[openstack-tripleo-image-elements/f21] Revert "Updated patches from master-patches"
slagle
slagle at fedoraproject.org
Fri Oct 3 11:59:59 UTC 2014
commit 9cea0e6460e80b41c15e49baabea5c14aa65d658
Author: James Slagle <jslagle at redhat.com>
Date: Fri Oct 3 07:59:03 2014 -0400
Revert "Updated patches from master-patches"
This reverts commit 79c46f69443f8bdaef20a9a5df767e97c6bfdc5b.
0001-Remove-mostly-empty-directories.patch | 45 +++
0002-Fix-tgt-target-in-cinder-element.patch | 29 ++
0003-Fix-horizon-local_settings.py.patch | 132 +++++++++
0004-No-neutron-db-manage-upgrade-head.patch | 18 ++
...nd-use-libvirtd-group-for-package-install.patch | 28 ++
0006-Remove-swift-container-sync-service.patch | 46 +++
...-out-tgt-specific-parts-of-cinder-element.patch | 129 +++++++++
...onf-patch.patch => 0008-Cinder-conf-patch.patch | 2 +-
0009-Update-keystone-s-selinux-policies.patch | 58 ++++
0010-Update-neutron-s-selinux-policies.patch | 64 +++++
0011-Update-glance-s-selinux-policies.patch | 58 ++++
0012-Update-nova-s-selinux-policies.patch | 41 +++
0013-Update-swift-s-selinux-policies.patch | 60 ++++
...Allow-install-mariadb-from-RDO-repository.patch | 299 ++++++++++++++++++++
0015-Make-innodb-pool-size-configurable.patch | 36 +++
0016-Fix-var-lib-mysql-selinux-labeling.patch | 24 ++
0017-Fix-rabbitmq-server-selinux-labeling.patch | 45 +++
0018-Ability-to-change-default-swift-ports.patch | 102 +++++++
0019-Move-rabbitmq-server-cluster-port.patch | 107 +++++++
openstack-tripleo-image-elements.spec | 38 +++-
20 files changed, 1359 insertions(+), 2 deletions(-)
---
diff --git a/0001-Remove-mostly-empty-directories.patch b/0001-Remove-mostly-empty-directories.patch
new file mode 100644
index 0000000..b62f3af
--- /dev/null
+++ b/0001-Remove-mostly-empty-directories.patch
@@ -0,0 +1,45 @@
+From d91ae26f3a3f24853d78cf47180c3df3fd8dde7c Mon Sep 17 00:00:00 2001
+From: James Slagle <jslagle at redhat.com>
+Date: Tue, 18 Mar 2014 17:11:57 -0400
+Subject: [PATCH] Remove mostly empty directories
+
+The os-apply-config and os-config-applier directories are empty other
+than 1 hidden file in each. This appears to be the case just so that
+they will exist when the rsync commands run to install the templates
+into the image. It's possible the directories won't exist otherwise if
+no elements provided any templates.
+
+Instead of using empty directories and hidden files to force them to
+exist in git, just check for the existence of each directory before
+running the rsync commands.
+
+Change-Id: I0f286a28601c292b5f70258747def36a08d93a87
+---
+ elements/os-apply-config/install.d/99-install-config-templates | 6 ++++--
+ elements/os-apply-config/os-apply-config/.os-config-applier | 0
+ elements/os-apply-config/os-config-applier/.os-config-applier | 0
+ 3 files changed, 4 insertions(+), 2 deletions(-)
+ delete mode 100644 elements/os-apply-config/os-apply-config/.os-config-applier
+ delete mode 100644 elements/os-apply-config/os-config-applier/.os-config-applier
+
+diff --git a/elements/os-apply-config/install.d/99-install-config-templates b/elements/os-apply-config/install.d/99-install-config-templates
+index dd7ab07..2ed5a08 100755
+--- a/elements/os-apply-config/install.d/99-install-config-templates
++++ b/elements/os-apply-config/install.d/99-install-config-templates
+@@ -6,6 +6,8 @@
+ set -eux
+ TEMPLATE_ROOT=$(os-apply-config --print-templates)
+ TEMPLATE_SOURCE=$(dirname $0)/../os-config-applier
+-rsync --exclude='.*.swp' -Cr $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/
++mkdir -p $TEMPLATE_ROOT
++
++[ -d $TEMPLATE_SOURCE ] && rsync --exclude='.*.swp' -Cr $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/
+ TEMPLATE_SOURCE=$(dirname $0)/../os-apply-config
+-rsync --exclude='.*.swp' -Cr $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/
++[ -d $TEMPLATE_SOURCE ] && rsync --exclude='.*.swp' -Cr $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/
+diff --git a/elements/os-apply-config/os-apply-config/.os-config-applier b/elements/os-apply-config/os-apply-config/.os-config-applier
+deleted file mode 100644
+index e69de29..0000000
+diff --git a/elements/os-apply-config/os-config-applier/.os-config-applier b/elements/os-apply-config/os-config-applier/.os-config-applier
+deleted file mode 100644
+index e69de29..0000000
diff --git a/0002-Fix-tgt-target-in-cinder-element.patch b/0002-Fix-tgt-target-in-cinder-element.patch
new file mode 100644
index 0000000..d574243
--- /dev/null
+++ b/0002-Fix-tgt-target-in-cinder-element.patch
@@ -0,0 +1,29 @@
+From c3cef88920a61aca203a4dff2b5ef1ab3ba07ac8 Mon Sep 17 00:00:00 2001
+From: Ryan Brady <rbrady at redhat.com>
+Date: Thu, 20 Mar 2014 09:04:33 -0400
+Subject: [PATCH] Fix tgt target in cinder element
+
+The package install version creates a file at /etc/tgt/conf.d/cinder.conf
+and the cinder element has been adding an additional file. This would have
+the effect of the source install working properly, but the package install
+would end up creating volumes in /etc/cinder/volume instead of /mnt/state.
+
+This patch changes the tgt target to be written to the existing file to
+bring both the source and package installs to behave the same.
+
+Change-Id: Ieeaa9518d6ed50595fbd70f1bbf0a17e3b5b1894
+---
+ elements/cinder/install.d/73-cinder | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/elements/cinder/install.d/73-cinder b/elements/cinder/install.d/73-cinder
+index 3d0260b..1c35977 100755
+--- a/elements/cinder/install.d/73-cinder
++++ b/elements/cinder/install.d/73-cinder
+@@ -6,5 +6,4 @@ mkdir -p /etc/tgt/conf.d
+ install -d -o root -g cinder -m 0770 /var/lib/cinder/volumes
+ install -d -o root -g cinder -m 0770 /var/lib/cinder/nfs
+ register-state-path /var/lib/cinder
+-echo 'include /etc/tgt/conf.d/cinder_tgt.conf' > /etc/tgt/targets.conf
+-echo 'include /mnt/state/var/lib/cinder/volumes/*' > /etc/tgt/conf.d/cinder_tgt.conf
++echo 'include /mnt/state/var/lib/cinder/volumes/*' > /etc/tgt/conf.d/cinder.conf
diff --git a/0003-Fix-horizon-local_settings.py.patch b/0003-Fix-horizon-local_settings.py.patch
new file mode 100644
index 0000000..5f9cac9
--- /dev/null
+++ b/0003-Fix-horizon-local_settings.py.patch
@@ -0,0 +1,132 @@
+From 02f8a96df9a1aa704f87c6e94d9e11236ba4ab65 Mon Sep 17 00:00:00 2001
+From: James Slagle <jslagle at redhat.com>
+Date: Wed, 3 Sep 2014 13:17:39 -0400
+Subject: [PATCH] Fix horizon local_settings.py
+
+---
+ .../os-apply-config/etc/horizon/.secret_key_store | 1 -
+ .../os-apply-config/etc/horizon/local_settings.py | 85 ----------------------
+ .../os-refresh-config/post-configure.d/100-horizon | 12 +--
+ 3 files changed, 2 insertions(+), 96 deletions(-)
+ delete mode 100644 elements/horizon/os-apply-config/etc/horizon/.secret_key_store
+ delete mode 100644 elements/horizon/os-apply-config/etc/horizon/local_settings.py
+
+diff --git a/elements/horizon/os-apply-config/etc/horizon/.secret_key_store b/elements/horizon/os-apply-config/etc/horizon/.secret_key_store
+deleted file mode 100644
+index 21fdd1a..0000000
+--- a/elements/horizon/os-apply-config/etc/horizon/.secret_key_store
++++ /dev/null
+@@ -1 +0,0 @@
+-{{horizon.secret_key}}
+diff --git a/elements/horizon/os-apply-config/etc/horizon/local_settings.py b/elements/horizon/os-apply-config/etc/horizon/local_settings.py
+deleted file mode 100644
+index 7d9b4ad..0000000
+--- a/elements/horizon/os-apply-config/etc/horizon/local_settings.py
++++ /dev/null
+@@ -1,85 +0,0 @@
+-# Licensed under the Apache License, Version 2.0 (the "License");
+-# you may not use this file except in compliance with the License.
+-# You may obtain a copy of the License at
+-#
+-# http://www.apache.org/licenses/LICENSE-2.0
+-#
+-# Unless required by applicable law or agreed to in writing, software
+-# distributed under the License is distributed on an "AS IS" BASIS,
+-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+-# implied.
+-# See the License for the specific language governing permissions and
+-# limitations under the License.
+-
+-import os
+-
+-from openstack_dashboard import exceptions
+-
+-DEBUG = False
+-TEMPLATE_DEBUG = DEBUG
+-COMPRESS_OFFLINE = True
+-
+-ROOT_PATH = os.path.dirname(os.path.abspath(__file__))
+-STATIC_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'static'))
+-
+-ALLOWED_HOSTS = ['*']
+-
+-with open('/etc/horizon/.secret_key_store', 'r') as f:
+- SECRET_KEY = f.read()
+-
+-HORIZON_CONFIG = {
+- 'dashboards': ('project', 'admin', 'settings',),
+- 'default_dashboard': 'project',
+- 'user_home': 'openstack_dashboard.views.get_user_home',
+- 'ajax_queue_limit': 10,
+- 'auto_fade_alerts': {
+- 'delay': 3000,
+- 'fade_duration': 1500,
+- 'types': ['alert-success', 'alert-info']
+- },
+- 'help_url': "http://docs.openstack.org",
+- 'exceptions': {'recoverable': exceptions.RECOVERABLE,
+- 'not_found': exceptions.NOT_FOUND,
+- 'unauthorized': exceptions.UNAUTHORIZED},
+-}
+-
+-
+-CACHES = {
+- 'default': {
+- 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'
+- }
+-}
+-
+-# Send email to the console by default
+-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+-
+-OPENSTACK_HOST = "{{keystone.host}}"
+-OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
+-OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
+-
+-OPENSTACK_KEYSTONE_BACKEND = {
+- 'name': 'native',
+- 'can_edit_user': True,
+- 'can_edit_group': True,
+- 'can_edit_project': True,
+- 'can_edit_domain': True,
+- 'can_edit_role': True
+-}
+-
+-OPENSTACK_HYPERVISOR_FEATURES = {
+- 'can_set_mount_point': True,
+-
+- # NOTE: as of Grizzly this is not yet supported in Nova so enabling this
+- # setting will not do anything useful
+- 'can_encrypt_volumes': False
+-}
+-
+-OPENSTACK_QUANTUM_NETWORK = {
+- 'enable_lb': False
+-}
+-
+-
+-API_RESULT_LIMIT = 1000
+-API_RESULT_PAGE_SIZE = 20
+-
+-TIME_ZONE = "UTC"
+diff --git a/elements/horizon/os-refresh-config/post-configure.d/100-horizon b/elements/horizon/os-refresh-config/post-configure.d/100-horizon
+index b0f2499..1f3de6b 100755
+--- a/elements/horizon/os-refresh-config/post-configure.d/100-horizon
++++ b/elements/horizon/os-refresh-config/post-configure.d/100-horizon
+@@ -1,14 +1,6 @@
+ #!/bin/bash
+ set -e
+
+-cp /etc/horizon/local_settings.py $HORIZON_VENV_DIR/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py
++sed -i "s/^ALLOWED_HOSTS.*/ALLOWED_HOSTS = [\"*\"]/" /etc/openstack-dashboard/local_settings
+
+-# TODO(shadower) workaround for:
+-# https://bugs.launchpad.net/os-apply-config/+bug/1246266
+-chmod 600 /etc/horizon/.secret_key_store
+-chown horizon:horizon /etc/horizon/.secret_key_store
+-
+-# Precompile the Horizon assets. Can't do it in install.d because it depends on
+-# the local_settings.py config file.
+-source $HORIZON_VENV_DIR/bin/activate
+-DJANGO_SETTINGS_MODULE=openstack_dashboard.settings django-admin.py compress
++os-svc-restart -n httpd
diff --git a/0004-No-neutron-db-manage-upgrade-head.patch b/0004-No-neutron-db-manage-upgrade-head.patch
new file mode 100644
index 0000000..c858f59
--- /dev/null
+++ b/0004-No-neutron-db-manage-upgrade-head.patch
@@ -0,0 +1,18 @@
+From 302338398b71b4450eacb65b9f750dea2eeb0251 Mon Sep 17 00:00:00 2001
+From: James Slagle <jslagle at redhat.com>
+Date: Wed, 3 Sep 2014 13:19:37 -0400
+Subject: [PATCH] No neutron db manage upgrade head
+
+---
+ elements/boot-stack/bin/reset-db | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/elements/boot-stack/bin/reset-db b/elements/boot-stack/bin/reset-db
+index 10c9ee5..0adc9df 100755
+--- a/elements/boot-stack/bin/reset-db
++++ b/elements/boot-stack/bin/reset-db
+@@ -63,4 +63,3 @@ os-db-create heat heat $db_pass
+ run_db_sync && heat-manage db_sync
+
+ os-db-create ovs_neutron neutron $db_pass
+-neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
diff --git a/0005-Create-and-use-libvirtd-group-for-package-install.patch b/0005-Create-and-use-libvirtd-group-for-package-install.patch
new file mode 100644
index 0000000..ac9a513
--- /dev/null
+++ b/0005-Create-and-use-libvirtd-group-for-package-install.patch
@@ -0,0 +1,28 @@
+From 50f3d8509dd276a5991f5ad52b09f0286c414248 Mon Sep 17 00:00:00 2001
+From: James Slagle <jslagle at redhat.com>
+Date: Mon, 24 Mar 2014 11:58:16 -0400
+Subject: [PATCH] Create and use libvirtd group for package install
+
+For the nova-kvm package install, we need to create the libvirtd group
+and add the nova user to the group. This is because the element now uses
+its own libvirtd.conf which is configured to use the libvirtd group.
+
+Change-Id: Ic345b76a17ff75b468da8a493c6bf856d730a586
+---
+ elements/nova-kvm/install.d/nova-package-install/80-nova-kvm | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/elements/nova-kvm/install.d/nova-package-install/80-nova-kvm b/elements/nova-kvm/install.d/nova-package-install/80-nova-kvm
+index c68b0e2..691e6d3 100755
+--- a/elements/nova-kvm/install.d/nova-package-install/80-nova-kvm
++++ b/elements/nova-kvm/install.d/nova-package-install/80-nova-kvm
+@@ -3,3 +3,9 @@
+ set -eux
+
+ install-packages openstack-nova-novncproxy
++
++if ! getent group libvirtd; then
++ groupadd libvirtd
++fi
++
++usermod -a -G libvirtd nova
diff --git a/0006-Remove-swift-container-sync-service.patch b/0006-Remove-swift-container-sync-service.patch
new file mode 100644
index 0000000..74811e3
--- /dev/null
+++ b/0006-Remove-swift-container-sync-service.patch
@@ -0,0 +1,46 @@
+From d4b020651d58bb7c732bc6888f3274aa364e7758 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Mon, 24 Mar 2014 14:58:06 -0700
+Subject: [PATCH] Remove swift container sync service
+
+It is not required and the service definition file is not provided
+in the Fedora openstack-swift-container package.
+
+Change-Id: Ie10152e054eb1e3ffe5ce9a3f910577207606fea
+---
+ .../swift-storage/os-config-applier/etc/swift/container-server.conf | 2 --
+ .../swift-storage/os-refresh-config/post-configure.d/74-swift-storage | 2 --
+ 2 files changed, 4 deletions(-)
+
+diff --git a/elements/swift-storage/os-config-applier/etc/swift/container-server.conf b/elements/swift-storage/os-config-applier/etc/swift/container-server.conf
+index 62b621c..f037635 100644
+--- a/elements/swift-storage/os-config-applier/etc/swift/container-server.conf
++++ b/elements/swift-storage/os-config-applier/etc/swift/container-server.conf
+@@ -22,7 +22,5 @@ recon_cache_path = /mnt/state/var/cache/swift
+ [container-replicator]
+ recon_cache_path = /mnt/state/var/cache/swift
+
+-[container-sync]
+-
+ [container-updater]
+ recon_cache_path = /mnt/state/var/cache/swift
+diff --git a/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage b/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage
+index 3f57936..b7bc617 100755
+--- a/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage
++++ b/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage
+@@ -10,7 +10,6 @@ os-svc-enable -n swift-account-replicator
+ os-svc-enable -n swift-container
+ os-svc-enable -n swift-container-auditor
+ os-svc-enable -n swift-container-replicator
+-os-svc-enable -n swift-container-sync
+ os-svc-enable -n swift-container-updater
+ os-svc-enable -n swift-object
+ os-svc-enable -n swift-object-auditor
+@@ -25,7 +24,6 @@ os-svc-restart -n swift-account-replicator
+ os-svc-restart -n swift-container
+ os-svc-restart -n swift-container-auditor
+ os-svc-restart -n swift-container-replicator
+-os-svc-restart -n swift-container-sync
+ os-svc-restart -n swift-container-updater
+ os-svc-restart -n swift-object
+ os-svc-restart -n swift-object-auditor
diff --git a/0007-Factor-out-tgt-specific-parts-of-cinder-element.patch b/0007-Factor-out-tgt-specific-parts-of-cinder-element.patch
new file mode 100644
index 0000000..c4b7477
--- /dev/null
+++ b/0007-Factor-out-tgt-specific-parts-of-cinder-element.patch
@@ -0,0 +1,129 @@
+From 7aae45e2df5512386f0353001ad6632c5cd0ba3c Mon Sep 17 00:00:00 2001
+From: Ben Nemec <bnemec at redhat.com>
+Date: Wed, 5 Mar 2014 15:51:40 -0600
+Subject: [PATCH] Factor out tgt-specific parts of cinder element
+
+RHEL is only going to support the lio iscsi helper, so the tgt
+parts of the element are not going to work there. A subsequent
+change will add a corresponding cinder-lio element to support that.
+
+When this merges, the corresponding change to tripleo-incubator in
+I1e33af0cb78fa9477bc5a0b9b89b06b907b81fae must merge as well to
+prevent breakage of devtest.
+
+Change-Id: Ic032204076adfa0d30b09423f2a46b587e07400d
+---
+ elements/cinder-tgt/README.md | 4 ++++
+ elements/cinder-tgt/element-deps | 1 +
+ elements/cinder-tgt/install.d/72-cinder-tgt | 8 ++++++++
+ .../cinder-tgt/os-refresh-config/post-configure.d/74-cinder-tgt | 5 +++++
+ .../os-refresh-config/post-configure.d/74-cinder-volume | 1 -
+ elements/cinder/README.md | 7 ++++++-
+ elements/cinder/install.d/73-cinder | 2 --
+ elements/cinder/install.d/cinder-source-install/72-cinder | 2 +-
+ 8 files changed, 25 insertions(+), 5 deletions(-)
+ create mode 100644 elements/cinder-tgt/element-deps
+ create mode 100755 elements/cinder-tgt/install.d/72-cinder-tgt
+ create mode 100644 elements/cinder-tgt/os-refresh-config/post-configure.d/74-cinder-tgt
+
+diff --git a/elements/cinder-tgt/README.md b/elements/cinder-tgt/README.md
+index e69de29..4724692 100644
+--- a/elements/cinder-tgt/README.md
++++ b/elements/cinder-tgt/README.md
+@@ -0,0 +1,4 @@
++Use tgtd as the iscsi helper for cinder.
++
++The cinder.iscsi-target configuration option must be set to "tgtadm". See the cinder
++element readme for details.
+\ No newline at end of file
+diff --git a/elements/cinder-tgt/element-deps b/elements/cinder-tgt/element-deps
+new file mode 100644
+index 0000000..522d8c9
+--- /dev/null
++++ b/elements/cinder-tgt/element-deps
+@@ -0,0 +1 @@
++cinder
+diff --git a/elements/cinder-tgt/install.d/72-cinder-tgt b/elements/cinder-tgt/install.d/72-cinder-tgt
+new file mode 100755
+index 0000000..e18fc9e
+--- /dev/null
++++ b/elements/cinder-tgt/install.d/72-cinder-tgt
+@@ -0,0 +1,8 @@
++#!/bin/bash
++
++set -eux
++
++install-packages tgt
++
++mkdir -p /etc/tgt/conf.d
++echo 'include /mnt/state/var/lib/cinder/volumes/*' > /etc/tgt/conf.d/cinder.conf
+diff --git a/elements/cinder-tgt/os-refresh-config/post-configure.d/74-cinder-tgt b/elements/cinder-tgt/os-refresh-config/post-configure.d/74-cinder-tgt
+new file mode 100644
+index 0000000..9541ac1
+--- /dev/null
++++ b/elements/cinder-tgt/os-refresh-config/post-configure.d/74-cinder-tgt
+@@ -0,0 +1,5 @@
++#!/bin/bash
++
++set -eu
++
++os-svc-restart -n tgt
+diff --git a/elements/cinder-volume/os-refresh-config/post-configure.d/74-cinder-volume b/elements/cinder-volume/os-refresh-config/post-configure.d/74-cinder-volume
+index 9655049..be77ea6 100755
+--- a/elements/cinder-volume/os-refresh-config/post-configure.d/74-cinder-volume
++++ b/elements/cinder-volume/os-refresh-config/post-configure.d/74-cinder-volume
+@@ -2,5 +2,4 @@
+ set -eu
+
+ os-svc-enable -n cinder-volume
+-os-svc-restart -n tgt
+ os-svc-restart -n cinder-volume
+diff --git a/elements/cinder/README.md b/elements/cinder/README.md
+index b04fc5a..1620e97 100644
+--- a/elements/cinder/README.md
++++ b/elements/cinder/README.md
+@@ -1,5 +1,8 @@
+ Install cinder service from git.
+
++An appropriate target element (such as cinder-tgt or cinder-lio) must be included
++in images that use cinder.
++
+ Configuration
+ -------------
+
+@@ -7,4 +10,6 @@ cinder:
+ verbose: False
+ - Print more verbose output (set logging level to INFO instead of default WARNING level).
+ debug: False
+- - Print debugging output (set logging level to DEBUG instead of default WARNING level).
+\ No newline at end of file
++ - Print debugging output (set logging level to DEBUG instead of default WARNING level).
++ iscsi-helper: tgtadm
++ - Specifies the iSCSI helper to use. Must match the target element included in the image.
+\ No newline at end of file
+diff --git a/elements/cinder/install.d/73-cinder b/elements/cinder/install.d/73-cinder
+index 1c35977..4eac5d0 100755
+--- a/elements/cinder/install.d/73-cinder
++++ b/elements/cinder/install.d/73-cinder
+@@ -2,8 +2,6 @@
+
+ set -eux
+
+-mkdir -p /etc/tgt/conf.d
+ install -d -o root -g cinder -m 0770 /var/lib/cinder/volumes
+ install -d -o root -g cinder -m 0770 /var/lib/cinder/nfs
+ register-state-path /var/lib/cinder
+-echo 'include /mnt/state/var/lib/cinder/volumes/*' > /etc/tgt/conf.d/cinder.conf
+diff --git a/elements/cinder/install.d/cinder-source-install/72-cinder b/elements/cinder/install.d/cinder-source-install/72-cinder
+index d412af2..ad22c54 100755
+--- a/elements/cinder/install.d/cinder-source-install/72-cinder
++++ b/elements/cinder/install.d/cinder-source-install/72-cinder
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ set -eux
+
+-install-packages lvm2 libssl-dev tgt libffi-dev nfs-common
++install-packages lvm2 libssl-dev libffi-dev nfs-common
+ echo "qpid-python" | tee -a /opt/stack/cinder/requirements.txt
+ os-svc-install -i "$CINDER_VENV_DIR" -u cinder -r /opt/stack/cinder
+
diff --git a/0001-Cinder-conf-patch.patch b/0008-Cinder-conf-patch.patch
similarity index 93%
rename from 0001-Cinder-conf-patch.patch
rename to 0008-Cinder-conf-patch.patch
index 092390f..6f6b1c0 100644
--- a/0001-Cinder-conf-patch.patch
+++ b/0008-Cinder-conf-patch.patch
@@ -1,4 +1,4 @@
-From 9e3cd97cd996b47f34d7f508e75c939de7e42fce Mon Sep 17 00:00:00 2001
+From 183b40e19722b6c0427bef7c882c7616382c68b5 Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle at redhat.com>
Date: Wed, 3 Sep 2014 13:20:59 -0400
Subject: [PATCH] Cinder conf patch
diff --git a/0009-Update-keystone-s-selinux-policies.patch b/0009-Update-keystone-s-selinux-policies.patch
new file mode 100644
index 0000000..780133e
--- /dev/null
+++ b/0009-Update-keystone-s-selinux-policies.patch
@@ -0,0 +1,58 @@
+From 567983bc9517655ad9fcfc293538c5f9b435dec0 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Tue, 25 Mar 2014 12:06:59 -0700
+Subject: [PATCH] Update keystone's selinux policies
+
+Allow openssl to read keystone ssl files.
+
+Move /mnt/state directory creation to configure.d.
+
+Change-Id: I75ccbaf3fa4efde1c48340de7c63efa30652e3e0
+---
+ .../keystone/os-refresh-config/configure.d/10-keystone-state | 5 +++++
+ .../keystone/os-refresh-config/configure.d/20-keystone-selinux | 9 +++++++++
+ elements/keystone/os-refresh-config/post-configure.d/70-keystone | 3 ---
+ 3 files changed, 14 insertions(+), 3 deletions(-)
+ create mode 100755 elements/keystone/os-refresh-config/configure.d/10-keystone-state
+ create mode 100755 elements/keystone/os-refresh-config/configure.d/20-keystone-selinux
+
+diff --git a/elements/keystone/os-refresh-config/configure.d/10-keystone-state b/elements/keystone/os-refresh-config/configure.d/10-keystone-state
+new file mode 100755
+index 0000000..1448241
+--- /dev/null
++++ b/elements/keystone/os-refresh-config/configure.d/10-keystone-state
+@@ -0,0 +1,5 @@
++#!/bin/bash
++set -eu
++
++[ -d /mnt/state/etc/keystone/ssl/certs ] || install -m 0750 -o keystone -g keystone -d /mnt/state/etc/keystone/ssl/certs
++[ -d /mnt/state/etc/keystone/ssl/private ] || install -m 0750 -o keystone -g keystone -d /mnt/state/etc/keystone/ssl/private
+diff --git a/elements/keystone/os-refresh-config/configure.d/20-keystone-selinux b/elements/keystone/os-refresh-config/configure.d/20-keystone-selinux
+new file mode 100755
+index 0000000..43a85d3
+--- /dev/null
++++ b/elements/keystone/os-refresh-config/configure.d/20-keystone-selinux
+@@ -0,0 +1,9 @@
++#!/bin/bash
++set -eu
++
++# Allow openssl to read keys
++
++[ -x /usr/sbin/semanage ] || exit 0
++
++semanage fcontext -a -t cert_t "/mnt/state/etc/keystone/ssl(/.*)?"
++restorecon -Rv /mnt/state/etc/keystone/ssl
+diff --git a/elements/keystone/os-refresh-config/post-configure.d/70-keystone b/elements/keystone/os-refresh-config/post-configure.d/70-keystone
+index ca8a412..30c5634 100755
+--- a/elements/keystone/os-refresh-config/post-configure.d/70-keystone
++++ b/elements/keystone/os-refresh-config/post-configure.d/70-keystone
+@@ -1,9 +1,6 @@
+ #!/bin/bash
+ set -eu
+
+-# NB: pki_setup chowns things appropriately.
+-mkdir -p /mnt/state/etc/keystone/ssl
+-
+ keystone-manage db_sync
+
+ os-svc-enable -n keystone
diff --git a/0010-Update-neutron-s-selinux-policies.patch b/0010-Update-neutron-s-selinux-policies.patch
new file mode 100644
index 0000000..89d1a93
--- /dev/null
+++ b/0010-Update-neutron-s-selinux-policies.patch
@@ -0,0 +1,64 @@
+From 6897676be23015ef90eb35922310e7895c9f6a62 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Tue, 25 Mar 2014 12:05:34 -0700
+Subject: [PATCH] Update neutron's selinux policies
+
+Allow neutron permission to /mnt/state and /var/run.
+
+Move directory creation from post-configure.d to configure.d.
+
+Change-Id: Ia4ea5b84bbbe69b6d2e72a5b4d7a691d5213bdfa
+---
+ .../os-refresh-config/post-configure.d/80-neutron-server | 4 ----
+ .../neutron/os-refresh-config/configure.d/10-neutron-state | 6 ++++++
+ .../os-refresh-config/configure.d/20-neutron-selinux | 13 +++++++++++++
+ 3 files changed, 19 insertions(+), 4 deletions(-)
+ create mode 100755 elements/neutron/os-refresh-config/configure.d/10-neutron-state
+ create mode 100755 elements/neutron/os-refresh-config/configure.d/20-neutron-selinux
+
+diff --git a/elements/neutron-server/os-refresh-config/post-configure.d/80-neutron-server b/elements/neutron-server/os-refresh-config/post-configure.d/80-neutron-server
+index 6d05722..2f7ab3b 100755
+--- a/elements/neutron-server/os-refresh-config/post-configure.d/80-neutron-server
++++ b/elements/neutron-server/os-refresh-config/post-configure.d/80-neutron-server
+@@ -1,10 +1,6 @@
+ #!/bin/bash
+ set -eux
+
+-[ -d /mnt/state/var/lib/neutron ] || {
+- install -d -D -m 0770 -o neutron -g neutron /mnt/state/var/lib/neutron
+-}
+-
+ os-svc-enable -n neutron-server
+
+ os-svc-restart -n neutron-server
+diff --git a/elements/neutron/os-refresh-config/configure.d/10-neutron-state b/elements/neutron/os-refresh-config/configure.d/10-neutron-state
+new file mode 100755
+index 0000000..613d44a
+--- /dev/null
++++ b/elements/neutron/os-refresh-config/configure.d/10-neutron-state
+@@ -0,0 +1,6 @@
++#!/bin/bash
++set -eu
++
++[ -d /mnt/state/var/lib/neutron ] || install -d -D -m 0770 -o neutron -g neutron /mnt/state/var/lib/neutron
++[ -d /var/run/neutron ] || install -D -m 0775 -o neutron -g neutron -d /var/run/neutron
++[ -d /mnt/state/var/log/neutron ] || install -D -m 0775 -o neutron -g neutron -d /mnt/state/var/log/neutron
+diff --git a/elements/neutron/os-refresh-config/configure.d/20-neutron-selinux b/elements/neutron/os-refresh-config/configure.d/20-neutron-selinux
+new file mode 100755
+index 0000000..45b0a05
+--- /dev/null
++++ b/elements/neutron/os-refresh-config/configure.d/20-neutron-selinux
+@@ -0,0 +1,13 @@
++#!/bin/bash
++set -eu
++
++[ -x /usr/sbin/semanage ] || exit 0
++
++semanage fcontext -a -t neutron_var_lib_t "/mnt/state/var/lib/neutron(/.*)?"
++restorecon -Rv /mnt/state/var/lib/neutron
++
++semanage fcontext -a -t neutron_var_lib_t "/var/run/neutron(/.*)?"
++restorecon -Rv /var/run/neutron
++
++semanage fcontext -a -t neutron_log_t "/mnt/state/var/log/neutron(/.*)?"
++restorecon -Rv /mnt/state/var/log/neutron
diff --git a/0011-Update-glance-s-selinux-policies.patch b/0011-Update-glance-s-selinux-policies.patch
new file mode 100644
index 0000000..9ea05a9
--- /dev/null
+++ b/0011-Update-glance-s-selinux-policies.patch
@@ -0,0 +1,58 @@
+From 35c161f8024a3d089238d1f375f4267c1fd99e04 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Tue, 25 Mar 2014 12:04:53 -0700
+Subject: [PATCH] Update glance's selinux policies
+
+Also moved directory creation from post-configure.d
+to configure.d
+
+Change-Id: Ic7fc2a3b053efeb4ccfc3d97b94a5a3d8d88a1bd
+---
+ elements/glance/os-refresh-config/configure.d/10-glance-state | 4 ++++
+ .../glance/os-refresh-config/configure.d/20-glance-selinux | 10 ++++++++++
+ elements/glance/os-refresh-config/post-configure.d/75-glance | 4 ----
+ 3 files changed, 14 insertions(+), 4 deletions(-)
+ create mode 100755 elements/glance/os-refresh-config/configure.d/10-glance-state
+ create mode 100755 elements/glance/os-refresh-config/configure.d/20-glance-selinux
+
+diff --git a/elements/glance/os-refresh-config/configure.d/10-glance-state b/elements/glance/os-refresh-config/configure.d/10-glance-state
+new file mode 100755
+index 0000000..dce4152
+--- /dev/null
++++ b/elements/glance/os-refresh-config/configure.d/10-glance-state
+@@ -0,0 +1,4 @@
++#!/bin/bash
++[ -d /mnt/state/var/lib/glance ] || install -d -D -m 0770 -o glance -g glance /mnt/state/var/lib/glance
++[ -d /mnt/state/var/lib/glance/images ] || install -d -D -m 0770 -o glance -g glance /mnt/state/var/lib/glance/images
++[ -d /mnt/state/var/log/glance ] || install -d -D -m 0755 -o glance -g glance /mnt/state/var/log/glance
+diff --git a/elements/glance/os-refresh-config/configure.d/20-glance-selinux b/elements/glance/os-refresh-config/configure.d/20-glance-selinux
+new file mode 100755
+index 0000000..d093549
+--- /dev/null
++++ b/elements/glance/os-refresh-config/configure.d/20-glance-selinux
+@@ -0,0 +1,10 @@
++#!/bin/bash
++set -eu
++
++[ -x /usr/sbin/semanage ] || exit 0
++
++semanage fcontext -a -t glance_var_lib_t "/mnt/state/var/lib/glance(/.*)?"
++restorecon -Rv /mnt/state/var/lib/glance
++
++semanage fcontext -a -t glance_log_t "/mnt/state/var/log/glance(/.*)?"
++restorecon -Rv /mnt/state/var/log/glance
+diff --git a/elements/glance/os-refresh-config/post-configure.d/75-glance b/elements/glance/os-refresh-config/post-configure.d/75-glance
+index 9827fa0..295ab06 100755
+--- a/elements/glance/os-refresh-config/post-configure.d/75-glance
++++ b/elements/glance/os-refresh-config/post-configure.d/75-glance
+@@ -1,10 +1,6 @@
+ #!/bin/bash
+ set -eu
+
+-[ -d /mnt/state/var/lib/glance ] || install -d -D -m 0770 -o glance -g glance /mnt/state/var/lib/glance
+-[ -d /mnt/state/var/lib/glance/images ] || install -d -D -m 0770 -o glance -g glance /mnt/state/var/lib/glance/images
+-[ -d /mnt/state/var/log/glance ] || install -d -D -m 0755 -o glance -g glance /mnt/state/var/log/glance
+-
+ glance-manage db_sync
+
+ os-svc-enable -n glance-api
diff --git a/0012-Update-nova-s-selinux-policies.patch b/0012-Update-nova-s-selinux-policies.patch
new file mode 100644
index 0000000..326fd84
--- /dev/null
+++ b/0012-Update-nova-s-selinux-policies.patch
@@ -0,0 +1,41 @@
+From a88202703a19b92f6eb0cc98b2a3e22992f794b8 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Tue, 25 Mar 2014 12:03:34 -0700
+Subject: [PATCH] Update nova's selinux policies
+
+Nova needs permissions to /mnt/state/var/lib/nova and
+/mnt/state/var/log/nova.
+
+Change-Id: Ie1f23d5d11b725c77648b15ad0738f30ada36a83
+---
+ elements/nova/os-refresh-config/configure.d/10-nova-state | 2 ++
+ elements/nova/os-refresh-config/configure.d/20-nova-selinux | 10 ++++++++++
+ 2 files changed, 12 insertions(+)
+ create mode 100755 elements/nova/os-refresh-config/configure.d/20-nova-selinux
+
+diff --git a/elements/nova/os-refresh-config/configure.d/10-nova-state b/elements/nova/os-refresh-config/configure.d/10-nova-state
+index cd738b1..d304646 100755
+--- a/elements/nova/os-refresh-config/configure.d/10-nova-state
++++ b/elements/nova/os-refresh-config/configure.d/10-nova-state
+@@ -1,3 +1,5 @@
+ #!/bin/bash
+ [ -d /mnt/state/var/lib/nova ] && exit 0
+ install -D -d -o nova -g nova -m 0775 /mnt/state/var/lib/nova
++[ -d /mnt/state/var/log/nova ] && exit 0
++install -D -d -o nova -g nova -m 0775 /mnt/state/var/log/nova
+diff --git a/elements/nova/os-refresh-config/configure.d/20-nova-selinux b/elements/nova/os-refresh-config/configure.d/20-nova-selinux
+new file mode 100755
+index 0000000..5eb322b
+--- /dev/null
++++ b/elements/nova/os-refresh-config/configure.d/20-nova-selinux
+@@ -0,0 +1,10 @@
++#!/bin/bash
++set -eu
++
++[ -x /usr/sbin/semanage ] || exit 0
++
++semanage fcontext -a -t nova_var_lib_t "/mnt/state/var/lib/nova(/.*)?"
++restorecon -Rv /mnt/state/var/lib/nova
++
++semanage fcontext -a -t nova_log_t "/mnt/state/var/log/nova(/.*)?"
++restorecon -Rv /mnt/state/var/log/nova
diff --git a/0013-Update-swift-s-selinux-policies.patch b/0013-Update-swift-s-selinux-policies.patch
new file mode 100644
index 0000000..892fe81
--- /dev/null
+++ b/0013-Update-swift-s-selinux-policies.patch
@@ -0,0 +1,60 @@
+From cb2f9b81972113c833d522ffa568281fb36df0d6 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Fri, 4 Apr 2014 20:39:57 -0700
+Subject: [PATCH] Update swift's selinux policies
+
+Allow swift permission to /mnt/state/var/cache/swift.
+Allow rsync to write to /mnt/state/var/log/rsyncd.log.
+
+Move directory creation from post-configure.d to configure.d.
+
+Change-Id: I9c8730be8d880229ec3224690f46406d55b2e8e1
+---
+ .../os-refresh-config/configure.d/10-swift-storage-state | 5 +++++
+ .../os-refresh-config/configure.d/20-swift-storage-selinux | 11 +++++++++++
+ .../os-refresh-config/post-configure.d/74-swift-storage | 2 --
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+ create mode 100755 elements/swift-storage/os-refresh-config/configure.d/10-swift-storage-state
+ create mode 100755 elements/swift-storage/os-refresh-config/configure.d/20-swift-storage-selinux
+
+diff --git a/elements/swift-storage/os-refresh-config/configure.d/10-swift-storage-state b/elements/swift-storage/os-refresh-config/configure.d/10-swift-storage-state
+new file mode 100755
+index 0000000..558d758
+--- /dev/null
++++ b/elements/swift-storage/os-refresh-config/configure.d/10-swift-storage-state
+@@ -0,0 +1,5 @@
++#!/bin/bash
++set -eu
++
++[ -d /mnt/state/var/cache/swift ] && exit 0
++install -d -o swift -g swift /mnt/state/var/cache/swift
+diff --git a/elements/swift-storage/os-refresh-config/configure.d/20-swift-storage-selinux b/elements/swift-storage/os-refresh-config/configure.d/20-swift-storage-selinux
+new file mode 100755
+index 0000000..261b157
+--- /dev/null
++++ b/elements/swift-storage/os-refresh-config/configure.d/20-swift-storage-selinux
+@@ -0,0 +1,11 @@
++#!/bin/bash
++set -eu
++
++[ -x /usr/sbin/semanage ] || exit 0
++
++semanage fcontext -a -t swift_var_cache_t "/mnt/state/var/cache/swift(/.*)?"
++restorecon -Rv /mnt/state/var/cache/swift
++
++# allows rsync to write to /mnt/state/var/log/rsyncd.log
++semanage fcontext -a -t var_log_t "/mnt/state/var/log"
++restorecon -Rv /mnt/state/var/log
+diff --git a/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage b/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage
+index b7bc617..8a45ca2 100755
+--- a/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage
++++ b/elements/swift-storage/os-refresh-config/post-configure.d/74-swift-storage
+@@ -1,8 +1,6 @@
+ #!/bin/bash
+ set -eu
+
+-[ -d /mnt/state/var/cache/swift ] || install -d -o swift -g swift /mnt/state/var/cache/swift
+-
+ os-svc-enable -n swift-account
+ os-svc-enable -n swift-account-auditor
+ os-svc-enable -n swift-account-reaper
diff --git a/0014-Allow-install-mariadb-from-RDO-repository.patch b/0014-Allow-install-mariadb-from-RDO-repository.patch
new file mode 100644
index 0000000..990b467
--- /dev/null
+++ b/0014-Allow-install-mariadb-from-RDO-repository.patch
@@ -0,0 +1,299 @@
+From df6e55ae23728a3357b0f8f5576a16df1b4f77ba Mon Sep 17 00:00:00 2001
+From: Jan Provaznik <jprovazn at redhat.com>
+Date: Mon, 14 Apr 2014 10:22:54 -0400
+Subject: [PATCH] Allow install mariadb from RDO repository
+
+Adds elements which allow installing mariadb from RDO repository.
+It's similar to mariadb element but different repo with different
+package names are used (also some installation steps might be removed
+in future).
+
+Common code for mariadb and mariadb-rdo is now in mariadb-common element.
+
+Change-Id: I8566b03a24fff7984f323442d93249e1002a6ebe
+---
+ elements/mariadb-common/README.md | 2 ++
+ elements/mariadb-common/element-deps | 1 +
+ elements/mariadb-common/install.d/11-mariadb | 27 ++++++++++++++++
+ .../os-refresh-config/post-configure.d/40-mariadb | 4 +++
+ .../pre-configure.d/50-mariadb-socket | 10 ++++++
+ elements/mariadb-dev-rdo/README.md | 4 +++
+ elements/mariadb-dev-rdo/element-deps | 1 +
+ elements/mariadb-dev-rdo/element-provides | 1 +
+ elements/mariadb-dev-rdo/install.d/03-mariadb-dev | 5 +++
+ elements/mariadb-rdo/README.md | 4 +++
+ elements/mariadb-rdo/element-deps | 2 ++
+ elements/mariadb-rdo/element-provides | 1 +
+ elements/mariadb-rdo/install.d/10-mariadb-packages | 13 ++++++++
+ elements/mariadb/element-deps | 2 +-
+ elements/mariadb/install.d/10-mariadb | 36 ----------------------
+ elements/mariadb/install.d/10-mariadb-packages | 13 ++++++++
+ .../os-refresh-config/post-configure.d/40-mariadb | 4 ---
+ .../pre-configure.d/50-mariadb-socket | 10 ------
+ 18 files changed, 89 insertions(+), 51 deletions(-)
+ create mode 100644 elements/mariadb-common/README.md
+ create mode 100644 elements/mariadb-common/element-deps
+ create mode 100755 elements/mariadb-common/install.d/11-mariadb
+ create mode 100755 elements/mariadb-common/os-refresh-config/post-configure.d/40-mariadb
+ create mode 100755 elements/mariadb-common/os-refresh-config/pre-configure.d/50-mariadb-socket
+ create mode 100644 elements/mariadb-dev-rdo/README.md
+ create mode 100644 elements/mariadb-dev-rdo/element-deps
+ create mode 100644 elements/mariadb-dev-rdo/element-provides
+ create mode 100755 elements/mariadb-dev-rdo/install.d/03-mariadb-dev
+ create mode 100644 elements/mariadb-rdo/README.md
+ create mode 100644 elements/mariadb-rdo/element-deps
+ create mode 100644 elements/mariadb-rdo/element-provides
+ create mode 100755 elements/mariadb-rdo/install.d/10-mariadb-packages
+ delete mode 100755 elements/mariadb/install.d/10-mariadb
+ create mode 100755 elements/mariadb/install.d/10-mariadb-packages
+ delete mode 100755 elements/mariadb/os-refresh-config/post-configure.d/40-mariadb
+ delete mode 100755 elements/mariadb/os-refresh-config/pre-configure.d/50-mariadb-socket
+
+diff --git a/elements/mariadb-common/README.md b/elements/mariadb-common/README.md
+new file mode 100644
+index 0000000..50a9d23
+--- /dev/null
++++ b/elements/mariadb-common/README.md
+@@ -0,0 +1,2 @@
++This element contains code common for mariadb installations, make sure
++you include one of mariadb or mariadb-rdo when including this element.
+diff --git a/elements/mariadb-common/element-deps b/elements/mariadb-common/element-deps
+new file mode 100644
+index 0000000..b51cf12
+--- /dev/null
++++ b/elements/mariadb-common/element-deps
+@@ -0,0 +1 @@
++mysql-common
+diff --git a/elements/mariadb-common/install.d/11-mariadb b/elements/mariadb-common/install.d/11-mariadb
+new file mode 100755
+index 0000000..cf14849
+--- /dev/null
++++ b/elements/mariadb-common/install.d/11-mariadb
+@@ -0,0 +1,27 @@
++#!/bin/bash
++
++# Install controller base requiered packages
++
++set -eux
++
++# Templates write the configs into /mnt/state. However, MySQL makes it very
++# difficult not to use this as the directory for configs.
++rm -rf /etc/mysql
++ln -s /mnt/state/etc/mysql /etc/mysql
++if [ -e /etc/apparmor.d/usr.sbin.mysqld ] ; then
++ sed -i -e 's,/var/lib/mysql/,/mnt/state/var/lib/mysql/,g' /etc/apparmor.d/usr.sbin.mysqld
++ sed -i -e 's,/var/log/mysql/,/mnt/state/var/log/mysql/,g' /etc/apparmor.d/usr.sbin.mysqld
++ sed -i -e 's,/etc/mysql/,/mnt/state/etc/mysql/,g' /etc/apparmor.d/usr.sbin.mysqld
++fi
++if [ -e /etc/init/mysql.conf ]; then
++ sed -i -e 's,/var/lib/mysql/,/mnt/state/var/lib/mysql/,g' /etc/init/mysql.conf
++fi
++# Fedora/RHEL install /etc/my.cnf but we do not want any unmanaged configs
++rm -f /etc/my.cnf
++# On openSUSE /var/lib/mysql is not part of the mariadb packages.
++[ -d /var/lib/mysql ] || install -d -o mysql -g root -m 0700 /var/lib/mysql
++register-state-path /var/lib/mysql
++# We need to setup the directory with appropriate permissions and then
++# the first time we boot a particular state partition we rsync this in.
++[ -d /var/log/mysql ] || install -d -o root -g mysql -m 0775 /var/log/mysql
++register-state-path /var/log/mysql
+diff --git a/elements/mariadb-common/os-refresh-config/post-configure.d/40-mariadb b/elements/mariadb-common/os-refresh-config/post-configure.d/40-mariadb
+new file mode 100755
+index 0000000..948bc26
+--- /dev/null
++++ b/elements/mariadb-common/os-refresh-config/post-configure.d/40-mariadb
+@@ -0,0 +1,4 @@
++#!/bin/bash
++set -eu
++
++os-svc-restart -n mysql
+diff --git a/elements/mariadb-common/os-refresh-config/pre-configure.d/50-mariadb-socket b/elements/mariadb-common/os-refresh-config/pre-configure.d/50-mariadb-socket
+new file mode 100755
+index 0000000..f6b800c
+--- /dev/null
++++ b/elements/mariadb-common/os-refresh-config/pre-configure.d/50-mariadb-socket
+@@ -0,0 +1,10 @@
++#!/bin/bash
++set -eu
++
++# mariadb clients (from mariadb.org) expect the socket at
++# /var/lib/mysql/mysql.sock
++#
++# mysql server is started from 51-init-openstack (reset-db script) - we need to
++# create symlink to make sure reset-db will not fail
++[ -d /var/lib/mysql ] || mkdir -p /var/lib/mysql
++ln -sf /var/run/mysqld/mysqld.sock /var/lib/mysql/mysql.sock
+diff --git a/elements/mariadb-dev-rdo/README.md b/elements/mariadb-dev-rdo/README.md
+new file mode 100644
+index 0000000..6f9afc1
+--- /dev/null
++++ b/elements/mariadb-dev-rdo/README.md
+@@ -0,0 +1,4 @@
++Installs mariadb devel package from RDO repository
++
++This is a separate element because different devel packages are installed for
++mysql and for mariadb.
+diff --git a/elements/mariadb-dev-rdo/element-deps b/elements/mariadb-dev-rdo/element-deps
+new file mode 100644
+index 0000000..c77dd9b
+--- /dev/null
++++ b/elements/mariadb-dev-rdo/element-deps
+@@ -0,0 +1 @@
++fedora-rdo-icehouse-repository
+diff --git a/elements/mariadb-dev-rdo/element-provides b/elements/mariadb-dev-rdo/element-provides
+new file mode 100644
+index 0000000..063f2a8
+--- /dev/null
++++ b/elements/mariadb-dev-rdo/element-provides
+@@ -0,0 +1 @@
++mysql-dev
+diff --git a/elements/mariadb-dev-rdo/install.d/03-mariadb-dev b/elements/mariadb-dev-rdo/install.d/03-mariadb-dev
+new file mode 100755
+index 0000000..84937ce
+--- /dev/null
++++ b/elements/mariadb-dev-rdo/install.d/03-mariadb-dev
+@@ -0,0 +1,5 @@
++#!/bin/bash
++
++set -eux
++
++install-packages libmariadb-dev
+diff --git a/elements/mariadb-rdo/README.md b/elements/mariadb-rdo/README.md
+new file mode 100644
+index 0000000..bc29728
+--- /dev/null
++++ b/elements/mariadb-rdo/README.md
+@@ -0,0 +1,4 @@
++Installs MariaDB with galera from RDO repository
++
++This element is similar to mariadb repository but installs packages
++from RDO repository.
+diff --git a/elements/mariadb-rdo/element-deps b/elements/mariadb-rdo/element-deps
+new file mode 100644
+index 0000000..28f3ac7
+--- /dev/null
++++ b/elements/mariadb-rdo/element-deps
+@@ -0,0 +1,2 @@
++mariadb-dev-rdo
++mariadb-common
+diff --git a/elements/mariadb-rdo/element-provides b/elements/mariadb-rdo/element-provides
+new file mode 100644
+index 0000000..0eaebf1
+--- /dev/null
++++ b/elements/mariadb-rdo/element-provides
+@@ -0,0 +1 @@
++mysql
+diff --git a/elements/mariadb-rdo/install.d/10-mariadb-packages b/elements/mariadb-rdo/install.d/10-mariadb-packages
+new file mode 100755
+index 0000000..88257f6
+--- /dev/null
++++ b/elements/mariadb-rdo/install.d/10-mariadb-packages
+@@ -0,0 +1,13 @@
++#!/bin/bash
++
++# Install controller base requiered packages
++
++set -eux
++
++if [ "$(dib-init-system)" = "upstart" ] ; then
++ install $(dirname $0)/mysql-set-server-id.upstart /etc/init/mysql-set-server-id.conf
++else
++ echo WARNING: server-id will not be set on systems that boot this image!
++fi
++
++install-packages sysstat mytop python-mysqldb mariadb-rdo-galera-server mariadb-galera galera
+diff --git a/elements/mariadb/element-deps b/elements/mariadb/element-deps
+index 6de744a..dfdb858 100644
+--- a/elements/mariadb/element-deps
++++ b/elements/mariadb/element-deps
+@@ -1,2 +1,2 @@
+ mariadb-dev
+-mysql-common
++mariadb-common
+diff --git a/elements/mariadb/install.d/10-mariadb b/elements/mariadb/install.d/10-mariadb
+deleted file mode 100755
+index 19e613a..0000000
+--- a/elements/mariadb/install.d/10-mariadb
++++ /dev/null
+@@ -1,36 +0,0 @@
+-#!/bin/bash
+-
+-# Install controller base requiered packages
+-
+-set -e
+-set -o xtrace
+-
+-if [ "$(dib-init-system)" = "upstart" ] ; then
+- install $(dirname $0)/mysql-set-server-id.upstart /etc/init/mysql-set-server-id.conf
+-else
+- echo WARNING: server-id will not be set on systems that boot this image!
+-fi
+-
+-install-packages sysstat mytop python-mysqldb mariadb-galera-server mariadb-client galera
+-
+-# Templates write the configs into /mnt/state. However, MySQL makes it very
+-# difficult not to use this as the directory for configs.
+-rm -rf /etc/mysql
+-ln -s /mnt/state/etc/mysql /etc/mysql
+-if [ -e /etc/apparmor.d/usr.sbin.mysqld ] ; then
+- sed -i -e 's,/var/lib/mysql/,/mnt/state/var/lib/mysql/,g' /etc/apparmor.d/usr.sbin.mysqld
+- sed -i -e 's,/var/log/mysql/,/mnt/state/var/log/mysql/,g' /etc/apparmor.d/usr.sbin.mysqld
+- sed -i -e 's,/etc/mysql/,/mnt/state/etc/mysql/,g' /etc/apparmor.d/usr.sbin.mysqld
+-fi
+-if [ -e /etc/init/mysql.conf ]; then
+- sed -i -e 's,/var/lib/mysql/,/mnt/state/var/lib/mysql/,g' /etc/init/mysql.conf
+-fi
+-# Fedora/RHEL install /etc/my.cnf but we do not want any unmanaged configs
+-rm -f /etc/my.cnf
+-# On openSUSE /var/lib/mysql is not part of the mariadb packages.
+-[ -d /var/lib/mysql ] || install -d -o mysql -g root -m 0700 /var/lib/mysql
+-register-state-path /var/lib/mysql
+-# We need to setup the directory with appropriate permissions and then
+-# the first time we boot a particular state partition we rsync this in.
+-[ -d /var/log/mysql ] || install -d -o root -g mysql -m 0775 /var/log/mysql
+-register-state-path /var/log/mysql
+diff --git a/elements/mariadb/install.d/10-mariadb-packages b/elements/mariadb/install.d/10-mariadb-packages
+new file mode 100755
+index 0000000..e33e8c9
+--- /dev/null
++++ b/elements/mariadb/install.d/10-mariadb-packages
+@@ -0,0 +1,13 @@
++#!/bin/bash
++
++# Install controller base requiered packages
++
++set -eux
++
++if [ "$(dib-init-system)" = "upstart" ] ; then
++ install $(dirname $0)/mysql-set-server-id.upstart /etc/init/mysql-set-server-id.conf
++else
++ echo WARNING: server-id will not be set on systems that boot this image!
++fi
++
++install-packages sysstat mytop python-mysqldb mariadb-galera-server mariadb-client galera
+diff --git a/elements/mariadb/os-refresh-config/post-configure.d/40-mariadb b/elements/mariadb/os-refresh-config/post-configure.d/40-mariadb
+deleted file mode 100755
+index 948bc26..0000000
+--- a/elements/mariadb/os-refresh-config/post-configure.d/40-mariadb
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/bash
+-set -eu
+-
+-os-svc-restart -n mysql
+diff --git a/elements/mariadb/os-refresh-config/pre-configure.d/50-mariadb-socket b/elements/mariadb/os-refresh-config/pre-configure.d/50-mariadb-socket
+deleted file mode 100755
+index f6b800c..0000000
+--- a/elements/mariadb/os-refresh-config/pre-configure.d/50-mariadb-socket
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#!/bin/bash
+-set -eu
+-
+-# mariadb clients (from mariadb.org) expect the socket at
+-# /var/lib/mysql/mysql.sock
+-#
+-# mysql server is started from 51-init-openstack (reset-db script) - we need to
+-# create symlink to make sure reset-db will not fail
+-[ -d /var/lib/mysql ] || mkdir -p /var/lib/mysql
+-ln -sf /var/run/mysqld/mysqld.sock /var/lib/mysql/mysql.sock
diff --git a/0015-Make-innodb-pool-size-configurable.patch b/0015-Make-innodb-pool-size-configurable.patch
new file mode 100644
index 0000000..a207be7
--- /dev/null
+++ b/0015-Make-innodb-pool-size-configurable.patch
@@ -0,0 +1,36 @@
+From 78e3e95c736ab8a5d414123e4474c120c74222d8 Mon Sep 17 00:00:00 2001
+From: Jan Provaznik <jprovazn at redhat.com>
+Date: Tue, 1 Apr 2014 08:59:06 -0400
+Subject: [PATCH] Make innodb pool size configurable
+
+Alows configuring of buffer pool size and decreases default
+value to 100MB.
+
+For VMs with 2G RAM is 592MB buffer too big. Then you can hit
+an issue that openstack requests fail because there is not
+enough memory to spawn new process or mysql server restart fails
+for because it fails to allocate 592MB buffer.
+
+Change-Id: I9126c090d3d4cd03cb93735a2b0c54fa250eed61
+---
+ elements/mysql-common/os-config-applier/mnt/state/etc/mysql/my.cnf | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/elements/mysql-common/os-config-applier/mnt/state/etc/mysql/my.cnf b/elements/mysql-common/os-config-applier/mnt/state/etc/mysql/my.cnf
+index 8f5bc3a..5fa6427 100644
+--- a/elements/mysql-common/os-config-applier/mnt/state/etc/mysql/my.cnf
++++ b/elements/mysql-common/os-config-applier/mnt/state/etc/mysql/my.cnf
+@@ -48,7 +48,12 @@ innodb_log_files_in_group = 2
+ innodb_log_file_size = 64M
+ innodb_flush_log_at_trx_commit = 2
+ innodb_file_per_table = 1
+-innodb_buffer_pool_size = 592M
++{{#mysql.innodb_buffer_pool_size}}
++innodb_buffer_pool_size = {{mysql.innodb_buffer_pool_size}}M
++{{/mysql.innodb_buffer_pool_size}}
++{{^mysql.innodb_buffer_pool_size}}
++innodb_buffer_pool_size = 100M
++{{/mysql.innodb_buffer_pool_size}}
+ # TODO
+ # innodb_read_io_threads
+ # innodb_write_io_threads
diff --git a/0016-Fix-var-lib-mysql-selinux-labeling.patch b/0016-Fix-var-lib-mysql-selinux-labeling.patch
new file mode 100644
index 0000000..966e513
--- /dev/null
+++ b/0016-Fix-var-lib-mysql-selinux-labeling.patch
@@ -0,0 +1,24 @@
+From 1aa0f2f401dc9a79c4fbaa0eabfa4d31f7c0ec45 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Thu, 24 Apr 2014 15:28:04 -0700
+Subject: [PATCH] Fix /var/lib/mysql selinux labeling
+
+/var/lib/mysql is currently set to var_lib_t and should be
+mysqld_db_t. restorecon will fix the file context.
+
+Change-Id: Idf613fc0b9e1d218061057c0dad29929aded38bd
+---
+ .../mysql-common/os-refresh-config/pre-configure.d/97-mysql-selinux | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/elements/mysql-common/os-refresh-config/pre-configure.d/97-mysql-selinux b/elements/mysql-common/os-refresh-config/pre-configure.d/97-mysql-selinux
+index 26d1170..9031636 100755
+--- a/elements/mysql-common/os-refresh-config/pre-configure.d/97-mysql-selinux
++++ b/elements/mysql-common/os-refresh-config/pre-configure.d/97-mysql-selinux
+@@ -14,3 +14,6 @@ restorecon -Rv /mnt/state/var/log/mysql
+ [ -d /mnt/state/etc/mysql ] || install -m 0755 -o mysql -g mysql -d /mnt/state/etc/mysql
+ semanage fcontext -a -t mysqld_etc_t "/mnt/state/etc/mysql(/.*)?"
+ restorecon -Rv /mnt/state/etc/mysql
++
++# /var/lib/mysql needs to be set to mysqld_db_t
++restorecon -R /var/lib/mysql
diff --git a/0017-Fix-rabbitmq-server-selinux-labeling.patch b/0017-Fix-rabbitmq-server-selinux-labeling.patch
new file mode 100644
index 0000000..19b6251
--- /dev/null
+++ b/0017-Fix-rabbitmq-server-selinux-labeling.patch
@@ -0,0 +1,45 @@
+From 58673e9285074d25c81b755050795ecc9c59d0fe Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Wed, 30 Apr 2014 15:26:31 -0700
+Subject: [PATCH] Fix rabbitmq-server selinux labeling
+
+/mnt/state/var/lib/rabbitmq should be labeled as rabbitmq_var_lib_t
+and not var_lib_t.
+/mnt/state/var/log/rabbitmq should be labeled as rabbitmq_var_log_t
+and not var_log_t.
+
+Create /mnt/state/var/log/rabbitmq directory in pre-configure.d
+so that it can be labeled before rabbitmq-server is started.
+
+Change-Id: Ifaee9755a58c514003e1c35e73f7b9a91854046f
+---
+ .../os-refresh-config/configure.d/20-rabbitmq-server-selinux | 10 ++++++++++
+ .../os-refresh-config/pre-configure.d/80-rabbitmq-cluster | 1 +
+ 2 files changed, 11 insertions(+)
+ create mode 100755 elements/rabbitmq-server/os-refresh-config/configure.d/20-rabbitmq-server-selinux
+
+diff --git a/elements/rabbitmq-server/os-refresh-config/configure.d/20-rabbitmq-server-selinux b/elements/rabbitmq-server/os-refresh-config/configure.d/20-rabbitmq-server-selinux
+new file mode 100755
+index 0000000..3eea7f2
+--- /dev/null
++++ b/elements/rabbitmq-server/os-refresh-config/configure.d/20-rabbitmq-server-selinux
+@@ -0,0 +1,10 @@
++#!/bin/bash
++set -eu
++
++[ -x /usr/sbin/semanage ] || exit 0
++
++semanage fcontext -a -t rabbitmq_var_lib_t "/mnt/state/var/lib/rabbitmq(/.*)?"
++restorecon -Rv /mnt/state/var/lib/rabbitmq
++
++semanage fcontext -a -t rabbitmq_var_log_t "/mnt/state/var/log/rabbitmq(/.*)?"
++restorecon -Rv /mnt/state/var/log/rabbitmq
+diff --git a/elements/rabbitmq-server/os-refresh-config/pre-configure.d/80-rabbitmq-cluster b/elements/rabbitmq-server/os-refresh-config/pre-configure.d/80-rabbitmq-cluster
+index 62b0cba..8dce997 100755
+--- a/elements/rabbitmq-server/os-refresh-config/pre-configure.d/80-rabbitmq-cluster
++++ b/elements/rabbitmq-server/os-refresh-config/pre-configure.d/80-rabbitmq-cluster
+@@ -3,3 +3,4 @@ set -eux
+
+ [ -d /mnt/state/var/lib/rabbitmq ] || install -d -D -m 0770 -o rabbitmq -g rabbitmq /mnt/state/var/lib/rabbitmq
+ install -m 600 -o rabbitmq -g rabbitmq /dev/null /mnt/state/var/lib/rabbitmq/.erlang.cookie
++[ -d /mnt/state/var/log/rabbitmq ] || install -d -D -m 0770 -o rabbitmq -g rabbitmq /mnt/state/var/log/rabbitmq
diff --git a/0018-Ability-to-change-default-swift-ports.patch b/0018-Ability-to-change-default-swift-ports.patch
new file mode 100644
index 0000000..58a8526
--- /dev/null
+++ b/0018-Ability-to-change-default-swift-ports.patch
@@ -0,0 +1,102 @@
+From 8920c76bc18b0aa66ef7e1e891fc5f6e5e8797fa Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Wed, 25 Jun 2014 14:56:00 -0700
+Subject: [PATCH] Ability to change default swift ports
+
+The configuration and os-refresh-config scripts have been updated
+to allow the swift ports to be changed through heat metadata.
+
+This change is needed by Fedora based distributions running in SELinux
+enforcing mode. The SELinux policies allow swift to bind to ports
+6201-6203 which is different from the default 6000-6002. The reason
+the policies could not be updated to allow ports 6000-6002, is because
+that range overlaps with xserver.
+
+See https://bugzilla.redhat.com/show_bug.cgi?id=1112823
+
+Related to Id27034a641dbc27a88b70da47b0353be4694819c
+
+Change-Id: I44404eff352e0527e7d0d01493a7b1b7ce4a52e5
+
+Conflicts:
+ elements/swift-storage/os-config-applier/etc/swift/account-server.conf
+ elements/swift-storage/os-config-applier/etc/swift/container-server.conf
+ elements/swift-storage/os-config-applier/etc/swift/object-server.conf
+ elements/swift/os-refresh-config/configure.d/73-swift
+---
+ .../os-config-applier/etc/swift/account-server.conf | 3 +++
+ .../os-config-applier/etc/swift/container-server.conf | 3 +++
+ .../os-config-applier/etc/swift/object-server.conf | 3 +++
+ elements/swift/os-refresh-config/configure.d/73-swift | 10 +++++++---
+ 4 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/elements/swift-storage/os-config-applier/etc/swift/account-server.conf b/elements/swift-storage/os-config-applier/etc/swift/account-server.conf
+index b438b80..25ec2ea 100644
+--- a/elements/swift-storage/os-config-applier/etc/swift/account-server.conf
++++ b/elements/swift-storage/os-config-applier/etc/swift/account-server.conf
+@@ -1,6 +1,9 @@
+ [DEFAULT]
+ # Once we have partitions dedicated to swift storage this should be removed
+ mount_check = false
++{{#swift.account_server_port}}
++bind_port = {{swift.account_server_port}}
++{{/swift.account_server_port}}
+
+ [pipeline:main]
+ pipeline = healthcheck recon account-server
+diff --git a/elements/swift-storage/os-config-applier/etc/swift/container-server.conf b/elements/swift-storage/os-config-applier/etc/swift/container-server.conf
+index f037635..2bedabd 100644
+--- a/elements/swift-storage/os-config-applier/etc/swift/container-server.conf
++++ b/elements/swift-storage/os-config-applier/etc/swift/container-server.conf
+@@ -1,6 +1,9 @@
+ [DEFAULT]
+ # Once we have partitions dedicated to swift storage this should be removed
+ mount_check = false
++{{#swift.container_server_port}}
++bind_port = {{swift.container_server_port}}
++{{/swift.container_server_port}}
+
+ [pipeline:main]
+ pipeline = healthcheck recon container-server
+diff --git a/elements/swift-storage/os-config-applier/etc/swift/object-server.conf b/elements/swift-storage/os-config-applier/etc/swift/object-server.conf
+index c015f6b..7183c9b 100644
+--- a/elements/swift-storage/os-config-applier/etc/swift/object-server.conf
++++ b/elements/swift-storage/os-config-applier/etc/swift/object-server.conf
+@@ -1,6 +1,9 @@
+ [DEFAULT]
+ # Once we have partitions dedicated to swift storage this should be removed
+ mount_check = false
++{{#swift.object_server_port}}
++bind_port = {{swift.object_server_port}}
++{{/swift.object_server_port}}
+
+ [pipeline:main]
+ pipeline = healthcheck recon object-server
+diff --git a/elements/swift/os-refresh-config/configure.d/73-swift b/elements/swift/os-refresh-config/configure.d/73-swift
+index 5c94d45..79c4d47 100755
+--- a/elements/swift/os-refresh-config/configure.d/73-swift
++++ b/elements/swift/os-refresh-config/configure.d/73-swift
+@@ -6,6 +6,9 @@ set -o pipefail
+ PARTPOWER=$(os-apply-config --key swift.part-power --key-default 10)
+ REPLICAS=$(os-apply-config --key swift.replicas --key-default 1)
+ DEVICES=$(os-apply-config --key swift.devices --key-default "" --type raw)
++OBJECT_SERVER_PORT=$(os-apply-config --key swift.object_server_port --key-default 6000)
++CONTAINER_SERVER_PORT=$(os-apply-config --key swift.container_server_port --key-default 6001)
++ACCOUNT_SERVER_PORT=$(os-apply-config --key swift.account_server_port --key-default 6002)
+
+ if [ -z "$DEVICES" ] ; then
+ echo "No swift devices to configure"
+@@ -17,9 +20,10 @@ swift-ring-builder /etc/swift/container.builder create $PARTPOWER $REPLICAS 1
+ swift-ring-builder /etc/swift/account.builder create $PARTPOWER $REPLICAS 1
+
+ for DEVICE in ${DEVICES//,/ } ; do
+- swift-ring-builder /etc/swift/object.builder add ${DEVICE/\%PORT\%/6000} 100
+- swift-ring-builder /etc/swift/container.builder add ${DEVICE/\%PORT\%/6001} 100
+- swift-ring-builder /etc/swift/account.builder add ${DEVICE/\%PORT\%/6002} 100
++ DEVICE=$(place_in_zone $DEVICE)
++ swift-ring-builder /etc/swift/object.builder add ${DEVICE/\%PORT\%/$OBJECT_SERVER_PORT} 100
++ swift-ring-builder /etc/swift/container.builder add ${DEVICE/\%PORT\%/$CONTAINER_SERVER_PORT} 100
++ swift-ring-builder /etc/swift/account.builder add ${DEVICE/\%PORT\%/$ACCOUNT_SERVER_PORT} 100
+ done
+
+ swift-ring-builder /etc/swift/object.builder rebalance 999
diff --git a/0019-Move-rabbitmq-server-cluster-port.patch b/0019-Move-rabbitmq-server-cluster-port.patch
new file mode 100644
index 0000000..7ae5ba9
--- /dev/null
+++ b/0019-Move-rabbitmq-server-cluster-port.patch
@@ -0,0 +1,107 @@
+From 0412355e263a4fd1b86e483c8b2bc579143cbbe2 Mon Sep 17 00:00:00 2001
+From: Richard Su <rwsu at redhat.com>
+Date: Mon, 5 May 2014 19:22:50 -0700
+Subject: [PATCH] Move rabbitmq-server cluster port
+
+The Fedora rabbitmq-server package requires an ephemeral port to be
+used. Otherwise the service will fail to start if selinux is in enforcing
+mode.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1032595
+
+This patch moves the cluster port from 5535 to 61000. Port 61000 is
+also reserved through sysctl by setting it as the value for
+ip_local_reserved_ports.
+
+Change-Id: I95a5bd48afea179273044c338d73d9c2dbb884a0
+
+Conflicts:
+ elements/rabbitmq-server/element-deps
+ elements/rabbitmq-server/install.d/20-rabbitmq-server
+ elements/rabbitmq-server/os-apply-config/etc/rabbitmq/rabbitmq.config
+---
+ elements/rabbitmq-server/README.md | 7 ++++++-
+ elements/rabbitmq-server/element-deps | 1 +
+ .../rabbitmq-server/install.d/20-rabbitmq-server | 2 ++
+ .../os-apply-config/etc/rabbitmq/rabbitmq.config | 21 +++++++++++++++++++++
+ .../pre-configure.d/98-rabbitmq-iptables | 2 +-
+ 5 files changed, 31 insertions(+), 2 deletions(-)
+ create mode 100644 elements/rabbitmq-server/os-apply-config/etc/rabbitmq/rabbitmq.config
+
+diff --git a/elements/rabbitmq-server/README.md b/elements/rabbitmq-server/README.md
+index 57e9e06..c064682 100644
+--- a/elements/rabbitmq-server/README.md
++++ b/elements/rabbitmq-server/README.md
+@@ -36,10 +36,15 @@ Additional parameters in heat template are required for each clustered node:
+ If a node has 'rabbit.nodes' set to true, this node is added into
+ cluster with other nodes listed in 'rabbit.nodes'.
+
+-RabbitMQ inter-node communication is restricted to port 5535 only in config file
++RabbitMQ inter-node communication is restricted to port 61000 only in config file
+ (otherwise random ports would be used) to make sure this port can be enabled in
+ firewall.
+
++Due to bug http://bugzilla.redhat.com/show_bug.cgi?id=1105850, we must use a port
++within the ephemeral port range (32768-61000).
++
++Port 61000 is reserved by using sysctl to set net.ipv4.ip_local_reserved_ports
++to 61000.
+
+ Sample 2-node cluster definition:
+
+diff --git a/elements/rabbitmq-server/element-deps b/elements/rabbitmq-server/element-deps
+index 857f951..abe7df2 100644
+--- a/elements/rabbitmq-server/element-deps
++++ b/elements/rabbitmq-server/element-deps
+@@ -1,3 +1,4 @@
+ iptables
+ os-refresh-config
+ os-apply-config
++sysctl
+diff --git a/elements/rabbitmq-server/install.d/20-rabbitmq-server b/elements/rabbitmq-server/install.d/20-rabbitmq-server
+index 75faa29..21ad22f 100755
+--- a/elements/rabbitmq-server/install.d/20-rabbitmq-server
++++ b/elements/rabbitmq-server/install.d/20-rabbitmq-server
+@@ -31,3 +31,5 @@ if [ "$DIB_INIT_SYSTEM" = "systemd" ]; then
+ # Enable the service
+ systemctl enable rabbitmq-server.service
+ fi
++# Reserve the cluster port (61000) from the ephemeral port range.
++sysctl-append-value net.ipv4.ip_local_reserved_ports 61000
+diff --git a/elements/rabbitmq-server/os-apply-config/etc/rabbitmq/rabbitmq.config b/elements/rabbitmq-server/os-apply-config/etc/rabbitmq/rabbitmq.config
+new file mode 100644
+index 0000000..bd278e2
+--- /dev/null
++++ b/elements/rabbitmq-server/os-apply-config/etc/rabbitmq/rabbitmq.config
+@@ -0,0 +1,21 @@
++[
++ {kernel,
++ [
++ {inet_dist_listen_min, 61000},
++ {inet_dist_listen_max, 61000},
++ {inet_default_listen_options,
++ [{nodelay,true}
++ ,{sndbuf,65535}
++ ,{recbuf,65535}
++ ,{{#rabbit.keepalive_disabled}}{keepalive, false}{{/rabbit.keepalive_disabled}}{{^rabbit.keepalive_disabled}}{keepalive, true}{{/rabbit.keepalive_disabled}}
++ ]},
++ {inet_default_connect_options,
++ [{nodelay,true}
++ ,{{#rabbit.keepalive_disabled}}{keepalive, false}{{/rabbit.keepalive_disabled}}{{^rabbit.keepalive_disabled}}{keepalive, true}{{/rabbit.keepalive_disabled}}
++ ]}
++ ]
++ },
++ {rabbit, [
++ {cluster_partition_handling, {{#rabbit.cluster_partition_handling}}{{rabbit.cluster_partition_handling}}{{/rabbit.cluster_partition_handling}}{{^rabbit.cluster_partition_handling}}pause_minority{{/rabbit.cluster_partition_handling}} }
++ ]}
++].
+diff --git a/elements/rabbitmq-server/os-refresh-config/pre-configure.d/98-rabbitmq-iptables b/elements/rabbitmq-server/os-refresh-config/pre-configure.d/98-rabbitmq-iptables
+index 4b52909..fca51fe 100755
+--- a/elements/rabbitmq-server/os-refresh-config/pre-configure.d/98-rabbitmq-iptables
++++ b/elements/rabbitmq-server/os-refresh-config/pre-configure.d/98-rabbitmq-iptables
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+ set -eu
+
+-add-rule INPUT -p tcp -m multiport --dports 4369,5535 -j ACCEPT
++add-rule INPUT -p tcp -m multiport --dports 4369,61000 -j ACCEPT
diff --git a/openstack-tripleo-image-elements.spec b/openstack-tripleo-image-elements.spec
index 0f35b7c..91de52a 100644
--- a/openstack-tripleo-image-elements.spec
+++ b/openstack-tripleo-image-elements.spec
@@ -10,7 +10,25 @@ Group: System Environment/Base
URL: https://wiki.openstack.org/wiki/TripleO
Source0: http://tarballs.openstack.org/tripleo-image-elements/tripleo-image-elements-%{version}.tar.gz
-Patch0001: 0001-Cinder-conf-patch.patch
+Patch0001: 0001-Remove-mostly-empty-directories.patch
+Patch0002: 0002-Fix-tgt-target-in-cinder-element.patch
+Patch0003: 0003-Fix-horizon-local_settings.py.patch
+Patch0004: 0004-No-neutron-db-manage-upgrade-head.patch
+Patch0005: 0005-Create-and-use-libvirtd-group-for-package-install.patch
+Patch0006: 0006-Remove-swift-container-sync-service.patch
+Patch0007: 0007-Factor-out-tgt-specific-parts-of-cinder-element.patch
+Patch0008: 0008-Cinder-conf-patch.patch
+Patch0009: 0009-Update-keystone-s-selinux-policies.patch
+Patch0010: 0010-Update-neutron-s-selinux-policies.patch
+Patch0011: 0011-Update-glance-s-selinux-policies.patch
+Patch0012: 0012-Update-nova-s-selinux-policies.patch
+Patch0013: 0013-Update-swift-s-selinux-policies.patch
+Patch0014: 0014-Allow-install-mariadb-from-RDO-repository.patch
+Patch0015: 0015-Make-innodb-pool-size-configurable.patch
+Patch0016: 0016-Fix-var-lib-mysql-selinux-labeling.patch
+Patch0017: 0017-Fix-rabbitmq-server-selinux-labeling.patch
+Patch0018: 0018-Ability-to-change-default-swift-ports.patch
+Patch0019: 0019-Move-rabbitmq-server-cluster-port.patch
BuildArch: noarch
BuildRequires: python
@@ -28,6 +46,24 @@ program.
%setup -q -n tripleo-image-elements-%{version}
%patch0001 -p1
+%patch0002 -p1
+%patch0003 -p1
+%patch0004 -p1
+%patch0005 -p1
+%patch0006 -p1
+%patch0007 -p1
+%patch0008 -p1
+%patch0009 -p1
+%patch0010 -p1
+%patch0011 -p1
+%patch0012 -p1
+%patch0013 -p1
+%patch0014 -p1
+%patch0015 -p1
+%patch0016 -p1
+%patch0017 -p1
+%patch0018 -p1
+%patch0019 -p1
%build
%{__python} setup.py build
More information about the scm-commits
mailing list