Merge "Optimize kitchen tests for Travis CI"
diff --git a/README.rst b/README.rst
index 02da35d..415c31f 100644
--- a/README.rst
+++ b/README.rst
@@ -127,58 +127,64 @@
virtual_host: '/openstack'
....
-Client-side RabbitMQ TLS configuration:
----------------------------------------
+Configuring TLS communications
+------------------------------
-To enable TLS for oslo.messaging you need to provide the CA certificate.
-By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
+**Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``.
+
+
+- **RabbitMQ TLS**
.. code-block:: yaml
- glance:
- server:
- ....
+ glance:
+ server:
message_queue:
+ port: 5671
ssl:
enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
+ (optional) version: TLSv1_2
-
-Use `cacert_file` option to specify the CA-cert file path explicitly:
+- **MySQL TLS**
.. code-block:: yaml
- glance:
- server:
- ....
- message_queue:
+ glance:
+ server:
+ database:
ssl:
enabled: True
- cacert_file: /etc/ssl/rabbitmq-ca.pem
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/mysql-ca.pem
-To manage content of the `cacert_file` use the `cacert` option:
+- **Openstack HTTPS API**
+
+
+Set the ``https`` as protocol at ``glance:server`` sections:
.. code-block:: yaml
- glance:
- server:
- ....
- message_queue:
- ssl:
- enabled: True
- cacert: |
+ glance:
+ server:
+ identity:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ registry:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ storage:
+ engine: cinder, swift
+ cinder:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
+ swift:
+ store:
+ (optional) cafile: /etc/openstack/proxy.pem
- -----BEGIN CERTIFICATE-----
- ...
- -----END CERTIFICATE-------
-
- cacert_file: /etc/openstack/rabbitmq-ca.pem
-
-
-Notice:
- * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
- * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
Enable Glance Image Cache:
diff --git a/glance/files/mitaka/glance-api.conf.Debian b/glance/files/mitaka/glance-api.conf.Debian
index 50ebbdd..940b683 100644
--- a/glance/files/mitaka/glance-api.conf.Debian
+++ b/glance/files/mitaka/glance-api.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
{% set storage_engines = server.storage.engine.split(',') %}
[DEFAULT]
@@ -688,7 +688,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave
# database. (string value)
@@ -1630,11 +1630,8 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
+
{%- endif %}
rabbit_userid = {{ server.message_queue.user }}
diff --git a/glance/files/mitaka/glance-registry.conf.Debian b/glance/files/mitaka/glance-registry.conf.Debian
index 3a2e8fb..9c25d94 100644
--- a/glance/files/mitaka/glance-registry.conf.Debian
+++ b/glance/files/mitaka/glance-registry.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
[DEFAULT]
#
@@ -391,7 +391,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave
# database. (string value)
@@ -1172,11 +1172,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
#
diff --git a/glance/files/newton/glance-api.conf.Debian b/glance/files/newton/glance-api.conf.Debian
index 881a62f..8e906f3 100644
--- a/glance/files/newton/glance-api.conf.Debian
+++ b/glance/files/newton/glance-api.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
{% set storage_engines = server.storage.engine.split(',') %}
[DEFAULT]
@@ -1810,7 +1810,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave database.
@@ -3749,11 +3749,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
diff --git a/glance/files/newton/glance-glare.conf.Debian b/glance/files/newton/glance-glare.conf.Debian
index 0076336..fa9bf02 100644
--- a/glance/files/newton/glance-glare.conf.Debian
+++ b/glance/files/newton/glance-glare.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
{% set storage_engines = server.storage.engine.split(',') %}
[DEFAULT]
@@ -567,7 +567,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8&read_timeout=60{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8&read_timeout=60{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave database.
diff --git a/glance/files/newton/glance-registry.conf.Debian b/glance/files/newton/glance-registry.conf.Debian
index 7615b05..29cad6a 100644
--- a/glance/files/newton/glance-registry.conf.Debian
+++ b/glance/files/newton/glance-registry.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
[DEFAULT]
#
@@ -1058,7 +1058,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave database.
@@ -1578,11 +1578,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/glance/files/ocata/glance-api.conf.Debian b/glance/files/ocata/glance-api.conf.Debian
index c2533c3..a2ad833 100644
--- a/glance/files/ocata/glance-api.conf.Debian
+++ b/glance/files/ocata/glance-api.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
{% set storage_engines = server.storage.engine.split(',') %}
[DEFAULT]
@@ -1247,7 +1247,7 @@
# (string value)
# Allowed values: http, https
#registry_client_protocol = http
-registry_client_protocol = http
+registry_client_protocol = {{ server.registry.get('protocol', 'http') }}
#
# Absolute path to the private key file.
@@ -1314,7 +1314,9 @@
# * registry_client_insecure
#
# (string value)
-#registry_client_ca_file = /etc/ssl/cafile/file.ca
+{%- if server.registry.get('protocol', 'http') == 'https' %}
+registry_client_ca_file = {{ server.registry.get('cacert_file', server.cacert_file) }}
+{%- endif %}
#
# Set verification of the registry server certificate.
@@ -1876,7 +1878,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
@@ -2098,6 +2100,8 @@
#
# (string value)
#cinder_catalog_info = volumev2::publicURL
+
+
cinder_catalog_info = volumev2::{{ server.identity.get('endpoint_type', 'publicURL') }}
#
@@ -2162,7 +2166,10 @@
# * cinder_api_insecure
#
# (string value)
-#cinder_ca_certificates_file = <None>
+
+{%- if 'cinder' in storage_engines and server.storage.cinder.get('protocol', 'http') == 'https' %}
+cinder_ca_certificates_file = {{ server.storage.cinder.get('cacert_file', server.cacert_file) }}
+{%- endif %}
#
# Number of cinderclient retries on failed http calls.
@@ -3394,8 +3401,12 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
token_cache_time = -1
{%- if server.cache is defined %}
@@ -3814,11 +3825,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/glance/files/ocata/glance-glare.conf.Debian b/glance/files/ocata/glance-glare.conf.Debian
index e688edf..c9e79d6 100644
--- a/glance/files/ocata/glance-glare.conf.Debian
+++ b/glance/files/ocata/glance-glare.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
{% set storage_engines = server.storage.engine.split(',') %}
[DEFAULT]
@@ -567,7 +567,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8&read_timeout=60{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8&read_timeout=60{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
@@ -858,7 +858,10 @@
# * cinder_api_insecure
#
# (string value)
-#cinder_ca_certificates_file = <None>
+
+{%- if 'cinder' in storage_engines and server.storage.cinder.get('protocol', 'http') == 'https' %}
+cinder_ca_certificates_file = {{ server.storage.cinder.get('cacert_file', server.cacert_file) }}
+{%- endif %}
#
# Number of cinderclient retries on failed http calls.
@@ -2052,8 +2055,11 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
token_cache_time = -1
{%- if server.cache is defined %}
diff --git a/glance/files/ocata/glance-registry.conf.Debian b/glance/files/ocata/glance-registry.conf.Debian
index f62a7e3..d5b34e4 100644
--- a/glance/files/ocata/glance-registry.conf.Debian
+++ b/glance/files/ocata/glance-registry.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
[DEFAULT]
#
@@ -1058,7 +1058,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
#connection = <None>
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
# The SQLAlchemy connection string to use to connect to the slave database.
# (string value)
@@ -1181,8 +1181,11 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
{%- if server.cache is defined %}
memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
@@ -1577,11 +1580,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/glance/map.jinja b/glance/map.jinja
index 5563fe4..e9a3f3d 100644
--- a/glance/map.jinja
+++ b/glance/map.jinja
@@ -1,9 +1,12 @@
-{%- set system_cacerts_file = salt['grains.filter_by']({
- 'Debian': '/etc/ssl/certs/ca-certificates.crt',
- 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
-})%}
+{%- set default_params = {
+ 'cacert_file': salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+ })}
+%}
{% set server = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['glance', 'glance-api', 'glance-registry', 'glance-common', 'python-glance', 'python-glance-store', 'python-glanceclient', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['glance-api', 'glance-registry'],
@@ -26,7 +29,7 @@
'glance_uid': 302,
'glance_gid': 302
},
-}, merge=pillar.glance.get('server', {})) %}
+}, merge=pillar.glance.get('server', {}), base='BaseDefaults') %}
{% set client = salt['grains.filter_by']({
'Debian': {
diff --git a/glance/server.sls b/glance/server.sls
index a8de0e1..9812e27 100644
--- a/glance/server.sls
+++ b/glance/server.sls
@@ -1,4 +1,4 @@
-{%- from "glance/map.jinja" import server, system_cacerts_file with context %}
+{%- from "glance/map.jinja" import server with context %}
{%- if server.enabled %}
glance_packages:
@@ -98,10 +98,10 @@
- watch:
- file: /etc/glance/glance-glare.conf
{%- if server.message_queue.get('ssl',{}).get('enabled',False) %}
- - file: rabbitmq_ca
+ - file: rabbitmq_ca_glance_server
{% endif %}
{%- if server.database.get('ssl',{}).get('enabled',False) %}
- - file: mysql_ca
+ - file: mysql_ca_glance_server
{% endif %}
{%- endif %}
@@ -129,10 +129,10 @@
- file: /etc/glance/glance-registry.conf
- file: /etc/glance/glance-api-paste.ini
{%- if server.message_queue.get('ssl',{}).get('enabled',False) %}
- - file: rabbitmq_ca
+ - file: rabbitmq_ca_glance_server
{% endif %}
{%- if server.database.get('ssl',{}).get('enabled',False) %}
- - file: mysql_ca
+ - file: mysql_ca_glance_server
{% endif %}
glance_install_database:
@@ -181,6 +181,14 @@
{%- endif %}
+/srv/glance:
+ file.directory:
+ - mode: 755
+ - user: glance
+ - group: glance
+ - require:
+ - pkg: glance_packages
+
/var/lib/glance/images:
file.directory:
- mode: 755
@@ -201,7 +209,7 @@
glance_install_{{ image.name }}:
cmd.wait:
- - name: source /root/keystonerc; glance image-create --name '{{ image.name }}' --is-public {{ image.public }} --container-format bare --disk-format {{ image.format }} < {{ image.file }}
+ - name: source /root/keystonerc; glance image-create --name '{{ image.name }}' {% if image.visibility is defined %}--visibility {{ image.visibility }}{% else %}--is-public {{ image.public }}{% endif %} --container-format bare --disk-format {{ image.format }} < {{ image.file }}
- cwd: /srv/glance
- require:
- service: glance_services
@@ -222,7 +230,7 @@
glance_install_image_{{ image_name }}:
cmd.run:
- - name: source /root/keystonerc; glance image-create --name '{{ image_name }}' --is-public {{ image.public }} --container-format bare --disk-format {{ image.format }} < /srv/glance/{{ image.file }}
+ - name: source /root/keystonerc; glance image-create --name '{{ image_name }}' {% if image.visibility is defined %}--visibility {{ image.visibility }}{% else %}--is-public {{ image.public }}{% endif %} --container-format bare --disk-format {{ image.format }} < /srv/glance/{{ image.file }}
- require:
- service: glance_services
- cmd: glance_download_{{ image_name }}
@@ -271,7 +279,7 @@
{%- endfor %}
{%- if server.message_queue.get('ssl',{}).get('enabled', False) %}
-rabbitmq_ca:
+rabbitmq_ca_glance_server:
{%- if server.message_queue.ssl.cacert is defined %}
file.managed:
- name: {{ server.message_queue.ssl.cacert_file }}
@@ -280,12 +288,12 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ server.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{% endif %}
{% endif %}
{%- if server.database.get('ssl',{}).get('enabled',False) %}
-mysql_ca:
+mysql_ca_glance_server:
{%- if server.database.ssl.cacert is defined %}
file.managed:
- name: {{ server.database.ssl.cacert_file }}
@@ -294,7 +302,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ server.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ server.database.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
{%- endif %}
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index a4cac88..db89554 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -113,7 +113,7 @@
}
salt_run() {
- [ -e ${VEN_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
+ [ -e ${VENV_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
salt-call ${SALT_OPTS} $*
}