_neutron_common() for details about setting it up
@@ -968,7 +966,6 @@ function _configure_neutron_debug_command {
 
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
-    iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
@@ -985,7 +982,6 @@ function _configure_neutron_dhcp_agent {
 
     iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
     iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $Q_DHCP_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $Q_DHCP_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $Q_DHCP_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
@@ -1009,8 +1005,6 @@ function _configure_neutron_dhcp_agent {
 
 function _configure_neutron_l3_agent {
     Q_L3_ENABLED=True
-    # for l3-agent, only use per tenant router if we have namespaces
-    Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE
 
     if is_service_enabled q-vpn; then
         neutron_vpn_configure_agent
@@ -1020,7 +1014,6 @@ function _configure_neutron_l3_agent {
 
     iniset $Q_L3_CONF_FILE DEFAULT verbose True
     iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
-    iniset $Q_L3_CONF_FILE DEFAULT use_namespaces $Q_USE_NAMESPACE
     iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
     if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
         iniset $Q_L3_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND"
@@ -1309,7 +1302,7 @@ function _neutron_configure_router_v4 {
     if is_service_enabled q-l3; then
         # Configure and enable public bridge
         local ext_gw_interface="none"
-        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+        if is_neutron_ovs_base_plugin; then
             ext_gw_interface=$(_neutron_get_ext_gw_interface)
         elif [[ "$Q_AGENT" = "linuxbridge" ]]; then
             # Search for the brq device the neutron router and network for $FIXED_RANGE
@@ -1359,7 +1352,7 @@ function _neutron_configure_router_v6 {
         IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
         die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
 
-        if is_neutron_ovs_base_plugin && [[ "$Q_USE_NAMESPACE" = "True" ]]; then
+        if is_neutron_ovs_base_plugin; then
             local ext_gw_interface
             ext_gw_interface=$(_neutron_get_ext_gw_interface)
             local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
@@ -1374,7 +1367,7 @@ function _neutron_configure_router_v6 {
 
 # Explicitly set router id in l3 agent configuration
 function _neutron_set_router_id {
-    if [[ "$Q_USE_NAMESPACE" == "False" ]]; then
+    if [[ "$Q_L3_ROUTER_PER_TENANT" == "False" ]]; then
         iniset $Q_L3_CONF_FILE DEFAULT router_id $ROUTER_ID
     fi
 }
diff --git a/lib/tempest b/lib/tempest
index 10dd652750..1d10da4c86 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -15,7 +15,6 @@
 #   - ``SERVICE_HOST``
 #   - ``BASE_SQL_CONN`` ``lib/database`` declares
 #   - ``PUBLIC_NETWORK_NAME``
-#   - ``Q_USE_NAMESPACE``
 #   - ``Q_ROUTER_NAME``
 #   - ``Q_L3_ENABLED``
 #   - ``VIRT_DRIVER``
@@ -132,7 +131,6 @@ function configure_tempest {
     local flavor_lines
     local public_network_id
     local public_router_id
-    local tenant_networks_reachable
     local boto_instance_type="m1.tiny"
     local ssh_connect_method="fixed"
 
@@ -246,13 +244,8 @@ function configure_tempest {
         fi
     fi
 
-    if [ "$Q_USE_NAMESPACE" != "False" ]; then
-        tenant_networks_reachable=false
-        if ! is_service_enabled n-net; then
-            ssh_connect_method="floating"
-        fi
-    else
-        tenant_networks_reachable=true
+    if ! is_service_enabled n-net; then
+        ssh_connect_method="floating"
     fi
 
     ssh_connect_method=${TEMPEST_SSH_CONNECT_METHOD:-$ssh_connect_method}
@@ -260,12 +253,6 @@ function configure_tempest {
     if [ "$Q_L3_ENABLED" = "True" ]; then
         public_network_id=$(neutron net-list | grep $PUBLIC_NETWORK_NAME | \
             awk '{print $2}')
-        if [ "$Q_USE_NAMESPACE" == "False" ]; then
-            # If namespaces are disabled, DevStack will create a single
-            # public router that tempest should be configured to use.
-            public_router_id=$(neutron router-list | awk "/ $Q_ROUTER_NAME / \
-                { print \$2 }")
-        fi
     fi
 
     EC2_URL=$(get_endpoint_url ec2 public || true)
@@ -394,7 +381,7 @@ function configure_tempest {
 
     # Network
     iniset $TEMPEST_CONFIG network api_version 2.0
-    iniset $TEMPEST_CONFIG network tenant_networks_reachable "$tenant_networks_reachable"
+    iniset $TEMPEST_CONFIG network tenant_networks_reachable false
     iniset $TEMPEST_CONFIG network public_network_id "$public_network_id"
     iniset $TEMPEST_CONFIG network public_router_id "$public_router_id"
     iniset $TEMPEST_CONFIG network default_network "$FIXED_RANGE"

From 4abb31d9d86bee139a0bc3e9f7dfc5041e8b875f Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Mon, 26 Oct 2015 12:35:45 -0400
Subject: [PATCH 1011/3421] Format of nova-api log files was corrected

When nova-api and nova-ec2-api services are started by Apache
(it can be done with devstack config option NOVA_USE_MOD_WSGI=True)
log files contained duplication of timestamp value.

Change-Id: I5439ea8f89ca3073600456f67220e9d3f5257d97
Closes-Bug: #1510517
---
 files/apache-nova-api.template     | 2 +-
 files/apache-nova-ec2-api.template | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/apache-nova-api.template b/files/apache-nova-api.template
index 49081528ff..bcf406edf3 100644
--- a/files/apache-nova-api.template
+++ b/files/apache-nova-api.template
@@ -7,7 +7,7 @@ Listen %PUBLICPORT%
     WSGIApplicationGroup %{GLOBAL}
     WSGIPassAuthorization On
     = 2.4>
-      ErrorLogFormat "%{cu}t %M"
+      ErrorLogFormat "%M"
     
     ErrorLog /var/log/%APACHE_NAME%/nova-api.log
     %SSLENGINE%
diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template
index 235d958d1a..a9be15b73a 100644
--- a/files/apache-nova-ec2-api.template
+++ b/files/apache-nova-ec2-api.template
@@ -7,7 +7,7 @@ Listen %PUBLICPORT%
     WSGIApplicationGroup %{GLOBAL}
     WSGIPassAuthorization On
     = 2.4>
-      ErrorLogFormat "%{cu}t %M"
+      ErrorLogFormat "%M"
     
     ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log
     %SSLENGINE%

From 313ddaee6102fc03a3885bec3bf5e0d1e0214878 Mon Sep 17 00:00:00 2001
From: Lenny Verkhovsky 
Date: Tue, 20 Oct 2015 11:26:34 +0300
Subject: [PATCH 1012/3421] Remove sudo from mkdir in $STACK_USER folder

This fails in the environment where sudo does not have permissions to
write in /home/$USER folder, e.g. [1]

Also clean-up the comment/variable usage a bit; the location isn't
actually variable at all (and that's fine, but we don't need a global
here)

[1] http://144.76.193.39/ci-artifacts/228979/10/Nova-ML2-Sriov/console.html.gz

Change-Id: I6807eae9d1c27219aa7c19de29f24fa851aa787c
---
 functions-common | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/functions-common b/functions-common
index 42555a95f5..6607d0be70 100644
--- a/functions-common
+++ b/functions-common
@@ -73,21 +73,23 @@ function save_stackenv {
 # - A `devstack-admin` entry for the `admin` user for the `admin` project.
 # write_clouds_yaml
 function write_clouds_yaml {
-    # The location is a variable to allow for easier refactoring later to make it
-    # overridable. There is currently no usecase where doing so makes sense, so
-    # it's not currently configurable.
-    for clouds_path in /etc/openstack ~/.config/openstack ; do
-        CLOUDS_YAML=$clouds_path/clouds.yaml
+    local clouds_yaml
+
+    sudo mkdir -p /etc/openstack
+    sudo chown -R $STACK_USER /etc/openstack
+    # XXX: to be removed, see https://review.openstack.org/237149/
+    # careful not to sudo this, incase ~ is NFS mounted
+    mkdir -p ~/.config/openstack
 
-        sudo mkdir -p $(dirname $CLOUDS_YAML)
-        sudo chown -R $STACK_USER $(dirname $CLOUDS_YAML)
+    for clouds_path in /etc/openstack ~/.config/openstack ; do
+        clouds_yaml=$clouds_path/clouds.yaml
 
         CA_CERT_ARG=''
         if [ -f "$SSL_BUNDLE_FILE" ]; then
             CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
         fi
         $TOP_DIR/tools/update_clouds_yaml.py \
-            --file $CLOUDS_YAML \
+            --file $clouds_yaml \
             --os-cloud devstack \
             --os-region-name $REGION_NAME \
             --os-identity-api-version 3 \
@@ -97,7 +99,7 @@ function write_clouds_yaml {
             --os-password $ADMIN_PASSWORD \
             --os-project-name demo
         $TOP_DIR/tools/update_clouds_yaml.py \
-            --file $CLOUDS_YAML \
+            --file $clouds_yaml \
             --os-cloud devstack-admin \
             --os-region-name $REGION_NAME \
             --os-identity-api-version 3 \

From ee9bb76647e1424e0dc84d32df6ab8607dc4ec96 Mon Sep 17 00:00:00 2001
From: Monty Taylor 
Date: Mon, 19 Oct 2015 15:16:18 -0400
Subject: [PATCH 1013/3421] Write clouds.yaml to only /etc

After having migrated the copies of clouds.yaml to just consume from
/etc, remove the duplicate copy.

Change-Id: I036704734785958c95d2234917d7b40bd797a375
---
 functions-common | 63 +++++++++++++++++++++++-------------------------
 1 file changed, 30 insertions(+), 33 deletions(-)

diff --git a/functions-common b/functions-common
index 6607d0be70..922938f95d 100644
--- a/functions-common
+++ b/functions-common
@@ -73,42 +73,39 @@ function save_stackenv {
 # - A `devstack-admin` entry for the `admin` user for the `admin` project.
 # write_clouds_yaml
 function write_clouds_yaml {
-    local clouds_yaml
+    # The location is a variable to allow for easier refactoring later to make it
+    # overridable. There is currently no usecase where doing so makes sense, so
+    # it's not currently configurable.
 
-    sudo mkdir -p /etc/openstack
-    sudo chown -R $STACK_USER /etc/openstack
-    # XXX: to be removed, see https://review.openstack.org/237149/
-    # careful not to sudo this, incase ~ is NFS mounted
-    mkdir -p ~/.config/openstack
+    CLOUDS_YAML=/etc/openstack/clouds.yaml
 
-    for clouds_path in /etc/openstack ~/.config/openstack ; do
-        clouds_yaml=$clouds_path/clouds.yaml
+    sudo mkdir -p $(dirname $CLOUDS_YAML)
+    sudo chown -R $STACK_USER /etc/openstack
 
-        CA_CERT_ARG=''
-        if [ -f "$SSL_BUNDLE_FILE" ]; then
-            CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
-        fi
-        $TOP_DIR/tools/update_clouds_yaml.py \
-            --file $clouds_yaml \
-            --os-cloud devstack \
-            --os-region-name $REGION_NAME \
-            --os-identity-api-version 3 \
-            $CA_CERT_ARG \
-            --os-auth-url $KEYSTONE_AUTH_URI \
-            --os-username demo \
-            --os-password $ADMIN_PASSWORD \
-            --os-project-name demo
-        $TOP_DIR/tools/update_clouds_yaml.py \
-            --file $clouds_yaml \
-            --os-cloud devstack-admin \
-            --os-region-name $REGION_NAME \
-            --os-identity-api-version 3 \
-            $CA_CERT_ARG \
-            --os-auth-url $KEYSTONE_AUTH_URI \
-            --os-username admin \
-            --os-password $ADMIN_PASSWORD \
-            --os-project-name admin
-    done
+    CA_CERT_ARG=''
+    if [ -f "$SSL_BUNDLE_FILE" ]; then
+        CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
+    fi
+    $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack \
+        --os-region-name $REGION_NAME \
+        --os-identity-api-version 3 \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_AUTH_URI \
+        --os-username demo \
+        --os-password $ADMIN_PASSWORD \
+        --os-project-name demo
+    $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack-admin \
+        --os-region-name $REGION_NAME \
+        --os-identity-api-version 3 \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_AUTH_URI \
+        --os-username admin \
+        --os-password $ADMIN_PASSWORD \
+        --os-project-name admin
 }
 
 # trueorfalse  

From a692810ef05304856e5fd12ec786f3445ecca576 Mon Sep 17 00:00:00 2001
From: Oleksii Chuprykov 
Date: Thu, 11 Jun 2015 08:56:58 -0400
Subject: [PATCH 1014/3421] Add toggle to run Heat API services via Apache2

Add templates for running Heat API services via
apache mod_wsgi. Also add appropriate functions to
lib/heat for configuring Heat.

Change-Id: I1bdd678c44ddfa616a9db7db85ff6f490ff08947
---
 doc/source/configuration.rst              |   6 ++
 files/apache-heat-api-cfn.template        |  27 ++++++
 files/apache-heat-api-cloudwatch.template |  27 ++++++
 files/apache-heat-api.template            |  27 ++++++
 lib/heat                                  | 109 ++++++++++++++++++++--
 5 files changed, 188 insertions(+), 8 deletions(-)
 create mode 100644 files/apache-heat-api-cfn.template
 create mode 100644 files/apache-heat-api-cloudwatch.template
 create mode 100644 files/apache-heat-api.template

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index aae4f33562..d70d3dae17 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -297,6 +297,12 @@ Example (Swift):
 
     SWIFT_USE_MOD_WSGI="True"
 
+Example (Heat):
+
+::
+
+    HEAT_USE_MOD_WSGI="True"
+
 
 Example (Cinder):
 
diff --git a/files/apache-heat-api-cfn.template b/files/apache-heat-api-cfn.template
new file mode 100644
index 0000000000..ab33c66f7e
--- /dev/null
+++ b/files/apache-heat-api-cfn.template
@@ -0,0 +1,27 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess heat-api-cfn processes=2 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup heat-api-cfn
+    WSGIScriptAlias / %HEAT_BIN_DIR%/heat-wsgi-api-cfn
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    AllowEncodedSlashes On
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/heat-api-cfn.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
+    
+        = 2.4>
+            Require all granted
+        
+        
+            Order allow,deny
+            Allow from all
+        
+    
+
diff --git a/files/apache-heat-api-cloudwatch.template b/files/apache-heat-api-cloudwatch.template
new file mode 100644
index 0000000000..06c91bbdb1
--- /dev/null
+++ b/files/apache-heat-api-cloudwatch.template
@@ -0,0 +1,27 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess heat-api-cloudwatch processes=2 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup heat-api-cloudwatch
+    WSGIScriptAlias / %HEAT_BIN_DIR%/heat-wsgi-api-cloudwatch
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    AllowEncodedSlashes On
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/heat-api-cloudwatch.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
+    
+        = 2.4>
+            Require all granted
+        
+        
+            Order allow,deny
+            Allow from all
+        
+    
+
diff --git a/files/apache-heat-api.template b/files/apache-heat-api.template
new file mode 100644
index 0000000000..4924b3978b
--- /dev/null
+++ b/files/apache-heat-api.template
@@ -0,0 +1,27 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess heat-api processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup heat-api
+    WSGIScriptAlias / %HEAT_BIN_DIR%/heat-wsgi-api
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    AllowEncodedSlashes On
+    = 2.4>
+      ErrorLogFormat "%{cu}t %M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/heat-api.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
+    
+        = 2.4>
+            Require all granted
+        
+        
+            Order allow,deny
+            Allow from all
+        
+    
+
diff --git a/lib/heat b/lib/heat
index 615198cc7d..85fdaa1eb2 100644
--- a/lib/heat
+++ b/lib/heat
@@ -16,6 +16,7 @@
 # - install_heat
 # - configure_heatclient
 # - configure_heat
+# - _config_heat_apache_wsgi
 # - init_heat
 # - start_heat
 # - stop_heat
@@ -32,6 +33,9 @@ set +o xtrace
 # set up default directories
 GITDIR["python-heatclient"]=$DEST/python-heatclient
 
+# Toggle for deploying Heat-API under HTTPD + mod_wsgi
+HEAT_USE_MOD_WSGI=${HEAT_USE_MOD_WSGI:-False}
+
 HEAT_DIR=$DEST/heat
 HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
 HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
@@ -117,13 +121,17 @@ function configure_heat {
     # logging
     iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
     iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$HEAT_USE_MOD_WSGI" == "False" ]  ; then
         # Add color to logging output
         setup_colorized_logging $HEAT_CONF DEFAULT tenant user
     fi
 
     iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
 
+    if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
+        _config_heat_apache_wsgi
+    fi
+
     # NOTE(jamielennox): heat re-uses specific values from the
     # keystone_authtoken middleware group and so currently fails when using the
     # auth plugin setup. This should be fixed in heat.  Heat is also the only
@@ -211,6 +219,9 @@ function install_heatclient {
 function install_heat {
     git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH
     setup_develop $HEAT_DIR
+    if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
+        install_apache_wsgi
+    fi
 }
 
 # install_heat_other() - Collect source and prepare
@@ -226,20 +237,102 @@ function install_heat_other {
 # start_heat() - Start running processes, including screen
 function start_heat {
     run_process h-eng "$HEAT_BIN_DIR/heat-engine --config-file=$HEAT_CONF"
-    run_process h-api "$HEAT_BIN_DIR/heat-api --config-file=$HEAT_CONF"
-    run_process h-api-cfn "$HEAT_BIN_DIR/heat-api-cfn --config-file=$HEAT_CONF"
-    run_process h-api-cw "$HEAT_BIN_DIR/heat-api-cloudwatch --config-file=$HEAT_CONF"
+
+    # If the site is not enabled then we are in a grenade scenario
+    local enabled_site_file=$(apache_site_config_for heat-api)
+    if [ -f ${enabled_site_file} ] && [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
+        enable_apache_site heat-api
+        enable_apache_site heat-api-cfn
+        enable_apache_site heat-api-cloudwatch
+        restart_apache_server
+        tail_log heat-api /var/log/$APACHE_NAME/heat-api.log
+        tail_log heat-api-cfn /var/log/$APACHE_NAME/heat-api-cfn.log
+        tail_log heat-api-cloudwatch /var/log/$APACHE_NAME/heat-api-cloudwatch.log
+    else
+        run_process h-api "$HEAT_BIN_DIR/heat-api --config-file=$HEAT_CONF"
+        run_process h-api-cfn "$HEAT_BIN_DIR/heat-api-cfn --config-file=$HEAT_CONF"
+        run_process h-api-cw "$HEAT_BIN_DIR/heat-api-cloudwatch --config-file=$HEAT_CONF"
+    fi
 }
 
 # stop_heat() - Stop running processes
 function stop_heat {
     # Kill the screen windows
-    local serv
-    for serv in h-eng h-api h-api-cfn h-api-cw; do
-        stop_process $serv
-    done
+    stop_process h-eng
+
+    if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
+        disable_apache_site heat-api
+        disable_apache_site heat-api-cfn
+        disable_apache_site heat-api-cloudwatch
+        restart_apache_server
+    else
+        local serv
+        for serv in h-api h-api-cfn h-api-cw; do
+            stop_process $serv
+        done
+    fi
+
 }
 
+# _cleanup_heat_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+function _cleanup_heat_apache_wsgi {
+    sudo rm -f $(apache_site_config_for heat-api)
+    sudo rm -f $(apache_site_config_for heat-api-cfn)
+    sudo rm -f $(apache_site_config_for heat-api-cloudwatch)
+}
+
+# _config_heat_apache_wsgi() - Set WSGI config files of Heat
+function _config_heat_apache_wsgi {
+
+    local heat_apache_conf=$(apache_site_config_for heat-api)
+    local heat_cfn_apache_conf=$(apache_site_config_for heat-api-cfn)
+    local heat_cloudwatch_apache_conf=$(apache_site_config_for heat-api-cloudwatch)
+    local heat_ssl=""
+    local heat_certfile=""
+    local heat_keyfile=""
+    local heat_api_port=$HEAT_API_PORT
+    local heat_cfn_api_port=$HEAT_API_CFN_PORT
+    local heat_cw_api_port=$HEAT_API_CW_PORT
+    local venv_path=""
+
+    sudo cp $FILES/apache-heat-api.template $heat_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$heat_api_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%HEAT_BIN_DIR%|$HEAT_BIN_DIR|g;
+        s|%SSLENGINE%|$heat_ssl|g;
+        s|%SSLCERTFILE%|$heat_certfile|g;
+        s|%SSLKEYFILE%|$heat_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $heat_apache_conf
+
+    sudo cp $FILES/apache-heat-api-cfn.template $heat_cfn_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$heat_cfn_api_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%HEAT_BIN_DIR%|$HEAT_BIN_DIR|g;
+        s|%SSLENGINE%|$heat_ssl|g;
+        s|%SSLCERTFILE%|$heat_certfile|g;
+        s|%SSLKEYFILE%|$heat_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $heat_cfn_apache_conf
+
+    sudo cp $FILES/apache-heat-api-cloudwatch.template $heat_cloudwatch_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$heat_cw_api_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%HEAT_BIN_DIR%|$HEAT_BIN_DIR|g;
+        s|%SSLENGINE%|$heat_ssl|g;
+        s|%SSLCERTFILE%|$heat_certfile|g;
+        s|%SSLKEYFILE%|$heat_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $heat_cloudwatch_apache_conf
+}
+
+
 # create_heat_accounts() - Set up common required heat accounts
 function create_heat_accounts {
     if [[ "$HEAT_STANDALONE" != "True" ]]; then

From cf94edcbbdde75de3ce627d7e092936bc014d5f6 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Wed, 28 Oct 2015 09:50:01 -0700
Subject: [PATCH 1015/3421] Disable shelve/snapshot/cinder when running Tempest
 with libvirt+lxc

The libvirt+lxc backend in nova does not support shelve, image snapshot
or any volume-related actions (so pretty much anything to do with
cinder), so we need to configure tempest to not run tests that hit those
operations/service when using libvirt/lxc.

This is part of an overall effort to get a CI job running for nova with
the libvirt+lxc configuration per:

Ic07c39e219121ba6b8b20de2b83a193bb735133d

Change-Id: I4decfcc5a5dfbabdecb3eb9fc93f1d1d6c2af805
---
 lib/tempest | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 10dd652750..565e965836 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -531,6 +531,8 @@ function configure_tempest {
     if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
         iniset $TEMPEST_CONFIG compute-feature-enabled rescue False
         iniset $TEMPEST_CONFIG compute-feature-enabled resize False
+        iniset $TEMPEST_CONFIG compute-feature-enabled shelve False
+        iniset $TEMPEST_CONFIG compute-feature-enabled snapshot False
         iniset $TEMPEST_CONFIG compute-feature-enabled suspend False
     fi
 
@@ -548,6 +550,12 @@ function configure_tempest {
         fi
     done
 
+    if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
+        # libvirt-lxc does not support boot from volume or attaching volumes
+        # so basically anything with cinder is out of the question.
+        iniset $TEMPEST_CONFIG service_available cinder "False"
+    fi
+
     if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
         # Use the ``BOTO_CONFIG`` environment variable to point to this file
         iniset -sudo $BOTO_CONF Boto ca_certificates_file $SSL_BUNDLE_FILE

From 5cdee8dd3311e501302993cd8c81b39cb6b45090 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 19 Oct 2015 14:17:18 +1100
Subject: [PATCH 1016/3421] Update to bashate 0.3.2

Bashate 0.3.2 has a few new checks -- firstly make sure some of the
plugins have #!/bin/bash, and fix up a couple of "local" changes that
were missed by I9c8912a8fd596535589b207d7fc553b9d951d3fe

Change-Id: I9e4b1c0dc9e0f709d8e76f9c9bf1c9478b2605ed
---
 functions-common                          | 20 ++++++++++++++------
 lib/heat                                  | 12 ++++++++----
 lib/neutron_plugins/services/firewall     |  2 ++
 lib/neutron_plugins/services/loadbalancer |  2 ++
 lib/neutron_plugins/services/metering     |  2 ++
 lib/neutron_plugins/services/vpn          |  2 ++
 lib/neutron_thirdparty/vmware_nsx         |  2 ++
 tox.ini                                   |  7 ++++---
 8 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/functions-common b/functions-common
index 42555a95f5..ceefd443b1 100644
--- a/functions-common
+++ b/functions-common
@@ -1746,7 +1746,8 @@ function run_phase {
             # extras.d in an unsupported way which will let us track
             # unsupported usage in the gate.
             local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh"
-            local extra=$(basename $extra_plugin_file_name)
+            local extra
+            extra=$(basename $extra_plugin_file_name)
             if [[ ! ( $exceptions =~ "$extra" ) ]]; then
                 deprecated "extras.d support is being removed in Mitaka-1"
                 deprecated "jobs for project $extra will break after that point"
@@ -2184,14 +2185,21 @@ function time_start {
 # global counter for that name. Errors if that clock had not
 # previously been started.
 function time_stop {
-    local name=$1
-    local start_time=${START_TIME[$name]}
+    local name
+    local end_time
+    local elpased_time
+    local total
+    local start_time
+
+    name=$1
+    start_time=${START_TIME[$name]}
+
     if [[ -z "$start_time" ]]; then
         die $LINENO "Trying to stop the clock on $name, but it was never started"
     fi
-    local end_time=$(date +%s)
-    local elapsed_time=$(($end_time - $start_time))
-    local total=${TOTAL_TIME[$name]:-0}
+    end_time=$(date +%s)
+    elapsed_time=$(($end_time - $start_time))
+    total=${TOTAL_TIME[$name]:-0}
     # reset the clock so we can start it in the future
     START_TIME[$name]=""
     TOTAL_TIME[$name]=$(($total + $elapsed_time))
diff --git a/lib/heat b/lib/heat
index 85fdaa1eb2..f3f0548947 100644
--- a/lib/heat
+++ b/lib/heat
@@ -239,7 +239,8 @@ function start_heat {
     run_process h-eng "$HEAT_BIN_DIR/heat-engine --config-file=$HEAT_CONF"
 
     # If the site is not enabled then we are in a grenade scenario
-    local enabled_site_file=$(apache_site_config_for heat-api)
+    local enabled_site_file
+    enabled_site_file=$(apache_site_config_for heat-api)
     if [ -f ${enabled_site_file} ] && [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
         enable_apache_site heat-api
         enable_apache_site heat-api-cfn
@@ -284,9 +285,12 @@ function _cleanup_heat_apache_wsgi {
 # _config_heat_apache_wsgi() - Set WSGI config files of Heat
 function _config_heat_apache_wsgi {
 
-    local heat_apache_conf=$(apache_site_config_for heat-api)
-    local heat_cfn_apache_conf=$(apache_site_config_for heat-api-cfn)
-    local heat_cloudwatch_apache_conf=$(apache_site_config_for heat-api-cloudwatch)
+    local heat_apache_conf
+    heat_apache_conf=$(apache_site_config_for heat-api)
+    local heat_cfn_apache_conf
+    heat_cfn_apache_conf=$(apache_site_config_for heat-api-cfn)
+    local heat_cloudwatch_apache_conf
+    heat_cloudwatch_apache_conf=$(apache_site_config_for heat-api-cloudwatch)
     local heat_ssl=""
     local heat_certfile=""
     local heat_keyfile=""
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index 61a148e596..3496da82f8 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # Neutron firewall plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
index 34190f9a56..7865f6fd6e 100644
--- a/lib/neutron_plugins/services/loadbalancer
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # Neutron loadbalancer plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/services/metering b/lib/neutron_plugins/services/metering
index 37ba019b98..c75ab19d4e 100644
--- a/lib/neutron_plugins/services/metering
+++ b/lib/neutron_plugins/services/metering
@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # Neutron metering plugin
 # ---------------------------
 
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index 4d6a2bf9a0..c0e7457413 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # Neutron VPN plugin
 # ---------------------------
 
diff --git a/lib/neutron_thirdparty/vmware_nsx b/lib/neutron_thirdparty/vmware_nsx
index 03853a9bf4..e182fca1ae 100644
--- a/lib/neutron_thirdparty/vmware_nsx
+++ b/lib/neutron_thirdparty/vmware_nsx
@@ -1,2 +1,4 @@
+#!/bin/bash
+
 # REVISIT(roeyc): this file left empty so that 'enable_service vmware_nsx'
 # continues to work.
diff --git a/tox.ini b/tox.ini
index 0df9877ba8..9279455bb8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,7 +9,7 @@ install_command = pip install {opts} {packages}
 
 [testenv:bashate]
 deps =
-   {env:BASHATE_INSTALL_PATH:bashate==0.3.1}
+   {env:BASHATE_INSTALL_PATH:bashate==0.3.2}
 whitelist_externals = bash
 commands = bash -c "find {toxinidir}             \
          -not \( -type d -name .?\* -prune \)    \ # prune all 'dot' dirs
@@ -20,12 +20,13 @@ commands = bash -c "find {toxinidir}             \
          -not -name \*.md                        \
          \(                                      \
           -name \*.sh -or                        \
-          -name \*rc -or                         \
+          -name \*.orig -or                      \
+          -name \*rc -or                         \ # openrc files, etc
           -name functions\* -or                  \
           -wholename \*/inc/\* -or               \ # /inc files and
           -wholename \*/lib/\*                   \ # /lib files are shell, but
          \)                                      \ #   have no extension
-         -print0 | xargs -0 bashate -v -iE006"
+         -print0 | xargs -0 bashate -v -iE006 -eE005,E042"
 
 [testenv:docs]
 deps =

From 347dbac04e8988a01e3330e34b57f1e5b3c6aa2a Mon Sep 17 00:00:00 2001
From: Nicolas Simonds 
Date: Wed, 21 Jan 2015 13:40:42 -0800
Subject: [PATCH 1017/3421] Add the ability to install/enable Heat plugins

Adds the $ENABLE_HEAT_PLUGINS variable, which should be a list of
the names of the plugins the user wishes to install.

Change-Id: I2ba90002a8fad1cdce6543c89dc37c5912fe133e
---
 lib/heat | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/lib/heat b/lib/heat
index f3f0548947..e42bdf0b9e 100644
--- a/lib/heat
+++ b/lib/heat
@@ -69,6 +69,8 @@ else
     HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
     HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
 fi
+HEAT_PLUGIN_DIR=${HEAT_PLUGIN_DIR:-$DATA_DIR/heat/plugins}
+ENABLE_HEAT_PLUGINS=${ENABLE_HEAT_PLUGINS:-}
 
 # Functions
 # ---------
@@ -188,6 +190,35 @@ function configure_heat {
     # copy the default templates
     cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/
 
+    # Enable heat plugins.
+    # NOTE(nic): The symlink nonsense is necessary because when
+    # plugins are installed in "developer mode", the final component
+    # of their target directory is always "resources", which confuses
+    # Heat's plugin loader into believing that all plugins are named
+    # "resources", and therefore are all the same plugin; so it
+    # will only load one of them.  Linking them all to a common
+    # location with unique names avoids that type of collision,
+    # while still allowing the plugins to be edited in-tree.
+    local err_count=0
+
+    if [ -n "$ENABLE_HEAT_PLUGINS" ]; then
+        mkdir -p $HEAT_PLUGIN_DIR
+        # Clean up cruft from any previous runs
+        rm -f $HEAT_PLUGIN_DIR/*
+        iniset $HEAT_CONF DEFAULT plugin_dirs $HEAT_PLUGIN_DIR
+    fi
+
+    for heat_plugin in $ENABLE_HEAT_PLUGINS; do
+        if [ -d $HEAT_DIR/contrib/$heat_plugin ]; then
+            setup_package $HEAT_DIR/contrib/$heat_plugin -e
+            ln -s $HEAT_DIR/contrib/$heat_plugin/$heat_plugin/resources $HEAT_PLUGIN_DIR/$heat_plugin
+        else
+            : # clear retval on the test so that we can roll up errors
+            err $LINENO "Requested Heat plugin(${heat_plugin}) not found."
+            err_count=$(($err_count + 1))
+        fi
+    done
+    [ $err_count -eq 0 ] || die $LINENO "$err_count of the requested Heat plugins could not be installed."
 }
 
 # init_heat() - Initialize database

From abb40f61939355f471c1a37c671774923e12b660 Mon Sep 17 00:00:00 2001
From: Thiago Paiva 
Date: Thu, 29 Oct 2015 11:38:24 -0300
Subject: [PATCH 1018/3421] Correct Cinder protocol for connections on Ironic

The protocol for connections with Cinder is wrong for the Ironic script. This
patch changes the script to use $GLANCE_SERVICE_PROTOCOL, which is https when
USE_SSL=true or tls-proxy is on ENABLED_SERVICES.

Change-Id: I4d4c6f9dc6f6ee53166db109848dca64334b8748
---
 lib/ironic | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index de07b49667..d786870165 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -795,7 +795,7 @@ function upload_baremetal_ironic_deploy {
     # load them into glance
     IRONIC_DEPLOY_KERNEL_ID=$(openstack \
         --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
+        --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
         image create \
         $(basename $IRONIC_DEPLOY_KERNEL_PATH) \
         --public --disk-format=aki \
@@ -803,7 +803,7 @@ function upload_baremetal_ironic_deploy {
         < $IRONIC_DEPLOY_KERNEL_PATH  | grep ' id ' | get_field 2)
     IRONIC_DEPLOY_RAMDISK_ID=$(openstack \
         --os-token $token \
-        --os-url http://$GLANCE_HOSTPORT \
+        --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
         image create \
         $(basename $IRONIC_DEPLOY_RAMDISK_PATH) \
         --public --disk-format=ari \

From 7159b4ba5956c0fd3141fe13ac40057364683c9c Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Thu, 22 Oct 2015 15:47:49 -0400
Subject: [PATCH 1019/3421] Config graceful_shutdown_timeout option for
 services

To avoid hanging services during gracefull shutdown option
graceful_shutdown_timeout should be configured.

Closes-Bug: #1446583

Change-Id: I2b7f0df831d65c55ae8cae241478f49c9641d99f
---
 lib/cinder | 2 +-
 lib/glance | 2 ++
 lib/nova   | 1 +
 stackrc    | 3 +++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/cinder b/lib/cinder
index ed9a1038d6..a916c6540f 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -357,7 +357,7 @@ function configure_cinder {
     iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
     iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
     iniset $CINDER_CONF DEFAULT os_privileged_user_tenant "$SERVICE_TENANT_NAME"
-
+    iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
 }
 
 # create_cinder_accounts() - Set up common required cinder accounts
diff --git a/lib/glance b/lib/glance
index 2eb93a46e6..5a1b2834d0 100644
--- a/lib/glance
+++ b/lib/glance
@@ -115,6 +115,7 @@ function configure_glance {
     configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
     iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
     iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
+    iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
 
     cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
     iniset $GLANCE_API_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -149,6 +150,7 @@ function configure_glance {
         iniset $GLANCE_API_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
         iniset $GLANCE_API_CONF glance_store default_swift_reference ref1
         iniset $GLANCE_API_CONF glance_store stores "file, http, swift"
+        iniset $GLANCE_API_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
 
         iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_TENANT_NAME:glance-swift
         iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
diff --git a/lib/nova b/lib/nova
index 6c414030ae..cce598d853 100644
--- a/lib/nova
+++ b/lib/nova
@@ -649,6 +649,7 @@ function create_nova_conf {
         iniset $NOVA_CONF serial_console serialproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
         iniset $NOVA_CONF serial_console enabled True
     fi
+    iniset $NOVA_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
 }
 
 function init_nova_cells {
diff --git a/stackrc b/stackrc
index 819aa0125c..1a95e2b7ed 100644
--- a/stackrc
+++ b/stackrc
@@ -669,6 +669,9 @@ fi
 # Service startup timeout
 SERVICE_TIMEOUT=${SERVICE_TIMEOUT:-60}
 
+# Service graceful shutdown timeout
+SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT=${SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT:-5}
+
 # Support alternative yum -- in future Fedora 'dnf' will become the
 # only supported installer, but for now 'yum' and 'dnf' are both
 # available in parallel with compatible CLIs.  Allow manual switching

From cdcdeb64602ea271bedf20f58a9f1ca1c0075c84 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Thu, 29 Oct 2015 09:48:17 -0700
Subject: [PATCH 1020/3421] Remove CINDER_VOLUME_CLEAR value validation

132fbcd38ebae52bdd20da54905131b75581520f in cinder changed the
volume_clear StrOpt to use the choices kwarg which enforces the value
specified and raises a ValueError if an invalid value is set for the
option in cinder.conf.

This lets us remove the validation that devstack was doing.

Change-Id: Ia7eead6297ed0f3a972de2021170fe9c7225e856
---
 lib/cinder | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index ed9a1038d6..1307c11f7a 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -317,9 +317,7 @@ function configure_cinder {
 
     iniset_rpc_backend cinder $CINDER_CONF
 
-    if [[ "$CINDER_VOLUME_CLEAR" == "none" ]] || [[ "$CINDER_VOLUME_CLEAR" == "zero" ]] || [[ "$CINDER_VOLUME_CLEAR" == "shred" ]]; then
-        iniset $CINDER_CONF DEFAULT volume_clear $CINDER_VOLUME_CLEAR
-    fi
+    iniset $CINDER_CONF DEFAULT volume_clear $CINDER_VOLUME_CLEAR
 
     # Format logging
     if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$CINDER_USE_MOD_WSGI" == "False" ]; then

From 5ea1e16d83d6312fb17976ded0ab1a6a3773ca4d Mon Sep 17 00:00:00 2001
From: Stephen Finucane 
Date: Thu, 29 Oct 2015 20:12:26 +0000
Subject: [PATCH 1021/3421] lib/nova: Remove 'DEFAULT/verbose'

The 'verbose' option has been deprecated by oslo_log. Using it
results in a warning for the 'nova-manage' command and likely
many other OpenStack commands.

Change-Id: Icc11b25f56ebc62443c6afa90b9572d5c63b3882
Partial-bug: #1511505
---
 lib/nova | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/nova b/lib/nova
index 6c414030ae..47c43bd193 100644
--- a/lib/nova
+++ b/lib/nova
@@ -480,7 +480,6 @@ function create_nova_conf {
 
     # (Re)create ``nova.conf``
     rm -f $NOVA_CONF
-    iniset $NOVA_CONF DEFAULT verbose "True"
     iniset $NOVA_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
     if [ "$NOVA_ALLOW_MOVE_TO_SAME_HOST" == "True" ]; then
         iniset $NOVA_CONF DEFAULT allow_resize_to_same_host "True"

From 0ec80802735163fdbdb4ceaa339aa73f93bbd87a Mon Sep 17 00:00:00 2001
From: Daniel Gonzalez 
Date: Fri, 30 Oct 2015 14:25:41 +0100
Subject: [PATCH 1022/3421] Remove multi-region workaround

When keystone API v3 was introduced, filtering regions when listing
endpoints was not supported (see [1]). This caused multi-region devstack
deployments to fail (see [2]). A workaround was introduced to devstack
to enable for multi-region deployments until region filtering would work
in keystone API v3.
Now that the bug related to region filtering in keystone is resolved,
the workaround should be removed.

[1]: https://bugs.launchpad.net/keystone/+bug/1482772
[2]: https://bugs.launchpad.net/devstack/+bug/1483784

Closes-Bug: #1511745
Related-Bug: #1483784
Related-Bug: #1482772
Change-Id: I52d13c3f5e7b77a7f8fb1be4dcea437988ebddfe
---
 functions-common | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/functions-common b/functions-common
index d36d323820..d282203d45 100644
--- a/functions-common
+++ b/functions-common
@@ -913,16 +913,11 @@ function get_or_create_service {
 # Usage: _get_or_create_endpoint_with_interface    
 function _get_or_create_endpoint_with_interface {
     local endpoint_id
-    # TODO(dgonzalez): The check of the region name, as done in the grep
-    # statement below, exists only because keystone does currently
-    # not allow filtering the region name when listing endpoints. If keystone
-    # gets support for this, the check for the region name can be removed.
-    # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
     endpoint_id=$(openstack endpoint list \
         --service $1 \
         --interface $2 \
         --region $4 \
-        -c ID -c Region -f value | grep $4 | cut -f 1 -d " ")
+        -c ID -f value)
     if [[ -z "$endpoint_id" ]]; then
         # Creates new endpoint
         endpoint_id=$(openstack endpoint create \

From 55a1bca28215a7623c9bd067a663e176d4b3e672 Mon Sep 17 00:00:00 2001
From: Andrey Kurilin 
Date: Fri, 30 Oct 2015 16:24:19 +0200
Subject: [PATCH 1023/3421] Remove wrong paramter COMPUTE_API_VERSION

Since:
 - novaclient doesn't require specify the *compute api* version
  (default is 2.latest now)
 - novaclient doesn't use COMPUTE_API_VERSION, since it's wrong name(
   OS_COMPUTE_API_VERSION is a correct name)

we can remove COMPUTE_API_VERSION and NOVA_VERSION vars

Change-Id: I47856863e9403870b8d60c778b97d3de1a212ae1
---
 exercises/client-args.sh | 1 -
 exercises/client-env.sh  | 4 ----
 openrc                   | 6 ------
 3 files changed, 11 deletions(-)

diff --git a/exercises/client-args.sh b/exercises/client-args.sh
index c33ef44e9a..7cfef1c807 100755
--- a/exercises/client-args.sh
+++ b/exercises/client-args.sh
@@ -41,7 +41,6 @@ unset NOVA_PROJECT_ID
 unset NOVA_REGION_NAME
 unset NOVA_URL
 unset NOVA_USERNAME
-unset NOVA_VERSION
 
 # Save the known variables for later
 export x_TENANT_NAME=$OS_TENANT_NAME
diff --git a/exercises/client-env.sh b/exercises/client-env.sh
index 4a0609a944..1d2f4f5689 100755
--- a/exercises/client-env.sh
+++ b/exercises/client-env.sh
@@ -41,7 +41,6 @@ unset NOVA_PROJECT_ID
 unset NOVA_REGION_NAME
 unset NOVA_URL
 unset NOVA_USERNAME
-unset NOVA_VERSION
 
 for i in OS_TENANT_NAME OS_USERNAME OS_PASSWORD OS_AUTH_URL; do
     is_set $i
@@ -101,9 +100,6 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
             STATUS_EC2="Failed"
             RETURN=1
         fi
-
-        # Clean up side effects
-        unset NOVA_VERSION
     fi
 fi
 
diff --git a/openrc b/openrc
index 71ba5a6ea5..9bc0fd77f4 100644
--- a/openrc
+++ b/openrc
@@ -95,12 +95,6 @@ if [[ ! -v OS_CACERT ]] ; then
     fi
 fi
 
-# Currently novaclient needs you to specify the *compute api* version.  This
-# needs to match the config of your catalog returned by Keystone.
-export NOVA_VERSION=${NOVA_VERSION:-1.1}
-# In the future this will change names:
-export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}
-
 # Currently cinderclient needs you to specify the *volume api* version. This
 # needs to match the config of your catalog returned by Keystone.
 export CINDER_VERSION=${CINDER_VERSION:-2}

From f54f60a63ea146e54d430e343f666638bf7947d2 Mon Sep 17 00:00:00 2001
From: Einst Crazy 
Date: Fri, 30 Oct 2015 23:00:57 +0800
Subject: [PATCH 1024/3421] Delete some comment or messages of
 keystone_data.sh(removed)

As files/keystone_data.sh has been removed in the commit
https://review.openstack.org/#/c/79366/, we should remove some
related documations and comments.

Change-Id: I7802d0052fa28d8debb7f361d36a4f108869554c
---
 HACKING.rst                  | 3 +--
 doc/source/configuration.rst | 2 +-
 lib/tempest                  | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/HACKING.rst b/HACKING.rst
index 6bd24b0174..d66687e351 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -250,8 +250,7 @@ These scripts are executed serially by ``exercise.sh`` in testing situations.
   database access from the exercise itself.
 
 * If specific configuration needs to be present for the exercise to complete,
-  it should be staged in ``stack.sh``, or called from ``stack.sh`` (see
-  ``files/keystone_data.sh`` for an example of this).
+  it should be staged in ``stack.sh``, or called from ``stack.sh``.
 
 * The ``OS_*`` environment variables should be the only ones used for all
   authentication to OpenStack clients as documented in the CLIAuth_ wiki page.
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index d70d3dae17..9ba657a50d 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -393,7 +393,7 @@ with ``KEYSTONE_CATALOG_BACKEND``:
         KEYSTONE_CATALOG_BACKEND=template
 
 DevStack's default configuration in ``sql`` mode is set in
-``files/keystone_data.sh``
+``lib/keystone``
 
 
 Guest Images
diff --git a/lib/tempest b/lib/tempest
index 32630dbf59..03e2aacf97 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -23,7 +23,7 @@
 #
 # Optional Dependencies:
 #
-# - ``ALT_*`` (similar vars exists in keystone_data.sh)
+# - ``ALT_*``
 # - ``LIVE_MIGRATION_AVAILABLE``
 # - ``USE_BLOCK_MIGRATION_FOR_LIVE_MIGRATION``
 # - ``DEFAULT_INSTANCE_TYPE``

From 08abba008e735d333f9180180c6a28e7cd5a1171 Mon Sep 17 00:00:00 2001
From: Marian Horban 
Date: Thu, 11 Jun 2015 13:01:41 -0400
Subject: [PATCH 1025/3421] Add ability to run Nova metadata under Apache2

This patch allows to run Nova metadata service using Apache
on port 80 under /metadata URL.

Change-Id: I18f3399738c31166eac884a9b0d5c4045d3f445c
---
 files/apache-nova-metadata.template | 25 +++++++++++++++++++++++++
 lib/nova                            | 23 +++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 files/apache-nova-metadata.template

diff --git a/files/apache-nova-metadata.template b/files/apache-nova-metadata.template
new file mode 100644
index 0000000000..6231c1ced8
--- /dev/null
+++ b/files/apache-nova-metadata.template
@@ -0,0 +1,25 @@
+Listen %PUBLICPORT%
+
+
+    WSGIDaemonProcess nova-metadata processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup nova-metadata
+    WSGIScriptAlias / %PUBLICWSGI%
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    = 2.4>
+      ErrorLogFormat "%M"
+    
+    ErrorLog /var/log/%APACHE_NAME%/nova-metadata.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
+
+Alias /metadata %PUBLICWSGI%
+
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup nova-metadata
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+
diff --git a/lib/nova b/lib/nova
index 6c414030ae..e82c28be4d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -7,6 +7,7 @@
 #
 # - ``functions`` file
 # - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
+# - ``FILES``
 # - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
 # - ``LIBVIRT_TYPE`` must be defined
 # - ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
@@ -87,6 +88,7 @@ NOVA_SERVICE_LOCAL_HOST=${NOVA_SERVICE_LOCAL_HOST:-$SERVICE_LOCAL_HOST}
 NOVA_SERVICE_LISTEN_ADDRESS=${NOVA_SERVICE_LISTEN_ADDRESS:-$SERVICE_LISTEN_ADDRESS}
 EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773}
 EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773}
+METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}
 
 # Option to enable/disable config drive
 # NOTE: Set ``FORCE_CONFIG_DRIVE="False"`` to turn OFF config drive
@@ -241,6 +243,7 @@ function _cleanup_nova_apache_wsgi {
     sudo rm -f $NOVA_WSGI_DIR/*
     sudo rm -f $(apache_site_config_for nova-api)
     sudo rm -f $(apache_site_config_for nova-ec2-api)
+    sudo rm -f $(apache_site_config_for nova-metadata)
 }
 
 # _config_nova_apache_wsgi() - Set WSGI config files of Keystone
@@ -251,11 +254,14 @@ function _config_nova_apache_wsgi {
     nova_apache_conf=$(apache_site_config_for nova-api)
     local nova_ec2_apache_conf
     nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api)
+    local nova_metadata_apache_conf
+    nova_metadata_apache_conf=$(apache_site_config_for nova-metadata)
     local nova_ssl=""
     local nova_certfile=""
     local nova_keyfile=""
     local nova_api_port=$NOVA_SERVICE_PORT
     local nova_ec2_api_port=$EC2_SERVICE_PORT
+    local nova_metadata_port=$METADATA_SERVICE_PORT
     local venv_path=""
 
     if is_ssl_enabled_service nova-api; then
@@ -270,6 +276,7 @@ function _config_nova_apache_wsgi {
     # copy proxy vhost and wsgi helper files
     sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api
     sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api
+    sudo cp $NOVA_DIR/nova/wsgi/nova-metadata.py $NOVA_WSGI_DIR/nova-metadata
 
     sudo cp $FILES/apache-nova-api.template $nova_apache_conf
     sudo sed -e "
@@ -296,6 +303,19 @@ function _config_nova_apache_wsgi {
         s|%VIRTUALENV%|$venv_path|g
         s|%APIWORKERS%|$API_WORKERS|g
     " -i $nova_ec2_apache_conf
+
+    sudo cp $FILES/apache-nova-metadata.template $nova_metadata_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$nova_metadata_port|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-metadata|g;
+        s|%SSLENGINE%|$nova_ssl|g;
+        s|%SSLCERTFILE%|$nova_certfile|g;
+        s|%SSLKEYFILE%|$nova_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+        s|%APIWORKERS%|$API_WORKERS|g
+    " -i $nova_metadata_apache_conf
 }
 
 # configure_nova() - Set config files, create data dirs, etc
@@ -798,9 +818,11 @@ function start_nova_api {
     if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
         enable_apache_site nova-api
         enable_apache_site nova-ec2-api
+        enable_apache_site nova-metadata
         restart_apache_server
         tail_log nova-api /var/log/$APACHE_NAME/nova-api.log
         tail_log nova-ec2-api /var/log/$APACHE_NAME/nova-ec2-api.log
+        tail_log nova-metadata /var/log/$APACHE_NAME/nova-metadata.log
     else
         run_process n-api "$NOVA_BIN_DIR/nova-api"
     fi
@@ -916,6 +938,7 @@ function stop_nova_rest {
     if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
         disable_apache_site nova-api
         disable_apache_site nova-ec2-api
+        disable_apache_site nova-metadata
         restart_apache_server
     else
         stop_process n-api

From 463a0e6d980690d00b17b9ebcfaf83c2f12d7615 Mon Sep 17 00:00:00 2001
From: keiji niwa 
Date: Sat, 11 Jul 2015 22:09:49 +0900
Subject: [PATCH 1026/3421] Replace hard-coded --ipv6-address-mode

Looks like this was just a typo in the original
d1498d74db816b3edbb8376ca5acb7cc5792ea5c ; replace with
environment variable

Change-Id: I877c1a570a68e926c91fc8a393217e6b18245f82
---
 lib/neutron-legacy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 3c3c96b7bd..c244e5470a 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -547,7 +547,7 @@ function create_neutron_initial_network {
         fi
 
         if [[ "$IP_VERSION" =~ .*6 ]]; then
-            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode slaac --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
             die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $PROVIDER_SUBNET_NAME_V6 $TENANT_ID"
         fi
 

From 508931ff367df646d1fa6068008fe550c5572d02 Mon Sep 17 00:00:00 2001
From: Hirofumi Ichihara 
Date: Mon, 2 Nov 2015 17:39:48 +0900
Subject: [PATCH 1027/3421] Remove Ubuntu 14.10 as supported distribution

Ubuntu 14.10(utopic) reached end of life[1].

[1]: https://lists.ubuntu.com/archives/ubuntu-announce/2015-July/000197.html

Change-Id: Iab13ca797bda56462d9d117aa500d3ba0d9bebcb
---
 lib/nova_plugins/functions-libvirt | 2 +-
 stack.sh                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 5525cfd951..78c59786d8 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -23,7 +23,7 @@ DEBUG_LIBVIRT=$(trueorfalse True DEBUG_LIBVIRT)
 # Installs required distro-specific libvirt packages.
 function install_libvirt {
     if is_ubuntu; then
-        if is_arch "aarch64" && [[ ${DISTRO} =~ (trusty|utopic) ]]; then
+        if is_arch "aarch64" && [[ ${DISTRO} == "trusty" ]]; then
             install_package qemu-system
         else
             install_package qemu-kvm
diff --git a/stack.sh b/stack.sh
index 80247317cf..bdbb025a0b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -178,7 +178,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|utopic|vivid|7.0|wheezy|sid|testing|jessie|f21|f22|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|vivid|7.0|wheezy|sid|testing|jessie|f21|f22|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From c30657d7de1a253ffd541d07a0b449d395cb8eab Mon Sep 17 00:00:00 2001
From: Markus Zoeller 
Date: Mon, 2 Nov 2015 11:27:46 +0100
Subject: [PATCH 1028/3421] Cleanup ReST format issues

* ReST doesn't allow monospace in italic sections.
      bash$ grep -R \`\` doc/build/html/ --include "*.html"
* The code-block section "::" needed an empty line before the code,
  otherwise it gets shown in the HTML output.
      bash$ egrep -R "
        ::" doc/build/html/ --include "*.html"
* Monospaced font incorrectly marked with a single back tick
      bash$ egrep -nR '\w`(\s|[\.,;:])' doc/source/ --include "*.rst"

Change-Id: I66c3f685f33851c3f3f0f859996037fc24930246
---
 doc/source/configuration.rst                  | 33 ++++++++++---------
 doc/source/guides/devstack-with-lbaas-v2.rst  |  2 +-
 .../guides/devstack-with-nested-kvm.rst       | 12 +++----
 doc/source/guides/neutron.rst                 | 18 +++++-----
 4 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index d70d3dae17..e9921f049c 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -202,8 +202,8 @@ process to a file in ``LOGDIR``.
 
         LOGDIR=$DEST/logs
 
-*Note the use of ``DEST`` to locate the main install directory; this
-is why we suggest setting it in ``local.conf``.*
+Note the use of ``DEST`` to locate the main install directory; this
+is why we suggest setting it in ``local.conf``.
 
 Enabling Syslog
 ~~~~~~~~~~~~~~~
@@ -239,15 +239,15 @@ Database Backend
 
 Multiple database backends are available. The available databases are defined
 in the lib/databases directory.
-`mysql` is the default database, choose a different one by putting the
-following in the `localrc` section:
+``mysql`` is the default database, choose a different one by putting the
+following in the ``localrc`` section:
 
    ::
 
       disable_service mysql
       enable_service postgresql
 
-`mysql` is the default database.
+``mysql`` is the default database.
 
 RPC Backend
 -----------
@@ -260,6 +260,7 @@ RabbitMQ is handled via the usual service functions and
 Example disabling RabbitMQ in ``local.conf``:
 
 ::
+
     disable_service rabbit
 
 
@@ -511,7 +512,7 @@ VM. When running with only one replica the account, container and
 object services will run directly in screen. The others services like
 replicator, updaters or auditor runs in background.
 
-If you would like to enable Swift you can add this to your `localrc`
+If you would like to enable Swift you can add this to your ``localrc``
 section:
 
 ::
@@ -519,7 +520,7 @@ section:
     enable_service s-proxy s-object s-container s-account
 
 If you want a minimal Swift install with only Swift and Keystone you
-can have this instead in your `localrc` section:
+can have this instead in your ``localrc`` section:
 
 ::
 
@@ -528,24 +529,24 @@ can have this instead in your `localrc` section:
 
 If you only want to do some testing of a real normal swift cluster
 with multiple replicas you can do so by customizing the variable
-`SWIFT_REPLICAS` in your `localrc` section (usually to 3).
+``SWIFT_REPLICAS`` in your ``localrc`` section (usually to 3).
 
 Swift S3
 ++++++++
 
-If you are enabling `swift3` in `ENABLED_SERVICES` DevStack will
+If you are enabling ``swift3`` in ``ENABLED_SERVICES`` DevStack will
 install the swift3 middleware emulation. Swift will be configured to
 act as a S3 endpoint for Keystone so effectively replacing the
-`nova-objectstore`.
+``nova-objectstore``.
 
 Only Swift proxy server is launched in the screen session all other
-services are started in background and managed by `swift-init` tool.
+services are started in background and managed by ``swift-init`` tool.
 
 Heat
 ~~~~
 
-Heat is disabled by default (see `stackrc` file). To enable it
-explicitly you'll need the following settings in your `localrc`
+Heat is disabled by default (see ``stackrc`` file). To enable it
+explicitly you'll need the following settings in your ``localrc``
 section
 
 ::
@@ -554,7 +555,7 @@ section
 
 Heat can also run in standalone mode, and be configured to orchestrate
 on an external OpenStack cloud. To launch only Heat in standalone mode
-you'll need the following settings in your `localrc` section
+you'll need the following settings in your ``localrc`` section
 
 ::
 
@@ -590,14 +591,14 @@ Xenserver
 ~~~~~~~~~
 
 If you would like to use Xenserver as the hypervisor, please refer to
-the instructions in `./tools/xen/README.md`.
+the instructions in ``./tools/xen/README.md``.
 
 Cells
 ~~~~~
 
 `Cells `__ is
 an alternative scaling option.  To setup a cells environment add the
-following to your `localrc` section:
+following to your ``localrc`` section:
 
 ::
 
diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
index f67978310d..4e5f874787 100644
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -17,7 +17,7 @@ Install devstack
     cd devstack
 
 
-Edit your `local.conf` to look like
+Edit your ``local.conf`` to look like
 
   ::
 
diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index c652bacced..85a5656198 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -50,7 +50,7 @@ the host:
     parm:           nested:bool
 
 Start your VM, now it should have KVM capabilities -- you can verify
-that by ensuring `/dev/kvm` character device is present.
+that by ensuring ``/dev/kvm`` character device is present.
 
 
 Configure Nested KVM for AMD-based Machines
@@ -97,7 +97,7 @@ To make the above value persistent across reboots, add an entry in
 Expose Virtualization Extensions to DevStack VM
 -----------------------------------------------
 
-Edit the VM's libvirt XML configuration via `virsh` utility:
+Edit the VM's libvirt XML configuration via ``virsh`` utility:
 
 ::
 
@@ -115,10 +115,10 @@ Ensure DevStack VM is Using KVM
 -------------------------------
 
 Before invoking ``stack.sh`` in the VM, ensure that KVM is enabled. This
-can be verified by checking for the presence of the file `/dev/kvm` in
+can be verified by checking for the presence of the file ``/dev/kvm`` in
 your VM. If it is present, DevStack will default to using the config
-attribute `virt_type = kvm` in `/etc/nova.conf`; otherwise, it'll fall
-back to `virt_type=qemu`, i.e. plain QEMU emulation.
+attribute ``virt_type = kvm`` in ``/etc/nova.conf``; otherwise, it'll fall
+back to ``virt_type=qemu``, i.e. plain QEMU emulation.
 
 Optionally, to explicitly set the type of virtualization, to KVM, by the
 libvirt driver in nova, the below config attribute can be used in
@@ -131,7 +131,7 @@ DevStack's ``local.conf``:
 
 Once DevStack is configured successfully, verify if the Nova instances
 are using KVM by noticing the QEMU CLI invoked by Nova is using the
-parameter `accel=kvm`, e.g.:
+parameter ``accel=kvm``, e.g.:
 
 ::
 
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 5891f68033..5e231315f7 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -170,8 +170,8 @@ nova, neutron)
 **Compute Nodes**
 
 In this example, the nodes that will host guest instances will run
-the `neutron-openvswitch-agent` for network connectivity, as well as
-the compute service `nova-compute`.
+the ``neutron-openvswitch-agent`` for network connectivity, as well as
+the compute service ``nova-compute``.
 
 DevStack Configuration
 ----------------------
@@ -256,16 +256,16 @@ compute node 1.
         Q_L3_ENABLED=False
 
 Compute node 2's configuration will be exactly the same, except
-`HOST_IP` will be `10.0.0.4`
+``HOST_IP`` will be ``10.0.0.4``
 
 When DevStack is configured to use provider networking (via
-`Q_USE_PROVIDER_NETWORKING` is True and `Q_L3_ENABLED` is False) -
+``Q_USE_PROVIDER_NETWORKING`` is True and ``Q_L3_ENABLED`` is False) -
 DevStack will automatically add the network interface defined in
-`PUBLIC_INTERFACE` to the `OVS_PHYSICAL_BRIDGE`
+``PUBLIC_INTERFACE`` to the ``OVS_PHYSICAL_BRIDGE``
 
 For example, with the above  configuration, a bridge is
-created, named `br-ex` which is managed by Open vSwitch, and the
-second interface on the compute node, `eth1` is attached to the
+created, named ``br-ex`` which is managed by Open vSwitch, and the
+second interface on the compute node, ``eth1`` is attached to the
 bridge, to forward traffic sent by guest VMs.
 
 Miscellaneous Tips
@@ -307,7 +307,7 @@ Configuring Extension Drivers for the ML2 Plugin
 ------------------------------------------------
 
 Extension drivers for the ML2 plugin are set with the variable
-`Q_ML2_PLUGIN_EXT_DRIVERS`, and includes the 'port_security' extension
+``Q_ML2_PLUGIN_EXT_DRIVERS``, and includes the 'port_security' extension
 by default. If you want to remove all the extension drivers (even
-'port_security'), set `Q_ML2_PLUGIN_EXT_DRIVERS` to blank.
+'port_security'), set ``Q_ML2_PLUGIN_EXT_DRIVERS`` to blank.
 

From 85f42f698c7bd74d53309da486fbf44ed860c348 Mon Sep 17 00:00:00 2001
From: Thomas Morin 
Date: Tue, 1 Sep 2015 10:33:10 +0200
Subject: [PATCH 1029/3421] Provide an error message on bogus config file spec

If local.conf specifies a config file addition in the following way...

[[post-config|$MY_CONF_FILE]]
[xyz]
foo=bar

...and $MY_CONF_FILE points to a file whose directory is not writable by
the user running the script, then stack.sh aborts with the following
obscure message:

  2015-09-01 08:20:08.113 | touch: setting times of '/': Permission denied

This patch modifies inc/meta-config to provide a useful error message,
such as:

  2015-09-01 08:20:08.114 | could not create config file / ($MY_CONF_FILE)

This patch also modifies inc/meta-config so that it provides an error
message if $MY_CONF_FILE is empty (instead of silently ignoring this local.conf
statement):

  2015-09-01 09:38:53.406 | bogus config file specification: $MY_CONF_FILE
  is undefined

Change-Id: I9b78407420318548561012a8672762bc7fdd6db6
Closes-Bug: 1490881
---
 inc/meta-config           | 17 ++++++++++++---
 tests/test_meta_config.sh | 45 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/inc/meta-config b/inc/meta-config
index e5f902d1dd..b9ab6b207f 100644
--- a/inc/meta-config
+++ b/inc/meta-config
@@ -89,9 +89,10 @@ function merge_config_file {
     # note, configfile might be a variable (note the iniset, etc
     # created in the mega-awk below is "eval"ed too, so we just leave
     # it alone.
-    local real_configfile=$(eval echo $configfile)
+    local real_configfile
+    real_configfile=$(eval echo $configfile)
     if [ ! -f $real_configfile ]; then
-        touch $real_configfile
+        touch $real_configfile || die $LINENO "could not create config file $real_configfile ($configfile)"
     fi
 
     get_meta_section $file $matchgroup $configfile | \
@@ -177,8 +178,18 @@ function merge_config_group {
     local configfile group
     for group in $matchgroups; do
         for configfile in $(get_meta_section_files $localfile $group); do
-            if [[ -d $(dirname $(eval "echo $configfile")) ]]; then
+            local realconfigfile
+            local dir
+
+            realconfigfile=$(eval "echo $configfile")
+            if [[ -z $realconfigfile ]]; then
+                die $LINENO "bogus config file specification: $configfile is undefined"
+            fi
+            dir=$(dirname $realconfigfile)
+            if [[ -d $dir ]]; then
                 merge_config_file $localfile $group $configfile
+            else
+                die $LINENO "bogus config file specification $configfile ($configfile=$realconfigfile, $dir is not a directory)"
             fi
         done
     done
diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh
index a04c081854..f3e94af8f8 100755
--- a/tests/test_meta_config.sh
+++ b/tests/test_meta_config.sh
@@ -23,6 +23,12 @@ function check_result {
     fi
 }
 
+# mock function-common:die so that it does not
+# interupt our test script
+function die {
+    exit -1
+}
+
 TEST_1C_ADD="[eee]
 type=new
 multi = foo2"
@@ -110,6 +116,15 @@ attr = strip_trailing_space
 [DEFAULT]
 servers=10.11.12.13:80
 
+[[test8|/permission-denied.conf]]
+foo=bar
+
+[[test9|\$UNDEF]]
+foo=bar
+
+[[test10|does-not-exist-dir/test.conf]]
+foo=bar
+
 [[test-multi-sections|test-multi-sections.conf]]
 [sec-1]
 cfg_item1 = abcd
@@ -340,6 +355,36 @@ EXPECT_VAL="
 servers = 10.11.12.13:80"
 check_result "$VAL" "$EXPECT_VAL"
 
+echo "merge_config_file test8 non-touchable conf file: "
+set +e
+# function is expected to fail and exit, running it
+# in a subprocess to let this script proceed
+(merge_config_file test.conf test8 /permission-denied.conf)
+VAL=$?
+EXPECT_VAL=255
+check_result "$VAL" "$EXPECT_VAL"
+set -e
+
+echo -n "merge_config_group test9 undefined conf file: "
+set +e
+# function is expected to fail and exit, running it
+# in a subprocess to let this script proceed
+(merge_config_group test.conf test9)
+VAL=$?
+EXPECT_VAL=255
+check_result "$VAL" "$EXPECT_VAL"
+set -e
+
+echo -n "merge_config_group test10 not directory: "
+set +e
+# function is expected to fail and exit, running it
+# in a subprocess to let this script proceed
+(merge_config_group test.conf test10)
+VAL=$?
+EXPECT_VAL=255
+check_result "$VAL" "$EXPECT_VAL"
+set -e
+
 rm -f test.conf test1c.conf test2a.conf \
     test-space.conf test-equals.conf test-strip.conf \
     test-colon.conf test-env.conf test-multiline.conf \

From dca49de22f57f3b2f502380b2cbfedb0dcdba209 Mon Sep 17 00:00:00 2001
From: Martin Hickey 
Date: Tue, 20 Oct 2015 12:13:19 +0100
Subject: [PATCH 1030/3421] Use stevedore aliases for interface_driver
 configuration

interface_driver configuration was updated to use stevedore aliases.
This patch is to change devstack scripts to now use the aliases
instead of the previous class imports.

Closes-Bug: #1504536

Change-Id: Ic56bfcc1f9da05a999e6fd328e4dd6617e9470ff
---
 lib/neutron_plugins/bigswitch_floodlight | 4 ++--
 lib/neutron_plugins/brocade              | 2 +-
 lib/neutron_plugins/cisco                | 2 +-
 lib/neutron_plugins/linuxbridge_agent    | 2 +-
 lib/neutron_plugins/openvswitch_agent    | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/neutron_plugins/bigswitch_floodlight b/lib/neutron_plugins/bigswitch_floodlight
index 4166131534..f52105e658 100644
--- a/lib/neutron_plugins/bigswitch_floodlight
+++ b/lib/neutron_plugins/bigswitch_floodlight
@@ -58,9 +58,9 @@ function neutron_plugin_configure_service {
 function neutron_plugin_setup_interface_driver {
     local conf_file=$1
     if [ "$BS_FL_VIF_DRIVER" = "ivs" ]; then
-        iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.IVSInterfaceDriver
+        iniset $conf_file DEFAULT interface_driver ivs
     else
-        iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+        iniset $conf_file DEFAULT interface_driver openvswitch
     fi
 }
 
diff --git a/lib/neutron_plugins/brocade b/lib/neutron_plugins/brocade
index 557b94dec0..953360e070 100644
--- a/lib/neutron_plugins/brocade
+++ b/lib/neutron_plugins/brocade
@@ -68,7 +68,7 @@ function neutron_plugin_configure_plugin_agent {
 
 function neutron_plugin_setup_interface_driver {
     local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
+    iniset $conf_file DEFAULT interface_driver linuxbridge
 }
 
 function has_neutron_plugin_security_group {
diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco
index 90dcd574c0..7d0cf1af39 100644
--- a/lib/neutron_plugins/cisco
+++ b/lib/neutron_plugins/cisco
@@ -150,7 +150,7 @@ function neutron_plugin_create_initial_network_profile {
 
 function neutron_plugin_setup_interface_driver {
     local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+    iniset $conf_file DEFAULT interface_driver openvswitch
 }
 
 # Restore xtrace
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index bd4438db04..f28bcfeadd 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -85,7 +85,7 @@ function neutron_plugin_configure_plugin_agent {
 
 function neutron_plugin_setup_interface_driver {
     local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
+    iniset $conf_file DEFAULT interface_driver linuxbridge
 }
 
 function neutron_plugin_check_adv_test_requirements {
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 48e47b3dab..5a843ffba7 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -110,7 +110,7 @@ function neutron_plugin_configure_plugin_agent {
 
 function neutron_plugin_setup_interface_driver {
     local conf_file=$1
-    iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+    iniset $conf_file DEFAULT interface_driver openvswitch
 }
 
 function neutron_plugin_check_adv_test_requirements {

From a91d455e23f68613db0e67fea339a13fd9eae7d4 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Tue, 20 Oct 2015 23:15:38 -0400
Subject: [PATCH 1031/3421] change `swift post` to openstackclient cli command

with the release of osc 1.8.0, modifying object store account
properties is now available. use this mechanism and avoid setting
environment variable that are only helpful for swift CLI.

Change-Id: Ie51e3e2bb86162763f23d0a6bed36208811f89fc
---
 lib/swift | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/swift b/lib/swift
index 3a8e80dd44..ee0238d975 100644
--- a/lib/swift
+++ b/lib/swift
@@ -813,11 +813,13 @@ function stop_swift {
 }
 
 function swift_configure_tempurls {
+    # note we are using swift credentials!
     OS_USERNAME=swift \
-        OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
-        OS_PASSWORD=$SERVICE_PASSWORD \
-        OS_AUTH_URL=$SERVICE_ENDPOINT \
-        swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
+    OS_PASSWORD=$SERVICE_PASSWORD \
+    OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
+    OS_AUTH_URL=$SERVICE_ENDPOINT \
+    openstack object store account \
+        set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
 }
 
 # Restore xtrace

From 0c96c37b5d9775a5c0ad257f210112f76f7987e7 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Sun, 1 Nov 2015 21:45:29 -0500
Subject: [PATCH 1032/3421] Enable devstack for Ubuntu 15.10 Wily

Change-Id: I2056fd26d42f29ececc4c38fdd791589ec7037a0
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index bdbb025a0b..72253f81d7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -178,7 +178,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|vivid|7.0|wheezy|sid|testing|jessie|f21|f22|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|vivid|wily|7.0|wheezy|sid|testing|jessie|f21|f22|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From 33a96ffc2609d8477542002e56515a5026c2c48d Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Mon, 2 Nov 2015 17:23:39 -0500
Subject: [PATCH 1033/3421] Zookeeper for DLM scenarios

In Tokyo, there was a cross project session on distributed
key locking:
https://etherpad.openstack.org/p/mitaka-cross-project-dlm

In support of the discussion there, we'll need support for
a zookeeper service in Devstack and ability to use libraries
like Tooz for DLM functionality.

In this review, we pick up some configuration files from
monasca-api and copy the lib/template to implement the
zookeeper lifecycle. Those services that need zookeeper
need to add "zookeeper" in ENABLED_SERVICES.

Change-Id: Icef26e5cdaa930a581e27d330e47706776a7f98f
---
 files/debs/zookeeper             |  1 +
 files/rpms/zookeeper             |  1 +
 files/zookeeper/environment      | 36 +++++++++++++
 files/zookeeper/log4j.properties | 69 +++++++++++++++++++++++++
 files/zookeeper/myid             |  1 +
 files/zookeeper/zoo.cfg          | 74 +++++++++++++++++++++++++++
 lib/zookeeper                    | 86 ++++++++++++++++++++++++++++++++
 stack.sh                         | 15 ++++++
 stackrc                          |  2 +-
 unstack.sh                       |  5 ++
 10 files changed, 289 insertions(+), 1 deletion(-)
 create mode 100644 files/debs/zookeeper
 create mode 100644 files/rpms/zookeeper
 create mode 100644 files/zookeeper/environment
 create mode 100644 files/zookeeper/log4j.properties
 create mode 100644 files/zookeeper/myid
 create mode 100644 files/zookeeper/zoo.cfg
 create mode 100644 lib/zookeeper

diff --git a/files/debs/zookeeper b/files/debs/zookeeper
new file mode 100644
index 0000000000..66227f7e31
--- /dev/null
+++ b/files/debs/zookeeper
@@ -0,0 +1 @@
+zookeeperd
\ No newline at end of file
diff --git a/files/rpms/zookeeper b/files/rpms/zookeeper
new file mode 100644
index 0000000000..c0d1c3066d
--- /dev/null
+++ b/files/rpms/zookeeper
@@ -0,0 +1 @@
+zookeeper
\ No newline at end of file
diff --git a/files/zookeeper/environment b/files/zookeeper/environment
new file mode 100644
index 0000000000..afa2d2f89f
--- /dev/null
+++ b/files/zookeeper/environment
@@ -0,0 +1,36 @@
+#
+# (C) Copyright 2015 Hewlett Packard Enterprise Development Company LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Modified from http://packages.ubuntu.com/saucy/zookeeperd
+NAME=zookeeper
+ZOOCFGDIR=/etc/zookeeper/conf
+
+# seems, that log4j requires the log4j.properties file to be in the classpath
+CLASSPATH="$ZOOCFGDIR:/usr/share/java/jline.jar:/usr/share/java/log4j-1.2.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/xmlParserAPIs.jar:/usr/share/java/netty.jar:/usr/share/java/slf4j-api.jar:/usr/share/java/slf4j-log4j12.jar:/usr/share/java/zookeeper.jar"
+
+ZOOCFG="$ZOOCFGDIR/zoo.cfg"
+ZOO_LOG_DIR=/var/log/zookeeper
+USER=$NAME
+GROUP=$NAME
+PIDDIR=/var/run/$NAME
+PIDFILE=$PIDDIR/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+JAVA=/usr/bin/java
+ZOOMAIN="org.apache.zookeeper.server.quorum.QuorumPeerMain"
+ZOO_LOG4J_PROP="INFO,ROLLINGFILE"
+JMXLOCALONLY=false
+JAVA_OPTS=""
diff --git a/files/zookeeper/log4j.properties b/files/zookeeper/log4j.properties
new file mode 100644
index 0000000000..6c45a4aad9
--- /dev/null
+++ b/files/zookeeper/log4j.properties
@@ -0,0 +1,69 @@
+#
+# (C) Copyright 2015 Hewlett Packard Enterprise Development Company LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# From http://packages.ubuntu.com/saucy/zookeeperd
+
+# ZooKeeper Logging Configuration
+#
+
+# Format is " (, )+
+
+log4j.rootLogger=${zookeeper.root.logger}
+
+# Example: console appender only
+# log4j.rootLogger=INFO, CONSOLE
+
+# Example with rolling log file
+#log4j.rootLogger=DEBUG, CONSOLE, ROLLINGFILE
+
+# Example with rolling log file and tracing
+#log4j.rootLogger=TRACE, CONSOLE, ROLLINGFILE, TRACEFILE
+
+#
+# Log INFO level and above messages to the console
+#
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+#
+# Add ROLLINGFILE to rootLogger to get log file output
+#    Log DEBUG level and above messages to a log file
+log4j.appender.ROLLINGFILE=org.apache.log4j.RollingFileAppender
+log4j.appender.ROLLINGFILE.Threshold=WARN
+log4j.appender.ROLLINGFILE.File=${zookeeper.log.dir}/zookeeper.log
+
+# Max log file size of 10MB
+log4j.appender.ROLLINGFILE.MaxFileSize=10MB
+# uncomment the next line to limit number of backup files
+#log4j.appender.ROLLINGFILE.MaxBackupIndex=10
+
+log4j.appender.ROLLINGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.ROLLINGFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+
+#
+# Add TRACEFILE to rootLogger to get log file output
+#    Log DEBUG level and above messages to a log file
+log4j.appender.TRACEFILE=org.apache.log4j.FileAppender
+log4j.appender.TRACEFILE.Threshold=TRACE
+log4j.appender.TRACEFILE.File=${zookeeper.log.dir}/zookeeper_trace.log
+
+log4j.appender.TRACEFILE.layout=org.apache.log4j.PatternLayout
+### Notice we are including log4j's NDC here (%x)
+log4j.appender.TRACEFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L][%x] - %m%n
diff --git a/files/zookeeper/myid b/files/zookeeper/myid
new file mode 100644
index 0000000000..c227083464
--- /dev/null
+++ b/files/zookeeper/myid
@@ -0,0 +1 @@
+0
\ No newline at end of file
diff --git a/files/zookeeper/zoo.cfg b/files/zookeeper/zoo.cfg
new file mode 100644
index 0000000000..b8f55827e3
--- /dev/null
+++ b/files/zookeeper/zoo.cfg
@@ -0,0 +1,74 @@
+#
+# (C) Copyright 2015 Hewlett Packard Enterprise Development Company LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# http://hadoop.apache.org/zookeeper/docs/current/zookeeperAdmin.html
+
+# The number of milliseconds of each tick
+tickTime=2000
+# The number of ticks that the initial
+# synchronization phase can take
+initLimit=10
+# The number of ticks that can pass between
+# sending a request and getting an acknowledgement
+syncLimit=5
+# the directory where the snapshot is stored.
+dataDir=/var/lib/zookeeper
+# Place the dataLogDir to a separate physical disc for better performance
+# dataLogDir=/disk2/zookeeper
+
+# the port at which the clients will connect
+clientPort=2181
+
+# Maximum number of clients that can connect from one client
+maxClientCnxns=60
+
+# specify all zookeeper servers
+# The fist port is used by followers to connect to the leader
+# The second one is used for leader election
+
+server.0=127.0.0.1:2888:3888
+
+# To avoid seeks ZooKeeper allocates space in the transaction log file in
+# blocks of preAllocSize kilobytes. The default block size is 64M. One reason
+# for changing the size of the blocks is to reduce the block size if snapshots
+# are taken more often. (Also, see snapCount).
+#preAllocSize=65536
+
+# Clients can submit requests faster than ZooKeeper can process them,
+# especially if there are a lot of clients. To prevent ZooKeeper from running
+# out of memory due to queued requests, ZooKeeper will throttle clients so that
+# there is no more than globalOutstandingLimit outstanding requests in the
+# system. The default limit is 1,000.ZooKeeper logs transactions to a
+# transaction log. After snapCount transactions are written to a log file a
+# snapshot is started and a new transaction log file is started. The default
+# snapCount is 10,000.
+#snapCount=1000
+
+# If this option is defined, requests will be will logged to a trace file named
+# traceFile.year.month.day.
+#traceFile=
+
+# Leader accepts client connections. Default value is "yes". The leader machine
+# coordinates updates. For higher update throughput at thes slight expense of
+# read throughput the leader can be configured to not accept clients and focus
+# on coordination.
+#leaderServes=yes
+
+# Autopurge every hour to avoid using lots of disk in bursts
+# Order of the next 2 properties matters.
+# autopurge.snapRetainCount must be before autopurge.purgeInterval.
+autopurge.snapRetainCount=3
+autopurge.purgeInterval=1
\ No newline at end of file
diff --git a/lib/zookeeper b/lib/zookeeper
new file mode 100644
index 0000000000..e62ba8ada8
--- /dev/null
+++ b/lib/zookeeper
@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# lib/zookeeper
+# Functions to control the installation and configuration of **zookeeper**
+
+# Dependencies:
+#
+# - ``functions`` file
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - is_zookeeper_enabled
+# - install_zookeeper
+# - configure_zookeeper
+# - init_zookeeper
+# - start_zookeeper
+# - stop_zookeeper
+# - cleanup_zookeeper
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+# 
+
+# Set up default directories
+ZOOKEEPER_DATA_DIR=$DEST/data/zookeeper
+ZOOKEEPER_CONF_DIR=/etc/zookeeper
+
+
+# Entry Points
+# ------------
+
+# Test if any zookeeper service us enabled
+# is_zookeeper_enabled
+function is_zookeeper_enabled {
+    [[ ,${ENABLED_SERVICES}, =~ ,"zookeeper", ]] && return 0
+    return 1
+}
+
+# cleanup_zookeeper() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_zookeeper {
+    sudo rm -rf $ZOOKEEPER_DATA_DIR
+}
+
+# configure_zookeeper() - Set config files, create data dirs, etc
+function configure_zookeeper {
+    sudo cp $FILES/zookeeper/* $ZOOKEEPER_CONF_DIR
+    sudo sed -i -e 's|.*dataDir.*|dataDir='$ZOOKEEPER_DATA_DIR'|' $ZOOKEEPER_CONF_DIR/zoo.cfg
+}
+
+# init_zookeeper() - Initialize databases, etc.
+function init_zookeeper {
+    # clean up from previous (possibly aborted) runs
+    # create required data files
+    sudo rm -rf $ZOOKEEPER_DATA_DIR
+    sudo mkdir -p $ZOOKEEPER_DATA_DIR
+}
+
+# install_zookeeper() - Collect source and prepare
+function install_zookeeper {
+    install_package zookeeperd
+}
+
+# start_zookeeper() - Start running processes, including screen
+function start_zookeeper {
+    start_service zookeeper
+}
+
+# stop_zookeeper() - Stop running processes (non-screen)
+function stop_zookeeper {
+    stop_service zookeeper
+}
+
+# Restore xtrace
+$XTRACE
+
+# Tell emacs to use shell-script-mode
+## Local variables:
+## mode: shell-script
+## End:
diff --git a/stack.sh b/stack.sh
index bdbb025a0b..118785150a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -539,6 +539,7 @@ source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
+source $TOP_DIR/lib/zookeeper
 
 # Extras Source
 # --------------
@@ -729,6 +730,11 @@ run_phase stack pre-install
 
 install_rpc_backend
 
+if is_service_enabled zookeeper; then
+    cleanup_zookeeper
+    configure_zookeeper
+    init_zookeeper
+fi
 if is_service_enabled $DATABASE_BACKENDS; then
     install_database
 fi
@@ -968,6 +974,15 @@ save_stackenv $LINENO
 start_dstat
 
 
+# Zookeeper
+# -----
+
+# zookeeper for use with tooz for Distributed Lock Management capabilities etc.,
+if is_service_enabled zookeeper; then
+    start_zookeeper
+fi
+
+
 # Keystone
 # --------
 
diff --git a/stackrc b/stackrc
index 819aa0125c..19538c0679 100644
--- a/stackrc
+++ b/stackrc
@@ -69,7 +69,7 @@ if ! isset ENABLED_SERVICES ; then
     # Dashboard
     ENABLED_SERVICES+=,horizon
     # Additional services
-    ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat
+    ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat,zookeeper
 fi
 
 # SQLAlchemy supports multiple database drivers for each database server
diff --git a/unstack.sh b/unstack.sh
index 30447a7005..0cace3254a 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -69,6 +69,7 @@ source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
+source $TOP_DIR/lib/zookeeper
 
 # Extras Source
 # --------------
@@ -172,6 +173,10 @@ if is_service_enabled dstat; then
     stop_dstat
 fi
 
+if is_service_enabled zookeeper; then
+    stop_zookeeper
+fi
+
 # Clean up the remainder of the screen processes
 SCREEN=$(which screen)
 if [[ -n "$SCREEN" ]]; then

From 9013bb0c24623ce8d064b561d4fd331e370762e1 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 4 Nov 2015 12:31:39 -0500
Subject: [PATCH 1034/3421] remove wheel cache code

Thanks to lifeless, pip now implicitly has a wheel cache so that it
builds a wheel before every install, and uses that cache. All our
clever attempts at manually doing wheelhouse things is actually
bypassing the existing cache and making things take longer.

We should remove all of this code and just let pip do this thing,
which is does very well, and get out of the way.

Change-Id: Ia140dc34638d893b92f66d1ba20efd9522c5923b
---
 Makefile                    |  6 +--
 doc/source/index.rst        |  1 -
 files/venv-requirements.txt | 11 -----
 stack.sh                    |  6 ---
 stackrc                     |  5 ---
 tools/build_wheels.sh       | 86 -------------------------------------
 6 files changed, 1 insertion(+), 114 deletions(-)
 delete mode 100644 files/venv-requirements.txt
 delete mode 100755 tools/build_wheels.sh

diff --git a/Makefile b/Makefile
index a6bb230708..a94d60a0ef 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,6 @@
 
 # Duplicated from stackrc for now
 DEST=/opt/stack
-WHEELHOUSE=$(DEST)/.wheelhouse
 
 all:
 	echo "This just saved you from a terrible mistake!"
@@ -25,9 +24,6 @@ stack:
 unstack:
 	./unstack.sh
 
-wheels:
-	WHEELHOUSE=$(WHEELHOUSE) tools/build_wheels.sh
-
 docs:
 	tox -edocs
 
@@ -57,7 +53,7 @@ clean:
 
 # Clean out the cache too
 realclean: clean
-	rm -rf files/cirros*.tar.gz files/Fedora*.qcow2 $(WHEELHOUSE)
+	rm -rf files/cirros*.tar.gz files/Fedora*.qcow2
 
 # Repo stuffs
 
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 99e96b1d1a..b65730ffe8 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -206,7 +206,6 @@ Tools
 
 * `tools/build\_docs.sh `__
 * `tools/build\_venv.sh `__
-* `tools/build\_wheels.sh `__
 * `tools/create-stack-user.sh `__
 * `tools/create\_userrc.sh `__
 * `tools/fixup\_stuff.sh `__
diff --git a/files/venv-requirements.txt b/files/venv-requirements.txt
deleted file mode 100644
index b9a55b423d..0000000000
--- a/files/venv-requirements.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-# Once we can prebuild wheels before a devstack run, uncomment the skipped libraries
-cryptography
-# lxml # still install from from packages
-# netifaces # still install from packages
-#numpy    # slowest wheel by far, stop building until we are actually using the output
-posix-ipc
-# psycopg # still install from packages
-pycrypto
-pyOpenSSL
-PyYAML
-xattr
diff --git a/stack.sh b/stack.sh
index bdbb025a0b..aedc5d4006 100755
--- a/stack.sh
+++ b/stack.sh
@@ -716,12 +716,6 @@ source $TOP_DIR/tools/fixup_stuff.sh
 # Install required infra support libraries
 install_infra
 
-# Pre-build some problematic wheels
-if [[ -n ${WHEELHOUSE:-} && ! -d ${WHEELHOUSE:-} ]]; then
-    source $TOP_DIR/tools/build_wheels.sh
-fi
-
-
 # Extras Pre-install
 # ------------------
 # Phase: pre-install
diff --git a/stackrc b/stackrc
index 819aa0125c..d9f477e8ce 100644
--- a/stackrc
+++ b/stackrc
@@ -143,11 +143,6 @@ USE_VENV=$(trueorfalse False USE_VENV)
 # requirmenets files here, in a comma-separated list
 ADDITIONAL_VENV_PACKAGES=${ADITIONAL_VENV_PACKAGES:-""}
 
-# Configure wheel cache location
-export WHEELHOUSE=${WHEELHOUSE:-$DEST/.wheelhouse}
-export PIP_WHEEL_DIR=${PIP_WHEEL_DIR:-$WHEELHOUSE}
-export PIP_FIND_LINKS=${PIP_FIND_LINKS:-file://$WHEELHOUSE}
-
 # This can be used to turn database query logging on and off
 # (currently only implemented for MySQL backend)
 DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
diff --git a/tools/build_wheels.sh b/tools/build_wheels.sh
deleted file mode 100755
index 14c2999c8f..0000000000
--- a/tools/build_wheels.sh
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/env bash
-#
-# **tools/build_wheels.sh** - Build a cache of Python wheels
-#
-# build_wheels.sh [package [...]]
-#
-# System package prerequisites listed in ``files/*/devlibs`` will be installed
-#
-# Builds wheels for all virtual env requirements listed in
-# ``venv-requirements.txt`` plus any supplied on the command line.
-#
-# Assumes:
-# - ``tools/install_pip.sh`` has been run and a suitable ``pip/setuptools`` is available.
-
-# If ``TOP_DIR`` is set we're being sourced rather than running stand-alone
-# or in a sub-shell
-if [[ -z "$TOP_DIR" ]]; then
-
-    set -o errexit
-    set -o nounset
-
-    # Keep track of the DevStack directory
-    TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
-    FILES=$TOP_DIR/files
-
-    # Import common functions
-    source $TOP_DIR/functions
-
-    GetDistro
-
-    source $TOP_DIR/stackrc
-
-    trap err_trap ERR
-
-fi
-
-# Get additional packages to build
-MORE_PACKAGES="$@"
-
-# Exit on any errors so that errors don't compound
-function err_trap {
-    local r=$?
-    set +o xtrace
-
-    rm -rf $TMP_VENV_PATH
-
-    exit $r
-}
-
-# Get system prereqs
-install_package $(get_packages devlibs)
-
-# Get a modern ``virtualenv``
-pip_install virtualenv
-
-# Prepare the workspace
-TMP_VENV_PATH=$(mktemp -d tmp-venv-XXXX)
-virtualenv $TMP_VENV_PATH
-
-# Install modern pip and wheel
-PIP_VIRTUAL_ENV=$TMP_VENV_PATH pip_install -U pip wheel
-
-# BUG: cffi has a lot of issues. It has no stable ABI, if installed
-# code is built with a different ABI than the one that's detected at
-# load time, it tries to compile on the fly for the new ABI in the
-# install location (which will probably be /usr and not
-# writable). Also cffi is often included via setup_requires by
-# packages, which have different install rules (allowing betas) than
-# pip has.
-#
-# Because of this we must pip install cffi into the venv to build
-# wheels.
-PIP_VIRTUAL_ENV=$TMP_VENV_PATH pip_install_gr cffi
-
-# ``VENV_PACKAGES`` is a list of packages we want to pre-install
-VENV_PACKAGE_FILE=$FILES/venv-requirements.txt
-if [[ -r $VENV_PACKAGE_FILE ]]; then
-    VENV_PACKAGES=$(grep -v '^#' $VENV_PACKAGE_FILE)
-fi
-
-for pkg in ${VENV_PACKAGES,/ } ${MORE_PACKAGES}; do
-    $TMP_VENV_PATH/bin/pip wheel $pkg
-done
-
-# Clean up wheel workspace
-rm -rf $TMP_VENV_PATH

From 9127c1a56bc1504ae77df25b0da7a6d0a5f0bfe8 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 5 Nov 2015 10:09:02 +0100
Subject: [PATCH 1035/3421] Do not remove python-pip package on Fedora-23

python on fedora 23 compiled with rewheel support,
in this case the python-pip is a required package, and cannot be
removed.

[1] http://pkgs.fedoraproject.org/cgit/python.git/tree/python.spec?id=3b6fac0339bab69ca5fbf2881568f0565ab0e252#n174

Change-Id: I499b7bec97c4360b32d156079f2b7f3923e3888a
---
 tools/install_pip.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 13c1786fb9..ab5efb2e77 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -110,7 +110,11 @@ get_versions
 # Do pip
 
 # Eradicate any and all system packages
-uninstall_package python-pip
+
+# python in f23 depends on the python-pip package
+if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then
+    uninstall_package python-pip
+fi
 
 install_get_pip
 

From e3c2673ae447d8b3cc4649f5efde5b84e26f6cd9 Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Fri, 6 Nov 2015 13:23:47 +0900
Subject: [PATCH 1036/3421] Fix two typos on faq.rst

guarunteed => guaranteed
Centos     => CentOS

Change-Id: Id356443fcdc4128ff20d7a89158265aa16c105b2
---
 doc/source/faq.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 3562bfacee..7aca8d0b4a 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -54,7 +54,7 @@ combinations listed in ``README.md``. DevStack is only supported on
 releases other than those documented in ``README.md`` on a best-effort
 basis.
 
-Are there any differences between Ubuntu and Centos/Fedora support?
+Are there any differences between Ubuntu and CentOS/Fedora support?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Both should work well and are tested by DevStack CI.
@@ -146,7 +146,7 @@ your ``local.conf``
 
 
 Upstream DevStack is only tested with master and stable
-branches. Setting custom BRANCH definitions is not guarunteed to
+branches. Setting custom BRANCH definitions is not guaranteed to
 produce working results.
 
 What can I do about RabbitMQ not wanting to start on my fresh new VM?

From ec7f490a687ab01f520835341c09cef9f697f05d Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Fri, 6 Nov 2015 13:35:24 +0900
Subject: [PATCH 1037/3421] Remove 'enable_service tempest' from
 sample/local.conf

tempest is already defined in stackrc as default.
Without this definition in local.conf,
tempest is installed successfully.

If it still needs "enable_service tempest" definition
on local.conf,
devstack itself has some problem.
In my environment, tempest installation works
without this definition on local.conf.

Change-Id: I25cda0142538d21bb9656b471e65ca5b018e8378
---
 samples/local.conf | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/samples/local.conf b/samples/local.conf
index cb293b6c15..b92097dd8d 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -93,9 +93,3 @@ SWIFT_REPLICAS=1
 # moved by setting ``SWIFT_DATA_DIR``. The directory will be created
 # if it does not exist.
 SWIFT_DATA_DIR=$DEST/data
-
-# Tempest
-# -------
-
-# Install the tempest test suite
-enable_service tempest

From e9ef0fefa52a2d30079eba1dead1a4df61a6ad7d Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Fri, 6 Nov 2015 14:25:46 +0900
Subject: [PATCH 1038/3421] Remove lib/neutron_plugins/ibm

SDN-VE on neutron is already removed.
This patch removes SDN-VE from devstack.

Ref.
  Removing the SDN-VE monolithic plugin
  https://review.openstack.org/#/c/217703/
  Remove IBM SDN-VE left-overs
  https://review.openstack.org/#/c/237716/

Change-Id: Ie1b531153d1632798235b1100cdf9b068edcce26
---
 lib/neutron_plugins/ibm | 133 ----------------------------------------
 1 file changed, 133 deletions(-)
 delete mode 100644 lib/neutron_plugins/ibm

diff --git a/lib/neutron_plugins/ibm b/lib/neutron_plugins/ibm
deleted file mode 100644
index dd5cfa6694..0000000000
--- a/lib/neutron_plugins/ibm
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/bin/bash
-#
-# Neutron IBM SDN-VE plugin
-# ---------------------------
-
-# Save trace setting
-IBM_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-function neutron_plugin_install_agent_packages {
-    _neutron_ovs_base_install_agent_packages
-}
-
-function _neutron_interface_setup {
-    # Setup one interface on the integration bridge if needed
-    # The plugin agent to be used if more than one interface is used
-    local bridge=$1
-    local interface=$2
-    sudo ovs-vsctl --no-wait -- --may-exist add-port $bridge $interface
-}
-
-function neutron_setup_integration_bridge {
-    # Setup integration bridge if needed
-    if [[ "$SDNVE_INTEGRATION_BRIDGE" != "" ]]; then
-        neutron_ovs_base_cleanup
-        _neutron_ovs_base_setup_bridge $SDNVE_INTEGRATION_BRIDGE
-        if [[ "$SDNVE_INTERFACE_MAPPINGS" != "" ]]; then
-            interfaces=(${SDNVE_INTERFACE_MAPPINGS//[,:]/ })
-            _neutron_interface_setup $SDNVE_INTEGRATION_BRIDGE ${interfaces[1]}
-        fi
-    fi
-
-    # Set controller to SDNVE controller (1st of list) if exists
-    if [[ "$SDNVE_CONTROLLER_IPS" != "" ]]; then
-        # Get the first controller
-        controllers=(${SDNVE_CONTROLLER_IPS//[\[,\]]/ })
-        SDNVE_IP=${controllers[0]}
-        sudo ovs-vsctl set-controller $SDNVE_INTEGRATION_BRIDGE tcp:$SDNVE_IP
-    fi
-}
-
-function neutron_plugin_create_nova_conf {
-    # if n-cpu is enabled, then setup integration bridge
-    if is_service_enabled n-cpu; then
-        neutron_setup_integration_bridge
-    fi
-}
-
-function is_neutron_ovs_base_plugin {
-    if [[ "$SDNVE_INTEGRATION_BRIDGE" != "" ]]; then
-        # Yes, we use OVS.
-        return 0
-    else
-        # No, we do not use OVS.
-        return 1
-    fi
-}
-
-function neutron_plugin_configure_common {
-    Q_PLUGIN_CONF_PATH=etc/neutron/plugins/ibm
-    Q_PLUGIN_CONF_FILENAME=sdnve_neutron_plugin.ini
-    Q_PLUGIN_CLASS="neutron.plugins.ibm.sdnve_neutron_plugin.SdnvePluginV2"
-}
-
-function neutron_plugin_configure_service {
-    # Define extra "SDNVE" configuration options when q-svc is configured
-
-    iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
-
-    if [[ "$SDNVE_CONTROLLER_IPS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE sdnve controller_ips $SDNVE_CONTROLLER_IPS
-    fi
-
-    if [[ "$SDNVE_INTEGRATION_BRIDGE" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE sdnve integration_bridge $SDNVE_INTEGRATION_BRIDGE
-    fi
-
-    if [[ "$SDNVE_RESET_BRIDGE" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE sdnve reset_bridge $SDNVE_RESET_BRIDGE
-    fi
-
-    if [[ "$SDNVE_OUT_OF_BAND" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE sdnve out_of_band $SDNVE_OUT_OF_BAND
-    fi
-
-    if [[ "$SDNVE_INTERFACE_MAPPINGS" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE sdnve interface_mappings $SDNVE_INTERFACE_MAPPINGS
-    fi
-
-    if [[ "$SDNVE_FAKE_CONTROLLER" != "" ]]; then
-        iniset /$Q_PLUGIN_CONF_FILE sdnve use_fake_controller $SDNVE_FAKE_CONTROLLER
-    fi
-
-
-    iniset $NEUTRON_CONF DEFAULT notification_driver neutron.openstack.common.notifier.no_op_notifier
-
-}
-
-function neutron_plugin_configure_plugin_agent {
-    AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-ibm-agent"
-}
-
-function neutron_plugin_configure_debug_command {
-    :
-}
-
-function neutron_plugin_setup_interface_driver {
-    return 0
-}
-
-function has_neutron_plugin_security_group {
-    # Does not support Security Groups
-    return 1
-}
-
-function neutron_ovs_base_cleanup {
-    if [[ "$SDNVE_RESET_BRIDGE" != False ]]; then
-        # remove all OVS ports that look like Neutron created ports
-        for port in $(sudo ovs-vsctl list port | grep -o -e tap[0-9a-f\-]* -e q[rg]-[0-9a-f\-]*); do
-            sudo ovs-vsctl del-port ${port}
-        done
-
-        # remove integration bridge created by Neutron
-        for bridge in $(sudo ovs-vsctl list-br | grep -o -e ${SDNVE_INTEGRATION_BRIDGE}); do
-            sudo ovs-vsctl del-br ${bridge}
-        done
-    fi
-}
-
-# Restore xtrace
-$IBM_XTRACE

From 5f8133caac097235ed4fe73d878df0ee907eb51c Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Fri, 6 Nov 2015 11:48:19 -0500
Subject: [PATCH 1039/3421] remove gratuitous python packages

With pip + upper-constraints we're nearly always over installing all
python packages because we no longer support a range, we support
*exactly* one version.

This removes a bunch of the gratuitous package installs which we're
going to install over, lxml, numpy, libvirt. All of these we had
coming from packages in the past for speed concerns, but upper
constraints removes that.

It also ensures that all the headers to build all those are in
general, so they are guarunteed available at all times.

Change-Id: Ia76de730d65c84d81c4fb2c980ae1b4d595f9f5b
---
 files/debs/general  | 4 +++-
 files/debs/keystone | 1 -
 files/debs/n-novnc  | 1 -
 files/debs/nova     | 7 ++-----
 4 files changed, 5 insertions(+), 8 deletions(-)
 delete mode 100644 files/debs/n-novnc

diff --git a/files/debs/general b/files/debs/general
index 146052643c..80e81f5841 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -20,8 +20,10 @@ python2.7
 python-gdbm # needed for testr
 bc
 libyaml-dev
-libffi-dev
+libffi-dev # for pyOpenSSL
 libssl-dev # for pyOpenSSL
+libxml2-dev  # lxml
+libxslt1-dev  # lxml
 gettext  # used for compiling message catalogs
 openjdk-7-jre-headless  # NOPRIME
 pkg-config
diff --git a/files/debs/keystone b/files/debs/keystone
index 70a56499e9..f5816b59de 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -1,4 +1,3 @@
-python-lxml
 sqlite3
 python-mysqldb
 python-mysql.connector
diff --git a/files/debs/n-novnc b/files/debs/n-novnc
deleted file mode 100644
index c8722b9f66..0000000000
--- a/files/debs/n-novnc
+++ /dev/null
@@ -1 +0,0 @@
-python-numpy
diff --git a/files/debs/nova b/files/debs/nova
index 346b8b337a..d1678a7a6f 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -8,7 +8,8 @@ libmysqlclient-dev
 mysql-server # NOPRIME
 python-mysqldb
 python-mysql.connector
-python-lxml # needed for glance which is needed for nova --- this shouldn't be here
+libxml2-dev # needed for building lxml
+libxslt1-dev
 gawk
 iptables
 ebtables
@@ -25,7 +26,3 @@ curl
 genisoimage # required for config_drive
 rabbitmq-server # NOPRIME
 socat # used by ajaxterm
-python-libvirt # NOPRIME
-python-libxml2
-python-numpy # used by websockify for spice console
-python-m2crypto

From 6cd616a9edf6561ebc802f3083eb24f2713d4e96 Mon Sep 17 00:00:00 2001
From: Matt Riedemann 
Date: Fri, 6 Nov 2015 10:26:14 -0800
Subject: [PATCH 1040/3421] Disable resize tests in Tempest if using cells with
 custom flavors

By default, devstack creates it's own test flavors for Tempest runs.

These are not in the cells API database since they are non-default
for nova so any resize tests in Tempest with cells and these custom
flavors fail.

Configure Tempest to not run resize tests if using cells and custom
flavors.

This allows us to also clean up a bunch of the resize skips found
in nova/devstack/tempest-dsvm-cells-rc.

Change-Id: I20f46024e45e32c60275703a193a56ae8cfe7eca
Closes-Bug: #1513925
---
 lib/tempest | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 32630dbf59..691ad86a2d 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -377,6 +377,15 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG compute-feature-enabled shelve False
         # Cells doesn't support hot-plugging virtual interfaces.
         iniset $TEMPEST_CONFIG compute-feature-enabled interface_attach False
+
+        if  [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
+            # Cells supports resize but does not currently work with devstack
+            # because of the custom flavors created for Tempest runs which are
+            # not in the cells database.
+            # TODO(mriedem): work on adding a nova-manage command to sync
+            # flavors into the cells database.
+            iniset $TEMPEST_CONFIG compute-feature-enabled resize False
+        fi
     fi
 
     # Network

From 63cac536efa3474af40ea24603fca5e1d0a74e13 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen 
Date: Fri, 6 Nov 2015 12:37:32 -0800
Subject: [PATCH 1041/3421] Ironic: Explicitly allow DHCP ports

This adds an iptables rule to allow ports 67 and 68. We see
occassionally dropped DHCP packets, which may be causing PXE failures in
ironic jobs.

I'm not 100% confident this fixes the issue, however I don't think it
can break anything and it rules out one theory.

Change-Id: I4630afb6f010a4c2cb146a79264c480c64c6e4b7
Related-Bug: #1393099
---
 lib/ironic | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/ironic b/lib/ironic
index d786870165..016e639d03 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -672,6 +672,8 @@ function configure_iptables {
     # enable tftp natting for allowing connections to HOST_IP's tftp server
     sudo modprobe nf_conntrack_tftp
     sudo modprobe nf_nat_tftp
+    # explicitly allow DHCP - packets are occassionally being dropped here
+    sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
     # nodes boot from TFTP and callback to the API server listening on $HOST_IP
     sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
     sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true

From b8509f09d670460aa3e9e2b09cf60dbf8cdbb03b Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 11:55:56 +1100
Subject: [PATCH 1042/3421] Really get the "general" packages

We are specifying the argument to get_packages incorrectly, so we are
not actually adding the packages in "general" to the list of packages.

In most cases, this is hidden as other more specific plugins/services
request their packages.  However, as
I2dafd32f211fcbc9fff53030d736d97a5f1bb2df shows, not always.  I think
this was uncovered by 5f8133caac097235ed4fe73d878df0ee907eb51c

Change-Id: Ie1b8d09369281059d21da61b2725a457f708ae9e
---
 tools/install_prereqs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index a07e58d3e6..38452cd90f 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -61,7 +61,7 @@ export_proxy_variables
 # ================
 
 # Install package requirements
-PACKAGES=$(get_packages general $ENABLED_SERVICES)
+PACKAGES=$(get_packages general,$ENABLED_SERVICES)
 PACKAGES="$PACKAGES $(get_plugin_packages)"
 
 if is_ubuntu && echo $PACKAGES | grep -q dkms ; then

From a7e0b39a64f53f77f970c90d17f621be74f95215 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 12:02:51 +1100
Subject: [PATCH 1043/3421] Move devlib packages into "general"

The removal of the wheel caching code
(Ia140dc34638d893b92f66d1ba20efd9522c5923b) removed the install of the
"devlib" packages, which was being done with a call in
tools/build_wheels.sh

The idea of "devlibs" and "general" seems to be pretty much the same
thing -- global build requirements.  I have removed the unused devlibs
files, and moved any missing packages into the "general" package
install file.

Change-Id: I8f34a164d6785a122394b42387d4221a7b447ae1
---
 files/debs/devlibs      | 7 -------
 files/debs/general      | 2 ++
 files/rpms-suse/devlibs | 6 ------
 files/rpms-suse/general | 5 +++++
 files/rpms/devlibs      | 8 --------
 files/rpms/general      | 7 +++++--
 6 files changed, 12 insertions(+), 23 deletions(-)
 delete mode 100644 files/debs/devlibs
 delete mode 100644 files/rpms-suse/devlibs
 delete mode 100644 files/rpms/devlibs

diff --git a/files/debs/devlibs b/files/debs/devlibs
deleted file mode 100644
index 0446ceb6b6..0000000000
--- a/files/debs/devlibs
+++ /dev/null
@@ -1,7 +0,0 @@
-libffi-dev  # pyOpenSSL
-libmysqlclient-dev  # MySQL-python
-libpq-dev  # psycopg2
-libssl-dev  # pyOpenSSL
-libxml2-dev  # lxml
-libxslt1-dev  # lxml
-python-dev  # pyOpenSSL
diff --git a/files/debs/general b/files/debs/general
index 80e81f5841..7bc90a6864 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -27,3 +27,5 @@ libxslt1-dev  # lxml
 gettext  # used for compiling message catalogs
 openjdk-7-jre-headless  # NOPRIME
 pkg-config
+libmysqlclient-dev  # MySQL-python
+libpq-dev  # psycopg2
diff --git a/files/rpms-suse/devlibs b/files/rpms-suse/devlibs
deleted file mode 100644
index 54d13a33e9..0000000000
--- a/files/rpms-suse/devlibs
+++ /dev/null
@@ -1,6 +0,0 @@
-libffi-devel  # pyOpenSSL
-libopenssl-devel  # pyOpenSSL
-libxslt-devel  # lxml
-postgresql-devel  # psycopg2
-libmysqlclient-devel # MySQL-python
-python-devel  # pyOpenSSL
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 42756d8fcc..3a7c4b56fd 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -21,3 +21,8 @@ tcpdump
 unzip
 wget
 net-tools
+libffi-devel  # pyOpenSSL
+libxslt-devel  # lxml
+postgresql-devel  # psycopg2
+libmysqlclient-devel # MySQL-python
+python-devel  # pyOpenSSL
diff --git a/files/rpms/devlibs b/files/rpms/devlibs
deleted file mode 100644
index 385ed3b84c..0000000000
--- a/files/rpms/devlibs
+++ /dev/null
@@ -1,8 +0,0 @@
-libffi-devel  # pyOpenSSL
-libxml2-devel  # lxml
-libxslt-devel  # lxml
-mariadb-devel  # MySQL-python
-openssl-devel  # pyOpenSSL
-postgresql-devel  # psycopg2
-python-devel  # pyOpenSSL
-redhat-rpm-config # MySQL-python rhbz-1195207 f21
diff --git a/files/rpms/general b/files/rpms/general
index c3f3de893a..2a45227e0f 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -10,8 +10,8 @@ openssh-server
 openssl
 openssl-devel # to rebuild pyOpenSSL if needed
 libffi-devel
-libxml2-devel
-libxslt-devel
+libxml2-devel # lxml
+libxslt-devel # lxml
 pkgconfig
 psmisc
 python-devel
@@ -29,3 +29,6 @@ java-1.7.0-openjdk-headless  # NOPRIME rhel7
 java-1.8.0-openjdk-headless  # NOPRIME f21,f22
 pyOpenSSL # version in pip uses too much memory
 iptables-services  # NOPRIME f21,f22
+mariadb-devel  # MySQL-python
+postgresql-devel  # psycopg2
+redhat-rpm-config # MySQL-python rhbz-1195207 f21

From a5e4c0f279b6101436820dbb6b3da3d06131c12d Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 12:21:10 +1100
Subject: [PATCH 1044/3421] Clear out some duplicate package dependencies

I think these duplicate dependencies came in because we were not
correctly always installing "general" packages (see
Ie1b8d09369281059d21da61b2725a457f708ae9e)

Most of these are just extras for the lxml dependencies; I added zlib
devel to general for glance (seems pretty generic), and then that can
go too, as all other packages are specified.

Change-Id: I44b14ca15c64fad9daf1ac8d851704b02ea2eae0
---
 files/debs/ceilometer-collector | 3 ---
 files/debs/general              | 1 +
 files/debs/glance               | 6 ------
 files/debs/nova                 | 2 --
 files/debs/tempest              | 2 --
 files/debs/trove                | 1 -
 files/rpms/general              | 1 +
 files/rpms/glance               | 6 ------
 files/rpms/keystone             | 1 -
 files/rpms/tempest              | 1 -
 files/rpms/trove                | 1 -
 11 files changed, 2 insertions(+), 23 deletions(-)
 delete mode 100644 files/debs/glance
 delete mode 100644 files/debs/tempest
 delete mode 100644 files/debs/trove
 delete mode 100644 files/rpms/glance
 delete mode 100644 files/rpms/tempest
 delete mode 100644 files/rpms/trove

diff --git a/files/debs/ceilometer-collector b/files/debs/ceilometer-collector
index f1b692ac71..94c82e0843 100644
--- a/files/debs/ceilometer-collector
+++ b/files/debs/ceilometer-collector
@@ -1,6 +1,3 @@
 python-pymongo #NOPRIME
 mongodb-server #NOPRIME
 libnspr4-dev
-pkg-config
-libxml2-dev
-libxslt-dev
\ No newline at end of file
diff --git a/files/debs/general b/files/debs/general
index 7bc90a6864..58d1e8b3f5 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -29,3 +29,4 @@ openjdk-7-jre-headless  # NOPRIME
 pkg-config
 libmysqlclient-dev  # MySQL-python
 libpq-dev  # psycopg2
+zlib1g-dev
diff --git a/files/debs/glance b/files/debs/glance
deleted file mode 100644
index 37877a85c2..0000000000
--- a/files/debs/glance
+++ /dev/null
@@ -1,6 +0,0 @@
-libmysqlclient-dev
-libpq-dev
-libssl-dev
-libxml2-dev
-libxslt1-dev
-zlib1g-dev
diff --git a/files/debs/nova b/files/debs/nova
index d1678a7a6f..fa394e734b 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -8,8 +8,6 @@ libmysqlclient-dev
 mysql-server # NOPRIME
 python-mysqldb
 python-mysql.connector
-libxml2-dev # needed for building lxml
-libxslt1-dev
 gawk
 iptables
 ebtables
diff --git a/files/debs/tempest b/files/debs/tempest
deleted file mode 100644
index bb095297e0..0000000000
--- a/files/debs/tempest
+++ /dev/null
@@ -1,2 +0,0 @@
-libxml2-dev
-libxslt1-dev
diff --git a/files/debs/trove b/files/debs/trove
deleted file mode 100644
index 96f8f29277..0000000000
--- a/files/debs/trove
+++ /dev/null
@@ -1 +0,0 @@
-libxslt1-dev
diff --git a/files/rpms/general b/files/rpms/general
index 2a45227e0f..eb479d2050 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -32,3 +32,4 @@ iptables-services  # NOPRIME f21,f22
 mariadb-devel  # MySQL-python
 postgresql-devel  # psycopg2
 redhat-rpm-config # MySQL-python rhbz-1195207 f21
+zlib-devel
diff --git a/files/rpms/glance b/files/rpms/glance
deleted file mode 100644
index 479194f918..0000000000
--- a/files/rpms/glance
+++ /dev/null
@@ -1,6 +0,0 @@
-libxml2-devel
-libxslt-devel
-mysql-devel
-openssl-devel
-postgresql-devel
-zlib-devel
diff --git a/files/rpms/keystone b/files/rpms/keystone
index 8074119fdb..7384150a4a 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,4 +1,3 @@
 MySQL-python
-libxslt-devel
 sqlite
 mod_ssl
diff --git a/files/rpms/tempest b/files/rpms/tempest
deleted file mode 100644
index e7bbd43cd6..0000000000
--- a/files/rpms/tempest
+++ /dev/null
@@ -1 +0,0 @@
-libxslt-devel
diff --git a/files/rpms/trove b/files/rpms/trove
deleted file mode 100644
index e7bbd43cd6..0000000000
--- a/files/rpms/trove
+++ /dev/null
@@ -1 +0,0 @@
-libxslt-devel

From c00df207eed1d4dec808824d8e9dcd238e7d4e08 Mon Sep 17 00:00:00 2001
From: Sirushti Murugesan 
Date: Wed, 7 Oct 2015 15:06:51 +0530
Subject: [PATCH 1045/3421] Add a more accurate expression for obtaining
 (IPV6_)ROUTER_GW_IP

neutron port-list returns a dictionary that's of random order in python 3.
This expression sometimes returns a NULL value thus failing devstack.
Add an expression that always returns a consistent ROUTER_GW_IP.

Change-Id: Id23d9afda275051ca68bcba2dfd1b6e30f02c628
---
 lib/neutron-legacy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c244e5470a..a74da2ccb7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1318,7 +1318,7 @@ function _neutron_configure_router_v4 {
                 sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface
                 sudo ip link set $ext_gw_interface up
             fi
-            ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'`
+            ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F'ip_address'  '{ print $2 }' | cut -f3 -d\" | tr '\n' ' '`
             die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP"
             sudo ip route replace  $FIXED_RANGE via $ROUTER_GW_IP
         fi
@@ -1349,7 +1349,7 @@ function _neutron_configure_router_v6 {
         sudo sysctl -w net.ipv6.conf.all.forwarding=1
         # Configure and enable public bridge
         # Override global IPV6_ROUTER_GW_IP with the true value from neutron
-        IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'`
+        IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' '`
         die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
 
         if is_neutron_ovs_base_plugin; then

From 7d515b5db8e98a54ff9c8c5211383f9f2c33b2db Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 15:04:32 +1100
Subject: [PATCH 1046/3421] Add check for get_packages argument

Add a quick check so we don't reintroduce bad arguments as in
Ie1b8d09369281059d21da61b2725a457f708ae9e

Change-Id: Ibebc71791f2743eef64d6f7c2596d54a73ea92aa
---
 functions-common | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/functions-common b/functions-common
index 497bed26e6..e252139e78 100644
--- a/functions-common
+++ b/functions-common
@@ -1075,6 +1075,10 @@ function get_packages {
     local file_to_parse=""
     local service=""
 
+    if [ $# -ne 1 ]; then
+        die $LINENO "get_packages takes a single, comma-separated argument"
+    fi
+
     if [[ -z "$package_dir" ]]; then
         echo "No package directory supplied"
         return 1

From c416d8b94f473908a82f4e842c768927b62fc20a Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 15:20:22 +1100
Subject: [PATCH 1047/3421] Sort rpm/deb files alphabetically

This is rather trivial, but it makes comparing the files much easier

Change-Id: I01e42defbf778626afd8dd457f93f0b02dd1a19d
---
 files/debs/ceilometer-collector      |  4 +--
 files/debs/cinder                    |  6 ++---
 files/debs/general                   | 40 ++++++++++++++--------------
 files/debs/ironic                    |  2 +-
 files/debs/keystone                  |  8 +++---
 files/debs/ldap                      |  2 +-
 files/debs/n-cpu                     | 10 +++----
 files/debs/neutron                   | 14 +++++-----
 files/debs/nova                      | 34 +++++++++++------------
 files/debs/zookeeper                 |  2 +-
 files/rpms-suse/ceilometer-collector |  2 +-
 files/rpms-suse/ceph                 |  2 +-
 files/rpms-suse/cinder               |  8 +++---
 files/rpms-suse/general              | 12 ++++-----
 files/rpms-suse/horizon              |  2 +-
 files/rpms-suse/n-api                |  2 +-
 files/rpms-suse/n-cpu                |  6 ++---
 files/rpms-suse/neutron              |  2 +-
 files/rpms-suse/nova                 |  6 ++---
 files/rpms-suse/openvswitch          |  2 +-
 files/rpms/ceilometer-collector      |  4 +--
 files/rpms/ceph                      |  2 +-
 files/rpms/cinder                    |  6 ++---
 files/rpms/dstat                     |  2 +-
 files/rpms/general                   | 28 +++++++++----------
 files/rpms/horizon                   |  2 +-
 files/rpms/keystone                  |  2 +-
 files/rpms/ldap                      |  2 +-
 files/rpms/n-cpu                     |  8 +++---
 files/rpms/neutron                   |  4 +--
 files/rpms/nova                      |  8 +++---
 files/rpms/swift                     |  2 +-
 files/rpms/zookeeper                 |  2 +-
 33 files changed, 119 insertions(+), 119 deletions(-)

diff --git a/files/debs/ceilometer-collector b/files/debs/ceilometer-collector
index 94c82e0843..d1e9eef3bb 100644
--- a/files/debs/ceilometer-collector
+++ b/files/debs/ceilometer-collector
@@ -1,3 +1,3 @@
-python-pymongo #NOPRIME
-mongodb-server #NOPRIME
 libnspr4-dev
+mongodb-server #NOPRIME
+python-pymongo #NOPRIME
diff --git a/files/debs/cinder b/files/debs/cinder
index 51908eb27b..48b8d0f7d3 100644
--- a/files/debs/cinder
+++ b/files/debs/cinder
@@ -1,6 +1,6 @@
-tgt # NOPRIME
-lvm2
-qemu-utils
 libpq-dev
+lvm2
 open-iscsi
 open-iscsi-utils # Deprecated since quantal dist:precise
+qemu-utils
+tgt # NOPRIME
diff --git a/files/debs/general b/files/debs/general
index 58d1e8b3f5..9b2715685e 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -1,32 +1,32 @@
+bc
 bridge-utils
-screen
-unzip
-wget
-psmisc
-gcc
+curl
 g++
+gcc
+gettext  # used for compiling message catalogs
 git
 graphviz # needed for docs
-lsof # useful when debugging
-openssh-server
-openssl
 iputils-ping
-wget
-curl
-tcpdump
-tar
-python-dev
-python2.7
-python-gdbm # needed for testr
-bc
-libyaml-dev
 libffi-dev # for pyOpenSSL
+libmysqlclient-dev  # MySQL-python
+libpq-dev  # psycopg2
 libssl-dev # for pyOpenSSL
 libxml2-dev  # lxml
 libxslt1-dev  # lxml
-gettext  # used for compiling message catalogs
+libyaml-dev
+lsof # useful when debugging
 openjdk-7-jre-headless  # NOPRIME
+openssh-server
+openssl
 pkg-config
-libmysqlclient-dev  # MySQL-python
-libpq-dev  # psycopg2
+psmisc
+python2.7
+python-dev
+python-gdbm # needed for testr
+screen
+tar
+tcpdump
+unzip
+wget
+wget
 zlib1g-dev
diff --git a/files/debs/ironic b/files/debs/ironic
index 0a906dbffc..4d5a6aa6b7 100644
--- a/files/debs/ironic
+++ b/files/debs/ironic
@@ -6,8 +6,8 @@ libguestfs0
 libvirt-bin
 open-iscsi
 openssh-client
-openvswitch-switch
 openvswitch-datapath-dkms
+openvswitch-switch
 python-libguestfs
 python-libvirt
 qemu
diff --git a/files/debs/keystone b/files/debs/keystone
index f5816b59de..0795167047 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -1,6 +1,6 @@
-sqlite3
-python-mysqldb
-python-mysql.connector
+libkrb5-dev
 libldap2-dev
 libsasl2-dev
-libkrb5-dev
+python-mysql.connector
+python-mysqldb
+sqlite3
diff --git a/files/debs/ldap b/files/debs/ldap
index 26f7aeffe3..aa3a934d95 100644
--- a/files/debs/ldap
+++ b/files/debs/ldap
@@ -1,3 +1,3 @@
 ldap-utils
-slapd
 python-ldap
+slapd
diff --git a/files/debs/n-cpu b/files/debs/n-cpu
index ffc947a36d..0da57ee047 100644
--- a/files/debs/n-cpu
+++ b/files/debs/n-cpu
@@ -1,8 +1,8 @@
-qemu-utils
+cryptsetup
+genisoimage
 lvm2 # NOPRIME
 open-iscsi
-genisoimage
-sysfsutils
-sg3-utils
 python-guestfs # NOPRIME
-cryptsetup
+qemu-utils
+sg3-utils
+sysfsutils
diff --git a/files/debs/neutron b/files/debs/neutron
index b5a457e482..85145d3654 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -1,18 +1,18 @@
 acl
+dnsmasq-base
+dnsmasq-utils # for dhcp_release only available in dist:precise
 ebtables
 iptables
-iputils-ping
 iputils-arping
+iputils-ping
 libmysqlclient-dev
 mysql-server #NOPRIME
-sudo
 postgresql-server-dev-all
-python-mysqldb
 python-mysql.connector
-dnsmasq-base
-dnsmasq-utils # for dhcp_release only available in dist:precise
+python-mysqldb
 rabbitmq-server # NOPRIME
-sqlite3
-vlan
 radvd # NOPRIME
+sqlite3
+sudo
 uuid-runtime
+vlan
diff --git a/files/debs/nova b/files/debs/nova
index fa394e734b..fe57fc4b2a 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -1,26 +1,26 @@
+conntrack
+curl
 dnsmasq-base
 dnsmasq-utils # for dhcp_release
-conntrack
-kpartx
-parted
-iputils-arping
-libmysqlclient-dev
-mysql-server # NOPRIME
-python-mysqldb
-python-mysql.connector
+ebtables
 gawk
+genisoimage # required for config_drive
 iptables
-ebtables
-sqlite3
-sudo
-qemu-kvm # NOPRIME
-qemu # dist:wheezy,jessie NOPRIME
+iputils-arping
+kpartx
+libjs-jquery-tablesorter # Needed for coverage html reports
+libmysqlclient-dev
 libvirt-bin # NOPRIME
 libvirt-dev # NOPRIME
+mysql-server # NOPRIME
+parted
 pm-utils
-libjs-jquery-tablesorter # Needed for coverage html reports
-vlan
-curl
-genisoimage # required for config_drive
+python-mysql.connector
+python-mysqldb
+qemu # dist:wheezy,jessie NOPRIME
+qemu-kvm # NOPRIME
 rabbitmq-server # NOPRIME
 socat # used by ajaxterm
+sqlite3
+sudo
+vlan
diff --git a/files/debs/zookeeper b/files/debs/zookeeper
index 66227f7e31..f41b559007 100644
--- a/files/debs/zookeeper
+++ b/files/debs/zookeeper
@@ -1 +1 @@
-zookeeperd
\ No newline at end of file
+zookeeperd
diff --git a/files/rpms-suse/ceilometer-collector b/files/rpms-suse/ceilometer-collector
index 5e4dfcc35e..fc75ffad63 100644
--- a/files/rpms-suse/ceilometer-collector
+++ b/files/rpms-suse/ceilometer-collector
@@ -1,3 +1,3 @@
-# Not available in openSUSE main repositories, but can be fetched from OBS
 # (devel:languages:python and server:database projects)
 mongodb
+# Not available in openSUSE main repositories, but can be fetched from OBS
diff --git a/files/rpms-suse/ceph b/files/rpms-suse/ceph
index 8d465000e1..8c4955df90 100644
--- a/files/rpms-suse/ceph
+++ b/files/rpms-suse/ceph
@@ -1,3 +1,3 @@
 ceph    # NOPRIME
-xfsprogs
 lsb
+xfsprogs
diff --git a/files/rpms-suse/cinder b/files/rpms-suse/cinder
index 3fd03cc9be..56b1bb536a 100644
--- a/files/rpms-suse/cinder
+++ b/files/rpms-suse/cinder
@@ -1,6 +1,6 @@
 lvm2
-tgt # NOPRIME
-qemu-tools
-python-devel
-postgresql-devel
 open-iscsi
+postgresql-devel
+python-devel
+qemu-tools
+tgt # NOPRIME
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 3a7c4b56fd..651243d274 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -8,21 +8,21 @@ gcc-c++
 git-core
 graphviz # docs
 iputils
+libffi-devel  # pyOpenSSL
+libmysqlclient-devel # MySQL-python
 libopenssl-devel # to rebuild pyOpenSSL if needed
+libxslt-devel  # lxml
 lsof # useful when debugging
 make
+net-tools
 openssh
 openssl
+postgresql-devel  # psycopg2
 psmisc
 python-cmd2 # dist:opensuse-12.3
+python-devel  # pyOpenSSL
 screen
 tar
 tcpdump
 unzip
 wget
-net-tools
-libffi-devel  # pyOpenSSL
-libxslt-devel  # lxml
-postgresql-devel  # psycopg2
-libmysqlclient-devel # MySQL-python
-python-devel  # pyOpenSSL
diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
index 77f7c34b31..753ea76e04 100644
--- a/files/rpms-suse/horizon
+++ b/files/rpms-suse/horizon
@@ -1,2 +1,2 @@
-apache2  # NOPRIME
 apache2-mod_wsgi  # NOPRIME
+apache2  # NOPRIME
diff --git a/files/rpms-suse/n-api b/files/rpms-suse/n-api
index 6f59e603b2..af5ac2fc54 100644
--- a/files/rpms-suse/n-api
+++ b/files/rpms-suse/n-api
@@ -1,2 +1,2 @@
-python-dateutil
 fping
+python-dateutil
diff --git a/files/rpms-suse/n-cpu b/files/rpms-suse/n-cpu
index b3a468d2d8..29bd31b365 100644
--- a/files/rpms-suse/n-cpu
+++ b/files/rpms-suse/n-cpu
@@ -1,7 +1,7 @@
-# Stuff for diablo volumes
+cryptsetup
 genisoimage
 lvm2
 open-iscsi
-sysfsutils
 sg3_utils
-cryptsetup
+# Stuff for diablo volumes
+sysfsutils
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index 133979911e..4b0eefaaa5 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -7,7 +7,7 @@ iputils
 mariadb # NOPRIME
 postgresql-devel
 rabbitmq-server # NOPRIME
+radvd # NOPRIME
 sqlite3
 sudo
 vlan
-radvd # NOPRIME
diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova
index 039456fc1b..2f3ad21a63 100644
--- a/files/rpms-suse/nova
+++ b/files/rpms-suse/nova
@@ -1,7 +1,7 @@
+conntrack-tools
 curl
 dnsmasq
 dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
-conntrack-tools
 ebtables
 gawk
 genisoimage # required for config_drive
@@ -9,14 +9,14 @@ iptables
 iputils
 kpartx
 kvm # NOPRIME
-# qemu as fallback if kvm cannot be used
-qemu # NOPRIME
 libvirt # NOPRIME
 libvirt-python # NOPRIME
 mariadb # NOPRIME
 parted
 polkit
 python-devel
+# qemu as fallback if kvm cannot be used
+qemu # NOPRIME
 rabbitmq-server # NOPRIME
 socat
 sqlite3
diff --git a/files/rpms-suse/openvswitch b/files/rpms-suse/openvswitch
index edfb4d21aa..53f8bb22cf 100644
--- a/files/rpms-suse/openvswitch
+++ b/files/rpms-suse/openvswitch
@@ -1,3 +1,3 @@
+
 openvswitch
 openvswitch-switch
-
diff --git a/files/rpms/ceilometer-collector b/files/rpms/ceilometer-collector
index b139ed2b6b..a8b81187ed 100644
--- a/files/rpms/ceilometer-collector
+++ b/files/rpms/ceilometer-collector
@@ -1,3 +1,3 @@
-selinux-policy-targeted
-mongodb-server #NOPRIME
 mongodb # NOPRIME
+mongodb-server #NOPRIME
+selinux-policy-targeted
diff --git a/files/rpms/ceph b/files/rpms/ceph
index 5483735741..64befc5f00 100644
--- a/files/rpms/ceph
+++ b/files/rpms/ceph
@@ -1,3 +1,3 @@
 ceph    # NOPRIME
-xfsprogs
 redhat-lsb-core
+xfsprogs
diff --git a/files/rpms/cinder b/files/rpms/cinder
index a88503b8bc..f28f04d8ba 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -1,5 +1,5 @@
+iscsi-initiator-utils
 lvm2
-scsi-target-utils # NOPRIME
-qemu-img
 postgresql-devel
-iscsi-initiator-utils
+qemu-img
+scsi-target-utils # NOPRIME
diff --git a/files/rpms/dstat b/files/rpms/dstat
index 8a8f8fe737..2b643b8b1b 100644
--- a/files/rpms/dstat
+++ b/files/rpms/dstat
@@ -1 +1 @@
-dstat
\ No newline at end of file
+dstat
diff --git a/files/rpms/general b/files/rpms/general
index eb479d2050..cfd9479600 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -1,35 +1,35 @@
+bc
 bridge-utils
 curl
 dbus
 euca2ools # only for testing client
 gcc
 gcc-c++
+gettext  # used for compiling message catalogs
 git-core
 graphviz # needed only for docs
-openssh-server
-openssl
-openssl-devel # to rebuild pyOpenSSL if needed
+iptables-services  # NOPRIME f21,f22
+java-1.7.0-openjdk-headless  # NOPRIME rhel7
+java-1.8.0-openjdk-headless  # NOPRIME f21,f22
 libffi-devel
 libxml2-devel # lxml
 libxslt-devel # lxml
+libyaml-devel
+mariadb-devel  # MySQL-python
+net-tools
+openssh-server
+openssl
+openssl-devel # to rebuild pyOpenSSL if needed
 pkgconfig
+postgresql-devel  # psycopg2
 psmisc
+pyOpenSSL # version in pip uses too much memory
 python-devel
+redhat-rpm-config # MySQL-python rhbz-1195207 f21
 screen
 tar
 tcpdump
 unzip
 wget
 which
-bc
-libyaml-devel
-gettext  # used for compiling message catalogs
-net-tools
-java-1.7.0-openjdk-headless  # NOPRIME rhel7
-java-1.8.0-openjdk-headless  # NOPRIME f21,f22
-pyOpenSSL # version in pip uses too much memory
-iptables-services  # NOPRIME f21,f22
-mariadb-devel  # MySQL-python
-postgresql-devel  # psycopg2
-redhat-rpm-config # MySQL-python rhbz-1195207 f21
 zlib-devel
diff --git a/files/rpms/horizon b/files/rpms/horizon
index b2cf0ded6f..aeb2cb5c96 100644
--- a/files/rpms/horizon
+++ b/files/rpms/horizon
@@ -1,5 +1,5 @@
 Django
 httpd # NOPRIME
 mod_wsgi  # NOPRIME
-pyxattr
 pcre-devel  # pyScss
+pyxattr
diff --git a/files/rpms/keystone b/files/rpms/keystone
index 7384150a4a..c01c261e19 100644
--- a/files/rpms/keystone
+++ b/files/rpms/keystone
@@ -1,3 +1,3 @@
+mod_ssl
 MySQL-python
 sqlite
-mod_ssl
diff --git a/files/rpms/ldap b/files/rpms/ldap
index d89c4cf8c1..d5b8fa4374 100644
--- a/files/rpms/ldap
+++ b/files/rpms/ldap
@@ -1,2 +1,2 @@
-openldap-servers
 openldap-clients
+openldap-servers
diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu
index 81278b30bb..7773b0402d 100644
--- a/files/rpms/n-cpu
+++ b/files/rpms/n-cpu
@@ -1,7 +1,7 @@
-# Stuff for diablo volumes
+cryptsetup
+genisoimage
 iscsi-initiator-utils
 lvm2
-genisoimage
-sysfsutils
 sg3_utils
-cryptsetup
+# Stuff for diablo volumes
+sysfsutils
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 29851bea9b..b3f79ed146 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -1,4 +1,3 @@
-MySQL-python
 acl
 dnsmasq # for q-dhcp
 dnsmasq-utils # for dhcp_release
@@ -7,10 +6,11 @@ iptables
 iputils
 mysql-connector-python
 mysql-devel
+MySQL-python
 mysql-server # NOPRIME
 openvswitch # NOPRIME
 postgresql-devel
 rabbitmq-server # NOPRIME
+radvd # NOPRIME
 sqlite
 sudo
-radvd # NOPRIME
diff --git a/files/rpms/nova b/files/rpms/nova
index 6eeb6230a9..e70f138a3c 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -1,8 +1,7 @@
-MySQL-python
+conntrack-tools
 curl
 dnsmasq # for nova-network
 dnsmasq-utils # for dhcp_release
-conntrack-tools
 ebtables
 gawk
 genisoimage # required for config_drive
@@ -10,18 +9,19 @@ iptables
 iputils
 kpartx
 kvm # NOPRIME
-qemu-kvm # NOPRIME
 libvirt-bin # NOPRIME
 libvirt-devel # NOPRIME
 libvirt-python # NOPRIME
 libxml2-python
-numpy # needed by websockify for spice console
 m2crypto
 mysql-connector-python
 mysql-devel
+MySQL-python
 mysql-server # NOPRIME
+numpy # needed by websockify for spice console
 parted
 polkit
+qemu-kvm # NOPRIME
 rabbitmq-server # NOPRIME
 sqlite
 sudo
diff --git a/files/rpms/swift b/files/rpms/swift
index 1bf57cc3a2..f56a81b0d1 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -1,7 +1,7 @@
 curl
 memcached
 pyxattr
+rsync-daemon # dist:f22,f23
 sqlite
 xfsprogs
 xinetd
-rsync-daemon # dist:f22,f23
diff --git a/files/rpms/zookeeper b/files/rpms/zookeeper
index c0d1c3066d..1bfac538a2 100644
--- a/files/rpms/zookeeper
+++ b/files/rpms/zookeeper
@@ -1 +1 @@
-zookeeper
\ No newline at end of file
+zookeeper

From 3dac869f80e90795efc2127b713cc5282f4eabb5 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 17:26:24 +1100
Subject: [PATCH 1048/3421] Cleanup some of the deb/rpm installs

python-devel and the mysql/postgresql client dev-libs should all be
installed globally via the "general" installs; no need to installs
them separately

Change-Id: I91a9ace2e62a891634dbb4635ab2ad8c8dc59f91
---
 files/debs/cinder        | 1 -
 files/rpms-suse/cinder   | 2 --
 files/rpms-suse/glance   | 1 -
 files/rpms-suse/keystone | 1 -
 files/rpms-suse/neutron  | 1 -
 files/rpms-suse/nova     | 1 -
 files/rpms-suse/swift    | 1 -
 files/rpms/cinder        | 1 -
 files/rpms/neutron       | 1 -
 9 files changed, 10 deletions(-)
 delete mode 100644 files/rpms-suse/glance

diff --git a/files/debs/cinder b/files/debs/cinder
index 48b8d0f7d3..3595e011da 100644
--- a/files/debs/cinder
+++ b/files/debs/cinder
@@ -1,4 +1,3 @@
-libpq-dev
 lvm2
 open-iscsi
 open-iscsi-utils # Deprecated since quantal dist:precise
diff --git a/files/rpms-suse/cinder b/files/rpms-suse/cinder
index 56b1bb536a..189a232fa7 100644
--- a/files/rpms-suse/cinder
+++ b/files/rpms-suse/cinder
@@ -1,6 +1,4 @@
 lvm2
 open-iscsi
-postgresql-devel
-python-devel
 qemu-tools
 tgt # NOPRIME
diff --git a/files/rpms-suse/glance b/files/rpms-suse/glance
deleted file mode 100644
index bf512de575..0000000000
--- a/files/rpms-suse/glance
+++ /dev/null
@@ -1 +0,0 @@
-python-devel
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
index c838b413c3..46832c786d 100644
--- a/files/rpms-suse/keystone
+++ b/files/rpms-suse/keystone
@@ -1,4 +1,3 @@
 cyrus-sasl-devel
 openldap2-devel
-python-devel
 sqlite3
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index 4b0eefaaa5..e9abc6eca6 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -5,7 +5,6 @@ ebtables
 iptables
 iputils
 mariadb # NOPRIME
-postgresql-devel
 rabbitmq-server # NOPRIME
 radvd # NOPRIME
 sqlite3
diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova
index 2f3ad21a63..ae115d2138 100644
--- a/files/rpms-suse/nova
+++ b/files/rpms-suse/nova
@@ -14,7 +14,6 @@ libvirt-python # NOPRIME
 mariadb # NOPRIME
 parted
 polkit
-python-devel
 # qemu as fallback if kvm cannot be used
 qemu # NOPRIME
 rabbitmq-server # NOPRIME
diff --git a/files/rpms-suse/swift b/files/rpms-suse/swift
index 6a824f944f..52e0a990e7 100644
--- a/files/rpms-suse/swift
+++ b/files/rpms-suse/swift
@@ -1,6 +1,5 @@
 curl
 memcached
-python-devel
 sqlite3
 xfsprogs
 xinetd
diff --git a/files/rpms/cinder b/files/rpms/cinder
index f28f04d8ba..0274642fd6 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -1,5 +1,4 @@
 iscsi-initiator-utils
 lvm2
-postgresql-devel
 qemu-img
 scsi-target-utils # NOPRIME
diff --git a/files/rpms/neutron b/files/rpms/neutron
index b3f79ed146..9683475d29 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -9,7 +9,6 @@ mysql-devel
 MySQL-python
 mysql-server # NOPRIME
 openvswitch # NOPRIME
-postgresql-devel
 rabbitmq-server # NOPRIME
 radvd # NOPRIME
 sqlite

From 7ddf6741d24485aa40de122f4bfdf4cd55e7cfad Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 9 Nov 2015 08:08:53 -0500
Subject: [PATCH 1049/3421] Neutron-legacy: Remove LINUXNET_VIF_DRIVER option

A value is never assigned, and it ends up in the nova.conf file as:

linuxnet_interface_driver =

So, let's delete it.

Change-Id: Ibc270ce6ee622eee871df1f8c11f21e8be8280ee
---
 lib/neutron-legacy | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4e51425ffc..096869929b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -488,7 +488,6 @@ function create_nova_conf_neutron {
     # optionally set options in nova_conf
     neutron_plugin_create_nova_conf
 
-    iniset $NOVA_CONF DEFAULT linuxnet_interface_driver "$LINUXNET_VIF_DRIVER"
     if is_service_enabled q-meta; then
         iniset $NOVA_CONF neutron service_metadata_proxy "True"
     fi

From 5c5e08669cb7539886cb3477fc7c4c7deb701f50 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Mon, 9 Nov 2015 14:08:15 -0500
Subject: [PATCH 1050/3421] loop all ebtables tables

ebtables has 3 built in tables, if we don't call them out we only get
'filter' (per man page).

Change-Id: I52360cbb3b910cb492b61e2314848cc29dcd8266
---
 tools/worlddump.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/worlddump.py b/tools/worlddump.py
index 1b337a9a83..97e4d949c7 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -86,8 +86,10 @@ def disk_space():
 
 
 def ebtables_dump():
+    tables = ['filter', 'nat', 'broute']
     _header("EB Tables Dump")
-    _dump_cmd("sudo ebtables -L")
+    for table in tables:
+        _dump_cmd("sudo ebtables -t %s -L" % table)
 
 
 def iptables_dump():

From 8a3b7d424d8edf53d0560db48247e6bca11176ee Mon Sep 17 00:00:00 2001
From: John Davidge 
Date: Tue, 7 Jul 2015 11:10:54 +0100
Subject: [PATCH 1051/3421] Fix stack failure when default subnetpool is set

Currently stack.sh will fail if a value is set for
default_ipv4_subnet_pool and/or default_ipv6_subnet_pool in
neutron.conf. This is because setting either of these values
overrides the default behaviour of using the implicit (none)
subnetpool for subnet creation, and the subnetpools
specified in neutron.conf have not been created at the time
of the devstack calls to subnet-create.

This patch fixes the failure by specifying subnetpool = None
in calls to subnet-create, so that neutron will behave as
devstack expects. This parameter will no longer be required
once these configuration options are removed in the OpenStack
N release, but will be required for compatibility with Kilo,
Liberty, and Mitaka.

Change-Id: I29b2d62a022b43f6623b127af2ca303f9de847b0
Closes-Bug: #1472200
---
 exercises/neutron-adv-test.sh | 2 +-
 lib/neutron-legacy            | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/exercises/neutron-adv-test.sh b/exercises/neutron-adv-test.sh
index a8fbd86473..9bcb7669b7 100755
--- a/exercises/neutron-adv-test.sh
+++ b/exercises/neutron-adv-test.sh
@@ -235,7 +235,7 @@ function create_network {
     local NET_ID
     NET_ID=$(neutron net-create --tenant-id $TENANT_ID $NET_NAME $EXTRA| grep ' id ' | awk '{print $4}' )
     die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $TENANT_ID $NET_NAME $EXTRA"
-    neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY $NET_ID $CIDR
+    neutron subnet-create --ip-version 4 --tenant-id $TENANT_ID --gateway $GATEWAY --subnetpool None $NET_ID $CIDR
     neutron_debug_admin probe-create --device-owner compute $NET_ID
     source $TOP_DIR/openrc demo demo
 }
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c244e5470a..0e7ce26674 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -542,12 +542,12 @@ function create_neutron_initial_network {
         die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
 
         if [[ "$IP_VERSION" =~ 4.* ]]; then
-            SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
+            SUBNET_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} --name $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY --subnetpool None $NET_ID $FIXED_RANGE | grep ' id ' | get_field 2)
             die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $TENANT_ID"
         fi
 
         if [[ "$IP_VERSION" =~ .*6 ]]; then
-            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
+            SUBNET_V6_ID=$(neutron subnet-create --tenant_id $TENANT_ID --ip_version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $V6_NETWORK_GATEWAY --name $PROVIDER_SUBNET_NAME_V6 --subnetpool_id None $NET_ID $FIXED_RANGE_V6 | grep 'id' | get_field 2)
             die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $PROVIDER_SUBNET_NAME_V6 $TENANT_ID"
         fi
 
@@ -1236,6 +1236,7 @@ function _neutron_create_private_subnet_v4 {
     subnet_params+="--ip_version 4 "
     subnet_params+="--gateway $NETWORK_GATEWAY "
     subnet_params+="--name $PRIVATE_SUBNET_NAME "
+    subnet_params+="--subnetpool None "
     subnet_params+="$NET_ID $FIXED_RANGE"
     local subnet_id
     subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
@@ -1252,6 +1253,7 @@ function _neutron_create_private_subnet_v6 {
     subnet_params+="--ip_version 6 "
     subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
     subnet_params+="--name $IPV6_PRIVATE_SUBNET_NAME "
+    subnet_params+="--subnetpool None "
     subnet_params+="$NET_ID $FIXED_RANGE_V6 $ipv6_modes"
     local ipv6_subnet_id
     ipv6_subnet_id=$(neutron subnet-create $subnet_params | grep ' id ' | get_field 2)
@@ -1265,6 +1267,7 @@ function _neutron_create_public_subnet_v4 {
     subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} "
     subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY "
     subnet_params+="--name $PUBLIC_SUBNET_NAME "
+    subnet_params+="--subnetpool None "
     subnet_params+="$EXT_NET_ID $FLOATING_RANGE "
     subnet_params+="-- --enable_dhcp=False"
     local id_and_ext_gw_ip
@@ -1278,6 +1281,7 @@ function _neutron_create_public_subnet_v6 {
     local subnet_params="--ip_version 6 "
     subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY "
     subnet_params+="--name $IPV6_PUBLIC_SUBNET_NAME "
+    subnet_params+="--subnetpool None "
     subnet_params+="$EXT_NET_ID $IPV6_PUBLIC_RANGE "
     subnet_params+="-- --enable_dhcp=False"
     local ipv6_id_and_ext_gw_ip

From 04e73e17e8c536abb1ea86e7b0d037aef543da37 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Tue, 10 Nov 2015 18:58:11 +0100
Subject: [PATCH 1052/3421] On Ubuntu: don't start Zookeeper twice

On Ubuntu, if the Zookeeper service is already running, attempting
to start it again fails with non-zero exit code. This patch detects
whether ZK is already started before trying to start it.

Change-Id: If1257152de01fe5fe0351fdbb538bce083edbec0
Closes-Bug: #1513741
---
 lib/zookeeper | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/zookeeper b/lib/zookeeper
index e62ba8ada8..6637d52bca 100644
--- a/lib/zookeeper
+++ b/lib/zookeeper
@@ -69,7 +69,12 @@ function install_zookeeper {
 
 # start_zookeeper() - Start running processes, including screen
 function start_zookeeper {
-    start_service zookeeper
+    # Starting twice Zookeeper on Ubuntu exits with error code 1. See LP#1513741
+    # Match both systemd and sysvinit output
+    local running="(active \(running\)|start/running)"
+    if ! is_ubuntu || ! sudo /usr/sbin/service zookeeper status | egrep -q "$running"; then
+        start_service zookeeper
+    fi
 }
 
 # stop_zookeeper() - Stop running processes (non-screen)

From 536b8c1d2cf9d2523dc60f74190ef566a8c3fc4b Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Mon, 9 Nov 2015 10:05:37 +1100
Subject: [PATCH 1053/3421] Allow screen without logging to disk

In some niche setups it is desirable to run OpenStack services under
screen, but undesirable to automatically keep a persistent log from
each service.

Add a new variable SCREEN_IS_LOGGING that controls if screen logs each
window to disk automatically.

Ideally screen itself would be configured to log but just not activate.
This isn't possible with the screerc syntax.  Temporary logging can still
be used by a developer with:
    C-a : logfile foo
    C-a : log on

Change-Id: I2a3abf15dea95ae99ddbdfe1309382df601b7d93
---
 functions-common | 14 +++++++++-----
 stackrc          | 10 ++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/functions-common b/functions-common
index ca0543da7d..ba3c79126d 100644
--- a/functions-common
+++ b/functions-common
@@ -1366,7 +1366,7 @@ function run_process {
 
 # Helper to launch a process in a named screen
 # Uses globals ``CURRENT_LOG_TIME``, ```LOGDIR``, ``SCREEN_LOGDIR``, `SCREEN_NAME``,
-# ``SERVICE_DIR``, ``USE_SCREEN``
+# ``SERVICE_DIR``, ``USE_SCREEN``, ``SCREEN_IS_LOGGING``
 # screen_process name "command-line" [group]
 # Run a command in a shell in a screen window, if an optional group
 # is provided, use sg to set the group of the command.
@@ -1386,8 +1386,12 @@ function screen_process {
     echo "SCREEN_LOGDIR: $SCREEN_LOGDIR"
     echo "log: $real_logfile"
     if [[ -n ${LOGDIR} ]]; then
-        screen -S $SCREEN_NAME -p $name -X logfile "$real_logfile"
-        screen -S $SCREEN_NAME -p $name -X log on
+        if [[ "$SCREEN_IS_LOGGING" == "True" ]]; then
+            screen -S $SCREEN_NAME -p $name -X logfile "$real_logfile"
+            screen -S $SCREEN_NAME -p $name -X log on
+        fi
+        # If logging isn't active then avoid a broken symlink
+        touch "$real_logfile"
         ln -sf "$real_logfile" ${LOGDIR}/${name}.log
         if [[ -n ${SCREEN_LOGDIR} ]]; then
             # Drop the backward-compat symlink
@@ -1426,7 +1430,7 @@ function screen_process {
 }
 
 # Screen rc file builder
-# Uses globals ``SCREEN_NAME``, ``SCREENRC``
+# Uses globals ``SCREEN_NAME``, ``SCREENRC``, ``SCREEN_IS_LOGGING``
 # screen_rc service "command-line"
 function screen_rc {
     SCREEN_NAME=${SCREEN_NAME:-stack}
@@ -1446,7 +1450,7 @@ function screen_rc {
         echo "screen -t $1 bash" >> $SCREENRC
         echo "stuff \"$2$NL\"" >> $SCREENRC
 
-        if [[ -n ${LOGDIR} ]]; then
+        if [[ -n ${LOGDIR} ]] && [[ "$SCREEN_IS_LOGGING" == "True" ]]; then
             echo "logfile ${LOGDIR}/${1}.log.${CURRENT_LOG_TIME}" >>$SCREENRC
             echo "log on" >>$SCREENRC
         fi
diff --git a/stackrc b/stackrc
index 3033b27580..76a5756dde 100644
--- a/stackrc
+++ b/stackrc
@@ -103,6 +103,16 @@ HORIZON_APACHE_ROOT="/dashboard"
 # be disabled for automated testing by setting this value to False.
 USE_SCREEN=True
 
+# When using screen, should we keep a log file on disk?  You might
+# want this False if you have a long-running setup where verbose logs
+# can fill-up the host.
+# XXX: Ideally screen itself would be configured to log but just not
+# activate.  This isn't possible with the screerc syntax.  Temporary
+# logging can still be used by a developer with:
+#    C-a : logfile foo
+#    C-a : log on
+SCREEN_IS_LOGGING=$(trueorfalse True SCREEN_IS_LOGGING)
+
 # Passwords generated by interactive devstack runs
 if [[ -r $RC_DIR/.localrc.password ]]; then
     source $RC_DIR/.localrc.password

From f6cee0fa2041a9188ad5e3e24e87ebd513729da8 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Fri, 6 Nov 2015 18:18:57 +0100
Subject: [PATCH 1054/3421] Install kernel-modules package on fedora

Since f21 the kernel modules are split to multiple packages
and by default just the core modules gets installed.

nova requires iscsi_tcp module for attaching a volume
from any iscsi source (default cinder lvm setup).

On el7 it is not required.

Change-Id: I31705720ade5defd1b6d4b95bc51c2a11a5f0364
Related-Bug: #1429504
---
 files/rpms/nova | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/rpms/nova b/files/rpms/nova
index e70f138a3c..00e759636e 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -7,6 +7,7 @@ gawk
 genisoimage # required for config_drive
 iptables
 iputils
+kernel-modules # dist:f21,f22,f23
 kpartx
 kvm # NOPRIME
 libvirt-bin # NOPRIME

From 59e86a3aae3ca49ae3a400c1fcc49c53c9328fd2 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 9 Nov 2015 11:06:39 -0500
Subject: [PATCH 1055/3421] Replace default route for inet6

When taking the IPv6 addresses from an interface, also update any routing
table entries.

Change-Id: I0424de6c5c1b0fcb7a9bc3fc1475036668cab09d
Closes-Bug: 1514494
---
 lib/neutron-legacy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c244e5470a..2c0c9cfb3b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -799,7 +799,7 @@ function _move_neutron_addresses_route {
         local IP_ADD=""
         local IP_DEL=""
         local DEFAULT_ROUTE_GW
-        DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
+        DEFAULT_ROUTE_GW=$(ip -f $af r | awk "/default.+$from_intf/ { print \$3; exit }")
         local ADD_OVS_PORT=""
 
         if [[ $af == "inet" ]]; then
@@ -811,7 +811,7 @@ function _move_neutron_addresses_route {
         fi
 
         if [ "$DEFAULT_ROUTE_GW" != "" ]; then
-            ADD_DEFAULT_ROUTE="sudo ip r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
+            ADD_DEFAULT_ROUTE="sudo ip -f $af r replace default via $DEFAULT_ROUTE_GW dev $to_intf"
         fi
 
         if [[ "$add_ovs_port" == "True" ]]; then

From 9af81997b543f7634c180b73a036c59456118b50 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Tue, 10 Nov 2015 13:30:20 -0500
Subject: [PATCH 1056/3421] Only take the first global, non temporary ipv6
 address

Taking a temporary IPv6 address created through the OS' support for
Privacy Extensions (RFC 4941) is not very useful. It would occur because
it happened to be the first in the list returned from ip(8). Instead,
grab the first IPv6 address that is not a temporary address.

Related-Bug: #1488691

Change-Id: I7f455572241e7d0c7406f173239a2270a4d8926a
---
 lib/neutron-legacy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 2c0c9cfb3b..eed477a550 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -807,7 +807,7 @@ function _move_neutron_addresses_route {
         fi
 
         if [[ $af == "inet6" ]]; then
-            IP_BRD=$(ip -f $af a s dev $from_intf | grep inet6 | awk '{ print $2, $3, $4; exit }')
+            IP_BRD=$(ip -f $af a s dev $from_intf | grep 'scope global' | sed '/temporary/d' | awk '{ print $2, $3, $4; exit }')
         fi
 
         if [ "$DEFAULT_ROUTE_GW" != "" ]; then

From 1650166c2594905ca16c02b58430f4f5bd9ed24c Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Mon, 12 Oct 2015 11:01:44 -0400
Subject: [PATCH 1057/3421] docs: Add more networking details to single
 interface section

Add complete localrcs, and also add a section for additional compute
nodes, to help demonstrate the OVS layout and how traffic flows over
VXLAN tunnels from compute nodes, to the L3 node, and out onto the
wire.

Closes-Bug: #1506733

Change-Id: Ibb5fd454bdcb8c13400c1e11f640c2aafc0f73ca
---
 doc/source/guides/neutron.rst | 172 +++++++++++++++++++++++++++++++++-
 1 file changed, 171 insertions(+), 1 deletion(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 5891f68033..ee29087267 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -35,7 +35,7 @@ network and is on a shared subnet with other machines.
                 network hardware_network {
                         address = "172.18.161.0/24"
                         router [ address = "172.18.161.1" ];
-                        devstack_laptop [ address = "172.18.161.6" ];
+                        devstack-1 [ address = "172.18.161.6" ];
                 }
         }
 
@@ -43,9 +43,13 @@ network and is on a shared subnet with other machines.
 DevStack Configuration
 ----------------------
 
+The following is a complete `local.conf` for the host named
+`devstack-1`. It will run all the API and services, as well as
+serving as a hypervisor for guest instances.
 
 ::
 
+        [[local|localrc]]
         HOST_IP=172.18.161.6
         SERVICE_HOST=172.18.161.6
         MYSQL_HOST=172.18.161.6
@@ -57,6 +61,12 @@ DevStack Configuration
         SERVICE_PASSWORD=secrete
         SERVICE_TOKEN=secrete
 
+        # Do not use Nova-Network
+        disable_service n-net
+        # Enable Neutron
+        ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
+
+
         ## Neutron options
         Q_USE_SECGROUP=True
         FLOATING_RANGE="172.18.161.0/24"
@@ -71,6 +81,166 @@ DevStack Configuration
         OVS_BRIDGE_MAPPINGS=public:br-ex
 
 
+Adding Additional Compute Nodes
+-------------------------------
+
+Let's suppose that after installing DevStack on the first host, you
+also want to do multinode testing and networking.
+
+Physical Network Setup
+~~~~~~~~~~~~~~~~~~~~~~
+
+.. nwdiag::
+
+        nwdiag {
+                inet [ shape = cloud ];
+                router;
+                inet -- router;
+
+                network hardware_network {
+                        address = "172.18.161.0/24"
+                        router [ address = "172.18.161.1" ];
+                        devstack-1 [ address = "172.18.161.6" ];
+                        devstack-2 [ address = "172.18.161.7" ];
+                }
+        }
+
+
+After DevStack installs and configures Neutron, traffic from guest VMs
+flows out of `devstack-2` (the compute node) and is encapsulated in a
+VXLAN tunnel back to `devstack-1` (the control node) where the L3
+agent is running.
+
+::
+
+    stack@devstack-2:~/devstack$ sudo ovs-vsctl show
+    8992d965-0ba0-42fd-90e9-20ecc528bc29
+        Bridge br-int
+            fail_mode: secure
+            Port br-int
+                Interface br-int
+                    type: internal
+            Port patch-tun
+                Interface patch-tun
+                    type: patch
+                    options: {peer=patch-int}
+        Bridge br-tun
+            fail_mode: secure
+            Port "vxlan-c0a801f6"
+                Interface "vxlan-c0a801f6"
+                    type: vxlan
+                    options: {df_default="true", in_key=flow, local_ip="172.18.161.7", out_key=flow, remote_ip="172.18.161.6"}
+            Port patch-int
+                Interface patch-int
+                    type: patch
+                    options: {peer=patch-tun}
+            Port br-tun
+                Interface br-tun
+                    type: internal
+        ovs_version: "2.0.2"
+
+Open vSwitch on the control node, where the L3 agent runs, is
+configured to de-encapsulate traffic from compute nodes, then forward
+it over the `br-ex` bridge, where `eth0` is attached.
+
+::
+
+    stack@devstack-1:~/devstack$ sudo ovs-vsctl show
+    422adeea-48d1-4a1f-98b1-8e7239077964
+        Bridge br-tun
+            fail_mode: secure
+            Port br-tun
+                Interface br-tun
+                    type: internal
+            Port patch-int
+                Interface patch-int
+                    type: patch
+                    options: {peer=patch-tun}
+            Port "vxlan-c0a801d8"
+                Interface "vxlan-c0a801d8"
+                    type: vxlan
+                    options: {df_default="true", in_key=flow, local_ip="172.18.161.6", out_key=flow, remote_ip="172.18.161.7"}
+        Bridge br-ex
+            Port phy-br-ex
+                Interface phy-br-ex
+                    type: patch
+                    options: {peer=int-br-ex}
+            Port "eth0"
+                Interface "eth0"
+            Port br-ex
+                Interface br-ex
+                    type: internal
+        Bridge br-int
+            fail_mode: secure
+            Port "tapce66332d-ea"
+                tag: 1
+                Interface "tapce66332d-ea"
+                    type: internal
+            Port "qg-65e5a4b9-15"
+                tag: 2
+                Interface "qg-65e5a4b9-15"
+                    type: internal
+            Port "qr-33e5e471-88"
+                tag: 1
+                Interface "qr-33e5e471-88"
+                    type: internal
+            Port "qr-acbe9951-70"
+                tag: 1
+                Interface "qr-acbe9951-70"
+                    type: internal
+            Port br-int
+                Interface br-int
+                    type: internal
+            Port patch-tun
+                Interface patch-tun
+                    type: patch
+                    options: {peer=patch-int}
+            Port int-br-ex
+                Interface int-br-ex
+                    type: patch
+                    options: {peer=phy-br-ex}
+        ovs_version: "2.0.2"
+
+`br-int` is a bridge that the Open vSwitch mechanism driver creates,
+which is used as the "integration bridge" where ports are created, and
+plugged into the virtual switching fabric. `br-ex` is an OVS bridge
+that is used to connect physical ports (like `eth0`), so that floating
+IP traffic for tenants can be received from the physical network
+infrastructure (and the internet), and routed to tenant network ports.
+`br-tun` is a tunnel bridge that is used to connect OpenStack nodes
+(like `devstack-2`) together. This bridge is used so that tenant
+network traffic, using the VXLAN tunneling protocol, flows between
+each compute node where tenant instances run.
+
+
+
+DevStack Compute Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The host `devstack-2` has a very minimal `local.conf`.
+
+::
+
+    [[local|localrc]]
+    HOST_IP=172.18.161.7
+    SERVICE_HOST=172.18.161.6
+    MYSQL_HOST=172.18.161.6
+    RABBIT_HOST=172.18.161.6
+    GLANCE_HOSTPORT=172.18.161.6:9292
+    ADMIN_PASSWORD=secrete
+    MYSQL_PASSWORD=secrete
+    RABBIT_PASSWORD=secrete
+    SERVICE_PASSWORD=secrete
+    SERVICE_TOKEN=secrete
+
+    ## Neutron options
+    PUBLIC_INTERFACE=eth0
+    ENABLED_SERVICES=n-cpu,rabbit,q-agt
+
+Network traffic from `eth0` on the compute nodes is then NAT'd by the
+controller node that runs Neutron's `neutron-l3-agent` and provides L3
+connectivity.
+
 
 Neutron Networking with Open vSwitch and Provider Networks
 ==========================================================

From 90dd262c19d7387ef6b438aea5e6eb13f3fd609d Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 10 Nov 2015 12:22:03 -0500
Subject: [PATCH 1058/3421] fail if devstack attempts to be run under
 virtualenv

This has come up on the mailing list recently, we should just fail
early and explicitly so that people don't get way down this path and
not realize it's never going to work.

Change-Id: I8a7f001adf3a5244b8655858ebd5fc7014a4af55
---
 stack.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/stack.sh b/stack.sh
index 68b932e4b1..825ed968f3 100755
--- a/stack.sh
+++ b/stack.sh
@@ -93,6 +93,20 @@ if [[ $EUID -eq 0 ]]; then
     exit 1
 fi
 
+# OpenStack is designed to run at a system level, with system level
+# installation of python packages. It does not support running under a
+# virtual env, and will fail in really odd ways if you do this. Make
+# this explicit as it has come up on the mailing list.
+if [[ -n "$VIRTUAL_ENV" ]]; then
+    echo "You appear to be running under a python virtualenv."
+    echo "DevStack does not support this, as we my break the"
+    echo "virtualenv you are currently in by modifying "
+    echo "external system-level components the virtualenv relies on."
+    echo "We reccommend you use a separate virtual-machine if "
+    echo "you are worried about DevStack taking over your system."
+    exit 1
+fi
+
 # Provide a safety switch for devstack. If you do a lot of devstack,
 # on a lot of different environments, you sometimes run it on the
 # wrong box. This makes there be a way to prevent that.

From 7e550682977b0c3a6a667af6691760d8a7506e9b Mon Sep 17 00:00:00 2001
From: Richard Theis 
Date: Tue, 13 Oct 2015 07:51:05 -0500
Subject: [PATCH 1059/3421] doc: Update LBaaS v2 setup for Liberty

- Updated LBaaS v2 setup to use Octavia.
- Removed the old cirros image URL, the default should be sufficient.
- Fixed nova boot commands based on Liberty DevStack.
- Added sleeps to LBaaS v2 commands since most commands
  can take a few seconds to complete.
- Added wait to load balancer creation since it can take
  a few minutes to complete.
- Wrapped long lines in the descriptions.

Change-Id: Ib4a3f02ebc2606e3e16591ae3a23676cb0a6cd64
---
 doc/source/guides/devstack-with-lbaas-v2.rst | 30 ++++++++++++++------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
index f67978310d..747a9384d0 100644
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -1,13 +1,17 @@
-Configure Load-Balancer in Kilo
+Configure Load-Balancer Version 2
 =================================
 
-The Kilo release of OpenStack will support Version 2 of the neutron load balancer. Until now, using OpenStack `LBaaS V2 `_ has required a good understanding of neutron and LBaaS architecture and several manual steps.
+Starting in the OpenStack Liberty release, the
+`neutron LBaaS v2 API `_
+is now stable while the LBaaS v1 API has been deprecated.  The LBaaS v2 reference
+driver is based on Octavia.
 
 
 Phase 1: Create DevStack + 2 nova instances
 --------------------------------------------
 
-First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space, make sure it is updated. Install git and any other developer tools you find useful.
+First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space,
+make sure it is updated. Install git and any other developer tools you find useful.
 
 Install devstack
 
@@ -24,6 +28,7 @@ Edit your `local.conf` to look like
     [[local|localrc]]
     # Load the external LBaaS plugin.
     enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas
+    enable_plugin octavia https://git.openstack.org/openstack/octavia
 
     # ===== BEGIN localrc =====
     DATABASE_PASSWORD=password
@@ -42,13 +47,13 @@ Edit your `local.conf` to look like
     ENABLED_SERVICES+=,horizon
     # Nova
     ENABLED_SERVICES+=,n-api,n-crt,n-obj,n-cpu,n-cond,n-sch
-    IMAGE_URLS+=",https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img"
     # Glance
     ENABLED_SERVICES+=,g-api,g-reg
     # Neutron
     ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta
-    # Enable LBaaS V2
+    # Enable LBaaS v2
     ENABLED_SERVICES+=,q-lbaasv2
+    ENABLED_SERVICES+=,octavia,o-cw,o-hk,o-hm,o-api
     # Cinder
     ENABLED_SERVICES+=,c-api,c-vol,c-sch
     # Tempest
@@ -69,11 +74,11 @@ Create two nova instances that we can use as test http servers:
   ::
 
     #create nova instances on private network
-    nova boot --image $(nova image-list | awk '/ cirros-0.3.0-x86_64-disk / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node1
-    nova boot --image $(nova image-list | awk '/ cirros-0.3.0-x86_64-disk / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node2
+    nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node1
+    nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node2
     nova list # should show the nova instances just created
 
-    #add secgroup rule to allow ssh etc..
+    #add secgroup rules to allow ssh etc..
     neutron security-group-rule-create default --protocol icmp
     neutron security-group-rule-create default --protocol tcp --port-range-min 22 --port-range-max 22
     neutron security-group-rule-create default --protocol tcp --port-range-min 80 --port-range-max 80
@@ -91,9 +96,16 @@ Phase 2: Create your load balancers
  ::
 
     neutron lbaas-loadbalancer-create --name lb1 private-subnet
+    neutron lbaas-loadbalancer-show lb1  # Wait for the provisioning_status to be ACTIVE.
     neutron lbaas-listener-create --loadbalancer lb1 --protocol HTTP --protocol-port 80 --name listener1
+    sleep 10  # Sleep since LBaaS actions can take a few seconds depending on the environment.
     neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
+    sleep 10
     neutron lbaas-member-create  --subnet private-subnet --address 10.0.0.3 --protocol-port 80 pool1
+    sleep 10
     neutron lbaas-member-create  --subnet private-subnet --address 10.0.0.5 --protocol-port 80 pool1
 
-Please note here that the "10.0.0.3" and "10.0.0.5" in the above commands are the IPs of the nodes (in my test run-thru, they were actually 10.2 and 10.4), and the address of the created LB will be reported as "vip_address" from the lbaas-loadbalancer-create, and a quick test of that LB is "curl that-lb-ip", which should alternate between showing the IPs of the two nodes.
+Please note here that the "10.0.0.3" and "10.0.0.5" in the above commands are the IPs of the nodes
+(in my test run-thru, they were actually 10.2 and 10.4), and the address of the created LB will be
+reported as "vip_address" from the lbaas-loadbalancer-create, and a quick test of that LB is
+"curl that-lb-ip", which should alternate between showing the IPs of the two nodes.

From 2e8695b0756969d89cd4152e7496df9bf540eaa3 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Tue, 20 Oct 2015 11:21:57 +1100
Subject: [PATCH 1060/3421] Add development libraries needed by Pillow

Change I8da7dd95ae24cf06dc7bdc300fcf39947a6df093 added Pillow build deps
to nodepool thick slaves.  This means that Pillow 3 will work in unit
tests.

Make the matching change to allow Pillow 3.0.0 to work under devstack.

The longer term aim is to remove temporary upper cap.

Change-Id: I2bec8cf1bfeaaa6ae329704229fdeb86d26e55c7
---
 files/debs/general      | 1 +
 files/rpms-suse/general | 2 ++
 files/rpms/general      | 1 +
 3 files changed, 4 insertions(+)

diff --git a/files/debs/general b/files/debs/general
index 9b2715685e..1215147a16 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -8,6 +8,7 @@ git
 graphviz # needed for docs
 iputils-ping
 libffi-dev # for pyOpenSSL
+libjpeg-dev # Pillow 3.0.0
 libmysqlclient-dev  # MySQL-python
 libpq-dev  # psycopg2
 libssl-dev # for pyOpenSSL
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 651243d274..34a29554f7 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -9,6 +9,7 @@ git-core
 graphviz # docs
 iputils
 libffi-devel  # pyOpenSSL
+libjpeg8-devel # Pillow 3.0.0
 libmysqlclient-devel # MySQL-python
 libopenssl-devel # to rebuild pyOpenSSL if needed
 libxslt-devel  # lxml
@@ -26,3 +27,4 @@ tar
 tcpdump
 unzip
 wget
+zlib-devel
diff --git a/files/rpms/general b/files/rpms/general
index cfd9479600..40b06f489b 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -12,6 +12,7 @@ iptables-services  # NOPRIME f21,f22
 java-1.7.0-openjdk-headless  # NOPRIME rhel7
 java-1.8.0-openjdk-headless  # NOPRIME f21,f22
 libffi-devel
+libjpeg-turbo-devel # Pillow 3.0.0
 libxml2-devel # lxml
 libxslt-devel # lxml
 libyaml-devel

From 5cad4d3fe94f2e3823a8d9a2588b3a580d69605c Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 10 Nov 2015 14:39:07 -0500
Subject: [PATCH 1061/3421] refactor zookeeper into a slightly more generic dlm
 module

This attempts to make the zookeeper installation a bit more modular
(assuming that other folks will want to add other dlms as plugins),
and addresses the service start issues with zookeeper under
ubuntu/upstart.

Zookeeper is not going to be installed by default. Services need to
ask for it with use_dlm.

Change-Id: I33525e2b83a4497a57ec95f62880e0308c88b34f
---
 lib/dlm       | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++
 lib/zookeeper |  91 ------------------------------------------
 stack.sh      |  20 +++-------
 stackrc       |   2 +-
 unstack.sh    |   2 +-
 5 files changed, 115 insertions(+), 108 deletions(-)
 create mode 100644 lib/dlm
 delete mode 100644 lib/zookeeper

diff --git a/lib/dlm b/lib/dlm
new file mode 100644
index 0000000000..f68ee26b4b
--- /dev/null
+++ b/lib/dlm
@@ -0,0 +1,108 @@
+#!/bin/bash
+#
+# lib/dlm
+#
+# Functions to control the installation and configuration of software
+# that provides a dlm (and possibly other functions). The default is
+# **zookeeper**, and is going to be the only backend supported in the
+# devstack tree.
+
+# Dependencies:
+#
+# - ``functions`` file
+
+# ``stack.sh`` calls the entry points in this order:
+#
+# - is_dlm_enabled
+# - install_dlm
+# - configure_dlm
+# - cleanup_dlm
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+# 
+
+# Set up default directories
+ZOOKEEPER_DATA_DIR=$DEST/data/zookeeper
+ZOOKEEPER_CONF_DIR=/etc/zookeeper
+
+
+# Entry Points
+# ------------
+#
+# NOTE(sdague): it is expected that when someone wants to implement
+# another one of these out of tree, they'll implement the following
+# functions:
+#
+# - dlm_backend
+# - install_dlm
+# - configure_dlm
+# - cleanup_dlm
+
+# This should be declared in the settings file of any plugin or
+# service that needs to have a dlm in their enviroment.
+function use_dlm {
+    enable_service $(dlm_backend)
+}
+
+# A function to return the name of the backend in question, some users
+# are going to need to know this.
+function dlm_backend {
+    echo "zookeeper"
+}
+
+# Test if a dlm is enabled (defaults to a zookeeper specific check)
+function is_dlm_enabled {
+    [[ ,${ENABLED_SERVICES}, =~ ,"$(dlm_backend)", ]] && return 0
+    return 1
+}
+
+# cleanup_dlm() - Remove residual data files, anything left over from previous
+# runs that a clean run would need to clean up
+function cleanup_dlm {
+    # NOTE(sdague): we don't check for is_enabled here because we
+    # should just delete this regardless. Some times users updated
+    # their service list before they run cleanup.
+    sudo rm -rf $ZOOKEEPER_DATA_DIR
+}
+
+# configure_dlm() - Set config files, create data dirs, etc
+function configure_dlm {
+    if is_dlm_enabled; then
+        sudo cp $FILES/zookeeper/* $ZOOKEEPER_CONF_DIR
+        sudo sed -i -e 's|.*dataDir.*|dataDir='$ZOOKEEPER_DATA_DIR'|' $ZOOKEEPER_CONF_DIR/zoo.cfg
+        # clean up from previous (possibly aborted) runs
+        # create required data files
+        sudo rm -rf $ZOOKEEPER_DATA_DIR
+        sudo mkdir -p $ZOOKEEPER_DATA_DIR
+        # restart after configuration, there is no reason to make this
+        # another step, because having data files that don't match the
+        # zookeeper running is just going to cause tears.
+        restart_service zookeeper
+    fi
+}
+
+# install_dlm() - Collect source and prepare
+function install_dlm {
+    if is_dlm_enabled; then
+        if is_ubuntu; then
+            install_package zookeeperd
+        else
+            die $LINENO "Don't know how to install zookeeper on this platform"
+        fi
+    fi
+}
+
+# Restore xtrace
+$XTRACE
+
+# Tell emacs to use shell-script-mode
+## Local variables:
+## mode: shell-script
+## End:
diff --git a/lib/zookeeper b/lib/zookeeper
deleted file mode 100644
index 6637d52bca..0000000000
--- a/lib/zookeeper
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/bash
-#
-# lib/zookeeper
-# Functions to control the installation and configuration of **zookeeper**
-
-# Dependencies:
-#
-# - ``functions`` file
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# - is_zookeeper_enabled
-# - install_zookeeper
-# - configure_zookeeper
-# - init_zookeeper
-# - start_zookeeper
-# - stop_zookeeper
-# - cleanup_zookeeper
-
-# Save trace setting
-XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-
-# Defaults
-# --------
-
-# 
-
-# Set up default directories
-ZOOKEEPER_DATA_DIR=$DEST/data/zookeeper
-ZOOKEEPER_CONF_DIR=/etc/zookeeper
-
-
-# Entry Points
-# ------------
-
-# Test if any zookeeper service us enabled
-# is_zookeeper_enabled
-function is_zookeeper_enabled {
-    [[ ,${ENABLED_SERVICES}, =~ ,"zookeeper", ]] && return 0
-    return 1
-}
-
-# cleanup_zookeeper() - Remove residual data files, anything left over from previous
-# runs that a clean run would need to clean up
-function cleanup_zookeeper {
-    sudo rm -rf $ZOOKEEPER_DATA_DIR
-}
-
-# configure_zookeeper() - Set config files, create data dirs, etc
-function configure_zookeeper {
-    sudo cp $FILES/zookeeper/* $ZOOKEEPER_CONF_DIR
-    sudo sed -i -e 's|.*dataDir.*|dataDir='$ZOOKEEPER_DATA_DIR'|' $ZOOKEEPER_CONF_DIR/zoo.cfg
-}
-
-# init_zookeeper() - Initialize databases, etc.
-function init_zookeeper {
-    # clean up from previous (possibly aborted) runs
-    # create required data files
-    sudo rm -rf $ZOOKEEPER_DATA_DIR
-    sudo mkdir -p $ZOOKEEPER_DATA_DIR
-}
-
-# install_zookeeper() - Collect source and prepare
-function install_zookeeper {
-    install_package zookeeperd
-}
-
-# start_zookeeper() - Start running processes, including screen
-function start_zookeeper {
-    # Starting twice Zookeeper on Ubuntu exits with error code 1. See LP#1513741
-    # Match both systemd and sysvinit output
-    local running="(active \(running\)|start/running)"
-    if ! is_ubuntu || ! sudo /usr/sbin/service zookeeper status | egrep -q "$running"; then
-        start_service zookeeper
-    fi
-}
-
-# stop_zookeeper() - Stop running processes (non-screen)
-function stop_zookeeper {
-    stop_service zookeeper
-}
-
-# Restore xtrace
-$XTRACE
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/stack.sh b/stack.sh
index 68b932e4b1..3cc21586d7 100755
--- a/stack.sh
+++ b/stack.sh
@@ -539,7 +539,7 @@ source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
-source $TOP_DIR/lib/zookeeper
+source $TOP_DIR/lib/dlm
 
 # Extras Source
 # --------------
@@ -724,11 +724,10 @@ run_phase stack pre-install
 
 install_rpc_backend
 
-if is_service_enabled zookeeper; then
-    cleanup_zookeeper
-    configure_zookeeper
-    init_zookeeper
-fi
+# NOTE(sdague): dlm install is conditional on one being enabled by configuration
+install_dlm
+configure_dlm
+
 if is_service_enabled $DATABASE_BACKENDS; then
     install_database
 fi
@@ -968,15 +967,6 @@ save_stackenv $LINENO
 start_dstat
 
 
-# Zookeeper
-# -----
-
-# zookeeper for use with tooz for Distributed Lock Management capabilities etc.,
-if is_service_enabled zookeeper; then
-    start_zookeeper
-fi
-
-
 # Keystone
 # --------
 
diff --git a/stackrc b/stackrc
index 76a5756dde..f4a162b50c 100644
--- a/stackrc
+++ b/stackrc
@@ -69,7 +69,7 @@ if ! isset ENABLED_SERVICES ; then
     # Dashboard
     ENABLED_SERVICES+=,horizon
     # Additional services
-    ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat,zookeeper
+    ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat
 fi
 
 # SQLAlchemy supports multiple database drivers for each database server
diff --git a/unstack.sh b/unstack.sh
index 0cace3254a..8eded837fd 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -69,7 +69,7 @@ source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
 source $TOP_DIR/lib/ldap
 source $TOP_DIR/lib/dstat
-source $TOP_DIR/lib/zookeeper
+source $TOP_DIR/lib/dlm
 
 # Extras Source
 # --------------

From 9329290183c96be45363325a244861065413562d Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Mon, 9 Nov 2015 15:45:04 +1100
Subject: [PATCH 1062/3421] Update comments to reflect current USE_SCREEN usage

In a couple of places the tracking of USE_SCREEN has drifted from the
comments.

Correct that.

Change-Id: I63bdd5ca4de49bf653f5bc8f8e0e5efe67ef605c
---
 functions-common | 10 ++++------
 stackrc          |  2 +-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/functions-common b/functions-common
index 5c97aee9a3..3eeab09889 100644
--- a/functions-common
+++ b/functions-common
@@ -1352,6 +1352,7 @@ function is_running {
 # If the command includes shell metachatacters (;<>*) it must be run using a shell
 # If an optional group is provided sg will be used to run the
 # command as that group.
+# Uses globals ``USE_SCREEN``
 # run_process service "command-line" [group]
 function run_process {
     local service=$1
@@ -1370,7 +1371,7 @@ function run_process {
 
 # Helper to launch a process in a named screen
 # Uses globals ``CURRENT_LOG_TIME``, ```LOGDIR``, ``SCREEN_LOGDIR``, `SCREEN_NAME``,
-# ``SERVICE_DIR``, ``USE_SCREEN``, ``SCREEN_IS_LOGGING``
+# ``SERVICE_DIR``, ``SCREEN_IS_LOGGING``
 # screen_process name "command-line" [group]
 # Run a command in a shell in a screen window, if an optional group
 # is provided, use sg to set the group of the command.
@@ -1381,7 +1382,6 @@ function screen_process {
 
     SCREEN_NAME=${SCREEN_NAME:-stack}
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
-    USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
     screen -S $SCREEN_NAME -X screen -t $name
 
@@ -1465,14 +1465,13 @@ function screen_rc {
 # If a PID is available use it, kill the whole process group via TERM
 # If screen is being used kill the screen window; this will catch processes
 # that did not leave a PID behind
-# Uses globals ``SCREEN_NAME``, ``SERVICE_DIR``, ``USE_SCREEN``
+# Uses globals ``SCREEN_NAME``, ``SERVICE_DIR``
 # screen_stop_service service
 function screen_stop_service {
     local service=$1
 
     SCREEN_NAME=${SCREEN_NAME:-stack}
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
-    USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
     if is_service_enabled $service; then
         # Clean up the screen window
@@ -1490,7 +1489,6 @@ function stop_process {
     local service=$1
 
     SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
-    USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
     if is_service_enabled $service; then
         # Kill via pid if we have one available
@@ -1552,11 +1550,11 @@ function service_check {
 }
 
 # Tail a log file in a screen if USE_SCREEN is true.
+# Uses globals ``USE_SCREEN``
 function tail_log {
     local name=$1
     local logfile=$2
 
-    USE_SCREEN=$(trueorfalse True USE_SCREEN)
     if [[ "$USE_SCREEN" = "True" ]]; then
         screen_process "$name" "sudo tail -f $logfile"
     fi
diff --git a/stackrc b/stackrc
index 76a5756dde..4f459397a0 100644
--- a/stackrc
+++ b/stackrc
@@ -101,7 +101,7 @@ HORIZON_APACHE_ROOT="/dashboard"
 # ctrl-c, up-arrow, enter to restart the service. Starting services
 # this way is slightly unreliable, and a bit slower, so this can
 # be disabled for automated testing by setting this value to False.
-USE_SCREEN=True
+USE_SCREEN=$(trueorfalse True USE_SCREEN)
 
 # When using screen, should we keep a log file on disk?  You might
 # want this False if you have a long-running setup where verbose logs

From 34a5aa5110c9651e2cf33d694d71b1e450495495 Mon Sep 17 00:00:00 2001
From: Tony Breeds 
Date: Tue, 10 Nov 2015 15:23:30 +1100
Subject: [PATCH 1063/3421] Remove unused compat variable SCREEN_DEV

Currently we set USE_SCREEN to SCREEN_DEV if it's set.  There is a
comment to remove it once it's eracticated from CI.

AFAICT this pre-condition has been met.

Change-Id: I1423c8b9c18d1b3e34dbfe1c03be735c646a12b4
---
 stackrc | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/stackrc b/stackrc
index 4f459397a0..075236890b 100644
--- a/stackrc
+++ b/stackrc
@@ -651,9 +651,6 @@ S3_SERVICE_PORT=${S3_SERVICE_PORT:-3333}
 PRIVATE_NETWORK_NAME=${PRIVATE_NETWORK_NAME:-"private"}
 PUBLIC_NETWORK_NAME=${PUBLIC_NETWORK_NAME:-"public"}
 
-# Compatibility until it's eradicated from CI
-USE_SCREEN=${SCREEN_DEV:-$USE_SCREEN}
-
 # Set default screen name
 SCREEN_NAME=${SCREEN_NAME:-stack}
 

From 201e3c133e28acb6dcdeb017389718db0775a748 Mon Sep 17 00:00:00 2001
From: Huan Xie 
Date: Thu, 27 Aug 2015 12:34:24 +0100
Subject: [PATCH 1064/3421] XenAPI:Fix problems to support xenserver+neutron

The lack of a CI for XenAPI + Neutron has meant this support has been
broken over time. This is set of one-off fixes that are needed to
reintroduce support while we work towards getting a CI functional

Related-Bug: #1495423
Change-Id: Id41fdc77c155756bda9e2e9ac0446a49f06f0603
---
 lib/neutron-legacy                    |  2 +-
 lib/neutron_plugins/openvswitch_agent | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c244e5470a..ac99678e66 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -639,7 +639,7 @@ function install_neutron {
         plugin_dir=$($ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location")
 
         # install neutron plugins to dom0
-        tar -czf - -C $NEUTRON_DIR/neutron/plugins/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
+        tar -czf - -C $NEUTRON_DIR/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
             $ssh_dom0 "tar -xzf - -C $plugin_dir && chmod a+x $plugin_dir/*"
     fi
 }
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 5a843ffba7..6a333939d0 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -71,6 +71,9 @@ function neutron_plugin_configure_plugin_agent {
         # Make a copy of our config for domU
         sudo cp /$Q_PLUGIN_CONF_FILE "/$Q_PLUGIN_CONF_FILE.domU"
 
+        # change domU's config file to STACK_USER
+        sudo chown $STACK_USER:$STACK_USER /$Q_PLUGIN_CONF_FILE.domU
+
         # Deal with Dom0's L2 Agent:
         Q_RR_DOM0_COMMAND="$NEUTRON_BIN_DIR/neutron-rootwrap-xen-dom0 $Q_RR_CONF_FILE"
 
@@ -82,7 +85,14 @@ function neutron_plugin_configure_plugin_agent {
         # Under XS/XCP, the ovs agent needs to target the dom0
         # integration bridge.  This is enabled by using a root wrapper
         # that executes commands on dom0 via a XenAPI plugin.
+        # XenAPI does not support daemon rootwrap now, so set root_helper_daemon empty
         iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_DOM0_COMMAND"
+        iniset /$Q_PLUGIN_CONF_FILE agent root_helper_daemon ""
+
+        # Disable minimize polling, so that it can always detect OVS and Port changes
+        # This is a problem of xenserver + neutron, bug has been reported
+        # https://bugs.launchpad.net/neutron/+bug/1495423
+        iniset /$Q_PLUGIN_CONF_FILE agent minimize_polling False
 
         # Set "physical" mapping
         iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings "physnet1:$FLAT_NETWORK_BRIDGE"
@@ -95,10 +105,14 @@ function neutron_plugin_configure_plugin_agent {
         # Create a bridge "br-$GUEST_INTERFACE_DEFAULT"
         _neutron_ovs_base_add_bridge "br-$GUEST_INTERFACE_DEFAULT"
         # Add $GUEST_INTERFACE_DEFAULT to that bridge
-        sudo ovs-vsctl add-port "br-$GUEST_INTERFACE_DEFAULT" $GUEST_INTERFACE_DEFAULT
+        sudo ovs-vsctl -- --may-exist add-port "br-$GUEST_INTERFACE_DEFAULT" $GUEST_INTERFACE_DEFAULT
+
+        # Create external bridge and add port
+        _neutron_ovs_base_add_bridge $PUBLIC_BRIDGE
+        sudo ovs-vsctl -- --may-exist add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE_DEFAULT
 
         # Set bridge mappings to "physnet1:br-$GUEST_INTERFACE_DEFAULT"
-        iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:br-$GUEST_INTERFACE_DEFAULT"
+        iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:br-$GUEST_INTERFACE_DEFAULT,physnet-ex:$PUBLIC_BRIDGE"
         # Set integration bridge to domU's
         iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs integration_bridge $OVS_BRIDGE
         # Set root wrap

From c175040103b6a903c286a253f0df0ddc468feae3 Mon Sep 17 00:00:00 2001
From: Jordan Pittier 
Date: Thu, 12 Nov 2015 11:03:20 +0100
Subject: [PATCH 1065/3421] Fix typo in error message printed if ran under
 virtualenv

Commit title says it all. I don't know how you feel about these kind
of commits, I feel like it's a waste of resources but I also feel bad
when I see big/obvious typo.

Change-Id: If048bb2dbad1a0b5a13e56b5fa1e6ea7c01eb05e
---
 stack.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/stack.sh b/stack.sh
index 825ed968f3..36bf2afd48 100755
--- a/stack.sh
+++ b/stack.sh
@@ -99,10 +99,10 @@ fi
 # this explicit as it has come up on the mailing list.
 if [[ -n "$VIRTUAL_ENV" ]]; then
     echo "You appear to be running under a python virtualenv."
-    echo "DevStack does not support this, as we my break the"
+    echo "DevStack does not support this, as we may break the"
     echo "virtualenv you are currently in by modifying "
     echo "external system-level components the virtualenv relies on."
-    echo "We reccommend you use a separate virtual-machine if "
+    echo "We recommend you use a separate virtual-machine if "
     echo "you are worried about DevStack taking over your system."
     exit 1
 fi

From 33c9a67ead4b61a9eb423f71ca4f8e062c3b5ebd Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Thu, 12 Nov 2015 19:50:00 +0900
Subject: [PATCH 1066/3421] Fix typos on three comments and one message

Fixes typos on three comments and one message
in functions/functions-common

Change-Id: I2c926ca29b284afd4534b92860fa46f248676a83
---
 functions        | 2 +-
 functions-common | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/functions b/functions
index ca5955e974..34da1ba733 100644
--- a/functions
+++ b/functions
@@ -410,7 +410,7 @@ function get_instance_ip {
     ip=$(echo "$nova_result" | grep "$network_name" | get_field 2)
     if [[ $ip = "" ]];then
         echo "$nova_result"
-        die $LINENO "[Fail] Coudn't get ipaddress of VM"
+        die $LINENO "[Fail] Couldn't get ipaddress of VM"
     fi
     echo $ip
 }
diff --git a/functions-common b/functions-common
index 5c97aee9a3..98ecfb26ae 100644
--- a/functions-common
+++ b/functions-common
@@ -1036,7 +1036,7 @@ function _parse_package_files {
                 # We are using BASH regexp matching feature.
                 package=${BASH_REMATCH[1]}
                 distros=${BASH_REMATCH[2]}
-                # In bash ${VAR,,} will lowecase VAR
+                # In bash ${VAR,,} will lowercase VAR
                 # Look for a match in the distro list
                 if [[ ! ${distros,,} =~ ${DISTRO,,} ]]; then
                     # If no match then skip this package
@@ -1509,7 +1509,7 @@ function stop_process {
                 # this fixed in all services:
                 # https://bugs.launchpad.net/oslo-incubator/+bug/1446583
                 sleep 1
-                # /bin/true becakse pkill on a non existant process returns an error
+                # /bin/true because pkill on a non existent process returns an error
                 pkill -g $(cat $SERVICE_DIR/$SCREEN_NAME/$service.pid) || /bin/true
             fi
             rm $SERVICE_DIR/$SCREEN_NAME/$service.pid
@@ -1717,7 +1717,7 @@ function plugin_override_defaults {
         if [[ -f $dir/devstack/override-defaults ]]; then
             # be really verbose that an override is happening, as it
             # may not be obvious if things fail later.
-            echo "$plugin has overriden the following defaults"
+            echo "$plugin has overridden the following defaults"
             cat $dir/devstack/override-defaults
             source $dir/devstack/override-defaults
         fi

From adcf40d5f8ec0509fe9230e04bf0bd3f269a3f53 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 5 Nov 2015 09:47:38 +0100
Subject: [PATCH 1067/3421] Ensure python is installed

devstack can call python before parsing the
package requirements, so the python installation
needs to be done eralier.

Closes-Bug: #1488625
Change-Id: I85cca899aeedd741cf7dc695435d61390e260f22
---
 stack.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/stack.sh b/stack.sh
index 825ed968f3..afb695836b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -335,6 +335,10 @@ if [ -z "`grep ^127.0.0.1 /etc/hosts | grep $LOCAL_HOSTNAME`" ]; then
     sudo sed -i "s/\(^127.0.0.1.*\)/\1 $LOCAL_HOSTNAME/" /etc/hosts
 fi
 
+# Ensure python is installed
+# --------------------------
+is_package_installed python || install_package python
+
 
 # Configure Logging
 # -----------------

From 790266f0d2b752627a8ac641c8f1c9ba1e8e85e8 Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" 
Date: Wed, 11 Nov 2015 13:36:35 -0500
Subject: [PATCH 1068/3421] Delete $IPV6_PUBLIC_NETWORK_GATEWAY IP during
 cleanup

So that it does not end up being the IP address that is picked to move
back to $PUBLIC_INTERFACE when we call _move_neutron_address_route

Change-Id: I3d29d4f11feff308f6ad5d950ef004b48ec11b67
Closes-Bug: 1514984
---
 lib/neutron-legacy | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index eed477a550..35029a2031 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -835,6 +835,10 @@ function cleanup_neutron {
         _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
 
         if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
+            # ip(8) wants the prefix length when deleting
+            local v6_gateway
+            v6_gateway=$(ip -6 a s dev $OVS_PHYSICAL_BRIDGE | grep $IPV6_PUBLIC_NETWORK_GATEWAY | awk '{ print $2 }')
+            sudo ip -6 addr del $v6_gateway dev $OVS_PHYSICAL_BRIDGE
             _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet6"
         fi
 

From fe7b56cdefa4d5cb99b868e5659128601edf3600 Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Fri, 13 Nov 2015 17:06:16 +0900
Subject: [PATCH 1069/3421] Fix typos for stack.sh and lib of comments and
 message

Fix 10 comments and 1 message

stack.sh
  Certicate => Certificate (comment)
lib/stack
  Sentinal => Sentinel (comment)
lib/neutron-legacy
  overriden => overridden (comment)
  necesssary => necessary (comment)
  notifiy => notify (message)
  notifations => notifications (comment)
lib/rpc_backend
  orginal => original (comment)
  cofiguration => configuration (comment)
lib/stack
  confgured => configured (comment)
lib/swift
  additinal => additional (comment)
  calclution => calculation (comment)
  maximun => maximum (comment)

Change-Id: I3637388b67decb007cd49af9addecc654009559b
---
 lib/neutron-legacy | 6 +++---
 lib/rpc_backend    | 4 ++--
 lib/stack          | 2 +-
 lib/swift          | 6 +++---
 stack.sh           | 4 ++--
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c244e5470a..a38b1c1d7e 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -256,7 +256,7 @@ ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True}
 
 # If using GRE tunnels for tenant networks, specify the range of
 # tunnel IDs from which tenant networks are allocated. Can be
-# overriden in ``localrc`` in necesssary.
+# overridden in ``localrc`` in necessary.
 TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
 
 # To use VLANs for tenant networks, set to True in localrc. VLANs
@@ -537,7 +537,7 @@ function create_neutron_initial_network {
 
     if is_provider_network; then
         die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
-        die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
+        die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
         NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
         die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
 
@@ -1123,7 +1123,7 @@ function _configure_neutron_service {
     iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
     _neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
 
-    # Configuration for neutron notifations to nova.
+    # Configuration for neutron notifications to nova.
     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
 
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 03eacd8674..298dcb6e5f 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -58,7 +58,7 @@ function restart_rpc_backend {
         # NOTE(bnemec): Retry initial rabbitmq configuration to deal with
         # the fact that sometimes it fails to start properly.
         # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144100
-        # NOTE(tonyb): Extend the orginal retry logic to only restart rabbitmq
+        # NOTE(tonyb): Extend the original retry logic to only restart rabbitmq
         # every second time around the loop.
         # See: https://bugs.launchpad.net/devstack/+bug/1449056 for details on
         # why this is needed.  This can bee seen on vivid and Debian unstable
@@ -106,7 +106,7 @@ function get_transport_url {
     fi
 }
 
-# iniset cofiguration
+# iniset configuration
 function iniset_rpc_backend {
     local package=$1
     local file=$2
diff --git a/lib/stack b/lib/stack
index 47e8ce2a22..7d98604b82 100644
--- a/lib/stack
+++ b/lib/stack
@@ -14,7 +14,7 @@
 # Functions
 # ---------
 
-# Generic service install handles venv creation if confgured for service
+# Generic service install handles venv creation if configured for service
 # stack_install_service service
 function stack_install_service {
     local service=$1
diff --git a/lib/swift b/lib/swift
index 3a8e80dd44..634d6ccb35 100644
--- a/lib/swift
+++ b/lib/swift
@@ -123,13 +123,13 @@ SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
 # trace through the logs when looking for its use.
 SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
 
-# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximun length of headers in
+# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximum length of headers in
 # Swift API
 SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
 
 # Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
-# Port bases used in port number calclution for the service "nodes"
-# The specified port number will be used, the additinal ports calculated by
+# Port bases used in port number calculation for the service "nodes"
+# The specified port number will be used, the additional ports calculated by
 # base_port + node_num * 10
 OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6613}
 CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6611}
diff --git a/stack.sh b/stack.sh
index 25c49c5709..d3d3fb2f60 100755
--- a/stack.sh
+++ b/stack.sh
@@ -926,8 +926,8 @@ fi
 restart_rpc_backend
 
 
-# Export Certicate Authority Bundle
-# ---------------------------------
+# Export Certificate Authority Bundle
+# -----------------------------------
 
 # If certificates were used and written to the SSL bundle file then these
 # should be exported so clients can validate their connections.

From 65a028bf1c3685e16fafbc7c44adaeeeb6e9cf58 Mon Sep 17 00:00:00 2001
From: "Chung Chih, Hung" 
Date: Fri, 13 Nov 2015 11:10:48 +0000
Subject: [PATCH 1070/3421] [ceph] Deploy ceph failed at controller node for
 multiple node

Controller node wouldn't install libvirt package. The package will only
been installed at nodes which had enable nova-compute.
We only need to configure libvirt secret if it had enable nova-compute.

Change-Id: I9cd6baf1820ce9f71c276d7e8b670307833578a5
Closes-Bug: 1515960
---
 extras.d/60-ceph.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extras.d/60-ceph.sh b/extras.d/60-ceph.sh
index 38b901b767..cc90128176 100644
--- a/extras.d/60-ceph.sh
+++ b/extras.d/60-ceph.sh
@@ -32,7 +32,7 @@ if is_service_enabled ceph; then
             echo_summary "Configuring Cinder for Ceph"
             configure_ceph_cinder
         fi
-        if is_service_enabled cinder || is_service_enabled nova; then
+        if is_service_enabled n-cpu; then
             # NOTE (leseb): the part below is a requirement to attach Ceph block devices
             echo_summary "Configuring libvirt secret"
             import_libvirt_secret_ceph

From bbe59edb6f4a5828362c59a200f6ede00f97a4c3 Mon Sep 17 00:00:00 2001
From: Steve Martinelli 
Date: Wed, 21 Oct 2015 00:47:43 -0400
Subject: [PATCH 1071/3421] Use openstackclient in swift exercises

With the release of osc 1.8.0, swift support has been expanded and
we can now remove references to the swift CLI from this exercise
file. Also made minor improvements to comments.

Change-Id: I04069eb6251f8cbf8266183441b2cfdb64defd7d
---
 exercises/swift.sh | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/exercises/swift.sh b/exercises/swift.sh
index afcede81cd..4a41e0f1ed 100755
--- a/exercises/swift.sh
+++ b/exercises/swift.sh
@@ -2,7 +2,7 @@
 
 # **swift.sh**
 
-# Test swift via the ``swift`` command line from ``python-swiftclient``
+# Test swift via the ``python-openstackclient`` command line
 
 echo "*********************************************************************"
 echo "Begin DevStack Exercise: $0"
@@ -39,26 +39,29 @@ is_service_enabled s-proxy || exit 55
 
 # Container name
 CONTAINER=ex-swift
+OBJECT=/etc/issue
 
 
 # Testing Swift
 # =============
 
 # Check if we have to swift via keystone
-swift stat || die $LINENO "Failure getting status"
+openstack object store account show || die $LINENO "Failure getting account status"
 
 # We start by creating a test container
 openstack container create $CONTAINER || die $LINENO "Failure creating container $CONTAINER"
 
-# add some files into it.
-openstack object create $CONTAINER /etc/issue || die $LINENO "Failure uploading file to container $CONTAINER"
+# add a file into it.
+openstack object create $CONTAINER $OBJECT || die $LINENO "Failure uploading file to container $CONTAINER"
 
-# list them
+# list the objects
 openstack object list $CONTAINER || die $LINENO "Failure listing contents of container $CONTAINER"
 
-# And we may want to delete them now that we have tested that
-# everything works.
-swift delete $CONTAINER || die $LINENO "Failure deleting container $CONTAINER"
+# delete the object first
+openstack object delete $CONTAINER $OBJECT || die $LINENO "Failure deleting object $OBJECT in container $CONTAINER"
+
+# delete the container
+openstack container delete $CONTAINER || die $LINENO "Failure deleting container $CONTAINER"
 
 set +o xtrace
 echo "*********************************************************************"

From 01cf55a69259a52a9e5e8614347f238826c6a7ca Mon Sep 17 00:00:00 2001
From: yangyapeng 
Date: Thu, 29 Oct 2015 13:21:29 -0400
Subject: [PATCH 1072/3421] Fix RST in configuration.rst

Fix minor RST issue from before file was converted.

Change-Id: Ie16ceace9c17e98010e068641ce60ba9a365ede0
---
 doc/source/configuration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index e9921f049c..22841f6c13 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -211,7 +211,7 @@ Enabling Syslog
 Logging all services to a single syslog can be convenient. Enable
 syslogging by setting ``SYSLOG`` to ``True``. If the destination log
 host is not localhost ``SYSLOG_HOST`` and ``SYSLOG_PORT`` can be used
-to direct the message stream to the log host.  |
+to direct the message stream to the log host.
 
     ::
 

From ca7e4f285cfb68bae13e8df770dc2b5856559ecd Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 13 Nov 2015 11:15:15 +1100
Subject: [PATCH 1073/3421] Fix error detection & exit in report_results

We wish to fail if we have >0 zero errors, not >1 errors (i.e. exactly
one error did not trigger a failure!)

This change also brings consistency to the pass & failure paths by
ensuring report_results exits in both cases, since report_results is
supposed to be the last thing run in a test file.

Change-Id: Id4721dffe13721e6c3cd71bca40c3395627e98bf
---
 tests/unittest.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/unittest.sh b/tests/unittest.sh
index df7a8b4534..2570319fbf 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -92,16 +92,17 @@ function assert_empty {
     fi
 }
 
-# print a summary of passing and failing tests, exiting
-# with an error if we have failed tests
+# Print a summary of passing and failing tests and exit
+# (with an error if we have failed tests)
 #  usage: report_results
 function report_results {
     echo "$PASS Tests PASSED"
-    if [[ $ERROR -gt 1 ]]; then
+    if [[ $ERROR -gt 0 ]]; then
         echo
         echo "The following $ERROR tests FAILED"
         echo -e "$FAILED_FUNCS"
         echo "---"
         exit 1
     fi
+    exit 0
 }

From ecf06dbadb7c4cafb7a2fab13e58c1b05dd8a3f2 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Mon, 9 Nov 2015 17:42:23 +1100
Subject: [PATCH 1074/3421] Add test for package file ordering

Add a simple test to ensure package install files remain sorted
alphabetically (follow-on from the sorting of the files done in
I01e42defbf778626afd8dd457f93f0b02dd1a19d)

Change-Id: I75568871e92afcd81dac2c3ce18b84aa34cdd289
---
 tests/test_package_ordering.sh | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100755 tests/test_package_ordering.sh

diff --git a/tests/test_package_ordering.sh b/tests/test_package_ordering.sh
new file mode 100755
index 0000000000..a568abf928
--- /dev/null
+++ b/tests/test_package_ordering.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# basic test to ensure that package-install files remain sorted
+# alphabetically.
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+source $TOP/tests/unittest.sh
+
+PKG_FILES=$(find $TOP/files/debs $TOP/files/rpms $TOP/files/rpms-suse -type f)
+
+TMPDIR=$(mktemp -d)
+
+SORTED=${TMPDIR}/sorted
+UNSORTED=${TMPDIR}/unsorted
+
+for p in $PKG_FILES; do
+    grep -v '^#' $p > ${UNSORTED}
+    sort ${UNSORTED} > ${SORTED}
+
+    if [ -n "$(diff -c ${UNSORTED} ${SORTED})" ]; then
+        failed "$p is unsorted"
+        # output this, it's helpful to see what exactly is unsorted
+        diff -c ${UNSORTED} ${SORTED}
+    else
+        passed "$p is sorted"
+    fi
+done
+
+rm -rf ${TMPDIR}
+
+report_results

From 199d857442108326959d391c337e3b02b98a1b1e Mon Sep 17 00:00:00 2001
From: Johan Pas 
Date: Tue, 17 Nov 2015 00:56:25 +0100
Subject: [PATCH 1075/3421] Remove brackets from IPv6 address in mysql cfgfile

stack.sh creates a user-specific configuration file ~/.my.cnf for mysql.
If devstack is installed with SERVICE_IP_VERSION=6 option in local.conf,
the IPv6 host address was stored in the ~/.my.cnf file with square
brackets. However mysql does not use bracketing for IPv6 addresses,
resulting in 'Unknown MySQL server host' error when 'mysql' command is
run. With this patch IPv6 host address is written to ~/.my.cnf without
brackets.

Closes-Bug: #1516776
Change-Id: I27a7be8c75cf6b09b4a75dc4c9d09cd36bc5ac81
---
 lib/databases/mysql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/databases/mysql b/lib/databases/mysql
index c2ab32e5b2..cc74b33327 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -143,7 +143,7 @@ MYSQL_PRESEED
 [client]
 user=$DATABASE_USER
 password=$DATABASE_PASSWORD
-host=$DATABASE_HOST
+host=$MYSQL_HOST
 EOF
         chmod 0600 $HOME/.my.cnf
     fi

From 95a9ff0587adece32817b4f432588b1ab76a5972 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 12 Nov 2015 14:49:20 +1100
Subject: [PATCH 1076/3421] Add option to skip EPEL & other repo installs

Add an option to skip the EPEL & other repo installs for rhel7 based
platforms.

This option can serve two purposes; firstly as described in
I834f20e9ceae151788cec3649385da1274d7ba46 during platform bringup, a
publically available EPEL might not be available.  This will allow you
to pre-configure a hand-built repo, etc. so you can continue testing.

The other thing is that in a CI system you might be frequently
building images and pre-installing EPEL/RDO etc.  In that case this is
just extra work.

Change-Id: I9809449f4a43fa9b547c6e3ca92722c7f6e66d6a
---
 stack.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/stack.sh b/stack.sh
index 9b811b7b67..e31cd604c5 100755
--- a/stack.sh
+++ b/stack.sh
@@ -263,9 +263,7 @@ fi
 # Some distros need to add repos beyond the defaults provided by the vendor
 # to pick up required packages.
 
-if is_fedora && [[ $DISTRO == "rhel7" ]]; then
-    # RHEL requires EPEL for many Open Stack dependencies
-
+function _install_epel_and_rdo {
     # NOTE: We always remove and install latest -- some environments
     # use snapshot images, and if EPEL version updates they break
     # unless we update them to latest version.
@@ -295,18 +293,27 @@ EOF
     sudo yum-config-manager --enable epel-bootstrap
     yum_install epel-release || \
         die $LINENO "Error installing EPEL repo, cannot continue"
-    # EPEL rpm has installed it's version
     sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo
 
     # ... and also optional to be enabled
     sudo yum-config-manager --enable rhel-7-server-optional-rpms
 
+    # install the lastest RDO
     sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm
 
     if is_oraclelinux; then
         sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56
     fi
+}
+
+# If you have all the repos installed above already setup (e.g. a CI
+# situation where they are on your image) you may choose to skip this
+# to speed things up
+SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL)
 
+if is_fedora && [[ $DISTRO == "rhel7" ]] && \
+        [[ ${SKIP_EPEL_INSTALL} != True ]]; then
+    _install_epel_and_rdo
 fi
 
 

From cdba7b0e533b07d9ea896ced5085c5ce98ee2aaa Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Tue, 26 May 2015 15:33:45 -0400
Subject: [PATCH 1077/3421] Specify HTTPS URLs to fix tls-proxy mode

A number of new settings are required for glance, cinder
and keystone to be installable when the tls-proxy
service is enabled.

For cinder a new public_endpoint option was added and this
needs to be set to the secure port.

Keystone needs the admin_endpoint and public_endpoints
defined otherwise during discovery the default,
non-secure versions, will be returned.

The keystone authtoken identity_uri was set at its default value
in the glance registry and API configuration files.

Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0
Closes-Bug: #1460807
---
 lib/cinder   | 2 ++
 lib/glance   | 3 +++
 lib/keystone | 3 +++
 3 files changed, 8 insertions(+)

diff --git a/lib/cinder b/lib/cinder
index 1307c11f7a..cc203ad414 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -309,6 +309,8 @@ function configure_cinder {
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
         iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
+
+        iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
     fi
 
     if [ "$SYSLOG" != "False" ]; then
diff --git a/lib/glance b/lib/glance
index 2eb93a46e6..5712943bca 100644
--- a/lib/glance
+++ b/lib/glance
@@ -167,6 +167,9 @@ function configure_glance {
         iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
         iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT
         iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT
+
+        iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+        iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
     fi
 
     # Register SSL certificates if provided
diff --git a/lib/keystone b/lib/keystone
index 5a2afbfe02..c484795c7e 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -233,6 +233,9 @@ function configure_keystone {
         # Set the service ports for a proxy to take the originals
         iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
         iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
+
+        iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
+        iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
     fi
 
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"

From bd4048a3c50e3cd215785e187e9e40b78bd064ae Mon Sep 17 00:00:00 2001
From: Steve Baker 
Date: Wed, 18 Nov 2015 10:55:22 +1300
Subject: [PATCH 1078/3421] Never uninstall python-pip on fedora

Python in f23 and f22 depends on the python-pip package so removing it
results in a nonfunctional system. pip on fedora installs to /usr so pip
can safely override the system pip for all versions of Fedora.

Change-Id: I336c7ffdf00784ca8deba7d6612a08b96a0ad098
Closes-Bug: #1467569
---
 tools/install_pip.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index ab5efb2e77..1728816890 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -111,8 +111,10 @@ get_versions
 
 # Eradicate any and all system packages
 
-# python in f23 depends on the python-pip package
-if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then
+# Python in f23 and f22 depends on the python-pip package so removing it
+# results in a nonfunctional system. pip on fedora installs to /usr so pip
+# can safely override the system pip for all versions of fedora
+if ! is_fedora ; then
     uninstall_package python-pip
 fi
 

From bb9caeae00bb9e4654838f782d2e07331f4ecae4 Mon Sep 17 00:00:00 2001
From: Brian Haley 
Date: Mon, 16 Nov 2015 17:18:42 -0500
Subject: [PATCH 1079/3421] Consolidate two /sbin/ip commands into a single one

When determining the primary IP/IPv6 addresses on a system,
we can use the /sbin/ip command to filter them for us.  The
resulting address is parsed the same way for both address
families, so we can use just a single command.

Change-Id: I0471ff5a258a16a23061941ac38063dbf3d7c233
---
 lib/neutron-legacy | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 85f7fc0a7c..978943dae2 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -801,13 +801,7 @@ function _move_neutron_addresses_route {
         DEFAULT_ROUTE_GW=$(ip -f $af r | awk "/default.+$from_intf/ { print \$3; exit }")
         local ADD_OVS_PORT=""
 
-        if [[ $af == "inet" ]]; then
-            IP_BRD=$(ip -f $af a s dev $from_intf | grep inet | awk '{ print $2, $3, $4; exit }')
-        fi
-
-        if [[ $af == "inet6" ]]; then
-            IP_BRD=$(ip -f $af a s dev $from_intf | grep 'scope global' | sed '/temporary/d' | awk '{ print $2, $3, $4; exit }')
-        fi
+        IP_BRD=$(ip -f $af a s dev $from_intf scope global primary | grep inet | awk '{ print $2, $3, $4; exit }')
 
         if [ "$DEFAULT_ROUTE_GW" != "" ]; then
             ADD_DEFAULT_ROUTE="sudo ip -f $af r replace default via $DEFAULT_ROUTE_GW dev $to_intf"

From 2960bfa7f63c26d94c8aed2c3e1a6ff039b530f0 Mon Sep 17 00:00:00 2001
From: Tushar Gohad 
Date: Tue, 17 Nov 2015 14:06:28 -0700
Subject: [PATCH 1080/3421] Add liberasurecode-dev as a swift dependency

Swift requirement PyECLib won't bundle liberasurecode
going forward given the package is available in common
distros now.  This patch adds liberasurecode-dev(el)
package to the devstack debs/rpms list for Swift as a
PyECLib build/install dependency.

Change-Id: Idbc2ca3f677f1b8153ebf3a5912f4354525a55c7
---
 files/debs/swift      | 1 +
 files/rpms-suse/swift | 1 +
 files/rpms/swift      | 1 +
 3 files changed, 3 insertions(+)

diff --git a/files/debs/swift b/files/debs/swift
index 726786ee18..4b8ac3d793 100644
--- a/files/debs/swift
+++ b/files/debs/swift
@@ -1,4 +1,5 @@
 curl
+liberasurecode-dev
 make
 memcached
 sqlite3
diff --git a/files/rpms-suse/swift b/files/rpms-suse/swift
index 52e0a990e7..3663b98545 100644
--- a/files/rpms-suse/swift
+++ b/files/rpms-suse/swift
@@ -1,4 +1,5 @@
 curl
+liberasurecode-devel
 memcached
 sqlite3
 xfsprogs
diff --git a/files/rpms/swift b/files/rpms/swift
index f56a81b0d1..46dc59d74d 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -1,4 +1,5 @@
 curl
+liberasurecode-devel
 memcached
 pyxattr
 rsync-daemon # dist:f22,f23

From 93e2499ee1abfd2f9ed1ebda7a7d4d0deab04f80 Mon Sep 17 00:00:00 2001
From: Deepak C Shetty 
Date: Wed, 18 Nov 2015 12:29:33 +0530
Subject: [PATCH 1081/3421] doc: document override_defaults phase

override_defaults phase was added to devstack in [1]
but documentation was pending. This patch adds the
same. For history around override_defaults, one can
refer to the mail thread [2]

Also fixes a small typo

[1]: https://review.openstack.org/#/c/167933/
[2]: http://lists.openstack.org/pipermail/openstack-dev/2015-March/059621.html

Change-Id: I1b58ca0ce0e4b85a1dbd710b4c426606fd4dcf45
---
 doc/source/plugins.rst | 13 +++++++++++--
 extras.d/README.md     |  9 ++++++---
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 8bd3797cd2..b8da7e1237 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -19,7 +19,16 @@ DevStack supports a standard mechanism for including plugins from
 external repositories. The plugin interface assumes the following:
 
 An external git repository that includes a ``devstack/`` top level
-directory. Inside this directory there can be 2 files.
+directory. Inside this directory there can be 3 files.
+
+- ``override_defaults`` - a file containing global variables that
+  will be sourced before the lib/* files. This allows the plugin
+  to override the defaults that are otherwise set in the lib/*
+  files.
+
+  For example, override_defaults may export CINDER_ENABLED_BACKENDS
+  to include the plugin-specific storage backend and thus be able
+  to override the default lvm only storage backend for Cinder.
 
 - ``settings`` - a file containing global variables that will be
   sourced very early in the process. This is helpful if other plugins
@@ -38,7 +47,7 @@ directory. Inside this directory there can be 2 files.
 
 - ``plugin.sh`` - the actual plugin. It is executed by devstack at
   well defined points during a ``stack.sh`` run. The plugin.sh
-  internal structure is discussed bellow.
+  internal structure is discussed below.
 
 
 Plugins are registered by adding the following to the localrc section
diff --git a/extras.d/README.md b/extras.d/README.md
index 7c2e4fe970..4cec14b4e7 100644
--- a/extras.d/README.md
+++ b/extras.d/README.md
@@ -14,10 +14,13 @@ The scripts are sourced at the beginning of each script that calls them. The
 entire `stack.sh` variable space is available.  The scripts are
 sourced with one or more arguments, the first of which defines the hook phase:
 
-    source | stack | unstack | clean
+    override_defaults | source | stack | unstack | clean
 
-    source: always called first in any of the scripts, used to set the
-        initial defaults in a lib/* script or similar
+    override_defaults: always called first in any of the scripts, used to
+        override defaults (if need be) that are otherwise set in lib/* scripts
+
+    source: called by stack.sh. Used to set the initial defaults in a lib/*
+        script or similar
 
     stack: called by stack.sh.  There are four possible values for
         the second arg to distinguish the phase stack.sh is in:

From 7860f2ba3189b0361693c8ee9c65d8d03fb115d6 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 17 Nov 2015 11:59:07 -0500
Subject: [PATCH 1082/3421] install ebtables locking workaround

ebtables is racing with itself when nova and libvirt attempt to create
rules at the same time in the nat table. ebtables now has an explicit
--concurrent flag, that all tools must opt into to prevent ebtables
from inherently being unsafe to run.

libvirt gained this support in 1.2.11, which is too new for our ubuntu
primary testing environment. Nova still hasn't added this support,
though even if it did, we'd run into the issue with libvirt.

We can do the most ghetto thing possible and create a wrapper for
ebtables that does explicit locking on it's own. It's pretty terrible,
but it should work. And it is the kind of work around that people
unable to upgrade libvirt will probably need to do.

This is an opt in value which we should set in the gate to True.

Related-Bug: #1501558

Change-Id: Ic6fa847eba34c21593b9df86a1c2c179534d0ba5
---
 files/ebtables.workaround            | 23 +++++++++++++++++++++
 lib/nova_plugins/functions-libvirt   |  5 +++++
 stackrc                              | 10 +++++++++
 tools/install_ebtables_workaround.sh | 31 ++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+)
 create mode 100644 files/ebtables.workaround
 create mode 100755 tools/install_ebtables_workaround.sh

diff --git a/files/ebtables.workaround b/files/ebtables.workaround
new file mode 100644
index 0000000000..c8af51fad5
--- /dev/null
+++ b/files/ebtables.workaround
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+#
+# This is a terrible, terrible, truly terrible work around for
+# environments that have libvirt < 1.2.11. ebtables requires that you
+# specifically tell it you would like to not race and get punched in
+# the face when 2 run at the same time with a --concurrent flag.
+
+flock -w 300 /var/lock/ebtables.nova /sbin/ebtables.real $@
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 78c59786d8..045fc8b919 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -31,6 +31,11 @@ function install_libvirt {
         fi
         install_package libvirt-bin libvirt-dev
         pip_install_gr libvirt-python
+        if [[ "$EBTABLES_RACE_FIX" == "True" ]]; then
+            # Work around for bug #1501558. We can remove this once we
+            # get to a version of Ubuntu that has new enough libvirt.
+            TOP_DIR=$TOP_DIR $TOP_DIR/tools/install_ebtables_workaround.sh
+        fi
         #pip_install_gr 
     elif is_fedora || is_suse; then
         install_package kvm
diff --git a/stackrc b/stackrc
index 76a5756dde..53ed25d83e 100644
--- a/stackrc
+++ b/stackrc
@@ -769,6 +769,16 @@ GIT_DEPTH=${GIT_DEPTH:-0}
 # Use native SSL for servers in ``SSL_ENABLED_SERVICES``
 USE_SSL=$(trueorfalse False USE_SSL)
 
+# ebtables is inherently racey. If you run it by two or more processes
+# simultaneously it will collide, badly, in the kernel and produce
+# failures or corruption of ebtables. The only way around it is for
+# all tools running ebtables to only ever do so with the --concurrent
+# flag. This requires libvirt >= 1.2.11.
+#
+# If you don't have this then the following work around will replace
+# ebtables with a wrapper script so that it is safe to run without
+# that flag.
+EBTABLES_RACE_FIX=$(trueorfalse False EBTABLES_RACE_FIX)
 
 # Following entries need to be last items in file
 
diff --git a/tools/install_ebtables_workaround.sh b/tools/install_ebtables_workaround.sh
new file mode 100755
index 0000000000..45ced87f13
--- /dev/null
+++ b/tools/install_ebtables_workaround.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+#
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+#
+# This replaces the ebtables on your system with a wrapper script that
+# does implicit locking. This is needed if libvirt < 1.2.11 on your platform.
+
+EBTABLES=/sbin/ebtables
+EBTABLESREAL=/sbin/ebtables.real
+FILES=$TOP_DIR/files
+
+if [[ -f "$EBTABLES" ]]; then
+    if file $EBTABLES | grep ELF; then
+        sudo mv $EBTABLES $EBTABLESREAL
+        sudo install -m 0755 $FILES/ebtables.workaround $EBTABLES
+        echo "Replaced ebtables with locking workaround"
+    fi
+fi

From 2ba36cda7940d630514a7864132837191d8c561f Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Thu, 12 Nov 2015 13:52:36 +1100
Subject: [PATCH 1083/3421] Add vercmp function

The existing vercmp_numbers function only handles, as the name says,
numbers.  I noticed that "sort" has had a version sort for a long time
[1] and, rather than re-implement it badly, use this as a version of
vercmp that works a bit more naturally.

This is intended to be used in an "if" statement as in

  prog_ver=$(prog_ver --version | grep ...)
  if vercmp $prog_ver "<" 2.0; then
     ...
  fi

A test-case is added to test the basic features and some edge-cases.

[1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=4c9fae4e97d95a9f89d1399a8aeb03051f0fec96

Change-Id: Ie55283acdc40a095b80b2631a55310072883ad0d
---
 functions            | 46 +++++++++++++++++++++++++++++++++++++++++++
 tests/test_vercmp.sh | 47 ++++++++++++++++++++++++++++++++++++++++++++
 tests/unittest.sh    | 45 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 138 insertions(+)
 create mode 100755 tests/test_vercmp.sh

diff --git a/functions b/functions
index 34da1ba733..e5e3400ff8 100644
--- a/functions
+++ b/functions
@@ -527,12 +527,58 @@ function vercmp_numbers {
     typeset v1=$1 v2=$2 sep
     typeset -a ver1 ver2
 
+    deprecated "vercmp_numbers is deprecated for more generic vercmp"
+
     IFS=. read -ra ver1 <<< "$v1"
     IFS=. read -ra ver2 <<< "$v2"
 
     _vercmp_r "${#ver1[@]}" "${ver1[@]}" "${ver2[@]}"
 }
 
+# vercmp ver1 op ver2
+#  Compare VER1 to VER2
+#   - op is one of < <= == >= >
+#   - returns true if satisified
+#  e.g.
+#  if vercmp 1.0 "<" 2.0; then
+#    ...
+#  fi
+function vercmp {
+    local v1=$1
+    local op=$2
+    local v2=$3
+    local result
+
+    # sort the two numbers with sort's "-V" argument.  Based on if v2
+    # swapped places with v1, we can determine ordering.
+    result=$(echo -e "$v1\n$v2" | sort -V | head -1)
+
+    case $op in
+        "==")
+            [ "$v1" = "$v2" ]
+            return
+            ;;
+        ">")
+            [ "$v1" != "$v2" ] && [ "$result" = "$v2" ]
+            return
+            ;;
+        "<")
+            [ "$v1" != "$v2" ] && [ "$result" = "$v1" ]
+            return
+            ;;
+        ">=")
+            [ "$result" = "$v2" ]
+            return
+            ;;
+        "<=")
+            [ "$result" = "$v1" ]
+            return
+            ;;
+        *)
+            die $LINENO "unrecognised op: $op"
+            ;;
+    esac
+}
 
 # This function sets log formatting options for colorizing log
 # output to stdout. It is meant to be called by lib modules.
diff --git a/tests/test_vercmp.sh b/tests/test_vercmp.sh
new file mode 100755
index 0000000000..c88bf86d7e
--- /dev/null
+++ b/tests/test_vercmp.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# Tests for DevStack vercmp functionality
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP/functions
+source $TOP/tests/unittest.sh
+
+assert_true "numeric gt"  vercmp 2.0 ">" 1.0
+assert_true "numeric gte" vercmp 2.0 ">=" 1.0
+assert_true "numeric gt"  vercmp 1.0.1 ">" 1.0
+assert_true "numeric gte" vercmp 1.0.1 ">=" 1.0
+assert_true "alpha gt"    vercmp 1.0.1b ">" 1.0.1a
+assert_true "alpha gte"   vercmp 1.0.1b ">=" 1.0.1a
+assert_true "alpha gt"    vercmp b ">" a
+assert_true "alpha gte"   vercmp b ">=" a
+assert_true "alpha gt"    vercmp 2.0-rc3 ">" 2.0-rc1
+assert_true "alpha gte"   vercmp 2.0-rc3 ">=" 2.0-rc1
+
+assert_false "numeric gt fail"  vercmp 1.0 ">" 1.0
+assert_true  "numeric gte"      vercmp 1.0 ">=" 1.0
+assert_false "numeric gt fail"  vercmp 0.9 ">" 1.0
+assert_false "numeric gte fail" vercmp 0.9 ">=" 1.0
+assert_false "numeric gt fail"  vercmp 0.9.9 ">" 1.0
+assert_false "numeric gte fail" vercmp 0.9.9 ">=" 1.0
+assert_false "numeric gt fail"  vercmp 0.9a.9 ">" 1.0.1
+assert_false "numeric gte fail" vercmp 0.9a.9 ">=" 1.0.1
+
+assert_false "numeric lt"  vercmp 1.0 "<" 1.0
+assert_true  "numeric lte" vercmp 1.0 "<=" 1.0
+assert_true "numeric lt"   vercmp 1.0 "<" 1.0.1
+assert_true "numeric lte"  vercmp 1.0 "<=" 1.0.1
+assert_true "alpha lt"     vercmp 1.0.1a "<" 1.0.1b
+assert_true "alpha lte"    vercmp 1.0.1a "<=" 1.0.1b
+assert_true "alpha lt"     vercmp a "<" b
+assert_true "alpha lte"    vercmp a "<=" b
+assert_true "alpha lt"     vercmp 2.0-rc1 "<" 2.0-rc3
+assert_true "alpha lte"    vercmp 2.0-rc1 "<=" 2.0-rc3
+
+assert_true "eq"       vercmp 1.0 "==" 1.0
+assert_true "eq"       vercmp 1.0.1 "==" 1.0.1
+assert_false "eq fail" vercmp 1.0.1 "==" 1.0.2
+assert_false "eq fail" vercmp 2.0-rc1 "==" 2.0-rc2
+
+report_results
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 2570319fbf..6c697d7925 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -92,6 +92,51 @@ function assert_empty {
     fi
 }
 
+# assert the arguments evaluate to true
+#  assert_true "message" arg1 arg2
+function assert_true {
+    local lineno
+    lineno=`caller 0 | awk '{print $1}'`
+    local function
+    function=`caller 0 | awk '{print $2}'`
+    local msg=$1
+    shift
+
+    $@
+    if [ $? -eq 0 ]; then
+        PASS=$((PASS+1))
+        echo "PASS: $function:L$lineno - $msg"
+    else
+        FAILED_FUNCS+="$function:L$lineno\n"
+        echo "ERROR: test failed in $function:L$lineno!"
+        echo "  $msg"
+        ERROR=$((ERROR+1))
+    fi
+}
+
+# assert the arguments evaluate to false
+#  assert_false "message" arg1 arg2
+function assert_false {
+    local lineno
+    lineno=`caller 0 | awk '{print $1}'`
+    local function
+    function=`caller 0 | awk '{print $2}'`
+    local msg=$1
+    shift
+
+    $@
+    if [ $? -eq 0 ]; then
+        FAILED_FUNCS+="$function:L$lineno\n"
+        echo "ERROR: test failed in $function:L$lineno!"
+        echo "  $msg"
+        ERROR=$((ERROR+1))
+    else
+        PASS=$((PASS+1))
+        echo "PASS: $function:L$lineno - $msg"
+    fi
+}
+
+
 # Print a summary of passing and failing tests and exit
 # (with an error if we have failed tests)
 #  usage: report_results

From e0129f3c248d8f246b470e21982cfefb919482b6 Mon Sep 17 00:00:00 2001
From: Attila Fazekas 
Date: Thu, 19 Nov 2015 10:47:58 +0100
Subject: [PATCH 1084/3421] Fedora 23 supported

This change allows to use f23 without the FORCE=yes option.

Make sure you have latest kernel, or you have kernel-modules
installed for the running kernel.

f21 support will be removed when the gate jobs are upgraded
to use newer fedora version.

Change-Id: I6e3e64088187a7f6da745e3cfb07524fd31782ab
---
 files/rpms/general | 4 ++--
 lib/ceph           | 2 +-
 stack.sh           | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/files/rpms/general b/files/rpms/general
index 40b06f489b..280468283b 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -8,9 +8,9 @@ gcc-c++
 gettext  # used for compiling message catalogs
 git-core
 graphviz # needed only for docs
-iptables-services  # NOPRIME f21,f22
+iptables-services  # NOPRIME f21,f22,f23
 java-1.7.0-openjdk-headless  # NOPRIME rhel7
-java-1.8.0-openjdk-headless  # NOPRIME f21,f22
+java-1.8.0-openjdk-headless  # NOPRIME f21,f22,f23
 libffi-devel
 libjpeg-turbo-devel # Pillow 3.0.0
 libxml2-devel # lxml
diff --git a/lib/ceph b/lib/ceph
index 29d2aca54f..f573136a4e 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -116,7 +116,7 @@ function undefine_virsh_secret {
 
 # check_os_support_ceph() - Check if the operating system provides a decent version of Ceph
 function check_os_support_ceph {
-    if [[ ! ${DISTRO} =~ (trusty|f21|f22) ]]; then
+    if [[ ! ${DISTRO} =~ (trusty|f21|f22|f23) ]]; then
         echo "WARNING: your distro $DISTRO does not provide (at least) the Firefly release. Please use Ubuntu Trusty or Fedora 20 (and higher)"
         if [[ "$FORCE_CEPH_INSTALL" != "yes" ]]; then
             die $LINENO "If you wish to install Ceph on this distribution anyway run with FORCE_CEPH_INSTALL=yes"
diff --git a/stack.sh b/stack.sh
index a3d943a4df..537f81e253 100755
--- a/stack.sh
+++ b/stack.sh
@@ -192,7 +192,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|vivid|wily|7.0|wheezy|sid|testing|jessie|f21|f22|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (precise|trusty|vivid|wily|7.0|wheezy|sid|testing|jessie|f21|f22|f23|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From 7f0be4fc5f5bd8f45087e53c94fae3b9146f486e Mon Sep 17 00:00:00 2001
From: "Swapnil Kulkarni (coolsvap)" 
Date: Fri, 20 Nov 2015 10:52:59 +0530
Subject: [PATCH 1085/3421] Updated Typos in devstack

(1/5) Updated HACKING.rst for typos
(2/5) Updated typos in lib/dlm
(3/5) Updated typos in lib/ironic
(4/5) Updated typos in unittest.sh
(5/5) Updated typos in test_meta_config.sh

Change-Id: I7aafa3af69df9dc6a5923a8557f380d48b73433a
---
 HACKING.rst               | 2 +-
 lib/dlm                   | 2 +-
 lib/ironic                | 4 ++--
 tests/test_meta_config.sh | 2 +-
 tests/unittest.sh         | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/HACKING.rst b/HACKING.rst
index d66687e351..d763c75b8b 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -328,7 +328,7 @@ There are some broad criteria that will be followed when reviewing
 your change
 
 * **Is it passing tests** -- your change will not be reviewed
-  throughly unless the official CI has run successfully against it.
+  thoroughly unless the official CI has run successfully against it.
 
 * **Does this belong in DevStack** -- DevStack reviewers have a
   default position of "no" but are ready to be convinced by your
diff --git a/lib/dlm b/lib/dlm
index f68ee26b4b..95e9b0ac3d 100644
--- a/lib/dlm
+++ b/lib/dlm
@@ -46,7 +46,7 @@ ZOOKEEPER_CONF_DIR=/etc/zookeeper
 # - cleanup_dlm
 
 # This should be declared in the settings file of any plugin or
-# service that needs to have a dlm in their enviroment.
+# service that needs to have a dlm in their environment.
 function use_dlm {
     enable_service $(dlm_backend)
 }
diff --git a/lib/ironic b/lib/ironic
index 016e639d03..6a32983b24 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -92,7 +92,7 @@ IRONIC_VM_LOG_DIR=${IRONIC_VM_LOG_DIR:-$IRONIC_DATA_DIR/logs/}
 # Use DIB to create deploy ramdisk and kernel.
 IRONIC_BUILD_DEPLOY_RAMDISK=$(trueorfalse True IRONIC_BUILD_DEPLOY_RAMDISK)
 # If not use DIB, these files are used as deploy ramdisk/kernel.
-# (The value must be a absolute path)
+# (The value must be an absolute path)
 IRONIC_DEPLOY_RAMDISK=${IRONIC_DEPLOY_RAMDISK:-}
 IRONIC_DEPLOY_KERNEL=${IRONIC_DEPLOY_KERNEL:-}
 IRONIC_DEPLOY_ELEMENT=${IRONIC_DEPLOY_ELEMENT:-deploy-ironic}
@@ -672,7 +672,7 @@ function configure_iptables {
     # enable tftp natting for allowing connections to HOST_IP's tftp server
     sudo modprobe nf_conntrack_tftp
     sudo modprobe nf_nat_tftp
-    # explicitly allow DHCP - packets are occassionally being dropped here
+    # explicitly allow DHCP - packets are occasionally being dropped here
     sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
     # nodes boot from TFTP and callback to the API server listening on $HOST_IP
     sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh
index f3e94af8f8..327fb56185 100755
--- a/tests/test_meta_config.sh
+++ b/tests/test_meta_config.sh
@@ -24,7 +24,7 @@ function check_result {
 }
 
 # mock function-common:die so that it does not
-# interupt our test script
+# interrupt our test script
 function die {
     exit -1
 }
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 2570319fbf..26b5b8e592 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -46,7 +46,7 @@ function failed {
     ERROR=$((ERROR+1))
 }
 
-# assert string comparision of val1 equal val2, printing out msg
+# assert string comparison of val1 equal val2, printing out msg
 #  usage: assert_equal val1 val2 msg
 function assert_equal {
     local lineno

From 255a58fec613b1304c8396cd969c72043073be30 Mon Sep 17 00:00:00 2001
From: Komei Shimamura 
Date: Fri, 20 Nov 2015 18:36:05 +0900
Subject: [PATCH 1086/3421] Add existing devstack plugins to the devstack
 plugin list

Change-Id: I336a4c652a78e778e39652f1f16ff69be10ab065
---
 doc/source/plugin-registry.rst | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 49b3a7fc02..429f31af2d 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -76,16 +76,30 @@ Alternate Configs
 Additional Services
 ===================
 
-+----------------+--------------------------------------------------+------------+
-| Plugin Name    | URL                                              | Comments   |
-|                |                                                  |            |
-+----------------+--------------------------------------------------+------------+
-|ec2-api         |git://git.openstack.org/openstack/ec2-api         |[as1]_      |
-+----------------+--------------------------------------------------+------------+
-|ironic-inspector|git://git.openstack.org/openstack/ironic-inspector|            |
-+----------------+--------------------------------------------------+------------+
-|                |                                                  |            |
-+----------------+--------------------------------------------------+------------+
++-----------------+------------------------------------------------------------+------------+
+| Plugin Name     | URL                                                        | Comments   |
+|                 |                                                            |            |
++-----------------+------------------------------------------------------------+------------+
+|amqp1            |git://git.openstack.org/openstack/devstack-plugin-amqp1     |            |
++-----------------+------------------------------------------------------------+------------+
+|bdd              |git://git.openstack.org/openstack/devstack-plugin-bdd       |            |
++-----------------+------------------------------------------------------------+------------+
+|ec2-api          |git://git.openstack.org/openstack/ec2-api                   |[as1]_      |
++-----------------+------------------------------------------------------------+------------+
+|glusterfs        |git://git.openstack.org/openstack/devstack-plugin-glusterfs |            |
++-----------------+------------------------------------------------------------+------------+
+|hdfs             |git://git.openstack.org/openstack/devstack-plugin-hdfs      |            |
++-----------------+------------------------------------------------------------+------------+
+|ironic-inspector |git://git.openstack.org/openstack/ironic-inspector          |            |
++-----------------+------------------------------------------------------------+------------+
+|pika             |git://git.openstack.org/openstack/devstack-plugin-pika      |            |
++-----------------+------------------------------------------------------------+------------+
+|sheepdog         |git://git.openstack.org/openstack/devstack-plugin-sheepdog  |            |
++-----------------+------------------------------------------------------------+------------+
+|zmq              |git://git.openstack.org/openstack/devstack-plugin-zmq       |            |
++-----------------+------------------------------------------------------------+------------+
+|                 |                                                            |            |
++-----------------+------------------------------------------------------------+------------+
 
 .. [as1] first functional devstack plugin, hence why used in most of
          the examples.

From c18b4a4e5c4ffa25fba1da0ec99c3ff061d1472e Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 18 Nov 2015 10:02:31 -0500
Subject: [PATCH 1087/3421] remove precise from the supported list

We haven't been testing master on precise for a long time, and changes
are coming that won't work on precise. If people want to keep running
on precise they should realize they are on their own with it. And that
we won't block any changes that use it.

Change-Id: I3697f1c2409ad08f49793dabb37011606188e6f6
---
 stack.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index 537f81e253..8625b5aaeb 100755
--- a/stack.sh
+++ b/stack.sh
@@ -192,7 +192,7 @@ source $TOP_DIR/stackrc
 
 # Warn users who aren't on an explicitly supported distro, but allow them to
 # override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (precise|trusty|vivid|wily|7.0|wheezy|sid|testing|jessie|f21|f22|f23|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (trusty|vivid|wily|7.0|wheezy|sid|testing|jessie|f21|f22|f23|rhel7) ]]; then
     echo "WARNING: this script has not been tested on $DISTRO"
     if [[ "$FORCE" != "yes" ]]; then
         die $LINENO "If you wish to run this script anyway run with FORCE=yes"

From f0dd6894af777d53c6d158d0720ea1b189f065a7 Mon Sep 17 00:00:00 2001
From: vsaienko 
Date: Wed, 18 Nov 2015 10:12:34 +0200
Subject: [PATCH 1088/3421] Use autogenerated flavor id

Fix to trove has been merged, and autogenerated flavor ID
is available since Kilo.

Related-Bug: #1333852

Change-Id: Ie4b3dd11a23fa5f91cf9ff22dd05f1afd0532cb4
---
 lib/ironic | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/lib/ironic b/lib/ironic
index 016e639d03..294115cafe 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -652,13 +652,9 @@ function enroll_nodes {
         total_cpus=$((total_cpus+$ironic_node_cpu))
     done < $ironic_hwinfo_file
 
-    # create the nova flavor
-    # NOTE(adam_g): Attempting to use an autogenerated UUID for flavor id here uncovered
-    # bug (LP: #1333852) in Trove.  This can be changed to use an auto flavor id when the
-    # bug is fixed in Juno.
     local adjusted_disk
     adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
-    nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal 551 $ironic_node_ram $adjusted_disk $ironic_node_cpu
+    nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal auto $ironic_node_ram $adjusted_disk $ironic_node_cpu
 
     nova flavor-key baremetal set "cpu_arch"="x86_64"
 

From a366b97c0a76304bf0ddf7eb78e0efb4493df221 Mon Sep 17 00:00:00 2001
From: obutenko 
Date: Tue, 20 Oct 2015 19:07:04 +0300
Subject: [PATCH 1089/3421] Add flag for test_incremental_backup

Forced creation of incremental backup is not
implemented in old release (Juno and Kilo).
The test is skipped by default for Juno and Kilo gates.
Need to add flag to unskip this test in new release.

New test: Idde2c14aba78382b1063ce20269f4832f9fdd583
Change-Id: I565b5941d6067644fc9ca6cb0891d97f4946e031
Partial-Bug: #1506394
---
 lib/tempest | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 76fd6cac74..202f6d93e7 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -463,6 +463,8 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG volume-feature-enabled bootable True
     # TODO(jordanP): Remove the extend_with_snapshot flag when Juno is end of life.
     iniset $TEMPEST_CONFIG volume-feature-enabled extend_with_snapshot True
+    # TODO(obutenko): Remove the incremental_backup_force flag when Kilo and Juno is end of life.
+    iniset $TEMPEST_CONFIG volume-feature-enabled incremental_backup_force True
 
     local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
     if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then

From bdc0fa8ab13ec5c75f1c793ca33f5a773fac1abc Mon Sep 17 00:00:00 2001
From: John Kasperski 
Date: Mon, 23 Nov 2015 11:56:33 -0600
Subject: [PATCH 1090/3421] Neutron: Clean up documentation typo

Remove duplicate SERVICE_HOST and MYSQL_HOST settings in the
examples.

Change-Id: I0e102b671f03ccb183d30ec6a762d00ebcf1e4b5
---
 doc/source/guides/neutron.rst | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 996c7d1f59..9dcb654a27 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -354,8 +354,6 @@ controller node.
         HOST_IP=10.0.0.2
         SERVICE_HOST=10.0.0.2
         MYSQL_HOST=10.0.0.2
-        SERVICE_HOST=10.0.0.2
-        MYSQL_HOST=10.0.0.2
         RABBIT_HOST=10.0.0.2
         GLANCE_HOSTPORT=10.0.0.2:9292
         PUBLIC_INTERFACE=eth1
@@ -397,7 +395,7 @@ would be a public IP address range that you or your organization has
 allocated to you, so that you could access your instances from the
 public internet.
 
-The following is the DevStack configuration on 
+The following is the DevStack configuration on
 compute node 1.
 
 ::
@@ -405,8 +403,6 @@ compute node 1.
         HOST_IP=10.0.0.3
         SERVICE_HOST=10.0.0.2
         MYSQL_HOST=10.0.0.2
-        SERVICE_HOST=10.0.0.2
-        MYSQL_HOST=10.0.0.2
         RABBIT_HOST=10.0.0.2
         GLANCE_HOSTPORT=10.0.0.2:9292
         ADMIN_PASSWORD=secrete

From 2ed28132e03066edb52fab6e640a96ee2d3424ac Mon Sep 17 00:00:00 2001
From: Einst Crazy 
Date: Thu, 5 Nov 2015 16:38:00 +0800
Subject: [PATCH 1091/3421] Add create stack user to quickstart document

Add instructions on creating a user to the documentation, and call out
that the standard cloud-users are probably ok too

Change-Id: I1119a43f1d5ae7c0c208bf0cc16e2f7bee29a69d
---
 doc/source/index.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/source/index.rst b/doc/source/index.rst
index b65730ffe8..ec345c9f64 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -44,6 +44,18 @@ Quick Start
 
    We recommend at least a :ref:`minimal-configuration` be set up.
 
+#. Add Stack User
+
+   Devstack should be run as a non-root user with sudo enabled
+   (standard logins to cloud images such as "ubuntu" or "cloud-user"
+   are usually fine).
+
+   You can quickly create a separate `stack` user to run DevStack with
+
+   ::
+
+       devstack/tools/create-stack-user.sh; su stack
+
 #. Start the install
 
    ::

From d663e29d40b04017c515c19891bb846ea984acde Mon Sep 17 00:00:00 2001
From: Kahou Lei 
Date: Sat, 24 Oct 2015 12:18:57 -0700
Subject: [PATCH 1092/3421] Ensure the Linux Bridge agent can be used with
 provider networking

The root cause is that when provider network is used, devstack
is trying to build ovs related interface.

We need to make a condition such that if linux bridge is used, don't
build any ovs related interface.

Change-Id: I7f26ce7893a0ecce55b3467cd5621abf25745b8e
Closes-bug: #1509705
---
 lib/neutron-legacy | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 4e51425ffc..ecc45edbf7 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -553,9 +553,11 @@ function create_neutron_initial_network {
             die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $PROVIDER_SUBNET_NAME_V6 $TENANT_ID"
         fi
 
-        sudo ip link set $OVS_PHYSICAL_BRIDGE up
-        sudo ip link set br-int up
-        sudo ip link set $PUBLIC_INTERFACE up
+        if [[ $Q_AGENT == "openvswitch" ]]; then
+            sudo ip link set $OVS_PHYSICAL_BRIDGE up
+            sudo ip link set br-int up
+            sudo ip link set $PUBLIC_INTERFACE up
+        fi
     else
         NET_ID=$(neutron net-create --tenant-id $TENANT_ID "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
         die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $TENANT_ID"
@@ -701,7 +703,7 @@ function start_neutron_service_and_check {
 function start_neutron_l2_agent {
     run_process q-agt "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE"
 
-    if is_provider_network; then
+    if is_provider_network && [[ $Q_AGENT == "openvswitch" ]]; then
         sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
         sudo ip link set $OVS_PHYSICAL_BRIDGE up
         sudo ip link set br-int up

From ad69e69e3f278bd28319224035997e11477617c4 Mon Sep 17 00:00:00 2001
From: Arun S A G 
Date: Fri, 20 Nov 2015 20:01:24 -0800
Subject: [PATCH 1093/3421] Set unprovision and active timeout to match
 build_timeout

The build_timeout for the ironic baremetal build is at
340s. Modify the unprovision_timeout and active_timeout
to match BUILD_TIMEOUT to avoid frequent failures during
IPA gate jobs.

Change-Id: Idfdc54210e33c71719c7fd0c905d0b802809e173
Related-Bug: #1393099
---
 lib/tempest | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/tempest b/lib/tempest
index 76fd6cac74..0c54f9737a 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -508,7 +508,8 @@ function configure_tempest {
     # Baremetal
     if [ "$VIRT_DRIVER" = "ironic" ] ; then
         iniset $TEMPEST_CONFIG baremetal driver_enabled True
-        iniset $TEMPEST_CONFIG baremetal unprovision_timeout 300
+        iniset $TEMPEST_CONFIG baremetal unprovision_timeout $BUILD_TIMEOUT
+        iniset $TEMPEST_CONFIG baremetal active_timeout $BUILD_TIMEOUT
         iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES
         iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID
         iniset $TEMPEST_CONFIG compute-feature-enabled change_password False

From 0b4c83a07e09eead9dad88f5b8349574e53b1c45 Mon Sep 17 00:00:00 2001
From: Rafael Folco 
Date: Thu, 26 Nov 2015 10:08:36 -0600
Subject: [PATCH 1094/3421] Single call for 'nova flavor-list'

Code simplification only, no functional changes.

Change-Id: I0b836bc77c0553528e3bc9e0cea98d59856ccdf5
---
 lib/tempest | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 76fd6cac74..c3276d8a51 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -196,8 +196,8 @@ function configure_tempest {
     if is_service_enabled nova; then
         # If ``DEFAULT_INSTANCE_TYPE`` is not declared, use the new behavior
         # Tempest creates its own instance types
+        available_flavors=$(nova flavor-list)
         if  [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
-            available_flavors=$(nova flavor-list)
             if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
                 nova flavor-create m1.nano 42 64 0 1
             fi
@@ -210,15 +210,14 @@ function configure_tempest {
         else
             # Check Nova for existing flavors, if ``DEFAULT_INSTANCE_TYPE`` is set use it.
             boto_instance_type=$DEFAULT_INSTANCE_TYPE
-            flavor_lines=`nova flavor-list`
             IFS=$'\r\n'
             flavors=""
-            for line in $flavor_lines; do
+            for line in $available_flavors; do
                 f=$(echo $line | awk "/ $DEFAULT_INSTANCE_TYPE / { print \$2 }")
                 flavors="$flavors $f"
             done
 
-            for line in $flavor_lines; do
+            for line in $available_flavors; do
                 flavors="$flavors `echo $line | grep -v "^\(|\s*ID\|+--\)" | cut -d' ' -f2`"
             done
 

From be3e553556a1a89f5046db79d3bc88fcad1d982a Mon Sep 17 00:00:00 2001
From: vsaienko 
Date: Mon, 23 Nov 2015 16:07:21 +0200
Subject: [PATCH 1095/3421] Add discussion of LIBS_FROM_GIT

Add a pointer to installing clients via LIBS_FROM_GIT to local.conf
sample.  Mention in the git tree setup that the projects within are
usually installed via released pip versions.

Change-Id: I245094e51ea4a8ce983f6a1e48b6ab7ca5d309d0
---
 samples/local.conf | 10 +++++++++-
 stackrc            |  2 ++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/samples/local.conf b/samples/local.conf
index b92097dd8d..34c9e8b48e 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -63,7 +63,8 @@ LOGDAYS=2
 # Using milestone-proposed branches
 # ---------------------------------
 
-# Uncomment these to grab the milestone-proposed branches from the repos:
+# Uncomment these to grab the milestone-proposed branches from the
+# repos:
 #CINDER_BRANCH=milestone-proposed
 #GLANCE_BRANCH=milestone-proposed
 #HORIZON_BRANCH=milestone-proposed
@@ -74,6 +75,13 @@ LOGDAYS=2
 #NEUTRON_BRANCH=milestone-proposed
 #SWIFT_BRANCH=milestone-proposed
 
+# Using git versions of clients
+# -----------------------------
+# By default clients are installed from pip.  See LIBS_FROM_GIT in
+# stackrc for details on getting clients from specific branches or
+# revisions.  e.g.
+# LIBS_FROM_GIT="python-ironicclient"
+# IRONICCLIENT_BRANCH=refs/changes/44/2.../1
 
 # Swift
 # -----
diff --git a/stackrc b/stackrc
index 23a4a7c4c4..cfdcd4d6b2 100644
--- a/stackrc
+++ b/stackrc
@@ -268,6 +268,7 @@ GITBRANCH["tempest-lib"]=${TEMPEST_LIB_BRANCH:-master}
 ##############
 #
 #  OpenStack Client Library Components
+#   Note default install is from pip, see LIBS_FROM_GIT
 #
 ##############
 
@@ -317,6 +318,7 @@ GITDIR["python-openstackclient"]=$DEST/python-openstackclient
 ###################
 #
 #  Oslo Libraries
+#   Note default install is from pip, see LIBS_FROM_GIT
 #
 ###################
 

From 523f48803609b35350b624244fa73b1030c1d5fa Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Tue, 13 Oct 2015 11:03:03 +1100
Subject: [PATCH 1096/3421] Namespace XTRACE commands

I noticed this when debugging some grenade issues failures.

An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.

We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.

When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).

The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.

The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.

Some files had already discovered this.  In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste.  This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.

Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
---
 functions                                   | 4 ++--
 functions-common                            | 4 ++--
 inc/meta-config                             | 4 ++--
 lib/apache                                  | 4 ++--
 lib/ceph                                    | 4 ++--
 lib/cinder                                  | 4 ++--
 lib/cinder_backends/ceph                    | 4 ++--
 lib/cinder_backends/glusterfs               | 4 ++--
 lib/cinder_backends/lvm                     | 4 ++--
 lib/cinder_backends/netapp_iscsi            | 4 ++--
 lib/cinder_backends/netapp_nfs              | 4 ++--
 lib/cinder_backends/nfs                     | 4 ++--
 lib/cinder_backends/solidfire               | 4 ++--
 lib/cinder_backends/vmdk                    | 4 ++--
 lib/cinder_backends/xiv                     | 4 ++--
 lib/cinder_plugins/XenAPINFS                | 4 ++--
 lib/cinder_plugins/glusterfs                | 4 ++--
 lib/cinder_plugins/nfs                      | 4 ++--
 lib/cinder_plugins/sheepdog                 | 4 ++--
 lib/cinder_plugins/vsphere                  | 4 ++--
 lib/database                                | 4 ++--
 lib/databases/mysql                         | 4 ++--
 lib/databases/postgresql                    | 4 ++--
 lib/dlm                                     | 4 ++--
 lib/dstat                                   | 4 ++--
 lib/glance                                  | 4 ++--
 lib/heat                                    | 4 ++--
 lib/horizon                                 | 4 ++--
 lib/infra                                   | 4 ++--
 lib/ironic                                  | 8 ++++----
 lib/keystone                                | 4 ++--
 lib/ldap                                    | 4 ++--
 lib/lvm                                     | 4 ++--
 lib/neutron-legacy                          | 4 ++--
 lib/neutron_plugins/bigswitch_floodlight    | 4 ++--
 lib/neutron_plugins/brocade                 | 4 ++--
 lib/neutron_plugins/cisco                   | 4 ++--
 lib/neutron_plugins/embrane                 | 5 +++--
 lib/neutron_plugins/linuxbridge_agent       | 4 ++--
 lib/neutron_plugins/ml2                     | 4 ++--
 lib/neutron_plugins/nuage                   | 4 ++--
 lib/neutron_plugins/openvswitch             | 5 +++--
 lib/neutron_plugins/openvswitch_agent       | 4 ++--
 lib/neutron_plugins/ovs_base                | 4 ++--
 lib/neutron_plugins/services/firewall       | 4 ++--
 lib/neutron_plugins/services/loadbalancer   | 4 ++--
 lib/neutron_plugins/services/metering       | 5 +++--
 lib/neutron_plugins/services/vpn            | 4 ++--
 lib/neutron_thirdparty/bigswitch_floodlight | 4 ++--
 lib/nova                                    | 4 ++--
 lib/nova_plugins/functions-libvirt          | 4 ++--
 lib/nova_plugins/hypervisor-fake            | 4 ++--
 lib/nova_plugins/hypervisor-ironic          | 4 ++--
 lib/nova_plugins/hypervisor-libvirt         | 4 ++--
 lib/nova_plugins/hypervisor-openvz          | 4 ++--
 lib/nova_plugins/hypervisor-vsphere         | 4 ++--
 lib/nova_plugins/hypervisor-xenserver       | 4 ++--
 lib/oslo                                    | 4 ++--
 lib/rpc_backend                             | 4 ++--
 lib/swift                                   | 4 ++--
 lib/tempest                                 | 4 ++--
 lib/template                                | 4 ++--
 stack.sh                                    | 7 +++++--
 63 files changed, 134 insertions(+), 128 deletions(-)

diff --git a/functions b/functions
index 34da1ba733..762fc472c2 100644
--- a/functions
+++ b/functions
@@ -22,7 +22,7 @@ source ${FUNC_DIR}/inc/python
 source ${FUNC_DIR}/inc/rootwrap
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_FUNCTIONS=$(set +o | grep xtrace)
 set +o xtrace
 
 # Check if a function already exists
@@ -603,7 +603,7 @@ function create_disk {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_FUNCTIONS
 
 # Local variables:
 # mode: shell-script
diff --git a/functions-common b/functions-common
index 6a065ba83c..d68ae77971 100644
--- a/functions-common
+++ b/functions-common
@@ -32,7 +32,7 @@
 #
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_FUNCTIONS_COMMON=$(set +o | grep xtrace)
 set +o xtrace
 
 # ensure we don't re-source this in the same environment
@@ -2254,7 +2254,7 @@ function time_totals {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_FUNCTIONS_COMMON
 
 # Local variables:
 # mode: shell-script
diff --git a/inc/meta-config b/inc/meta-config
index b9ab6b207f..b6fe437802 100644
--- a/inc/meta-config
+++ b/inc/meta-config
@@ -20,7 +20,7 @@
 # file-name is the destination of the config file
 
 # Save trace setting
-INC_META_XTRACE=$(set +o | grep xtrace)
+_XTRACE_INC_META=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -197,7 +197,7 @@ function merge_config_group {
 
 
 # Restore xtrace
-$INC_META_XTRACE
+$_XTRACE_INC_META
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/apache b/lib/apache
index 17526c74d0..c9e02a2b58 100644
--- a/lib/apache
+++ b/lib/apache
@@ -19,7 +19,7 @@
 # - restart_apache_server
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LIB_APACHE=$(set +o | grep xtrace)
 set +o xtrace
 
 # Allow overriding the default Apache user and group, default to
@@ -191,7 +191,7 @@ function restart_apache_server {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LIB_APACHE
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/ceph b/lib/ceph
index f573136a4e..4ac498ab97 100644
--- a/lib/ceph
+++ b/lib/ceph
@@ -18,7 +18,7 @@
 # - cleanup_ceph
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LIB_CEPH=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -375,7 +375,7 @@ function stop_ceph {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LIB_CEPH
 
 ## Local variables:
 ## mode: shell-script
diff --git a/lib/cinder b/lib/cinder
index 1307c11f7a..70b198c2e9 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -20,7 +20,7 @@
 # - cleanup_cinder
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -567,7 +567,7 @@ function create_cinder_volume_group {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_CINDER
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/cinder_backends/ceph b/lib/cinder_backends/ceph
index 7e9d2d334e..c21350ba01 100644
--- a/lib/cinder_backends/ceph
+++ b/lib/cinder_backends/ceph
@@ -22,7 +22,7 @@
 
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_CEPH=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -76,7 +76,7 @@ function configure_cinder_backend_ceph {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_CEPH
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/glusterfs b/lib/cinder_backends/glusterfs
index 00c62e04cd..4e34f8ef6c 100644
--- a/lib/cinder_backends/glusterfs
+++ b/lib/cinder_backends/glusterfs
@@ -19,7 +19,7 @@
 # configure_cinder_backend_glusterfs - Configure Cinder for GlusterFS backends
 
 # Save trace setting
-GLUSTERFS_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_GLUSTERFS=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -41,7 +41,7 @@ function configure_cinder_backend_glusterfs {
 
 
 # Restore xtrace
-$GLUSTERFS_XTRACE
+$_XTRACE_CINDER_GLUSTERFS
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/lvm b/lib/cinder_backends/lvm
index 411b82c190..d927f9cd6b 100644
--- a/lib/cinder_backends/lvm
+++ b/lib/cinder_backends/lvm
@@ -22,7 +22,7 @@
 
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_LVM=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -68,7 +68,7 @@ function init_cinder_backend_lvm {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_LVM
 
 # mode: shell-script
 # End:
diff --git a/lib/cinder_backends/netapp_iscsi b/lib/cinder_backends/netapp_iscsi
index be9442eb83..5cce30a6d3 100644
--- a/lib/cinder_backends/netapp_iscsi
+++ b/lib/cinder_backends/netapp_iscsi
@@ -20,7 +20,7 @@
 # configure_cinder_backend_netapp_iscsi - configure iSCSI
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_NETAPP=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -59,7 +59,7 @@ function configure_cinder_backend_netapp_iscsi {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_NETAPP
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/netapp_nfs b/lib/cinder_backends/netapp_nfs
index dc919ad86b..7ba36d2a3b 100644
--- a/lib/cinder_backends/netapp_nfs
+++ b/lib/cinder_backends/netapp_nfs
@@ -20,7 +20,7 @@
 # configure_cinder_backend_netapp_nfs - configure NFS
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_NETAPP=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -70,7 +70,7 @@ function cleanup_cinder_backend_netapp_nfs {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_NETAPP
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/nfs b/lib/cinder_backends/nfs
index fc51b2b440..89a37a1f02 100644
--- a/lib/cinder_backends/nfs
+++ b/lib/cinder_backends/nfs
@@ -19,7 +19,7 @@
 # configure_cinder_backend_nfs - Configure Cinder for NFS backends
 
 # Save trace setting
-NFS_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_NFS=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -38,7 +38,7 @@ function configure_cinder_backend_nfs {
 
 
 # Restore xtrace
-$NFS_XTRACE
+$_XTRACE_CINDER_NFS
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/solidfire b/lib/cinder_backends/solidfire
index 7cc70fc86d..16bc527863 100644
--- a/lib/cinder_backends/solidfire
+++ b/lib/cinder_backends/solidfire
@@ -17,7 +17,7 @@
 # configure_cinder_driver - make configuration changes, including those to other services
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_SOLIDFIRE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -42,7 +42,7 @@ function configure_cinder_backend_solidfire {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_SOLIDFIRE
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/vmdk b/lib/cinder_backends/vmdk
index d5b945354b..3a6a5cf2ff 100644
--- a/lib/cinder_backends/vmdk
+++ b/lib/cinder_backends/vmdk
@@ -15,7 +15,7 @@
 # configure_cinder_backend_vmdk - Configure Cinder for VMware vmdk backends
 
 # Save trace setting
-VMDK_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_VMDK=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -40,7 +40,7 @@ function configure_cinder_backend_vmdk {
 
 
 # Restore xtrace
-$VMDK_XTRACE
+$_XTRACE_CINDER_VMDK
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_backends/xiv b/lib/cinder_backends/xiv
index 6eadaae93b..e8b5da05d5 100644
--- a/lib/cinder_backends/xiv
+++ b/lib/cinder_backends/xiv
@@ -42,7 +42,7 @@
 # configure_cinder_backend_xiv - Configure Cinder for xiv backends
 
 # Save trace setting
-XIV_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_XIV=$(set +o | grep xtrace)
 set +o xtrace
 
 # Defaults
@@ -79,7 +79,7 @@ function configure_cinder_backend_xiv {
 }
 
 # Restore xtrace
-$XIV_XTRACE
+$_XTRACE_CINDER_XIV
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_plugins/XenAPINFS b/lib/cinder_plugins/XenAPINFS
index f7306955cb..92135e7c4f 100644
--- a/lib/cinder_plugins/XenAPINFS
+++ b/lib/cinder_plugins/XenAPINFS
@@ -15,7 +15,7 @@
 # configure_cinder_driver - make configuration changes, including those to other services
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_XENAPINFS=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -39,7 +39,7 @@ function configure_cinder_driver {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_XENAPINFS
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_plugins/glusterfs b/lib/cinder_plugins/glusterfs
index 35ceb27ce1..329dd6c649 100644
--- a/lib/cinder_plugins/glusterfs
+++ b/lib/cinder_plugins/glusterfs
@@ -15,7 +15,7 @@
 # configure_cinder_driver - make configuration changes, including those to other services
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_GLUSTERFS=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -45,7 +45,7 @@ function configure_cinder_driver {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_GLUSTERFS
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_plugins/nfs b/lib/cinder_plugins/nfs
index 83b39932cf..6e4ffe068e 100644
--- a/lib/cinder_plugins/nfs
+++ b/lib/cinder_plugins/nfs
@@ -15,7 +15,7 @@
 # configure_cinder_driver - make configuration changes, including those to other services
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_NFS=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -36,7 +36,7 @@ function configure_cinder_driver {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_NFS
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_plugins/sheepdog b/lib/cinder_plugins/sheepdog
index ca343f708b..558de46c6d 100644
--- a/lib/cinder_plugins/sheepdog
+++ b/lib/cinder_plugins/sheepdog
@@ -15,7 +15,7 @@
 # configure_cinder_driver - make configuration changes, including those to other services
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_SHEEPDOG=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -34,7 +34,7 @@ function configure_cinder_driver {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_SHEEPDOG
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/cinder_plugins/vsphere b/lib/cinder_plugins/vsphere
index f14ddf0998..1b28ffe602 100644
--- a/lib/cinder_plugins/vsphere
+++ b/lib/cinder_plugins/vsphere
@@ -15,7 +15,7 @@
 # configure_cinder_driver - make configuration changes, including those to other services
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_CINDER_VSPHERE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -37,7 +37,7 @@ function configure_cinder_driver {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_CINDER_VSPHERE
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/database b/lib/database
index 13740b90e6..0d720527df 100644
--- a/lib/database
+++ b/lib/database
@@ -20,7 +20,7 @@
 # and call register_database $DATABASE_TYPE
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LIB_DB=$(set +o | grep xtrace)
 set +o xtrace
 
 DATABASE_BACKENDS=""
@@ -137,7 +137,7 @@ function database_connection_url {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LIB_DB
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/databases/mysql b/lib/databases/mysql
index cc74b33327..1bbbd62cc3 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -8,7 +8,7 @@
 # - DATABASE_{HOST,USER,PASSWORD} must be defined
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_DB_MYSQL=$(set +o | grep xtrace)
 set +o xtrace
 
 MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
@@ -178,7 +178,7 @@ function database_connection_url_mysql {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_DB_MYSQL
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index 78c7bedc90..913e8ffacd 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -8,7 +8,7 @@
 # - DATABASE_{HOST,USER,PASSWORD} must be defined
 
 # Save trace setting
-PG_XTRACE=$(set +o | grep xtrace)
+_XTRACE_PG=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -119,7 +119,7 @@ function database_connection_url_postgresql {
 
 
 # Restore xtrace
-$PG_XTRACE
+$_XTRACE_PG
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/dlm b/lib/dlm
index 95e9b0ac3d..74eb67ee8f 100644
--- a/lib/dlm
+++ b/lib/dlm
@@ -19,7 +19,7 @@
 # - cleanup_dlm
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_DLM=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -100,7 +100,7 @@ function install_dlm {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_DLM
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/dstat b/lib/dstat
index fe4790b12d..b705948094 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -13,7 +13,7 @@
 # - stop_dstat
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_DSTAT=$(set +o | grep xtrace)
 set +o xtrace
 
 # start_dstat() - Start running processes, including screen
@@ -34,4 +34,4 @@ function stop_dstat {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_DSTAT
diff --git a/lib/glance b/lib/glance
index 2eb93a46e6..eb5832e910 100644
--- a/lib/glance
+++ b/lib/glance
@@ -21,7 +21,7 @@
 # - cleanup_glance
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_GLANCE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -403,7 +403,7 @@ function stop_glance {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_GLANCE
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/heat b/lib/heat
index e42bdf0b9e..54666a5212 100644
--- a/lib/heat
+++ b/lib/heat
@@ -23,7 +23,7 @@
 # - cleanup_heat
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_HEAT=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -464,7 +464,7 @@ function build_heat_pip_mirror {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_HEAT
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/horizon b/lib/horizon
index ff63b06ab2..67181fcf29 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -19,7 +19,7 @@
 # - cleanup_horizon
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_HORIZON=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -193,7 +193,7 @@ function _prepare_message_catalog_compilation {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_HORIZON
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/infra b/lib/infra
index ab32efecd9..cf003cce01 100644
--- a/lib/infra
+++ b/lib/infra
@@ -15,7 +15,7 @@
 # - install_infra
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_INFRA=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -50,7 +50,7 @@ function install_infra {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_INFRA
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/ironic b/lib/ironic
index 6a32983b24..23d8dda3ff 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -21,8 +21,8 @@
 # - cleanup_ironic
 
 # Save trace and pipefail settings
-XTRACE=$(set +o | grep xtrace)
-PIPEFAIL=$(set +o | grep pipefail)
+_XTRACE_IRONIC=$(set +o | grep xtrace)
+_PIPEFAIL_IRONIC=$(set +o | grep pipefail)
 set +o xtrace
 set +o pipefail
 
@@ -855,8 +855,8 @@ function cleanup_baremetal_basic_ops {
 }
 
 # Restore xtrace + pipefail
-$XTRACE
-$PIPEFAIL
+$_XTRACE_IRONIC
+$_PIPEFAIL_IRONIC
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/keystone b/lib/keystone
index 5a2afbfe02..b19202b0f7 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -28,7 +28,7 @@
 # - _cleanup_keystone_apache_wsgi
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_KEYSTONE=$(set +o | grep xtrace)
 set +o xtrace
 
 # Defaults
@@ -592,7 +592,7 @@ function stop_keystone {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_KEYSTONE
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/ldap b/lib/ldap
index 0414fea639..65056aea2f 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -8,7 +8,7 @@
 # - install_ldap()
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LDAP=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -166,7 +166,7 @@ function clear_ldap_state {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LDAP
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/lvm b/lib/lvm
index 468a99aecc..ae6023a836 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -16,7 +16,7 @@
 
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_LVM=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -182,7 +182,7 @@ function set_lvm_filter {
 }
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_LVM
 
 # mode: shell-script
 # End:
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 978943dae2..d00630af70 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -357,7 +357,7 @@ else
 fi
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -1492,7 +1492,7 @@ function is_provider_network {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_NEUTRON
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/neutron_plugins/bigswitch_floodlight b/lib/neutron_plugins/bigswitch_floodlight
index f52105e658..586ded79b4 100644
--- a/lib/neutron_plugins/bigswitch_floodlight
+++ b/lib/neutron_plugins/bigswitch_floodlight
@@ -4,7 +4,7 @@
 # ------------------------------------
 
 # Save trace setting
-BS_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_BIGSWITCH=$(set +o | grep xtrace)
 set +o xtrace
 
 source $TOP_DIR/lib/neutron_plugins/ovs_base
@@ -75,4 +75,4 @@ function neutron_plugin_check_adv_test_requirements {
 }
 
 # Restore xtrace
-$BS_XTRACE
+$_XTRACE_NEUTRON_BIGSWITCH
diff --git a/lib/neutron_plugins/brocade b/lib/neutron_plugins/brocade
index 953360e070..6ba0a66c3f 100644
--- a/lib/neutron_plugins/brocade
+++ b/lib/neutron_plugins/brocade
@@ -4,7 +4,7 @@
 # ----------------------
 
 # Save trace setting
-BRCD_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_BROCADE=$(set +o | grep xtrace)
 set +o xtrace
 
 function is_neutron_ovs_base_plugin {
@@ -81,4 +81,4 @@ function neutron_plugin_check_adv_test_requirements {
 }
 
 # Restore xtrace
-$BRCD_XTRACE
+$_XTRACE_NEUTRON_BROCADE
diff --git a/lib/neutron_plugins/cisco b/lib/neutron_plugins/cisco
index 7d0cf1af39..fc2cb8ad17 100644
--- a/lib/neutron_plugins/cisco
+++ b/lib/neutron_plugins/cisco
@@ -4,7 +4,7 @@
 # ---------------------------
 
 # Save trace setting
-CISCO_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_CISCO=$(set +o | grep xtrace)
 set +o xtrace
 
 # Scecify the VSM parameters
@@ -154,4 +154,4 @@ function neutron_plugin_setup_interface_driver {
 }
 
 # Restore xtrace
-$CISCO_XTRACE
+$_XTRACE_NEUTRON_CISCO
diff --git a/lib/neutron_plugins/embrane b/lib/neutron_plugins/embrane
index 2028496ca1..385dab8354 100644
--- a/lib/neutron_plugins/embrane
+++ b/lib/neutron_plugins/embrane
@@ -4,7 +4,7 @@
 # ---------------------------
 
 # Save trace setting
-EMBR_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_EMBR=$(set +o | grep xtrace)
 set +o xtrace
 
 source $TOP_DIR/lib/neutron_plugins/openvswitch
@@ -39,4 +39,5 @@ function neutron_plugin_configure_service {
 }
 
 # Restore xtrace
-$EMBR_XTRACE
+$_XTRACE_NEUTRON_EMBR
+
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index f28bcfeadd..096722b096 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -4,7 +4,7 @@
 # -----------------------------
 
 # Save trace setting
-PLUGIN_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_LB=$(set +o | grep xtrace)
 set +o xtrace
 
 function neutron_lb_cleanup {
@@ -93,4 +93,4 @@ function neutron_plugin_check_adv_test_requirements {
 }
 
 # Restore xtrace
-$PLUGIN_XTRACE
+$_XTRACE_NEUTRON_LB
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index ace5335a78..30e1b036f3 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -4,7 +4,7 @@
 # ------------------------------
 
 # Save trace setting
-ML2_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_ML2=$(set +o | grep xtrace)
 set +o xtrace
 
 # Enable this to simply and quickly enable tunneling with ML2.
@@ -137,4 +137,4 @@ function has_neutron_plugin_security_group {
 }
 
 # Restore xtrace
-$ML2_XTRACE
+$_XTRACE_NEUTRON_ML2
diff --git a/lib/neutron_plugins/nuage b/lib/neutron_plugins/nuage
index 9e5307ba53..61e634e453 100644
--- a/lib/neutron_plugins/nuage
+++ b/lib/neutron_plugins/nuage
@@ -4,7 +4,7 @@
 # ----------------------
 
 # Save trace setting
-NU_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_NU=$(set +o | grep xtrace)
 set +o xtrace
 
 function neutron_plugin_create_nova_conf {
@@ -66,4 +66,4 @@ function has_neutron_plugin_security_group {
 }
 
 # Restore xtrace
-$NU_XTRACE
+$_XTRACE_NEUTRON_NU
diff --git a/lib/neutron_plugins/openvswitch b/lib/neutron_plugins/openvswitch
index 891ab4982b..130eaacab3 100644
--- a/lib/neutron_plugins/openvswitch
+++ b/lib/neutron_plugins/openvswitch
@@ -7,7 +7,7 @@
 # which has been removed in Juno.
 
 # Save trace setting
-OVS_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_OVS=$(set +o | grep xtrace)
 set +o xtrace
 
 source $TOP_DIR/lib/neutron_plugins/openvswitch_agent
@@ -56,4 +56,5 @@ function has_neutron_plugin_security_group {
 }
 
 # Restore xtrace
-$OVS_XTRACE
+$_XTRACE_NEUTRON_OVS
+
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index 6a333939d0..b1acacd4f3 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -4,7 +4,7 @@
 # -----------------------------
 
 # Save trace setting
-OVSA_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_OVSL2=$(set +o | grep xtrace)
 set +o xtrace
 
 source $TOP_DIR/lib/neutron_plugins/ovs_base
@@ -132,4 +132,4 @@ function neutron_plugin_check_adv_test_requirements {
 }
 
 # Restore xtrace
-$OVSA_XTRACE
+$_XTRACE_NEUTRON_OVSL2
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index d3fd198b08..91aff336fe 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -4,7 +4,7 @@
 # -------------------------------------
 
 # Save trace setting
-OVSB_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_OVS_BASE=$(set +o | grep xtrace)
 set +o xtrace
 
 OVS_BRIDGE=${OVS_BRIDGE:-br-int}
@@ -114,4 +114,4 @@ function _neutron_ovs_base_configure_nova_vif_driver {
 }
 
 # Restore xtrace
-$OVSB_XTRACE
+$_XTRACE_NEUTRON_OVS_BASE
diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index 3496da82f8..1d81a21825 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -4,7 +4,7 @@
 # ---------------------------
 
 # Save trace setting
-FW_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_FIREWALL=$(set +o | grep xtrace)
 set +o xtrace
 
 FWAAS_PLUGIN=neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin
@@ -26,4 +26,4 @@ function neutron_fwaas_stop {
 }
 
 # Restore xtrace
-$FW_XTRACE
+$_XTRACE_NEUTRON_FIREWALL
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
index 7865f6fd6e..b07d06c32b 100644
--- a/lib/neutron_plugins/services/loadbalancer
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -4,7 +4,7 @@
 # ---------------------------
 
 # Save trace setting
-LB_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_LB=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -48,4 +48,4 @@ function neutron_lbaas_stop {
 }
 
 # Restore xtrace
-$LB_XTRACE
+$_XTRACE_NEUTRON_LB
diff --git a/lib/neutron_plugins/services/metering b/lib/neutron_plugins/services/metering
index c75ab19d4e..5fd2fdce44 100644
--- a/lib/neutron_plugins/services/metering
+++ b/lib/neutron_plugins/services/metering
@@ -4,7 +4,7 @@
 # ---------------------------
 
 # Save trace setting
-METER_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NETURON_METER=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -29,4 +29,5 @@ function neutron_metering_stop {
 }
 
 # Restore xtrace
-$METER_XTRACE
+$_XTRACE_NETURON_METER
+
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index c0e7457413..8a379f588c 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -4,7 +4,7 @@
 # ---------------------------
 
 # Save trace setting
-VPN_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_VPN=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -53,4 +53,4 @@ function neutron_vpn_stop {
 }
 
 # Restore xtrace
-$VPN_XTRACE
+$_XTRACE_NEUTRON_VPN
diff --git a/lib/neutron_thirdparty/bigswitch_floodlight b/lib/neutron_thirdparty/bigswitch_floodlight
index e3f4689fd7..45a4f2e263 100644
--- a/lib/neutron_thirdparty/bigswitch_floodlight
+++ b/lib/neutron_thirdparty/bigswitch_floodlight
@@ -4,7 +4,7 @@
 # ------------------------------------------
 
 # Save trace setting
-BS3_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NEUTRON_BIGSWITCH=$(set +o | grep xtrace)
 set +o xtrace
 
 BS_FL_CONTROLLERS_PORT=${BS_FL_CONTROLLERS_PORT:-localhost:80}
@@ -51,4 +51,4 @@ function check_bigswitch_floodlight {
 }
 
 # Restore xtrace
-$BS3_XTRACE
+$_XTRACE_NEUTRON_BIGSWITCH
diff --git a/lib/nova b/lib/nova
index ba05f53b87..e5712939fe 100644
--- a/lib/nova
+++ b/lib/nova
@@ -25,7 +25,7 @@
 # - cleanup_nova
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LIB_NOVA=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -958,7 +958,7 @@ function stop_nova {
 
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LIB_NOVA
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 045fc8b919..dae55c6eba 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -8,7 +8,7 @@
 # ``STACK_USER`` has to be defined
 
 # Save trace setting
-LV_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NOVA_FN_LIBVIRT=$(set +o | grep xtrace)
 set +o xtrace
 
 # Defaults
@@ -134,7 +134,7 @@ EOF
 
 
 # Restore xtrace
-$LV_XTRACE
+$_XTRACE_NOVA_FN_LIBVIRT
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/nova_plugins/hypervisor-fake b/lib/nova_plugins/hypervisor-fake
index 3180d91f0a..2434dce884 100644
--- a/lib/nova_plugins/hypervisor-fake
+++ b/lib/nova_plugins/hypervisor-fake
@@ -17,7 +17,7 @@
 # cleanup_nova_hypervisor - remove transient data and cache
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_VIRTFAKE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -72,7 +72,7 @@ function stop_nova_hypervisor {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_VIRTFAKE
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index b9e286d5b6..c6ed85d63e 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -17,7 +17,7 @@
 # cleanup_nova_hypervisor - remove transient data and cache
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_HYP_IRONIC=$(set +o | grep xtrace)
 set +o xtrace
 
 source $TOP_DIR/lib/nova_plugins/functions-libvirt
@@ -81,7 +81,7 @@ function stop_nova_hypervisor {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_HYP_IRONIC
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index c54a7166a0..8bbaa2133d 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -17,7 +17,7 @@
 # cleanup_nova_hypervisor - remove transient data and cache
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NOVA_LIBVIRT=$(set +o | grep xtrace)
 set +o xtrace
 
 source $TOP_DIR/lib/nova_plugins/functions-libvirt
@@ -105,7 +105,7 @@ function stop_nova_hypervisor {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_NOVA_LIBVIRT
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/nova_plugins/hypervisor-openvz b/lib/nova_plugins/hypervisor-openvz
index cce36b8d3f..58ab5c11ac 100644
--- a/lib/nova_plugins/hypervisor-openvz
+++ b/lib/nova_plugins/hypervisor-openvz
@@ -17,7 +17,7 @@
 # cleanup_nova_hypervisor - remove transient data and cache
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_OPENVZ=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -62,7 +62,7 @@ function stop_nova_hypervisor {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_OPENVZ
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/nova_plugins/hypervisor-vsphere b/lib/nova_plugins/hypervisor-vsphere
index 698f836bad..7c08bc945b 100644
--- a/lib/nova_plugins/hypervisor-vsphere
+++ b/lib/nova_plugins/hypervisor-vsphere
@@ -17,7 +17,7 @@
 # cleanup_nova_hypervisor - remove transient data and cache
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_NOVA_VSPHERE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -64,7 +64,7 @@ function stop_nova_hypervisor {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_NOVA_VSPHERE
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index e097990bd3..3eb9149bb4 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -17,7 +17,7 @@
 # cleanup_nova_hypervisor - remove transient data and cache
 
 # Save trace setting
-MY_XTRACE=$(set +o | grep xtrace)
+_XTRACE_XENSERVER=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -111,7 +111,7 @@ function stop_nova_hypervisor {
 
 
 # Restore xtrace
-$MY_XTRACE
+$_XTRACE_XENSERVER
 
 # Local variables:
 # mode: shell-script
diff --git a/lib/oslo b/lib/oslo
index 56615faaa3..3d6fbb38c6 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -16,7 +16,7 @@
 # - install_oslo
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LIB_OSLO=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -95,7 +95,7 @@ function install_oslo {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LIB_OSLO
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 298dcb6e5f..3864adec32 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -21,7 +21,7 @@
 # of this file which is a standard interface.
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_RPC_BACKEND=$(set +o | grep xtrace)
 set +o xtrace
 
 # Functions
@@ -141,7 +141,7 @@ function rabbit_setuser {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_RPC_BACKEND
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/swift b/lib/swift
index d7ccc24111..b596142ad2 100644
--- a/lib/swift
+++ b/lib/swift
@@ -24,7 +24,7 @@
 # - _cleanup_swift_apache_wsgi
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_LIB_SWIFT=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -823,7 +823,7 @@ function swift_configure_tempurls {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_LIB_SWIFT
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/tempest b/lib/tempest
index 76fd6cac74..85e0e7fa35 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -38,7 +38,7 @@
 # - init_tempest
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_TEMPEST=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -649,7 +649,7 @@ function init_tempest {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_TEMPEST
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/lib/template b/lib/template
index 2703788af4..08d10bbf71 100644
--- a/lib/template
+++ b/lib/template
@@ -21,7 +21,7 @@
 # - cleanup_XXXX
 
 # Save trace setting
-XTRACE=$(set +o | grep xtrace)
+_XTRACE_TEMPLATE=$(set +o | grep xtrace)
 set +o xtrace
 
 
@@ -92,7 +92,7 @@ function stop_XXXX {
 }
 
 # Restore xtrace
-$XTRACE
+$_XTRACE_TEMPLATE
 
 # Tell emacs to use shell-script-mode
 ## Local variables:
diff --git a/stack.sh b/stack.sh
index 8625b5aaeb..19d05c904a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -573,7 +573,8 @@ run_phase source
 
 # Generic helper to configure passwords
 function read_password {
-    XTRACE=$(set +o | grep xtrace)
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
     set +o xtrace
     var=$1; msg=$2
     pw=${!var}
@@ -616,7 +617,9 @@ function read_password {
         eval "$var=$pw"
         echo "$var=$pw" >> $localrc
     fi
-    $XTRACE
+
+    # restore previous xtrace value
+    $xtrace
 }
 
 

From f95315b6ea56b3f2cb18caeac734dd15e6704b93 Mon Sep 17 00:00:00 2001
From: Shinobu KINJO 
Date: Sat, 7 Nov 2015 10:21:08 +0900
Subject: [PATCH 1097/3421] Ensure link is set to up, when moving IP addresses
 across interfaces.

 - To add, initialize and set up a valiable named IP_UP
 - To bring up interface after moving IP to OVS bridge

Change-Id: I70f5974c115be6f7e7422a9a325f36cf3b71455a
Closes-Bug: #1469596
---
 lib/neutron-legacy | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index c244e5470a..ecff3e5774 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -798,6 +798,7 @@ function _move_neutron_addresses_route {
 
         local IP_ADD=""
         local IP_DEL=""
+        local IP_UP=""
         local DEFAULT_ROUTE_GW
         DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }")
         local ADD_OVS_PORT=""
@@ -821,9 +822,10 @@ function _move_neutron_addresses_route {
         if [[ "$IP_BRD" != "" ]]; then
             IP_DEL="sudo ip addr del $IP_BRD dev $from_intf"
             IP_ADD="sudo ip addr add $IP_BRD dev $to_intf"
+            IP_UP="sudo ip link set $to_intf up"
         fi
 
-        $IP_DEL; $IP_ADD; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
+        $IP_DEL; $IP_ADD; $IP_UP; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE
     fi
 }
 

From 5509ed579773bf1a69bc5fb406a206a6da010c56 Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Mon, 30 Nov 2015 20:20:21 +0900
Subject: [PATCH 1098/3421] Fix comment typos in inc/ and tests/ directories

valu3 => value3
enviromnet => environment
direcotry => directory
virualenv => virtualenv
editiable => editable
envirnment => environment

Change-Id: I97fb2d44a37b16d02d4fbdb08bfa33414349f651
---
 inc/ini-config       | 2 +-
 inc/python           | 8 ++++----
 tests/run-process.sh | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/inc/ini-config b/inc/ini-config
index 42a66c63b6..d2830d79cd 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -205,7 +205,7 @@ $option = $value
 }
 
 # Set a multiple line option in an INI file
-# iniset_multiline [-sudo] config-file section option value1 value2 valu3 ...
+# iniset_multiline [-sudo] config-file section option value1 value2 value3 ...
 function iniset_multiline {
     local xtrace
     xtrace=$(set +o | grep xtrace)
diff --git a/inc/python b/inc/python
index 91ceb44499..59668a2c6a 100644
--- a/inc/python
+++ b/inc/python
@@ -17,7 +17,7 @@ set +o xtrace
 
 # Global Config Variables
 
-# PROJECT_VENV contains the name of the virtual enviromnet for each
+# PROJECT_VENV contains the name of the virtual environment for each
 # project.  A null value installs to the system Python directories.
 declare -A PROJECT_VENV
 
@@ -35,7 +35,7 @@ function get_pip_command {
     fi
 }
 
-# Get the path to the direcotry where python executables are installed.
+# Get the path to the directory where python executables are installed.
 # get_python_exec_prefix
 function get_python_exec_prefix {
     local xtrace
@@ -93,7 +93,7 @@ function pip_install {
     fi
     if [[ $TRACK_DEPENDS = True && ! "$@" =~ virtualenv ]]; then
         # TRACK_DEPENDS=True installation creates a circular dependency when
-        # we attempt to install virtualenv into a virualenv, so we must global
+        # we attempt to install virtualenv into a virtualenv, so we must global
         # that installation.
         source $DEST/.venv/bin/activate
         local cmd_pip=$DEST/.venv/bin/pip
@@ -199,7 +199,7 @@ function setup_lib {
     setup_install $dir
 }
 
-# setup a library by name in editiable mode. If we are trying to use
+# setup a library by name in editable mode. If we are trying to use
 # the library from git, we'll do a git based install, otherwise we'll
 # punt and the library should be installed by a requirements pull from
 # another project.
diff --git a/tests/run-process.sh b/tests/run-process.sh
index bdf1395d07..301b9a032b 100755
--- a/tests/run-process.sh
+++ b/tests/run-process.sh
@@ -5,7 +5,7 @@
 #
 # Set USE_SCREEN True|False to change use of screen.
 #
-# This script emulates the basic exec envirnment in ``stack.sh`` to test
+# This script emulates the basic exec environment in ``stack.sh`` to test
 # the process spawn and kill operations.
 
 if [[ -z $1 ]]; then

From 779d8670287952b8865a1d506ba2d68406139430 Mon Sep 17 00:00:00 2001
From: Joe D'Andrea 
Date: Mon, 30 Nov 2015 15:35:13 +0000
Subject: [PATCH 1099/3421] Force heat deferred_auth_method to password in
 standalone mode

Heat does not support Keystone Trusts when deployed in standalone
mode. This change forces an error when HEAT_DEFERRED_AUTH is set
to anything other than "password" if HEAT_STANDALONE is True and
advises of the acceptable setting.

Change-Id: Ib4ee9d9af396093137a2a0f99f1b18ae153ccdb3
Closes-Bug: #1463837
---
 lib/heat | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/heat b/lib/heat
index 54666a5212..fdcf5bcaad 100644
--- a/lib/heat
+++ b/lib/heat
@@ -65,6 +65,12 @@ if [[ "$HEAT_STANDALONE" = "True" ]]; then
     # for standalone, use defaults which require no service user
     HEAT_STACK_DOMAIN=$(trueorfalse False HEAT_STACK_DOMAIN)
     HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
+    if [[ ${HEAT_DEFERRED_AUTH} != "password" ]]; then
+        # Heat does not support keystone trusts when deployed in
+        # standalone mode
+        die $LINENO \
+            'HEAT_DEFERRED_AUTH can only be set to "password" when HEAT_STANDALONE is True.'
+    fi
 else
     HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
     HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}

From 30d5fae31548ed998e4c053ba957f95e068eaebc Mon Sep 17 00:00:00 2001
From: Martin Hickey 
Date: Tue, 10 Nov 2015 13:44:15 +0000
Subject: [PATCH 1100/3421] Neutron: Use generated configuration files if
 available

Generate the neutron core sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.

Once the generation code is delivered, the static config files
will be removed.

Change-Id: Ic37a16b6cf8eb92030649f1fc8b198738a8cc104
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I1c6dc4e7d479f1b7c755597caded24a0f018c712
Co-Authored-By: Louis Taylor 
---
 lib/neutron-legacy                    | 19 +++++++++++++------
 lib/neutron_plugins/services/metering |  2 +-
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index d00630af70..a60714f43b 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -870,7 +870,10 @@ function _create_neutron_conf_dir {
 function _configure_neutron_common {
     _create_neutron_conf_dir
 
-    cp $NEUTRON_DIR/etc/neutron.conf $NEUTRON_CONF
+    # Uses oslo config generator to generate core sample configuration files
+    (cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh)
+
+    cp $NEUTRON_DIR/etc/neutron.conf.sample $NEUTRON_CONF
 
     Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
     cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
@@ -895,7 +898,9 @@ function _configure_neutron_common {
     Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
     # NOTE(hichihara): Some neutron vendor plugins were already decomposed and
     # there is no config file in Neutron tree. They should prepare the file in each plugin.
-    if [ -f $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE ]; then
+    if [ -f "$NEUTRON_DIR/$Q_PLUGIN_CONF_FILE.sample" ]; then
+        cp "$NEUTRON_DIR/$Q_PLUGIN_CONF_FILE.sample" /$Q_PLUGIN_CONF_FILE
+    elif [ -f $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE ]; then
         cp $NEUTRON_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
     fi
 
@@ -903,6 +908,8 @@ function _configure_neutron_common {
     iniset $NEUTRON_CONF DEFAULT state_path $DATA_DIR/neutron
     iniset $NEUTRON_CONF DEFAULT use_syslog $SYSLOG
     iniset $NEUTRON_CONF DEFAULT bind_host $Q_LISTEN_ADDRESS
+    iniset $NEUTRON_CONF oslo_concurrency lock_path $DATA_DIR/neutron/lock
+
     # If addition config files are set, make sure their path name is set as well
     if [[ ${#Q_PLUGIN_EXTRA_CONF_FILES[@]} > 0 && $Q_PLUGIN_EXTRA_CONF_PATH == '' ]]; then
         die $LINENO "Neutron additional plugin config not set.. exiting"
@@ -959,7 +966,7 @@ function _configure_neutron_debug_command {
         return
     fi
 
-    cp $NEUTRON_DIR/etc/l3_agent.ini $NEUTRON_TEST_CONFIG_FILE
+    cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_TEST_CONFIG_FILE
 
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
     iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
@@ -975,7 +982,7 @@ function _configure_neutron_debug_command {
 
 function _configure_neutron_dhcp_agent {
 
-    cp $NEUTRON_DIR/etc/dhcp_agent.ini $Q_DHCP_CONF_FILE
+    cp $NEUTRON_DIR/etc/dhcp_agent.ini.sample $Q_DHCP_CONF_FILE
 
     iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
     iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -1007,7 +1014,7 @@ function _configure_neutron_l3_agent {
         neutron_vpn_configure_agent
     fi
 
-    cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE
+    cp $NEUTRON_DIR/etc/l3_agent.ini.sample $Q_L3_CONF_FILE
 
     iniset $Q_L3_CONF_FILE DEFAULT verbose True
     iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -1028,7 +1035,7 @@ function _configure_neutron_l3_agent {
 }
 
 function _configure_neutron_metadata_agent {
-    cp $NEUTRON_DIR/etc/metadata_agent.ini $Q_META_CONF_FILE
+    cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $Q_META_CONF_FILE
 
     iniset $Q_META_CONF_FILE DEFAULT verbose True
     iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
diff --git a/lib/neutron_plugins/services/metering b/lib/neutron_plugins/services/metering
index 5fd2fdce44..5b32468d21 100644
--- a/lib/neutron_plugins/services/metering
+++ b/lib/neutron_plugins/services/metering
@@ -21,7 +21,7 @@ function neutron_agent_metering_configure_agent {
 
     METERING_AGENT_CONF_FILENAME="$METERING_AGENT_CONF_PATH/metering_agent.ini"
 
-    cp $NEUTRON_DIR/etc/metering_agent.ini $METERING_AGENT_CONF_FILENAME
+    cp $NEUTRON_DIR/etc/metering_agent.ini.sample $METERING_AGENT_CONF_FILENAME
 }
 
 function neutron_metering_stop {

From e0ac37c257bf08db8d220d13773859d9202305d2 Mon Sep 17 00:00:00 2001
From: Dmitry Guryanov 
Date: Mon, 30 Nov 2015 18:48:23 +0300
Subject: [PATCH 1101/3421] Fix path setup in add_sudo_secure_path

There are two bugs in add_sudo_secure_path.

Firstly we don't properly check if the file exists, so always append
the new line.  This will overwrite any existing changes.

Secondly the logic for checking if the path exists is inverted, so we
miss adding paths when we should.  This particularly causes failures
when installing with virtualenv's since the paths are inside the
virtualenv, rather than the standard system locations.

Change-Id: I646fe0c68958470d464fe4f3d81d5c17dd6f2ab6
Closes-bug: #1521241
---
 inc/rootwrap | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/rootwrap b/inc/rootwrap
index 63ab59adc7..2a6e4b648f 100644
--- a/inc/rootwrap
+++ b/inc/rootwrap
@@ -22,14 +22,14 @@ function add_sudo_secure_path {
     local line
 
     # This is pretty simplistic for now - assume only the first line is used
-    if [[ -r SUDO_SECURE_PATH_FILE ]]; then
+    if [[ -r $SUDO_SECURE_PATH_FILE ]]; then
         line=$(head -1 $SUDO_SECURE_PATH_FILE)
     else
         line="Defaults:$STACK_USER secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin"
     fi
 
     # Only add ``dir`` if it is not already present
-    if [[ $line =~ $dir ]]; then
+    if [[ ! $line =~ $dir ]]; then
         echo "${line}:$dir" | sudo tee $SUDO_SECURE_PATH_FILE
         sudo chmod 400 $SUDO_SECURE_PATH_FILE
         sudo chown root:root $SUDO_SECURE_PATH_FILE

From 1afc28bf6c33c792eb9d2fd1992534e82af29291 Mon Sep 17 00:00:00 2001
From: Ian Wienand 
Date: Fri, 27 Nov 2015 14:15:56 +1100
Subject: [PATCH 1102/3421] Turn off tracing when outputting errors

When outputting these error strings, turn off the tracing so the user
can actually read it.  Also reword the "not root" user message so it
fits into a standard terminal window length.

Change-Id: I466c60865bc1128f4edd219f831a9c6cffa67829
Parital-Bug: #1517199
---
 stack.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/stack.sh b/stack.sh
index 8625b5aaeb..083c488fc1 100755
--- a/stack.sh
+++ b/stack.sh
@@ -75,6 +75,7 @@ fi
 
 # Check if run in POSIX shell
 if [[ "${POSIXLY_CORRECT}" == "y" ]]; then
+    set +o xtrace
     echo "You are running POSIX compatibility mode, DevStack requires bash 4.2 or newer."
     exit 1
 fi
@@ -85,11 +86,11 @@ fi
 # action to create a suitable user account.
 
 if [[ $EUID -eq 0 ]]; then
-    echo "You are running this script as root."
-    echo "Cut it out."
-    echo "Really."
-    echo "If you need an account to run DevStack, do this (as root, heh) to create a non-root account:"
-    echo "$TOP_DIR/tools/create-stack-user.sh"
+    set +o xtrace
+    echo "DevStack should be run as a user with sudo permissions, "
+    echo "not root."
+    echo "A \"stack\" user configured correctly can be created with:"
+    echo " $TOP_DIR/tools/create-stack-user.sh"
     exit 1
 fi
 
@@ -98,6 +99,7 @@ fi
 # virtual env, and will fail in really odd ways if you do this. Make
 # this explicit as it has come up on the mailing list.
 if [[ -n "$VIRTUAL_ENV" ]]; then
+    set +o xtrace
     echo "You appear to be running under a python virtualenv."
     echo "DevStack does not support this, as we may break the"
     echo "virtualenv you are currently in by modifying "
@@ -111,6 +113,7 @@ fi
 # on a lot of different environments, you sometimes run it on the
 # wrong box. This makes there be a way to prevent that.
 if [[ -e $HOME/.no-devstack ]]; then
+    set +o xtrace
     echo "You've marked this host as a no-devstack host, to save yourself from"
     echo "running devstack accidentally. If this is in error, please remove the"
     echo "~/.no-devstack file"

From ddc3839bdc7ff73f6224273605db10fd88cd60df Mon Sep 17 00:00:00 2001
From: Doug Hellmann 
Date: Thu, 7 May 2015 21:06:24 +0000
Subject: [PATCH 1103/3421] Enable optional Python 3 support

Add USE_PYTHON3 and PYTHON3_VERSION variables to allow services to use
python 3 if they indicate support in their python package metadata.

Tested in Heat here -> I837c2fba682ab430d50e9f43913f2fed20325a7a.
Project config change to add a dedicated job to Heat is here -> I0837e62d6ccc66397a5e409f0961edd4be31f467

Change-Id: I079e18b58b214bf8362945c253d6d894ca8b1a6b
---
 inc/python               | 47 +++++++++++++++++++++++++++++++++++++---
 lib/stack                |  1 +
 stackrc                  | 11 ++++++++++
 tools/install_pip.sh     |  8 +++++++
 tools/install_prereqs.sh |  3 +++
 5 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/inc/python b/inc/python
index 59668a2c6a..c157604699 100644
--- a/inc/python
+++ b/inc/python
@@ -28,10 +28,13 @@ declare -A PROJECT_VENV
 # Get the path to the pip command.
 # get_pip_command
 function get_pip_command {
-    which pip || which pip-python
+    local version="$1"
+    # NOTE(dhellmann): I don't know if we actually get a pip3.4-python
+    # under any circumstances.
+    which pip${version} || which pip${version}-python
 
     if [ $? -ne 0 ]; then
-        die $LINENO "Unable to find pip; cannot continue"
+        die $LINENO "Unable to find pip${version}; cannot continue"
     fi
 }
 
@@ -66,6 +69,13 @@ function pip_install_gr {
     pip_install $clean_name
 }
 
+# Determine the python versions supported by a package
+function get_python_versions_for_package {
+    local name=$1
+    cd $name && python setup.py --classifiers \
+        | grep 'Language' | cut -f5 -d: | grep '\.' | tr '\n' ' '
+}
+
 # Wrapper for ``pip install`` to set cache and proxy environment variables
 # Uses globals ``OFFLINE``, ``PIP_VIRTUAL_ENV``,
 # ``PIP_UPGRADE``, ``TRACK_DEPENDS``, ``*_proxy``,
@@ -104,8 +114,22 @@ function pip_install {
             local sudo_pip="env"
         else
             local cmd_pip
-            cmd_pip=$(get_pip_command)
+            cmd_pip=$(get_pip_command $PYTHON2_VERSION)
             local sudo_pip="sudo -H"
+            if python3_enabled; then
+                # Look at the package classifiers to find the python
+                # versions supported, and if we find the version of
+                # python3 we've been told to use, use that instead of the
+                # default pip
+                local package_dir=${!#}
+                local python_versions
+                if [[ -d "$package_dir" ]]; then
+                    python_versions=$(get_python_versions_for_package $package_dir)
+                    if [[ $python_versions =~ $PYTHON3_VERSION ]]; then
+                        cmd_pip=$(get_pip_command $PYTHON3_VERSION)
+                    fi
+                fi
+            fi
         fi
     fi
 
@@ -113,6 +137,8 @@ function pip_install {
     # Always apply constraints
     cmd_pip="$cmd_pip -c $REQUIREMENTS_DIR/upper-constraints.txt"
 
+    # FIXME(dhellmann): Need to force multiple versions of pip for
+    # packages like setuptools?
     local pip_version
     pip_version=$(python -c "import pip; \
                         print(pip.__version__.strip('.')[0])")
@@ -276,6 +302,21 @@ function setup_package {
     fi
 }
 
+# Report whether python 3 should be used
+function python3_enabled {
+    if [[ $USE_PYTHON3 == "True" ]]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Install python3 packages
+function install_python3 {
+    if is_ubuntu; then
+        apt_get install python3.4 python3.4-dev
+    fi
+}
 
 # Restore xtrace
 $INC_PY_TRACE
diff --git a/lib/stack b/lib/stack
index 7d98604b82..f09ddcee85 100644
--- a/lib/stack
+++ b/lib/stack
@@ -19,6 +19,7 @@
 function stack_install_service {
     local service=$1
     if type install_${service} >/dev/null 2>&1; then
+        # FIXME(dhellmann): Needs to be python3-aware at some point.
         if [[ ${USE_VENV} = True && -n ${PROJECT_VENV[$service]:-} ]]; then
             rm -rf ${PROJECT_VENV[$service]}
             source $TOP_DIR/tools/build_venv.sh ${PROJECT_VENV[$service]} ${ADDITIONAL_VENV_PACKAGES//,/ }
diff --git a/stackrc b/stackrc
index 5dd109c0a4..f949ccbad9 100644
--- a/stackrc
+++ b/stackrc
@@ -118,6 +118,17 @@ if [[ -r $RC_DIR/.localrc.password ]]; then
     source $RC_DIR/.localrc.password
 fi
 
+# Control whether Python 3 should be used.
+export USE_PYTHON3=${USE_PYTHON3:-False}
+
+# When Python 3 is supported by an application, adding the specific
+# version of Python 3 to this variable will install the app using that
+# version of the interpreter instead of 2.7.
+export PYTHON3_VERSION=${PYTHON3_VERSION:-3.4}
+
+# Just to be more explicit on the Python 2 version to use.
+export PYTHON2_VERSION=${PYTHON2_VERSION:-2.7}
+
 # allow local overrides of env variables, including repo config
 if [[ -f $RC_DIR/localrc ]]; then
     # Old-style user-supplied config
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index ab5efb2e77..f239c7bb16 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -8,6 +8,7 @@
 
 # Assumptions:
 # - update pip to $INSTALL_PIP_VERSION
+# - if USE_PYTHON3=True, PYTHON3_VERSION refers to a version already installed
 
 set -o errexit
 set -o xtrace
@@ -31,6 +32,8 @@ GetDistro
 echo "Distro: $DISTRO"
 
 function get_versions {
+    # FIXME(dhellmann): Deal with multiple python versions here? This
+    # is just used for reporting, so maybe not?
     PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null || true)
     if [[ -n $PIP ]]; then
         PIP_VERSION=$($PIP --version | awk '{ print $2}')
@@ -75,6 +78,9 @@ function install_get_pip {
         touch $LOCAL_PIP.downloaded
     fi
     sudo -H -E python $LOCAL_PIP
+    if python3_enabled; then
+        sudo -H -E python${PYTHON3_VERSION} $LOCAL_PIP
+    fi
 }
 
 
@@ -114,6 +120,7 @@ get_versions
 # python in f23 depends on the python-pip package
 if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then
     uninstall_package python-pip
+    uninstall_package python3-pip
 fi
 
 install_get_pip
@@ -122,6 +129,7 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then
     configure_pypi_alternative_url
 fi
 
+set -x
 pip_install -U setuptools
 
 get_versions
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 38452cd90f..031f8a8eca 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -81,6 +81,9 @@ if [[ -n "$SYSLOG" && "$SYSLOG" != "False" ]]; then
     fi
 fi
 
+if python3_enabled; then
+    install_python3
+fi
 
 # Mark end of run
 # ---------------

From 88ee8ce4684e13865123636dd5d2baa5d6a44ef7 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Wed, 2 Dec 2015 07:47:31 -0500
Subject: [PATCH 1104/3421] create apt_get_update to try to work around broken
 mirrors

Ubuntu's apt mirroring mechanism produces inconsistent mirrors pretty
regularly. The devstack-gate apt-get update model seems to have been
more effective getting past this than what we did in devstack. Adopt
that method for our updates.

Change-Id: I97c7896ef38b275aacb4f933fc849acee1bab858
---
 functions-common | 39 +++++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/functions-common b/functions-common
index d68ae77971..d4099ffcfa 100644
--- a/functions-common
+++ b/functions-common
@@ -978,6 +978,34 @@ function _get_package_dir {
     echo "$pkg_dir"
 }
 
+# Wrapper for ``apt-get update`` to try multiple times on the update
+# to address bad package mirrors (which happen all the time).
+function apt_get_update {
+    # only do this once per run
+    if [[ "$REPOS_UPDATED" == "True" && "$RETRY_UPDATE" != "True" ]]; then
+        return
+    fi
+
+    # bail if we are offline
+    [[ "$OFFLINE" = "True" ]] && return
+
+    local sudo="sudo"
+    [[ "$(id -u)" = "0" ]] && sudo="env"
+
+    # time all the apt operations
+    time_start "apt-get-update"
+
+    local proxies="http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} no_proxy=${no_proxy:-} "
+    local update_cmd="$sudo $proxies apt-get update"
+    if ! timeout 300 sh -c "while ! $update_cmd; do sleep 30; done"; then
+        die $LINENO "Failed to update apt repos, we're dead now"
+    fi
+
+    REPOS_UPDATED=True
+    # stop the clock
+    time_stop "apt-get-update"
+}
+
 # Wrapper for ``apt-get`` to set cache and proxy environment variables
 # Uses globals ``OFFLINE``, ``*_proxy``
 # apt_get operation package [package ...]
@@ -1158,16 +1186,7 @@ function update_package_repo {
     fi
 
     if is_ubuntu; then
-        local xtrace
-        xtrace=$(set +o | grep xtrace)
-        set +o xtrace
-        if [[ "$REPOS_UPDATED" != "True" || "$RETRY_UPDATE" = "True" ]]; then
-            # if there are transient errors pulling the updates, that's fine.
-            # It may be secondary repositories that we don't really care about.
-            apt_get update  || /bin/true
-            REPOS_UPDATED=True
-        fi
-        $xtrace
+        apt_get_update
     fi
 }
 

From 41d01104b16bf5d0d6d4d7d2a1e5883d34bff810 Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Thu, 3 Dec 2015 08:12:23 -0500
Subject: [PATCH 1105/3421] remove generic extras.d support

This removes the generic extras.d support, which we said we'd do at
Mitaka-1. In tree extras.d continues to function as before, though we
need stories to get ceph and ironic into plugins, and a better
solution for Tempest.

Change-Id: I8b134446dc08a2c3852423ca71af2f469f85496e
---
 functions-common | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/functions-common b/functions-common
index d68ae77971..91a148603b 100644
--- a/functions-common
+++ b/functions-common
@@ -1741,17 +1741,18 @@ function run_phase {
     if [[ -d $TOP_DIR/extras.d ]]; then
         local extra_plugin_file_name
         for extra_plugin_file_name in $TOP_DIR/extras.d/*.sh; do
-            [[ -r $extra_plugin_file_name ]] && source $extra_plugin_file_name $mode $phase
-            # NOTE(sdague): generate a big warning about using
-            # extras.d in an unsupported way which will let us track
-            # unsupported usage in the gate.
+            # NOTE(sdague): only process extras.d for the 3 explicitly
+            # white listed elements in tree. We want these to move out
+            # over time as well, but they are in tree, so we need to
+            # manage that.
             local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh"
             local extra
             extra=$(basename $extra_plugin_file_name)
             if [[ ! ( $exceptions =~ "$extra" ) ]]; then
-                deprecated "extras.d support is being removed in Mitaka-1"
-                deprecated "jobs for project $extra will break after that point"
-                deprecated "please move project to a supported devstack plugin model"
+                warn "use of extras.d is no longer supported"
+                warn "processing of project $extra is skipped"
+            else
+                [[ -r $extra_plugin_file_name ]] && source $extra_plugin_file_name $mode $phase
             fi
         done
     fi

From 2391d4321ffe3a0a482e01d133038dfd38c76bac Mon Sep 17 00:00:00 2001
From: Devananda van der Veen 
Date: Thu, 3 Dec 2015 09:16:18 -0800
Subject: [PATCH 1106/3421] Update lib/ironic to always skip cleaning

Previously, devstack would disable ironic's cleaning phase if a driver
with "agent" in the name was used. However, we have begun using the IPA
ramdisk for all tests in the gate, which caused cleaning to be run for
the "pxe_ssh" job which therefore fails due to timeouts.

As a result, for now, we need to always disable cleaning.

As a point of record, we should actually be testing cleaning in the
gate. However, running 'shred' on the disks of a nested VM is too slow
and causes the gate to timeout // take too long. Some options have been
discussed for ways to test the callback mechanism but avoid actually
running 'shred' on the disks.

This needs to be revisited.

Change-Id: Id15cf6cc49122b08e557e44871b31a8c0d20b55d
Related-to-Bug: #1517277
---
 lib/ironic | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/ironic b/lib/ironic
index 27b0c8d4ff..2fb2004d71 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -365,6 +365,9 @@ function configure_ironic_conductor {
         iniset $IRONIC_CONF_FILE pxe pxe_append_params "$pxe_params"
     fi
 
+    # Set these options for scenarios in which the agent fetches the image
+    # directly from glance, and don't set them where the image is pushed
+    # over iSCSI.
     if is_deployed_by_agent; then
         if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then
             iniset $IRONIC_CONF_FILE glance swift_temp_url_key $SWIFT_TEMPURL_KEY
@@ -379,9 +382,13 @@ function configure_ironic_conductor {
         iniset $IRONIC_CONF_FILE glance swift_container glance
         iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
         iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30
-        iniset $IRONIC_CONF_FILE agent agent_erase_devices_priority 0
     fi
 
+    # FIXME: this really needs to be tested in the gate.
+    # For now, any test using the agent ramdisk should skip cleaning
+    # because it is too slow to run in the gate.
+    iniset $IRONIC_CONF_FILE agent agent_erase_devices_priority 0
+
     if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
         local pxebin
         pxebin=`basename $IRONIC_PXE_BOOT_IMAGE`

From 7b7101f1c5ccd4d0722245613df8c8f7a67e79b9 Mon Sep 17 00:00:00 2001
From: Martin Hickey 
Date: Tue, 1 Dec 2015 22:17:42 +0000
Subject: [PATCH 1107/3421] Neutron FWaaS: Use generated configuration files if
 available

Generate the Neutron FWaaS sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.

Once the generation code is delivered, the static config files
will be removed.

Change-Id: Ic8208850a27408c8fbeed80ecdb43345aa7dfaa4
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I8e9113dfb88e5290f6eedd012d1a52fc35c3c88c
---
 lib/neutron_plugins/services/firewall | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/neutron_plugins/services/firewall b/lib/neutron_plugins/services/firewall
index 1d81a21825..2b7f32d233 100644
--- a/lib/neutron_plugins/services/firewall
+++ b/lib/neutron_plugins/services/firewall
@@ -14,8 +14,11 @@ function neutron_fwaas_configure_common {
 }
 
 function neutron_fwaas_configure_driver {
+    # Uses oslo config generator to generate FWaaS sample configuration files
+    (cd $NEUTRON_FWAAS_DIR && exec ./tools/generate_config_file_samples.sh)
+
     FWAAS_DRIVER_CONF_FILENAME=/etc/neutron/fwaas_driver.ini
-    cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini $FWAAS_DRIVER_CONF_FILENAME
+    cp $NEUTRON_FWAAS_DIR/etc/fwaas_driver.ini.sample $FWAAS_DRIVER_CONF_FILENAME
 
     iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas enabled True
     iniset_multiline $FWAAS_DRIVER_CONF_FILENAME fwaas driver "neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver"

From 2a688440132173d493dff7c7c3760681d41e11be Mon Sep 17 00:00:00 2001
From: Steven Hardy 
Date: Tue, 8 Dec 2015 13:26:29 +0000
Subject: [PATCH 1108/3421] Heat - revise keystone/trusts config to avoid
 deprecated options

There are some inter-related changes required to avoid using legacy
fallback/deprecated paths in heat, which result in warnings in the
log, e.g because we fall-back to reusing keystone auth_token
configuration instead of heat specific sections.

To fix this:
- Don't explicitly set deferred_auth_method=trusts, as this is now
  the default (since kilo)
- Create a new "trustee" section containing configuration used for
  the password auth-plugin associated with deferred authentication
  via trusts (support for this was added during liberty to enable
  us to stop incorrectly using the keystone auth_token config)
- Create a "clients_keystone" section to avoid falling back to the
  legacy behavior of stealing the uri from auth_token.

This also means we can remove the FIXME and auth_token auth_uri
mentioned by jamielennox.

Change-Id: Ie34332a7aec3b9b271df0759dd6ab66b45302832
Related-Bug: #1300246
---
 lib/heat | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/lib/heat b/lib/heat
index fdcf5bcaad..3666776317 100644
--- a/lib/heat
+++ b/lib/heat
@@ -56,6 +56,10 @@ HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
 HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
 HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
 HEAT_API_PORT=${HEAT_API_PORT:-8004}
+HEAT_SERVICE_USER=${HEAT_SERVICE_USER:-heat}
+HEAT_TRUSTEE_USER=${HEAT_TRUSTEE_USER:-$HEAT_SERVICE_USER}
+HEAT_TRUSTEE_PASSWORD=${HEAT_TRUSTEE_PASSWORD:-$SERVICE_PASSWORD}
+HEAT_TRUSTEE_DOMAIN=${HEAT_TRUSTEE_DOMAIN:-default}
 
 # Support entry points installation of console scripts
 HEAT_BIN_DIR=$(get_python_exec_prefix)
@@ -73,7 +77,7 @@ if [[ "$HEAT_STANDALONE" = "True" ]]; then
     fi
 else
     HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
-    HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
+    HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-}
 fi
 HEAT_PLUGIN_DIR=${HEAT_PLUGIN_DIR:-$DATA_DIR/heat/plugins}
 ENABLE_HEAT_PLUGINS=${ENABLE_HEAT_PLUGINS:-}
@@ -134,30 +138,39 @@ function configure_heat {
         setup_colorized_logging $HEAT_CONF DEFAULT tenant user
     fi
 
-    iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
+    if [ ! -z "$HEAT_DEFERRED_AUTH" ]; then
+        iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
+    fi
 
     if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
         _config_heat_apache_wsgi
     fi
 
-    # NOTE(jamielennox): heat re-uses specific values from the
-    # keystone_authtoken middleware group and so currently fails when using the
-    # auth plugin setup. This should be fixed in heat.  Heat is also the only
-    # service that requires the auth_uri to include a /v2.0. Remove this custom
-    # setup when bug #1300246 is resolved.
-    iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
     if [[ "$HEAT_STANDALONE" = "True" ]]; then
         iniset $HEAT_CONF paste_deploy flavor standalone
         iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
     else
         iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
-        iniset $HEAT_CONF keystone_authtoken admin_user heat
+        iniset $HEAT_CONF keystone_authtoken admin_user $HEAT_SERVICE_USER
         iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
         iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
         iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
         iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
     fi
 
+    # If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure
+    # the section for the client plugin associated with the trustee
+    if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then
+        iniset $HEAT_CONF trustee auth_plugin password
+        iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI
+        iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER
+        iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD
+        iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN
+    fi
+
+    # clients_keystone
+    iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
+
     # ec2authtoken
     iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
 

From 642b07b930cf5f49d1ed9aa220021d45ca631b1a Mon Sep 17 00:00:00 2001
From: ghanshyam 
Date: Thu, 19 Nov 2015 10:01:14 +0900
Subject: [PATCH 1109/3421] Add compute microversions configuration on tempest

Many projects like Nova, Ironic etc have implemented the
microversions for versioning their APIs.

Tempest is going to tests those microversions -
I57b78b4c0543b6fb0533b556886a19a03297555e.

For testing microversion in Tempest on gate, we need to set
a valid range of microversion in Tempest config and based on that
Tempest will run appropriate tests.

This commit adds the below range options for compute microversion testing-
- [None, 'latest'] - for master branch as default
- [None, None] - for tests running on v2.0
- option to set the range.

Depends-On: I81e86faca6f8c0ffb7da22154a62236ac25cf0c0

Partially implements blueprint api-microversions-testing-support

Change-Id: I171b862d1bba1af467f5b9a76288216c39e2adda
---
 lib/tempest | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 6adc449ad0..61351c0628 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -357,6 +357,30 @@ function configure_tempest {
         compute_api_extensions=$(remove_disabled_extensions $compute_api_extensions $DISABLE_COMPUTE_API_EXTENSIONS)
     fi
 
+    # Set the microversion range for compute tests.
+    # This is used to run the Nova microversions tests.
+    # Setting [None, latest] range of microversion which allow Tempest to run all microversions tests.
+    # NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_compute_max_microversion"
+    #       for stable branch on each release which should be changed from "latest" to max supported version of that release.
+    local tempest_compute_min_microversion=${TEMPEST_COMPUTE_MIN_MICROVERSION:-None}
+    local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"latest"}
+    # Reset microversions to None where v2.0 is running which does not support microversion.
+    # Both "None" means no microversion testing.
+    if [[ "$TEMPEST_COMPUTE_TYPE" == "compute_legacy" ]]; then
+        tempest_compute_min_microversion=None
+        tempest_compute_max_microversion=None
+    fi
+    if [ "$tempest_compute_min_microversion" == "None" ]; then
+        inicomment $TEMPEST_CONFIG compute-feature-enabled min_microversion
+    else
+        iniset $TEMPEST_CONFIG compute-feature-enabled min_microversion $tempest_compute_min_microversion
+    fi
+    if [ "$tempest_compute_max_microversion" == "None" ]; then
+        inicomment $TEMPEST_CONFIG compute-feature-enabled max_microversion
+    else
+        iniset $TEMPEST_CONFIG compute-feature-enabled max_microversion $tempest_compute_max_microversion
+    fi
+
     iniset $TEMPEST_CONFIG compute-feature-enabled resize True
     iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
     iniset $TEMPEST_CONFIG compute-feature-enabled change_password False

From af0801de3c1b1c51cf1a995c2939e182d2ef4926 Mon Sep 17 00:00:00 2001
From: Philipp Marek 
Date: Wed, 9 Dec 2015 13:51:56 +0100
Subject: [PATCH 1110/3421] Make logfile symlinks with relative names.

Using absolute names for the symlink breaks in quite a few ways;
 * when creating a tar file of the logs,
 * when serving via NFS,

or any other case where the directory gets transferred to
a different machine.

So just create the symlink with relative names, then they'll work
in any location.

Change-Id: I432a69754985fc71feb0068b7adca01066d7bc1b
---
 functions-common | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/functions-common b/functions-common
index d4099ffcfa..0c5e48cadf 100644
--- a/functions-common
+++ b/functions-common
@@ -1309,10 +1309,11 @@ function _run_process {
     exec 3>&-
     exec 6>&-
 
-    local real_logfile="${LOGDIR}/${service}.log.${CURRENT_LOG_TIME}"
+    local logfile="${service}.log.${CURRENT_LOG_TIME}"
+    local real_logfile="${LOGDIR}/${logfile}"
     if [[ -n ${LOGDIR} ]]; then
         exec 1>&"$real_logfile" 2>&1
-        ln -sf "$real_logfile" ${LOGDIR}/${service}.log
+        bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
         if [[ -n ${SCREEN_LOGDIR} ]]; then
             # Drop the backward-compat symlink
             ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
@@ -1399,7 +1400,8 @@ function screen_process {
 
     screen -S $SCREEN_NAME -X screen -t $name
 
-    local real_logfile="${LOGDIR}/${name}.log.${CURRENT_LOG_TIME}"
+    local logfile="${name}.log.${CURRENT_LOG_TIME}"
+    local real_logfile="${LOGDIR}/${logfile}"
     echo "LOGDIR: $LOGDIR"
     echo "SCREEN_LOGDIR: $SCREEN_LOGDIR"
     echo "log: $real_logfile"
@@ -1410,7 +1412,7 @@ function screen_process {
         fi
         # If logging isn't active then avoid a broken symlink
         touch "$real_logfile"
-        ln -sf "$real_logfile" ${LOGDIR}/${name}.log
+        bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${name}.log"
         if [[ -n ${SCREEN_LOGDIR} ]]; then
             # Drop the backward-compat symlink
             ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${1}.log

From 56632fc75ddd4af3239c44e27673854dd65f4628 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen 
Date: Thu, 10 Dec 2015 05:57:19 -0800
Subject: [PATCH 1111/3421] Fix override-defaults in plugin docs

Docs specify that this file should be override_defaults, when really
devstack looks for override-defaults.

Change-Id: I3900ec4d16ffb48c6969dac5081ea2817536c246
---
 doc/source/plugins.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index b8da7e1237..83e5609efa 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -21,12 +21,12 @@ external repositories. The plugin interface assumes the following:
 An external git repository that includes a ``devstack/`` top level
 directory. Inside this directory there can be 3 files.
 
-- ``override_defaults`` - a file containing global variables that
+- ``override-defaults`` - a file containing global variables that
   will be sourced before the lib/* files. This allows the plugin
   to override the defaults that are otherwise set in the lib/*
   files.
 
-  For example, override_defaults may export CINDER_ENABLED_BACKENDS
+  For example, override-defaults may export CINDER_ENABLED_BACKENDS
   to include the plugin-specific storage backend and thus be able
   to override the default lvm only storage backend for Cinder.
 

From 9fc3ba408a97d0dd39ce26dd8dbcdb3b110cde71 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen 
Date: Thu, 10 Dec 2015 13:33:28 +0000
Subject: [PATCH 1112/3421] Ironic: add flag for using plugin

This adds a flag to skip ironic code if the ironic devstack plugin is in
use. This flag will be set to true in ironic's devstack plugin to
indicate that the plugin should be in control, rather than devstack.

This is for the transition period only, and will be removed with the
rest of the ironic code in the devstack tree, once the gate
is configured to use the ironic plugin.

Change-Id: Id01d97fd13fa9f866d645ec5077834ddb78b2b89
---
 extras.d/50-ironic.sh | 7 +++++++
 lib/ironic            | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/extras.d/50-ironic.sh b/extras.d/50-ironic.sh
index 3b8e3d5045..0ee6a94758 100644
--- a/extras.d/50-ironic.sh
+++ b/extras.d/50-ironic.sh
@@ -1,5 +1,12 @@
 # ironic.sh - Devstack extras script to install ironic
 
+# NOTE(jroll) this is used for the transition to a devstack plugin in
+# the ironic tree.
+IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN)
+if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then
+    return 0
+fi
+
 if is_service_enabled ir-api ir-cond; then
     if [[ "$1" == "source" ]]; then
         # Initial source
diff --git a/lib/ironic b/lib/ironic
index 2fb2004d71..dd4f8bf65f 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -26,6 +26,13 @@ _PIPEFAIL_IRONIC=$(set +o | grep pipefail)
 set +o xtrace
 set +o pipefail
 
+# NOTE(jroll) this is used for the transition to a devstack plugin in
+# the ironic tree.
+IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN)
+if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then
+    return 0
+fi
+
 # Defaults
 # --------
 

From 10bff0e9968d7a9c59ea7f09f49775973f8b5008 Mon Sep 17 00:00:00 2001
From: Martin Hickey 
Date: Thu, 3 Dec 2015 15:18:10 +0000
Subject: [PATCH 1113/3421] Neutron LBaaS: Use generated configuration files if
 available

Generate the Neutron LBaaS sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.

Once the generation code is delivered, the static config files
will be removed.

Change-Id: Iae1e581ec2bea9c0ced700229effcc716d53fe4e
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I25507f3bc6e995580aa91a912c2cf4110757df15
---
 lib/neutron-legacy                        | 11 +++++++++--
 lib/neutron_plugins/services/loadbalancer |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index caf89e3d8c..628f6463d1 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -112,6 +112,9 @@ NEUTRON_CONF_DIR=/etc/neutron
 NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf
 export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
 
+# Default provider for load balancer service
+DEFAULT_LB_PROVIDER=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
+
 # Agent binaries.  Note, binary paths for other agents are set in per-service
 # scripts in lib/neutron_plugins/services/
 AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent"
@@ -1058,8 +1061,12 @@ function _configure_neutron_ceilometer_notifications {
 }
 
 function _configure_neutron_lbaas {
-    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then
-        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR
+    # Uses oslo config generator to generate LBaaS sample configuration files
+    (cd $NEUTRON_LBAAS_DIR && exec ./tools/generate_config_file_samples.sh)
+
+    if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample ]; then
+        cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample $NEUTRON_CONF_DIR/neutron_lbaas.conf
+        iniset $NEUTRON_CONF_DIR/neutron_lbaas.conf service_providers service_provider $DEFAULT_LB_PROVIDER
     fi
     neutron_agent_lbaas_configure_common
     neutron_agent_lbaas_configure_agent
diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer
index b07d06c32b..30e9480f2e 100644
--- a/lib/neutron_plugins/services/loadbalancer
+++ b/lib/neutron_plugins/services/loadbalancer
@@ -28,7 +28,7 @@ function neutron_agent_lbaas_configure_agent {
 
     LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini"
 
-    cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME
+    cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini.sample $LBAAS_AGENT_CONF_FILENAME
 
     # ovs_use_veth needs to be set before the plugin configuration
     # occurs to allow plugins to override the setting.

From e42306d9db86a6cbb7cf1c062d8a5bdcd8479654 Mon Sep 17 00:00:00 2001
From: gordon chung 
Date: Thu, 10 Dec 2015 14:54:01 -0500
Subject: [PATCH 1114/3421] only set admin_* options for eventlet

keystone+apache don't need these values set.

Change-Id: Iebdb31b5f0888613e0454f09a426933d6fcd71b3
see: http://lists.openstack.org/pipermail/openstack-dev/2015-December/081984.html
---
 lib/keystone | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index b19202b0f7..6b4118de0b 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -218,8 +218,6 @@ function configure_keystone {
 
     iniset_rpc_backend keystone $KEYSTONE_CONF
 
-    iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
-
     # Register SSL certificates if provided
     if is_ssl_enabled_service key; then
         ensure_certificates KEYSTONE
@@ -296,13 +294,14 @@ function configure_keystone {
         iniset $KEYSTONE_CONF DEFAULT logging_debug_format_suffix "%(funcName)s %(pathname)s:%(lineno)d"
         iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
         _config_keystone_apache_wsgi
+    else
+        iniset $KEYSTONE_CONF eventlet_server admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
+        iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
+        # Public workers will use the server default, typically number of CPU.
     fi
 
     iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
 
-    iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
-    # Public workers will use the server default, typically number of CPU.
-
     iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
 }
 

From 69431725eb526d9daf320d7a05cccf22d10eaafd Mon Sep 17 00:00:00 2001
From: Anusha Ramineni 
Date: Tue, 8 Dec 2015 12:04:27 +0530
Subject: [PATCH 1115/3421] Add congress to plugin registry

Now congress supports devstack plugin model, hence including the
same in plugin registry

Change-Id: I1ac83c529a466e6a75a9b46ed9b56085140a63ed
---
 doc/source/plugin-registry.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 49b3a7fc02..c68d926822 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -26,6 +26,8 @@ The following are plugins that exist for official OpenStack projects.
 +------------------+---------------------------------------------+--------------------+
 |ceilometer        |git://git.openstack.org/openstack/ceilometer | metering           |
 +------------------+---------------------------------------------+--------------------+
+|congress          |git://git.openstack.org/openstack/congress   | governance         |
++------------------+---------------------------------------------+--------------------+
 |gnocchi           |git://git.openstack.org/openstack/gnocchi    | metric             |
 +------------------+---------------------------------------------+--------------------+
 |magnum            |git://git.openstack.org/openstack/magnum     |                    |

From 357dff588ef63935a2a36e89b1aa96419ef09ece Mon Sep 17 00:00:00 2001
From: Sean McGinnis 
Date: Fri, 11 Dec 2015 13:51:24 -0600
Subject: [PATCH 1116/3421] Remove Cinder API version cap

Cinder API was pinned to v1 due to openstackclient missing some of the
v2 commands, as reported in osc bug 1475060. That bug has since been
marked invalid, but its intent was covered by the blueprint:

https://blueprints.launchpad.net/python-openstackclient/+spec/volume-v2

This removes the pinning to the v1 API now that osc supports v2. Also
removing the enablement of v1 as it was deprecated three releases ago
and we would like to get more coverage on v2.

Change-Id: Ia4d97734738d026c8721791669110778ff5eb6e5
---
 lib/cinder | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/lib/cinder b/lib/cinder
index 2119858253..569f3ab0a3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -270,10 +270,6 @@ function configure_cinder {
     iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
     iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
     iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL
-    # NOTE(thingee): Cinder V1 API is deprecated and defaults to off as of
-    # Juno. Keep it enabled so we can continue testing while it's still
-    # supported.
-    iniset $CINDER_CONF DEFAULT enable_v1_api true
 
     iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME"
 
@@ -550,9 +546,7 @@ function create_volume_types {
         local be be_name
         for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
             be_name=${be##*:}
-            # FIXME(jamielennox): Remove --os-volume-api-version pinning when
-            # osc supports volume type create on v2 api. bug #1475060
-            openstack volume type create --os-volume-api-version 1 --property volume_backend_name="${be_name}" ${be_name}
+            openstack volume type create --property volume_backend_name="${be_name}" ${be_name}
         done
     fi
 }

From cf4f76299f84135a03fe29e5eddc97490eba806a Mon Sep 17 00:00:00 2001
From: Mahito OGURA 
Date: Wed, 12 Aug 2015 10:21:27 +0900
Subject: [PATCH 1117/3421] Update the vnc config options group 'DEFAULT' to
 'vnc'

n-api log output WARNINGs that vnc config options group 'DEFAULT'
is deprecated. New vnc config options group is 'vnc'.
This is change of Nova.[1]
This patch changes the vnc config options group 'DEFAULT' to 'vnc'.

[1] https://bugs.launchpad.net/nova/+bug/1447528

Change-Id: If54f750bac83298e90bdca27b5992fe2e5fbb712
Closes-Bug: 1483583
---
 lib/nova                            | 12 ++++++------
 lib/nova_plugins/hypervisor-libvirt | 10 +++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/lib/nova b/lib/nova
index 6337f875ef..3e3f0f49ac 100644
--- a/lib/nova
+++ b/lib/nova
@@ -594,9 +594,9 @@ function create_nova_conf {
     # These settings don't hurt anything if n-xvnc and n-novnc are disabled
     if is_service_enabled n-cpu; then
         NOVNCPROXY_URL=${NOVNCPROXY_URL:-"http://$SERVICE_HOST:6080/vnc_auto.html"}
-        iniset $NOVA_CONF DEFAULT novncproxy_base_url "$NOVNCPROXY_URL"
+        iniset $NOVA_CONF vnc novncproxy_base_url "$NOVNCPROXY_URL"
         XVPVNCPROXY_URL=${XVPVNCPROXY_URL:-"http://$SERVICE_HOST:6081/console"}
-        iniset $NOVA_CONF DEFAULT xvpvncproxy_base_url "$XVPVNCPROXY_URL"
+        iniset $NOVA_CONF vnc xvpvncproxy_base_url "$XVPVNCPROXY_URL"
         SPICEHTML5PROXY_URL=${SPICEHTML5PROXY_URL:-"http://$SERVICE_HOST:6082/spice_auto.html"}
         iniset $NOVA_CONF spice html5proxy_base_url "$SPICEHTML5PROXY_URL"
     fi
@@ -606,13 +606,13 @@ function create_nova_conf {
         # For multi-host, this should be the management ip of the compute host.
         VNCSERVER_LISTEN=${VNCSERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST}
         VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST}
-        iniset $NOVA_CONF DEFAULT vnc_enabled true
-        iniset $NOVA_CONF DEFAULT vncserver_listen "$VNCSERVER_LISTEN"
-        iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
+        iniset $NOVA_CONF vnc enabled true
+        iniset $NOVA_CONF vnc vncserver_listen "$VNCSERVER_LISTEN"
+        iniset $NOVA_CONF vnc vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS"
         iniset $NOVA_CONF DEFAULT novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
         iniset $NOVA_CONF DEFAULT xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
     else
-        iniset $NOVA_CONF DEFAULT vnc_enabled false
+        iniset $NOVA_CONF vnc enabled false
     fi
 
     if is_service_enabled n-spice; then
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 8bbaa2133d..1b4f7ae80a 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -48,13 +48,13 @@ function configure_nova_hypervisor {
     iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER"
     # Power architecture currently does not support graphical consoles.
     if is_arch "ppc64"; then
-        iniset $NOVA_CONF DEFAULT vnc_enabled "false"
+        iniset $NOVA_CONF vnc enabled "false"
     fi
 
     # arm64-specific configuration
     if is_arch "aarch64"; then
         # arm64 architecture currently does not support graphical consoles.
-        iniset $NOVA_CONF DEFAULT vnc_enabled "false"
+        iniset $NOVA_CONF vnc enabled "false"
     fi
 
     # File injection is being disabled by default in the near future -
@@ -65,9 +65,9 @@ function configure_nova_hypervisor {
         iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system"
         iniset $NOVA_CONF libvirt images_type "ploop"
         iniset $NOVA_CONF DEFAULT force_raw_images  "False"
-        iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address  $HOST_IP
-        iniset $NOVA_CONF DEFAULT vncserver_listen $HOST_IP
-        iniset $NOVA_CONF DEFAULT vnc_keymap
+        iniset $NOVA_CONF vnc vncserver_proxyclient_address  $HOST_IP
+        iniset $NOVA_CONF vnc vncserver_listen $HOST_IP
+        iniset $NOVA_CONF vnc keymap
     fi
 }
 

From 76cbbe37aae5d54542d62a5c6deec428a8cdc75e Mon Sep 17 00:00:00 2001
From: Mark McLoughlin 
Date: Mon, 7 Dec 2015 05:05:04 -0500
Subject: [PATCH 1118/3421] libvirt: don't repeatedly configure libvirtd
 logging

/etc/libvirt is not world-readable (at least on Fedora and RHEL) so
use sudo with the grep that checks whether we have already configured
libvirtd logging. Also, change the regex so we don't count commented
out logging config.

Change-Id: I67484b28aafd0fa828385321fa96d9141cb4cb59
Signed-off-by: Mark McLoughlin 
---
 lib/nova_plugins/functions-libvirt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index dae55c6eba..4f9b239a1e 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -110,10 +110,10 @@ EOF
             local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor"
         fi
         local log_outputs="1:file:/var/log/libvirt/libvirtd.log"
-        if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
+        if ! sudo grep -q "^log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then
             echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf
         fi
-        if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
+        if ! sudo grep -q "^log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then
             echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf
         fi
     fi

From 239a9788b3f73495efbdf586425a83d714be4412 Mon Sep 17 00:00:00 2001
From: YAMAMOTO Takashi 
Date: Mon, 7 Dec 2015 17:09:59 +0900
Subject: [PATCH 1119/3421] Remove a stale comment about
 SQLALCHEMY_DATABASE_DRIVER

SQLALCHEMY_DATABASE_DRIVER is no longer used
after If6d8d08e5b7b7c48ca012677b536d71058def6fd .

Also, remove mysql connector packages from the install list.

Closes-Bug: #1523377
Related-Bug: #1493304
Change-Id: I5ecbc3b0bac989faa5c46d3c2866558a505414d8
---
 files/debs/keystone |  1 -
 files/debs/neutron  |  1 -
 files/debs/nova     |  1 -
 files/rpms/neutron  |  1 -
 files/rpms/nova     |  1 -
 stackrc             | 12 ------------
 6 files changed, 17 deletions(-)

diff --git a/files/debs/keystone b/files/debs/keystone
index 0795167047..370e4aac51 100644
--- a/files/debs/keystone
+++ b/files/debs/keystone
@@ -1,6 +1,5 @@
 libkrb5-dev
 libldap2-dev
 libsasl2-dev
-python-mysql.connector
 python-mysqldb
 sqlite3
diff --git a/files/debs/neutron b/files/debs/neutron
index 85145d3654..e53cc68ccf 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -8,7 +8,6 @@ iputils-ping
 libmysqlclient-dev
 mysql-server #NOPRIME
 postgresql-server-dev-all
-python-mysql.connector
 python-mysqldb
 rabbitmq-server # NOPRIME
 radvd # NOPRIME
diff --git a/files/debs/nova b/files/debs/nova
index fe57fc4b2a..58dad411a8 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -15,7 +15,6 @@ libvirt-dev # NOPRIME
 mysql-server # NOPRIME
 parted
 pm-utils
-python-mysql.connector
 python-mysqldb
 qemu # dist:wheezy,jessie NOPRIME
 qemu-kvm # NOPRIME
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 9683475d29..2e49a0cf93 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -4,7 +4,6 @@ dnsmasq-utils # for dhcp_release
 ebtables
 iptables
 iputils
-mysql-connector-python
 mysql-devel
 MySQL-python
 mysql-server # NOPRIME
diff --git a/files/rpms/nova b/files/rpms/nova
index 00e759636e..4db9a06d95 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -15,7 +15,6 @@ libvirt-devel # NOPRIME
 libvirt-python # NOPRIME
 libxml2-python
 m2crypto
-mysql-connector-python
 mysql-devel
 MySQL-python
 mysql-server # NOPRIME
diff --git a/stackrc b/stackrc
index 5dd109c0a4..0c311ad65b 100644
--- a/stackrc
+++ b/stackrc
@@ -72,18 +72,6 @@ if ! isset ENABLED_SERVICES ; then
     ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat
 fi
 
-# SQLAlchemy supports multiple database drivers for each database server
-# type. For example, deployer may use MySQLdb, MySQLConnector, or oursql
-# to access MySQL database.
-#
-# When defined, the variable controls which database driver is used to
-# connect to database server. Otherwise using default driver defined for
-# each database type.
-#
-# You can find the list of currently supported drivers for each database
-# type at: http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html
-# SQLALCHEMY_DATABASE_DRIVER="mysqldb"
-
 # Global toggle for enabling services under mod_wsgi. If this is set to
 # ``True`` all services that use HTTPD + mod_wsgi as the preferred method of
 # deployment, will be deployed under Apache. If this is set to ``False`` all

From 2b4d6d16211cc55794b7d96594394f5e8c40fa4b Mon Sep 17 00:00:00 2001
From: Martin Hickey 
Date: Fri, 4 Dec 2015 14:40:03 +0000
Subject: [PATCH 1120/3421] Neutron VPNaaS: Use generated configuration files
 if available

Generate the Neutron VPNaaS sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.

Once the generation code is delivered, the static config files
will be removed.

Change-Id: Icef8f7e8f0e8e78bfffa7a5af3f9f2300376b115
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I4a6094b8218dfd320d05bfb1e3bc121e8930c551
---
 lib/neutron-legacy               | 6 ++++--
 lib/neutron_plugins/services/vpn | 4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index caf89e3d8c..0089a0d4cf 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1079,8 +1079,10 @@ function _configure_neutron_fwaas {
 }
 
 function _configure_neutron_vpn {
-    if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf ]; then
-        cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_CONF_DIR
+    # Uses oslo config generator to generate VPNaaS sample configuration files
+    (cd $NEUTRON_VPNAAS_DIR && exec ./tools/generate_config_file_samples.sh)
+    if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample ]; then
+        cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample $NEUTRON_CONF_DIR/neutron_vpnaas.conf
     fi
     neutron_vpn_install_agent_packages
     neutron_vpn_configure_common
diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn
index 8a379f588c..e790913847 100644
--- a/lib/neutron_plugins/services/vpn
+++ b/lib/neutron_plugins/services/vpn
@@ -29,7 +29,9 @@ function neutron_vpn_configure_common {
 }
 
 function neutron_vpn_configure_agent {
-    cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE
+    # Uses oslo config generator to generate LBaaS sample configuration files
+    (cd $NEUTRON_VPNAAS_DIR && exec ./tools/generate_config_file_samples.sh)
+    cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini.sample $Q_VPN_CONF_FILE
     if [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then
         iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
         if is_fedora; then

From 97b9e970b27f2303b8404aaa31a9f2e7d51ee787 Mon Sep 17 00:00:00 2001
From: Dave Chen 
Date: Tue, 15 Dec 2015 03:33:48 +0800
Subject: [PATCH 1121/3421] Remove the support for keystone extensions

All keystone extensions have been moved into cores and are
enabled by default, there is no need to configure the extension
in devstack but configure it in devstack will block the
install process.

Change-Id: I7d21b122c641f601295ee7ece3583404b3874dbd
Closes-Bug: #1526033
---
 lib/keystone | 33 ---------------------------------
 1 file changed, 33 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index 6b4118de0b..336ad12cbb 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -52,10 +52,6 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
 KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
 
-# Set up additional extensions, such as oauth1, federation
-# Example of KEYSTONE_EXTENSIONS=oauth1,federation
-KEYSTONE_EXTENSIONS=${KEYSTONE_EXTENSIONS:-}
-
 # Toggle for deploying Keystone under HTTPD + mod_wsgi
 KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}}
 
@@ -192,8 +188,6 @@ function configure_keystone {
         inidelete $KEYSTONE_PASTE_INI composite:admin \\/v2.0
     fi
 
-    configure_keystone_extensions
-
     # Rewrite stock ``keystone.conf``
 
     if is_service_enabled ldap; then
@@ -305,25 +299,6 @@ function configure_keystone {
     iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
 }
 
-function configure_keystone_extensions {
-    # Add keystone extension into keystone v3 application pipeline
-    local extension_value
-    local api_v3
-    local extension
-    local api_v3_extension
-    for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do
-        if [[ -z "${extension_value}" ]]; then
-            continue
-        fi
-        api_v3=$(iniget $KEYSTONE_PASTE_INI pipeline:api_v3 pipeline)
-        extension=$(echo $api_v3 | sed -ne "/${extension_value}/ p;" )
-        if [[ -z $extension ]]; then
-            api_v3_extension=$(echo $api_v3 | sed -ne "s/service_v3/${extension_value}_extension service_v3/p;" )
-            iniset $KEYSTONE_PASTE_INI pipeline:api_v3 pipeline "$api_v3_extension"
-        fi
-    done
-}
-
 # create_keystone_accounts() - Sets up common required keystone accounts
 
 # Tenant               User       Roles
@@ -468,14 +443,6 @@ function init_keystone {
     # Initialize keystone database
     $KEYSTONE_BIN_DIR/keystone-manage db_sync
 
-    local extension_value
-    for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do
-        if [[ -z "${extension_value}" ]]; then
-            continue
-        fi
-        $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
-    done
-
     if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
         # Set up certificates
         rm -rf $KEYSTONE_CONF_DIR/ssl

From 43f62c08499de004a964c3a2f90ce400a0f932ad Mon Sep 17 00:00:00 2001
From: Akihiro Motoki 
Date: Tue, 15 Dec 2015 16:44:41 +0900
Subject: [PATCH 1122/3421] Move horizon config and start to appropriate phase
 in stack.sh

Previously horizon configuration and start are done too early
and as a result horizon init and start need to be run twice
after horizon plugins are enabled.
- horizon config was done before "run_phase stack install"
- horizon init and start were done before "run_phase stack post-config"

This commit rearrange horizon setup to the appropriate phases
defined in the devstack plugin interface.

- Configuration of horizon settings is moved to configure_horizon.
- horizon config is now called between run_phase stack install
  and post-config.
- horizon init and start are now called between run_phase stack
  post-config and extra.

Change-Id: I8bf2ceaf7734c4f7cec68bc05d7cdbae81ef311e
---
 lib/horizon |  8 +++++---
 stack.sh    | 14 ++++++++------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/lib/horizon b/lib/horizon
index 67181fcf29..dca31116e2 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -83,10 +83,7 @@ function configure_horizon {
     # Message catalog compilation is handled by Django admin script,
     # so compiling them after the installation avoids Django installation twice.
     (cd $HORIZON_DIR; ./run_tests.sh -N --compilemessages)
-}
 
-# init_horizon() - Initialize databases, etc.
-function init_horizon {
     # ``local_settings.py`` is used to override horizon default settings.
     local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
     cp $HORIZON_SETTINGS $local_settings
@@ -113,6 +110,7 @@ function init_horizon {
     horizon_conf=$(apache_site_config_for horizon)
 
     # Configure apache to run horizon
+    # Set up the django horizon application to serve via apache/wsgi
     sudo sh -c "sed -e \"
         s,%USER%,$APACHE_USER,g;
         s,%GROUP%,$APACHE_GROUP,g;
@@ -133,7 +131,10 @@ function init_horizon {
         exit_distro_not_supported "horizon apache configuration"
     fi
     enable_apache_site horizon
+}
 
+# init_horizon() - Initialize databases, etc.
+function init_horizon {
     # Remove old log files that could mess with how DevStack detects whether Horizon
     # has been successfully started (see start_horizon() and functions::screen_it())
     # and run_process
@@ -147,6 +148,7 @@ function init_horizon {
         django_admin=django-admin.py
     fi
 
+    # These need to be run after horizon plugins are configured.
     DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin collectstatic --noinput
     DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin compress --force
 
diff --git a/stack.sh b/stack.sh
index 19d05c904a..e65d22f114 100755
--- a/stack.sh
+++ b/stack.sh
@@ -840,7 +840,6 @@ if is_service_enabled horizon; then
     install_django_openstack_auth
     # dashboard
     stack_install_service horizon
-    configure_horizon
 fi
 
 if is_service_enabled heat; then
@@ -1060,12 +1059,9 @@ write_clouds_yaml
 # Horizon
 # -------
 
-# Set up the django horizon application to serve via apache/wsgi
-
 if is_service_enabled horizon; then
-    echo_summary "Configuring and starting Horizon"
-    init_horizon
-    start_horizon
+    echo_summary "Configuring Horizon"
+    configure_horizon
 fi
 
 
@@ -1290,6 +1286,12 @@ if is_service_enabled heat; then
     fi
 fi
 
+if is_service_enabled horizon; then
+    echo_summary "Starting Horizon"
+    init_horizon
+    start_horizon
+fi
+
 
 # Create account rc files
 # =======================

From 563a7e75b7d26275a7416eb4d6641fcfe867b45a Mon Sep 17 00:00:00 2001
From: Sean Dague 
Date: Tue, 15 Dec 2015 17:16:19 -0500
Subject: [PATCH 1123/3421] set the validation path to fixed for n-net

See if using fixed IPs for connectivity to hosts is more reliable than
floating ips, which really were not intended for these purposes (at
least in nova-net).

Change-Id: I251710ee9186a68bb3ddc58ca803c33b81c8ac49
---
 lib/tempest | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/tempest b/lib/tempest
index 6adc449ad0..e651dc30ed 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -329,6 +329,9 @@ function configure_tempest {
     iniset $TEMPEST_CONFIG compute flavor_ref $flavor_ref
     iniset $TEMPEST_CONFIG compute flavor_ref_alt $flavor_ref_alt
     iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method
+    # set the equiv validation option here as well to ensure they are
+    # in sync. They shouldn't be separate options.
+    iniset $TEMPEST_CONFIG validation connect_method $ssh_connect_method
     if [[ ! $(is_service_enabled n-cell) && ! $(is_service_enabled neutron) ]]; then
         iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME
     fi

From 2ca8af45a78226f29c3251cbef6449a0a51a4c1f Mon Sep 17 00:00:00 2001
From: Atsushi SAKAI 
Date: Tue, 8 Dec 2015 15:36:13 +0900
Subject: [PATCH 1124/3421] Add 5 time measurement points

run_process           process starting time
test_with_retry       process starting time (for neutron legacy)
restart_apache_server Apache HTTPD restart time
wait_for_service      HTTP server waiting time
git_timed             git command execution time

example

========================
DevStack Components Timed
========================

run_process - 52 secs
test_with_retry - 3 secs
apt-get-update - 8 secs
pip_install - 76 secs
restart_apache_server - 9 secs
wait_for_service - 11 secs
git_timed - 127 secs
apt-get - 15 secs

Change-Id: I66140726617450cd9fe9b702092cacf053a20065
---
 functions        | 2 ++
 functions-common | 6 ++++++
 lib/apache       | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/functions b/functions
index 762fc472c2..9495710e92 100644
--- a/functions
+++ b/functions
@@ -357,7 +357,9 @@ CURL_GET="${CURL_GET:-curl -g}"
 function wait_for_service {
     local timeout=$1
     local url=$2
+    time_start "wait_for_service"
     timeout $timeout sh -c "while ! $CURL_GET -k --noproxy '*' -s $url >/dev/null; do sleep 1; done"
+    time_stop "wait_for_service"
 }
 
 
diff --git a/functions-common b/functions-common
index 1b01eefaf9..023203d1fc 100644
--- a/functions-common
+++ b/functions-common
@@ -597,6 +597,7 @@ function git_timed {
         timeout=${GIT_TIMEOUT}
     fi
 
+    time_start "git_timed"
     until timeout -s SIGINT ${timeout} git "$@"; do
         # 124 is timeout(1)'s special return code when it reached the
         # timeout; otherwise assume fatal failure
@@ -611,6 +612,7 @@ function git_timed {
         fi
         sleep 5
     done
+    time_stop "git_timed"
 }
 
 # git update using reference as a branch.
@@ -1373,6 +1375,7 @@ function run_process {
     local command="$2"
     local group=$3
 
+    time_start "run_process"
     if is_service_enabled $service; then
         if [[ "$USE_SCREEN" = "True" ]]; then
             screen_process "$service" "$command" "$group"
@@ -1381,6 +1384,7 @@ function run_process {
             _run_process "$service" "$command" "$group" &
         fi
     fi
+    time_stop "run_process"
 }
 
 # Helper to launch a process in a named screen
@@ -2196,9 +2200,11 @@ function test_with_retry {
     local until=${3:-10}
     local sleep=${4:-0.5}
 
+    time_start "test_with_retry"
     if ! timeout $until sh -c "while ! $testcmd; do sleep $sleep; done"; then
         die $LINENO "$failmsg"
     fi
+    time_stop "test_with_retry"
 }
 
 # Timing infrastructure - figure out where large blocks of time are
diff --git a/lib/apache b/lib/apache
index c9e02a2b58..2c84c7a481 100644
--- a/lib/apache
+++ b/lib/apache
@@ -185,9 +185,11 @@ function restart_apache_server {
     # Apache can be slow to stop, doing an explicit stop, sleep, start helps
     # to mitigate issues where apache will claim a port it's listening on is
     # still in use and fail to start.
+    time_start "restart_apache_server"
     stop_service $APACHE_NAME
     sleep 3
     start_service $APACHE_NAME
+    time_stop "restart_apache_server"
 }
 
 # Restore xtrace

From 00b5f4af92a640a2507046cf76ee57caa166310b Mon Sep 17 00:00:00 2001
From: Mike Turek 
Date: Tue, 15 Dec 2015 18:16:35 +0000
Subject: [PATCH 1125/3421] Replace deprecated baremetal timeouts with new
 deploy_timeout

See review 258670 for more information. The preceeding patch
consolidates Ironic timeouts into one blanket timeout. This
patch sets the new timeout via the BUILD_TIMEOUT variable and
removes the deprecated timeouts.

Change-Id: I320461b2b40aa2b68afc38a901a5933e39aac1b6
Related-Bug: #1526863
---
 lib/tempest | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/tempest b/lib/tempest
index 61351c0628..b9d9e80fc2 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -533,8 +533,7 @@ function configure_tempest {
     # Baremetal
     if [ "$VIRT_DRIVER" = "ironic" ] ; then
         iniset $TEMPEST_CONFIG baremetal driver_enabled True
-        iniset $TEMPEST_CONFIG baremetal unprovision_timeout $BUILD_TIMEOUT
-        iniset $TEMPEST_CONFIG baremetal active_timeout $BUILD_TIMEOUT
+        iniset $TEMPEST_CONFIG baremetal deploy_timeout $BUILD_TIMEOUT
         iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES
         iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID
         iniset $TEMPEST_CONFIG compute-feature-enabled change_password False

From 168be83597dcfc38b6d552ecbf20b5093580e2cb Mon Sep 17 00:00:00 2001
From: Davanum Srinivas 
Date: Thu, 8 Oct 2015 07:57:44 -0700
Subject: [PATCH 1126/3421] Nuke EC2 API service in defaults

Tempest does not test EC2 by default anymore:
Ib5e24e19bcba9808a9f49fe7f328668df77fe4f9

So we don't need to run nova ec2 API service by default.

Change-Id: Ieec0ca1361baf0978d96e69e1134f699c1af3bb9
---
 stackrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stackrc b/stackrc
index f949ccbad9..edf23ce997 100644
--- a/stackrc
+++ b/stackrc
@@ -91,7 +91,7 @@ fi
 ENABLE_HTTPD_MOD_WSGI_SERVICES=True
 
 # Set the default Nova APIs to enable
-NOVA_ENABLED_APIS=ec2,osapi_compute,metadata
+NOVA_ENABLED_APIS=osapi_compute,metadata
 
 # Set the root URL for Horizon
 HORIZON_APACHE_ROOT="/dashboard"

From 47115b0314bcb9006d674fb0c7da6ac6eb94de29 Mon Sep 17 00:00:00 2001
From: Martin Hickey 
Date: Fri, 18 Dec 2015 11:08:38 +0000
Subject: [PATCH 1127/3421] Neutron VPNaaS: Set default service provider

Default value needs to be set for service_provider config item in
neutron_vpnaas.conf. This is to support backward compatability
for using the enable_service q-vpn. It should be noted that the
recommended way to use VPN is the devstack plugin.

Change-Id: I0d5960c81c47a138087d480527eff2a8eef59445
Closes-bug: #1527483
---
 lib/neutron-legacy | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e0c4676297..6af44e6ab8 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -115,6 +115,9 @@ export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/d
 # Default provider for load balancer service
 DEFAULT_LB_PROVIDER=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
 
+# Default provider for VPN service
+DEFAULT_VPN_PROVIDER=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+
 # Agent binaries.  Note, binary paths for other agents are set in per-service
 # scripts in lib/neutron_plugins/services/
 AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent"
@@ -1092,6 +1095,7 @@ function _configure_neutron_vpn {
     (cd $NEUTRON_VPNAAS_DIR && exec ./tools/generate_config_file_samples.sh)
     if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample ]; then
         cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample $NEUTRON_CONF_DIR/neutron_vpnaas.conf
+        iniset $NEUTRON_CONF_DIR/neutron_vpnaas.conf service_providers service_provider $DEFAULT_VPN_PROVIDER
     fi
     neutron_vpn_install_agent_packages
     neutron_vpn_configure_common

From 47367071cdc110c40ec5c92d12f4dbe50cc553d4 Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen 
Date: Thu, 10 Dec 2015 14:24:00 +0000
Subject: [PATCH 1128/3421] Remove ironic code from tree

This removes all of the ironic code from the devstack tree, in favor of
the devstack plugin in Ironic's tree.

Depends-On: I659e3de5c64df798441798ff48ba5c9c0506585a
Depends-On: I2c52bc014f1b0dbc6b0ae22a4deb4132b4c28621
Change-Id: I5125fce295c79600781469c2f48bea80e7600081
---
 clean.sh                                     |   1 -
 doc/source/index.rst                         |   2 -
 doc/source/plugin-registry.rst               |   2 +
 extras.d/50-ironic.sh                        |  50 --
 files/apache-ironic.template                 |  12 -
 files/debs/ironic                            |  19 -
 files/rpms/ironic                            |  14 -
 functions-common                             |  12 +-
 lib/ironic                                   | 874 -------------------
 stackrc                                      |   8 +-
 tools/ironic/scripts/cleanup-node            |  25 -
 tools/ironic/scripts/configure-vm            |  93 --
 tools/ironic/scripts/create-node             |  79 --
 tools/ironic/scripts/setup-network           |  28 -
 tools/ironic/templates/brbm.xml              |   6 -
 tools/ironic/templates/tftpd-xinetd.template |  14 -
 tools/ironic/templates/vm.xml                |  49 --
 17 files changed, 16 insertions(+), 1272 deletions(-)
 delete mode 100644 extras.d/50-ironic.sh
 delete mode 100644 files/apache-ironic.template
 delete mode 100644 files/debs/ironic
 delete mode 100644 files/rpms/ironic
 delete mode 100644 lib/ironic
 delete mode 100755 tools/ironic/scripts/cleanup-node
 delete mode 100755 tools/ironic/scripts/configure-vm
 delete mode 100755 tools/ironic/scripts/create-node
 delete mode 100755 tools/ironic/scripts/setup-network
 delete mode 100644 tools/ironic/templates/brbm.xml
 delete mode 100644 tools/ironic/templates/tftpd-xinetd.template
 delete mode 100644 tools/ironic/templates/vm.xml

diff --git a/clean.sh b/clean.sh
index ae28aa9ab7..fc6f80dad4 100755
--- a/clean.sh
+++ b/clean.sh
@@ -50,7 +50,6 @@ source $TOP_DIR/lib/cinder
 source $TOP_DIR/lib/swift
 source $TOP_DIR/lib/heat
 source $TOP_DIR/lib/neutron-legacy
-source $TOP_DIR/lib/ironic
 
 
 # Extras Source
diff --git a/doc/source/index.rst b/doc/source/index.rst
index ec345c9f64..2622436820 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -174,7 +174,6 @@ Scripts
 * `lib/heat `__
 * `lib/horizon `__
 * `lib/infra `__
-* `lib/ironic `__
 * `lib/keystone `__
 * `lib/ldap `__
 * `lib/neutron-legacy `__
@@ -189,7 +188,6 @@ Scripts
 * `clean.sh `__
 * `run\_tests.sh `__
 
-* `extras.d/50-ironic.sh `__
 * `extras.d/60-ceph.sh `__
 * `extras.d/70-tuskar.sh `__
 * `extras.d/80-tempest.sh `__
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index c68d926822..7682defbed 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -30,6 +30,8 @@ The following are plugins that exist for official OpenStack projects.
 +------------------+---------------------------------------------+--------------------+
 |gnocchi           |git://git.openstack.org/openstack/gnocchi    | metric             |
 +------------------+---------------------------------------------+--------------------+
+|ironic            |git://git.openstack.org/openstack/ironic     | baremetal          |
++------------------+---------------------------------------------+--------------------+
 |magnum            |git://git.openstack.org/openstack/magnum     |                    |
 +------------------+---------------------------------------------+--------------------+
 |manila            |git://git.openstack.org/openstack/manila     | file shares        |
diff --git a/extras.d/50-ironic.sh b/extras.d/50-ironic.sh
deleted file mode 100644
index 0ee6a94758..0000000000
--- a/extras.d/50-ironic.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-# ironic.sh - Devstack extras script to install ironic
-
-# NOTE(jroll) this is used for the transition to a devstack plugin in
-# the ironic tree.
-IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN)
-if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then
-    return 0
-fi
-
-if is_service_enabled ir-api ir-cond; then
-    if [[ "$1" == "source" ]]; then
-        # Initial source
-        source $TOP_DIR/lib/ironic
-    elif [[ "$1" == "stack" && "$2" == "install" ]]; then
-        echo_summary "Installing Ironic"
-        install_ironic
-        install_ironicclient
-        cleanup_ironic
-    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
-        echo_summary "Configuring Ironic"
-        configure_ironic
-
-        if is_service_enabled key; then
-            create_ironic_accounts
-        fi
-
-    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
-        # Initialize ironic
-        init_ironic
-
-        # Start the ironic API and ironic taskmgr components
-        echo_summary "Starting Ironic"
-        start_ironic
-
-        if [[ "$IRONIC_BAREMETAL_BASIC_OPS" = "True" ]]; then
-            prepare_baremetal_basic_ops
-        fi
-    fi
-
-    if [[ "$1" == "unstack" ]]; then
-        stop_ironic
-        if [[ "$IRONIC_BAREMETAL_BASIC_OPS" = "True" ]]; then
-            cleanup_baremetal_basic_ops
-        fi
-    fi
-
-    if [[ "$1" == "clean" ]]; then
-        cleanup_ironic
-    fi
-fi
diff --git a/files/apache-ironic.template b/files/apache-ironic.template
deleted file mode 100644
index 88641946f6..0000000000
--- a/files/apache-ironic.template
+++ /dev/null
@@ -1,12 +0,0 @@
-Listen %PUBLICPORT%
-
-
-    DocumentRoot "%HTTPROOT%"
-    
-        Options Indexes FollowSymLinks
-        AllowOverride None
-        Order allow,deny
-        Allow from all
-        Require all granted
-    
-
diff --git a/files/debs/ironic b/files/debs/ironic
deleted file mode 100644
index 4d5a6aa6b7..0000000000
--- a/files/debs/ironic
+++ /dev/null
@@ -1,19 +0,0 @@
-docker.io
-ipmitool
-iptables
-ipxe
-libguestfs0
-libvirt-bin
-open-iscsi
-openssh-client
-openvswitch-datapath-dkms
-openvswitch-switch
-python-libguestfs
-python-libvirt
-qemu
-qemu-kvm
-qemu-utils
-sgabios
-syslinux
-tftpd-hpa
-xinetd
diff --git a/files/rpms/ironic b/files/rpms/ironic
deleted file mode 100644
index 2bf8bb370e..0000000000
--- a/files/rpms/ironic
+++ /dev/null
@@ -1,14 +0,0 @@
-docker-io
-ipmitool
-iptables
-ipxe-bootimgs
-libguestfs
-libvirt
-libvirt-python
-net-tools
-openssh-clients
-openvswitch
-sgabios
-syslinux
-tftp-server
-xinetd
diff --git a/functions-common b/functions-common
index 1b01eefaf9..c3eef469d3 100644
--- a/functions-common
+++ b/functions-common
@@ -954,6 +954,15 @@ function get_endpoint_url {
             -c URL -f value)
 }
 
+# check if we are using ironic with hardware
+# TODO(jroll) this is a kludge left behind when ripping ironic code
+# out of tree, as it is used by nova and neutron.
+# figure out a way to refactor nova/neutron code to eliminate this
+function is_ironic_hardware {
+    is_service_enabled ironic && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0
+    return 1
+}
+
 
 # Package Functions
 # =================
@@ -1764,7 +1773,7 @@ function run_phase {
             # white listed elements in tree. We want these to move out
             # over time as well, but they are in tree, so we need to
             # manage that.
-            local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh"
+            local exceptions="60-ceph.sh 80-tempest.sh"
             local extra
             extra=$(basename $extra_plugin_file_name)
             if [[ ! ( $exceptions =~ "$extra" ) ]]; then
@@ -1952,7 +1961,6 @@ function is_service_enabled {
         [[ ${service} == n-cpu-* && ${ENABLED_SERVICES} =~ "n-cpu" ]] && enabled=0
         [[ ${service} == "nova" && ${ENABLED_SERVICES} =~ "n-" ]] && enabled=0
         [[ ${service} == "glance" && ${ENABLED_SERVICES} =~ "g-" ]] && enabled=0
-        [[ ${service} == "ironic" && ${ENABLED_SERVICES} =~ "ir-" ]] && enabled=0
         [[ ${service} == "neutron" && ${ENABLED_SERVICES} =~ "q-" ]] && enabled=0
         [[ ${service} == "trove" && ${ENABLED_SERVICES} =~ "tr-" ]] && enabled=0
         [[ ${service} == "swift" && ${ENABLED_SERVICES} =~ "s-" ]] && enabled=0
diff --git a/lib/ironic b/lib/ironic
deleted file mode 100644
index dd4f8bf65f..0000000000
--- a/lib/ironic
+++ /dev/null
@@ -1,874 +0,0 @@
-#!/bin/bash
-#
-# lib/ironic
-# Functions to control the configuration and operation of the **Ironic** service
-
-# Dependencies:
-#
-# - ``functions`` file
-# - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
-# - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
-# - ``SERVICE_HOST``
-# - ``KEYSTONE_TOKEN_FORMAT`` must be defined
-
-# ``stack.sh`` calls the entry points in this order:
-#
-# - install_ironic
-# - install_ironicclient
-# - init_ironic
-# - start_ironic
-# - stop_ironic
-# - cleanup_ironic
-
-# Save trace and pipefail settings
-_XTRACE_IRONIC=$(set +o | grep xtrace)
-_PIPEFAIL_IRONIC=$(set +o | grep pipefail)
-set +o xtrace
-set +o pipefail
-
-# NOTE(jroll) this is used for the transition to a devstack plugin in
-# the ironic tree.
-IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN)
-if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then
-    return 0
-fi
-
-# Defaults
-# --------
-
-# Set up default directories
-GITDIR["python-ironicclient"]=$DEST/python-ironicclient
-GITDIR["ironic-lib"]=$DEST/ironic-lib
-
-IRONIC_DIR=$DEST/ironic
-IRONIC_PYTHON_AGENT_DIR=$DEST/ironic-python-agent
-IRONIC_DATA_DIR=$DATA_DIR/ironic
-IRONIC_STATE_PATH=/var/lib/ironic
-IRONIC_AUTH_CACHE_DIR=${IRONIC_AUTH_CACHE_DIR:-/var/cache/ironic}
-IRONIC_CONF_DIR=${IRONIC_CONF_DIR:-/etc/ironic}
-IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf
-IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf
-IRONIC_POLICY_JSON=$IRONIC_CONF_DIR/policy.json
-
-# Deploy callback timeout can be changed from its default (1800), if required.
-IRONIC_CALLBACK_TIMEOUT=${IRONIC_CALLBACK_TIMEOUT:-}
-
-# Deploy to hardware platform
-IRONIC_HW_NODE_CPU=${IRONIC_HW_NODE_CPU:-1}
-IRONIC_HW_NODE_RAM=${IRONIC_HW_NODE_RAM:-512}
-IRONIC_HW_NODE_DISK=${IRONIC_HW_NODE_DISK:-10}
-IRONIC_HW_EPHEMERAL_DISK=${IRONIC_HW_EPHEMERAL_DISK:-0}
-# The file is composed of multiple lines, each line includes four field
-# separated by white space: IPMI address, MAC address, IPMI username
-# and IPMI password.
-#
-#   192.168.110.107 00:1e:67:57:50:4c root otc123
-IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info}
-
-# Set up defaults for functional / integration testing
-IRONIC_NODE_UUID=${IRONIC_NODE_UUID:-`uuidgen`}
-IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts}
-IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates}
-IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS)
-IRONIC_ENABLED_DRIVERS=${IRONIC_ENABLED_DRIVERS:-fake,pxe_ssh,pxe_ipmitool}
-IRONIC_SSH_USERNAME=${IRONIC_SSH_USERNAME:-`whoami`}
-IRONIC_SSH_TIMEOUT=${IRONIC_SSH_TIMEOUT:-15}
-IRONIC_SSH_KEY_DIR=${IRONIC_SSH_KEY_DIR:-$IRONIC_DATA_DIR/ssh_keys}
-IRONIC_SSH_KEY_FILENAME=${IRONIC_SSH_KEY_FILENAME:-ironic_key}
-IRONIC_KEY_FILE=${IRONIC_KEY_FILE:-$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME}
-IRONIC_SSH_VIRT_TYPE=${IRONIC_SSH_VIRT_TYPE:-virsh}
-IRONIC_TFTPBOOT_DIR=${IRONIC_TFTPBOOT_DIR:-$IRONIC_DATA_DIR/tftpboot}
-IRONIC_TFTPSERVER_IP=${IRONIC_TFTPSERVER_IP:-$HOST_IP}
-IRONIC_VM_SSH_PORT=${IRONIC_VM_SSH_PORT:-22}
-IRONIC_VM_SSH_ADDRESS=${IRONIC_VM_SSH_ADDRESS:-$HOST_IP}
-IRONIC_VM_COUNT=${IRONIC_VM_COUNT:-1}
-IRONIC_VM_SPECS_CPU=${IRONIC_VM_SPECS_CPU:-1}
-IRONIC_VM_SPECS_RAM=${IRONIC_VM_SPECS_RAM:-512}
-IRONIC_VM_SPECS_DISK=${IRONIC_VM_SPECS_DISK:-10}
-IRONIC_VM_EPHEMERAL_DISK=${IRONIC_VM_EPHEMERAL_DISK:-0}
-IRONIC_VM_EMULATOR=${IRONIC_VM_EMULATOR:-/usr/bin/qemu-system-x86_64}
-IRONIC_VM_NETWORK_BRIDGE=${IRONIC_VM_NETWORK_BRIDGE:-brbm}
-IRONIC_VM_NETWORK_RANGE=${IRONIC_VM_NETWORK_RANGE:-192.0.2.0/24}
-IRONIC_VM_MACS_CSV_FILE=${IRONIC_VM_MACS_CSV_FILE:-$IRONIC_DATA_DIR/ironic_macs.csv}
-IRONIC_AUTHORIZED_KEYS_FILE=${IRONIC_AUTHORIZED_KEYS_FILE:-$HOME/.ssh/authorized_keys}
-
-# By default, baremetal VMs will console output to file.
-IRONIC_VM_LOG_CONSOLE=${IRONIC_VM_LOG_CONSOLE:-True}
-IRONIC_VM_LOG_DIR=${IRONIC_VM_LOG_DIR:-$IRONIC_DATA_DIR/logs/}
-
-# Use DIB to create deploy ramdisk and kernel.
-IRONIC_BUILD_DEPLOY_RAMDISK=$(trueorfalse True IRONIC_BUILD_DEPLOY_RAMDISK)
-# If not use DIB, these files are used as deploy ramdisk/kernel.
-# (The value must be an absolute path)
-IRONIC_DEPLOY_RAMDISK=${IRONIC_DEPLOY_RAMDISK:-}
-IRONIC_DEPLOY_KERNEL=${IRONIC_DEPLOY_KERNEL:-}
-IRONIC_DEPLOY_ELEMENT=${IRONIC_DEPLOY_ELEMENT:-deploy-ironic}
-
-IRONIC_AGENT_KERNEL_URL=${IRONIC_AGENT_KERNEL_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz}
-IRONIC_AGENT_RAMDISK_URL=${IRONIC_AGENT_RAMDISK_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz}
-
-# Which deploy driver to use - valid choices right now
-# are ``pxe_ssh``, ``pxe_ipmitool``, ``agent_ssh`` and ``agent_ipmitool``.
-IRONIC_DEPLOY_DRIVER=${IRONIC_DEPLOY_DRIVER:-pxe_ssh}
-
-# TODO(agordeev): replace 'ubuntu' with host distro name getting
-IRONIC_DEPLOY_FLAVOR=${IRONIC_DEPLOY_FLAVOR:-ubuntu $IRONIC_DEPLOY_ELEMENT}
-
-# Support entry points installation of console scripts
-IRONIC_BIN_DIR=$(get_python_exec_prefix)
-
-# Ironic connection info.  Note the port must be specified.
-IRONIC_SERVICE_PROTOCOL=http
-IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385}
-IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT}
-
-# Enable iPXE
-IRONIC_IPXE_ENABLED=$(trueorfalse False IRONIC_IPXE_ENABLED)
-IRONIC_HTTP_DIR=${IRONIC_HTTP_DIR:-$IRONIC_DATA_DIR/httpboot}
-IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$HOST_IP}
-IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-8088}
-
-# NOTE(lucasagomes): This flag is used to differentiate the nodes that
-# uses IPA as their deploy ramdisk from nodes that uses the agent_* drivers
-# (which also uses IPA but depends on Swift Temp URLs to work). At present,
-# all drivers that uses the iSCSI approach for their deployment supports
-# using both, IPA or bash ramdisks for the deployment. In the future we
-# want to remove the support for the bash ramdisk in favor of IPA, once
-# we get there this flag can be removed, and all conditionals that uses
-# it should just run by default.
-IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA=$(trueorfalse False IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA)
-
-# get_pxe_boot_file() - Get the PXE/iPXE boot file path
-function get_pxe_boot_file {
-    local relpath=syslinux/pxelinux.0
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        relpath=ipxe/undionly.kpxe
-    fi
-
-    local pxe_boot_file
-    if is_ubuntu; then
-        pxe_boot_file=/usr/lib/$relpath
-    elif is_fedora || is_suse; then
-        pxe_boot_file=/usr/share/$relpath
-    fi
-
-    echo $pxe_boot_file
-}
-
-# PXE boot image
-IRONIC_PXE_BOOT_IMAGE=${IRONIC_PXE_BOOT_IMAGE:-$(get_pxe_boot_file)}
-
-
-# Functions
-# ---------
-
-# Test if any Ironic services are enabled
-# is_ironic_enabled
-function is_ironic_enabled {
-    [[ ,${ENABLED_SERVICES} =~ ,"ir-" ]] && return 0
-    return 1
-}
-
-function is_ironic_hardware {
-    is_ironic_enabled && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0
-    return 1
-}
-
-function is_deployed_by_agent {
-    [[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]] && return 0
-    return 1
-}
-
-function is_deployed_with_ipa_ramdisk {
-    is_deployed_by_agent || [[ "$IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA" == "True" ]] && return 0
-    return 1
-}
-
-# install_ironic() - Collect source and prepare
-function install_ironic {
-    # make sure all needed service were enabled
-    local req_services="key"
-    if [[ "$VIRT_DRIVER" == "ironic" ]]; then
-        req_services+=" nova glance neutron"
-    fi
-    for srv in $req_services; do
-        if ! is_service_enabled "$srv"; then
-            die $LINENO "$srv should be enabled for Ironic."
-        fi
-    done
-
-    if use_library_from_git "ironic-lib"; then
-        git_clone_by_name "ironic-lib"
-        setup_dev_lib "ironic-lib"
-    fi
-
-    git_clone $IRONIC_REPO $IRONIC_DIR $IRONIC_BRANCH
-    setup_develop $IRONIC_DIR
-
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        install_apache_wsgi
-    fi
-}
-
-# install_ironicclient() - Collect sources and prepare
-function install_ironicclient {
-    if use_library_from_git "python-ironicclient"; then
-        git_clone_by_name "python-ironicclient"
-        setup_dev_lib "python-ironicclient"
-        sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ironicclient"]}/tools/,/etc/bash_completion.d/}ironic.bash_completion
-    else
-        # nothing actually "requires" ironicclient, so force instally from pypi
-        pip_install_gr python-ironicclient
-    fi
-}
-
-# _cleanup_ironic_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
-function _cleanup_ironic_apache_wsgi {
-    sudo rm -rf $IRONIC_HTTP_DIR
-    disable_apache_site ironic
-    sudo rm -f $(apache_site_config_for ironic)
-    restart_apache_server
-}
-
-# _config_ironic_apache_wsgi() - Set WSGI config files of Ironic
-function _config_ironic_apache_wsgi {
-    local ironic_apache_conf
-    ironic_apache_conf=$(apache_site_config_for ironic)
-    sudo cp $FILES/apache-ironic.template $ironic_apache_conf
-    sudo sed -e "
-        s|%PUBLICPORT%|$IRONIC_HTTP_PORT|g;
-        s|%HTTPROOT%|$IRONIC_HTTP_DIR|g;
-    " -i $ironic_apache_conf
-    enable_apache_site ironic
-}
-
-# cleanup_ironic() - Remove residual data files, anything left over from previous
-# runs that would need to clean up.
-function cleanup_ironic {
-    sudo rm -rf $IRONIC_AUTH_CACHE_DIR $IRONIC_CONF_DIR
-}
-
-# configure_ironic_dirs() - Create all directories required by Ironic and
-# associated services.
-function configure_ironic_dirs {
-    sudo install -d -o $STACK_USER $IRONIC_CONF_DIR $STACK_USER $IRONIC_DATA_DIR \
-        $IRONIC_STATE_PATH $IRONIC_TFTPBOOT_DIR $IRONIC_TFTPBOOT_DIR/pxelinux.cfg
-    sudo chown -R $STACK_USER:$LIBVIRT_GROUP $IRONIC_TFTPBOOT_DIR
-
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        sudo install -d -o $STACK_USER -g $LIBVIRT_GROUP $IRONIC_HTTP_DIR
-    fi
-
-    if [ ! -f $IRONIC_PXE_BOOT_IMAGE ]; then
-        die $LINENO "PXE boot file $IRONIC_PXE_BOOT_IMAGE not found."
-    fi
-
-    # Copy PXE binary
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        cp $IRONIC_PXE_BOOT_IMAGE $IRONIC_TFTPBOOT_DIR
-    else
-        # Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone" anymore,
-        # it depends on some c32 modules to work correctly.
-        # More info: http://www.syslinux.org/wiki/index.php/Library_modules
-        cp -aR $(dirname $IRONIC_PXE_BOOT_IMAGE)/*.{c32,0} $IRONIC_TFTPBOOT_DIR
-    fi
-}
-
-# configure_ironic() - Set config files, create data dirs, etc
-function configure_ironic {
-    configure_ironic_dirs
-
-    # Copy over ironic configuration file and configure common parameters.
-    cp $IRONIC_DIR/etc/ironic/ironic.conf.sample $IRONIC_CONF_FILE
-    iniset $IRONIC_CONF_FILE DEFAULT debug True
-    inicomment $IRONIC_CONF_FILE DEFAULT log_file
-    iniset $IRONIC_CONF_FILE database connection `database_connection_url ironic`
-    iniset $IRONIC_CONF_FILE DEFAULT state_path $IRONIC_STATE_PATH
-    iniset $IRONIC_CONF_FILE DEFAULT use_syslog $SYSLOG
-    # Configure Ironic conductor, if it was enabled.
-    if is_service_enabled ir-cond; then
-        configure_ironic_conductor
-    fi
-
-    # Configure Ironic API, if it was enabled.
-    if is_service_enabled ir-api; then
-        configure_ironic_api
-    fi
-
-    # Format logging
-    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        setup_colorized_logging $IRONIC_CONF_FILE DEFAULT tenant user
-    fi
-
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then
-        _config_ironic_apache_wsgi
-    fi
-}
-
-# configure_ironic_api() - Is used by configure_ironic(). Performs
-# API specific configuration.
-function configure_ironic_api {
-    iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
-    iniset $IRONIC_CONF_FILE oslo_policy policy_file $IRONIC_POLICY_JSON
-
-    # TODO(Yuki Nishiwaki): This is a temporary work-around until Ironic is fixed(bug#1422632).
-    # These codes need to be changed to use the function of configure_auth_token_middleware
-    # after Ironic conforms to the new auth plugin.
-    iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
-    iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
-    iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
-    iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
-    iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
-    iniset $IRONIC_CONF_FILE keystone_authtoken cafile $SSL_BUNDLE_FILE
-    iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api
-
-    iniset_rpc_backend ironic $IRONIC_CONF_FILE
-    iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT
-
-    cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON
-}
-
-# configure_ironic_conductor() - Is used by configure_ironic().
-# Sets conductor specific settings.
-function configure_ironic_conductor {
-    cp $IRONIC_DIR/etc/ironic/rootwrap.conf $IRONIC_ROOTWRAP_CONF
-    cp -r $IRONIC_DIR/etc/ironic/rootwrap.d $IRONIC_CONF_DIR
-    local ironic_rootwrap
-    ironic_rootwrap=$(get_rootwrap_location ironic)
-    local rootwrap_isudoer_cmd="$ironic_rootwrap $IRONIC_CONF_DIR/rootwrap.conf *"
-
-    # Set up the rootwrap sudoers for ironic
-    local tempfile
-    tempfile=`mktemp`
-    echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_isudoer_cmd" >$tempfile
-    chmod 0440 $tempfile
-    sudo chown root:root $tempfile
-    sudo mv $tempfile /etc/sudoers.d/ironic-rootwrap
-
-    iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
-    iniset $IRONIC_CONF_FILE DEFAULT enabled_drivers $IRONIC_ENABLED_DRIVERS
-    iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$HOST_IP:$IRONIC_SERVICE_PORT
-    if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then
-        iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT
-    fi
-    iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
-    iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
-    iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
-
-    local pxe_params=""
-    if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
-        pxe_params+="nofb nomodeset vga=normal console=ttyS0"
-        if is_deployed_with_ipa_ramdisk; then
-            pxe_params+=" systemd.journald.forward_to_console=yes"
-        fi
-    fi
-    # When booting with less than 1GB, we need to switch from default tmpfs
-    # to ramfs for ramdisks to decompress successfully.
-    if (is_ironic_hardware && [[ "$IRONIC_HW_NODE_RAM" -lt 1024 ]]) ||
-        (! is_ironic_hardware && [[ "$IRONIC_VM_SPECS_RAM" -lt 1024 ]]); then
-        pxe_params+=" rootfstype=ramfs"
-    fi
-    if [[ -n "$pxe_params" ]]; then
-        iniset $IRONIC_CONF_FILE pxe pxe_append_params "$pxe_params"
-    fi
-
-    # Set these options for scenarios in which the agent fetches the image
-    # directly from glance, and don't set them where the image is pushed
-    # over iSCSI.
-    if is_deployed_by_agent; then
-        if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then
-            iniset $IRONIC_CONF_FILE glance swift_temp_url_key $SWIFT_TEMPURL_KEY
-        else
-            die $LINENO "SWIFT_ENABLE_TEMPURLS must be True to use agent_ssh driver in Ironic."
-        fi
-        iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
-        iniset $IRONIC_CONF_FILE glance swift_api_version v1
-        local tenant_id
-        tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default)
-        iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
-        iniset $IRONIC_CONF_FILE glance swift_container glance
-        iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
-        iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30
-    fi
-
-    # FIXME: this really needs to be tested in the gate.
-    # For now, any test using the agent ramdisk should skip cleaning
-    # because it is too slow to run in the gate.
-    iniset $IRONIC_CONF_FILE agent agent_erase_devices_priority 0
-
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        local pxebin
-        pxebin=`basename $IRONIC_PXE_BOOT_IMAGE`
-        iniset $IRONIC_CONF_FILE pxe ipxe_enabled True
-        iniset $IRONIC_CONF_FILE pxe pxe_config_template '\$pybasedir/drivers/modules/ipxe_config.template'
-        iniset $IRONIC_CONF_FILE pxe pxe_bootfile_name $pxebin
-        iniset $IRONIC_CONF_FILE pxe http_root $IRONIC_HTTP_DIR
-        iniset $IRONIC_CONF_FILE pxe http_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT"
-    fi
-}
-
-# create_ironic_cache_dir() - Part of the init_ironic() process
-function create_ironic_cache_dir {
-    # Create cache dir
-    sudo mkdir -p $IRONIC_AUTH_CACHE_DIR/api
-    sudo chown $STACK_USER $IRONIC_AUTH_CACHE_DIR/api
-    rm -f $IRONIC_AUTH_CACHE_DIR/api/*
-    sudo mkdir -p $IRONIC_AUTH_CACHE_DIR/registry
-    sudo chown $STACK_USER $IRONIC_AUTH_CACHE_DIR/registry
-    rm -f $IRONIC_AUTH_CACHE_DIR/registry/*
-}
-
-# create_ironic_accounts() - Set up common required ironic accounts
-
-# Tenant               User       Roles
-# ------------------------------------------------------------------
-# service              ironic     admin        # if enabled
-function create_ironic_accounts {
-
-    # Ironic
-    if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
-        # Get ironic user if exists
-
-        # NOTE(Shrews): This user MUST have admin level privileges!
-        create_service_user "ironic" "admin"
-
-        if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-
-            get_or_create_service "ironic" "baremetal" "Ironic baremetal provisioning service"
-            get_or_create_endpoint "baremetal" \
-                "$REGION_NAME" \
-                "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
-                "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
-                "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
-        fi
-    fi
-}
-
-
-# init_ironic() - Initialize databases, etc.
-function init_ironic {
-    # Save private network as cleaning network
-    local cleaning_network_uuid
-    cleaning_network_uuid=$(neutron net-list | grep private | get_field 1)
-    iniset $IRONIC_CONF_FILE neutron cleaning_network_uuid ${cleaning_network_uuid}
-
-    # (Re)create  ironic database
-    recreate_database ironic
-
-    # Migrate ironic database
-    $IRONIC_BIN_DIR/ironic-dbsync --config-file=$IRONIC_CONF_FILE
-
-    create_ironic_cache_dir
-}
-
-# _ironic_bm_vm_names() - Generates list of names for baremetal VMs.
-function _ironic_bm_vm_names {
-    local idx
-    local num_vms
-    num_vms=$(($IRONIC_VM_COUNT - 1))
-    for idx in $(seq 0 $num_vms); do
-        echo "baremetal${IRONIC_VM_NETWORK_BRIDGE}_${idx}"
-    done
-}
-
-# start_ironic() - Start running processes, including screen
-function start_ironic {
-    # Start Ironic API server, if enabled.
-    if is_service_enabled ir-api; then
-        start_ironic_api
-    fi
-
-    # Start Ironic conductor, if enabled.
-    if is_service_enabled ir-cond; then
-        start_ironic_conductor
-    fi
-
-    # Start Apache if iPXE is enabled
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        restart_apache_server
-    fi
-}
-
-# start_ironic_api() - Used by start_ironic().
-# Starts Ironic API server.
-function start_ironic_api {
-    run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE"
-    echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..."
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT; do sleep 1; done"; then
-        die $LINENO "ir-api did not start"
-    fi
-}
-
-# start_ironic_conductor() - Used by start_ironic().
-# Starts Ironic conductor.
-function start_ironic_conductor {
-    run_process ir-cond "$IRONIC_BIN_DIR/ironic-conductor --config-file=$IRONIC_CONF_FILE"
-    # TODO(romcheg): Find a way to check whether the conductor has started.
-}
-
-# stop_ironic() - Stop running processes
-function stop_ironic {
-    stop_process ir-api
-    stop_process ir-cond
-
-    # Cleanup the WSGI files
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        _cleanup_ironic_apache_wsgi
-    fi
-}
-
-function create_ovs_taps {
-    local ironic_net_id
-    ironic_net_id=$(neutron net-list | grep private | get_field 1)
-
-    # Work around: No netns exists on host until a Neutron port is created.  We
-    # need to create one in Neutron to know what netns to tap into prior to the
-    # first node booting.
-    local port_id
-    port_id=$(neutron port-create private | grep " id " | get_field 2)
-
-    # intentional sleep to make sure the tag has been set to port
-    sleep 10
-
-    local tapdev
-    tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-)
-    local tag_id
-    tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-)
-
-    # make sure veth pair is not existing, otherwise delete its links
-    sudo ip link show ovs-tap1 && sudo ip link delete ovs-tap1
-    sudo ip link show brbm-tap1 && sudo ip link delete brbm-tap1
-    # create veth pair for future interconnection between br-int and brbm
-    sudo ip link add brbm-tap1 type veth peer name ovs-tap1
-    sudo ip link set dev brbm-tap1 up
-    sudo ip link set dev ovs-tap1 up
-
-    sudo ovs-vsctl -- --if-exists del-port ovs-tap1 -- add-port br-int ovs-tap1 tag=$tag_id
-    sudo ovs-vsctl -- --if-exists del-port brbm-tap1 -- add-port $IRONIC_VM_NETWORK_BRIDGE brbm-tap1
-
-    # Remove the port needed only for workaround.
-    neutron port-delete $port_id
-
-    # Finally, share the fixed tenant network across all tenants.  This allows the host
-    # to serve TFTP to a single network namespace via the tap device created above.
-    neutron net-update $ironic_net_id --shared true
-}
-
-function create_bridge_and_vms {
-    # Call libvirt setup scripts in a new shell to ensure any new group membership
-    sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/setup-network"
-    if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then
-        local log_arg="$IRONIC_VM_LOG_DIR"
-    else
-        local log_arg=""
-    fi
-    local vm_name
-    for vm_name in $(_ironic_bm_vm_names); do
-        sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-node $vm_name \
-            $IRONIC_VM_SPECS_CPU $IRONIC_VM_SPECS_RAM $IRONIC_VM_SPECS_DISK \
-            amd64 $IRONIC_VM_NETWORK_BRIDGE $IRONIC_VM_EMULATOR \
-            $log_arg" >> $IRONIC_VM_MACS_CSV_FILE
-    done
-    create_ovs_taps
-}
-
-function wait_for_nova_resources {
-    # After nodes have been enrolled, we need to wait for both ironic and
-    # nova's periodic tasks to populate the resource tracker with available
-    # nodes and resources. Wait up to 2 minutes for a given resource before
-    # timing out.
-    local resource=$1
-    local expected_count=$2
-    local i
-    echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $resource >= $expected_count"
-    for i in $(seq 1 120); do
-        if [ $(nova hypervisor-stats | grep " $resource " | get_field 2) -ge $expected_count ]; then
-            return 0
-        fi
-        sleep 1
-    done
-    die $LINENO "Timed out waiting for Nova hypervisor-stats $resource >= $expected_count"
-}
-
-function enroll_nodes {
-    local chassis_id
-    chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2)
-
-    if ! is_ironic_hardware; then
-        local ironic_node_cpu=$IRONIC_VM_SPECS_CPU
-        local ironic_node_ram=$IRONIC_VM_SPECS_RAM
-        local ironic_node_disk=$IRONIC_VM_SPECS_DISK
-        local ironic_ephemeral_disk=$IRONIC_VM_EPHEMERAL_DISK
-        local ironic_hwinfo_file=$IRONIC_VM_MACS_CSV_FILE
-        local node_options="\
-            -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID \
-            -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID \
-            -i ssh_virt_type=$IRONIC_SSH_VIRT_TYPE \
-            -i ssh_address=$IRONIC_VM_SSH_ADDRESS \
-            -i ssh_port=$IRONIC_VM_SSH_PORT \
-            -i ssh_username=$IRONIC_SSH_USERNAME \
-            -i ssh_key_filename=$IRONIC_KEY_FILE"
-    else
-        local ironic_node_cpu=$IRONIC_HW_NODE_CPU
-        local ironic_node_ram=$IRONIC_HW_NODE_RAM
-        local ironic_node_disk=$IRONIC_HW_NODE_DISK
-        local ironic_ephemeral_disk=$IRONIC_HW_EPHEMERAL_DISK
-        if [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then
-            local ironic_hwinfo_file=$IRONIC_IPMIINFO_FILE
-        fi
-    fi
-
-    local total_nodes=0
-    local total_cpus=0
-    while read hardware_info; do
-        if ! is_ironic_hardware; then
-            local mac_address=$hardware_info
-        elif [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then
-            local ipmi_address
-            ipmi_address=$(echo $hardware_info |awk  '{print $1}')
-            local mac_address
-            mac_address=$(echo $hardware_info |awk '{print $2}')
-            local ironic_ipmi_username
-            ironic_ipmi_username=$(echo $hardware_info |awk '{print $3}')
-            local ironic_ipmi_passwd
-            ironic_ipmi_passwd=$(echo $hardware_info |awk '{print $4}')
-            # Currently we require all hardware platform have same CPU/RAM/DISK info
-            # in future, this can be enhanced to support different type, and then
-            # we create the bare metal flavor with minimum value
-            local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\
-                -i ipmi_username=$ironic_ipmi_username"
-            node_options+=" -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID"
-            node_options+=" -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID"
-        fi
-
-        # First node created will be used for testing in ironic w/o glance
-        # scenario, so we need to know its UUID.
-        local standalone_node_uuid=""
-        if [ $total_nodes -eq 0 ]; then
-            standalone_node_uuid="--uuid $IRONIC_NODE_UUID"
-        fi
-
-        local node_id
-        node_id=$(ironic node-create $standalone_node_uuid\
-            --chassis_uuid $chassis_id \
-            --driver $IRONIC_DEPLOY_DRIVER \
-            --name node-$total_nodes \
-            -p cpus=$ironic_node_cpu\
-            -p memory_mb=$ironic_node_ram\
-            -p local_gb=$ironic_node_disk\
-            -p cpu_arch=x86_64 \
-            $node_options \
-            | grep " uuid " | get_field 2)
-
-        ironic port-create --address $mac_address --node $node_id
-
-        total_nodes=$((total_nodes+1))
-        total_cpus=$((total_cpus+$ironic_node_cpu))
-    done < $ironic_hwinfo_file
-
-    local adjusted_disk
-    adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk))
-    nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal auto $ironic_node_ram $adjusted_disk $ironic_node_cpu
-
-    nova flavor-key baremetal set "cpu_arch"="x86_64"
-
-    if [ "$VIRT_DRIVER" == "ironic" ]; then
-        wait_for_nova_resources "count" $total_nodes
-        wait_for_nova_resources "vcpus" $total_cpus
-    fi
-}
-
-function configure_iptables {
-    # enable tftp natting for allowing connections to HOST_IP's tftp server
-    sudo modprobe nf_conntrack_tftp
-    sudo modprobe nf_nat_tftp
-    # explicitly allow DHCP - packets are occasionally being dropped here
-    sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
-    # nodes boot from TFTP and callback to the API server listening on $HOST_IP
-    sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
-    sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
-    if is_deployed_by_agent; then
-        # agent ramdisk gets instance image from swift
-        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
-    fi
-
-    if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
-        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true
-    fi
-}
-
-function configure_tftpd {
-    # stop tftpd and setup serving via xinetd
-    stop_service tftpd-hpa || true
-    [ -f /etc/init/tftpd-hpa.conf ] && echo "manual" | sudo tee /etc/init/tftpd-hpa.override
-    sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
-    sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
-
-    # setup tftp file mapping to satisfy requests at the root (booting) and
-    # /tftpboot/ sub-dir (as per deploy-ironic elements)
-    echo "r ^([^/]) $IRONIC_TFTPBOOT_DIR/\1" >$IRONIC_TFTPBOOT_DIR/map-file
-    echo "r ^(/tftpboot/) $IRONIC_TFTPBOOT_DIR/\2" >>$IRONIC_TFTPBOOT_DIR/map-file
-
-    chmod -R 0755 $IRONIC_TFTPBOOT_DIR
-    restart_service xinetd
-}
-
-function configure_ironic_ssh_keypair {
-    if [[ ! -d $HOME/.ssh ]]; then
-        mkdir -p $HOME/.ssh
-        chmod 700 $HOME/.ssh
-    fi
-    if [[ ! -e $IRONIC_KEY_FILE ]]; then
-        if [[ ! -d $(dirname $IRONIC_KEY_FILE) ]]; then
-            mkdir -p $(dirname $IRONIC_KEY_FILE)
-        fi
-        echo -e 'n\n' | ssh-keygen -q -t rsa -P '' -f $IRONIC_KEY_FILE
-    fi
-    cat $IRONIC_KEY_FILE.pub | tee -a $IRONIC_AUTHORIZED_KEYS_FILE
-}
-
-function ironic_ssh_check {
-    local key_file=$1
-    local floating_ip=$2
-    local port=$3
-    local default_instance_user=$4
-    local active_timeout=$5
-    if ! timeout $active_timeout sh -c "while ! ssh -p $port -o StrictHostKeyChecking=no -i $key_file ${default_instance_user}@$floating_ip echo success; do sleep 1; done"; then
-        die $LINENO "server didn't become ssh-able!"
-    fi
-}
-
-function configure_ironic_auxiliary {
-    configure_ironic_ssh_keypair
-    ironic_ssh_check $IRONIC_KEY_FILE $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME $IRONIC_SSH_TIMEOUT
-}
-
-function build_ipa_coreos_ramdisk {
-    echo "Building ironic-python-agent deploy ramdisk"
-    local kernel_path=$1
-    local ramdisk_path=$2
-    git_clone $IRONIC_PYTHON_AGENT_REPO $IRONIC_PYTHON_AGENT_DIR $IRONIC_PYTHON_AGENT_BRANCH
-    cd $IRONIC_PYTHON_AGENT_DIR
-    imagebuild/coreos/build_coreos_image.sh
-    cp imagebuild/coreos/UPLOAD/coreos_production_pxe_image-oem.cpio.gz $ramdisk_path
-    cp imagebuild/coreos/UPLOAD/coreos_production_pxe.vmlinuz $kernel_path
-    sudo rm -rf UPLOAD
-    cd -
-}
-
-# build deploy kernel+ramdisk, then upload them to glance
-# this function sets ``IRONIC_DEPLOY_KERNEL_ID``, ``IRONIC_DEPLOY_RAMDISK_ID``
-function upload_baremetal_ironic_deploy {
-    declare -g IRONIC_DEPLOY_KERNEL_ID IRONIC_DEPLOY_RAMDISK_ID
-    echo_summary "Creating and uploading baremetal images for ironic"
-
-    # install diskimage-builder
-    if [[ $(type -P ramdisk-image-create) == "" ]]; then
-        pip_install_gr "diskimage-builder"
-    fi
-
-    if [ -z "$IRONIC_DEPLOY_KERNEL" -o -z "$IRONIC_DEPLOY_RAMDISK" ]; then
-        local IRONIC_DEPLOY_KERNEL_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.kernel
-        local IRONIC_DEPLOY_RAMDISK_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.initramfs
-    else
-        local IRONIC_DEPLOY_KERNEL_PATH=$IRONIC_DEPLOY_KERNEL
-        local IRONIC_DEPLOY_RAMDISK_PATH=$IRONIC_DEPLOY_RAMDISK
-    fi
-
-    if [ ! -e "$IRONIC_DEPLOY_RAMDISK_PATH" -o ! -e "$IRONIC_DEPLOY_KERNEL_PATH" ]; then
-        # files don't exist, need to build them
-        if [ "$IRONIC_BUILD_DEPLOY_RAMDISK" = "True" ]; then
-            # we can build them only if we're not offline
-            if [ "$OFFLINE" != "True" ]; then
-                if is_deployed_with_ipa_ramdisk; then
-                    build_ipa_coreos_ramdisk $IRONIC_DEPLOY_KERNEL_PATH $IRONIC_DEPLOY_RAMDISK_PATH
-                else
-                    ramdisk-image-create $IRONIC_DEPLOY_FLAVOR \
-                        -o $TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER
-                fi
-            else
-                die $LINENO "Deploy kernel+ramdisk files don't exist and cannot be build in OFFLINE mode"
-            fi
-        else
-            if is_deployed_with_ipa_ramdisk; then
-                # download the agent image tarball
-                wget "$IRONIC_AGENT_KERNEL_URL" -O $IRONIC_DEPLOY_KERNEL_PATH
-                wget "$IRONIC_AGENT_RAMDISK_URL" -O $IRONIC_DEPLOY_RAMDISK_PATH
-            else
-                die $LINENO "Deploy kernel+ramdisk files don't exist and their building was disabled explicitly by IRONIC_BUILD_DEPLOY_RAMDISK"
-            fi
-        fi
-    fi
-
-    local token
-    token=$(openstack token issue -c id -f value)
-    die_if_not_set $LINENO token "Keystone fail to get token"
-
-    # load them into glance
-    IRONIC_DEPLOY_KERNEL_ID=$(openstack \
-        --os-token $token \
-        --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
-        image create \
-        $(basename $IRONIC_DEPLOY_KERNEL_PATH) \
-        --public --disk-format=aki \
-        --container-format=aki \
-        < $IRONIC_DEPLOY_KERNEL_PATH  | grep ' id ' | get_field 2)
-    IRONIC_DEPLOY_RAMDISK_ID=$(openstack \
-        --os-token $token \
-        --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \
-        image create \
-        $(basename $IRONIC_DEPLOY_RAMDISK_PATH) \
-        --public --disk-format=ari \
-        --container-format=ari \
-        < $IRONIC_DEPLOY_RAMDISK_PATH  | grep ' id ' | get_field 2)
-}
-
-function prepare_baremetal_basic_ops {
-    if ! is_ironic_hardware; then
-        configure_ironic_auxiliary
-    fi
-    upload_baremetal_ironic_deploy
-    if ! is_ironic_hardware; then
-        create_bridge_and_vms
-    fi
-    enroll_nodes
-    configure_tftpd
-    configure_iptables
-}
-
-function cleanup_baremetal_basic_ops {
-    rm -f $IRONIC_VM_MACS_CSV_FILE
-    if [ -f $IRONIC_KEY_FILE ]; then
-        local key
-        key=$(cat $IRONIC_KEY_FILE.pub)
-        # remove public key from authorized_keys
-        grep -v "$key" $IRONIC_AUTHORIZED_KEYS_FILE > temp && mv temp $IRONIC_AUTHORIZED_KEYS_FILE
-        chmod 0600 $IRONIC_AUTHORIZED_KEYS_FILE
-    fi
-    sudo rm -rf $IRONIC_DATA_DIR $IRONIC_STATE_PATH
-
-    local vm_name
-    for vm_name in $(_ironic_bm_vm_names); do
-        sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-node $vm_name $IRONIC_VM_NETWORK_BRIDGE"
-    done
-
-    sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override
-    restart_service xinetd
-    sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
-    sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
-    if is_deployed_by_agent; then
-        # agent ramdisk gets instance image from swift
-        sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true
-    fi
-    sudo rmmod nf_conntrack_tftp || true
-    sudo rmmod nf_nat_tftp || true
-}
-
-# Restore xtrace + pipefail
-$_XTRACE_IRONIC
-$_PIPEFAIL_IRONIC
-
-# Tell emacs to use shell-script-mode
-## Local variables:
-## mode: shell-script
-## End:
diff --git a/stackrc b/stackrc
index f949ccbad9..8e6ea42a00 100644
--- a/stackrc
+++ b/stackrc
@@ -225,10 +225,6 @@ HEAT_BRANCH=${HEAT_BRANCH:-master}
 HORIZON_REPO=${HORIZON_REPO:-${GIT_BASE}/openstack/horizon.git}
 HORIZON_BRANCH=${HORIZON_BRANCH:-master}
 
-# baremetal provisioning service
-IRONIC_REPO=${IRONIC_REPO:-${GIT_BASE}/openstack/ironic.git}
-IRONIC_BRANCH=${IRONIC_BRANCH:-master}
-
 # unified auth system (manages accounts/tokens)
 KEYSTONE_REPO=${KEYSTONE_REPO:-${GIT_BASE}/openstack/keystone.git}
 KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master}
@@ -298,6 +294,8 @@ GITBRANCH["python-heatclient"]=${HEATCLIENT_BRANCH:-master}
 # ironic client
 GITREPO["python-ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git}
 GITBRANCH["python-ironicclient"]=${IRONICCLIENT_BRANCH:-master}
+# ironic plugin is out of tree, but nova uses it. set GITDIR here.
+GITDIR["python-ironicclient"]=$DEST/python-ironicclient
 
 # the base authentication plugins that clients use to authenticate
 GITREPO["keystoneauth"]=${KEYSTONEAUTH_REPO:-${GIT_BASE}/openstack/keystoneauth.git}
@@ -484,6 +482,8 @@ GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master}
 # ironic common lib
 GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git}
 GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master}
+# this doesn't exist in a lib file, so set it here
+GITDIR["ironic-lib"]=$DEST/ironic-lib
 
 
 ##################
diff --git a/tools/ironic/scripts/cleanup-node b/tools/ironic/scripts/cleanup-node
deleted file mode 100755
index c4e4e706f4..0000000000
--- a/tools/ironic/scripts/cleanup-node
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# **cleanup-nodes**
-
-# Cleans up baremetal poseur nodes and volumes created during ironic setup
-# Assumes calling user has proper libvirt group membership and access.
-
-set -exu
-
-LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"}
-LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"}
-
-NAME=$1
-NETWORK_BRIDGE=$2
-
-export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI
-
-VOL_NAME="$NAME.qcow2"
-virsh list | grep -q $NAME && virsh destroy $NAME
-virsh list --inactive | grep -q $NAME && virsh undefine $NAME
-
-if virsh pool-list | grep -q $LIBVIRT_STORAGE_POOL ; then
-  virsh vol-list $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME &&
-      virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL
-fi
diff --git a/tools/ironic/scripts/configure-vm b/tools/ironic/scripts/configure-vm
deleted file mode 100755
index 378fcb85ad..0000000000
--- a/tools/ironic/scripts/configure-vm
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/usr/bin/env python
-
-import argparse
-import os.path
-
-import libvirt
-
-templatedir = os.path.join(os.path.dirname(os.path.dirname(__file__)),
-                           'templates')
-
-
-CONSOLE_LOG = """
-    
-      
-      
-      
-    
-    
-      
-      
-      
-    
-    
-      
-      
-      
-    
-"""
-
-
-def main():
-    parser = argparse.ArgumentParser(
-        description="Configure a kvm virtual machine for the seed image.")
-    parser.add_argument('--name', default='seed',
-                        help='the name to give the machine in libvirt.')
-    parser.add_argument('--image',
-                        help='Use a custom image file (must be qcow2).')
-    parser.add_argument('--engine', default='qemu',
-                        help='The virtualization engine to use')
-    parser.add_argument('--arch', default='i686',
-                        help='The architecture to use')
-    parser.add_argument('--memory', default='2097152',
-                        help="Maximum memory for the VM in KB.")
-    parser.add_argument('--cpus', default='1',
-                        help="CPU count for the VM.")
-    parser.add_argument('--bootdev', default='hd',
-                        help="What boot device to use (hd/network).")
-    parser.add_argument('--network', default="brbm",
-                        help='The libvirt network name to use')
-    parser.add_argument('--libvirt-nic-driver', default='e1000',
-                        help='The libvirt network driver to use')
-    parser.add_argument('--console-log',
-                        help='File to log console')
-    parser.add_argument('--emulator', default=None,
-                        help='Path to emulator bin for vm template')
-    args = parser.parse_args()
-    with file(templatedir + '/vm.xml', 'rb') as f:
-        source_template = f.read()
-    params = {
-        'name': args.name,
-        'imagefile': args.image,
-        'engine': args.engine,
-        'arch': args.arch,
-        'memory': args.memory,
-        'cpus': args.cpus,
-        'bootdev': args.bootdev,
-        'network': args.network,
-        'nicdriver': args.libvirt_nic_driver,
-        'emulator': args.emulator,
-    }
-
-    if args.emulator:
-        params['emulator'] = args.emulator
-    else:
-        if os.path.exists("/usr/bin/kvm"):  # Debian
-            params['emulator'] = "/usr/bin/kvm"
-        elif os.path.exists("/usr/bin/qemu-kvm"):  # Redhat
-            params['emulator'] = "/usr/bin/qemu-kvm"
-
-    if args.console_log:
-        params['bios_serial'] = ""
-        params['console_log'] = CONSOLE_LOG % {'console_log': args.console_log}
-    else:
-        params['bios_serial'] = ''
-        params['console_log'] = ''
-    libvirt_template = source_template % params
-    conn = libvirt.open("qemu:///system")
-
-    a = conn.defineXML(libvirt_template)
-    print ("Created machine %s with UUID %s" % (args.name, a.UUIDString()))
-
-if __name__ == '__main__':
-    main()
diff --git a/tools/ironic/scripts/create-node b/tools/ironic/scripts/create-node
deleted file mode 100755
index b018acddc9..0000000000
--- a/tools/ironic/scripts/create-node
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/env bash
-
-# **create-nodes**
-
-# Creates baremetal poseur nodes for ironic testing purposes
-
-set -ex
-
-# Keep track of the DevStack directory
-TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
-
-NAME=$1
-CPU=$2
-MEM=$(( 1024 * $3 ))
-# Extra G to allow fuzz for partition table : flavor size and registered size
-# need to be different to actual size.
-DISK=$(( $4 + 1))
-
-case $5 in
-    i386) ARCH='i686' ;;
-    amd64) ARCH='x86_64' ;;
-    *) echo "Unsupported arch $4!" ; exit 1 ;;
-esac
-
-BRIDGE=$6
-EMULATOR=$7
-LOGDIR=$8
-
-LIBVIRT_NIC_DRIVER=${LIBVIRT_NIC_DRIVER:-"e1000"}
-LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"}
-LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"}
-
-export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI
-
-if ! virsh pool-list --all | grep -q $LIBVIRT_STORAGE_POOL; then
-    virsh pool-define-as --name $LIBVIRT_STORAGE_POOL dir --target /var/lib/libvirt/images >&2
-    virsh pool-autostart $LIBVIRT_STORAGE_POOL >&2
-    virsh pool-start $LIBVIRT_STORAGE_POOL >&2
-fi
-
-pool_state=$(virsh pool-info $LIBVIRT_STORAGE_POOL | grep State | awk '{ print $2 }')
-if [ "$pool_state" != "running" ] ; then
-  [ ! -d /var/lib/libvirt/images ] && sudo mkdir /var/lib/libvirt/images
-  virsh pool-start $LIBVIRT_STORAGE_POOL >&2
-fi
-
-if [ -n "$LOGDIR" ] ; then
-  mkdir -p "$LOGDIR"
-fi
-
-PREALLOC=
-if [ -f /etc/debian_version ]; then
-    PREALLOC="--prealloc-metadata"
-fi
-
-if [ -n "$LOGDIR" ] ; then
-  VM_LOGGING="--console-log $LOGDIR/${NAME}_console.log"
-else
-  VM_LOGGING=""
-fi
-VOL_NAME="${NAME}.qcow2"
-
-if ! virsh list --all | grep -q $NAME; then
-  virsh vol-list --pool $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME &&
-      virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL >&2
-  virsh vol-create-as $LIBVIRT_STORAGE_POOL ${VOL_NAME} ${DISK}G --format qcow2 $PREALLOC >&2
-  volume_path=$(virsh vol-path --pool $LIBVIRT_STORAGE_POOL $VOL_NAME)
-  # Pre-touch the VM to set +C, as it can only be set on empty files.
-  sudo touch "$volume_path"
-  sudo chattr +C "$volume_path" || true
-  $TOP_DIR/scripts/configure-vm \
-    --bootdev network --name $NAME --image "$volume_path" \
-    --arch $ARCH --cpus $CPU --memory $MEM --libvirt-nic-driver $LIBVIRT_NIC_DRIVER \
-    --emulator $EMULATOR --network $BRIDGE $VM_LOGGING >&2
-
-fi
-
-# echo mac
-virsh dumpxml $NAME | grep "mac address" | head -1 | cut -d\' -f2
diff --git a/tools/ironic/scripts/setup-network b/tools/ironic/scripts/setup-network
deleted file mode 100755
index 83308ed416..0000000000
--- a/tools/ironic/scripts/setup-network
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-# **setup-network**
-
-# Setups openvswitch libvirt network suitable for
-# running baremetal poseur nodes for ironic testing purposes
-
-set -exu
-
-LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"}
-
-# Keep track of the DevStack directory
-TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
-BRIDGE_SUFFIX=${1:-''}
-BRIDGE_NAME=brbm$BRIDGE_SUFFIX
-
-export VIRSH_DEFAULT_CONNECT_URI="$LIBVIRT_CONNECT_URI"
-
-# Only add bridge if missing
-(sudo ovs-vsctl list-br | grep ${BRIDGE_NAME}$) || sudo ovs-vsctl add-br ${BRIDGE_NAME}
-
-# Remove bridge before replacing it.
-(virsh net-list | grep "${BRIDGE_NAME} ") && virsh net-destroy ${BRIDGE_NAME}
-(virsh net-list --inactive  | grep "${BRIDGE_NAME} ") && virsh net-undefine ${BRIDGE_NAME}
-
-virsh net-define <(sed s/brbm/$BRIDGE_NAME/ $TOP_DIR/templates/brbm.xml)
-virsh net-autostart ${BRIDGE_NAME}
-virsh net-start ${BRIDGE_NAME}
diff --git a/tools/ironic/templates/brbm.xml b/tools/ironic/templates/brbm.xml
deleted file mode 100644
index 0769d3f1d0..0000000000
--- a/tools/ironic/templates/brbm.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-  brbm
-  
-  
-  
-
diff --git a/tools/ironic/templates/tftpd-xinetd.template b/tools/ironic/templates/tftpd-xinetd.template
deleted file mode 100644
index 5f3d03f3bb..0000000000
--- a/tools/ironic/templates/tftpd-xinetd.template
+++ /dev/null
@@ -1,14 +0,0 @@
-service tftp
-{
-  protocol        = udp
-  port            = 69
-  socket_type     = dgram
-  wait            = yes
-  user            = root
-  server          = /usr/sbin/in.tftpd
-  server_args     = -v -v -v -v -v --map-file %TFTPBOOT_DIR%/map-file %TFTPBOOT_DIR%
-  disable         = no
-  # This is a workaround for Fedora, where TFTP will listen only on
-  # IPv6 endpoint, if IPv4 flag is not used.
-  flags           = IPv4
-}
diff --git a/tools/ironic/templates/vm.xml b/tools/ironic/templates/vm.xml
deleted file mode 100644
index ae7d685256..0000000000
--- a/tools/ironic/templates/vm.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-
-  %(name)s
-  %(memory)s
-  %(cpus)s
-  
-    hvm
-    
-    
-    %(bios_serial)s
-  
-  
-    
-    
-    
-  
-  
-  destroy
-  restart
-  restart
-  
-    %(emulator)s
-    
-      
-      
-      
-      
        
-    
-    
-      
        
-    
-    
-      
-      
-      
-      
        
-    
-    
-    
-