Update part of cookbooks from OpenDeployment

Change-Id: I884d2157241150a5b1ec4e44f979908762467671

chef/cookbooks/openstack-compute/attributes/default.rb

@@ -217,6 +217,8 @@ default['openstack']['compute']['libvirt']['images_rbd_ceph_conf'] = '/etc/ceph/
 default['openstack']['compute']['libvirt']['volume_backend'] = nil
 default['openstack']['compute']['libvirt']['rbd']['rbd_secret_name'] = 'rbd_secret_uuid'
 default['openstack']['compute']['libvirt']['rbd']['rbd_user'] = 'cinder'
+default['openstack']['compute']['libvirt']['host_uuid'] = nil
+
 default['openstack']['compute']['config']['availability_zone'] = 'nova'
 default['openstack']['compute']['config']['storage_availability_zone'] = 'nova'
 default['openstack']['compute']['config']['default_schedule_zone'] = 'nova'
@@ -340,7 +342,7 @@ when 'fedora', 'rhel', 'suse' # :pragma-foodcritic: ~FC024 - won't fix this
     'compute_vncproxy_service' => 'openstack-nova-novncproxy',
     'compute_vncproxy_consoleauth_packages' => ['openstack-nova-console'],
     'compute_vncproxy_consoleauth_service' => 'openstack-nova-consoleauth',
-    'libvirt_packages' => ['libvirt'],
+    'libvirt_packages' => ['libvirt', 'dmidecode'],
     'libvirt_service' => 'libvirtd',
     'libvirt_ceph_packages' => ['ceph-common'],
     'dbus_service' => 'messagebus',
@@ -393,7 +395,7 @@ when 'debian'
     'compute_vncproxy_service' => 'nova-novncproxy',
     'compute_vncproxy_consoleauth_packages' => ['nova-consoleauth'],
     'compute_vncproxy_consoleauth_service' => 'nova-consoleauth',
-    'libvirt_packages' => ['libvirt-bin'],
+    'libvirt_packages' => ['libvirt-bin', 'dmidecode'],
     'libvirt_service' => 'libvirt-bin',
     'libvirt_ceph_packages' => ['ceph-common'],
     'dbus_service' => 'dbus',

chef/cookbooks/openstack-compute/recipes/libvirt.rb

@@ -178,6 +178,26 @@ execute 'Deleting default libvirt network' do
   only_if 'virsh net-list | grep -q default'
 end
 
+# use bios system-uuid as host uuid
+ruby_block "set_libvirt_host_uuid" do
+  block do
+    # use bios system-uuid as host uuid
+    if node['openstack']['compute']['libvirt']['host_uuid'].nil?
+      cmd = Mixlib::ShellOut.new('dmidecode -s system-uuid').run_command
+
+      system_uuid = cmd.stdout.strip
+
+      invalid_uuid = ["00000000-0000-0000-0000-000000000000", \
+                    "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF"]
+      if system_uuid.length.eql?(36) and \
+        !invalid_uuid.include?(system_uuid.upcase)
+        node.set['openstack']['compute']['libvirt']['host_uuid'] = system_uuid
+      end
+    end
+  end
+  action :run
+end
+
 # TODO(breu): this section needs to be rewritten to support key privisioning
 template '/etc/libvirt/libvirtd.conf' do
   source 'libvirtd.conf.erb'

chef/cookbooks/openstack-identity/libraries/default.rb

@@ -0,0 +1,38 @@
+# encoding: UTF-8
+# #
+# # Cookbook Name:: openstack-identity
+# # libraries::master_election
+# #
+# # Author: sam.su@huawei.com
+# #
+# # Licensed under the Apache License, Version 2.0 (the 'License');
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# #     http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an 'AS IS' BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+# #
+#
+def node_election(role, tag, chef_environment = nil)
+  chef_environment = chef_environment || node.chef_environment
+  master = search(:node, "run_list:role\\[#{role}\\] AND \
+                  chef_environment:#{chef_environment} AND \
+                  tags:#{tag}") || []
+  if master.empty?
+    nodes = search(:node, "run_list:role\\[#{role}\\] AND \
+                   chef_environment:#{chef_environment}") || []
+    nodes = nodes.sort_by { |node| node.name } unless nodes.empty?
+    if node.name.eql?(nodes.first.name)
+      node.tags << tag unless node.tags.include?(tag)
+      node.save
+    end
+    return nodes.first
+  else
+    return master.first
+  end
+end

chef/cookbooks/openstack-identity/recipes/server.rb

@@ -107,12 +107,41 @@ if node['openstack']['auth']['strategy'] == 'pki'
   end
 
   if certfile_url.nil? || keyfile_url.nil? || ca_certs_url.nil?
-    execute 'keystone-manage pki_setup' do
+    keygen_node = node_election('os-identity', 'keystone_keygen')
-      user  node['openstack']['identity']['user']
+    if keygen_node.nil?
-      group node['openstack']['identity']['group']
+      keygen_node = node
-
-      not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] }
     end
+    if node.name.eql?(keygen_node.name)
+      execute 'keystone-manage pki_setup' do
+        user  node['openstack']['identity']['user']
+        group node['openstack']['identity']['group']
+        not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] }
+      end
+      %w{certfile keyfile ca_certs}.each do |name|
+        ruby_block "read #{name}" do
+          block do
+            file = node['openstack']['identity']['signing']["#{name}"]
+            if File.exists?(file) and !node['openstack']['identity']['signing'].attribute?("#{name}_data")
+              node.set['openstack']['identity']['signing']["#{name}_data"] = File.read(file)
+              node.save
+            end
+          end
+        end
+      end
+
+    else
+      if keygen_node['openstack']['identity']['signing'].attribute?("#{name}_data")
+        %w{certfile keyfile ca_certs}.each do |name|
+          file node['openstack']['identity']['signing']["#{name}"] do
+            content keygen_node['openstack']['identity']['signing']["#{name}_data"]
+            owner   node['openstack']['identity']['user']
+            group   node['openstack']['identity']['group']
+            mode    00640
+          end
+        end
+      end
+    end
+
   else
     remote_file node['openstack']['identity']['signing']['certfile'] do
       source certfile_url
@@ -163,7 +192,12 @@ bind_address = bind_endpoint.host
 # If the search role is set, we search for memcache
 # servers via a Chef search. If not, we look at the
 # memcache.servers attribute.
-memcache_servers = memcached_servers.join ','  # from openstack-common lib
+if node['openstack']['identity']['token']['backend'].eql?('memcache')
+  memcache_servers = memcached_servers('os-ops-caching').join ','  # from openstack-common lib
+  # number of seconds to wait before sockets timeout when the memcached server is down
+  # the default number is 3, here is going to set it as 0.1
+  `sed -i "s/_SOCKET_TIMEOUT = 3/_SOCKET_TIMEOUT = 0.1/g" /usr/lib/python[0-9].[0-9]/site-packages/memcache.py`
+end
 
 # These configuration endpoints must not have the path (v2.0, etc)
 # added to them, as these values are used in returning the version