Bug#775289: unblock: heat/2014.1.3-7
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear release team,
Here's a list of changes:
*/ Package is rebuilt against openstack-pkg-tools >= 22~ to fix the
last systemd issue that was preventing startup of daemons on the first
install (see unblock bug #775278).
*/ To make sure the database directive is left unchanged unless the
user explicitely asked for automated management, and for consistency
across all OpenStack packages, the heat/configure_db debconf variable
default value is now set to false.
*/ For consistency with other OpenStack packages and to allow a better
compatibility with official puppet scripts, the postinst doesn't touch
the db connection directive and doesn't do the "heat-manage db_sync"
unless explicitely requested by the user through debconf. The
pkgos_dbc_postinst isn't called either if no db management is requested.
*/ As SSL version 3 support has been removed from Debian, the Python
object ssl.PROTOCOL_SSLv3 doesn't work anymore. During my tests, I have
found out that this prevented heat from authenticating against Keystone.
This upload fixes it by removing completely the use of the object
ssl.PROTOCOL_SSLv3 (added patch).
Please unblock heat/2014.1.3-7.
Cheers,
Thomas Goirand (zigo)
diff -Nru heat-2014.1.3/debian/changelog heat-2014.1.3/debian/changelog
--- heat-2014.1.3/debian/changelog 2015-01-07 13:59:20.000000000 +0000
+++ heat-2014.1.3/debian/changelog 2015-01-12 23:32:36.000000000 +0000
@@ -1,3 +1,29 @@
+heat (2014.1.3-7) unstable; urgency=medium
+
+ * Removed the use of PROTOCOL_SSLv3 which is removed form Debian.
+
+ -- Thomas Goirand <zigo@debian.org> Tue, 13 Jan 2015 00:30:06 +0100
+
+heat (2014.1.3-6) unstable; urgency=medium
+
+ * Fixed the use of a wrong Debconf template name (Closes: #774952).
+
+ -- Thomas Goirand <zigo@debian.org> Fri, 09 Jan 2015 22:40:22 +0000
+
+heat (2014.1.3-5) unstable; urgency=medium
+
+ * Sets heat/configure_db to false by default.
+ * Only calls pkgos_dbc_postinst and su heat -c "heat-manage db_sync" if
+ heat/configure_db is set to true.
+
+ -- Thomas Goirand <zigo@debian.org> Thu, 08 Jan 2015 16:28:44 +0000
+
+heat (2014.1.3-4) unstable; urgency=medium
+
+ * Rebuilt with openstack-pkg-tools (>= 22~): starts daemons on first install.
+
+ -- Thomas Goirand <zigo@debian.org> Thu, 08 Jan 2015 15:58:40 +0000
+
heat (2014.1.3-3) unstable; urgency=medium
* Added Dutch translation of debconf messages thanks to Frans Spiesschaert
diff -Nru heat-2014.1.3/debian/control heat-2014.1.3/debian/control
--- heat-2014.1.3/debian/control 2015-01-07 13:59:20.000000000 +0000
+++ heat-2014.1.3/debian/control 2015-01-12 23:32:36.000000000 +0000
@@ -6,7 +6,7 @@
Mehdi Abaakouk <sileht@sileht.net>
Build-Depends: debhelper (>= 9),
dh-systemd,
- openstack-pkg-tools (>= 21~),
+ openstack-pkg-tools (>= 22~),
po-debconf,
python-all (>= 2.6.6-3~),
python-pbr (>= 0.6),
diff -Nru heat-2014.1.3/debian/heat-common.postinst.in heat-2014.1.3/debian/heat-common.postinst.in
--- heat-2014.1.3/debian/heat-common.postinst.in 2015-01-07 13:59:20.000000000 +0000
+++ heat-2014.1.3/debian/heat-common.postinst.in 2015-01-12 23:32:36.000000000 +0000
@@ -19,15 +19,22 @@
chown heat:heat /var/lib/heat /etc/heat
pkgos_write_new_conf heat heat.conf
- pkgos_dbc_postinst ${CONF} database connection heat $@
+ db_get heat/configure_db
+ if [ "$RET" = "true" ] ; then
+ pkgos_dbc_postinst ${CONF} database connection heat $@
+ fi
pkgos_rabbit_write_conf ${CONF} DEFAULT heat
pkgos_write_admin_creds ${CONF} keystone_authtoken heat
pkgos_register_endpoint_postinst heat heat orchestration "Heat Orchestration API" 8004 /v1/'%(tenant_id)s'
# This is the equivalent of db-sync:
- su heat -c "heat-manage db_sync"
+ db_get heat/configure_db
+ if [ "$RET" = "true" ] ; then
+ su heat -c "heat-manage db_sync"
+ fi
chown -R heat:adm /var/log/heat
chmod 0750 /var/log/heat
+ db_stop
fi
#DEBHELPER#
diff -Nru heat-2014.1.3/debian/heat-common.templates heat-2014.1.3/debian/heat-common.templates
--- heat-2014.1.3/debian/heat-common.templates 2015-01-07 13:59:20.000000000 +0000
+++ heat-2014.1.3/debian/heat-common.templates 2015-01-12 23:32:36.000000000 +0000
@@ -80,7 +80,7 @@
Template: heat/configure_db
Type: boolean
-Default: true
+Default: false
_Description: Set up a database for heat-common?
No database has been set up for heat-common to use. Before
continuing, you should make sure you have the following information:
diff -Nru heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch
--- heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch 1970-01-01 00:00:00.000000000 +0000
+++ heat-2014.1.3/debian/patches/remove-the-use-of-ssl.PROTOCOL_SSLv3.patch 2015-01-12 23:32:36.000000000 +0000
@@ -0,0 +1,19 @@
+Description: Remove the use of ssl.PROTOCOL_SSLv23
+ The ssl.PROTOCOL_SSLv23 object cannot be used in Debian anymore, this patch
+ removes it from heat/openstack/common/sslutils.py.
+Author: Thomas Goirand <zigo@debian.org>
+Forwarded: not-needed
+Last-Update: 2014-01-13
+
+--- heat-2014.1.3.orig/heat/openstack/common/sslutils.py
++++ heat-2014.1.3/heat/openstack/common/sslutils.py
+@@ -80,8 +80,7 @@ def wrap(sock):
+
+ _SSL_PROTOCOLS = {
+ "tlsv1": ssl.PROTOCOL_TLSv1,
+- "sslv23": ssl.PROTOCOL_SSLv23,
+- "sslv3": ssl.PROTOCOL_SSLv3
++ "sslv23": ssl.PROTOCOL_SSLv23
+ }
+
+ try:
diff -Nru heat-2014.1.3/debian/patches/series heat-2014.1.3/debian/patches/series
--- heat-2014.1.3/debian/patches/series 2015-01-07 13:59:20.000000000 +0000
+++ heat-2014.1.3/debian/patches/series 2015-01-12 23:32:36.000000000 +0000
@@ -1 +1,2 @@
fix-default-db.patch
+remove-the-use-of-ssl.PROTOCOL_SSLv3.patch
Reply to: